Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2023/05/03 10:13 a.m.23 views

SolarWinds Detected Six Months Earlier

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didnt realize what it detected--and so ignored it. WIRED can now confirm that the operation was actually discovered by the DOJ six months...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/02 2:10 p.m.16 views

NIST Draft Document on Post-Quantum Cryptography Guidance

NIST has released a draft of Special Publication1800-38A: "Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography." Its only four pages long, and it doesnt have a lot of detail--more "volumes" are coming, with more...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/28 9:7 p.m.11 views

Friday Squid Blogging: More Squid Camouflage Research

Heres a research group trying to replicate squid cell transparency in mammalian cells. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/28 7:15 p.m.19 views

Hacking the Layoff Process

My latest book, A Hackers Mind, is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Heres one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/27 1:38 p.m.17 views

Security Risks of AI

Stanford and Georgetown have a new report on the security risks of AI--particularly adversarial machine learning--based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/26 10:51 a.m.16 views

AI to Aid Democracy

Theres good reason to fear that AI systems like ChatGPT and GPT4 will harm democracy. Public debate may be overwhelmed by industrial quantities of autogenerated argument. People might fall down political rabbit holes, taken in by superficially convincing bullshit, or obsessed by folies à deux...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/25 10:9 a.m.25 views

Cyberweapons Manufacturer QuaDream Shuts Down

Following a report on its activities, the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/24 10:39 a.m.7 views

UK Threatens End-to-End Encryption

In an open letter, seven secure messaging apps--including Signal and WhatsApp--point out that the UKs Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/21 9:4 p.m.15 views

Friday Squid Blogging: More on Squid Fishing

The squid you eat most likely comes from unregulated waters. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/21 6:11 p.m.15 views

Hacking Pickleball

My latest book, A Hackers Mind, has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesnt explicitly break the rules. Heres an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/21 2:19 p.m.20 views

Using the iPhone Recovery Key to Lock Owners Out of Their iPhones

This a good example of a security feature that can sometimes harm security: Apple introduced the optional recovery key in 2020 to protect users from online hackers. Users who turn on the recovery key, a unique 28-digit code, must provide it when they want to reset their Apple ID password. iPhone...

6.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/20 10:47 a.m.19 views

New Zero-Click Exploits against iOS

Citizen Lab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Groups Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched. One interesting bit is that Apples Lockdown Mode part of iOS 16...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/19 10:7 a.m.22 views

EFF on the UN Cybercrime Treaty

EFF has a good explainer on the problems with the new UN Cybercrime Treaty, currently being negotiated in Vienna. The draft treaty has the potential to rewrite criminal laws around the world, possibly adding over 30 criminal offenses and new expansive police powers for both domestic and...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/18 11:19 a.m.19 views

Using LLMs to Create Bioweapons

Im not sure there are good ways to build guardrails to prevent this sort of thing: There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poison...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/17 11:15 a.m.12 views

Swatting as a Service

Motherboard is reporting on AI-generated voices being used for "swatting": In fact, Motherboard has found, this synthesized call and another against Hempstead High School were just one small part of a months-long, nationwide campaign of dozens, and potentially hundreds, of threats made by one...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/14 9:14 p.m.12 views

Friday Squid Blogging: Colossal Squid

Interesting article on the colossal squid, which is larger than the giant squid. The article answers a vexing question: So why do we always hear about the giant squid and not the colossal squid? Well, part of it has to do with the fact that the giant squid was discovered and studied long before t...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/14 8:4 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “Cybersecurity Thinking to Reinvent Democracy” at RSA Conference 2023 in San Francisco, California, on Tuesday, April 25, 2023, at 9:40 AM PT. I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:3...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/14 7:6 p.m.17 views

Hacking Suicide

Heres a religious hack: You want to commit suicide, but its a mortal sin: your soul goes straight to hell, forever. So what you do is murder someone. That will get you executed, but if you confess your sins to a priest beforehand you avoid hell. Problem solved. This was actually a problem in the...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/14 11:2 a.m.16 views

Gaining an Advantage in Roulette

You can beat the game without a computer: On a perfect roulette wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel thats even marginally tilted could develop what Barnett called a drop zone. When the tilt forces the ball to...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/13 11:22 a.m.18 views

Bypassing a Theft Threat Model

Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process. I wrote about this kind of thing in 2000, in Secrets and Lies page 318: My favorite example is a band of California art thieves that would break into peoples houses by cutting a hole in...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/12 11:11 a.m.18 views

FBI Advising People to Avoid Public Charging Stations

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB por...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/11 11:22 a.m.20 views

Car Thieves Hacking the CAN Bus

Car thieves are injecting malicious software into a cars network through wires in the headlights or taillights that fool the car into believing that the electronic key is nearby. News articles...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/10 11:23 a.m.21 views

LLMs and Phishing

Heres an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. Its an interesting experiment, and the results are likely to...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/07 9:4 p.m.13 views

Friday Squid Blogging: Squid Food Poisoning

University of Connecticut basketball player Jordan Hawkins claims to have suffered food poisoning from calamari the night before his NCAA finals game. The restaurant disagrees: On Sunday, a Mastros employee politely cast doubt on the idea that the restaurant might have caused the illness, citing...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/06 10:59 a.m.12 views

Research on AI in Adversarial Settings

New research: “Achilles Heels for AGI/ASI via Decision Theoretic Adversaries": As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safe...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/05 3:55 p.m.16 views

FBI (and Others) Shut Down Genesis Market

Genesis Market is shut down: Active since 2018, Genesis Markets slogan was, "Our store sells bots with logs, cookies, and their real fingerprints." Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stol...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/04 2:10 p.m.16 views

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

News: Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack thats unfolded over the past week. Kaspersky declined to name any of those victim...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/03 11:5 a.m.13 views

UK Runs Fake DDoS-for-Hire Sites

Brian Krebs is reporting that the UKs National Crime Agency is setting up fake DDoS-for-hire sites as part of a sting operation: The NCA says all of its fake so-called "booter" or "stresser" sites -­ which have so far been accessed by several thousand people--have been created to look like they...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/31 9:8 p.m.16 views

Friday Squid Blogging: Giant Squid vs. Blue Marlin

Epic matchup. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/30 10:0 p.m.12 views

Russian Cyberwarfare Documents Leaked

Now this is interesting: Thousands of pages of secret documents reveal how Vulkans engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/29 11:3 a.m.13 views

The Security Vulnerabilities of Message Interoperability

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/28 11:13 a.m.16 views

Security Vulnerabilities in Snipping Tools

Both Googles Pixels Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/27 11:3 a.m.29 views

Hacks at Pwn2Own Vancouver 2023

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model ...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/24 9:6 p.m.10 views

Friday Squid Blogging: Creating Batteries Out of Squid Cells

This is fascinating: "When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its tentacle, it needs to regrow that tooth very rapidly, otherwise it can’t claw its prey," he explains. This was intriguing news ­ and it sparked an idea in Hopkins lab where he’d been...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/24 7:7 p.m.14 views

A Hacker’s Mind News

My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. Its been spied in airports. Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now. You can order a signed book from me here. For those of you in...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/24 11:4 a.m.20 views

Exploding USB Sticks

In case you dont have enough to worry about, people are hiding explosives--actual ones--in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/23 11:5 a.m.17 views

Mass Ransomware Attack

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack: TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However,...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/22 11:14 a.m.13 views

ChatGPT Privacy Flaw

OpenAI has disabled ChatGPTs privacy history, almost certainly because they had a security flaw where users were seeing each others histories...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/21 12:34 p.m.18 views

US Citizen Hacked by Spyware

The New York Times is reporting that a US citizens phone was hacked by the Predator spyware. A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/17 9:19 p.m.14 views

Friday Squid Blogging: New Species of Vampire Squid Lives 3,000 Feet below Sea Level

At least, it seems to be a new species. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/14 7:8 p.m.10 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “How to Reclaim Power in the Digital World” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM CET. I’ll be discussing my new book A Hacker’s Mind: How the Powerful Bend Society’s Rules at...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/14 4:1 p.m.29 views

How AI Could Write Our Laws

Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there ...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/14 11:23 a.m.15 views

NetWire Remote Access Trojan Maker Arrested

From Brian Krebs: A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan RAT marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/10 10:5 p.m.15 views

Friday Squid Blogging: Chinese Squid Fishing in the Southeast Pacific

Chinese squid fishing boats are overwhelming Ecuador and Peru. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/10 8:5 p.m.16 views

Elephant Hackers

An elephant uses its right-of-way privileges to stop sugar-cane trucks and grab food...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/10 1:33 a.m.23 views

Another Malware with Persistence

Heres a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/08 11:11 a.m.82 views

BlackLotus Malware Hijacks Windows Secure Boot Process

Researchers have discovered malware that "can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows." Dubbed BlackLotus, the malware is whats known as a UEFI bootkit. These sophisticated pieces of malware...

4.9CVSS0.3AI score0.06567EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2023/03/07 12:13 p.m.20 views

Prompt Injection Attacks on Large Language Models

This is a good survey on prompt injection attacks on large language models like ChatGPT. Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models LLMs. They are already being adopted in practice and integrated into many systems, including integrated...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/06 12:6 p.m.12 views

New National Cybersecurity Strategy

Last week, the Biden administration released a new National Cybersecurity Strategy summary here. There is lots of good commentary out there. Its basically a smart strategy, but the hard parts are always the implementation details. Its one thing to say that we need to secure our cloud...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/03 10:23 p.m.14 views

Friday Squid Blogging: We’re Almost at Flying Squid Drones

Researchers are prototyping multi-segment shapeshifter drones, which are "the precursors to flying squid-bots." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.7AI score
Exploits0
Total number of security vulnerabilities2979