Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2023/03/03 10:23 p.m.14 views

Friday Squid Blogging: We’re Almost at Flying Squid Drones

Researchers are prototyping multi-segment shapeshifter drones, which are "the precursors to flying squid-bots." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/03 3:58 p.m.16 views

Nick Weaver on Regulating Cryptocurrency

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space--with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/02 12:5 p.m.22 views

Dumb Password Rules

Examples of dumb password rules. There are some pretty bad disasters out there. My worst experiences are with sites that have artificial complexity requirements that cause my personal password-generation systems to fail. Some of the systems on the list are even worse: when they fail they dont tel...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/01 12:6 p.m.17 views

Fooling a Voice Authentication System with an AI-Generated Voice

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyds Bank...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/28 12:19 p.m.55 views

Side-Channel Attack against CRYSTALS-Kyber

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack--using power consumption--against an implementation of the algorithm that was supposed to be...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/27 12:6 p.m.23 views

Banning TikTok

Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter. There are several ways Congress might ban TikTok, each with different efficacies and si...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/24 10:2 p.m.21 views

Friday Squid Blogging: Squid Processing Facility

This video of a modern large squid processing ship is a bit gory, but also interesting. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/24 12:34 p.m.12 views

Putting Undetectable Backdoors in Machine Learning Models

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raise...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/23 12:27 p.m.17 views

Cyberwar Lessons from the War in Ukraine

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: "The Cyber Defense Assistance Imperative ­ Lessons from Ukraine." Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/22 12:30 p.m.20 views

A Device to Turn Traffic Lights Green

Heres a story about a hacker who reprogrammed a device called "Flipper Zero" to mimic Opticom transmitters--to turn traffic lights in his path green. As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data or transmit it, with the right firmware in...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/21 12:14 p.m.11 views

The Insecurity of Photo Cropping

The Intercept has a long article on the insecurity of photo cropping: One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the files creators or editors. Official instruction manuals, help pages...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/20 12:9 p.m.15 views

Fines as a Security System

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the companys in-app feature that lets you know if any nearby Tiles are following you. But to activate the new Anti-Theft...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/17 10:3 p.m.18 views

Friday Squid Blogging: Thermal Batteries from Squid Proteins

Researchers are making thermal batteries from "a synthetic material thats derived from squid ring teeth protein." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/17 12:33 p.m.22 views

Defending against AI Lobbyists

When is it time to start worrying about artificial intelligence interfering in our democracy? Maybe when an AI writes a letter to The New York Times opposing the regulation of its own technology. That happened last month. And because the letter was responding to an essay we wrote, were starting t...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/16 12:6 p.m.22 views

ChatGPT Is Ingesting Corporate Secrets

Interesting: According to internal Slack messages that were leaked to Insider, an Amazon lawyer told workers that they had "already seen instances" of text generated by ChatGPT that "closely" resembled internal company data. This issue seems to have come to a head recently because Amazon staffers...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/15 12:13 p.m.8 views

Camera the Size of a Grain of Salt

Cameras are getting smaller and smaller, changing the scale and scope of surveillance...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/14 4:54 p.m.13 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Mobile World Congress 2023 in Barcelona, Spain, on March 1, 2023 at 1:00 PM CET. I’m speaking on “How to Reclaim Power in the Digital World” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/14 12:6 p.m.43 views

What Will It Take?

What will it take for policy makers to take cybersecurity seriously? Not minimal-change seriously. Not here-and-there seriously. But really seriously. What will it take for policy makers to take cybersecurity seriously enough to enact substantive legislative changes that would address the problem...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/13 7:54 p.m.13 views

On Pig Butchering Scams

"Pig butchering" is the colorful name given to online cons that trick the victim into giving money to the scammer, thinking it is an investment opportunity. Its a rapidly growing area of fraud, and getting more sophisticated...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/10 10:11 p.m.17 views

Friday Squid Blogging: Squid Is a Blockchain Thingy

I had no idea--until I read this incredibly jargon-filled article: Squid is a cross-chain liquidity and messaging router that swaps across multiple chains and their native DEXs via axlUSDC. So there. As usual, you can also use this squid post to talk about the security stories in the news that I...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/10 8:3 p.m.20 views

A Hacker’s Mind Is Now Published

Tuesday was the official publication date of A Hackers Mind: How the Powerful Bend Societys Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list. Reviews in the New York Times, Cory Doctorows blog, Science, and the Associated Press. I wrote essays related to th...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/10 11:24 a.m.16 views

Hacking the Tax Code

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input--financial information for the year--and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and speci...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/09 12:15 p.m.28 views

Mary Queen of Scots Letters Decrypted

This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo--all keen cryptographers--initially thought the batch of encoded documents related to Italy, because that was how they were filed at the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/08 11:46 a.m.17 views

SolarWinds and Market Incentives

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/07 12:23 p.m.28 views

Malware Delivered through Google Search

Criminals using Google search ads to deliver malware isnt new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past,...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/06 11:2 a.m.17 views

Attacking Machine Learning Systems

The field of machine learning ML security--and corresponding adversarial ML--is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many...

Exploits0
Schneier on Security
Schneier on Security
added 2023/02/03 10:2 p.m.12 views

Friday Squid Blogging: Studying the Colossal Squid

A survey of giant squid science. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/03 8:3 p.m.19 views

A Hacker’s Mind News

A Hackers Mind will be published on Tuesday. I have done a written interview and a podcast interview about the book. Its been chosen as a "February 2023 Must-Read Book" by the Next Big Idea Club. And an "Editors Pick"--whatever that means--on Amazon. There have been three reviews so far. I am...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/03 12:7 p.m.17 views

Manipulating Weights in Face-Recognition AI Systems

Interesting research: "Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons": Abstract: In this paper we describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural network...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/02 11:59 a.m.22 views

AIs as Computer Hackers

Hacker "Capture the Flag" has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: findi...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/01 12:8 p.m.13 views

Passwords Are Terrible (Surprising No One)

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior--including Password1234, Password1234!, and ChangeItN0w!--were weak enough to be cracked using standard methods, a recently published security audit of the...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/31 12:3 p.m.19 views

Ransomware Payments Are Down

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/30 12:13 p.m.10 views

NIST Is Updating Its Cybersecurity Framework

NIST is planning a significant update of its Cybersecurity Framework. At this point, its asking for feedback and comments to its concept paper. 1. Do the proposed changes reflect the current cybersecurity landscape standards, risks, and technologies? 2. Are the proposed changes sufficient and...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/27 10:59 p.m.19 views

Friday Squid Blogging: Squid-Inspired Hydrogel

Scientists have created a hydrogel "using squid mantle and creative chemistry." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/27 8:19 p.m.20 views

Kevin Mitnick Hacked California Law in 1983

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book, which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that theres warrant for his arrest by the California Youth Authority, an...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/27 12:2 p.m.17 views

A Guide to Phishing Attacks

This is a good list of modern phishing techniques...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/26 12:8 p.m.16 views

On Alec Baldwin’s Shooting

We recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set. I dont know the details of the case, nor the intricacies of the law, but I have a question about movie props. Why was an actual gun used on the set? And why were actual...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/25 12:0 p.m.25 views

US Cyber Command Operations During the 2022 Midterm Elections

The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organizations offensive cyber operations during the runup to the 2022 midterm elections. He didnt name names, of course: We did conduct operations persistently to make sure that our foreign adversaries...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/24 12:14 p.m.15 views

Bulk Surveillance of Money Transfers

Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney generals office created in 2014. A database stored at a nonprofit, the Transaction Record Analysis Center...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/23 12:2 p.m.15 views

No-Fly List Exposed

I cant remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we cant arrest them. Back when I thought about it a lot, I realized that the TSAs practice of giving it to every airline meant...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/21 12:18 p.m.13 views

Publisher’s Weekly Review of A Hacker’s Mind

Publishers Weekly reviewed A Hackers Mind--and its a starred review! "Hacking is something that the rich and powerful do, something that reinforces existing power structures," contends security technologist Schneier Click Here to Kill Everybody in this excellent survey of exploitation. Taking a...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/20 10:0 p.m.20 views

Friday Squid Blogging: Another Giant Squid Captured on Video

Heres a new video of a giant squid, filmed in the Sea of Japan. I believe its injured. Its so close to the surface, and not really moving very much. "We didnt see the kinds of agile movements that many fish and marine creatures normally show," he said. "Its tentacles and fins were moving very...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/20 12:25 p.m.16 views

Real-World Steganography

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice DOJ indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/19 12:21 p.m.55 views

Security Analysis of Threema

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/18 12:19 p.m.19 views

AI and Political Lobbying

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails, college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/17 12:2 p.m.26 views

The FBI Identified a Tor User

No details, though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts "unofficial propaganda and photographs related to ISIS" multiple times on May 14, 2019. In virtue of being a dark web site--­that is, one hosted on the Tor anonymity network--­it...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/16 12:14 p.m.18 views

Hacked Cellebrite and MSAB Software Released

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/14 5:5 p.m.13 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking at Capricon, a four-day science fiction convention in Chicago. My talk is on "The Coming AI Hackers" and will be held Friday, February 3 at 1:00 PM. The list is maintained on this page...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/14 4:29 p.m.16 views

Booklist Review of A Hacker’s Mind

Booklist reviews A Hackers Mind: Author and public-interest security technologist Schneier Data and Goliath, 2015 defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system … at the expense of someone else affected by the system.” In accessing the security...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/13 10:8 p.m.16 views

Friday Squid Blogging: How to Buy Fresh or Frozen Squid

Good advice on buying squid. I like to buy whole fresh squid and clean it myself. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Total number of security vulnerabilities2980