Lucene search
K
SchneierRecent

2978 matches found

Schneier on Security
Schneier on Security
added 2025/10/01 11:9 a.m.5 views

Use of Generative AI in Scams

New report: "Scam GPT: GenAI and the Automation of Fraud." This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/30 11:6 a.m.4 views

Details of a Scam

Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here's an almost: Then he added, "Here at Chase, we'll never ask for your personal information or passwords." On the contrary, he gave me more information--two "cancellation codes" and a long case numbe...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/29 11:7 a.m.7 views

Abusing Notion’s AI Agent for Data Theft

Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson's lethal trifecta, it's vulnerable to data theft though prompt injection. First, the trifecta: The lethal trifecta of capabilities is: Access to your private data --one of the most common purposes...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/26 9:3 p.m.4 views

Friday Squid Blogging: Jigging for Squid

A nice story...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/26 11:4 a.m.6 views

Digital Threat Modeling Under Authoritarianism

Today's world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/25 11:2 a.m.6 views

Malicious-Looking URL Creation Service

This site turns your URL into something sketchy-looking. For example, www.schneier.com becomes...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/24 11:9 a.m.6 views

US Disrupts Massive Cell Phone Array in New York

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/23 11:7 a.m.5 views

Apple’s New Memory Integrity Enforcement

Apple has introduced a new hardware/software security feature in the iPhone 17: "Memory Integrity Enforcement," targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired: In recent years, a movement has been steadily...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/22 11:3 a.m.6 views

Details About Chinese Surveillance and Propaganda Companies

Details from leaked documents: While people often look at China’s Great Firewall as a single, all-powerful government system unique to China, the actual process of developing and maintaining it works the same way as surveillance technology in the West. Geedge collaborates with academic institutio...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/19 9:6 p.m.4 views

Friday Squid Blogging: Giant Squid vs. Blue Whale

A comparison aimed at kids...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/19 11:1 a.m.11 views

Surveying the Global Spyware Market

The Atlantic Council has published its second annual report: "Mythical Beasts: Diving into the depths of the global spyware market." Too much good detail to summarize, but here are two items: First, the authors found that the number of US-based investors in spyware has notably increased in the pa...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/18 11:6 a.m.7 views

Time-of-Check Time-of-Use Attacks Against LLMs

This is a nice piece of research: "Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents".: Abstract: Large Language Model LLM-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/17 11:5 a.m.6 views

Hacking Electronic Safes

Vulnerabilities in electronic safes that use Securam Prologic locks: While both their techniques represent glaring security vulnerabilities, Omo says it's the one that exploits a feature intended as a legitimate unlock method for locksmiths that's the more widespread and dangerous. "This attack i...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/16 11:6 a.m.4 views

Microsoft Still Uses RC4

Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/15 11:5 a.m.5 views

Lawsuit About WhatsApp Security

Attaullah Baig, WhatsApp's former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/14 4:2 p.m.5 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Cambridge Public Library on October 22, 2025 at 6 PM ET. The event is sponsored by Harvard Bookstore. I’m giving a virtual talk about my book Rewiring Democracy at 1 PM ET on October 23, 2025...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/12 9:5 p.m.5 views

Assessing the Quality of Dried Squid

Research: Nondestructive detection of multiple dried squid qualities by hyperspectral imaging combined with 1D-KAN-CNN Abstract: Given that dried squid is a highly regarded marine product in Oriental countries, the global food industry requires a swift and noninvasive quality assessment of this...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/12 9:4 p.m.7 views

A Cyberattack Victim Notification Framework

Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/09 11:2 a.m.4 views

New Cryptanalysis of the Fiat-Shamir Protocol

A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. Quanta published a good article that explains the results. This is a pretty exciting paper from a theoretical perspective, but I don't see it leading to any practical real-world cryptanalysis...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/08 6:37 p.m.7 views

Signed Copies of Rewiring Democracy

When I announced my latest book last week, I forgot to mention that you can pre-order a signed copy here. I will ship the books the week of 10/20, when it is published...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/08 11:5 a.m.5 views

AI in Government

Just a few months after Elon Musk's retreat from his unofficial role leading the Department of Government Efficiency DOGE, we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Ev...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/06 12:5 a.m.6 views

Friday Squid Blogging: The Origin and Propagation of Squid

New research paywalled: Editor 's summary: Cephalopods are one of the most successful marine invertebrates in modern oceans, and they have a 500-million-year-old history. However, we know very little about their evolution because soft-bodied animals rarely fossilize. Ikegami et al. developed an...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/05 7:0 p.m.5 views

My Latest Book: Rewiring Democracy

I am pleased to announce the imminent publication of my latest book, Rewiring Democracy: How AI will Transform our Politics, Government, and Citizenship: coauthored with Nathan Sanders, and published by MIT Press on October 21. Rewiring Democracy looks beyond common tropes like deepfakes to exami...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/05 11:3 a.m.4 views

GPT-4o-mini Falls for Psychological Manipulation

Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024's GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/04 11:6 a.m.14 views

Generative AI as a Cybercrime Assistant

Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/03 11:0 a.m.4 views

Indirect Prompt Injection Attacks Against LLM Assistants

Really good research on practical attacks against LLM agents. "Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous" Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/02 11:8 a.m.8 views

1965 Cryptanalysis Training Workbook Released by the NSA

In the early 1960s, National Security Agency cryptanalyst and cryptanalysis instructor Lambros D. Callimahos coined the term "Stethoscope" to describe a diagnostic computer program used to unravel the internal structure of pre-computer ciphertexts. The term appears in the newly declassified...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/29 9:4 p.m.5 views

Friday Squid Blogging: Catching Humboldt Squid

First-person account of someone accidentally catching several Humboldt squid on a fishing line. No photos, though. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/29 11:1 a.m.6 views

Baggage Tag Scam

I just heard about this: There's a travel scam warning going around the internet right now: You should keep your baggage tags on your bags until you get home, then shred them, because scammers are using luggage tags to file fraudulent claims for missing baggage with the airline. First, the scam i...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/28 11:0 a.m.4 views

The UK May Be Dropping Its Backdoor Mandate

The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/27 11:7 a.m.15 views

We Are Still Unable to Secure LLMs from Malicious Inputs

Nice indirect prompt injection attack: Bargury's attack starts with a poisoned document, which is shared to a potential victim's Google Drive. Bargury says a victim could have also uploaded a compromised file to their own account. It looks like an official document on company meeting policies. Bu...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/26 11:6 a.m.6 views

Encryption Backdoor in Military/Police Radios

I wrote about this in 2023. Here's the story: Three Dutch security analysts discovered the vulnerabilities­--five in total--­in a European radio standard called TETRA Terrestrial Trunked Radio, which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radio...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/25 11:3 a.m.5 views

Poor Password Choices

Look at this: McDonald's chose the password "123456" for a major corporate system...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/22 9:2 p.m.5 views

Friday Squid Blogging: Bobtail Squid

Nice short article on the bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/22 7:0 p.m.6 views

I’m Spending the Year at the Munk School

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. It's not a real sabbatical--I'm just an adjunct--but it's the same idea. I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto. I will be organizing a...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/22 11:4 a.m.4 views

AI Agents Need Data Integrity

Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a "Magna Carta for the Web" to restore the balance of power between individuals and institutions. This mirrors the original charter's purpose: ensuring that those who occupy a territory have ...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/21 11:2 a.m.8 views

Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture

Well, this is interesting: The auction, which will include other items related to cryptology, will be held Nov. 20. RR Auction, the company arranging the sale, estimates a winning bid between $300,000 and $500,000. Along with the original handwritten plain text of K4 and other papers related to t...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/20 11:2 a.m.5 views

Subverting AIOps Systems Through Poisoned Input Data

In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/19 11:7 a.m.4 views

Zero-Day Exploit in WinRAR File

A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature ...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/18 11:2 a.m.4 views

Eavesdropping on Phone Conversations Through Vibrations

Researchers have managed to eavesdrop on cell phone voice conversations by using radar to detect vibrations. It's more a proof of concept than anything else. The radar detector is only ten feet away, the setup is stylized, and accuracy is poor. But it's a start...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/15 9:7 p.m.7 views

Friday Squid Blogging: Squid-Shaped UFO Spotted Over Texas

Here's the story. The commenters on X formerly Twitter are unimpressed. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/15 11:7 a.m.10 views

Trojans Embedded in .svg Files

Porn sites are hiding code in .svg files: Unpacking the attack took work because much of the JavaScript in the .svg images was heavily obscured using a custom version of "JSFuck," a technique that uses only a handful of character types to encode JavaScript into a camouflaged wall of text. Once...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/14 11:8 a.m.6 views

LLM Coding Integrity Breach

Here's an interesting story about a failure being introduced by LLM-written code. Specifically, the LLM was doing some code refactoring, and when it moved a chunk of code from one file to another it changed a "break" to a "continue." That turned an error logging statement into an infinite loop,...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/13 4:28 p.m.5 views

AI Applications in Cybersecurity

There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here's where to register to attend, or participate, in the fourth. Some really great stuff here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/13 11:8 a.m.5 views

SIGINT During World War II

The NSA and GCHQ have jointly published a history of World War II SIGINT: "Secret Messengers: Disseminating SIGINT in the Second World War." This is the story of the British SLUs Special Liaison Units and the American SSOs Special Security Officers...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/12 11:1 a.m.5 views

The “Incriminating Video” Scam

A few years ago, scammers invented a new phishing email. They would claim to have hacked your computer, turned your webcam on, and videoed you watching porn or having sex. BuzzFeed has an article talking about a "shockingly realistic" variant, which includes photos of you and your house--more...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/11 11:5 a.m.5 views

Automatic License Plate Readers Are Coming to Schools

Fears around children is opening up a new market for automatic license place readers...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/08 11:22 p.m.6 views

Friday Squid Blogging: New Vulnerability in Squid HTTP Proxy Server

In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/08 11:1 a.m.7 views

Google Project Zero Changes Its Disclosure Policy

Google's vulnerability finding team is again pushing the envelope of responsible disclosure: Google's Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/07 11:5 a.m.3 views

China Accuses Nvidia of Putting Backdoors into Their Chips

The government of China has accused Nvidia of inserting a backdoor into their H20 chips: China's cyber regulator on Thursday said it had held a meeting with Nvidia over what it called "serious security issues" with the company's artificial intelligence chips. It said US AI experts had "revealed...

7.4AI score
Exploits0
Total number of security vulnerabilities2978