Lucene search
K
SchneierRecent

2978 matches found

Schneier on Security
Schneier on Security
added yesterday7 views

Cybersecurity and the Gap Between Skill and Ability

Last week, national security agencies from the Five Eyes--that's the rich, English-language-speaking countries club--jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2 days ago6 views

Google Is Suing Chinese Scammers Who Are Using Gemini

Not sure this will have any effect, but I support the effort: According to Google's legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 3 days ago8 views

France to Stop Certifying Non-Quantum-Safe Encryption

France is accelerating its transition to post-quantum encryption: France's cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 6 days ago8 views

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation: Officers can also tap into data showing a car's decals, bumper stickers, back and top racks--along with temporary and unique state tags. Flock calls it a "Vehicle Fingerprint" and it's touted as a way for law enforcement officials to get more information...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/02 11:11 a.m.8 views

Cybersecurity Mission Creep in the US

Interesting paper: "Cybersecurity Mission Creep." Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/01 10:53 a.m.13 views

Papa Johns Surveillance-Based Advertising

Papa Johns is spying on people's buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they're low on groceries--and thus more likely to be swayed by a mouth-watering...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/30 12:5 p.m.10 views

The Realities of AI Video Surveillance

The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. Th...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/29 4:5 p.m.18 views

Factoring RSA Keys with Many Zeros

Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/29 10:55 a.m.9 views

Robot Police Officers

We've taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/26 8:57 p.m.13 views

The Chinese Control the Majority of Argentina’s Squid Fleet

Chinese companies control nearly two-thirds of Argentina’s own squid fleet...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/26 4:40 p.m.4 views

Meta Is Testing Facial Recognition for Police and Military

We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. Alternate news story...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/26 11:3 a.m.16 views

One Million Passports Leaked Online

A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential--a passport--was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it's the low-value system that got hacked, putting th...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/25 5:3 p.m.12 views

AI and Liability

Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like "users can check for themselves," and that they generally know "that information generated with AI should not be blindly trusted," the court held that the AI's summaries are...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/25 11:23 a.m.10 views

Interesting Paper Exploring Prompt Injection

This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and t...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/24 11:3 a.m.3 views

Embedding Forbidden Text in Spyware to Discourage AI Analysis

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/23 11:3 a.m.14 views

Anthropic’s Fable 5 Model Jailbroken Within Days

Fable 5 is the supposed safe version of Anthropic's Mythos Preview, with guardrails to ensure that it can't be used to create cyberattacks. Well, that restriction was bypassed within days...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/22 11:2 a.m.60 views

Professional Athletes and Wearables

I haven't thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for "Average Joe" consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a professional athlete, whos...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/19 9:3 p.m.12 views

Friday Squid Blogging: Victims of Unregulated Squid Fishing

Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/19 11:3 a.m.16 views

Anthropic’s Fable and the State of AI

On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the compan...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/18 11:4 a.m.14 views

Embedding Forbidden Text in Spyware to Discourage AI Analysis

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/17 11:4 a.m.9 views

AI Use by the US Government

On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget OMB disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/16 11:3 a.m.9 views

Flock Cameras Are Being Used for Stalking

There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/15 11:1 a.m.18 views

The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/14 4:7 p.m.24 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, an...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/12 9:5 p.m.11 views

Friday Squid Blogging: Squid-Inspired Fluid Pump

This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/12 11:3 a.m.28 views

Bernie Sanders’ AI Sovereign Wealth Fund Plan

Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked: "Will the future of humanity be determined by a handful of billionaires who have promoted and developed AI, with virtually no democratic input, who stand to become even riche...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/11 11:1 a.m.11 views

Enhanced License Plate Tracking

The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers ALPRs that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/10 11:8 a.m.11 views

NSO Group Hacking WhatsApp Despite Court Order

WhatsApp has caught the NSO Group phishing its users, in violation of a court order...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/09 3:6 p.m.13 views

GPS As a Key Distribution Platform

This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden "numbers station," according to Steven Murdoch… That means every device that uses GPS has been receiving...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/08 5:6 p.m.8 views

Critical Zcash Vulnerability Found and Fixed

If you're a user--owner?--of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enou...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/08 11:1 a.m.12 views

Anthropic’s Project Glasswing Update

In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic's claims that it's now common wisdom that Mythos is...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/05 1:21 p.m.14 views

AI Worm

Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner's original 1975 conception of a computer worm that I've seen...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/04 11:4 a.m.15 views

Hacking Meta’s AI Chatbot

Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A video posted on X showed the step-by-step process to hack someone's Instagram account. The hacker allegedly used a VPN to spoof the targets' presumed location to avoid triggering Instagram's automate...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/03 11:4 a.m.12 views

AI Used to Decrypt Medieval Ciphers

Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/02 11:6 a.m.14 views

The Intersection of Encryption and AI

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schnei...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/02 11:0 a.m.14 views

Microsoft Threatening Security Researcher

An anonymous security researcher called "Nightmare Eclipse" has been publishing a series of significant security exploits against Microsoft Windows--including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/01 4:49 p.m.17 views

Vulnerability Disclosure in the Age of AI

New article: "Responsible Disclosure in the Age of AI: A Call for Urgent Action," by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitab...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/29 9:5 p.m.17 views

Friday Squid Blogging: Another Squid

Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/29 11:2 a.m.13 views

Chilling Effects

Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it. Despite an unpopular Iran war and an even more unpopular Trump administration, college campus protests nationwide have gone silent. And at many schools, student activism is virtually nonexistent...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/27 2:2 p.m.13 views

FBI’s 2025 Internet Crime Report

The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release. News articles...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/26 3:2 p.m.13 views

Identifying People Using Wi-Fi Routers

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, th...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/22 9:4 p.m.9 views

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific

The South Pacific Regional Fisheries Management Organization SPRFMO needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/22 1:58 p.m.11 views

CISA Security Leak

Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/21 4:3 p.m.10 views

macOS Kernel Memory Corruption Exploit

A group used Anthropic's Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple's M5. News article...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/20 2:21 p.m.10 views

On AI Security

Good report: Executive Summary: Let's say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don't actually work for measuring AI capabilities even when they are NOT emergent systemic properties like...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/19 11:0 a.m.11 views

Laurie Anderson Is Quoting Me

Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said "If you think technology will solve your problems, you don't understand technology and you don't understand your problems." Also in interviews: "Of course, it's...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/18 11:8 a.m.19 views

Zero-Day Exploit Against Windows BitLocker

It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/16 1:3 a.m.17 views

Friday Squid Blogging: Bigfin Squid

Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/15 11:6 a.m.12 views

Bypassing On-Camera Age-Verification Checks

Some AI-based video age-verification checks can be fooled with a fake mustache...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/14 4:1 p.m.11 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York, at 6:00 PM ET on May 21, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the...

5.8AI score
Exploits0
Total number of security vulnerabilities2978