Lucene search
K
SchneierRecent

2978 matches found

Schneier on Security
Schneier on Security
added 2025/08/06 4:35 a.m.5 views

The Semiconductor Industry and Regulatory Compliance

Earlier this week, the Trump administration narrowed export controls on advanced semiconductors ahead of US-China trade negotiations. The administration is increasingly relying on export licenses to allow American semiconductor firms to sell their products to Chinese customers, while keeping the...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/05 11:6 a.m.3 views

Surveilling Your Children with AirTags

Skechers is making a line of kid's shoes with a hidden compartment for an AirTag...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/04 11:1 a.m.4 views

First Sentencing in Scheme to Help North Koreans Infiltrate US Companies

An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers. From an article: According to court documents, Chapman hosted the North Korean IT workers' computers in her own home between October...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/01 9:1 p.m.5 views

Friday Squid Blogging: A Case of Squid Fossil Misidentification

What scientists thought were squid fossils were actually arrow worms...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/01 11:7 a.m.6 views

Spying on People Through Airportr Luggage Delivery Service

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it's used by wealthy or important people. So if the company's website is insecure, you'd be able to spy on lots of wealthy or important people. And mayb...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/31 11:0 a.m.6 views

Cheating on Quantum Computing Benchmarks

Peter Gutmann and Stephan Neuhaus have a new paper--I think it's new, even though it has a March 2025 date--that makes the argument that we shouldn't trust any of the quantum factorization benchmarks, because everyone has been cooking the books: Similarly, quantum factorisation is performed using...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/30 11:7 a.m.2 views

Measuring the Attack/Defense Balance

"Who's winning on the internet, the attackers or the defenders?" I'm asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain's latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/29 11:2 a.m.5 views

Aeroflot Hacked

Looks serious...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/28 7:0 p.m.3 views

That Time Tom Lehrer Pranked the NSA

Bluesky thread. Here's the paper, from 1957. Note reference 3...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/28 11:9 a.m.12 views

Microsoft SharePoint Zero-Day

Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet...

9.8CVSS9.3AI score0.99982EPSS
Exploits41
Schneier on Security
Schneier on Security
added 2025/07/25 9:0 p.m.4 views

Friday Squid Blogging: Stable Quasi-Isodynamic Designs

Yet another SQUID acronym: "Stable Quasi-Isodynamic Design." It's a stellarator for a fusion nuclear power plant...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/25 11:10 a.m.6 views

Subliminal Learning in AIs

Today's freaky LLM behavior: We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits. For example, a "student" model learns to prefer owls when trained on sequences of numbers generated by a...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/24 11:4 a.m.11 views

How the Solid Protocol Restores Digital Agency

The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you've never heard of. These entities collect, store, and trade your...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/23 11:4 a.m.3 views

Google Sues the Badbox Botnet Operators

It will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google's security...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/22 11:5 a.m.8 views

“Encryption Backdoors and the Fourth Amendment”

Law journal article that looks at the DualECPRNG backdoor from a US constitutional perspective: Abstract : The National Security Agency NSA reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/21 11:4 a.m.5 views

Another Supply Chain Vulnerability

ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department's computer systems--with minimal supervision by U.S. personnel--leaving some of the nation's most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigatio...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/18 9:6 p.m.4 views

Friday Squid Blogging: The Giant Squid Nebula

Beautiful photo. Difficult to capture, this mysterious, squid-shaped interstellar cloud spans nearly three full moons in planet Earth's sky. Discovered in 2011 by French astro-imager Nicolas Outters, the Squid Nebula's bipolar shape is distinguished here by the telltale blue emission from doubly...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/18 11:7 a.m.7 views

New Mobile Phone Forensics Tool

The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, "MFSocket", reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gai...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/17 11:6 a.m.5 views

Security Vulnerabilities in ICEBlock

The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement ICE officials, promises that it "ensures user privacy by storing no personal data." But that claim has come under scrutiny. ICEBlock creator...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/16 4:57 p.m.4 views

Hacking Trains

Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device FRED, also known as an End-of-Train EOT device, is attached to the back of a train and sends...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/14 6:46 p.m.3 views

Report from the Cambridge Cybercrime Conference

The Cambridge Cybercrime Conference was held on 23 June. Summaries of the presentations are here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/11 9:4 p.m.5 views

Squid Dominated the Oceans in the Late Cretaceous

New research: One reason the early years of squids has been such a mystery is because squids' lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks--hard mouthparts with high fossilization potential that could help the team...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/11 4:6 p.m.9 views

Tradecraft in the Information Age

Long article on the difficulty impossibility? of human spying in the age of ubiquitous digital surveillance...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/10 11:8 a.m.3 views

Using Signal Groups for Activism

Good tutorial by Micah Lee. It includes some nonobvious use cases...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/09 11:5 a.m.6 views

Yet Another Strava Privacy Leak

This time it's the Swedish prime minister's bodyguards. Last year, it was the US Secret Service and Emmanuel Macron's bodyguards. in 2018, it was secret US military bases. This is ridiculous. Why do people continue to make their data public?...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/07 11:20 a.m.5 views

Hiding Prompt Injections in Academic Papers

Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan's Waseda University, South Korea's KAIST, China's Peking University and the National University of Singapore, as wel...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/04 9:1 p.m.4 views

Friday Squid Blogging: How Squid Skin Distorts Light

New research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/03 11:6 a.m.5 views

Surveillance Used by a Drug Cartel

Once you build a surveillance system, you can't control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/02 11:2 a.m.7 views

Ubuntu Disables Spectre/Meltdown Protections

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/01 11:7 a.m.4 views

Iranian Blackout Affected Misinformation Campaigns

Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that's one way to identify fake accounts and misinformation campaigns...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/30 11:5 a.m.4 views

How Cybersecurity Fears Affect Confidence in Voting Systems

American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn't just political polarization--it's a creeping...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/27 9:4 p.m.5 views

Friday Squid Blogging: What to Do When You Find a Squid “Egg Mop”

Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/27 11:2 a.m.10 views

The Age of Integrity

We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical record...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/26 11:0 a.m.8 views

White House Bans WhatsApp

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the "Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risk...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/25 11:4 a.m.8 views

What LLMs Know About Their Users

Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/24 11:9 a.m.5 views

Here’s a Subliminal Channel You Haven’t Considered Before

Scientists can manipulate air bubbles trapped in ice to encode messages...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/23 11:4 a.m.5 views

Largest DDoS Attack to Date

It was a recently unimaginable 7.3 Tbps: The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/20 9:4 p.m.4 views

Friday Squid Blogging: Gonate Squid Video

This is the first ever video of the Antarctic Gonate Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/20 11:0 a.m.5 views

Surveillance in the US

Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/19 11:6 a.m.6 views

Self-Driving Car Video Footage

Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/18 2:37 p.m.6 views

Ghostwriting Scam

The variations seem to be endless. Here's a fake ghostwriting scam that seems to be making boatloads of money. This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans with false hopes of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/17 11:8 a.m.11 views

Where AI Provides Value

If you've worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you're safe for another day. But the fact remains that AI...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/15 1:7 a.m.10 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at the International Conference on Digital Trust, AI and the Future in Edinburgh, Scotland on Tuesday, June 24 at 4:00 PM. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/13 9:2 p.m.8 views

Friday Squid Blogging: Stubby Squid

Video of the stubby squid Rossia pacifica from offshore Vancouver Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/13 10:17 a.m.11 views

Paragon Spyware Used to Spy on European Journalists

Paragon is an Israeli spyware company, increasingly in the news now that NSO Group seems to be waning. "Graphite" is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified b...

4.8CVSS6.2AI score0.01009EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/12 3:44 p.m.9 views

Airlines Secretly Selling Passenger Data to the Government

This is news: A data broker owned by the country's major airlines, including Delta, American Airlines, and United, collected U.S. travellers' domestic flight records, sold access to them to Customs and Border Protection CBP, and then as part of the contract told CBP to not reveal where the data...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/09 10:54 a.m.8 views

New Way to Covertly Track Android Users

Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: Tracking code that Meta and Russia-based Yandex embed into millions of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/06 9:0 p.m.10 views

Friday Squid Blogging: Squid Run in Southern New England

Southern New England is having the best squid run in years. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/06 5:43 p.m.13 views

Hearing on the Federal Government and AI

On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled "The Federal Government in the Age of Artificial Intelligence." The other speakers mostly talked about how cool AI was--and sometimes about how cool their own company was--but I was asked by...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/06 2:41 p.m.6 views

Report on the Malicious Uses of AI

OpenAI just published its annual report on malicious uses of AI. By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive...

7.2AI score
Exploits0
Total number of security vulnerabilities2978