Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2025/06/06 2:41 p.m.6 views

Report on the Malicious Uses of AI

OpenAI just published its annual report on malicious uses of AI. By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/04 11:0 a.m.9 views

The Ramifications of Ukraine’s Drone Attack

You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/03 11:7 a.m.14 views

New Linux Vulnerabilities

They're interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux...

4.7CVSS4.8AI score0.00637EPSS
Exploits3
Schneier on Security
Schneier on Security
added 2025/06/02 11:3 a.m.4 views

Australia Requires Ransomware Victims to Declare Payments

A new Australian law requires larger companies to declare any ransomware payments they have made...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/30 11:5 a.m.7 views

Why Take9 Won’t Improve Cybersecurity

There's a new cybersecurity awareness campaign: Take9. The idea is that people--you, me, everyone--should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There's a...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/29 9:4 p.m.6 views

Friday Squid Blogging: NGC 1068 Is the “Squid Galaxy”

I hadn't known that the NGC 1068 galaxy is nicknamed the "Squid Galaxy." It is, and it's spewing neutrinos without the usual accompanying gamma rays. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/29 11:6 a.m.10 views

Surveillance Via Smart Toothbrush

The only links are from The Daily Mail and The Mirror, but a marital affair was discovered because the cheater was recorded using his smart toothbrush at home when he was supposed to be at work...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/28 11:9 a.m.10 views

Location Tracking App for Foreigners in Moscow

Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones. Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location Fingerprint Face photograph...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/27 11:7 a.m.11 views

Chinese-Owned VPNs

One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are often surreptitiously owned by Chinese companies. It would be hard for...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/23 9:2 p.m.10 views

Friday Squid Blogging: US Naval Ship Attacked by Squid in 1978

Interesting story: USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome's rubber "NOFOUL" coating. In some areas, the coating was described as being...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/23 11:2 a.m.12 views

Signal Blocks Windows Recall

This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/22 11:6 a.m.5 views

The Voter Experience

Technology and innovation have transformed every part of society, including our electoral experiences. Campaigns are spending and doing more than at any other time in history. Ever-growing war chests fuel billions of voter contacts every cycle. Campaigns now have better ways of scaling outreach...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/21 11:3 a.m.9 views

More AIs Are Taking Polls and Surveys

I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing. Solutions are hard: 1. Make surveys less boring. We need to move past bland, grid-filled surveys and start designing experiences people actually want to...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/20 11:5 a.m.11 views

DoorDash Hack

A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the othe...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/19 11:6 a.m.16 views

The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”

In response to a FOIA request, the NSA released "Fifty Years of Mathematical Cryptanalysis 1937-1987," by Glenn F. Stahly, with a lot of redactions. Weirdly, this is the second time the NSA has declassified the document. John Young got a copy in 2019. This one has a few less redactions. And nothi...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/16 9:5 p.m.12 views

Friday Squid Blogging: Pet Squid Simulation

From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The squid moves autonomously, making decisions based on his current state hunger, sleepiness, etc.. Implements a vision cone for food detection, simulating realistic foraging behavior. Neural network can...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/16 1:55 p.m.15 views

Communications Backdoor in Chinese Power Inverters

This is a weird story: U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said. … Over the past nine...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/15 11:0 a.m.11 views

AI-Generated Law

On April 14, Dubai's ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to "regularly suggest updates" to the law and "accelerate the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/14 4:5 p.m.5 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking remotely at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/14 11:3 a.m.14 views

Google’s Advanced Protection Now on Android

Google has extended its Advanced Protection features to Android devices. It's not for everybody, but something to be considered by high-risk users. Wired article, behind a paywall...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/13 11:7 a.m.11 views

Court Rules Against NSO Group

The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I'm sure it'll be appealed. Everything always is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/12 11:1 a.m.12 views

Florida Backdoor Bill Fails

A Florida bill requiring encryption backdoors failed to pass...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/09 9:5 p.m.11 views

Friday Squid Blogging: Japanese Divers Video Giant Squid

The video is really amazing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/07 11:3 a.m.15 views

Chinese AI Submersible

A Chinese company has developed an AI-piloted submersible that can reach speeds "similar to a destroyer or a US Navy torpedo," dive "up to 60 metres underwater," and "remain static for more than a month, like the stealth capabilities of a nuclear submarine." In case you're worried about the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/06 11:3 a.m.11 views

Fake Student Fraud in Community Colleges

Reporting on the rise of fake students enrolling in community college courses: The bots' goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by submitting AI-generate...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/05 4:2 p.m.4 views

Another Move in the Deepfake Creation/Detection Arms Race

Deepfakes are now mimicking heartbeats In a nutshell Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats. The...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/02 9:2 p.m.7 views

Friday Squid Blogging: Pyjama Squid

The small pyjama squid Sepioloidea lineolata produces toxic slime, "a rare example of a poisonous predatory mollusc." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/02 6:4 p.m.6 views

Privacy for Agentic AI

Sooner or later, it's going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it's worth thinking about the security of that now, while its still a nascent idea. In 2019, I joined Inrupt, a company that is commercializing Tim...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/02 11:3 a.m.8 views

NCSC Guidance on “Advanced Cryptography”

The UK's National Cyber Security Centre just released its white paper on "Advanced Cryptography," which it defines as "cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography." It includes things like...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/01 4:2 p.m.7 views

US as a Surveillance State

Two essays were just published on DOGE's data collection and aggregation, and how it ends with a modern surveillance state. It's good to see this finally being talked about. EDITED TO ADD 5/3: Here's a free link to that first essay...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/30 11:12 a.m.9 views

WhatsApp Case Against NSO Group Progressing

Meta is suing NSO Group, basically claiming that the latter hacks WhatsApp and not just WhatsApp users. We have a procedural ruling: Under the order, NSO Group is prohibited from presenting evidence about its customers' identities, implying the targeted WhatsApp users are suspected or actual...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/29 11:3 a.m.11 views

Applying Security Engineering to Prompt Injection Security

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL CApabilities for MachinE Learning, a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/28 6:17 p.m.16 views

Windscribe Acquitted on Charges of Not Collecting Users’ Data

The company doesn't keep logs, so couldn't turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/25 9:8 p.m.10 views

Friday Squid Blogging: Squid Facts on Your Phone

Text "SQUID" to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/25 11:7 a.m.9 views

Cryptocurrency Thefts Get Physical

Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/24 7:35 p.m.12 views

New Linux Rootkit

Interesting: The company has released a working rootkit called "Curing" that uses iouring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/23 4:2 p.m.14 views

Regulating AI Behavior with a Hypervisor

Interesting research: "Guillotine: Hypervisors for Isolating Malicious AIs." Abstract :As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/22 4:3 p.m.10 views

Android Improves Its Security

Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it's nice to see Google add it to their phones...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/18 9:2 p.m.14 views

Friday Squid Blogging: Live Colossal Squid Filmed

A live colossal squid was filmed for the first time in the ocean. It's only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/17 4:38 p.m.10 views

Age Verification Using Facial Scans

Discord is testing the feature: "We're currently running tests in select regions to age-gate access to certain spaces or user settings," a spokesperson for Discord said in a statement. "The information shared to power the age verification method is only used for the one-time age verification...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/16 3:19 p.m.17 views

CVE Program Almost Unfunded

Mitre's CVE's program--which provides common naming and other informational resources about cybersecurity vulnerabilities--was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/15 4:2 p.m.11 views

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names--laced with malware, of course. EDITED TO ADD 1/22: Research paper. Slashdot thread...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/14 4:4 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST 8:00 AM ET. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/14 11:8 a.m.8 views

China Sort of Admits to Being Behind Volt Typhoon

The Wall Street Journal has the story: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers ar...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/11 11:6 a.m.9 views

Friday Squid Blogging: Squid and Efficient Solar Tech

Researchers are trying to use squid color-changing biochemistry for solar tech. This appears to be new and related research to a 2019 squid post. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/11 11:4 a.m.11 views

AI Vulnerability Finding

Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer...

8.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/11 12:35 a.m.3 views

Reimagining Democracy

Imagine that all of us--all of society--have landed on some alien planet and need to form a government: clean slate. We do not have any legacy systems from the United States or any other country. We do not have any special or unique interests to perturb our thinking. How would we govern ourselves...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/09 11:2 a.m.15 views

How to Leak to a Journalist

Neiman Lab has some good advice on how to leak a story to a journalist...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/08 11:8 a.m.16 views

Arguing Against CALEA

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today's threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/07 11:3 a.m.11 views

DIRNSA Fired

In "Secrets and Lies" 2000, I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It's something a bunch of us were saying at the time, in reference to the vast NSA's surveillance capabilities. I have been thinking of that quote a lot as I read ne...

7.1AI score
Exploits0
Total number of security vulnerabilities2979