Schneier on Security

FEBRUARY 4, 2025

I send you a meme/article/clipping/photo to show that we are on the same team. This tracks with my analysis. People share as a form of social signaling. Whether it is true, or misinformation, or actual propaganda, is of secondary importance. Sometimes it’s completely irrelevant.

244

244

Schneier on Security

APRIL 16, 2025

” More similar quotes in the article. The federated framework and openness of the system make this possible, but it’ll be a rocky road if operations do need to shift to another entity.” My guess is that we will somehow figure out how to continue this program without the US government.

CSO 323

CSO Government Software Cybersecurity 323

Schneier on Security

NOVEMBER 8, 2024

The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret.

Artificial Intelligence 349

Artificial Intelligence 349

Schneier on Security

MAY 14, 2025

Wired article , behind a paywall. Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users.

Risk 159

Risk Cybersecurity 159

Schneier on Security

JULY 15, 2024

These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each scientific publication. The result?

Hacking 357

Hacking 357

Schneier on Security

FEBRUARY 6, 2025

The first clip is an AI-generated “podcast” of this article made by Google’s NotebookLM featuring two AI “hosts.” ” Google’s NotebookLM created the podcast script and audio given only the text of this article.

Technology 258

Technology Scams 258

Joseph Steinberg

DECEMBER 21, 2024

While there is little doubt that the elected officials hope to protect children with the aforementioned act, the reality is that – as Australia has already learned in a previous case described in the article – the new law is more likely to make children less safe than more safe.

Media 277

Media Risk Artificial Intelligence Government 277

Schneier on Security

JULY 31, 2024

News articles. Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published.

Internet 341

Internet Internet Malware 341

Schneier on Security

AUGUST 27, 2024

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.

Surveillance 326

Surveillance 326

Schneier on Security

NOVEMBER 10, 2023

Article based on a Mozilla report.

340

340

Schneier on Security

APRIL 11, 2023

News articles. Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby.

Hacking 350

Hacking Software Malware 350

Schneier on Security

DECEMBER 8, 2023

news articles. New attack breaks forward secrecy in Bluetooth. The vulnerability has been around for at least a decade.

Authentication 336

Authentication 336

Schneier on Security

JANUARY 20, 2023

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

356

356

Schneier on Security

JANUARY 30, 2024

News article. GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?).

329

329

Security Boulevard

JANUARY 14, 2025

In this article, we touch on the trends and predictions that in the year 2025 and beyond will fashion cloud security. The post Future-Proofing Cloud Security: Trends and Predictions for 2025 and Beyond appeared first on Security Boulevard.

Threat Detection 118

Threat Detection Architecture Cybersecurity 118

Schneier on Security

JULY 2, 2024

This article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness.

Surveillance 302

Surveillance 302

Schneier on Security

JANUARY 30, 2024

Some news articles. It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise.

Surveillance 340

Surveillance Data collection Data privacy 340

Security Boulevard

MAY 5, 2025

If you avoid the pitfalls detailed in this article, then EASM can provide a great defense against two-thirds of your breach problem. The post Why EASM Projects Fail: Three Pitfalls to Avoid appeared first on Security Boulevard.

Security Awareness 117

Security Awareness Cybersecurity 117

Schneier on Security

OCTOBER 3, 2023

No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. It’s a complicated crime to monetize, though.

Hacking 352

Hacking 352

Adam Shostack

JANUARY 2, 2025

Theres a good article on the UKs National Cyber Security Centre blog, Telling users to avoid clicking bad links still isnt working. Almost the entire article is excellent, but theres a fly in the ointment, and that is a sentence which starts out well: Firstly, because one of the above controls may fail, and so defence in depth is always good.

Phishing 130

Phishing Accountability 130

Schneier on Security

OCTOBER 28, 2024

It has more ATMs than other European countries, and—if I read the article right—they have more money in them. It’s low tech , but effective. Why Germany?

Banking 284

Banking 284

Schneier on Security

JULY 29, 2022

Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There’s an entire industry devoted to undermining all of our security. It needs to be stopped.

Manufacturing 326

Manufacturing 326

Schneier on Security

MAY 24, 2024

This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward.

Marketing 335

Marketing Spyware Surveillance Government 335

Security Affairs

OCTOBER 13, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000!

Malware 121

Malware DDOS Cryptocurrency Education 121

Schneier on Security

APRIL 12, 2023

News article. Carry your own charger and USB cord and use an electrical outlet instead. How much of a risk is this, really? I am unconvinced, although I do carry a USB condom for charging stations I find suspicious.

Malware 356

Malware Software Risk 356

Schneier on Security

JULY 10, 2024

News article. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials. This is one of those vulnerabilities that comes with a cool name, its own website, and a logo. Research paper.

Authentication 314

Authentication Passwords 314

Schneier on Security

FEBRUARY 27, 2024

Lots of details in the news articles. Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. These aren’t details about the tools or techniques, more the inner workings of the company.

Surveillance 322

Surveillance Hacking Government 322

Schneier on Security

JANUARY 25, 2024

Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we don’t know if it’s “land a person on the surface of the moon” hard, or “land a person on the surface of the sun” hard.

328

328

Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.

Data collection 327

Data collection Risk 327

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 122

Malware Ransomware Encryption Phishing 122

Graham Cluley

OCTOBER 17, 2024

Read more in my article on the Tripwire State of Security blog. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware 114

Ransomware Encryption Healthcare Data breaches 114

Schneier on Security

OCTOBER 7, 2024

News article. CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. Lots of good information on the attack, and DDoS in general, at the link.)

DDOS 251

DDOS 251

Schneier on Security

SEPTEMBER 15, 2023

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference.

Technology 327

Technology 327

Schneier on Security

SEPTEMBER 17, 2024

From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware.

Malware 314

Malware Social Engineering Engineering Hacking 314

Schneier on Security

OCTOBER 17, 2022

The article doesn’t say how the hacking tool got installed into cars. A fraudulent tool—marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob.

Hacking 363

Hacking Manufacturing Marketing Software 363

Security Affairs

OCTOBER 27, 2024

The court found them guilty of illegal circulation of means of payment (Part 2 of Article 187 of the Criminal Code of the Russian Federation).” ” reported Russian news outlet Kommersant. ” Zayets and Malozemov received 4.5 and 5 years, while Khansvyarov and Puzyrevsky were sentenced to 5.5

Ransomware 142

Ransomware Hacking Malware Cybercrime 142

Schneier on Security

MARCH 6, 2025

Interesting article —with photos!—of —of the US/UK “Combined Cipher Machine” from WWII.

233

233