Category: Schneier on Security

Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this…

Read more →

An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. “The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked,…

Read more →

The headline is pretty scary: “China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article, which wasn’t bad but was…

Read more →

Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are…

Read more →

Cute squid scarf. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Squid Scarf

Read more →

The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business. This article has been indexed from Schneier…

Read more →

The men’s world conkers champion is accused of cheating with a steel chestnut. This article has been indexed from Schneier on Security Read the original article: Cheating at Conkers

Read more →

The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose…

Read more →

This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is  at…

Read more →

Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Indian Fishermen Are Catching Less Squid

Read more →

In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would…

Read more →

After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time…

Read more →

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy—available elsewhere in the…

Read more →

Two students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious, but the sort of creepy demo that gets attention. News article. This article has been indexed from Schneier…

Read more →

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by…

Read more →

CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article. This article has been indexed from Schneier on Security Read the original…

Read more →

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks…

Read more →

Governor Newsom has vetoed the state’s AI safety bill. I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s all EU. (Related, the…

Read more →

NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD…

Read more →

A good—long, complex—analysis of the EU’s new Cyber Resilience Act. This article has been indexed from Schneier on Security Read the original article: An Analysis of the EU’s Cyber Resilience Act

Read more →