Category: Schneier on Security

Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in…

Read more →

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the…

Read more →

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the…

Read more →

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on…

Read more →

A stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First, it receives a email from its “manager” that the company is not doing…

Read more →

This is clever: The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds (complete transcript here). In the (abridged) example above, the…

Read more →

They’re not that good: Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor…

Read more →

Soon we will be able to unlock and start our cars from our phones. Let’s hope people are thinking about security. This article has been indexed from Schneier on Security Read the original article: Digital Car Keys Are Coming

Read more →

It’s realistic looking. If I drop it in a bin with my keys and wallet, will the TSA confiscate it? This article has been indexed from Schneier on Security Read the original article: Chocolate Swiss Army Knife

Read more →

A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond. The group­—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s…

Read more →

Signal has had the ability to manually authenticate another account for years. iMessage is getting it: The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in…

Read more →

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication…

Read more →

Generative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it isn’t very good yet, but that it will get better. This…

Read more →

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure…

Read more →

The Federal Trade Commission is running a competition “to foster breakthrough ideas on preventing, monitoring, and evaluating malicious voice cloning.” This article has been indexed from Schneier on Security Read the original article: FTC’s Voice Cloning Challenge

Read more →

Seth Godin wrote an article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of…

Read more →

This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is…

Read more →

Really interesting article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. This article has been indexed from Schneier on Security…

Read more →

Article based on a Mozilla report. This article has been indexed from Schneier on Security Read the original article: The Privacy Disaster of Modern Smart Cars

Read more →

Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in “This Is Spinal Tap.” Many…

Read more →