Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) at Johns Hopkins University’s Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous…
Tag: Schneier on Security
AI Will Write Complex Laws
Artificial intelligence (AI) is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies—all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill.…
AI Mistakes Are Very Different from Human Mistakes
Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our…
Biden Signs New Cybersecurity Order
President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of the executive order is an array of mandates…
Social Engineering to Disable iMessage Protections
I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the…
FBI Deletes PlugX Malware from Thousands of Computers
According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.” Details: To retrieve information from and send commands to the hacked machines, the malware connects to a…
Phishing False Alarm
A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards. This article has been indexed from Schneier…
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking on “AI: Trust & Power” at Capricon 45 in Chicago, Illinois, USA, at 11:30 AM on February 7, 2025. I’m also signing books there…
The First Password on the Internet
It was created in 1973 by Peter Kirstein: So from the beginning I put password protection on my gateway. This had been done in such a way that even if UK users telephoned directly into the communications computer provided by…
Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
Not sure this will matter in the end, but it’s a positive move: Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for…
Apps That Are Spying on Your Location
404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include…
Zero-Day Vulnerability in Ivanti VPN
It’s being actively exploited. This article has been indexed from Schneier on Security Read the original article: Zero-Day Vulnerability in Ivanti VPN
US Treasury Department Sanctions Chinese Company Over Cyberattacks
From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United…
Privacy of Photos.app’s Enhanced Visual Search
Initial speculation about a new Apple feature. This article has been indexed from Schneier on Security Read the original article: Privacy of Photos.app’s Enhanced Visual Search
Friday Squid Blogging: Anniversary Post
I made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week (with maybe only a few exceptions). There is a lot out there about squid, even more if you…
ShredOS
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here. This article has been indexed from Schneier on Security Read the original article: ShredOS
Google Is Allowing Device Fingerprinting
Lukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a major privacy setback. This article has been indexed from Schneier on Security Read the original article: Google Is Allowing Device Fingerprinting
Gift Card Fraud
It’s becoming an organized crime tactic: Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The…
Salt Typhoon’s Reach Continues to Grow
The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon. This article has been indexed from Schneier on Security Read the original article: Salt Typhoon’s Reach Continues to Grow
Casino Players Using Hidden Cameras for Cheating
The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is…