From Schneier on Security
Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration
…
B. Schneier| February 29, 2024
Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft...Bruce Schneier From Schneier on Security | April 23, 2024 at 07:09 AM
Interesting social-engineering attack vector:
McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft...Bruce Schneier From Schneier on Security | April 22, 2024 at 11:26 AM
A new bioadhesive makes it easier to attach trackers to squid.
Note: the article does not discuss squid privacy rights.
As usual, you can also use this squid post...Bruce Schneier From Schneier on Security | April 19, 2024 at 05:05 PM
After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique:
The OpenJS Foundation Cross...Bruce Schneier From Schneier on Security | April 18, 2024 at 07:06 AM
Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption.
I wrote about many different legislative...Bruce Schneier From Schneier on Security | April 17, 2024 at 07:08 AM
Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain...Bruce Schneier From Schneier on Security | April 16, 2024 at 07:00 AM
A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms...Bruce Schneier From Schneier on Security | April 15, 2024 at 07:04 AM
This is a current list of where and when I am scheduled to speak:
I’m speaking twice at RSA Conference 2024 in San Francisco. I’ll be on a panel on software liability...Bruce Schneier From Schneier on Security | April 14, 2024 at 12:02 PM
It’s a pretty awful story.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting...Bruce Schneier From Schneier on Security | April 12, 2024 at 05:08 PM
Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t...Bruce Schneier From Schneier on Security | April 11, 2024 at 07:01 AM
Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version.Bruce Schneier From Schneier on Security | April 10, 2024 at 07:08 AM
US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack that
From the executive summary:
The...Bruce Schneier From Schneier on Security | April 9, 2024 at 09:56 AM
This is a newly discovered email vulnerability:
The email your manager received and forwarded to you was something completely innocent, such as a potential customer...Bruce Schneier From Schneier on Security | April 8, 2024 at 07:03 AM
They’re AI warehouse robots.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting...Bruce Schneier From Schneier on Security | April 5, 2024 at 05:02 PM
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol:
On March 27 the commission asked telecommunications providers to weigh...Bruce Schneier From Schneier on Security | April 5, 2024 at 07:00 AM
The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a...Bruce Schneier From Schneier on Security | April 4, 2024 at 07:07 AM
The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally...Bruce Schneier From Schneier on Security | April 2, 2024 at 02:50 PM
Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003.
There are...Bruce Schneier From Schneier on Security | April 2, 2024 at 01:05 PM
Adam Shostack is selling magic security dust.
It’s about time someone is commercializing this essential technology.Bruce Schneier From Schneier on Security | April 1, 2024 at 10:19 AM
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge.
I can’t remember when I first met Ross. Of course it was before 2008...Bruce Schneier From Schneier on Security | March 31, 2024 at 08:21 PM