From Schneier on Security
Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration
…
B. Schneier| February 29, 2024
Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways.
Abstract: The recently published “MERGE” protocol is designed to be used in...Bruce Schneier From Schneier on Security | November 25, 2024 at 07:09 AM
Interesting analysis:
We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to political risks from...Bruce Schneier From Schneier on Security | November 22, 2024 at 07:06 AM
Interesting analysis:
Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware...Bruce Schneier From Schneier on Security | November 19, 2024 at 07:05 AM
Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack.
An earlier related post.
Blog moderation policy.Bruce Schneier From Schneier on Security | November 15, 2024 at 05:07 PM
Stuart Schechter makes some good points on the history of bad password policies:
Morris and Thompson’s work brought much-needed data to highlight a problem that...Bruce Schneier From Schneier on Security | November 15, 2024 at 07:05 AM
Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before...Bruce Schneier From Schneier on Security | November 14, 2024 at 07:05 AM
DeFlock is a crowd-sourced project to map license plate scanners.
It only records the fixed scanners, of course. The mobile scanners on cars are not mapped.
The...Bruce Schneier From Schneier on Security | November 13, 2024 at 07:06 AM
I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass...Bruce Schneier From Schneier on Security | November 12, 2024 at 07:05 AM
Squid-A-Rama will be in Des Moines at the end of the month.
Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live...Bruce Schneier From Schneier on Security | November 8, 2024 at 05:04 PM
The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms...Bruce Schneier From Schneier on Security | November 8, 2024 at 07:03 AM
Interesting research: “Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks“:
Large language models (LLMs) are increasingly...Bruce Schneier From Schneier on Security | November 7, 2024 at 11:13 AM
Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection...Bruce Schneier From Schneier on Security | November 7, 2024 at 07:07 AM
Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part...Bruce Schneier From Schneier on Security | November 6, 2024 at 07:02 AM
I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing...Bruce Schneier From Schneier on Security | November 5, 2024 at 07:08 AM
This is a good point:
Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists...Bruce Schneier From Schneier on Security | October 31, 2024 at 11:43 AM
Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personalLe...Bruce Schneier From Schneier on Security | October 31, 2024 at 11:16 AM
Excellent read. One example:
Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation...Bruce Schneier From Schneier on Security | October 30, 2024 at 10:48 AM