The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many opportunities …
A survey of giant squid science. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. [...]
A Hacker’s Mind will be published on Tuesday. I have done a written interview and a podcast interview about the book. It’s been chosen as a “ February 2023 Must-Read Book ” by the Next Big Idea Club. And an “Editor’s Pick”—whatever that means—on Amazon. There …
Interesting research: “ Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons “: Abstract: In this paper we describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural networks, by mathematically changing a small …
Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life …
This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. [...] The …
Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there …
NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper. Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)? Are the proposed changes sufficient and appropriate? Are there other elements that …
Scientists have created a hydrogel “using squid mantle and creative chemistry.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. [...]
Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book, which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that there’s warrant for his arrest by the …
This is a good list of modern phishing techniques. [...]
We recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set. I don’t know the details of the case, nor the intricacies of the law, but I have a question about movie props. Why was an actual gun used …
The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s offensive cyber operations during the runup to the 2022 midterm elections. He didn’t name names, of course: We did conduct operations persistently to make sure that our foreign adversaries …
Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general’s office created in 2014. A database stored at a nonprofit, the Transaction Record Analysis Center (TRAC), provides full names and amounts …
I can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we can’t arrest them. Back when I thought about it a lot, I realized …
Publisher’s Weekly reviewed A Hacker’s Mind —and it’s a starred review! “Hacking is something that the rich and powerful do, something that reinforces existing power structures,” contends security technologist Schneier ( Click Here to Kill Everybody ) in this excellent survey of exploitation. Taking a broad understanding of …
Here’s a new video of a giant squid, filmed in the Sea of Japan. I believe it’s injured. It’s so close to the surface, and not really moving very much. “We didn’t see the kinds of agile movements that many fish and marine creatures normally …
From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself …
A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models …
Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails, college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes eerily close …
No details, though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—that is, one hosted on the Tor anonymity network—it …
Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies. [...]
This is a current list of where and when I am scheduled to speak: I’m speaking at Capricon, a four-day science fiction convention in Chicago. My talk is on “The Coming AI Hackers” and will be held Friday, February 3 at 1:00 PM. The list is maintained …
Booklist reviews A Hacker’s Mind : Author and public-interest security technologist Schneier ( Data and Goliath, 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system [...] at the expense of someone else affected by the system.” In accessing the security …
Good advice on buying squid. I like to buy whole fresh squid and clean it myself. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. [...]