Leaking Passwords through the SpellcheckerSometimes browser spellcheckers leak passwords: When using major web browsers like Chrome and Edge, your form data is transmitted to Google and...
Category: SchneierOnSecurity
Prompt Injection/Extraction Attacks against AI Systems
Prompt Injection/Extraction Attacks against AI SystemsThis is an interesting attack I had not previously considered. The variants are interesting, and I think we’re just starting to...
Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses
Leaking Screen Information on Zoom Calls through Reflections in EyeglassesOkay, it’s an obscure threat. But people are researching it: Our models and experimental results in a...
Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach
Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand BeachThis one has chewed-up tentacles. (Note that this is a different squid than the one...
Automatic Cheating Detection in Human Racing
Automatic Cheating Detection in Human RacingThis is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane...
FBI Seizes Stolen Cryptocurrencies
FBI Seizes Stolen CryptocurrenciesThe Wall Street Journal is reporting that the FBI has recovered over $30 million in cryptocurrency stolen by North Korean hackers earlier this...
Weird Fallout from Peiter Zatko’s Twitter Whistleblowing
Weird Fallout from Peiter Zatko’s Twitter WhistleblowingPeople are trying to dig up dirt on Peiter Zatko, better known as Mudge. For the record, I have not...
Relay Attack against Teslas
Relay Attack against TeslasNice work: Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing...
Upcoming Speaking Engagements
Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m speaking as part of a Geneva Centre for Security...
Massive Data Breach at Uber
Massive Data Breach at UberIt’s big: The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent...
Friday Squid Blogging: Mayfly Squid
Friday Squid Blogging: Mayfly SquidThis is surprisingly funny. As usual, you can also use this squid post to talk about the security stories in the news...
Large-Scale Collection of Cell Phone Data at US Borders
Large-Scale Collection of Cell Phone Data at US BordersThe Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell...