Trusted Encryption Environments
Schneier on Security
by Bruce Schneier
8h ago
Really good—and detailed—survey of Trusted Encryption Environments (TEEs ..read more
Visit website
Pairwise Authentication of Humans
Schneier on Security
by Bruce Schneier
1d ago
Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. This is how it works: Two people, Person A and Person B, sit in front of the same computer and open this page; They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”; The page will generate two TOTP QR codes, one for Alice and one for Bob ..read more
Visit website
UK Is Ordering Apple to Break Its Own Encryption
Schneier on Security
by Bruce Schneier
3d ago
The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and something we in the security community have worried was coming for a while now. The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment ..read more
Visit website
Friday Squid Blogging: The Colossal Squid
Schneier on Security
by Bruce Schneier
4d ago
Long article on the colossal squid. Blog moderation policy ..read more
Visit website
Screenshot-Reading Malware
Schneier on Security
by Bruce Schneier
4d ago
Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says: “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.” That’s a tactic I have not heard of before ..read more
Visit website
AIs and Robots Should Sound Robotic
Schneier on Security
by Bruce Schneier
5d ago
Most people know that robots no longer sound like tinny trash cans. They sound like Siri, Alexa, and Gemini. They sound like the voices in labyrinthine customer support phone trees. And even those robot voices are being made obsolete by new AI-generated voices that can mimic every vocal nuance and tic of human speech, down to specific regional accents. And with just a few seconds of audio, AI can now clone someone’s specific voice. This technology will replace humans in many areas. Automated customer support will save money by cutting staffing at ..read more
Visit website
On Generative AI Security
Schneier on Security
by Bruce Schneier
6d ago
Microsoft’s AI Red Team just published “Lessons from Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful: Understand what the system can do and where it is applied. You don’t have to compute gradients to break an AI system. AI red teaming is not safety benchmarking. Automation can help cover more of the risk landscape. The human element of AI red teaming is crucial. Responsible AI harms are pervasive but difficult to measure. LLMs amplify existing security risks and introduce new ones ..read more
Visit website
Deepfakes and the 2024 US Election
Schneier on Security
by Bruce Schneier
1w ago
Interesting analysis: We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project (source for our analysis), which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In each case, we identified what AI was used for and estimated the cost of creating similar content without AI. We find that (1) half of AI use isn’t deceptive, (2) deceptive content produced using AI is nevertheless cheap to replicate without AI, and (3) focusing on the demand for misinformation rather than the supply is a much more effective ..read more
Visit website
Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware
Schneier on Security
by Bruce Schneier
1w ago
This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised.” It is not clear who was behind the attack. Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks ..read more
Visit website
Friday Squid Blogging: On Squid Brains
Schneier on Security
by Bruce Schneier
1w ago
Interesting. Blog moderation policy ..read more
Visit website

Follow Schneier on Security on FeedSpot

Continue with Google
Continue with Apple
OR