Bruce Schneier – Page 3 – WindowsTechs.com

Identifying People Using Wi-Fi Routers

Posted on May 26, 2026 by Bruce Schneier

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals.

This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or absorbed. By analyzing how the signal is expected to behave compared with how it is actually received, researchers can infer details about the surrounding environment…

Continue reading Identifying People Using Wi-Fi Routers→

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific

Posted on May 22, 2026 by Bruce Schneier

The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog mod… Continue reading Friday Squid Blogging: Regulating Squid Fishing in the South Pacific→

CISA Security Leak

Posted on May 22, 2026 by Bruce Schneier

Crazy story:
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number o… Continue reading CISA Security Leak→

macOS Kernel Memory Corruption Exploit

Posted on May 21, 2026 by Bruce Schneier

A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5.
News article.
Continue reading macOS Kernel Memory Corruption Exploit→

On AI Security

Posted on May 20, 2026 by Bruce Schneier

Good report:

Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities (even when they are NOT emergent systemic properties like security). So let’s take a step back: how do you measure security in the first place? Good question. Over the last 30 years, security engineering for software evolved from black box penetration testing, through whitebox code analysis and architectural risk analysis to de facto process-driven standards like the Building Security In Maturity Model (BSIMM). Software had a very deep impact on business operations, and it appears that AI is going to have an even deeper impact. Will a software security-like measurement move work for AI? Probably. In the meantime we can make real progress in AI security by cleaning up our WHAT piles and managing risk by identifying and applying good assurance processes. (Spoiler alert: no matter what we do, we still don’t get a security meter for AI, so we need to be extra vigilant about security.)…

Continue reading On AI Security→

Laurie Anderson Is Quoting Me

Posted on May 19, 2026 by Bruce Schneier

Not by name, but Laurie Anderson quotes me in one of the tracks of her new album:

My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t understand technology and you don’t understand your problems.”

Also in interviews:

“Of course, it’s ridiculous, outrageous, blah, blah, blah,” Anderson says about the ad. ‘But, I mean, my favorite quote on this is from a cryptologist who said, ‘If you think technology will solve your problems, you don’t understand technology Â and you don’t understand your problems.’ And I think I’m completely on board with that.”…

Continue reading Laurie Anderson Is Quoting Me→

Zero-Day Exploit Against Windows BitLocker

Posted on May 18, 2026 by Bruce Schneier

It’s nasty, but it requires physical access to the computer:

The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments…

Continue reading Zero-Day Exploit Against Windows BitLocker→

Friday Squid Blogging: Bigfin Squid

Posted on May 16, 2026 by Bruce Schneier

Article about the bigfin squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation policy.
Continue reading Friday Squid Blogging: Bigfin Squid→

Bypassing On-Camera Age-Verification Checks

Posted on May 15, 2026 by Bruce Schneier

Some AI-based video age-verification checks can be fooled with a fake mustache.
Continue reading Bypassing On-Camera Age-Verification Checks→

Upcoming Speaking Engagements

Posted on May 14, 2026 by Bruce Schneier

This is a current list of where and when I am scheduled to speak:

I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York, at 6:00 PM ET on May 21, 2026.
I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, and my talk will be the evening of June 24.
I’m speaking at the Digital Humanism Conference in Vienna, Austria, on Tuesday, June 26, 2026.
I’m speaking at the …

Continue reading Upcoming Speaking Engagements→