Bruce Schneier – Page 30 – WindowsTechs.com

Airlines Secretly Selling Passenger Data to the Government

Posted on June 12, 2025 by Bruce Schneier

This is news:

A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details.

Another article.

EDITED TO ADD (6/14): Ed Hausbrook reported this a month and a half ago.

… Continue reading Airlines Secretly Selling Passenger Data to the Government→

New Way to Covertly Track Android Users

Posted on June 9, 2025 by Bruce Schneier

Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught.

The details are interesting, and worth reading in detail:

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it’s investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities…

Continue reading New Way to Covertly Track Android Users→

Friday Squid Blogging: Squid Run in Southern New England

Posted on June 6, 2025 by Bruce Schneier

Southern New England is having the best squid run in years.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Continue reading Friday Squid Blogging: Squid Run in Southern New England→

Hearing on the Federal Government and AI

Posted on June 6, 2025 by Bruce Schneier

On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.”
The other speakers mostly talked about how cool AI was—and somet… Continue reading Hearing on the Federal Government and AI→

Report on the Malicious Uses of AI

Posted on June 6, 2025 by Bruce Schneier

OpenAI just published its annual report on malicious uses of AI.

By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive employment schemes, covert influence operations and scams.

These operations originated in many parts of the world, acted in many different ways, and focused on many different targets. A significant number appeared to originate in China: Four of the 10 cases in this report, spanning social engineering, covert influence operations and cyber threats, likely had a Chinese origin. But we’ve disrupted abuses from many other countries too: this report includes case studies of a likely task scam from Cambodia, comment spamming apparently from the Philippines, covert influence attempts potentially linked with Russia and Iran, and deceptive employment schemes…

Continue reading Report on the Malicious Uses of AI→

The Ramifications of Ukraine’s Drone Attack

Posted on June 4, 2025 by Bruce Schneier

You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare:

If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with Indian air bases? Or the North Koreans with South Korean air bases? Militaries that thought they had secured their air bases with electrified fences and guard posts will now have to reckon with the threat from the skies posed by cheap, ubiquitous drones that can be easily modified for military use. This will necessitate a massive investment in counter-drone systems. Money spent on conventional manned weapons systems increasingly looks to be as wasted as spending on the cavalry in the 1930s…

Continue reading The Ramifications of Ukraine’s Drone Attack→

New Linux Vulnerabilities

Posted on June 3, 2025 by Bruce Schneier

They’re interesting:

Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.

[…]

“This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace.”…

Continue reading New Linux Vulnerabilities→

Australia Requires Ransomware Victims to Declare Payments

Posted on June 2, 2025 by Bruce Schneier

A new Australian law requires larger companies to declare any ransomware payments they have made.
Continue reading Australia Requires Ransomware Victims to Declare Payments→

Why Take9 Won’t Improve Cybersecurity

Posted on May 30, 2025 by Bruce Schneier

There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share.

There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities…

Continue reading Why Take9 Won’t Improve Cybersecurity→

Friday Squid Blogging: NGC 1068 Is the “Squid Galaxy”

Posted on May 29, 2025 by Bruce Schneier

I hadn’t known that the NGC 1068 galaxy is nicknamed the “Squid Galaxy.” It is, and it’s spewing neutrinos without the usual accompanying gamma rays.
As usual, you can also use this squid post to talk about the security stories… Continue reading Friday Squid Blogging: NGC 1068 Is the “Squid Galaxy”→