Bruce Schneier – Page 34 – WindowsTechs.com

Ghostwriting Scam

Posted on June 18, 2025 by Bruce Schneier

The variations seem to be endless. Here’s a fake ghostwriting scam that seems to be making boatloads of money.

This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans with false hopes of publishing bestseller books (a scam you’d not think many people would fall for but is surprisingly huge). In January, three people were charged with defrauding elderly authors across the United States of almost $44 million by “convincing the victims that publishers and filmmakers wanted to turn their books into blockbusters.”…

Continue reading Ghostwriting Scam→

Where AI Provides Value

Posted on June 17, 2025 by Bruce Schneier

If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you’re safe for another day.

But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages arise—and where they don’t—will be key to adapting to the AI-infused workforce.

AI will often not be as effective as a human doing the same job. It won’t always know more or be more accurate. And it definitely won’t always be fairer or more reliable. But it may still be used whenever it has an advantage over humans in one of four dimensions: speed, scale, scope and sophistication. Understanding these dimensions is the key to understanding AI-human replacement…

Continue reading Where AI Provides Value→

Upcoming Speaking Engagements

Posted on June 15, 2025 by Bruce Schneier

This is a current list of where and when I am scheduled to speak:

I’m speaking at the International Conference on Digital Trust, AI and the Future in Edinburgh, Scotland on Tuesday, June 24 at 4:00 PM.

The list is maintained on this page.
Continue reading Upcoming Speaking Engagements→

Friday Squid Blogging: Stubby Squid

Posted on June 13, 2025 by Bruce Schneier

Video of the stubby squid (Rossia pacifica) from offshore Vancouver Island.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Continue reading Friday Squid Blogging: Stubby Squid→

Paragon Spyware Used to Spy on European Journalists

Posted on June 13, 2025 by Bruce Schneier

Paragon is an Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit:

On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for the technical analysis of their cases. The key findings from our forensic analysis of their devices are summarized below:

Our analysis finds forensic evidence confirming with high confidence that both a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, were targeted with Paragon’s Graphite mercenary spyware.
…

Continue reading Paragon Spyware Used to Spy on European Journalists→

Airlines Secretly Selling Passenger Data to the Government

Posted on June 12, 2025 by Bruce Schneier

This is news:

A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details.

Another article.

EDITED TO ADD (6/14): Ed Hausbrook reported this a month and a half ago.

… Continue reading Airlines Secretly Selling Passenger Data to the Government→

New Way to Covertly Track Android Users

Posted on June 9, 2025 by Bruce Schneier

Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught.

The details are interesting, and worth reading in detail:

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it’s investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities…

Continue reading New Way to Covertly Track Android Users→

Friday Squid Blogging: Squid Run in Southern New England

Posted on June 6, 2025 by Bruce Schneier

Southern New England is having the best squid run in years.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Continue reading Friday Squid Blogging: Squid Run in Southern New England→

Hearing on the Federal Government and AI

Posted on June 6, 2025 by Bruce Schneier

On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.”
The other speakers mostly talked about how cool AI was—and somet… Continue reading Hearing on the Federal Government and AI→

Report on the Malicious Uses of AI

Posted on June 6, 2025 by Bruce Schneier

OpenAI just published its annual report on malicious uses of AI.

By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive employment schemes, covert influence operations and scams.

These operations originated in many parts of the world, acted in many different ways, and focused on many different targets. A significant number appeared to originate in China: Four of the 10 cases in this report, spanning social engineering, covert influence operations and cyber threats, likely had a Chinese origin. But we’ve disrupted abuses from many other countries too: this report includes case studies of a likely task scam from Cambodia, comment spamming apparently from the Philippines, covert influence attempts potentially linked with Russia and Iran, and deceptive employment schemes…

Continue reading Report on the Malicious Uses of AI→