Communications of the ACM
Refine your search:
How the “Frontier” Became the Slogan of Uncontrolled AI
Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration …
From Schneier on Security
Failures in Twitter’s Two-Factor Authentication System
Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those...
From Schneier on Security
Russian Software Company Pretending to Be American
Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually...
From Schneier on Security
Another Event-Related Spyware App
Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app: The app is being promoted as...
From Schneier on Security
A Digital Red Cross
The International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical...
From Schneier on Security
Friday Squid Blogging: Squid Purse
Perfect for an evening out. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting...
From Schneier on Security
New Book: A Hacker’s Mind
I have a new book coming out in February. It’s about hacking. A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back isn’t about hacking...
From Schneier on Security
NSA Over-surveillance
Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that...
From Schneier on Security
An Untrustworthy TLS Certificate in Browsers
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Google’s Chrome, Apple’s Safari, nonprofit Firefox...
From Schneier on Security
Defeating Phishing-Resistant Multifactor Authentication
CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing...
From Schneier on Security
Using Wi-FI to See through Walls
This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning...
From Schneier on Security
The Conviction of Uber’s Chief Security Officer
I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber...
From Schneier on Security
Friday Squid Blogging: Newfoundland Giant Squid Sculpture
In 1878, a 55-foot-long giant squid washed up on the shores of Glover’s Harbour, Newfoundland. It’s the largest giant squid ever recorded—although scientists now...
From Schneier on Security
NSA on Supply Chain Security
The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers...
From Schneier on Security
Iran’s Digital Surveillance Tools Leaked
It’s Iran’s turn to have its digital surveillance tools leaked: According to these internal documents, SIAM is a computer system that works behind the scenes of...
From Schneier on Security
Apple Only Commits to Patching Latest OS Version
People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to...
From Schneier on Security
Friday Squid Blogging: Chinese Squid Fishing
China claims that it is “engaging in responsible squid fishing”: Chen Xinjun, dean of the College of Marine Sciences at Shanghai Ocean University, made the remarks...
From Schneier on Security
Critical Vulnerability in Open SSL
There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According tocritical...
From Schneier on Security
Australia Increases Fines for Massive Data Breaches
After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million...
From Schneier on Security
On the Randomness of Automatic Card Shufflers
Many years ago, Matt Blaze and I talked about getting our hands on a casino-grade automatic shuffler and looking for vulnerabilities. We never did it—I remember...
From Schneier on Security