Blogroll | Communications of the ACM

From Schneier on Security

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with... Bruce Schneier
From Schneier on Security | April 15, 2025 at 12:02 PM

From Schneier on Security

China Sort of Admits to Being Behind Volt Typhoon

The Wall Street Journal has the story: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks... Bruce Schneier
From Schneier on Security | April 14, 2025 at 07:08 AM

From Schneier on Security

Friday Squid Blogging: Squid and Efficient Solar Tech

Researchers are trying to use squid color-changing biochemistry for solar tech. This appears to be new and related research to a 2019 squid post. As usual, you... Bruce Schneier
From Schneier on Security | April 11, 2025 at 07:06 AM

From Schneier on Security

AI Vulnerability Finding

Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including... Bruce Schneier
From Schneier on Security | April 11, 2025 at 07:04 AM

From Schneier on Security

How to Leak to a Journalist

Neiman Lab has some good advice on how to leak a story to a journalist. Bruce Schneier
From Schneier on Security | April 9, 2025 at 07:02 AM

From Schneier on Security

Arguing Against CALEA

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated... Bruce Schneier
From Schneier on Security | April 8, 2025 at 07:08 AM

From Schneier on Security

DIRNSA Fired

In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch ofnews... Bruce Schneier
From Schneier on Security | April 7, 2025 at 07:03 AM

From Schneier on Security

Friday Squid Blogging: Two-Man Giant Squid

The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
From Schneier on Security | April 4, 2025 at 05:03 PM

From Schneier on Security

Troy Hunt Gets Phished

In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished... Bruce Schneier
From Schneier on Security | April 4, 2025 at 07:02 AM

From Schneier on Security

Web 3.0 Requires Data Integrity

If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known... Bruce Schneier
From Schneier on Security | April 3, 2025 at 07:05 AM

From Schneier on Security

Rational Astrologies and Security

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend... Bruce Schneier
From Schneier on Security | April 2, 2025 at 07:04 AM

From Schneier on Security

Cell Phone OPSEC for Border Crossings

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about... Bruce Schneier
From Schneier on Security | April 1, 2025 at 07:01 AM

From Schneier on Security

The Signal Chat Leak and the NSA

US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly... Bruce Schneier
From Schneier on Security | March 31, 2025 at 07:04 AM

From Schneier on Security

Friday Squid Blogging: Squid Werewolf Hacking Group

In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security... Bruce Schneier
From Schneier on Security | March 28, 2025 at 05:04 PM

From Schneier on Security

AIs as Trusted Third Parties

This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea... Bruce Schneier
From Schneier on Security | March 28, 2025 at 07:01 AM

From Schneier on Security

A Taxonomy of Adversarial Machine Learning Attacks and Mitigations

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures. Bruce Schneier
From Schneier on Security | March 27, 2025 at 07:00 AM

From Schneier on Security

AI Data Poisoning

Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots,... Bruce Schneier
From Schneier on Security | March 26, 2025 at 07:07 AM

From Schneier on Security

Report on Paragon Spyware

Citizen Lab has a new report on Paragon’s spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware... Bruce Schneier
From Schneier on Security | March 25, 2025 at 07:05 AM

From Schneier on Security

More Countries are Demanding Back-Doors to Encrypted Apps

Last month I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating... Bruce Schneier
From Schneier on Security | March 24, 2025 at 06:38 AM

From Schneier on Security

Friday Squid Blogging: A New Explanation of Squid Camouflage

New research: An associate professor of chemistry and chemical biology at Northeastern University, Deravi’s recently published paper in the Journal of Materials... Bruce Schneier
From Schneier on Security | March 21, 2025 at 04:30 PM