Communications of the ACM
Refine your search:
How the “Frontier” Became the Slogan of Uncontrolled AI
Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration …
From Schneier on Security
The Rise of Large-Language-Model Optimization
The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much...
From Schneier on Security
Dan Solove on Privacy Regulation
Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and...
From Schneier on Security
Microsoft and Security Incentives
Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft...
From Schneier on Security
Using Legitimate GitHub URLs for Malware
Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft...
From Schneier on Security
Friday Squid Blogging: Squid Trackers
A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights. As usual, you can also use this squid post...
From Schneier on Security
Other Attempts to Take Over Open Source Projects
After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross...
From Schneier on Security
Using AI-Generated Legislative Amendments as a Delaying Technique
Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many different legislative...
From Schneier on Security
X.com Automatically Changing Link Text but Not URLs
Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain...
From Schneier on Security
New Lattice Cryptanalytic Technique
A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms...
From Schneier on Security
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking twice at RSA Conference 2024 in San Francisco. I’ll be on a panel on software liability...
From Schneier on Security
Friday Squid Blogging: The Awfulness of Squid Fishing Boats
It’s a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting...
From Schneier on Security
Smuggling Gold by Disguising it as Machine Parts
Someone got caught trying to smuggle 322 pounds of gold (that’s about 1/4 of a cubic foot) out of Hong Kong. It was disguised as machine parts: On March 27, customs...
From Schneier on Security
Backdoor in XZ Utils That Almost Happened
Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t...
From Schneier on Security
In Memoriam: Ross Anderson, 1956-2024
Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version.
From Schneier on Security
US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack
US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack that From the executive summary: The...
From Schneier on Security
Security Vulnerability of HTML Emails
This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer...
From Schneier on Security
Friday Squid Blogging: SqUID Bots
They’re AI warehouse robots. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting...
From Schneier on Security
Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh...
From Schneier on Security
Surveillance by the New Microsoft Outlook App
The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a...
From Schneier on Security