Blogroll | Communications of the ACM

From Schneier on Security

More Spectre/Meltdown-Like Attacks

Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote... Bruce Schneier
From Schneier on Security | November 14, 2018 at 04:30 PM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Kiwicon in Wellington, New Zealand on November 16, 2018. I'm appearing on IBM... Bruce Schneier
From Schneier on Security | November 14, 2018 at 09:03 AM

From Schneier on Security

Oracle and "Responsible Disclosure"

I've been writing about "responsible disclosure" for over a decade; here's an essay from 2007. Basically, it's a tacit agreement between researchers and software... Bruce Schneier
From Schneier on Security | November 14, 2018 at 07:46 AM

From Schneier on Security

New IoT Security Regulations

Due to ever-evolving technological advances, manufacturers are connecting consumer goods -- from toys to lightbulbs to major appliances -- to the internet at... Bruce Schneier
From Schneier on Security | November 13, 2018 at 08:04 AM

From Schneier on Security

Hiding Secret Messages in Fingerprints

This is a fun steganographic application: hiding a message in a fingerprint image. Can't see any real use for it, but that's okay.... Bruce Schneier
From Schneier on Security | November 12, 2018 at 07:17 AM

From Schneier on Security

Friday Squid Blogging: Australian Fisherman Gets Inked

Pretty good video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines... Bruce Schneier
From Schneier on Security | November 9, 2018 at 05:07 PM

From Schneier on Security

The Pentagon is Publishing Foreign Nation-State Malware

This is a new thing: The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially... Bruce Schneier
From Schneier on Security | November 9, 2018 at 02:52 PM

From Schneier on Security

Privacy and Security of Data at Universities

Interesting paper: "Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier," by Christine Borgman: Abstract: As universities recognize the... Bruce Schneier
From Schneier on Security | November 9, 2018 at 07:04 AM

From Schneier on Security

iOS 12.1 Vulnerability

This is really just to point out that computer security is really hard: Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered... Bruce Schneier
From Schneier on Security | November 8, 2018 at 07:35 AM

From Schneier on Security

Consumer Reports Reviews Wireless Home-Security Cameras

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security... Bruce Schneier
From Schneier on Security | November 7, 2018 at 07:39 AM

From Schneier on Security

Security of Solid-State-Drive Encryption

Interesting research: "Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)": Abstract: We have analyzed the hardware full-disk... Bruce Schneier
From Schneier on Security | November 6, 2018 at 07:51 AM

From Schneier on Security

Troy Hunt on Passwords

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable... Bruce Schneier
From Schneier on Security | November 5, 2018 at 11:24 AM

From Schneier on Security

Friday Squid Blogging: Eating More Squid

This research paper concludes that we'll be eating more squid in the future. As usual, you can also use this squid post to talk about the security stories in the... Bruce Schneier
From Schneier on Security | November 2, 2018 at 05:08 PM

From Schneier on Security

How to Punish Cybercriminals

Interesting policy paper by Third Way: "To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors": In this paper... Bruce Schneier
From Schneier on Security | November 2, 2018 at 07:01 AM

From Schneier on Security

Buying Used Voting Machines on eBay

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those... Bruce Schneier
From Schneier on Security | November 1, 2018 at 07:18 AM

From Schneier on Security

Was the Triton Malware Attack Russian in Origin?

The conventional story is that Iran targeted Saudi Arabia with Triton in 2017. New research from FireEye indicates that it might have been Russia. I don't know.... Bruce Schneier
From Schneier on Security | October 31, 2018 at 01:44 PM

From Schneier on Security

ID Systems Throughout the 50 States

Jim Harper at CATO has a good survey of state ID systems in the US.... Bruce Schneier
From Schneier on Security | October 31, 2018 at 07:53 AM

From Schneier on Security

Cell Phone Security and Heads of State

Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cell phone and using the... Bruce Schneier
From Schneier on Security | October 30, 2018 at 07:38 AM

From Schneier on Security

More on the Supermicro Spying Story

I've blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don't know if the story is true, although... Bruce Schneier
From Schneier on Security | October 29, 2018 at 04:19 PM

From Schneier on Security

Security Vulnerability in Internet-Connected Construction Cranes

This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions... Bruce Schneier
From Schneier on Security | October 29, 2018 at 07:18 AM