Blogroll | Communications of the ACM

From Schneier on Security

Security Vulnerabilities in Eufy Cameras

Eufy cameras claim to be local only, but upload data to the cloud. The company is basically lying to reporters, despite being shown evidence to the contrary. The... Bruce Schneier
From Schneier on Security | December 9, 2022 at 07:11 AM

From Schneier on Security

Leaked Signing Keys Are Being Used to Sign Malware

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android... Bruce Schneier
From Schneier on Security | December 8, 2022 at 07:08 AM

From Schneier on Security

The Decoupling Principle

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to... Bruce Schneier
From Schneier on Security | December 7, 2022 at 07:04 AM

From Schneier on Security

CryWiper Data Wiper Targeting Russian Sites

Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data that’s not... Bruce Schneier
From Schneier on Security | December 6, 2022 at 07:04 AM

From Schneier on Security

CAPTCHA

This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? (Seems not... Bruce Schneier
From Schneier on Security | December 5, 2022 at 07:10 AM

From Schneier on Security

Friday Squid Blogging: Legend of the Indiana Oil-Pit Squid

At a GMC plant. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines... Bruce Schneier
From Schneier on Security | December 2, 2022 at 05:12 PM

From Schneier on Security

Existential Risk and the Fermi Paradox

We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack... Bruce Schneier
From Schneier on Security | December 2, 2022 at 03:07 PM

From Schneier on Security

LastPass Security Breach

The company was hacked, and customer information accessed. No passwords were compromised. Bruce Schneier
From Schneier on Security | December 2, 2022 at 07:09 AM

From Schneier on Security

Sirius XM Software Vulnerability

This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed... Bruce Schneier
From Schneier on Security | December 1, 2022 at 10:10 AM

From Schneier on Security

Facebook Fined $276M under GDPR

Facebook—Meta—was just fined $276 million (USD) for a data leak that included full names, birth dates, phone numbers, and location. Meta’s total fine by the Data... Bruce Schneier
From Schneier on Security | November 30, 2022 at 07:00 AM

From Schneier on Security

Charles V of Spain Secret Code Cracked

Diplomatic code cracked after 500 years: In painstaking work backed by computers, Pierrot found “distinct families” of about 120 symbols used by Charles V. “Whole... Bruce Schneier
From Schneier on Security | November 29, 2022 at 07:19 AM

From Schneier on Security

Computer Repair Technicians Are Stealing Your Data

Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs... Bruce Schneier
From Schneier on Security | November 28, 2022 at 10:44 AM

From Schneier on Security

The US Has a Shortage of Bomb-Sniffing Dogs

Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs: Last month, the US Government Accountability Office (GAO) released... Bruce Schneier
From Schneier on Security | November 23, 2022 at 11:23 AM

From Schneier on Security

Apple’s Device Analytics Can Identify iCloud Users

Researchers claim that supposedly anonymous device analytics information can identify users: On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have... Bruce Schneier
From Schneier on Security | November 22, 2022 at 10:28 AM

From Schneier on Security

Breaking the Zeppelin Ransomware Encryption Scheme

Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin... Bruce Schneier
From Schneier on Security | November 21, 2022 at 07:08 AM

From Schneier on Security

Friday Squid Blogging: Squid Brains

Researchers have new evidence of how squid brains develop: Researchers from the FAS Center for Systems Biology describe how they used a new live-imaging technique... Bruce Schneier
From Schneier on Security | November 18, 2022 at 05:12 PM

From Schneier on Security

First Review of A Hacker’s Mind

Kirkus reviews A Hacker’s Mind: A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost... Bruce Schneier
From Schneier on Security | November 18, 2022 at 01:08 PM

From Schneier on Security

Successful Hack of Time-Triggered Ethernet

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have... Bruce Schneier
From Schneier on Security | November 18, 2022 at 10:04 AM

From Schneier on Security

Failures in Twitter’s Two-Factor Authentication System

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those... Bruce Schneier
From Schneier on Security | November 17, 2022 at 05:53 AM

From Schneier on Security

Russian Software Company Pretending to Be American

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually... Bruce Schneier
From Schneier on Security | November 16, 2022 at 06:03 AM