Blogroll | Communications of the ACM

From Schneier on Security

De-anonymization Story

This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest inreportedly... Bruce Schneier
From Schneier on Security | July 27, 2021 at 04:09 PM

From Schneier on Security

Hiding Malware in ML Models

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”. Abstract: Delivering malware covertly and detection-evadingly is critical to... Bruce Schneier
From Schneier on Security | July 26, 2021 at 04:59 PM

From Schneier on Security

Disrupting Ransomware by Disrupting Bitcoin

Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons.... Bruce Schneier
From Schneier on Security | July 23, 2021 at 11:36 AM

From Schneier on Security

Commercial Location Data Used to Out Priest

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis: The news starkly demonstrates not only the inherent power... Bruce Schneier
From Schneier on Security | July 23, 2021 at 09:58 AM

From Schneier on Security

Nasty Printer Driver Vulnerability

From SentinelLabs, a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in... Bruce Schneier
From Schneier on Security | July 22, 2021 at 11:41 AM

From Schneier on Security

NSO Group Hacked

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists... Bruce Schneier
From Schneier on Security | July 20, 2021 at 02:50 PM

From Schneier on Security

Candiru: Another Cyberweapons Arms Manufacturer

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report: Summary: Candiru is a secretive... Bruce Schneier
From Schneier on Security | July 19, 2021 at 11:54 AM

From Schneier on Security

REvil is Off-Line

This is an interesting development: Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American... Bruce Schneier
From Schneier on Security | July 16, 2021 at 04:03 PM

From Schneier on Security

Colorado Passes Consumer Privacy Law

First California. Then Virginia. Now Colorado. Here’s a good comparison of the three states’ laws. Bruce Schneier
From Schneier on Security | July 13, 2021 at 10:10 AM

From Schneier on Security

China Taking Control of Zero-Day Exploits

China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability... Bruce Schneier
From Schneier on Security | July 13, 2021 at 10:07 AM

From Schneier on Security

Iranian State-Sponsored Hacking Attempts

Interesting attack: Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly... Bruce Schneier
From Schneier on Security | July 13, 2021 at 10:04 AM

From Schneier on Security

Friday Squid Blogging: The Evolution of Squid

Good video about the evolutionary history of squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered... Bruce Schneier
From Schneier on Security | July 12, 2021 at 12:59 PM

From Schneier on Security

Analysis of the FBI’s Anom Phone

Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting. Bruce Schneier
From Schneier on Security | July 12, 2021 at 12:58 PM

From Schneier on Security

Details of the REvil Ransomware Attack

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical... Bruce Schneier
From Schneier on Security | July 8, 2021 at 11:12 AM

From Schneier on Security

Vulnerability in the Kaspersky Password Manager

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator... Bruce Schneier
From Schneier on Security | July 6, 2021 at 10:27 AM

From Schneier on Security

Stealing Xbox Codes

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards... Bruce Schneier
From Schneier on Security | July 4, 2021 at 05:14 PM

From Schneier on Security

More Russian Hacking

Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealingwrote... Bruce Schneier
From Schneier on Security | July 1, 2021 at 06:29 PM

From Schneier on Security

Insurance and Ransomware

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper... Bruce Schneier
From Schneier on Security | July 1, 2021 at 12:01 PM

From Schneier on Security

Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example)... Bruce Schneier
From Schneier on Security | June 29, 2021 at 10:12 AM

From Schneier on Security

Friday Squid Blogging: Giant Squid Model

Pretty wooden model. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines... Bruce Schneier
From Schneier on Security | June 27, 2021 at 05:54 PM