Blogroll | Communications of the ACM

From Schneier on Security

The Supreme Court Narrowed the CFAA

In a 6-3 ruling, the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act: In a ruling delivered today, the court sided with Van Buren and... Bruce Schneier
From Schneier on Security | June 4, 2021 at 07:36 AM

From Schneier on Security

Friday Squid Blogging: Video of Giant Squid Hunting Prey

Fantastic video of a giant squid hunting at depths between 1,827 and 3,117 feet. This is a follow-on from this post. As usual, you can also use this squid posthere... Bruce Schneier
From Schneier on Security | June 4, 2021 at 06:45 AM

From Schneier on Security

Security and Human Behavior (SHB) 2021

Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small... Bruce Schneier
From Schneier on Security | June 3, 2021 at 06:09 PM

From Schneier on Security

The DarkSide Ransomware Gang

The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline... Bruce Schneier
From Schneier on Security | June 2, 2021 at 10:09 AM

From Schneier on Security

Security Vulnerability in Apple’s Silicon “M1” Chip

The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through... Bruce Schneier
From Schneier on Security | May 31, 2021 at 09:27 PM

From Schneier on Security

The Misaligned Incentives for Cloud Security

Russia’s Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and US federal agencies, including the Treasury, Energy... Bruce Schneier
From Schneier on Security | May 26, 2021 at 10:56 AM

From Schneier on Security

The Story of the 2011 RSA Hack

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger... Bruce Schneier
From Schneier on Security | May 26, 2021 at 10:49 AM

From Schneier on Security

Friday Squid Blogging: Fossil of Squid Eating and Being Eaten

We now have a fossil of a squid eating a crustacean while it is being eaten by a shark. As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
From Schneier on Security | May 26, 2021 at 10:40 AM

From Schneier on Security

New Disk Wiping Malware Targets Israel

Apostle seems to be a new strain of malware that destroys data. In a post published Tuesday, SentinelOne researchers said they assessed with high confidence that... Bruce Schneier
From Schneier on Security | May 26, 2021 at 10:33 AM

From Schneier on Security

AIs and Fake Comments

This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn’t another attempt by... Bruce Schneier
From Schneier on Security | May 23, 2021 at 03:26 PM

From Schneier on Security

Double-Encrypting Ransomware

This seems to be a new tactic: Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data... Bruce Schneier
From Schneier on Security | May 21, 2021 at 09:50 AM

From Schneier on Security

Bizarro Banking Trojan

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways — either via malicious... Bruce Schneier
From Schneier on Security | May 20, 2021 at 10:13 AM

From Schneier on Security

Apple Censorship and Surveillance in China

Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance. Bruce Schneier
From Schneier on Security | May 18, 2021 at 11:32 AM

From Schneier on Security

Adding a Russian Keyboard to Protect against Ransomware

A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed. Brian Krebs... Bruce Schneier
From Schneier on Security | May 18, 2021 at 11:31 AM

From Schneier on Security

Is 85% of US Critical Infrastructure in Private Hands?

Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio... Bruce Schneier
From Schneier on Security | May 17, 2021 at 12:03 AM

From Schneier on Security

Ransomware Is Getting Ugly

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The DC police are the victims of this ransomware... Bruce Schneier
From Schneier on Security | May 13, 2021 at 04:34 PM

From Schneier on Security

New US Executive Order on Cybersecurity

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government. For the... Bruce Schneier
From Schneier on Security | May 13, 2021 at 10:39 AM

From Schneier on Security

Book Sale: Beyond Fear

I have 80 copies of my 2000 book Beyond Fear available at the very cheap price of $5 plus shipping. Note that there is a 20% chance that your book will have a “BT... Bruce Schneier
From Schneier on Security | May 12, 2021 at 08:48 AM

From Schneier on Security

AI Security Risk Assessment Tool

Microsoft researchers just released an open-source automation tool for security testing AI systems: “Counterfit.” Details on their blog. Bruce Schneier
From Schneier on Security | May 11, 2021 at 10:53 AM

From Schneier on Security

Ransomware Shuts Down US Pipeline

This is a major story: a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of... Bruce Schneier
From Schneier on Security | May 10, 2021 at 10:50 AM