Blogroll | Communications of the ACM

From Schneier on Security

Accellion Supply Chain Hack

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There’s much in the article about when Accellion... Bruce Schneier
From Schneier on Security | March 22, 2021 at 04:35 PM

From Schneier on Security

Details of a Computer Banking Scam

This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. There’s a lot of fluff about glitterbombs... Bruce Schneier
From Schneier on Security | March 19, 2021 at 03:54 PM

From Schneier on Security

Easy SMS Hijacking

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns... Bruce Schneier
From Schneier on Security | March 18, 2021 at 04:24 PM

From Schneier on Security

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality... Bruce Schneier
From Schneier on Security | March 17, 2021 at 02:19 PM

From Schneier on Security

Illegal Content and the Blockchain

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command... Bruce Schneier
From Schneier on Security | March 15, 2021 at 04:13 PM

From Schneier on Security

More on the Chinese Zero-Day Microsoft Exchange Hack

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things... Bruce Schneier
From Schneier on Security | March 9, 2021 at 05:34 PM

From Schneier on Security

On the Insecurity of ES&S Voting Machines’ Hash Code

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&S’s software authentication system: It turns out that ES&S has bugs in their hash-code... Bruce Schneier
From Schneier on Security | March 9, 2021 at 05:27 PM

From Schneier on Security

Security Analysis of Apple’s “Find My…” Protocol

Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“: Abstract: Overnight, Apple has... Bruce Schneier
From Schneier on Security | March 9, 2021 at 03:50 PM

From Schneier on Security

Metadata Left in Security Agency PDFs

Really interesting research: “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents... Bruce Schneier
From Schneier on Security | March 9, 2021 at 03:45 PM

From Schneier on Security

Fast Random Bit Generation

Science has a paper (and commentary) on generating 250 random terabits per second with a laser. I don’t know how cryptographically secure they are, but that can... Bruce Schneier
From Schneier on Security | March 9, 2021 at 03:42 PM

From Schneier on Security

On Not Fixing Old Vulnerabilities

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to... Bruce Schneier
From Schneier on Security | March 5, 2021 at 04:18 PM

From Schneier on Security

Friday Squid Blogging: Squid Cartoon

Squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here... Bruce Schneier
From Schneier on Security | March 5, 2021 at 04:15 PM

From Schneier on Security

Hacking Digitally Signed PDF Files

Interesting paper: “Shadow Attacks: Hiding and Replacing Content in Signed PDFs“: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee... Bruce Schneier
From Schneier on Security | March 5, 2021 at 04:13 PM

From Schneier on Security

No, RSA Is Not Broken

I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method... Bruce Schneier
From Schneier on Security | March 5, 2021 at 11:48 AM

From Schneier on Security

Four Microsoft Exchange Zero-Days Exploited by China

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. Bruce Schneier
From Schneier on Security | March 4, 2021 at 02:03 PM

From Schneier on Security

Encoded Message in the Perseverance Mars Lander’s Parachute

NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander ‘s parachute. More information. Bruce Schneier
From Schneier on Security | February 26, 2021 at 02:35 PM

From Schneier on Security

Chinese Hackers Stole an NSA Windows Exploit in 2014

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated)... Bruce Schneier
From Schneier on Security | February 25, 2021 at 03:27 PM

From Schneier on Security

National Security Risks of Late-Stage Capitalism

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company... Bruce Schneier
From Schneier on Security | February 25, 2021 at 03:23 PM

From Schneier on Security

Friday Squid Blogging: Vampire Squid Fossil

A 30-million-year-old vampire squid fossil was found, lost, and then re-found in Hungary. As usual, you can also use this squid post to talk about the securityhere... Bruce Schneier
From Schneier on Security | February 25, 2021 at 03:12 PM

From Schneier on Security

Friday Squid Blogging: On SQUIDS

A good tutorial: But we can go beyond the polarization of electrons and really leverage the electron waviness. By interleaving thin layers of superconducting and... Bruce Schneier
From Schneier on Security | February 25, 2021 at 03:12 PM