Blogroll | Communications of the ACM

From Schneier on Security

Code Written with AI Assistants Is Less Secure

Interesting research: “Do Users Write More Insecure Code with AI Assistants?“: Abstract: We conduct the first large-scale user study examining how users interact... Bruce Schneier
From Schneier on Security | January 17, 2024 at 07:14 AM

From Schneier on Security

The Story of the Mirai Botnet

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet. Bruce Schneier
From Schneier on Security | January 16, 2024 at 07:21 AM

From Schneier on Security

Voice Cloning with Very Short Samples

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper. Bruce Schneier
From Schneier on Security | January 15, 2024 at 07:09 AM

From Schneier on Security

Friday Squid Blogging: Giant Squid from Newfoundland in the 1800s

Interesting article, with photographs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my... Bruce Schneier
From Schneier on Security | January 12, 2024 at 05:06 PM

From Schneier on Security

On IoT Devices and Software Liability

New law journal article: Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks... Bruce Schneier
From Schneier on Security | January 12, 2024 at 07:03 AM

From Schneier on Security

Pharmacies Giving Patient Records to Police without Warrants

Add pharmacies to the list of industries that are giving private data to the police without a warrant. Bruce Schneier
From Schneier on Security | January 11, 2024 at 07:09 AM

From Schneier on Security

Facial Scanning by Burger King in Brazil

In 2000, I wrote: “If McDonald’s offered three free Big Macs for a DNA sample, there would be lines around the block.” Burger King in Brazil is almost there, offering... Bruce Schneier
From Schneier on Security | January 10, 2024 at 07:05 AM

From Schneier on Security

PIN-Stealing Android Malware

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN: The second notable new... Bruce Schneier
From Schneier on Security | January 9, 2024 at 07:03 AM

From Schneier on Security

Second Interdisciplinary Workshop on Reimagining Democracy

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy (IWORD 2023) at the Harvard Kennedy School Ash Center. As with IWORD 2022,... Bruce Schneier
From Schneier on Security | January 8, 2024 at 07:03 AM

From Schneier on Security

Friday Squid Blogging—18th Anniversary Post: New Species of Pygmy Squid Discovered

They’re Ryukyuan pygmy squid (Idiosepius kijimuna) and Hannan’s pygmy squid (Kodama jujutsu). The second one represents an entire new genus. As usual, you can also... Bruce Schneier
From Schneier on Security | January 5, 2024 at 05:05 PM

From Schneier on Security

New iPhone Exploit Uses Four Zero-Days

Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow... Bruce Schneier
From Schneier on Security | January 4, 2024 at 07:11 AM

From Schneier on Security

Facial Recognition Systems in the US

A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. (This, of course, canI... Bruce Schneier
From Schneier on Security | January 3, 2024 at 07:07 AM

From Schneier on Security

TikTok Editorial Analysis

TikTok seems to be skewing things in the interests of the Chinese Communist Party. (This is a serious analysis, and the methodology looks sound.) Conclusion: Substantial... Bruce Schneier
From Schneier on Security | January 2, 2024 at 07:04 AM

From Schneier on Security

AI Is Scarily Good at Guessing the Location of Random Photos

Wow: To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos... Bruce Schneier
From Schneier on Security | December 29, 2023 at 07:03 AM

From Schneier on Security

Friday Squid Blogging: Sqids

They’re short unique strings: Sqids (pronounced “squids”) is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short... Bruce Schneier
From Schneier on Security | December 29, 2023 at 05:08 AM

From Schneier on Security

New iPhone Security Features to Protect Stolen Devices

Apple is rolling out a new “Stolen Device Protection” feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication... Bruce Schneier
From Schneier on Security | December 27, 2023 at 07:01 AM

From Schneier on Security

Google Stops Collecting Location Data from Maps

Google Maps now stores location data locally on your device, meaning that Google no longer has that data to turn over to the police. Bruce Schneier
From Schneier on Security | December 26, 2023 at 07:03 AM

From Schneier on Security

Friday Squid Blogging: Squid Parts into Fertilizer

It’s squid parts from college dissections, so it’s not a volume operation. As usual, you can also use this squid post to talk about the security stories in thehere... Bruce Schneier
From Schneier on Security | December 22, 2023 at 05:08 PM

From Schneier on Security

Data Exfiltration Using Indirect Prompt Injection

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information... Bruce Schneier
From Schneier on Security | December 22, 2023 at 07:05 AM

From Schneier on Security

GCHQ Christmas Codebreaking Challenge

Looks like fun. Details here. Bruce Schneier
From Schneier on Security | December 20, 2023 at 07:05 AM