acm-header
Sign In

Communications of the ACM

Blogroll


Refine your search:
dateMore Than a Year Ago
authorBruce Schneier
bg-corner

Vulnerability Finding Using Machine Learning
From Schneier on Security

Vulnerability Finding Using Machine Learning

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get...

Friday Squid Blogging: On the Efficacy of Squid as Bait
From Schneier on Security

Friday Squid Blogging: On the Efficacy of Squid as Bait

How to use squid as bait. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting...

The DoD Isn't Fixing Its Security Problems
From Schneier on Security

The DoD Isn't Fixing Its Security Problems

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them: GAO looked at three DoD-designed initiatives to see whether...

California Needlessly Reduces Privacy During COVID-19 Pandemic
From Schneier on Security

California Needlessly Reduces Privacy During COVID-19 Pandemic

This one isn't even related to contact tracing: On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to...

Upcoming Speaking Engagements
From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm being interviewed on "Hacking in the Public Interest" as part of the Black Hat Webcast Series...

Ransomware Now Leaking Stolen Documents
From Schneier on Security

Ransomware Now Leaking Stolen Documents

Originally, ransomware didn't involve any data theft. Malware would encrypt the data on your computer, and demand a ransom for the encryption key. Now ransomware...

Contact Tracing COVID-19 Infections via Smartphone Apps
From Schneier on Security

Contact Tracing COVID-19 Infections via Smartphone Apps

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It's similar...

Friday Squid Blogging: Amazingly Realistic Squid Drawings
From Schneier on Security

Friday Squid Blogging: Amazingly Realistic Squid Drawings

The squid drawings of Yuuki Tokuda are simply incredible. I tried to figure out how to buy one of them, but everything is in Japanese. As usual, you can also use...

Kubernetes Security
From Schneier on Security

Kubernetes Security

Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container...

Microsoft Buys Corp.com
From Schneier on Security

Microsoft Buys Corp.com

A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as "namespace collision...

RSA-250 Factored
From Schneier on Security

RSA-250 Factored

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation...

Cybersecurity During COVID-19
From Schneier on Security

Cybersecurity During COVID-19

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are...

Emotat Malware Causes Physical Damage
From Schneier on Security

Emotat Malware Causes Physical Damage

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and...

Friday Squid Blogging: On Squid Communication
From Schneier on Security

Friday Squid Blogging: On Squid Communication

They can communicate using bioluminescent flashes: New research published this week in Proceedings of the National Academy of Sciences presents evidence for a previously...

Security and Privacy Implications of Zoom
From Schneier on Security

Security and Privacy Implications of Zoom

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My own university, Harvard...

Bug Bounty Programs Are Being Used to Buy Silence
From Schneier on Security

Bug Bounty Programs Are Being Used to Buy Silence

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty...

Marriott Was Hacked -- Again
From Schneier on Security

Marriott Was Hacked -- Again

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved,...

Dark Web Hosting Provider Hacked
From Schneier on Security

Dark Web Hosting Provider Hacked

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up....

Clarifying the Computer Fraud and Abuse Act
From Schneier on Security

Clarifying the Computer Fraud and Abuse Act

A federal court has ruled that violating a website's tems of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate...

Privacy vs. Surveillance in the Age of COVID-19
From Schneier on Security

Privacy vs. Surveillance in the Age of COVID-19

The trade-offs are changing: As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social...
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account