Blogroll | Communications of the ACM

From Schneier on Security

Security vs. Business Flexibility

This article demonstrates that security is less important than functionality. When asked about their preference if they needed to choose between IT security and... Bruce Schneier
From Schneier on Security | December 2, 2015 at 07:14 AM

From Schneier on Security

Tracking Someone Using LifeLock

Someone opened a LifeLock account in his ex-wife's name, and used the service to track her bank accounts, credit cards, and other financial activities. The article... Bruce Schneier
From Schneier on Security | December 1, 2015 at 06:41 AM

From Schneier on Security

A History of Privacy

This New Yorker article traces the history of privacy from the mid 1800s to today: As a matter of historical analysis, the relationship between secrecy and privacy... Bruce Schneier
From Schneier on Security | November 30, 2015 at 01:47 PM

From Schneier on Security

Cryptanalysis of Algebraic Eraser

Algebraic Eraser is a public-key key-agreement protocol that's patented and being pushed by a company for the Internet of Things, primarily because it is efficient... Bruce Schneier
From Schneier on Security | November 30, 2015 at 07:05 AM

From Schneier on Security

Friday Squid Blogging: Squid Necklace

She's calling it an octopus, but it's a squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... Bruce Schneier
From Schneier on Security | November 27, 2015 at 05:19 PM

From Schneier on Security

Data and Goliath in German

The German edition of Data and Goliath has been published.... Bruce Schneier
From Schneier on Security | November 27, 2015 at 03:21 PM

From Schneier on Security

Defending against Actual IT Threats

Roger Grimes has written an interesting paper: "Implementing a Data-Driven Computer Security Defense." His thesis is that most organizations don't match their defenses... Bruce Schneier
From Schneier on Security | November 27, 2015 at 07:45 AM

From Schneier on Security

NSA Lectures on Communications Security from 1973

Newly declassified: "A History of U.S. Communications Security (Volumes I and II)," the David G. Boak Lectures, National Security Agency (NSA), 1973. (The document... Bruce Schneier
From Schneier on Security | November 25, 2015 at 08:06 AM

From Schneier on Security

NSA Collected Americans' E-mails Even After it Stopped Collecting Americans' E-mails

In 2011, the Bush administration authorized -- almost certainly illegally -- the NSA to conduct bulk electronic surveillance on Americans: phone calls, e-mails,... Bruce Schneier
From Schneier on Security | November 24, 2015 at 02:37 PM

From Schneier on Security

Policy Repercussions of the Paris Terrorist Attacks

In 2013, in the early days of the Snowden leaks, Harvard Law School professor and former Assistant Attorney General Jack Goldsmith reflected on the increase in... Bruce Schneier
From Schneier on Security | November 24, 2015 at 07:32 AM

From Schneier on Security

Voter Surveillance

There hasn't been that much written about surveillance and big data being used to manipulate voters. In Data and Goliath, I wrote: Unique harms can arise from the... Bruce Schneier
From Schneier on Security | November 23, 2015 at 01:52 PM

From Schneier on Security

Friday Squid Blogging: Squid Spawning in South Australian Waters

Divers are counting them: Squid gather and mate with as many partners as possible, then die, in an annual ritual off Rapid Head on the Fleurieu Peninsula, south... Bruce Schneier
From Schneier on Security | November 20, 2015 at 05:30 PM

From Schneier on Security

Reputation in the Information Age

Reputation is a social mechanism by which we come to trust one another, in all aspects of our society. I see it as a security mechanism. The promise and threat... Bruce Schneier
From Schneier on Security | November 20, 2015 at 08:04 AM

From Schneier on Security

RFID-Shielded, Ultra-Strong Duffel Bags

They're for carrying cash through dangerous territory: SDR Traveller caters to people who, for one reason or another, need to haul huge amounts of cash money through... Bruce Schneier
From Schneier on Security | November 19, 2015 at 07:16 AM

From Schneier on Security

Paris Terrorists Use Double ROT-13 Encryption

That is, no encryption at all. The Intercept has the story: "Yet news emerging from Paris -- as well as evidence from a Belgian ISIS raid in January -- suggests... Bruce Schneier
From Schneier on Security | November 18, 2015 at 04:35 PM

From Schneier on Security

Ads Surreptitiously Using Sound to Communicate Across Devices

This is creepy and disturbing: Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track... Bruce Schneier
From Schneier on Security | November 18, 2015 at 07:59 AM

From Schneier on Security

On CISA

I have avoided writing about the Cybersecurity Information Sharing Act (CISA), largely because the details kept changing. (For those not following closely, similar... Bruce Schneier
From Schneier on Security | November 17, 2015 at 01:03 PM

From Schneier on Security

Refuse to Be Terrorized

Paul Krugman has written a really good update of my 2006 esssay. Krugman: So what can we say about how to respond to terrorism? Before the atrocities in Paris,... Bruce Schneier
From Schneier on Security | November 17, 2015 at 07:36 AM

From Schneier on Security

Paris Attacks Blamed on Strong Cryptography and Edward Snowden

Well, that didn't take long: As Paris reels from terrorist attacks that have claimed at least 128 lives, fierce blame for the carnage is being directed toward American... Bruce Schneier
From Schneier on Security | November 16, 2015 at 03:39 PM

From Schneier on Security

Did Carnegie Mellon Attack Tor for the FBI?

There's pretty strong evidence that the team of researchers from Carnegie Mellon University who canceled their scheduled 2015 Black Hat talk deanonymized Tor users... Bruce Schneier
From Schneier on Security | November 16, 2015 at 07:19 AM