Blogroll | Communications of the ACM

From Schneier on Security

The Inability to Simultaneously Verify Sentience, Location, and Identity

Really interesting “systematization of knowledge” paper: “SoK: The Ghost Trilemma” Abstract: Trolls, bots, and sybils distort online discourse and compromise the... Bruce Schneier
From Schneier on Security | August 11, 2023 at 07:08 AM

From Schneier on Security

Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

Cryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this... Bruce Schneier
From Schneier on Security | August 10, 2023 at 07:12 AM

From Schneier on Security

Using Machine Learning to Detect Keystrokes

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards... Bruce Schneier
From Schneier on Security | August 9, 2023 at 07:08 AM

From Schneier on Security

Microsoft Signing Key Stolen by Chinese

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using... Bruce Schneier
From Schneier on Security | August 7, 2023 at 07:03 AM

From Schneier on Security

Friday Squid Blogging: 2023 Squid Oil Global Market Report

I had no idea that squid contain sufficient oil to be worth extracting. As usual, you can also use this squid post to talk about the security stories in the news... Bruce Schneier
From Schneier on Security | August 4, 2023 at 05:07 PM

From Schneier on Security

Political Milestones for AI

ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance. But... Bruce Schneier
From Schneier on Security | August 4, 2023 at 07:07 AM

From Schneier on Security

The Need for Trustworthy AI

If you ask Alexa, Amazon’s voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn’t know. It doesn’t take much to make it lambaste... Bruce Schneier
From Schneier on Security | August 3, 2023 at 07:17 AM

From Schneier on Security

New SEC Rules around Cybersecurity Incident Disclosures

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must... Bruce Schneier
From Schneier on Security | August 2, 2023 at 07:04 AM

From Schneier on Security

Hacking AI Resume Screening with Text in a White Font

The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font. The idea is that the programs rely primarily... Bruce Schneier
From Schneier on Security | August 1, 2023 at 07:11 AM

From Schneier on Security

Automatically Finding Prompt Injection Attacks

Researchers have just published a paper showing how to automate the discovery of prompt injection attacks. They look something like this: Write a tutorial on how... Bruce Schneier
From Schneier on Security | July 31, 2023 at 07:03 AM

From Schneier on Security

Friday Squid Blogging: Zaqistan Flag

The fictional nation of Zaqistan (in Utah) has a squid on its flag. As usual, you can also use this squid post to talk about the security stories in the news that... Bruce Schneier
From Schneier on Security | July 28, 2023 at 05:01 PM

From Schneier on Security

Indirect Instruction Injection in Multi-Modal LLMs

Interesting research: “(Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs“: Abstract: We demonstrate how images and sounds can be... Bruce Schneier
From Schneier on Security | July 28, 2023 at 07:06 AM

From Schneier on Security

Fooling an AI Article Writer

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it.worked... Bruce Schneier
From Schneier on Security | July 27, 2023 at 07:04 AM

From Schneier on Security

Backdoor in TETRA Police Radios

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European... Bruce Schneier
From Schneier on Security | July 26, 2023 at 07:05 AM

From Schneier on Security

New York Using AI to Detect Subway Fare Evasion

The details are scant—the article is based on a “heavily redacted” contract—but the New York subway authority is using an “AI system” to detect people who don’t... Bruce Schneier
From Schneier on Security | July 25, 2023 at 07:05 AM

From Schneier on Security

Google Reportedly Disconnecting Employees from the Internet

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select... Bruce Schneier
From Schneier on Security | July 24, 2023 at 07:09 AM

From Schneier on Security

Friday Squid Blogging: Chromatophores

Neat: Chromatophores are tiny color-changing cells in cephalopods. Watch them blink back and forth from purple to white on this squid’s skin in an Instagram video... Bruce Schneier
From Schneier on Security | July 21, 2023 at 05:10 PM

From Schneier on Security

AI and Microdirectives

Imagine a future in which AIs automatically interpret—and enforce—laws. All day and every day, you constantly receive highly personalized instructions for how to... Bruce Schneier
From Schneier on Security | July 21, 2023 at 07:16 AM

From Schneier on Security

Kevin Mitnick Died

Obituary. Bruce Schneier
From Schneier on Security | July 20, 2023 at 03:44 PM

From Schneier on Security

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” Lots of interesting... Bruce Schneier
From Schneier on Security | July 20, 2023 at 07:12 AM