Blogroll | Communications of the ACM

From Schneier on Security

Brute-Forcing a Fingerprint Reader

It’s neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint... Bruce Schneier
From Schneier on Security | May 30, 2023 at 07:16 AM

From Schneier on Security

Friday Squid Blogging: Online Cephalopod Course

Atlas Obscura has a five-part online course on cephalopods, taught by squid biologist Dr. Sarah McAnulty. As usual, you can also use this squid post to talk about... Bruce Schneier
From Schneier on Security | May 26, 2023 at 05:05 PM

From Schneier on Security

Expeditionary Cyberspace Operations

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve... Bruce Schneier
From Schneier on Security | May 26, 2023 at 07:12 AM

From Schneier on Security

On the Poisoning of LLMs

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black... Bruce Schneier
From Schneier on Security | May 25, 2023 at 07:05 AM

From Schneier on Security

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws

It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up... Bruce Schneier
From Schneier on Security | May 24, 2023 at 07:23 AM

From Schneier on Security

Credible Handwriting Machine

In case you don’t have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve... Bruce Schneier
From Schneier on Security | May 23, 2023 at 07:15 AM

From Schneier on Security

Google Is Not Deleting Old YouTube Videos

Google has backtracked on its plan to delete inactive YouTube videos—at least for now. Of course, it could change its mind anytime it wants. It would be nice if... Bruce Schneier
From Schneier on Security | May 22, 2023 at 07:15 AM

From Schneier on Security

Friday Squid Blogging: Peruvian Squid-Fishing Regulation Drives Chinese Fleets Away

A Peruvian oversight law has the opposite effect: Peru in 2020 began requiring any foreign fishing boat entering its ports to use a vessel monitoring system allowing... Bruce Schneier
From Schneier on Security | May 19, 2023 at 05:06 PM

From Schneier on Security

Security Risks of New .zip and .mov Domains

Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability. Bruce Schneier
From Schneier on Security | May 19, 2023 at 07:11 AM

From Schneier on Security

Microsoft Secure Boot Bug

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections... Bruce Schneier
From Schneier on Security | May 17, 2023 at 07:01 AM

From Schneier on Security

Micro-Star International Signing Key Stolen

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect... Bruce Schneier
From Schneier on Security | May 15, 2023 at 07:18 AM

From Schneier on Security

Friday Squid Blogging: Giant Squid Video

A video—authentic, not a deep fake—of a giant squid close to the surface. As usual, you can also use this squid post to talk about the security stories in the news... Bruce Schneier
From Schneier on Security | May 12, 2023 at 05:04 PM

From Schneier on Security

Ted Chiang on the Risks of AI

Ted Chiang has an excellent essay in the New Yorker: “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and... Bruce Schneier
From Schneier on Security | May 12, 2023 at 10:00 AM

From Schneier on Security

Building Trustworthy AI

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives... Bruce Schneier
From Schneier on Security | May 11, 2023 at 07:17 AM

From Schneier on Security

FBI Disables Russian Malware

Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers... Bruce Schneier
From Schneier on Security | May 10, 2023 at 11:25 AM

From Schneier on Security

PIPEDREAM Malware against Industrial Control Systems

Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping... Bruce Schneier
From Schneier on Security | May 9, 2023 at 11:20 AM

From Schneier on Security

AI Hacking Village at DEF CON This Year

At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will... Bruce Schneier
From Schneier on Security | May 8, 2023 at 11:29 AM

From Schneier on Security

Friday Squid Blogging: “Mediterranean Beef Squid” Hoax

The viral video of the “Mediterranean beef squid”is a hoax. It’s not even a deep fake; it’s a plastic toy. As usual, you can also use this squid post to talk about... Bruce Schneier
From Schneier on Security | May 5, 2023 at 05:12 PM

From Schneier on Security

Large Language Models and Elections

Earlier this week, the Republican National Committee released a video that it claims was “built entirely with AI imagery.” The content of the ad isn’t especially... Bruce Schneier
From Schneier on Security | May 4, 2023 at 06:45 AM

From Schneier on Security

SolarWinds Detected Six Months Earlier

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandient detected it in December 2020, but didn... Bruce Schneier
From Schneier on Security | May 3, 2023 at 06:13 AM