Blogroll | Communications of the ACM

From Schneier on Security

Prompt Injection Attacks on Large Language Models

This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities... Bruce Schneier
From Schneier on Security | March 7, 2023 at 07:13 AM

From Schneier on Security

New National Cybersecurity Strategy

Last week the Biden Administration released a new National Cybersecurity Strategy (summary >here. There is lots of good commentary out there. It’s basically a smart... Bruce Schneier
From Schneier on Security | March 6, 2023 at 07:06 AM

From Schneier on Security

Nick Weaver on Regulating Cryptocurrency

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space—with all existing regulations. His conclusion: Regulators... Bruce Schneier
From Schneier on Security | March 3, 2023 at 10:58 AM

From Schneier on Security

Dumb Password Rules

Troy Hunt is collecting examples of dumb password rules. There are some pretty bad disasters out there. My worst experiences are with sites that have artificial... Bruce Schneier
From Schneier on Security | March 2, 2023 at 07:05 AM

From Schneier on Security

Fooling a Voice Authentication System with an AI-Generated Voice

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank. Bruce Schneier
From Schneier on Security | March 1, 2023 at 07:06 AM

From Schneier on Security

Side-Channel Attack against CRYSTALS-Kyber

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have... Bruce Schneier
From Schneier on Security | February 28, 2023 at 07:19 AM

From Schneier on Security

Banning TikTok

Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side... Bruce Schneier
From Schneier on Security | February 27, 2023 at 07:06 AM

From Schneier on Security

Friday Squid Blogging: Squid Processing Facility

This video of a modern large squid processing ship is a bit gory, but also interesting. As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
From Schneier on Security | February 24, 2023 at 05:02 PM

From Schneier on Security

Putting Undetectable Backdoors in Machine Learning Models

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models... Bruce Schneier
From Schneier on Security | February 24, 2023 at 07:34 AM

From Schneier on Security

Cyberwar Lessons from the War in Ukraine

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “The Cyber Defense... Bruce Schneier
From Schneier on Security | February 23, 2023 at 07:27 AM

From Schneier on Security

A Device to Turn Traffic Lights Green

Here’s a story about a hacker who reprogrammed a device called “Flipper Zero” to mimic Opticom transmitters—to turn traffic lights in his path green. As mentioned... Bruce Schneier
From Schneier on Security | February 22, 2023 at 07:30 AM

From Schneier on Security

The Insecurity of Photo Cropping

The Intercept has a long article on the insecurity of photo cropping: One of the hazards lies in the fact that, for some of the programs, downstream crop reversals... Bruce Schneier
From Schneier on Security | February 21, 2023 at 07:14 AM

From Schneier on Security

Fines as a Security System

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan... Bruce Schneier
From Schneier on Security | February 20, 2023 at 07:09 AM

From Schneier on Security

Friday Squid Blogging: Thermal Batteries from Squid Proteins

Researchers are making thermal batteries from “a synthetic material that’s derived from squid ring teeth protein.” As usual, you can also use this squid post to... Bruce Schneier
From Schneier on Security | February 17, 2023 at 05:03 PM

From Schneier on Security

Defending against AI Lobbyists

When is it time to start worrying about artificial intelligence interfering in our democracy? Maybe when an AI writes a letter to The New York Times opposing the... Bruce Schneier
From Schneier on Security | February 17, 2023 at 07:33 AM

From Schneier on Security

ChatGPT Is Ingesting Corporate Secrets

Interesting: According to internal Slack messages that were leaked to Insider, an Amazon lawyer told workers that they had “already seen instances” of text generated... Bruce Schneier
From Schneier on Security | February 16, 2023 at 07:06 AM

From Schneier on Security

Camera the Size of a Grain of Salt

Cameras are getting smaller and smaller, changing the scale and scope of surveillance. Bruce Schneier
From Schneier on Security | February 15, 2023 at 07:13 AM

From Schneier on Security

What Will It Take?

What will it take for policy makers to take cybersecurity seriously? Not minimal-change seriously. Not here-and-there seriously. But really seriously. What will... Bruce Schneier
From Schneier on Security | February 14, 2023 at 07:06 AM

From Schneier on Security

On Pig Butchering Scams

“Pig butchering” is the colorful name given to online cons that trick the victim into giving money to the scammer, thinking it is an investment opportunity. It’s... Bruce Schneier
From Schneier on Security | February 13, 2023 at 02:54 PM

From Schneier on Security

Friday Squid Blogging: Squid Is a Blockchain Thingy

I had no idea—until I read this incredibly jargon-filled article: Squid is a cross-chain liquidity and messaging router that swaps across multiple chains and their... Bruce Schneier
From Schneier on Security | February 10, 2023 at 05:11 PM