acm-header
Sign In

Communications of the ACM

Blogroll


bg-corner

Vulnerability in the Kaspersky Password Manager
From Schneier on Security

Vulnerability in the Kaspersky Password Manager

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator...

Stealing Xbox Codes
From Schneier on Security

Stealing Xbox Codes

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards...

More Russian Hacking
From Schneier on Security

More Russian Hacking

Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealingwrote...

Insurance and Ransomware
From Schneier on Security

Insurance and Ransomware

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper...

Risks of Evidentiary Software
From Schneier on Security

Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example)...

Friday Squid Blogging: Giant Squid Model
From Schneier on Security

Friday Squid Blogging: Giant Squid Model

Pretty wooden model. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

Friday Squid Blogging: Best Squid-Related Headline
From Schneier on Security

Friday Squid Blogging: Best Squid-Related Headline

From the New York Times: “When an Eel Climbs a Ramp to Eat Squid From a Clamp, That’s a Moray.” The article is about the eel; the squid is just eel food. But still...

NFC Flaws in POS Devices and ATMs
From Schneier on Security

NFC Flaws in POS Devices and ATMs

It’s a series of vulnerabilities: Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities...

AI-Piloted Fighter Jets
From Schneier on Security

AI-Piloted Fighter Jets

News from Georgetown’s Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI...

Banning Surveillance-Based Advertising
From Schneier on Security

Banning Surveillance-Based Advertising

The Norwegian Consumer Council just published a fantastic new report: “Time to Ban Surveillance-Based Advertising.” From the Introduction: The challenges caused...

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer
From Schneier on Security

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiam’s interception products, dubbed...

Apple Will Offer Onion Routing for iCloud/Safari Users
From Schneier on Security

Apple Will Offer Onion Routing for iCloud/Safari Users

At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” That’s basically its private version of onion routing...

Friday Squid Blogging: Squid-Related Game
From Schneier on Security

Friday Squid Blogging: Squid-Related Game

It’s called “Squid Fishering.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting...

The Future of Machine Learning and Cybersecurity
From Schneier on Security

The Future of Machine Learning and Cybersecurity

The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers...

Peloton Vulnerability Found and Fixed
From Schneier on Security

Peloton Vulnerability Found and Fixed

Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires...

Intentional Flaw in GPRS Encryption Algorithm GEA-1
From Schneier on Security

Intentional Flaw in GPRS Encryption Algorithm GEA-1

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1...

Paul van Oorschot’s Computer Security and the Internet
From Schneier on Security

Paul van Oorschot’s Computer Security and the Internet

Paul van Oorschot’s webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. It’s worth reading.

VPNs and Trust
From Schneier on Security

VPNs and Trust

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country...

Andrew Appel on New Hampshire’s Election Audit
From Schneier on Security

Andrew Appel on New Hampshire’s Election Audit

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team...

TikTok Can Now Collect Biometric Data
From Schneier on Security

TikTok Can Now Collect Biometric Data

This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect...
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account