Blogroll | Communications of the ACM

From Schneier on Security

A Cybersecurity Policy Agenda

The Aspen Institute’s Aspen Cybersecurity Group — I’m a member — has released its cybersecurity policy agenda for the next four years. The next administration and... Bruce Schneier
From Schneier on Security | December 10, 2020 at 11:17 PM

From Schneier on Security

Finnish Data Theft and Extortion

The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they... Bruce Schneier
From Schneier on Security | December 10, 2020 at 02:48 PM

From Schneier on Security

FireEye Hacked

FireEye was hacked by — they believe — “a nation with top-tier offensive capabilities”: During our investigation to date, we have found that the attacker targeted... Bruce Schneier
From Schneier on Security | December 8, 2020 at 06:45 PM

From Schneier on Security

Oblivious DNS-over-HTTPS

This new protocol, called Oblivious DNS-over-HTTPS (ODoH), hides the websites you visit from your ISP. Here’s how it works: ODoH wraps a layer of encryption around... Bruce Schneier
From Schneier on Security | December 8, 2020 at 04:02 PM

From Schneier on Security

The 2020 Workshop on Economics and Information Security (WEIS)

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free. Bruce Schneier
From Schneier on Security | December 4, 2020 at 01:18 PM

From Schneier on Security

Hiding Malware in Social Media Buttons

Clever tactic: This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital... Bruce Schneier
From Schneier on Security | December 4, 2020 at 10:34 AM

From Schneier on Security

Enigma Machine Recovered from the Baltic Sea

Neat story: German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during... Bruce Schneier
From Schneier on Security | December 4, 2020 at 10:18 AM

From Schneier on Security

Open Source Does Not Equal Secure

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws... Bruce Schneier
From Schneier on Security | December 3, 2020 at 12:21 PM

From Schneier on Security

Impressive iPhone Exploit

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bugbuffer... Bruce Schneier
From Schneier on Security | December 2, 2020 at 02:55 PM

From Schneier on Security

Manipulating Systems Using Remote Lasers

Many systems are vulnerable: Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the... Bruce Schneier
From Schneier on Security | November 30, 2020 at 12:23 PM

From Schneier on Security

Check Washing

I can’t believe that check washing is still a thing: “Check washing” is a practice where thieves break into mailboxes (or otherwise steal mail), find envelopes... Bruce Schneier
From Schneier on Security | November 30, 2020 at 10:22 AM

From Schneier on Security

Undermining Democracy

Last Thursday, Rudy Giuliani, a Trump campaign lawyer, alleged a widespread voting conspiracy involving Venezuela, Cuba, and China. Another lawyer, Sidney Powell... Bruce Schneier
From Schneier on Security | November 25, 2020 at 10:54 AM

From Schneier on Security

Cyber Public Health

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates... Bruce Schneier
From Schneier on Security | November 24, 2020 at 02:57 PM

From Schneier on Security

On That Dusseldorf Hospital Ransomware Attack and the Resultant Death

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital... Bruce Schneier
From Schneier on Security | November 23, 2020 at 11:04 AM

From Schneier on Security

More on the Security of the 2020 US Election

Last week I signed on to two joint letters about the security of the 2020 election. The first was as one of 59 election security experts, basically saying that... Bruce Schneier
From Schneier on Security | November 22, 2020 at 02:20 PM

From Schneier on Security

Indistinguishability Obfuscation

Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it... Bruce Schneier
From Schneier on Security | November 20, 2020 at 11:54 AM

From Schneier on Security

Symantec Reports on Cicada APT Attacks against Japan

Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been... Bruce Schneier
From Schneier on Security | November 19, 2020 at 11:05 AM

From Schneier on Security

The US Military Buys Commercial Location Data

Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around... Bruce Schneier
From Schneier on Security | November 19, 2020 at 10:37 AM

From Schneier on Security

Michael Ellis as NSA General Counsel

Over at Lawfare, Susan Hennessey has an excellent primer on how Trump loyalist Michael Ellis got to be the NSA General Counsel, over the objections of NSA Director... Bruce Schneier
From Schneier on Security | November 17, 2020 at 10:24 PM

From Schneier on Security

On Blockchain Voting

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze: Why is blockchain voting a dumb idea? Glad you... Bruce Schneier
From Schneier on Security | November 16, 2020 at 10:55 AM