Blogroll | Communications of the ACM

From Schneier on Security

Smuggling Gold by Disguising it as Machine Parts

Someone got caught trying to smuggle 322 pounds of gold (that’s about 1/4 of a cubic foot) out of Hong Kong. It was disguised as machine parts: On March 27, customs... B. Schneier
From Schneier on Security | April 12, 2024 at 07:01 AM

From Schneier on Security

Backdoor in XZ Utils That Almost Happened

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t... Bruce Schneier
From Schneier on Security | April 11, 2024 at 07:01 AM

From Schneier on Security

In Memoriam: Ross Anderson, 1956-2024

Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version. Bruce Schneier
From Schneier on Security | April 10, 2024 at 07:08 AM

From Schneier on Security

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack that From the executive summary: The... Bruce Schneier
From Schneier on Security | April 9, 2024 at 09:56 AM

From Schneier on Security

Security Vulnerability of HTML Emails

This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer... Bruce Schneier
From Schneier on Security | April 8, 2024 at 07:03 AM

From Schneier on Security

Friday Squid Blogging: SqUID Bots

They’re AI warehouse robots. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting... Bruce Schneier
From Schneier on Security | April 5, 2024 at 05:02 PM

From Schneier on Security

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh... Bruce Schneier
From Schneier on Security | April 5, 2024 at 07:00 AM

From Schneier on Security

Surveillance by the New Microsoft Outlook App

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a... Bruce Schneier
From Schneier on Security | April 4, 2024 at 07:07 AM

From Schneier on Security

xz Utils Backdoor

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally... Bruce Schneier
From Schneier on Security | April 2, 2024 at 02:50 PM

From Schneier on Security

Declassified NSA Newsletters

Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003. There are... Bruce Schneier
From Schneier on Security | April 2, 2024 at 01:05 PM

From Schneier on Security

Magic Security Dust

Adam Shostack is selling magic security dust. It’s about time someone is commercializing this essential technology. Bruce Schneier
From Schneier on Security | April 1, 2024 at 10:19 AM

From Schneier on Security

Ross Anderson

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008... Bruce Schneier
From Schneier on Security | March 31, 2024 at 08:21 PM

From Schneier on Security

Friday Squid Blogging: The Geopolitics of Eating Squid

New York Times op-ed on the Chinese dominance of the squid industry: China’s domination in seafood has raised deep concerns among American fishermen, policymakers... Bruce Schneier
From Schneier on Security | March 29, 2024 at 05:02 PM

From Schneier on Security

Lessons from a Ransomware Attack against the British Library

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but. Bruce Schneier
From Schneier on Security | March 29, 2024 at 07:03 AM

From Schneier on Security

On Secure Voting Systems

Andrew Appel shepherded a public comment—signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote... Bruce Schneier
From Schneier on Security | March 26, 2024 at 07:08 AM

From Schneier on Security

AI and Trust

Watch the Video on YouTube.com A 15-minute talk by Bruce Schneier. B. Schneier
From Schneier on Security | March 26, 2024 at 05:01 AM

From Schneier on Security

Licensing AI Engineers

The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing... Bruce Schneier
From Schneier on Security | March 25, 2024 at 07:04 AM

From Schneier on Security

Friday Squid Blogging: New Species of Squid Discovered

A new species of squid was discovered, along with about a hundred other species. As usual, you can also use this squid post to talk about the security stories in... Bruce Schneier
From Schneier on Security | March 22, 2024 at 05:03 PM

From Schneier on Security

Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the... Bruce Schneier
From Schneier on Security | March 22, 2024 at 07:01 AM

From Schneier on Security

Public AI as an Alternative to Corporate AI

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. It’s nothing I haven’t said here before, but for anyone who hasn... Bruce Schneier
From Schneier on Security | March 21, 2024 at 07:03 AM