acm-header
Sign In

Communications of the ACM

Blogroll


Refine your search:
dateMore Than a Year Ago
authorSchneier
bg-corner

Race Condition Exploit in Starbucks Gift Cards
From Schneier on Security

Race Condition Exploit in Starbucks Gift Cards

A researcher was able to steal money from Starbucks by exploiting a race condition in their gift-card value-transfer protocol. Basically, by initiating two identical...

Stink Bombs for Riot Control
From Schneier on Security

Stink Bombs for Riot Control

They're coming to the US: It's called Skunk, a type of "malodorant," or in plainer language, a foul-smelling liquid. Technically nontoxic but incredibly disgusting...

Story of the ZooKeeper Poison-Packet Bug
From Schneier on Security

Story of the ZooKeeper Poison-Packet Bug

Interesting story of a complex and deeply hidden bug -- with AES as a part of it....

Friday Squid Blogging: Giant Squid Washes Up in New Zealand
From Schneier on Security

Friday Squid Blogging: Giant Squid Washes Up in New Zealand

The latest one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

USPS Tracking Queries to Its Package Tracking Website
From Schneier on Security

USPS Tracking Queries to Its Package Tracking Website

A man was arrested for drug dealing based on the IP address he used while querying the USPS package tracking website....

Why the Current Section 215 Reform Debate Doesn't  Matter Much
From Schneier on Security

Why the Current Section 215 Reform Debate Doesn't Matter Much

The ACLU's Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk...

New Pew Research Report on Americans' Attitudes on Privacy, Security, and Surveillance
From Schneier on Security

New Pew Research Report on Americans' Attitudes on Privacy, Security, and Surveillance

This is interesting: The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense...

The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange
From Schneier on Security

The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange

Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically: The Logjam attack allows a man-in-the-middle attacker to downgrade...

Research on Patch Deployment
From Schneier on Security

Research on Patch Deployment

New research indicates that it's very hard to completely patch systems against vulnerabilities: It turns out that it may not be that easy to patch vulnerabilities...

Spy Dust
From Schneier on Security

Spy Dust

Used by the Soviet Union during the Cold War: A defecting agent revealed that powder containing both luminol and a substance called nitrophenyl pentadien (NPPD)...

More on Chris Roberts and Avionics Security
From Schneier on Security

More on Chris Roberts and Avionics Security

Last month ago I blogged aboutsecurity researcher Chris Roberts being detained by the FBI after tweeting about avionics security while on a United flight: But to...

United Airlines Offers Frequent Flier Miles for Finding Security Vulnerabilities
From Schneier on Security

United Airlines Offers Frequent Flier Miles for Finding Security Vulnerabilities

Vulnerabilities on the website only, not in airport security or in the avionics....

Friday Squid Blogging: NASA's Squid Rover
From Schneier on Security

Friday Squid Blogging: NASA's Squid Rover

NASA is funding a study for a squid rover that could explore Europa's oceans. As usual, you can also use this squid post to talk about the security stories in the...

Microbe Biometric
From Schneier on Security

Microbe Biometric

Interesting: Franzosa and colleagues used publicly available microbiome data produced through the Human Microbiome Project (HMP), which surveyed microbes in the...

Eighth Movie-Plot Threat Contest Semifinalists
From Schneier on Security

Eighth Movie-Plot Threat Contest Semifinalists

On April 1, I announced the Eighth Movie Plot Threat Contest: demonstrate the evils of encryption. Not a whole lot of good submissions this year. Possibly this...

In Which I Collide with Admiral Rogers
From Schneier on Security

In Which I Collide with Admiral Rogers

Universe does not explode. Photo here....

Admiral Rogers Speaking at the Joint Service Academy Cyber Security Summit
From Schneier on Security

Admiral Rogers Speaking at the Joint Service Academy Cyber Security Summit

Admiral Mike Rogers gave the keynote address at the Joint Service Academy Cyber Security Summit today at West Point. He started by explaining the four tenets of...

License Plate Scanners Hidden in Fake Cactus
From Schneier on Security

License Plate Scanners Hidden in Fake Cactus

The city of Paradise Valley, AZ, is hiding license plate scanners in fake cactus plants....

German Cryptanalysis of the M-209
From Schneier on Security

German Cryptanalysis of the M-209

This 1947 document describes a German machine to cryptanalyze the American M-209 mechanical encryption machine. I can't figure out anything about how it works.....

Amateurs Produce Amateur Cryptography
From Schneier on Security

Amateurs Produce Amateur Cryptography

Anyone can design a cipher that he himself cannot break. This is why you should uniformly distrust amateur cryptography, and why you should only use published algorithms...
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account