Blogroll | Communications of the ACM

From Schneier on Security

Security Risks of Relying on a Single Smartphone

Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM... Bruce Schneier
From Schneier on Security | September 6, 2021 at 05:03 PM

From Schneier on Security

Lightning Cable with Embedded Eavesdropping

Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network. I blogged about a previous prototype here Bruce Schneier
From Schneier on Security | September 3, 2021 at 02:16 PM

From Schneier on Security

Tracking People by their MAC Addresses

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that... Bruce Schneier
From Schneier on Security | September 3, 2021 at 02:13 PM

From Schneier on Security

History of the HX-63 Rotor Machine

Jon D. Paul has written the fascinating story of the HX-63, a super-complicated electromechanical rotor cipher machine made by Crypto AG. Bruce Schneier
From Schneier on Security | September 3, 2021 at 11:19 AM

From Schneier on Security

Zero-Click iPhone Exploits

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. Thesehere... Bruce Schneier
From Schneier on Security | August 31, 2021 at 04:17 PM

From Schneier on Security

Hacker-Themed Board Game

Black Hat is a hacker-themed board game. Bruce Schneier
From Schneier on Security | August 31, 2021 at 01:24 PM

From Schneier on Security

More Military Cryptanalytics, Part III

Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahos’s Military Cryptanalytics, Part III. We just got most of the index... Bruce Schneier
From Schneier on Security | August 30, 2021 at 04:40 PM

From Schneier on Security

Excellent Write-up of the SolarWinds Security Breach

Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary. Bruce Schneier
From Schneier on Security | August 27, 2021 at 11:33 AM

From Schneier on Security

Details of the Recent T-Mobile Breach

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked. Bruce Schneier
From Schneier on Security | August 27, 2021 at 09:37 AM

From Schneier on Security

Friday Squid Blogging: Squid Communication

Interesting article on squid communication. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read... Bruce Schneier
From Schneier on Security | August 26, 2021 at 01:57 PM

From Schneier on Security

Friday Squid Blogging: Tentacle Doorknob

It’s pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here... Bruce Schneier
From Schneier on Security | August 26, 2021 at 01:55 PM

From Schneier on Security

Interesting Privilege Escalation Vulnerability

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically... Bruce Schneier
From Schneier on Security | August 25, 2021 at 11:52 PM

From Schneier on Security

Surveillance of the Internet Backbone

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be... Bruce Schneier
From Schneier on Security | August 25, 2021 at 11:13 AM

From Schneier on Security

Friday Squid Blogging: On Squid Brains

Interesting National Geographic article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Readhere... Bruce Schneier
From Schneier on Security | August 20, 2021 at 02:19 PM

From Schneier on Security

More on Apple’s iPhone Backdoor

In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM... Bruce Schneier
From Schneier on Security | August 20, 2021 at 09:54 AM

From Schneier on Security

T-Mobile Data Breach

It’s a big one: As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers andalso... Bruce Schneier
From Schneier on Security | August 19, 2021 at 12:00 AM

From Schneier on Security

Apple’s NeuralHash Algorithm Has Been Reverse-Engineered

Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and... Bruce Schneier
From Schneier on Security | August 18, 2021 at 12:51 PM

From Schneier on Security

Tetris: Chinese Espionage Tool

I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents. Bruce Schneier
From Schneier on Security | August 17, 2021 at 04:55 PM

From Schneier on Security

Friday Squid Blogging: A Good Year for Squid?

Improved ocean conditions are leading to optimism about this year’s squid catch. As usual, you can also use this squid post to talk about the security stories in... Bruce Schneier
From Schneier on Security | August 13, 2021 at 05:28 PM

From Schneier on Security

Using AI to Scale Spear Phishing

The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to... Bruce Schneier
From Schneier on Security | August 12, 2021 at 04:18 PM