Blogroll | Communications of the ACM

From Schneier on Security

Another Story of Bad 1970s Encryption

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications... Bruce Schneier
From Schneier on Security | April 21, 2020 at 07:22 AM

From Schneier on Security

Vulnerability Finding Using Machine Learning

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get... Bruce Schneier
From Schneier on Security | April 20, 2020 at 07:22 AM

From Schneier on Security

Friday Squid Blogging: On the Efficacy of Squid as Bait

How to use squid as bait. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting... Bruce Schneier
From Schneier on Security | April 17, 2020 at 05:10 PM

From Schneier on Security

The DoD Isn't Fixing Its Security Problems

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them: GAO looked at three DoD-designed initiatives to see whether... Bruce Schneier
From Schneier on Security | April 17, 2020 at 11:35 AM

From Schneier on Security

California Needlessly Reduces Privacy During COVID-19 Pandemic

This one isn't even related to contact tracing: On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to... Bruce Schneier
From Schneier on Security | April 16, 2020 at 11:34 AM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm being interviewed on "Hacking in the Public Interest" as part of the Black Hat Webcast Series... Bruce Schneier
From Schneier on Security | April 14, 2020 at 02:28 PM

From Schneier on Security

Ransomware Now Leaking Stolen Documents

Originally, ransomware didn't involve any data theft. Malware would encrypt the data on your computer, and demand a ransom for the encryption key. Now ransomware... Bruce Schneier
From Schneier on Security | April 14, 2020 at 08:48 AM

From Schneier on Security

Contact Tracing COVID-19 Infections via Smartphone Apps

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It's similar... Bruce Schneier
From Schneier on Security | April 13, 2020 at 07:48 AM

From Schneier on Security

Friday Squid Blogging: Amazingly Realistic Squid Drawings

The squid drawings of Yuuki Tokuda are simply incredible. I tried to figure out how to buy one of them, but everything is in Japanese. As usual, you can also use... Bruce Schneier
From Schneier on Security | April 10, 2020 at 05:04 PM

From Schneier on Security

Kubernetes Security

Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container... Bruce Schneier
From Schneier on Security | April 10, 2020 at 07:24 AM

From Schneier on Security

Microsoft Buys Corp.com

A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as "namespace collision... Bruce Schneier
From Schneier on Security | April 9, 2020 at 07:45 AM

From Schneier on Security

RSA-250 Factored

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation... Bruce Schneier
From Schneier on Security | April 8, 2020 at 07:37 AM

From Schneier on Security

Cybersecurity During COVID-19

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are... Bruce Schneier
From Schneier on Security | April 7, 2020 at 11:00 AM

From Schneier on Security

Emotat Malware Causes Physical Damage

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and... Bruce Schneier
From Schneier on Security | April 6, 2020 at 12:26 PM

From Schneier on Security

Friday Squid Blogging: On Squid Communication

They can communicate using bioluminescent flashes: New research published this week in Proceedings of the National Academy of Sciences presents evidence for a previously... Bruce Schneier
From Schneier on Security | April 3, 2020 at 05:30 PM

From Schneier on Security

Security and Privacy Implications of Zoom

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My own university, Harvard... Bruce Schneier
From Schneier on Security | April 3, 2020 at 11:10 AM

From Schneier on Security

Bug Bounty Programs Are Being Used to Buy Silence

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty... Bruce Schneier
From Schneier on Security | April 3, 2020 at 07:21 AM

From Schneier on Security

Marriott Was Hacked -- Again

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved,... Bruce Schneier
From Schneier on Security | April 2, 2020 at 12:33 PM

From Schneier on Security

Dark Web Hosting Provider Hacked

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up.... Bruce Schneier
From Schneier on Security | April 1, 2020 at 07:53 AM

From Schneier on Security

Clarifying the Computer Fraud and Abuse Act

A federal court has ruled that violating a website's tems of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate... Bruce Schneier
From Schneier on Security | March 31, 2020 at 08:51 AM