Blogroll | Communications of the ACM

From Schneier on Security

Arguing Against CALEA

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated... Bruce Schneier
From Schneier on Security | April 8, 2025 at 07:08 AM

From Schneier on Security

DIRNSA Fired

In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch ofnews... Bruce Schneier
From Schneier on Security | April 7, 2025 at 07:03 AM

From Schneier on Security

Friday Squid Blogging: Two-Man Giant Squid

The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
From Schneier on Security | April 4, 2025 at 05:03 PM

From Schneier on Security

Troy Hunt Gets Phished

In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished... Bruce Schneier
From Schneier on Security | April 4, 2025 at 07:02 AM

From Schneier on Security

Web 3.0 Requires Data Integrity

If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known... Bruce Schneier
From Schneier on Security | April 3, 2025 at 07:05 AM

From Schneier on Security

Rational Astrologies and Security

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend... Bruce Schneier
From Schneier on Security | April 2, 2025 at 07:04 AM

From Schneier on Security

Cell Phone OPSEC for Border Crossings

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about... Bruce Schneier
From Schneier on Security | April 1, 2025 at 07:01 AM

From Schneier on Security

The Signal Chat Leak and the NSA

US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly... Bruce Schneier
From Schneier on Security | March 31, 2025 at 07:04 AM

From Schneier on Security

Friday Squid Blogging: Squid Werewolf Hacking Group

In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security... Bruce Schneier
From Schneier on Security | March 28, 2025 at 05:04 PM

From Schneier on Security

AIs as Trusted Third Parties

This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea... Bruce Schneier
From Schneier on Security | March 28, 2025 at 07:01 AM

From Schneier on Security

A Taxonomy of Adversarial Machine Learning Attacks and Mitigations

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures. Bruce Schneier
From Schneier on Security | March 27, 2025 at 07:00 AM

From Schneier on Security

AI Data Poisoning

Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots,... Bruce Schneier
From Schneier on Security | March 26, 2025 at 07:07 AM

From Schneier on Security

Report on Paragon Spyware

Citizen Lab has a new report on Paragon’s spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware... Bruce Schneier
From Schneier on Security | March 25, 2025 at 07:05 AM

From Schneier on Security

More Countries are Demanding Back-Doors to Encrypted Apps

Last month I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating... Bruce Schneier
From Schneier on Security | March 24, 2025 at 06:38 AM

From Schneier on Security

Friday Squid Blogging: A New Explanation of Squid Camouflage

New research: An associate professor of chemistry and chemical biology at Northeastern University, Deravi’s recently published paper in the Journal of Materials... Bruce Schneier
From Schneier on Security | March 21, 2025 at 04:30 PM

From Schneier on Security

My Writings Are in the LibGen AI Training Corpus

The Atlantic has a search tool that allows you to search for specific works in the “LibGen” database of copyrighted works that Meta used to train its AI models.... Bruce Schneier
From Schneier on Security | March 21, 2025 at 02:26 PM

From Schneier on Security

NCSC Releases Post-Quantum Cryptography Timeline

The UK’s National Computer Security Center (part of GCHQ) released a timeline—also see their blog post—for migration to quantum-computer-resistant cryptography.... Bruce Schneier
From Schneier on Security | March 21, 2025 at 07:47 AM

From Schneier on Security

Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands... Bruce Schneier
From Schneier on Security | March 20, 2025 at 11:14 AM

From Schneier on Security

Is Security Human Factors Research Skewed Towards Western Ideas and Habits?

Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract: In human... Bruce Schneier
From Schneier on Security | March 18, 2025 at 07:10 AM

From Schneier on Security

Improvements in Brute Force Attacks

New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.” Abstract: Key lengths... Bruce Schneier
From Schneier on Security | March 17, 2025 at 11:09 AM