Blogroll | Communications of the ACM

From Schneier on Security

Including Hackers in NATO Wargames

This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled... Bruce Schneier
From Schneier on Security | January 29, 2021 at 01:03 PM

From Schneier on Security

New iMessage Security Features

Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around... Bruce Schneier
From Schneier on Security | January 29, 2021 at 10:21 AM

From Schneier on Security

Police Have Disrupted the Emotet Botnet

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated... Bruce Schneier
From Schneier on Security | January 27, 2021 at 05:04 PM

From Schneier on Security

Dutch Insider Attack on COVID-19 Data

Insider data theft: Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal... Bruce Schneier
From Schneier on Security | January 27, 2021 at 09:59 AM

From Schneier on Security

Massive Brazilian Data Breach

I think this is the largest data breach of all time: 220 million people. (Lots more stories are in Portuguese.) Bruce Schneier
From Schneier on Security | January 25, 2021 at 02:58 PM

From Schneier on Security

Insider Attack on Home Surveillance Systems

No one who reads this blog regularly will be surprised: A former employee of prominent home security company ADT has admitted that he hacked into the surveillance... Bruce Schneier
From Schneier on Security | January 25, 2021 at 10:33 AM

From Schneier on Security

SVR Attacks on Microsoft 365

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed... Bruce Schneier
From Schneier on Security | January 20, 2021 at 11:57 PM

From Schneier on Security

Sophisticated Watering Hole Attack

Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted... Bruce Schneier
From Schneier on Security | January 19, 2021 at 04:05 PM

From Schneier on Security

Injecting a Backdoor into SolarWinds Orion

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticle... Bruce Schneier
From Schneier on Security | January 18, 2021 at 05:19 PM

From Schneier on Security

Click Here to Kill Everybody Sale

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. Note that I have had occasional problems... Bruce Schneier
From Schneier on Security | January 15, 2021 at 12:27 PM

From Schneier on Security

Cell Phone Location Privacy

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out... Bruce Schneier
From Schneier on Security | January 14, 2021 at 11:44 PM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking (online) as part of Western Washington University’s Internet Studies Lecture Series... Schneier.com Webmaster
From Schneier on Security | January 14, 2021 at 04:05 AM

From Schneier on Security

Finding the Location of Telegram Users

Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using... Bruce Schneier
From Schneier on Security | January 11, 2021 at 01:08 PM

From Schneier on Security

On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security

Smart commentary: …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile... Bruce Schneier
From Schneier on Security | January 11, 2021 at 01:08 PM

From Schneier on Security

Cloning Google Titan 2FA keys

This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which... Bruce Schneier
From Schneier on Security | January 11, 2021 at 01:06 PM

From Schneier on Security

Friday Squid Blogging: Squids Don’t Like Pile-Driving Noises

New research: Pile driving occurs during construction of marine platforms, including offshore windfarms, producing intense sounds that can adversely affect marine... Bruce Schneier
From Schneier on Security | January 11, 2021 at 12:07 PM

From Schneier on Security

Changes in WhatsApp’s Privacy Policy

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability... Bruce Schneier
From Schneier on Security | January 7, 2021 at 10:59 AM

From Schneier on Security

Russia’s SolarWinds Attack and Software Security

The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming... Bruce Schneier
From Schneier on Security | January 6, 2021 at 01:13 PM

From Schneier on Security

APT Horoscope

This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness... Bruce Schneier
From Schneier on Security | January 6, 2021 at 12:21 PM

From Schneier on Security

Extracting Personal Information from Large Language Models Like GPT-2

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the... Bruce Schneier
From Schneier on Security | January 4, 2021 at 09:44 PM