Blogroll | Communications of the ACM

From Schneier on Security

Amazon Supplier Fraud

Interesting story of an Amazon supplier fraud: According to the indictment, the brothers swapped ASINs for items Amazon ordered to send large quantities of different... Bruce Schneier
From Schneier on Security | August 26, 2020 at 07:31 AM

From Schneier on Security

Identifying People by Their Browsing Histories

Interesting paper: "Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories": We examine the threat to... Bruce Schneier
From Schneier on Security | August 25, 2020 at 07:28 AM

From Schneier on Security

DiceKeys

DiceKeys is a physical mechanism for creating and storing a 192-bit key. The idea is that you roll a special set of twenty-five dice, put them into a plastic jig... Bruce Schneier
From Schneier on Security | August 24, 2020 at 07:23 AM

From Schneier on Security

Friday Squid Blogging: Rhode Island's State Appetizer Is Calamari

Rhode Island has an official state appetizer, and it's calamari. Who knew? As usual, you can also use this squid post to talk about the security stories in the... Bruce Schneier
From Schneier on Security | August 21, 2020 at 05:11 PM

From Schneier on Security

Yet Another Biometric: Bioacoustic Signatures

Sound waves through the body are unique enough to be a biometric: "Modeling allowed us to infer what structures or material features of the human body actually... Bruce Schneier
From Schneier on Security | August 21, 2020 at 07:03 AM

From Schneier on Security

Copying a Key by Listening to It in Action

Researchers are using recordings of keys being used in locks to create copies. Once they have a key-insertion audio file, SpiKey's inference software gets to work... Bruce Schneier
From Schneier on Security | August 20, 2020 at 07:22 AM

From Schneier on Security

Using Disinformation to Cause a Blackout

Interesting paper: "How weaponizing disinformation can bring down a city's power grid": Abstract: Social media has made it possible to manipulate the masses via... Bruce Schneier
From Schneier on Security | August 18, 2020 at 11:03 AM

From Schneier on Security

Vaccine for Emotet Malware

Interesting story of a vaccine for the Emotet malware: Through trial and error and thanks to subsequent Emotet updates that refined how the new persistence mechanism... Bruce Schneier
From Schneier on Security | August 18, 2020 at 07:03 AM

From Schneier on Security

Robocall Results from a Telephony Honeypot

A group of researchers set up a telephony honeypot and tracked robocall behavior: NCSU researchers said they ran 66,606 telephone lines between March 2019 and January... Bruce Schneier
From Schneier on Security | August 17, 2020 at 07:22 AM

From Schneier on Security

Friday Squid Blogging: Editing the Squid Genome

Scientists have edited the genome of the Doryteuthis pealeii squid with CRISPR. A first. As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
From Schneier on Security | August 14, 2020 at 05:05 PM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm giving a keynote address at the Cybersecurity and Data Privacy Law virtual conference on September... Bruce Schneier
From Schneier on Security | August 14, 2020 at 01:15 PM

From Schneier on Security

Drovorub Malware

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread.... Bruce Schneier
From Schneier on Security | August 14, 2020 at 09:59 AM

From Schneier on Security

UAE Hack and Leak Operations

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly... Bruce Schneier
From Schneier on Security | August 13, 2020 at 10:28 AM

From Schneier on Security

Cryptanalysis of an Old Zip Encryption Algorithm

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here.... Bruce Schneier
From Schneier on Security | August 12, 2020 at 07:08 AM

From Schneier on Security

Collecting and Selling Mobile Phone Location Data

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." Through that SDK... Bruce Schneier
From Schneier on Security | August 11, 2020 at 07:00 AM

From Schneier on Security

Smart Lock Vulnerability

Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure... Bruce Schneier
From Schneier on Security | August 10, 2020 at 07:23 AM

From Schneier on Security

Friday Squid Blogging: New SQUID

There's a new SQUID: A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum... Bruce Schneier
From Schneier on Security | August 7, 2020 at 05:08 PM

From Schneier on Security

The NSA on the Risks of Exposing Location Data

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely... Bruce Schneier
From Schneier on Security | August 6, 2020 at 01:15 PM

From Schneier on Security

Cybercrime in the Age of COVID-19

The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic.... Bruce Schneier
From Schneier on Security | August 4, 2020 at 07:02 AM

From Schneier on Security

BlackBerry Phone Cracked

Australia is reporting that a BlackBerry device has been cracked after five years: An encrypted BlackBerry device that was cracked five years after it was first... Bruce Schneier
From Schneier on Security | August 3, 2020 at 12:54 PM