acm-header
Sign In

Communications of the ACM

Blogroll


bg-corner

Attacking the Intel Secure Enclave
From Schneier on Security

Attacking the Intel Secure Enclave

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy...

AI Emotion-Detection Arms Race
From Schneier on Security

AI Emotion-Detection Arms Race

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their...

The Myth of Consumer-Grade Security
From Schneier on Security

The Myth of Consumer-Grade Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's...

The Threat of Fake Academic Research
From Schneier on Security

The Threat of Fake Academic Research

Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about....

Detecting Credit Card Skimmers
From Schneier on Security

Detecting Credit Card Skimmers

Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There's now an app that can detect them: The team from the University of...

Friday Squid Blogging: Vulnerabilities in Squid Server
From Schneier on Security

Friday Squid Blogging: Vulnerabilities in Squid Server

It's always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently...

License Plate "NULL"
From Schneier on Security

License Plate "NULL"

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial...

Modifying a Tesla to Become a Surveillance Platform
From Schneier on Security

Modifying a Tesla to Become a Surveillance Platform

From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits...

Google Finds 20-Year-Old Microsoft Windows Vulnerability
From Schneier on Security

Google Finds 20-Year-Old Microsoft Windows Vulnerability

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around...

Surveillance as a Condition for Humanitarian Aid
From Schneier on Security

Surveillance as a Condition for Humanitarian Aid

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is...

Influence Operations Kill Chain
From Schneier on Security

Influence Operations Kill Chain

Influence operations are elusive to define. The Rand Corp.'s definition is as good as any: "the collection of tactical information about an adversary as well as...

Friday Squid Blogging: Robot Squid Propulsion
From Schneier on Security

Friday Squid Blogging: Robot Squid Propulsion

Interesting research: The squid robot is powered primarily by compressed air, which it stores in a cylinder in its nose (do squids have noses?). The fins and arms...

Software Vulnerabilities in the Boeing 787
From Schneier on Security

Software Vulnerabilities in the Boeing 787

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta,...

Bypassing Apple FaceID's Liveness Detection Feature
From Schneier on Security

Bypassing Apple FaceID's Liveness Detection Feature

Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping....

Side-Channel Attack against Electronic Locks
From Schneier on Security

Side-Channel Attack against Electronic Locks

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring....

Attorney General Barr and Encryption
From Schneier on Security

Attorney General Barr and Encryption

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New...

Exploiting GDPR to Get Private Information
From Schneier on Security

Exploiting GDPR to Get Private Information

A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation...

Evaluating the NSA's Telephony Metadata Program
From Schneier on Security

Evaluating the NSA's Telephony Metadata Program

Interesting analysis: "Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended?" by Susan Landau and Asaf Lubin...

Friday Squid Blogging: Sinuous Asperoteuthis Mangoldae Squid
From Schneier on Security

Friday Squid Blogging: Sinuous Asperoteuthis Mangoldae Squid

Great video of the Sinuous Asperoteuthis Mangoldae Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't...

Supply-Chain Attack against the Electron Development Platform
From Schneier on Security

Supply-Chain Attack against the Electron Development Platform

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update...
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account