Blogroll | Communications of the ACM

From Schneier on Security

AIs as Trusted Third Parties

This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea... Bruce Schneier
From Schneier on Security | March 28, 2025 at 07:01 AM

From Schneier on Security

A Taxonomy of Adversarial Machine Learning Attacks and Mitigations

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures. Bruce Schneier
From Schneier on Security | March 27, 2025 at 07:00 AM

From Schneier on Security

AI Data Poisoning

Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots,... Bruce Schneier
From Schneier on Security | March 26, 2025 at 07:07 AM

From Schneier on Security

Report on Paragon Spyware

Citizen Lab has a new report on Paragon’s spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware... Bruce Schneier
From Schneier on Security | March 25, 2025 at 07:05 AM

From Schneier on Security

More Countries are Demanding Back-Doors to Encrypted Apps

Last month I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating... Bruce Schneier
From Schneier on Security | March 24, 2025 at 06:38 AM

From Schneier on Security

Friday Squid Blogging: A New Explanation of Squid Camouflage

New research: An associate professor of chemistry and chemical biology at Northeastern University, Deravi’s recently published paper in the Journal of Materials... Bruce Schneier
From Schneier on Security | March 21, 2025 at 04:30 PM

From Schneier on Security

My Writings Are in the LibGen AI Training Corpus

The Atlantic has a search tool that allows you to search for specific works in the “LibGen” database of copyrighted works that Meta used to train its AI models.... Bruce Schneier
From Schneier on Security | March 21, 2025 at 02:26 PM

From Schneier on Security

NCSC Releases Post-Quantum Cryptography Timeline

The UK’s National Computer Security Center (part of GCHQ) released a timeline—also see their blog post—for migration to quantum-computer-resistant cryptography.... Bruce Schneier
From Schneier on Security | March 21, 2025 at 07:47 AM

From Schneier on Security

Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands... Bruce Schneier
From Schneier on Security | March 20, 2025 at 11:14 AM

From Schneier on Security

Is Security Human Factors Research Skewed Towards Western Ideas and Habits?

Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract: In human... Bruce Schneier
From Schneier on Security | March 18, 2025 at 07:10 AM

From Schneier on Security

Improvements in Brute Force Attacks

New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.” Abstract: Key lengths... Bruce Schneier
From Schneier on Security | March 17, 2025 at 11:09 AM

From Schneier on Security

Friday Squid Blogging: SQUID Band

A bagpipe and drum band: SQUID transforms traditional Bagpipe and Drum Band entertainment into a multi-sensory rush of excitement, featuring high energy bagpipes... Bruce Schneier
From Schneier on Security | March 14, 2025 at 05:03 PM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. I’m speaking at the... Bruce Schneier
From Schneier on Security | March 14, 2025 at 12:03 PM

From Schneier on Security

TP-Link Router Botnet

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that... Bruce Schneier
From Schneier on Security | March 14, 2025 at 07:02 AM

From Schneier on Security

RIP Mark Klein

2006 AT&T whistleblower Mark Klein has died. Bruce Schneier
From Schneier on Security | March 13, 2025 at 12:12 PM

From Schneier on Security

China, Russia, Iran, and North Korea Intelligence Sharing

Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to... Bruce Schneier
From Schneier on Security | March 12, 2025 at 07:09 AM

From Schneier on Security

Silk Typhoon Hackers Indicted

Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade... Bruce Schneier
From Schneier on Security | March 11, 2025 at 01:14 PM

From Schneier on Security

Thousands of WordPress Websites Infected with Malware

The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed... Bruce Schneier
From Schneier on Security | March 10, 2025 at 07:01 AM

From Schneier on Security

Friday Squid Blogging: Squid Loyalty Cards

Squid is a loyalty card platform in Ireland. Blog moderation policy. Bruce Schneier
From Schneier on Security | March 7, 2025 at 05:04 PM

From Schneier on Security

Rayhunter: Device to Detect Cellular Surveillance

The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area. It runs on a $20... Bruce Schneier
From Schneier on Security | March 7, 2025 at 12:03 PM