Blogroll | Communications of the ACM

From Schneier on Security

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack. An earlier related post. Blog moderation policy. Bruce Schneier
From Schneier on Security | November 15, 2024 at 05:07 PM

From Schneier on Security

Good Essay on the History of Bad Password Policies

Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data to highlight a problem that... Bruce Schneier
From Schneier on Security | November 15, 2024 at 07:05 AM

From Schneier on Security

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before... Bruce Schneier
From Schneier on Security | November 14, 2024 at 07:05 AM

From Schneier on Security

Mapping License Plate Scanners in the US

DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped. The... Bruce Schneier
From Schneier on Security | November 13, 2024 at 07:06 AM

From Schneier on Security

Criminals Exploiting FBI Emergency Data Requests

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass... Bruce Schneier
From Schneier on Security | November 12, 2024 at 07:05 AM

From Schneier on Security

Friday Squid Blogging: Squid-A-Rama in Des Moines

Squid-A-Rama will be in Des Moines at the end of the month. Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live... Bruce Schneier
From Schneier on Security | November 8, 2024 at 05:04 PM

From Schneier on Security

AI Industry is Trying to Subvert the Definition of “Open Source AI”

The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms... Bruce Schneier
From Schneier on Security | November 8, 2024 at 07:03 AM

From Schneier on Security

Prompt Injection Defenses Against LLM Cyberattacks

Interesting research: “Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks“: Large language models (LLMs) are increasingly... Bruce Schneier
From Schneier on Security | November 7, 2024 at 11:13 AM

From Schneier on Security

Subverting LLM Coders

Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection... Bruce Schneier
From Schneier on Security | November 7, 2024 at 07:07 AM

From Schneier on Security

IoT Devices in Password-Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part... Bruce Schneier
From Schneier on Security | November 6, 2024 at 07:02 AM

From Schneier on Security

AIs Discovering Vulnerabilities

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing... Bruce Schneier
From Schneier on Security | November 5, 2024 at 07:08 AM

From Schneier on Security

Sophos Versus the Chinese Hackers

Really interesting story of Sophos’s five-year war against Chinese hackers. Bruce Schneier
From Schneier on Security | November 4, 2024 at 07:02 AM

From Schneier on Security

Friday Squid Blogging: Squid Sculpture in Massachusetts Building

Great blow-up sculpture. Blog moderation policy. Bruce Schneier
From Schneier on Security | November 1, 2024 at 05:04 PM

From Schneier on Security

Roger Grimes on Prioritizing Cybersecurity Advice

This is a good point: Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists... Bruce Schneier
From Schneier on Security | October 31, 2024 at 11:43 AM

From Schneier on Security

Tracking World Leaders Using Strava

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personalLe... Bruce Schneier
From Schneier on Security | October 31, 2024 at 11:16 AM

From Schneier on Security

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation... Bruce Schneier
From Schneier on Security | October 30, 2024 at 10:48 AM

From Schneier on Security

Law Enforcement Deanonymizes Tor Users

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis towritten... Bruce Schneier
From Schneier on Security | October 29, 2024 at 07:02 AM

From Schneier on Security

Criminals Are Blowing up ATMs in Germany

It’s low tech, but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them. Bruce Schneier
From Schneier on Security | October 28, 2024 at 12:12 PM

From Schneier on Security

Friday Squid Blogging: Giant Squid Found on Spanish Beach

A giant squid has washed up on a beach in Northern Spain. Blog moderation policy. Bruce Schneier
From Schneier on Security | October 25, 2024 at 05:01 PM

From Schneier on Security

Watermark for LLM-Generated Text

Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic... Bruce Schneier
From Schneier on Security | October 25, 2024 at 09:56 AM