Blogroll | Communications of the ACM

From Schneier on Security

AIs Hacking Websites

New research: LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact... Bruce Schneier
From Schneier on Security | February 23, 2024 at 11:14 AM

From Schneier on Security

New Image/Video Prompt Injection Attacks

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot... Bruce Schneier
From Schneier on Security | February 22, 2024 at 12:08 PM

From Schneier on Security

Details of a Phone Scam

First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. And thisCory... Bruce Schneier
From Schneier on Security | February 21, 2024 at 07:08 AM

From Schneier on Security

Microsoft Is Spying on Users of Its AI Tools

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities. From their... Bruce Schneier
From Schneier on Security | February 20, 2024 at 07:02 AM

From Schneier on Security

EU Court of Human Rights Rejects Encryption Backdoors

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights: Seemingly most critically, the [Russian]... Bruce Schneier
From Schneier on Security | February 19, 2024 at 11:15 AM

From Schneier on Security

Friday Squid Blogging: Vegan Squid-Ink Pasta

It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered... Bruce Schneier
From Schneier on Security | February 16, 2024 at 05:04 PM

From Schneier on Security

On the Insecurity of Software Bloat

Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected... Bruce Schneier
From Schneier on Security | February 15, 2024 at 07:04 AM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February... B. Schneier
From Schneier on Security | February 14, 2024 at 12:01 PM

From Schneier on Security

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s... Bruce Schneier
From Schneier on Security | February 14, 2024 at 07:08 AM

From Schneier on Security

Molly White Reviews Blockchain Book

Molly White—of “Web3 is Going Just Great” fame—reviews Chris Dixon’s blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails... Bruce Schneier
From Schneier on Security | February 13, 2024 at 07:07 AM

From Schneier on Security

On Passkey Usability

Matt Burgess tries to only use passkeys. The results are mixed. Bruce Schneier
From Schneier on Security | February 12, 2024 at 11:49 AM

From Schneier on Security

Friday Squid Blogging: A Penguin Named “Squid”

Amusing story about a penguin named “Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read... Bruce Schneier
From Schneier on Security | February 9, 2024 at 05:09 PM

From Schneier on Security

No, Toothbrushes Were Not Used in a Massive DDoS Attack

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking... Bruce Schneier
From Schneier on Security | February 9, 2024 at 01:10 PM

From Schneier on Security

On Software Liabilities

Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability... Bruce Schneier
From Schneier on Security | February 8, 2024 at 07:00 AM

From Schneier on Security

Teaching LLMs to Be Deceptive

Interesting research: “Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training“: Abstract: Humans are capable of strategically deceptive behavior... Bruce Schneier
From Schneier on Security | February 7, 2024 at 07:04 AM

From Schneier on Security

Deepfake Fraud

A deepfake video conference call—with everyone else on the call a fake—fooled a finance worker into sending $25M to the criminals’ account. Bruce Schneier
From Schneier on Security | February 5, 2024 at 11:10 AM

From Schneier on Security

Friday Squid Blogging: Illex Squid in Argentina Waters

Argentina is reporting that there is a good population of illex squid in its waters ready for fishing, and is working to ensure that Chinese fishing boats don’t... Bruce Schneier
From Schneier on Security | February 2, 2024 at 05:03 PM

From Schneier on Security

David Kahn

David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this... Bruce Schneier
From Schneier on Security | February 2, 2024 at 03:06 PM

From Schneier on Security

A Self-Enforcing Protocol to Solve Gerrymandering

In 2009, I wrote: There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but... Bruce Schneier
From Schneier on Security | February 2, 2024 at 07:01 AM

From Schneier on Security

New Images of Colossus Released

GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News article. Bruce Schneier
From Schneier on Security | January 30, 2024 at 03:08 PM