Blogroll | Communications of the ACM

From Schneier on Security

ROT8000

ROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that... Bruce Schneier
From Schneier on Security | September 23, 2021 at 09:15 AM

From Schneier on Security

FBI Had the REvil Decryption Key

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing... Bruce Schneier
From Schneier on Security | September 22, 2021 at 10:30 AM

From Schneier on Security

Alaska’s Department of Health and Social Services Hack

Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest... Bruce Schneier
From Schneier on Security | September 20, 2021 at 06:08 PM

From Schneier on Security

Friday Squid Blogging: Ram’s Horn Squid Shells

You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere). As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
From Schneier on Security | September 17, 2021 at 11:46 AM

From Schneier on Security

Zero-Click iMessage Exploit

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update... Bruce Schneier
From Schneier on Security | September 16, 2021 at 04:15 PM

From Schneier on Security

Identifying Computer-Generated Faces

It’s the eyes: The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities... Bruce Schneier
From Schneier on Security | September 15, 2021 at 11:31 AM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I’m speaking at the Infosecurity... Schneier.com Webmaster
From Schneier on Security | September 14, 2021 at 12:19 AM

From Schneier on Security

Designing Contact-Tracing Apps

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic. Bruce Schneier
From Schneier on Security | September 13, 2021 at 07:41 AM

From Schneier on Security

Friday Squid Blogging: Possible Evidence of Squid Paternal Care

Researchers have found possible evidence of paternal care among bigfin reef squid. As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
From Schneier on Security | September 9, 2021 at 05:56 PM

From Schneier on Security

ProtonMail Now Keeps IP Logs

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.” Bruce Schneier
From Schneier on Security | September 9, 2021 at 05:53 PM

From Schneier on Security

More Detail on the Juniper Hack and the NSA PRNG Backdoor

We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor. Bruce Schneier
From Schneier on Security | September 7, 2021 at 02:17 PM

From Schneier on Security

Security Risks of Relying on a Single Smartphone

Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM... Bruce Schneier
From Schneier on Security | September 6, 2021 at 05:03 PM

From Schneier on Security

Lightning Cable with Embedded Eavesdropping

Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network. I blogged about a previous prototype here Bruce Schneier
From Schneier on Security | September 3, 2021 at 02:16 PM

From Schneier on Security

Tracking People by their MAC Addresses

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that... Bruce Schneier
From Schneier on Security | September 3, 2021 at 02:13 PM

From Schneier on Security

History of the HX-63 Rotor Machine

Jon D. Paul has written the fascinating story of the HX-63, a super-complicated electromechanical rotor cipher machine made by Crypto AG. Bruce Schneier
From Schneier on Security | September 3, 2021 at 11:19 AM

From Schneier on Security

Zero-Click iPhone Exploits

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. Thesehere... Bruce Schneier
From Schneier on Security | August 31, 2021 at 04:17 PM

From Schneier on Security

Hacker-Themed Board Game

Black Hat is a hacker-themed board game. Bruce Schneier
From Schneier on Security | August 31, 2021 at 01:24 PM

From Schneier on Security

More Military Cryptanalytics, Part III

Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahos’s Military Cryptanalytics, Part III. We just got most of the index... Bruce Schneier
From Schneier on Security | August 30, 2021 at 04:40 PM

From Schneier on Security

Excellent Write-up of the SolarWinds Security Breach

Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary. Bruce Schneier
From Schneier on Security | August 27, 2021 at 11:33 AM

From Schneier on Security

Details of the Recent T-Mobile Breach

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked. Bruce Schneier
From Schneier on Security | August 27, 2021 at 09:37 AM