Blogroll | Communications of the ACM

From Schneier on Security

Stealing Xbox Codes

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards... Bruce Schneier
From Schneier on Security | July 4, 2021 at 05:14 PM

From Schneier on Security

More Russian Hacking

Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealingwrote... Bruce Schneier
From Schneier on Security | July 1, 2021 at 06:29 PM

From Schneier on Security

Insurance and Ransomware

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper... Bruce Schneier
From Schneier on Security | July 1, 2021 at 12:01 PM

From Schneier on Security

Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example)... Bruce Schneier
From Schneier on Security | June 29, 2021 at 10:12 AM

From Schneier on Security

Friday Squid Blogging: Giant Squid Model

Pretty wooden model. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines... Bruce Schneier
From Schneier on Security | June 27, 2021 at 05:54 PM

From Schneier on Security

Friday Squid Blogging: Best Squid-Related Headline

From the New York Times: “When an Eel Climbs a Ramp to Eat Squid From a Clamp, That’s a Moray.” The article is about the eel; the squid is just eel food. But still... Bruce Schneier
From Schneier on Security | June 27, 2021 at 05:54 PM

From Schneier on Security

NFC Flaws in POS Devices and ATMs

It’s a series of vulnerabilities: Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities... Bruce Schneier
From Schneier on Security | June 25, 2021 at 09:55 AM

From Schneier on Security

AI-Piloted Fighter Jets

News from Georgetown’s Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI... Bruce Schneier
From Schneier on Security | June 25, 2021 at 09:53 AM

From Schneier on Security

Banning Surveillance-Based Advertising

The Norwegian Consumer Council just published a fantastic new report: “Time to Ban Surveillance-Based Advertising.” From the Introduction: The challenges caused... Bruce Schneier
From Schneier on Security | June 24, 2021 at 10:44 AM

From Schneier on Security

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiam’s interception products, dubbed... Bruce Schneier
From Schneier on Security | June 22, 2021 at 04:04 PM

From Schneier on Security

Apple Will Offer Onion Routing for iCloud/Safari Users

At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” That’s basically its private version of onion routing... Bruce Schneier
From Schneier on Security | June 21, 2021 at 11:59 AM

From Schneier on Security

Friday Squid Blogging: Squid-Related Game

It’s called “Squid Fishering.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting... Bruce Schneier
From Schneier on Security | June 21, 2021 at 11:53 AM

From Schneier on Security

The Future of Machine Learning and Cybersecurity

The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers... Bruce Schneier
From Schneier on Security | June 20, 2021 at 07:33 PM

From Schneier on Security

Peloton Vulnerability Found and Fixed

Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires... Bruce Schneier
From Schneier on Security | June 17, 2021 at 07:20 PM

From Schneier on Security

Intentional Flaw in GPRS Encryption Algorithm GEA-1

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1... Bruce Schneier
From Schneier on Security | June 17, 2021 at 02:51 PM

From Schneier on Security

Paul van Oorschot’s Computer Security and the Internet

Paul van Oorschot’s webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. It’s worth reading. Bruce Schneier
From Schneier on Security | June 16, 2021 at 06:27 PM

From Schneier on Security

VPNs and Trust

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country... Bruce Schneier
From Schneier on Security | June 15, 2021 at 12:00 PM

From Schneier on Security

Andrew Appel on New Hampshire’s Election Audit

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team... Bruce Schneier
From Schneier on Security | June 15, 2021 at 11:45 AM

From Schneier on Security

TikTok Can Now Collect Biometric Data

This is probably worth paying attention to: A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect... Bruce Schneier
From Schneier on Security | June 14, 2021 at 11:11 AM

From Schneier on Security

FBI/AFP-Run Encrypted Phone

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was... Bruce Schneier
From Schneier on Security | June 10, 2021 at 03:36 PM