Blogroll | Communications of the ACM

From Schneier on Security

Malicious MS Office Macro Creator

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers... Bruce Schneier
From Schneier on Security | May 8, 2019 at 07:03 AM

From Schneier on Security

Locked Computers

This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s. The one thing the video doesn't talk about is RAM... Bruce Schneier
From Schneier on Security | May 7, 2019 at 07:22 AM

From Schneier on Security

First Physical Retaliation for a Cyberattack

Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter: CLEARED FOR RELEASE: We thwarted... Bruce Schneier
From Schneier on Security | May 6, 2019 at 05:09 PM

From Schneier on Security

Protecting Yourself from Identity Theft

I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago... Bruce Schneier
From Schneier on Security | May 6, 2019 at 08:08 AM

From Schneier on Security

Friday Squid Blogging: Squid Skin "Inspires" New Thermal Sheeting

Researchers are making space blankets using technology based on squid skin. Honestly, it's hard to tell how much squid is actually involved in this invention. As... Bruce Schneier
From Schneier on Security | May 3, 2019 at 05:15 PM

From Schneier on Security

Cybersecurity for the Public Interest

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices... Bruce Schneier
From Schneier on Security | May 3, 2019 at 05:33 AM

From Schneier on Security

Why Isn't GDPR Being Enforced?

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively... Bruce Schneier
From Schneier on Security | May 2, 2019 at 06:17 AM

From Schneier on Security

On Security Tokens

Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify... Bruce Schneier
From Schneier on Security | May 1, 2019 at 07:14 AM

From Schneier on Security

Defending Democracies Against Information Attacks

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable... Bruce Schneier
From Schneier on Security | April 30, 2019 at 07:59 AM

From Schneier on Security

Stealing Ethereum by Guessing Weak Private Keys

Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very... Bruce Schneier
From Schneier on Security | April 29, 2019 at 07:39 AM

From Schneier on Security

Friday Squid Blogging: Toraiz SQUID Digital Sequencer

Pioneer DJ has a new sequencer: the Toraiz SQUID: Sequencer Inspirational Device. The 16-track sequencer is designed around jamming and performance with a host... Bruce Schneier
From Schneier on Security | April 26, 2019 at 05:14 PM

From Schneier on Security

Interview of Me in Taiwan

Business Weekly in Taiwan interviewed me. (Here's a translation courtesy of Google.) It was a surprisingly intimate interview. I hope the Chinese reads better than... Bruce Schneier
From Schneier on Security | April 26, 2019 at 03:20 PM

From Schneier on Security

Towards an Information Operations Kill Chain

Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing... Bruce Schneier
From Schneier on Security | April 26, 2019 at 07:09 AM

From Schneier on Security

Fooling Automated Surveillance Cameras with Patchwork Color Printout

Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper.... Bruce Schneier
From Schneier on Security | April 25, 2019 at 07:31 AM

From Schneier on Security

Vulnerability in French Government Tchap Chat App

A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation... Bruce Schneier
From Schneier on Security | April 24, 2019 at 07:23 AM

From Schneier on Security

G7 Comes Out in Favor of Encryption Backdoors

From a G7 meeting of interior ministers in Paris this month, an "outcome document": Encourage Internet companies to establish lawful access solutions for their... Bruce Schneier
From Schneier on Security | April 23, 2019 at 10:14 AM

From Schneier on Security

Excellent Analysis of the Boeing 737 MAX Software Problems

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker... Bruce Schneier
From Schneier on Security | April 22, 2019 at 09:45 AM

From Schneier on Security

Friday Squid Blogging: New Squid Species off the New Zealand Coast

There's a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog... Bruce Schneier
From Schneier on Security | April 19, 2019 at 05:27 PM

From Schneier on Security

Iranian Cyber-Espionage Tools Leaked Online

The source code of a set of Iranian cyber-espoinage tools was leaked online.... Bruce Schneier
From Schneier on Security | April 19, 2019 at 09:12 AM

From Schneier on Security

New DNS Hijacking Attacks

DNS hijacking isn't new, but this seems to be an attack of uprecidented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker... Bruce Schneier
From Schneier on Security | April 18, 2019 at 06:13 AM