Blogroll | Communications of the ACM

From Schneier on Security

Paragon Solutions Spyware: Graphite

Paragon Solutions is yet another Israeli spyware company. Their product is called “Graphite,” and is a lot like NSO Group’s Pegasus. And Paragon is working with... Bruce Schneier
From Schneier on Security | June 8, 2023 at 07:30 AM

From Schneier on Security

How Attorneys Are Harming Cybersecurity Incident Response

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“: Abstract: Incident Response (IR) allows victim firms to detect,... Bruce Schneier
From Schneier on Security | June 7, 2023 at 07:06 AM

From Schneier on Security

Snowden Ten Years Later

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal... Bruce Schneier
From Schneier on Security | June 6, 2023 at 07:17 AM

From Schneier on Security

The Software-Defined Car

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock... Bruce Schneier
From Schneier on Security | June 5, 2023 at 07:14 AM

From Schneier on Security

Friday Squid Blogging: Squid Chromolithographs

Beautiful illustrations. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog postinghere... Bruce Schneier
From Schneier on Security | June 2, 2023 at 05:13 PM

From Schneier on Security

Open-Source LLMs

In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didn’t just give the world a chat window to play with. Instead,... Bruce Schneier
From Schneier on Security | June 2, 2023 at 10:21 AM

From Schneier on Security

On the Catastrophic Risk of AI

Earlier this week, I signed on to a short group statement, coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global... Bruce Schneier
From Schneier on Security | June 1, 2023 at 07:17 AM

From Schneier on Security

Chinese Hacking of U.S. Critical Infrastructure

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the... Bruce Schneier
From Schneier on Security | May 31, 2023 at 10:53 AM

From Schneier on Security

Brute-Forcing a Fingerprint Reader

It’s neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint... Bruce Schneier
From Schneier on Security | May 30, 2023 at 07:16 AM

From Schneier on Security

Friday Squid Blogging: Online Cephalopod Course

Atlas Obscura has a five-part online course on cephalopods, taught by squid biologist Dr. Sarah McAnulty. As usual, you can also use this squid post to talk about... Bruce Schneier
From Schneier on Security | May 26, 2023 at 05:05 PM

From Schneier on Security

Expeditionary Cyberspace Operations

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve... Bruce Schneier
From Schneier on Security | May 26, 2023 at 07:12 AM

From Schneier on Security

On the Poisoning of LLMs

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black... Bruce Schneier
From Schneier on Security | May 25, 2023 at 07:05 AM

From Schneier on Security

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws

It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up... Bruce Schneier
From Schneier on Security | May 24, 2023 at 07:23 AM

From Schneier on Security

Credible Handwriting Machine

In case you don’t have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve... Bruce Schneier
From Schneier on Security | May 23, 2023 at 07:15 AM

From Schneier on Security

Google Is Not Deleting Old YouTube Videos

Google has backtracked on its plan to delete inactive YouTube videos—at least for now. Of course, it could change its mind anytime it wants. It would be nice if... Bruce Schneier
From Schneier on Security | May 22, 2023 at 07:15 AM

From Schneier on Security

Friday Squid Blogging: Peruvian Squid-Fishing Regulation Drives Chinese Fleets Away

A Peruvian oversight law has the opposite effect: Peru in 2020 began requiring any foreign fishing boat entering its ports to use a vessel monitoring system allowing... Bruce Schneier
From Schneier on Security | May 19, 2023 at 05:06 PM

From Schneier on Security

Security Risks of New .zip and .mov Domains

Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability. Bruce Schneier
From Schneier on Security | May 19, 2023 at 07:11 AM

From Schneier on Security

Microsoft Secure Boot Bug

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections... Bruce Schneier
From Schneier on Security | May 17, 2023 at 07:01 AM

From Schneier on Security

Micro-Star International Signing Key Stolen

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect... Bruce Schneier
From Schneier on Security | May 15, 2023 at 07:18 AM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The listthis... Schneier.com Webmaster
From Schneier on Security | May 14, 2023 at 12:05 PM