Blogroll | Communications of the ACM

From Schneier on Security

Thousands of WordPress Websites Infected with Malware

The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed... Bruce Schneier
From Schneier on Security | March 10, 2025 at 07:01 AM

From Schneier on Security

Friday Squid Blogging: Squid Loyalty Cards

Squid is a loyalty card platform in Ireland. Blog moderation policy. Bruce Schneier
From Schneier on Security | March 7, 2025 at 05:04 PM

From Schneier on Security

Rayhunter: Device to Detect Cellular Surveillance

The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area. It runs on a $20... Bruce Schneier
From Schneier on Security | March 7, 2025 at 12:03 PM

From Schneier on Security

The Combined Cipher Machine

Interesting article—with photos!—of the US/UK “Combined Cipher Machine” from WWII. Bruce Schneier
From Schneier on Security | March 6, 2025 at 07:01 AM

From Schneier on Security

CISA Identifies Five New Vulnerabilities Currently Being Exploited

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot... Bruce Schneier
From Schneier on Security | March 5, 2025 at 07:00 AM

From Schneier on Security

Trojaned AI Tool Leads to Disney Hack

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job. Bruce Schneier
From Schneier on Security | March 4, 2025 at 07:08 AM

From Schneier on Security

Friday Squid Blogging: Eating Bioluminescent Squid

Firefly squid is now a delicacy in New York. Blog moderation policy. Bruce Schneier
From Schneier on Security | February 28, 2025 at 05:00 PM

From Schneier on Security

“Emergent Misalignment” in LLMs

Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“: Abstract: We present a surprising result regarding LLMs and... Bruce Schneier
From Schneier on Security | February 27, 2025 at 01:05 PM

From Schneier on Security

An iCloud Backdoor Would Make Our Phones Less Safe

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United... Bruce Schneier
From Schneier on Security | February 26, 2025 at 07:07 AM

From Schneier on Security

North Korean Hackers Steal $1.5B in Cryptocurrency

It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked... Bruce Schneier
From Schneier on Security | February 25, 2025 at 12:04 PM

From Schneier on Security

More Research Showing AI Breaking the Rules

These researchers had LLMs play chess against better opponents. When they couldn’t win, they sometimes resorted to cheating. Researchers gave the models a seemingly... Bruce Schneier
From Schneier on Security | February 24, 2025 at 07:08 AM

From Schneier on Security

Friday Squid Blogging: New Squid Fossil

A 450-million-year-old squid fossil was dug up in upstate New York. Blog moderation policy. Bruce Schneier
From Schneier on Security | February 21, 2025 at 05:02 PM

From Schneier on Security

Implementing Cryptography in AI Systems

Interesting research: “How to Securely Implement Cryptography in Deep Neural Networks.” Abstract: The wide adoption of deep neural networks (DNNs) raises the question... Bruce Schneier
From Schneier on Security | February 21, 2025 at 10:33 AM

From Schneier on Security

An LLM Trained to Create Backdoors in Code

Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.... Bruce Schneier
From Schneier on Security | February 20, 2025 at 07:01 AM

From Schneier on Security

Device Code Phishing

This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized... Bruce Schneier
From Schneier on Security | February 19, 2025 at 10:07 AM

From Schneier on Security

Story About Medical Device Security

Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it... Bruce Schneier
From Schneier on Security | February 18, 2025 at 07:06 AM

From Schneier on Security

Atlas of Surveillance

The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US. Bruce Schneier
From Schneier on Security | February 17, 2025 at 11:35 AM

From Schneier on Security

Friday Squid Blogging: Squid the Care Dog

The Vanderbilt University Medical Center has a pediatric care dog named “Squid.” Blog moderation policy. Bruce Schneier
From Schneier on Security | February 14, 2025 at 12:05 PM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025... Bruce Schneier
From Schneier on Security | February 14, 2025 at 12:01 PM

From Schneier on Security

AI and Civil Service Purges

Donald Trump and Elon Musk’s chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers... Bruce Schneier
From Schneier on Security | February 14, 2025 at 08:03 AM