Blogroll | Communications of the ACM

From Schneier on Security

Security Risks of New .zip and .mov Domains

Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability. Bruce Schneier
From Schneier on Security | May 19, 2023 at 07:11 AM

From Schneier on Security

Microsoft Secure Boot Bug

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections... Bruce Schneier
From Schneier on Security | May 17, 2023 at 07:01 AM

From Schneier on Security

Micro-Star International Signing Key Stolen

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect... Bruce Schneier
From Schneier on Security | May 15, 2023 at 07:18 AM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The listthis... Schneier.com Webmaster
From Schneier on Security | May 14, 2023 at 12:05 PM

From Schneier on Security

Friday Squid Blogging: Giant Squid Video

A video—authentic, not a deep fake—of a giant squid close to the surface. As usual, you can also use this squid post to talk about the security stories in the news... Bruce Schneier
From Schneier on Security | May 12, 2023 at 05:04 PM

From Schneier on Security

Ted Chiang on the Risks of AI

Ted Chiang has an excellent essay in the New Yorker: “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and... Bruce Schneier
From Schneier on Security | May 12, 2023 at 10:00 AM

From Schneier on Security

Building Trustworthy AI

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives... Bruce Schneier
From Schneier on Security | May 11, 2023 at 07:17 AM

From Schneier on Security

FBI Disables Russian Malware

Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers... Bruce Schneier
From Schneier on Security | May 10, 2023 at 11:25 AM

From Schneier on Security

PIPEDREAM Malware against Industrial Control Systems

Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping... Bruce Schneier
From Schneier on Security | May 9, 2023 at 11:20 AM

From Schneier on Security

AI Hacking Village at DEF CON This Year

At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will... Bruce Schneier
From Schneier on Security | May 8, 2023 at 11:29 AM

From Schneier on Security

Friday Squid Blogging: “Mediterranean Beef Squid” Hoax

The viral video of the “Mediterranean beef squid”is a hoax. It’s not even a deep fake; it’s a plastic toy. As usual, you can also use this squid post to talk about... Bruce Schneier
From Schneier on Security | May 5, 2023 at 05:12 PM

From Schneier on Security

Large Language Models and Elections

Earlier this week, the Republican National Committee released a video that it claims was “built entirely with AI imagery.” The content of the ad isn’t especially... Bruce Schneier
From Schneier on Security | May 4, 2023 at 06:45 AM

From Schneier on Security

SolarWinds Detected Six Months Earlier

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandient detected it in December 2020, but didn... Bruce Schneier
From Schneier on Security | May 3, 2023 at 06:13 AM

From Schneier on Security

NIST Draft Document on Post-Quantum Cryptography Guidance

NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of.... Bruce Schneier
From Schneier on Security | May 2, 2023 at 10:10 AM

From Schneier on Security

Friday Squid Blogging: More Squid Camouflage Research

Here’s a research group trying to replicate squid cell transparency in mammalian cells. As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
From Schneier on Security | April 28, 2023 at 05:07 PM

From Schneier on Security

Hacking the Layoff Process

My latest book, A Hacker’s Mind, is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the lessarticle... Bruce Schneier
From Schneier on Security | April 28, 2023 at 03:15 PM

From Schneier on Security

Security Risks of AI

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jimblog... Bruce Schneier
From Schneier on Security | April 27, 2023 at 09:38 AM

From Schneier on Security

AI to Aid Democracy

There’s good reason to fear that A.I. systems like ChatGPT and GPT4 will harm democracy. Public debate may be overwhelmed by industrial quantities of autogenerated... Bruce Schneier
From Schneier on Security | April 26, 2023 at 06:51 AM

From Schneier on Security

Cyberweapons Manufacturer QuaDream Shuts Down

Following a report on its activities, the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared... Bruce Schneier
From Schneier on Security | April 25, 2023 at 06:09 AM

From Schneier on Security

UK Threatens End-to-End Encryption

In an open letter, seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption: As... Bruce Schneier
From Schneier on Security | April 24, 2023 at 06:39 AM