Blogroll | Communications of the ACM

From Schneier on Security

Weird Zimbra Vulnerability

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent... Bruce Schneier
From Schneier on Security | October 3, 2024 at 07:04 AM

From Schneier on Security

California AI Safety Bill Vetoed

Governor Newsom has vetoed the state’s AI safety bill. I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulateEU... Bruce Schneier
From Schneier on Security | October 2, 2024 at 07:01 AM

From Schneier on Security

Hacking ChatGPT by Planting False Memories into Its Data

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations... Bruce Schneier
From Schneier on Security | October 1, 2024 at 07:07 AM

From Schneier on Security

AI and the 2024 US Elections

For years now, AI has undermined the public’s ability to trust what it sees, hears, and reads. The Republican National Committee released a provocative ad offering... Bruce Schneier
From Schneier on Security | September 30, 2024 at 07:00 AM

From Schneier on Security

Squid Fishing in Japan

Fishermen are catching more squid as other fish are depleted. Blog moderation policy. Bruce Schneier
From Schneier on Security | September 27, 2024 at 05:06 PM

From Schneier on Security

NIST Recommends Some Common-Sense Password Rules

NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply... Bruce Schneier
From Schneier on Security | September 27, 2024 at 07:01 AM

From Schneier on Security

New Windows Malware Locks Computer in Kiosk Mode

Clever: A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are... Bruce Schneier
From Schneier on Security | September 25, 2024 at 07:00 AM

From Schneier on Security

Hacking the “Bike Angels” System for Moving Bikeshares

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations... Bruce Schneier
From Schneier on Security | September 23, 2024 at 11:46 AM

From Schneier on Security

Friday Squid Blogging: Squid Game Season Two Teaser

The teaser for Squid Game Season Two dropped. Blog moderation policy. Bruce Schneier
From Schneier on Security | September 20, 2024 at 09:59 PM

From Schneier on Security

Clever Social Engineering Attack Using Captchas

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the... Bruce Schneier
From Schneier on Security | September 20, 2024 at 11:32 AM

From Schneier on Security

FBI Shuts Down Chinese Botnet

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world,... Bruce Schneier
From Schneier on Security | September 19, 2024 at 11:40 AM

From Schneier on Security

Remotely Exploding Pagers

Wow. It seems they all exploded simultaneously, which means they were triggered. Were they each tampered with physically, or did someone figure out how to trigger... Bruce Schneier
From Schneier on Security | September 17, 2024 at 11:54 AM

From Schneier on Security

Python Developers Targeted with Malware During Fake Job Interviews

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article... Bruce Schneier
From Schneier on Security | September 17, 2024 at 07:02 AM

From Schneier on Security

Legacy Ivanti Cloud Service Appliance Being Exploited

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported. Welcome... Bruce Schneier
From Schneier on Security | September 16, 2024 at 10:49 AM

From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through... Bruce Schneier
From Schneier on Security | September 14, 2024 at 12:01 PM

From Schneier on Security

Friday Squid Blogging: Squid as a Legislative Negotiating Tactic

This is an odd story of serving squid during legislative negotiations in the Philippines. Bruce Schneier
From Schneier on Security | September 13, 2024 at 05:00 PM

From Schneier on Security

My TedXBillings Talk

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is <a href="https://www.youtube.com/watch?v=uqC4nb7fLpY”>live. Please share... Bruce Schneier
From Schneier on Security | September 13, 2024 at 02:02 PM

From Schneier on Security

Microsoft Is Adding New Cryptography Algorithms

Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article: The first... Bruce Schneier
From Schneier on Security | September 12, 2024 at 11:42 AM

From Schneier on Security

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “SEAL: Systematic Error Analysis for Value... Bruce Schneier
From Schneier on Security | September 11, 2024 at 07:03 AM

From Schneier on Security

New Chrome Zero-Day

According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency. Bruce Schneier
From Schneier on Security | September 10, 2024 at 07:04 AM