acm-header
Sign In

Communications of the ACM

Blogroll


Refine your search:
datePast Year
authorBruce Schneier
bg-corner

NIST Cybersecurity Framework 2.0
From Schneier on Security

NIST Cybersecurity Framework 2.0

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded...

A Cyber Insurance Backstop
From Schneier on Security

A Cyber Insurance Backstop

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would...

China Surveillance Company Hacked
From Schneier on Security

China Surveillance Company Hacked

Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese...

Apple Announces Post-Quantum Encryption Algorithms for iMessage
From Schneier on Security

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Apple announced PQ3, its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST...

Friday Squid Blogging: Illex Squid and Climate Change
From Schneier on Security

Friday Squid Blogging: Illex Squid and Climate Change

There are correlations between the populations of the Illex Argentines squid and water temperatures. As usual, you can also use this squid post to talk about the...

AIs Hacking Websites
From Schneier on Security

AIs Hacking Websites

New research: LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact...

New Image/Video Prompt Injection Attacks
From Schneier on Security

New Image/Video Prompt Injection Attacks

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot...

Details of a Phone Scam
From Schneier on Security

Details of a Phone Scam

First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. And thisCory...

Microsoft Is Spying on Users of Its AI Tools
From Schneier on Security

Microsoft Is Spying on Users of Its AI Tools

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities. From their...

EU Court of Human Rights Rejects Encryption Backdoors
From Schneier on Security

EU Court of Human Rights Rejects Encryption Backdoors

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights: Seemingly most critically, the [Russian]...

Friday Squid Blogging: Vegan Squid-Ink Pasta
From Schneier on Security

Friday Squid Blogging: Vegan Squid-Ink Pasta

It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered...

On the Insecurity of Software Bloat
From Schneier on Security

On the Insecurity of Software Bloat

Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected...

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms
From Schneier on Security

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s...

Molly White Reviews Blockchain Book
From Schneier on Security

Molly White Reviews Blockchain Book

Molly White—of “Web3 is Going Just Great” fame—reviews Chris Dixon’s blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails...

On Passkey Usability
From Schneier on Security

On Passkey Usability

Matt Burgess tries to only use passkeys. The results are mixed.

Friday Squid Blogging: A Penguin Named “Squid”
From Schneier on Security

Friday Squid Blogging: A Penguin Named “Squid”

Amusing story about a penguin named “Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read...

No, Toothbrushes Were Not Used in a Massive DDoS Attack
From Schneier on Security

No, Toothbrushes Were Not Used in a Massive DDoS Attack

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking...

On Software Liabilities
From Schneier on Security

On Software Liabilities

Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability...

Teaching LLMs to Be Deceptive
From Schneier on Security

Teaching LLMs to Be Deceptive

Interesting research: “Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training“: Abstract: Humans are capable of strategically deceptive behavior...

Deepfake Fraud
From Schneier on Security

Deepfake Fraud

A deepfake video conference call—with everyone else on the call a fake—fooled a finance worker into sending $25M to the criminals’ account.
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account