acm-header
Sign In

Communications of the ACM

Blogroll


bg-corner

Dan Solove on Privacy Regulation
From Schneier on Security

Dan Solove on Privacy Regulation

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and...

Microsoft and Security Incentives
From Schneier on Security

Microsoft and Security Incentives

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft...

Using Legitimate GitHub URLs for Malware
From Schneier on Security

Using Legitimate GitHub URLs for Malware

Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft...

Friday Squid Blogging: Squid Trackers
From Schneier on Security

Friday Squid Blogging: Squid Trackers

A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights. As usual, you can also use this squid post...

Other Attempts to Take Over Open Source Projects
From Schneier on Security

Other Attempts to Take Over Open Source Projects

After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross...

Using AI-Generated Legislative Amendments as a Delaying Technique
From Schneier on Security

Using AI-Generated Legislative Amendments as a Delaying Technique

Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many different legislative...

X.com Automatically Changing Link Text but Not URLs
From Schneier on Security

X.com Automatically Changing Link Text but Not URLs

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain...

New Lattice Cryptanalytic Technique
From Schneier on Security

New Lattice Cryptanalytic Technique

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms...

Upcoming Speaking Engagements
From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking twice at RSA Conference 2024 in San Francisco. I’ll be on a panel on software liability...

Friday Squid Blogging: The Awfulness of Squid Fishing Boats
From Schneier on Security

Friday Squid Blogging: The Awfulness of Squid Fishing Boats

It’s a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting...

Smuggling Gold by Disguising it as Machine Parts
From Schneier on Security

Smuggling Gold by Disguising it as Machine Parts

Someone got caught trying to smuggle 322 pounds of gold (that’s about 1/4 of a cubic foot) out of Hong Kong. It was disguised as machine parts: On March 27, customs...

Backdoor in XZ Utils That Almost Happened
From Schneier on Security

Backdoor in XZ Utils That Almost Happened

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t...

In Memoriam: Ross Anderson, 1956-2024
From Schneier on Security

In Memoriam: Ross Anderson, 1956-2024

Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version.

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack
From Schneier on Security

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack that From the executive summary: The...

Security Vulnerability of HTML Emails
From Schneier on Security

Security Vulnerability of HTML Emails

This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer...

Friday Squid Blogging: SqUID Bots
From Schneier on Security

Friday Squid Blogging: SqUID Bots

They’re AI warehouse robots. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting...

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed
From Schneier on Security

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh...

Surveillance by the New Microsoft Outlook App
From Schneier on Security

Surveillance by the New Microsoft Outlook App

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a...

xz Utils Backdoor
From Schneier on Security

xz Utils Backdoor

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally...

Declassified NSA Newsletters
From Schneier on Security

Declassified NSA Newsletters

Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003. There are...
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account