Advertisement

Author Archives

News

In Memoriam: Ross Anderson, 1956-2024

A researcher, author, and industry consultant in security engineering, Anderson also was a professor of Security Engineering at the Department of Computer Science and Technology of the U.K.'s University of Cambridge.
Opinion

The Psychology of Security

The information security literature is filled with risk pathologies, heuristics that we use to help us evaluate risks. I’ve collected them from many different sources. When you look over the list of exaggerated and downplayed risks in the table here, the most remarkable thing is how reasonable so many of them seem. This makes sense […]
Opinion

Risks of Third-Party Data

Recent reports of personal information theft are coming in torrents. Criminals are known to have downloaded the personal credit information of over 145,000 individuals from ChoicePoint’s network. Hackers took over one of the LexisNexis databases, gaining access to personal files of 32,000 people. Bank of America Corp. lost computer data tapes that contained personal information […]
Opinion

Two-Factor Authentication: Too Little, Too Late

Two-factor authentication isn’t our savior. It won’t defend against phishing. It’s not going to prevent identity theft. It’s not going to secure online accounts from fraudulent transactions. It solves the security problems we had 10 years ago, not the security problems we have today. The problem with passwords is that it is too easy to […]
Opinion

The Nonsecurity of Secrecy

Considerable confusion exists between the different concepts of secrecy and security, which often causes bad security and surprising political arguments. Secrecy usually contributes only to a false sense of security. In June 2004, the U.S. Department of Homeland Security urged regulators to keep network outage information secret. The Federal Communications Commission requires telephone companies to […]
Opinion

Insider Risks in Elections

Many discussions of voting systems and their relative integrity have been primarily technical, focusing on the difficulty of attacks and defenses. This is only half of the equation: it’s not enough to know how much it might cost to rig an election by attacking voting systems; we also need to know how much it would […]

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved