Communications of the ACM
Refine your search:
How fast can you validate UTF-8 strings in JavaScript?
When you recover textual content from the disk or from the network, you may expect it to be a Unicode string in UTF-8. It isContinue…
From Schneier on Security
Security Analysis of a Thirteenth-Century Venetian Election Protocol
Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that...
From Schneier on Security
The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying
Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap...
From Schneier on Security
Friday Squid Blogging: Strawberry Squid in the Galápagos
Scientists have found Strawberry Squid, “whose mismatched eyes help them simultaneously search for prey above and below them,” among the coral reefs in the Galápagos...
From Schneier on Security
AI Decides to Engage in Insider Trading
A stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First...
From Schneier on Security
Breaking Laptop Fingerprint Sensors
They’re not that good: Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware...
From Schneier on Security
Digital Car Keys Are Coming
Soon we will be able to unlock and start our cars from our phones. Let’s hope people are thinking about security.
From Schneier on Security
Secret White House Warrantless Surveillance Program
There seems to be no end to warrantless surveillance: According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than...
From Schneier on Security
Friday Squid Blogging: Squid Nebula
Pretty photograph. The Squid Nebula is shown in blue, indicating doubly ionized oxygen—which is when you ionize your oxygen once and then ionize it again justhere...
From Schneier on Security
Chocolate Swiss Army Knife
It’s realistic looking. If I drop it in a bin with my keys and wallet, will the TSA confiscate it?
From Schneier on Security
LitterDrifter USB Worm
A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond. The group—known by many names, including Gamaredon, Primitive Bear, ACTINIUM...
From Schneier on Security
Apple to Add Manual Authentication to iMessage
Signal has had the ability to manually authenticate another account for years. iMessage is getting it: The feature is called Contact Key Verification, and it does...
From Schneier on Security
Email Security Flaw Found in the Wild
Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has...
From Schneier on Security
Using Generative AI for Surveillance
Generative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it...
From Schneier on Security
Friday Squid Blogging: Unpatched Vulnerabilities in the Squid Caching Proxy
In a rare squid/security post, here’s an article about unpatched vulnerabilities in the Squid caching proxy. As usual, you can also use this squid post to talkhere...
From Schneier on Security
Ransomware Gang Files SEC Complaint
A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This...
From Schneier on Security
Leaving Authentication Credentials in Public Code
Seth Godin wrote an article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software...
From Schneier on Security
New SSH Vulnerability
This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH...
From Schneier on Security
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page...
From Schneier on Security
How .tk Became a TLD for Scammers
Sad story of Tokelau, and how its top-level domain “became the unwitting host to the dark underworld by providing a never-ending supply of domain names that could...
From Schneier on Security