Sign In

Communications of the ACM

Blogroll



Click Here to Kill Everybody Sale
From Schneier on Security

Click Here to Kill Everybody Sale

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. Note that I have had occasional problems...

Upcoming Speaking Engagements
From Schneier on Security

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking (online) as part of Western Washington University’s Internet Studies Lecture Series...

Finding the Location of Telegram Users
From Schneier on Security

Finding the Location of Telegram Users

Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using...

On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security
From Schneier on Security

On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security

Smart commentary: …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile...

Cloning Google Titan 2FA keys
From Schneier on Security

Cloning Google Titan 2FA keys

This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which...

Changes in WhatsApp’s Privacy Policy
From Schneier on Security

Changes in WhatsApp’s Privacy Policy

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. In 2016, WhatsApp gave users a one-time ability...

Russia’s SolarWinds Attack and Software Security
From Schneier on Security

Russia’s SolarWinds Attack and Software Security

The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming...

APT Horoscope
From Schneier on Security

APT Horoscope

This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness...

Extracting Personal Information from Large Language Models Like GPT-2
From Schneier on Security

Extracting Personal Information from Large Language Models Like GPT-2

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the...

Backdoor in Zyxel Firewalls and Gateways
From Schneier on Security

Backdoor in Zyxel Firewalls and Gateways

This is bad: More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers...

Latest on the SVR’s SolarWinds Hack
From Schneier on Security

Latest on the SVR’s SolarWinds Hack

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). ...

Friday Squid Blogging: China Launches Six New Squid Jigging Vessels
From Schneier on Security

Friday Squid Blogging: China Launches Six New Squid Jigging Vessels

From Pingtan Marine Enterprise: The 6 large-scale squid jigging vessels are normally operating vessels that returned to China earlier this year from the waters...

Friday Squid Blogging: Searching for Giant Squid by Collecting Environmental DNA
From Schneier on Security

Friday Squid Blogging: Searching for Giant Squid by Collecting Environmental DNA

The idea is to collect and analyze random DNA floating around the ocean, and using that to figure out where the giant squid are. No one is sure if this will actually...

Military Cryptanalytics, Part III
From Schneier on Security

Military Cryptanalytics, Part III

The NSA has just declassified and released a redacted version of Military Cryptanalytics, Part III, by Lambros D. Callimahos, October 1977. Parts I and II, by Lambros...

Amazon Has Trucks Filled with Hard Drives and an Armed Guard
From Schneier on Security

Amazon Has Trucks Filled with Hard Drives and an Armed Guard

From an interview with an Amazon Web Services security engineer: So when you use AWS, part of what you’re paying for is security. Right; it’s part of what we sell...

Brexit Deal Mandates Old Insecure Crypto Algorithms
From Schneier on Security

Brexit Deal Mandates Old Insecure Crypto Algorithms

In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension...

On the Evolution of Ransomware
From Schneier on Security

On the Evolution of Ransomware

Good article on the evolution of ransomware: Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others...

Russia’s SolarWinds Attack
From Schneier on Security

Russia’s SolarWinds Attack

Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack...

How China Uses Stolen US Personnel Data
From Schneier on Security

How China Uses Stolen US Personnel Data

Interesting analysis of China’s efforts to identify US spies: By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated...
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account