Sign In

Communications of the ACM

Blogroll



IoT Security Principles
From Schneier on Security

IoT Security Principles

The BSA -- also known as the Software Alliance, formerly the Business Software Alliance -- is an industry lobbying group. They just published "Policy Principles...

ThiefQuest Ransomware for the Mac
From Schneier on Security

ThiefQuest Ransomware for the Mac

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected: For your Mac to become infected, you would need to torrent a compromised...

Friday Squid Blogging: Strawberry Squid
From Schneier on Security

Friday Squid Blogging: Strawberry Squid

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.....

Hacked by Police
From Schneier on Security

Hacked by Police

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models...

The Security Value of Inefficiency
From Schneier on Security

The Security Value of Inefficiency

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient...

Securing the International IoT Supply Chain
From Schneier on Security

Securing the International IoT Supply Chain

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic...

Android Apps Stealing Facebook Credentials
From Schneier on Security

Android Apps Stealing Facebook Credentials

Google has removed 25 Android apps from its store because they steal Facebook credentials: Before being taken down, the 25 apps were collectively downloaded more...

iPhone Apps Stealing Clipboard Data
From Schneier on Security

iPhone Apps Stealing Clipboard Data

iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March...

Friday Squid Blogging: Fishing for Jumbo Squid
From Schneier on Security

Friday Squid Blogging: Fishing for Jumbo Squid

Interesting article on the rise of the jumbo squid industry as a result of climate change. As usual, you can also use this squid post to talk about the security...

The Unintended Harms of Cybersecurity
From Schneier on Security

The Unintended Harms of Cybersecurity

Interesting research: "Identifying Unintended Harms of Cybersecurity Countermeasures": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures...

Analyzing IoT Security Best Practices
From Schneier on Security

Analyzing IoT Security Best Practices

New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet...

COVID-19 Risks of Flying
From Schneier on Security

COVID-19 Risks of Flying

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane...

Cryptocurrency Pump and Dump Scams
From Schneier on Security

Cryptocurrency Pump and Dump Scams

Really interesting research: "An examination of the cryptocurrency pump and dump ecosystem": Abstract: The surge of interest in cryptocurrencies has been accompanied...

Nation-State Espionage Campaigns against Middle East Defense Contractors
From Schneier on Security

Nation-State Espionage Campaigns against Middle East Defense Contractors

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about "several hints suggesting a possible link" to...

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs
From Schneier on Security

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI...

Friday Squid Blogging: Giant Squid Washes Up on South African Beach
From Schneier on Security

Friday Squid Blogging: Giant Squid Washes Up on South African Beach

Fourteen feet long and 450 pounds. It was dead before it washed up. As usual, you can also use this squid post to talk about the security stories in the news that...

Security and Human Behavior (SHB) 2020
From Schneier on Security

Security and Human Behavior (SHB) 2020

Today is the second day of the thirteenth Workshop on Security and Human Behavior. It's being hosted by the University of Cambridge, which in today's world means...

New Hacking-for-Hire Company in India
From Schneier on Security

New Hacking-for-Hire Company in India

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India. Key Findings: Dark Basin is a hack-for-hire group that has targeted thousands...

Theft of CIA's "Vault Seven" Hacking Tools Due to Its Own Lousy Security
From Schneier on Security

Theft of CIA's "Vault Seven" Hacking Tools Due to Its Own Lousy Security

The Washington Post is reporting on an internal CIA report about its "Vault 7" security breach: The breach -- allegedly committed by a CIA employee -- was discovered...
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account