Communications of the ACM
Refine your search:
How the “Frontier” Became the Slogan of Uncontrolled AI
Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration …
From Schneier on Security
Device Code Phishing
This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized...
From Schneier on Security
Story About Medical Device Security
Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it...
From Schneier on Security
Atlas of Surveillance
The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US.
From Schneier on Security
Friday Squid Blogging: Squid the Care Dog
The Vanderbilt University Medical Center has a pediatric care dog named “Squid.” Blog moderation policy.
From Schneier on Security
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025...
From Schneier on Security
AI and Civil Service Purges
Donald Trump and Elon Musk’s chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers...
From Schneier on Security
DOGE as a National Cyberattack
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack...
From Schneier on Security
Delivering Malware Through Abandoned Amazon S3 Buckets
Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These...
From Schneier on Security
Trusted Encryption Environments
Really good—and detailed—survey of Trusted Encryption Environments (TEEs.)
From Schneier on Security
Pairwise Authentication of Humans
Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk...
From Schneier on Security
UK is Ordering Apple to Break its Own Encryption
The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring...
From Schneier on Security
Friday Squid Blogging: The Colossal Squid
Long article on the colossal squid. Blog moderation policy.
From Schneier on Security
Screenshot-Reading Malware
Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library,...
From Schneier on Security
AIs and Robots Should Sound Robotic
Most people know that robots no longer sound like tinny trash cans. They sound like Siri, Alexa, and Gemini. They sound like the voices in labyrinthine customer...
From Schneier on Security
On Generative AI Security
Microsoft’s AI Red Team just published “Lessons from Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in...
From Schneier on Security
Deepfakes and the 2024 US Election
Interesting analysis: We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project (source for our analysis), which tracked known...
From Schneier on Security
Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware
This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were...
From Schneier on Security
Friday Squid Blogging: On Squid Brains
Interesting. Blog moderation policy.
From Schneier on Security
Fake Reddit and WeTransfer Sites are Pushing Malware
There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit...
From Schneier on Security