SSL and internet security news

books

Auto Added by WPeMatico

Applied Cryptography is Banned in Oregon Prisons

My Applied Cryptography is on a list of books banned in Oregon prisons. It’s not me — and it’s not cryptography — it’s that the prisons ban books that teach people to code. The subtitle is “Algorithms, Protocols, and Source Code in C” — and that’s the reason.

My more recent Cryptography Engineering is a much better book for prisoners, anyway.

Powered by WPeMatico

Click Here to Kill Everybody Available as an Audiobook

Click Here to Kill Everybody is finally available on Audible.com. I have ten download codes. Not having anything better to do with them, here they are:

  1. HADQSSFC98WCQ
  2. LDLMC6AJLBDJY
  3. YWSY8CXYMQNJ6
  4. JWM7SGNUXX7DB
  5. UPKAJ6MHB2LEF
  6. M85YN36UR926H
  7. 9ULE4NFAH2SLF
  8. GU7A79GSDCXAT
  9. 9K8Q4RX6DKL84
  10. M92GB246XY7JN

Congratulations to the first ten people to try to use them.

Powered by WPeMatico

Click Here to Kill Everybody News

My latest book is doing well. And I’ve been giving lots of talks and interviews about it. (I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer.) My book talk at Google is also available.

The Audible version was delayed for reasons that were never adequately explained to me, but it’s finally out.

I still have signed copies available. Be aware that this is both slower and more expensive than online bookstores.

Powered by WPeMatico

Click Here to Kill Everybody Reviews and Press Mentions

It’s impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin.

I’ve also done a bunch of interviews — either written or radio/podcast — including the Washington Post, a Reddit AMA, “The 1A ” on NPR, Security Ledger, MIT Technology Review, CBC Radio, and WNYC Radio.

There have been others — like the Lawfare, Cyberlaw, and Hidden Forces podcasts — but they haven’t been published yet. I also did a book talk at Google that should appear on YouTube soon.

If you’ve bought and read the book, thank you. Please consider leaving a review on Amazon.

Powered by WPeMatico

New Book Announcement: Click Here to Kill Everybody

I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security.

I argue that this changes everything about security. Attacks are no longer just about data, they now affect life and property: cars, medical devices, thermostats, power plants, drones, and so on. All of our security assumptions assume that computers are fundamentally benign. That, no matter how bad the breach or vulnerability is, it’s just data. That’s simply not true anymore. As automation, autonomy, and physical agency become more prevalent, the trade-offs we made for things like authentication, patching, and supply chain security no longer make any sense. The things we’ve done before will no longer work in the future.

This is a book about technology, and it’s also a book about policy. The regulation-free Internet that we’ve enjoyed for the past decades will not survive this new, more dangerous, world. I fear that our choice is no longer between government regulation and no government regulation; it’s between smart government regulation and stupid regulation. My aim is to discuss what a regulated Internet might look like before one is thrust upon us after a disaster.

Click Here to Kill Everybody is available starting today. You can order a copy from Amazon, Barnes & Noble, Books-a-Million, Norton’s webpage, or anyplace else books are sold. If you’re going to buy it, please do so this week. First-week sales matter in this business.

Reviews so far from the Financial Times, Nature, and Kirkus.

Powered by WPeMatico

Three of My Books Are Available in DRM-Free E-Book Format

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they’re all DRM-free.

Even better, a portion of the proceeds goes to the EFF. As a board member, I’ve seen the other side of this. It’s significant money.

Powered by WPeMatico

Susan Landau’s New Book: Listening In

Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It’s based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to — and can — adjust to the new realities. The book is as accessible to techies and non-techies alike, and is strongly recommended.

And if you’ve already read it, give it a review on Amazon. Reviews sell books, and this one needs more of them.

Powered by WPeMatico

Daniel Miessler on My Writings about IoT Security

Daniel Miessler criticizes my writings about IoT security:

I know it’s super cool to scream about how IoT is insecure, how it’s dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it’s fun to be invited to talk about how everything is doom and gloom.

I absolutely respect Bruce Schneier a lot for what he’s contributed to InfoSec, which makes me that much more disappointed with this kind of position from him.

InfoSec is full of those people, and it’s beneath people like Bruce to add their voices to theirs. Everyone paying attention already knows it’s going to be a soup sandwich — a carnival of horrors — a tragedy of mistakes and abuses of trust.

It’s obvious. Not interesting. Not novel. Obvious. But obvious or not, all these things are still going to happen.

I actually agree with everything in his essay. “We should obviously try to minimize the risks, but we don’t do that by trying to shout down the entire enterprise.” Yes, definitely.

I don’t think the IoT must be stopped. I do think that the risks are considerable, and will increase as these systems become more pervasive and susceptible to class breaks. And I’m trying to write a book that will help navigate this. I don’t think I’m the prophet of doom, and don’t want to come across that way. I’ll give the manuscript another read with that in mind.

Powered by WPeMatico