Informations about SSL certificates and networks security
Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded. The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats … Read More “The Security of Our Election Systems” »
Disaster stories involving the Internet of Things are all the rage. They feature cars (both driven and driverless), the power grid, dams, and tunnel ventilation systems. A particularly vivid and realistic one, near-future fiction published last month in New York Magazine, described a cyberattack on New York that involved hacking of cars, the water system, … Read More “Real-World Security and the Internet of Things” »
Andrew “bunnie” Huang and Edward Snowden have designed a smartphone case that detects unauthorized transmissions by the phone. Paper. Three news articles. Looks like a clever design. Of course, it has to be outside the device; otherwise, it could be compromised along with the device. Note that this is still in the research design stage; … Read More “Detecting When a Smartphone Has Been Compromised” »
The Open Technology Institute of the New America Foundation has released a policy paper on the vulnerabilities equities process: “Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications.” Their policy recommendations: Minimize participation in the vulnerability black market. Establish strong, clear procedures for disclosure when it discovers and acquires … Read More “More on the Vulnerabilities Equities Process” »
The thing about infrastructure is that everyone uses it. If it’s secure, it’s secure for everyone. And if it’s insecure, it’s insecure for everyone. This forces some hard policy choices. When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was … Read More “The Democratization of Cyberattack” »
Scientists are attaching cameras to Humboldt squid to watch them communicate with each other. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
Over the next two weeks, I am speaking about my new book — Data and Goliath, if you’ve missed it — in New York, Boston, Washington, DC, Seattle, San Francisco, and Minneapolis. Stop by to get your book signed, or just to say hello. Powered by WPeMatico
In December, Google’s Executive Chairman Eric Schmidt was interviewed at the CATO Institute Surveillance Conference. One of the things he said, after talking about some of the security measures his company has put in place post-Snowden, was: “If you have important information, the safest place to keep it is in Google. And I can assure … Read More “Everyone Wants You To Have Security, But Not from Them” »
Glenn Greenwald, Laura Poitras, and Edward Snowden did an “Ask Me Anything” on Reddit. Point out anything interesting in the comments. And note that Snowden mentioned my new book: One of the arguments in a book I read recently (Bruce Schneier, “Data and Goliath”), is that perfect enforcement of the law sounds like a good … Read More “Snowden-Greenwald-Poitras AMA” »
New paper: “Surreptitiously Weakening Cryptographic Systems,” by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart. Abstract: Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses … Read More “"Surreptitiously Weakening Cryptographic Systems"” »