What’s worrisome about the fight between the Russian government and the Telegram messaging app.
Bruce Schneier is a security technologist. He is the author of 14 books—including "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World"—as well as hundreds of articles, essays, and academic papers. His newsletter “Crypto-Gram” and blog “Schneier on Security” are read by over 250,000 people. Schneier is a fellow and lecturer at Harvard Kennedy School a fellow at the Berkman-Klein Center for Internet and Society, a board member of the Electronic Frontier Foundation and Access Now, and a Special Advisor to IBM Security.
Subscribe to this Lawfare contributor via RSS.
Earlier this month, researchers disclosed vulnerabilities in a large number of encrypted email clients. The case teaches us some important lessons about security vulnerabilities in general and email security in particular.
I wrote about the Spectre and Meltdown attacks for CNN and my blog.
Some revisions to our recent paper on the rediscovery of software vulnerabilities.
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.
There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is.