Cybersecurity
On Spectre and Meltdown
Bruce Schneier Fri, Jan 5, 2018, 3:38 PM
I wrote about the Spectre and Meltdown attacks for CNN and my blog.
Bruce Schneier is a security technologist. He is the author of 14 books—including "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World"—as well as hundreds of articles, essays, and academic papers. His newsletter “Crypto-Gram” and blog “Schneier on Security” are read by over 250,000 people. Schneier is a fellow and lecturer at Harvard Kennedy School a fellow at the Berkman-Klein Center for Internet and Society, a board member of the Electronic Frontier Foundation and Access Now, and a Special Advisor to IBM Security.
Subscribe to this Lawfare contributor via RSS.
Cybersecurity
What You See Is What You Get: Revisions to Our Paper on Estimating Vulnerability Rediscovery
Trey Herr, Bruce Schneier Thu, Jul 27, 2017, 3:18 PM
Some revisions to our recent paper on the rediscovery of software vulnerabilities.
Cybersecurity
Rediscovering Vulnerabilities
Trey Herr, Bruce Schneier Fri, Jul 21, 2017, 11:30 AM
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.
Secrecy & Leaks
Who Is Publishing NSA and CIA Secrets, and Why?
Bruce Schneier Thu, Apr 27, 2017, 9:39 AM
There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is.
Cybersecurity
Someone Is Learning How to Take Down the Internet
Bruce Schneier Tue, Sep 13, 2016, 10:00 AM
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet.
Campaign 2016
By November, Russian Hackers Could Target Voting Machines
Bruce Schneier Thu, Jul 28, 2016, 9:33 AM
Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded. This points to the possibility of an even worse problem in November—that our election systems and our voting machines could be vulnerable to a similar attack.
Cybersecurity
Security or Surveillance?
Bruce Schneier Mon, Feb 1, 2016, 1:01 PM
Current debates on Going Dark don't ask that we choose between security and privacy; they present a choice between less security and more security.