I wrote about the Spectre and Meltdown attacks for CNN and my blog.
Bruce Schneier is a security technologist. He is the author of 14 books—including "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World"—as well as hundreds of articles, essays, and academic papers. His newsletter “Crypto-Gram” and blog “Schneier on Security” are read by over 250,000 people. Schneier is a fellow and lecturer at Harvard Kennedy School a fellow at the Berkman-Klein Center for Internet and Society, a board member of the Electronic Frontier Foundation and Access Now, and a Special Advisor to IBM Security.
Subscribe to this Lawfare contributor via RSS.
Some revisions to our recent paper on the rediscovery of software vulnerabilities.
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.
There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is.
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet.
Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded. This points to the possibility of an even worse problem in November—that our election systems and our voting machines could be vulnerable to a similar attack.