Cybersecurity
Attack of the Killer Car Wash
Paul Rosenzweig Wed, Jul 26, 2017, 1:31 PM
The first proof of concept that allows an IoT device to physically attack someone.
Latest in Cybersecurity
Cybersecurity
On Kaspersky
Nicholas Weaver Tue, Jul 25, 2017, 2:39 PM
No government or defense contractor should use Kaspersky Lab products.
Cybersecurity
Rediscovering Vulnerabilities
Trey Herr, Bruce Schneier Fri, Jul 21, 2017, 11:30 AM
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.
Cybersecurity and Deterrence
On Cooperating with Bad Actors in Cyberspace
Herb Lin Mon, Jul 17, 2017, 10:30 AM
What are the subjects, if any, on which cyber cooperation is not a bad idea?
The Russia Connection
Is It A Crime?: Russian Election Meddling and Accomplice Liability Under the Computer Fraud and Abuse Act
Helen Klein Murillo, Susan Hennessey Thu, Jul 13, 2017, 10:24 AM
Amid a bad news week for the Trump team, a new lawsuit highlight an under-explored theory of possible criminal liability: violation of the Computer Fraud and Abuse Act.
Cybersecurity
Cyber Cooperation with Bad Actors is Always a Bad Idea
Paul Rosenzweig Tue, Jul 11, 2017, 12:24 PM
Trump's proposal to work with the Russians on cybersecurity was a bad idea. In the spirit of "calling balls and strikes" this isn't the first time American leaders have had that type of idea and it was bad the last time it was proposed too.
Cybersecurity
Moving Forward on Cyber Norms, Domestically
Ashley Deeks Mon, Jul 10, 2017, 1:10 PM
In the wake of a recent failure to reach international consensus on the application of international law to cyber activities, the United States should seek to shape norms unilaterally by continuing to assertively investigate and indict individuals—including state actors—who engage in cyber activities that the U.S. Government ultimately would like to see the international community characterize as wrongful.
Cybersecurity
The UN GGE Failed. Is International Law in Cyberspace Doomed As Well?
Arun Mohan Sukumar Tue, Jul 4, 2017, 1:51 PM
The UN Group of Governmental Experts—tasked with developing a “common understanding” of how states should behave in cyberspace—failed last week. But is international law in cyberspace really dead at the hands of the GGE?
Cybersecurity
Thoughts on the NotPetya Ransomware Attack
Nicholas Weaver Wed, Jun 28, 2017, 4:16 PM
The most recent ransomware attack, which spread across Europe, the United States, and Asia yesterday, represents a chilling evolution in the worm-as-weapon.
Encryption
Ending The Endless Crypto Debate: Three Things We Should Be Arguing About Instead of Encryption Backdoors
Kevin Bankston Wed, Jun 14, 2017, 1:00 PM
Recently I participated in a fascinating conference at Georgia Tech entitled “Surveillance, Privacy, and Data Across Borders: Trans-Atlantic Perspectives.” A range of experts grappled with the international aspects of an increasingly pressing question: how can we ensure that law enforcement is able to obtain enough information to do its job in the twenty-first century, while also ensuring that digital security and human rights are protected?