computersecurity – WindowsTechs.com

Mapping Security and Privacy Research across the Decades

Posted on October 24, 2019 by Bruce Schneier

This is really interesting: "A Data-Driven Reflection on 36 Years of Security and Privacy Research," by Aniqua Baset and Tamara Denning: Abstract: Meta-research—research about research—allows us, as a community, to examine trends in our research and make informed decisions regarding the course of our future research activities. Additionally, overviews of past research are particularly useful for researchers or conferences new… Continue reading Mapping Security and Privacy Research across the Decades→

Measuring the Security of IoT Devices

Posted on October 3, 2019 by Bruce Schneier

In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases) […] This dataset contains products such as home routers, enterprise equipment, smart… Continue reading Measuring the Security of IoT Devices→

Measuring the Security of IoT Devices

Posted on October 3, 2019 by Bruce Schneier

Attacking the Intel Secure Enclave

Posted on August 30, 2019 by Bruce Schneier

Attacking the Intel Secure Enclave

Posted on August 30, 2019 by Bruce Schneier

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that’s not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn’t imagine that they would be necessary. The results are predictable. The paper:… Continue reading Attacking the Intel Secure Enclave→

Lessons Learned Trying to Secure Congressional Campaigns

Posted on June 5, 2019 by Bruce Schneier

Really interesting first-hand experience from Maciej Cegłowski…. Continue reading Lessons Learned Trying to Secure Congressional Campaigns→

Personal Data Left on Used Laptops

Posted on March 26, 2019 by Bruce Schneier

A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. Simson Garfinkel performed the same experiment in 2003, with similar results…. Continue reading Personal Data Left on Used Laptops→

Evaluating the GCHQ Exceptional Access Proposal

Posted on January 18, 2019 by Bruce Schneier

The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI — and some of their peer agencies in the UK, Australia, and elsewhere — argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems susceptible to government eavesdropping. Sometimes… Continue reading Evaluating the GCHQ Exceptional Access Proposal→

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Posted on September 20, 2018 by Bruce Schneier

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It’s a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it’s the result of a security mistake in the design process. Someone didn’t think the security through, and the result is a voter-verifiable paper audit trail that doesn’t provide the security… Continue reading Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer→

James Mickens on the Current State of Computer Security

Posted on August 20, 2018 by Bruce Schneier

James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security — racism, sexism, etc. — and the problems with machine learning and the Internet. Worth watching…. Continue reading James Mickens on the Current State of Computer Security→