history of security – WindowsTechs.com

Steve Bellovin’s Retirement Talk

Posted on November 20, 2024 by Bruce Schneier

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.
Continue reading Steve Bellovin’s Retirement Talk→

Good Essay on the History of Bad Password Policies

Posted on November 15, 2024 by Bruce Schneier

Stuart Schechter makes some good points on the history of bad password policies:

Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistakes that would impede future progress in improving passwords for decades.

First, was Morris and Thompson’s confidence that their solution, a password policy, would fix the underlying problem of weak passwords. They incorrectly assumed that if they prevented the specific categories of weakness that they had noted, that the result would be something strong. After implementing a requirement that password have multiple characters sets or more total characters, they wrote:…

Continue reading Good Essay on the History of Bad Password Policies→

List of Old NSA Training Videos

Posted on September 3, 2024 by Bruce Schneier

The NSA’s “National Cryptographic School Television Catalogue” from 1991 lists about 600 COMSEC and SIGINT training videos.
There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have ne… Continue reading List of Old NSA Training Videos→

Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

Posted on August 29, 2024 by Bruce Schneier

The “long lost lecture” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.)

It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person.

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.

… Continue reading Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published→

Brett Solomon on Digital Rights

Posted on July 19, 2024 by Bruce Schneier

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. He’s written a blog post about what he’s learned and what comes next.
Continue reading Brett Solomon on Digital Rights→

The NSA Has a Long-Lost Lecture by Adm. Grace Hopper

Posted on July 12, 2024 by Bruce Schneier

The NSA has a video recording of a 1982 lecture by Adm. Grace Hopper titled “Future Possibilities: Data, Hardware, Software, and People.” The agency is (so far) refusing to release it.

Basically, the recording is in an obscure video format. People at the NSA can’t easily watch it, so they can’t redact it. So they won’t do anything.

With digital obsolescence threatening many early technological formats, the dilemma surrounding Admiral Hopper’s lecture underscores the critical need for and challenge of digital preservation. This challenge transcends the confines of NSA’s operational scope. It is our shared obligation to safeguard such pivotal elements of our nation’s history, ensuring they remain within reach of future generations. While the stewardship of these recordings may extend beyond the NSA’s typical purview, they are undeniably a part of America’s national heritage…

Continue reading The NSA Has a Long-Lost Lecture by Adm. Grace Hopper→

Declassified NSA Newsletters

Posted on April 2, 2024 by Bruce Schneier

Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003.

There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted:

Applied Cryptography, for those who don’t read the internet news, is a book written by Bruce Schneier last year. According to the jacket, Schneier is a data security expert with a master’s degree in computer science. According to his followers, he is a hero who has finally brought together the loose threads of cryptography for the general public to understand. Schneier has gathered academic research, internet gossip, and everything he could find on cryptography into one 600-page jumble…

Continue reading Declassified NSA Newsletters→

The Story of the Mirai Botnet

Posted on January 16, 2024 by Bruce Schneier

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet.
Continue reading The Story of the Mirai Botnet→

Security Analysis of a Thirteenth-Century Venetian Election Protocol

Posted on December 6, 2023 by Bruce Schneier

Interesting analysis:

This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science. For example, it gives some opportunities to minorities while ensuring that more popular candidates are more likely to win, and offers some resistance to corruption of voters…

Continue reading Security Analysis of a Thirteenth-Century Venetian Election Protocol→

Spaf on the Morris Worm

Posted on November 7, 2023 by B. Schneier

Gene Spafford wrote an essay reflecting on the Morris Worm of 1988—thirty-five years ago. His lessons from then are still applicable today.
Continue reading Spaf on the Morris Worm→