incentives – WindowsTechs.com

Microsoft and Security Incentives

Posted on April 23, 2024 by Bruce Schneier

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft:

Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

[…]

“The government needs to focus on encouraging and catalyzing competition,” Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up…

Continue reading Microsoft and Security Incentives→

Australia Increases Fines for Massive Data Breaches

Posted on October 26, 2022 by Bruce Schneier

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. (That’s $50 million AUD, or $32 million USD.)
This i… Continue reading Australia Increases Fines for Massive Data Breaches→

On Vulnerability-Adjacent Vulnerabilities

Posted on February 15, 2021 by Bruce Schneier

At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article:

Soon after they were spotted, the researchers saw one exploit being used in the wild. Microsoft issued a patch and fixed the flaw, sort of. In September 2019, another similar vulnerability was found being exploited by the same hacking group.

More discoveries in November 2019, January 2020, and April 2020 added up to at least five zero-day vulnerabilities being exploited from the same bug class in short order. Microsoft issued multiple security updates: some failed to actually fix the vulnerability being targeted, while others required only slight changes that required just a line or two to change in the hacker’s code to make the exploit work again…

Continue reading On Vulnerability-Adjacent Vulnerabilities→

Hacking Apple for Profit

Posted on October 12, 2020 by Bruce Schneier

Five researchers hacked Apple Computer’s networks — not their products — and found fifty-five vulnerabilities. So far, they have received $289K.
One of the worst of all the bugs they found would have allowed criminals to create a worm… Continue reading Hacking Apple for Profit→

Programmers Who Don’t Understand Security Are Poor at Security

Posted on March 27, 2019 by Bruce Schneier

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they’re not going to do a very good job at it. In an experiment that involved 43 programmers hired via the … Continue reading Programmers Who Don’t Understand Security Are Poor at Security→

Programmers Who Don’t Understand Security Are Poor at Security

Posted on March 27, 2019 by Bruce Schneier

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they’re not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers tend to take the easy… Continue reading Programmers Who Don’t Understand Security Are Poor at Security→

EU Offering Bug Bounties on Critical Open-Source Software

Posted on January 9, 2019 by Bruce Schneier

The EU is offering "bug bounties on Free Software projects that the EU institutions rely on." Slashdot thread…. Continue reading EU Offering Bug Bounties on Critical Open-Source Software→

A Tesla Is Not Just a Car for Elon Musk’s Superfans

Posted on July 20, 2018 by Tracey Lindeman

As electric-vehicle rebates dry up, would-be Tesla owners are facing an existential crisis. Continue reading A Tesla Is Not Just a Car for Elon Musk’s Superfans→

A Tesla Is Not Just a Car for Elon Musk’s Superfans

Posted on July 20, 2018 by Tracey Lindeman

As electric-vehicle rebates dry up, would-be Tesla owners are facing an existential crisis. Continue reading A Tesla Is Not Just a Car for Elon Musk’s Superfans→

NSA Collects MS Windows Error Information

Posted on August 1, 2017 by Bruce Schneier

Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports: One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft’s Windows. Every user of the operating system is familiar with the annoying window that occasionally pops… Continue reading NSA Collects MS Windows Error Information→