nationalsecuritypolicy – WindowsTechs.com

Cory Doctorow on The Age of Surveillance Capitalism

Posted on August 27, 2020 by Bruce Schneier

Cory Doctorow has writtten an extended rebuttal of The Age of Surveillance Capitalism by Shoshana Zuboff. He summarized the argument on Twitter. Shorter summary: it’s not the surveillance part, it’s the fact that these companies are monopolies. I think it’s both. Surveillance capitalism has some unique properties that make it particularly unethical and incompatible with a free society, and Zuboff… Continue reading Cory Doctorow on The Age of Surveillance Capitalism→

UAE Hack and Leak Operations

Posted on August 13, 2020 by Bruce Schneier

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" – deliberate attempts to direct moral judgement against their target. Although "hacking" tools enable easy access to secret information,… Continue reading UAE Hack and Leak Operations→

Collecting and Selling Mobile Phone Location Data

Posted on August 11, 2020 by Bruce Schneier

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that’s used by "more than 500 mobile applications." Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The… Continue reading Collecting and Selling Mobile Phone Location Data→

On the Twitter Hack

Posted on July 20, 2020 by Bruce Schneier

Twitter was hacked this week. Not a few people’s Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter’s system administrators. Those are the people trusted to ensure that Twitter functions smoothly. The hacker used that access to send tweets from a variety of popular and trusted accounts,… Continue reading On the Twitter Hack→

Analyzing IoT Security Best Practices

Posted on June 25, 2020 by Bruce Schneier

New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. We explore not the failure… Continue reading Analyzing IoT Security Best Practices→

Analyzing IoT Security Best Practices

Posted on June 25, 2020 by Bruce Schneier

Examining the US Cyber Budget

Posted on June 15, 2020 by Bruce Schneier

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall g… Continue reading Examining the US Cyber Budget→

Examining the US Cyber Budget

Posted on June 15, 2020 by Bruce Schneier

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5 percent above the fiscal 2019 estimate. However, federal cybersecurity spending on… Continue reading Examining the US Cyber Budget→

AI and Cybersecurity

Posted on May 19, 2020 by Bruce Schneier

Ben Buchanan has written "A National Security Research Agenda for Cybersecurity and Artificial Intelligence." It’s really good — well worth reading…. Continue reading AI and Cybersecurity→

US Government Exposes North Korean Malware

Posted on May 14, 2020 by Bruce Schneier

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. The first of the new malware variants, COPPERHEDGE, is described as a Remote Access Tool (RAT) "used by advanced persistent threat (APT) cyber actors in the targeting of cryptocurrency exchanges and related entities." This RAT is known… Continue reading US Government Exposes North Korean Malware→