Triton
Good article on the Triton malware which targets industrial control systems.
CAs Reissue Over One Million Weak Certificates
Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to...
Friday Squid Blogging: A Squid-Related Vacation Tour in Hawaii
You can hunt for the Hawaiian bobtail squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
I Was Cited in a Court Decision
An article I co-wrote -- my first law journal article -- was cited by the Massachusetts Supreme Judicial Court -- the state supreme court -- in a case on compelled decryption.
Here's the first, in footnote 1:
We understand the word...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I'm teaching a live online class called "Spotlight on Cloud: The Future of Internet Security with Bruce Schneier" on O'Reilly's learning platform, Thursday, April 4, at...
Critical Flaw in Swiss Internet Voting System
Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should never be attempted -- and that...
DARPA Is Developing an Open-Source Voting System
This sounds like a good development:
...a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.
The first-of-its-kind system...
Judging Facebook’s Privacy Shift
Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot...
On Surveillance in the Workplace
Data & Society just published a report entitled "Workplace Monitoring & Surveillance":
This explainer highlights four broad trends in employee monitoring and surveillance technologies:
Prediction and flagging tools that aim to predict characteristics or behaviors of employees or that are designed...
Russia Is Testing Online Voting
This is a bad idea:
A second innovation will allow "electronic absentee voting" within voters' home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that...
Friday Squid Blogging: Squid Proteins Can Be an Alternative to Plastic
Is there anything squids aren't good for?
Academic paper.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Videos and Links from the Public-Interest Technology Track at the RSA Conference
Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. (Video here).
I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you...
Cybersecurity Insurance Not Paying for NotPetya Losses
This will complicate things:
To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya...
Detecting Shoplifting Behavior
This system claims to detect suspicious behavior that indicates shoplifting:
Vaak, a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body language.
The article...
Letterlocking
Really good article on the now-lost art of letterlocking.
Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack
Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night.
The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
Glitch exposes Sprint customer data to other users
A bug
has allowed some Sprint customers to see the personal data of other customers from
their online accounts.
The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...
6 Ways Mature DevOps Teams Are Killing It in Security
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled
Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…
Old Tech Spills Digital Dirt on Past Owners
Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.
