Schneier on Security

Introduction xi

1 Crime, Terrorism, Spying, and War
Cyberconflicts and National Security
Counterterrorism Mission Creep
Syrian Electronic Army Cyberattacks
The Limitations of Intelligence
Computer Network Exploitation vs Computer Network Attack
iPhone Encryption and the Return of the Crypto Wars
Attack Attribution and Cyber Conflict
Metal Detectors at Sports Stadiums
The Future of Ransomware

2 Travel and Security
Hacking Airplanes
Reassessing Airport Security 28

3 Internet of Things
Hacking Consumer Devices
Security Risks of Embedded Systems
Samsung Television Spies on Viewers
Volkswagen and Cheating Software
DMCA and the Internet of Things
Real-World Security and the Internet of Things
Lessons from the Dyn DDoS Attack
Regulation of the Internet of Things
Security and the Internet of Things
Botnets
IoT Cybersecurity: What’s Plan B? 70

4 Security and Technology
The NSA’s Cryptographic Capabilities
iPhone Fingerprint Authentication
The Future of Incident Response
Drone Self-Defense and the Law
Replacing Judgment with Algorithms
Class Breaks 87

5 Elections and Voting
Candidates Won’t Hesitate to Use Manipulative Advertising to Score Votes
The Security of Our Election Systems
Election Security
Hacking and the 2016 Presidential Election 96

6 Privacy and Surveillance
Restoring Trust in Government and the Internet
The NSA is Commandeering the Internet
Conspiracy Theories and the NSA
How to Remain Secure against the NSA
Air Gaps
Why the NSA’s Defense of Mass Data Collection Makes No Sense
Defending Against Crypto Backdoors
A Fraying of the Public/Private Surveillance Partnership
Surveillance as a Business Model
Finding People’s Locations Based on Their Activities in Cyberspace
Surveillance by Algorithm
Metadata = Surveillance
Everyone Wants You to Have Security, But Not from Them
Why We Encrypt
Automatic Face Recognition and Surveillance
The Internet of Things that Talk about You behind Your Back
Security vs Surveillance
The Value of Encryption
Congress Removes FCC Privacy Protections on Your Internet Usage
Infrastructure Vulnerabilities Make Surveillance Easy 150

7 Business and Economics of Security
More on Feudal Security
The Public/Private Surveillance Partnership
Should Companies Do Most of Their Computing in the Cloud?
Security Economics of the Internet of Things 165

8 Human Aspects of Security
Human-Machine Trust Failures
Government Secrecy and the Generation Gap
Choosing Secure Passwords
The Human Side of Heartbleed
The Security of Data Deletion
Living in a Code Yellow World
Security Design: Stop Trying to Fix the User
Security Orchestration and Incident Response 184

9 Leaking, Hacking, Doxing, and Whistleblowing
Government Secrets and the Need for Whistleblowers
Protecting Against Leakers
Why the Government Should Help Leakers
Lessons from the Sony Hack
Reacting to the Sony Hack
Attack Attribution in Cyberspace
Organizational Doxing
The Security Risks of Third-Party Data
The Rise of Political Doxing
Data is a Toxic Asset
Credential Stealing as an Attack Vector
Someone is Learning How to Take Down the Internet
Who is Publishing NSA and CIA Secrets, and Why?
Who are the Shadow Brokers?
On the Equifax Data Breach 226

10 Security, Policy, Liberty, and Law
Our Newfound Fear of Risk
Take Back the Internet
The Battle for Power on the Internet
How the NSA Threatens National Security
Who Should Store NSA Surveillance Data?
Ephemeral Apps
Disclosing vs Hoarding Vulnerabilities
The Limits of Police Subterfuge
When Thinking Machines Break the Law
The Democratization of Cyberattack
Using Law against Technology
Decrypting an iPhone for the FBI
Lawful Hacking and Continuing Vulnerabilities
The NSA is Hoarding Vulnerabilities
WannaCry and Vulnerabilities
NSA Document Outlining Russian Attempts to Hack Voter Rolls
Warrant Protections against Police Searches of Our Data
References 281