Crypto-Gram Back Issues


15 Apr 2014 Heartbleed, seventh movie-plot threat contest, MYSTIC: the NSA's telephone call collection program, the continuing public/private surveillance partnership, new book on data and power, an open letter to IBM's open letter, ephemeral apps, Target credit card breach
15 Mar 2014 Breaking up the NSA, computer network exploitation vs. attack, metadata = surveillance, surveillance by algorithm, NSA exploit of the day, who should store NSA surveillance data, Fortuna PRNG, RCS spyware and Citizen Lab, choosing secure passwords
15 Feb 2014 Finding people's locations based on their activities in cyberspace, the insecurity of secret IT systems, NSA exploit of the day, briefing congress on the NSA, NSA news, US privacy and civil liberties oversight board condemns NSA mass surveillance, NSA/GCHQ accused of hacking Belgian cryptographer, CSEC surveillance analysis of IP and user data
15 Jan 2014 How the NSA threatens national security, NSA exploit of the day, Tor user identified by FBI, security risks of embedded systems, Schneier news, Schneier news: I've joined Co3 Systems, Twitter users: please make sure you're following the right feed
15 Dec 2013 NSA spying on online gaming worlds, NSA tracks people using Google cookies, NSA and U.S. surveillance news, how antivirus companies handle state-sponsored malware, surveillance as a business model, evading airport security, crypto-gram move, the TQP patent
15 Nov 2013 NSA harvesting contact lists, NSA eavesdropping on Google and Yahoo networks, code names for NSA exploit tools, defending against crypto backdoors, why the government should help leakers, NSA/Snowden news, government and corporate surveillance, a fraying of the public/private surveillance partnership, book review: "Cyber War Will Not Take Place", understanding the threats in cyberspace, SecureDrop, dry ice bombs at LAX, the battle for power on the Internet
15 Oct 2013 How the NSA attacks Tor/Firefox users, why it's important to publish the NSA programs, the NSA's new risk analysis, reforming the NSA, NSA/Snowden news, the limitations of intelligence, metadata equals surveillance, Senator Feinstein admits the NSA taps the Internet backbone, NSA storing Internet data on pretty much everybody, air gaps, will Keccak = SHA-3?, Google knows every Wi-Fi password in the world, surreptitiously tampering with computer chips
15 Sep 2013 Take Back the Internet, more on the NSA commandeering the Internet, detaining David Miranda, government secrecy and the generation gap, conspiracy theories and the NSA, the NSA's cryptographic capabilities, how to remain secure against the NSA, protecting against leakers, NSA/Snowden news, our newfound fear of risk, human-machine trust failures, excess automobile deaths as a result of 9/11, iPhone fingerprint authentication, hacking consumer devices, Syrian Electronic Army cyberattacks, the cryptopocalypse, measuring entropy
15 Aug 2013 Public/private surveillance partnership, NSA commandeering the Internet, restoring trust in government and the Internet, book review: Rise of the Warrior Cop, effects of Snowden's whistleblowing, counterterrorism mission creep
15 Jul 2013 NSA surveillance, NSA secrecy and personal privacy, Skype eavesdropping, pre-9/11 NSA Thinking, US offensive cyberwar policy, finding sociopaths on facebook, fellowship at the Berkman Center, protecting e-mail from eavesdropping, is cryptography engineering or science?, sixth movie-plot threat contest winner
15 Jun 2013 Whistleblowers, Edward Snowden, trading privacy for convenience, NSA spying, the politics of security in a democracy, more on feudal security, surveillance and the Internet of things, CALEA-II, sixth annual movie-plot threat semifinalists, password cracking, Bluetooth-controlled door lock, Security and Human Behavior 2013, cost of terrorism in Pakistan
15 May 2013 Refuse to be terrorized, intelligence analysis and the connect-the-dots metaphor, transparency and accountability, Boston terrorist attacks, the public/private surveillance partnership, Michael Chertoff on Google Glass
15 Apr 2013 Our Internet surveillance state, sixth movie-plot threat contest, IT for oppression, when technology overtakes security, security awareness training, blog changes
15 Mar 2013 Nationalism on the Internet, automobile data surveillance, court of public opinion, news, chinese cyberattacks, technologies of surveillance, phishing, papal election, getting security incentives right, companies that can't afford dedicated security
15 Feb 2013 Power and the Internet, who does Skype let spy?, our new regimes of trust, TSA removing Rapiscan full-body scanners, scrambling fighter jets, massive police shootout despite lack of criminals, New York Times hacked by China, man-in-the-middle attacks against browser encryption
15 Jan 2013 Last month's overreactions, public shaming as a security measure, terms of service as a security threat, classifying a shape, Bruce Schneier as a verb, experimental results: Liars and Outliers trust offer
15 Dec 2012 Feudal security, e-mail security in the wake of Petraeus, squids on the Economist cover, IT for oppression, dictators shutting down the Internet, book review: Against Security
15 Nov 2012 Stoking cyber fears, hacking TSA PreCheck, encryption in cloud computing, the risks of trusting experts
15 Oct 2012 SHA-3, recent developments in password cracking, master keys, when will we see collisions for SHA-1?
15 Sep 2012 The importance of security engineering, security at the 9/11 WTC memorial, poll: Americans like the TSA, five "neglects" in risk management, is iPhone security really this good?
15 Aug 2012 Overreaction and overly specific reactions to rare risks, Cryptocat yet another risk of storing everything in the cloud, sexual harassment at DefCon (and other hacker cons), police sting operation yields no mobile phone thefts, remote scanning technology
15 Jul 2012 So you want to be a security expert, Rand Paul takes on the TSA, securing virology research, anti-virus companies and military malware, e-mail accounts are more valuable than bank accounts, the post-9/11 cycle of fear and funding
15 Jun 2012 The vulnerabilities market and the future of security, cyberwar treaties, flame, ethnic profiling at airports, Kip Hawley and me, Security and Human Behavior 2012
15 May 2012 Airport profiling, Kip Hawley channels his inner Schneier, TSA behavioral detection, stolen phone database, Liars and Outliers update, overreacting to potential bombs, foiled terrorist plot, fear and the attention economy "Split or Steal"
15 Apr 2012 Harms of post-9/11 airline security, congressional testimony on the TSA, bomb threats as a denial-of-service attack, can the NSA break AES?, rare Spanish Enigma machine, buying exploits on the grey market, hacking critical infrastructure
15 Mar 2012 Liars and Outliers, lousy random numbers cause insecure public keys, video shows TSA full-body scanner failure, themes from the RSA conference, how changing technology affects security
15 Feb 2012 Liars and Outliers update, possibly the most incompetent TSA story yet, court-ordered decryption and forgotten keys, authentication by "cognitive footprint", two-factor authentication
15 Jan 2012 The TSA proves its own irrelevance, abolishing the Department of Homeland Security, "going dark" vs. a "golden age of surveillance," "Chinese Hacking" of iBahn, Liars and Outliers news
15 Dec 2011 Status report on Liars and Outliers, malware on smart phones, the SCADA Attack that wasn't, Carrier IQ spyware, altruism and fairness, Iranians capture U.S. drone, recent developments in full disclosure
15 Nov 2011 Advanced Persistent Threat (APT), qnother ATM theft tactic, remotely opening prison doors, fake documents that alarm if opened
15 Oct 2011 Three emerging cyber threats, status report on Liars and Outliers, official malware from the German police, domain-in-the-middle attacks, insider attack against Diebold voting machines, National Cybersecurity Awareness Month
15 Sep 2011 Ten-year anniversary of 9/11, terrorism in the U.S. since 9/11, efficacy of post-9/11 counterterrorism, unredacted U.S. diplomatic wikileaks cables published, status report on Liars and Outliers
15 Aug 2011 Developments in facial recognition, is there a hacking epidemic?
15 Jul 2011 Man flies with someone else's ticket, court ruling on "reasonable" electronic banking security, protecting private information on smart phones, yet another "people plug in strange USB sticks" story
15 Jun 2011 New Siemens SCADA vulnerabilities kept secret, avoiding TSA's full-body scanners, sensitive information and self-restraint, man-in-the-middle attack against the MCAT exam, open-source software feels insecure
15 May 2011 Status report on The Dishonest Minority, RFID tags protecting hotel towels, hijacking the coreflood botnet, drugging people and then robbing them, Sony hack
15 Apr 2011 Detecting cheaters, ebook fraud, keeping your money in a home safe, changing incentives creates security risks, euro coin recycling scam, wi-fi in London Underground, Epsilon hack, Schneier's Law
15 Mar 2011 Anonymous vs. HBGary, NIST Defines New Versions of SHA-512
15 Feb 2011 Societal security, Domodedovo airport bombing, bioencryption, scareware, whitelisting vs. blacklisting
15 Jan 2011 Security in 2020, stealing SIM cards from traffic lights, recording the police, book review: Cyber War
15 Dec 2010 Airline security, full body scanners, closing the Washington Monument, cyberwar and the future of cyber conflict, NIST announces SHA-3 finalists, software monoculture, term paper writing for hire
15 Nov 2010 Crowdsourcing surveillance, Internet quarantines, cargo security, changes in airplane security, young man in "old man" mask boards plane, conference at Bletchley Park, changing passwords
15 Oct 2010 Wiretapping the Internet, cyberwar, putting unique codes on objects to detect counterfeiting, Stuxnet
15 Sep 2010 Consumerization and corporate IT Security, more Skein news, wanted: Skein hardware help
15 Aug 2010 A revised taxonomy of social networking data, WikiLeaks insurance file, NSA and the National Cryptologic Museum, book review: How Risky Is It, Really?
15 Jul 2010 The threat of cyberwar has been grossly exaggerated, Internet kill switch, Third SHB Workshop, data at rest vs. data in motion, reading me
15 Jun 2010 Hiring hackers, scenes from an airport, fifth annual Movie-Plot Threat Contest winner, outsourcing to an Indian jail, terrorists placing fake bombs in public places, reading me
15 May 2010 Worst-case thinking, why aren't there more terrorist attacks?, 9/11 made us safer?, young people and privacy, "if you see something, say something," preventing terrorist attacks in crowded areas, punishing security breaches
15 Apr 2010 Privacy and control, New York and the Moscow subway bombing, fifth annual Movie-Plot Threat Contest, new book: Cryptography Engineering, should the government stop outsourcing code development?
15 Mar 2010 Al-Mabhouh assassination, small planes and lone terrorist nutcases, Demiurge Consulting, TSA logo contest winner
15 Feb 2010 Fixing intelligence failures, anonymity and the Internet, security and function creep, Chinese attack against Google, new attack on Threefish
15 Jan 2010 Underwear Bomber, TSA logo contest, fixing airport security contest, fixing intelligence, intercepting predator video, breaching the secure area in airports
15 Dec 2009 Terrorists targeting high-profile events, Eric Schmidt on privacy, a taxonomy of social networking data, the psychology of being scammed, reacting to security vulnerabilities
15 Nov 2009 Beyond security theater, fear and overreaction, zero-tolerance policies, security in a reputation economy, the commercial speech arms race, "evil maid" attacks on encrypted hard drives, is antivirus dead?
15 Oct 2009 Ass Bomber, unauthentication, the futility of defending the targets, Texas Instruments signing keys, UK defense security manual leaked
15 Sep 2009 Eighth Anniversary of 9/11, Skein news, real-world access control, file deletion, London's surveillance cameras, Robert Sawyer's alibis, stealing 130 million credit card numbers, "the cult of Schneier"
15 Aug 2009 Risk intuition, privacy salience and social networking sites, building in surveillance, laptop security while crossing borders, self-enforcing protocols, another new AES attack, lockpicking and the Internet
15 Jul 2009 Imagining threats, security and group size, fraud on eBay, authenticating paperwork, password masking, the "hidden cost" of privacy, fixing airport security, homomorphic encryption, new attack on AES, MD6, SHA-1
15 Jun 2009 Obama's cybersecurity speech, "Lost" puzzle, terrorism arrests, full-body scanners in airports, Net1, cloud computing, The Second Interdisciplinary Workshop on Security and Human Behaviour
15 May 2009 Fourth Annual Movie-Plot Threat Contest winner, book review: The Science of Fear, an expectation of online privacy, malicious contamination of the food supply, data trade practices, mathematical illiteracy, Conficker
15 Apr 2009 Fourth Annual Movie-Plot Threat Contest, who should be in charge of u.s. cybersecurity?, privacy and the fourth amendment, the definition of "weapon of mass destruction," stealing commodities
15 Mar 2009 Perverse security incentives, privacy in the age of persistence, insiders, singularics, insect security, the kindness of strangers, new ebay fraud, blaming the victim, security and usability in authentication
15 Feb 2009 Helping the terrorists, Monster.com data breach, the exclusionary rule, BitArmor's no-breach guarantee, breach notification laws
15 Jan 2009 Impersonation, forging SSL certificates, biometrics
15 Dec 2008 Lessons from Mumbai, Twitter and terrorism, Google Earth, the future of ephemeral conversation, "Here Comes Everybody" review, Schneier for TSA administrator?, Skein news
15 Nov 2008 Skein hash function, TSA, quantum cryptography, economics of spam, psychology of con men, terrorists using Twitter, replacement hotel room keys, p = np?
15 Oct 2008 Seven habits of highly ineffective terrorists, airport contraband, news, warrantless eavesdropping, risk management, "new attack" against encrypted images, nonviolent activists are now terrorists
15 Sep 2008 New book, identity farming, Phorm, security ROI, Diebold, full disclosure, Cory Doctorow's cipher wheel rings, photo ID checks at airport, mental illness and murder, movie-plot threats
15 Aug 2008 Memo to the next president, homeland security cost-benefit analysis, Mifare transport cards, software liabilities, Truecrypt's deniable file system, DNS vulnerability
15 Jul 2008 CCTV cameras, kill switches and remote control, LifeLock, The First Interdisciplinary Workshop on Security and Human Behavior, Chinese hackers, Man-in-the-Middle attacks
15 Jun 2008 The war on photography, crossing borders with laptops, e-mail after the Rapture, fax signatures, the war on t-shirts, airplane seat cameras, how to sell security
15 May 2008 Ten-Year Anniversary of Crypto-Gram, dual-use technologies and equities, crossing borders with laptops, risk preferences in chimpanzees and bonobos, ethics of vulnerability research
15 Apr 2008 Third Annual Movie-Plot Threat Contest, the security mindset, security as feeling and reality, web entrapment, speeding tickets and agenda, seat belts, Internet censorship
15 Mar 2008 Privacy and power, Israel implementing IFF for commercial aircraft, third parties controlling information, Amtrak passenger screening, security suites vs. best-of-breed
15 Feb 2008 Security vs. privacy, MySpace and U.S. Attorneys General, lock-in, hacking power networks, Mujahideen Secrets 2, giving driver's licenses to illegal immigrants
15 Jan 2008 Anonymity and the Netflix dataset, "Where Should Airport Security Begin?", airport security study, running an open wireless network
15 Dec 2007 How to secure your computer, defeating the shoe scanning machine at Heathrow Airport, Gitmo manual leaked, security in ten years
15 Nov 2007 The war on the unexpected, online political contributing, chemical plants, switzerland and quantum cryptography, security by letterhead, cyberwar, black market in Internet crime, Dual_EC_DRBG
15 Oct 2007 Storm Worm, fraudulent Amber Alerts, UK police can now demand encryption keys, anonymity and Tor, remote-controlled toys and the TSA, staged attack on generator
15 Sep 2007 First responders, basketball referees, home users, stupidest terrorist overreaction, automobile surveillance, computer forensics case study, fast-food drive-ins
15 Aug 2007 Assurance and electronic voting machines, Harry Potter leak, avian flu and disaster planning, liquid terrorist plot details, House of Lords on computer security, conversation with Kip Hawley
15 Jul 2007 Correspondent inference theory and terrorism, ubiquity of communication, 4th amendment rights extended to e-mail, credit card gas limits, voting machines and coercion, risks of data reuse
15 Jun 2007 Rare risk and overreactions, portrait of the modern terrorist as an idiot, teaching viruses, second movie-plot threat contest winner, non-security considerations in security decisions
15 May 2007 A security market for lemons, Big Brother, citizen-counterterrorist training, REAL ID, social engineering, anti-spam doorbell, penetration testing
15 Apr 2007 Second Movie-Plot Threat Contest, U.S. terorrist database, JavaScript hijacking, government contractor injects malicious software into critical military computers
15 Mar 2007 CYA security, copycats, US terrorism arrests overstated, movie plot threat in Vancouver, private police forces, cloning RFID chips made by HID
28 Feb 2007 Special issue: the psychology of security
15 Feb 2007 In praise of security theater, REAL-ID, debating full disclosure, sending photos to 911 operators, DRM in Windows Vista, psychology of security
15 Jan 2007 Automated targeting system, auditory eavesdropping, licensing boaters, Microsoft anti-phishing, Unabomber's code, transmitters in Canadian coins
15 Dec 2006 Revoting, real-world passwords, tracking sneakers, notary fraud, separating data and device ownership, fighting fraudulent tranactions
15 Nov 2006 Election security, perceived vs. actual risk, Total Information Awareness is back, forge your own boarding pass, the death of ephemeral conversation
15 Oct 2006 Screening people with clearances, renew your passport now!, faulty data and the Arar case, on-card displays, screaming cell phones
15 Sep 2006 What the terrorists want, ways to avoid the next 9/11, educating users, what is a hacker?, USBDumper, Microsoft and FairUse4WM
15 Aug 2006 Remote-control airplane software, doping in professional sports, iPod thefts, security certifications, HSBC insecurity hype, bot networks
15 Jul 2006 Google and click fraud, Mumbai terrorist bombings, League of Women Voters supports voter-verifiable paper trails, Brennan Center and electronic voting
15 Jun 2006 The value of privacy, movie-plot threat contest winner, hacking computers Over USB, aligning interest with capability
15 May 2006 Who owns your computer?, identity-theft disclosure laws, man-in-the-middle attacks on RFID cards, Microsoft's BitLocker, the security risk of special cases
15 Apr 2006 Movie-plot threat contest, airport passenger screening, VOIP encryption, security through begging, KittenAuth, new kind of door lock, iJacking
15 Mar 2006 The future of privacy, face recognition in bars, data mining for terrorists, police department privilege escalation, database error causes unbalanced budget, port security
15 Feb 2006 Risk of losing portable devices, multi-use ID cards, Ben Franklin, Valentine's Day, security in the cloud
15 Jan 2006 Anonymity and accountability, Dutch botnet, Internet Explorer sucks, electronic shackles, Project Shamrock
15 Dec 2005 Airplane security, sky marshal shooting, Sony's DRM rootkit, truckers watching the highways, secure classical communications
15 Nov 2005 RFID passports, the living and the dead, Sony secretly installs rootkit, Taser cam, DMCA review, Zotob worm
15 Oct 2005 Phishing, closed-source breathalyzers, automatic license plate scanners, tax breaks for good security, Judge Roberts
15 Sep 2005 Movie-plot threats, Katrina, the keys to the Sydney subway, Lance Armstrong, Trusted Computing best practices
15 Aug 2005 Profiling, Cisco and ISS, stealing imaginary things, turning cell phones off in tunnels, searching bags in subways
15 Jul 2005 London transport bombings, terrorism defense, CardSystems, speeding ticket avoidance, talking to strangers
15 Jun 2005 Internet attack trends, backscatter x-ray technology, fake concert tickets, Bluetooth, anthrax hoaxes
15 May 2005 REAL ID, should terrorism be reported?, automatic speedtraps, the potential for an SSH worm, Wi-Fi minefields, combating spam
15 Apr 2005 More on two-factor authentication, identity theft, Secure Flight, papal elections
15 Mar 2005 SHA-1 broken, two-factor authentication, ChoicePoint, Unicode URL Hack, Ghostbuster
15 Feb 2005 Secure Flight, T-Mobile hack, Microsoft RC4 flaw, secret questions, authentication and expiration
15 Jan 2005 Fingerprinting students, shutting down GPS, Hollywood sign, Secure Flight, cyberwar
15 Dec 2004 Behavioral assessment profiling, Google Desktop Search, safe personal computing
15 Nov 2004 Voting machines, mail-in ballot attack, world series security, technology and counterterrorism
15 Oct 2004 New blog, keeping network outages secret, RFID passports, license plate "guns"
15 Sep 2004 Security at the Olympics, Trusted Traveler program, museum security, mobile phone spoofing, no-fly list
15 Aug 2004 BOB on board, alibi and excuse clubs, Houston airport rangers, website passwords
15 Jul 2004 Due process, x-ray machines, portable storage devices, Coca-Cola and the NSA, CLEAR Act
15 Jun 2004 Breaking Iranian Codes, Windows XP SP2, cell phone jamming, cameras in subways, Witty worm
15 May 2004 Warrants, counterterrorism in airports, bypassing the USPS, national security consumers
15 Apr 2004 National ID cards, TSA-approved locks, stealing an election, beepcard, virus wars
15 Mar 2004 Microsoft source code leak, port knocking, USPTO, Password Safe 2.0, V-ID card, risks of centralization
15 Feb 2004 Surveillance, the politicization of security, identification, economics of spam
15 Jan 2004 Color-coded terrorist threat levels, fingerprinting foreigners, almanacs, diverting aircraft
15 Dec 2003 Blaster and the August 14th blackout, quantum cryptography, computerized voting
15 Nov 2003 Airplane hackers, the 9/11 terrorists' real weapon, the trojan defense
15 Oct 2003 The future of surveillance, the Patriot Act and mission creep, risks of monoculture, identity cards
15 Sep 2003 Accidents and security incidents, Beyond Fear reactions, benevolent worms, hats in banks
15 Aug 2003 Beyond Fear, flying on someone else's plane ticket, hidden text in computer documents
15 Jul 2003 How to fight, more e-mail filtering idiocy, Password Safe, crying wolf
15 Jun 2003 Cyber-terrorism, self-destructing DVDs, attacking virtual machines, auditable tasers
15 May 2003 Encryption and wiretapping, receipts, unique e-mail addresses and spam
15 Apr 2003 Postal denial-of-service, baseball, NCIC database accuracy
15 Mar 2003 Practical Cryptography, SSL flaw, SSL patent case, woodland ants
15 Feb 2003 Locks and full disclosure, SQL Slammer, importance of authentication
15 Jan 2003 Militaries and cyber-war, cichlid fish, RMAC authentication mode
15 Dec 2002 Counterattack, Department of Homeland Security, Dan Cooper, crime
15 Nov 2002 New book, Japanese honeybees, choose your own Doghouse candidate
15 Oct 2002 National Strategy to Secure Cyberspace, more on AES cryptanalysis, one-time pads
15 Sep 2002 Word 97 vulnerability, AES news, Reveal, The Odyssey
15 Aug 2002 Palladium and the TCPA, license to hack, arming airline pilots
15 Jul 2002 Embedded control systems and security, Perrun virus
15 Jun 2002 Fixing intelligence failures, more on secrecy and security
15 May 2002 Secrecy, security, and obscurity; fun with fingerprint readers
15 Apr 2002 How to think about security, liability and security, key length
15 Mar 2002 SNMP, IETF "Responsible Disclosure" document, Bernstein's factoring paper
15 Feb 2002 Judging Microsoft, Oracle's "unbreakable" database
15 Jan 2002 Windows UPnP vulnerability, Password Safe 2.0, AGS Encryptions
15 Dec 2001 National ID cards, judges punish bad security, fun with vulnerability scanners
15 Nov 2001 Full disclosure, GOVNET, Password Safe vulnerability, Windows XP
15 Oct 2001 Cyberterrorism and cyberhooliganism, war on terrorism, SSSCA, Nimda, port 80
30 Sep 2001 Special issue on the Sep. 11 terrorist attacks and their aftermath
Italian translation by Paolo Attivissimo
15 Sep 2001 11 September 2001, NSA's dual counter mode, Microsoft root certificate program
15 Aug 2001 DMCA, Code Red, copyright protection, cybercrime treaty
15 Jul 2001 Phone hacking: the next generation, monitoring first
15 Jun 2001 Honeypots and Honeynet, Invicta Networks, DDOS attacks on grc.com
15 May 2001 Military history, digital copy prevention, security standards, safe personal computing
15 Apr 2001 Advantages of defense, CSI computer crime survey, fake Microsoft certificates
15 Mar 2001 The security patch treadmill, insurance, death of IDS, 802.11 security
15 Feb 2001 CPRM, an intentional backdoor, e-mail filter idiocy, air gaps, Internet voting
15 Jan 2001 A cyber UL?, SafeMessage, social engineering, code signing in Windows
15 Dec 2000 Voting and technology, digital safe-deposit boxes, new bank privacy regs
15 Nov 2000 Digital signatures, SDMI hacking challenge, Microsoft hack
15 Oct 2000 Semantic attacks, cybercrime treaty, NSA on security, AES announced
15 Sep 2000 Full disclosure, Carnivore, FBI and the Olympics, Facemail, PGP vulnerability
15 Aug 2000 Secrets and Lies, "Crime in Cyberspace" convention, Authentica, Bluetooth
15 Jul 2000 Full disclosure and the CIA, presidential password, lockmaking, Unicode
15 Jun 2000 SOAP, Java and viruses, DES, Infraworks
15 May 2000 Microsoft vs. Slashdot, Cybercrime treaty, Trusted client software, ILOVEYOU
15 Apr 2000 AES conference, French banking card hack, Microsoft Active Setup, UCITA
15 Mar 2000 Kerberos and Win2K, software burglary tools, UCITA, software complexity
15 Feb 2000 Distributed denial-of-service, Chinese crypto regs, publicizing vulnerabilities
15 Jan 2000 Publicity attacks, new encryption regs, Netscape, block and stream ciphers
15 Dec 1999 Security as process, ECHELON, export regulations draft, GSM encryption
15 Nov 1999 Why computers are insecure, DVD encryption, Win CE, Elliptic Curves
15 Oct 1999 Becoming a cryptographer, export rules, AMD, PKI slogans, key length
15 Sep 1999 Open source, NSAKEY, CESA, E*Trade, factoring RSA
15 Aug 1999 Back Orifice 2000, AES news, HPUX, web-based encrypted mail
15 Jul 1999 Future of crypto-hacking, bungled SSL, reader comments
15 Jun 1999 E-mail viruses, hacking archives, international encryption policy
15 May 1999 Internationalization of cryptography, export rules, TWINKLE
15 Apr 1999 The importance of not being different, smart card threats, attacking certificates with viruses
15 Mar 1999 Security hole in IE/Outlook and Office, AES news, RSA-140 factored
15 Feb 1999 Snake oil, NSA and crypto export, WinXFiles, back doors, Intel's processor ID
15 Jan 1999 1998 year-in-review, clueless agents, Cayley-Purser
15 Dec 1998 Cracking contests, recognizing plaintext, zip disks, Commerce Dept. committee
15 Nov 1998 Electronic commerce, micro locks, copy protection, more on steganography
15 Oct 1998 Steganography, TriStrata, Rapid Remote, memo to amateur cipher designers
15 Sep 1998 Cramer-Shoup, impossible cryptanalysis, street performer, Private Doorbell
15 Aug 1998 Hardware DES cracker, KEA, chosen protocol attack, biometrics
15 Jul 1998 Breaking RSA, declassifying Skipjack, secure audit logs, WIPO
15 Jun 1998 Side channel attacks, risks of key escrow, pseudo-random number generators
15 May 1998 AES, secret story of non-secret encryption, conditional purchase orders

up to Crypto-Gram

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..