Essays

“How to Decarbonize Crypto,” The Atlantic, December 06, 2022.

“Centralized Vs. Decentralized Data Systems—Which Choice Is Best?,” VentureBeat, September 12, 2022.

“NIST’s Post-Quantum Cryptography Standards Competition,” IEEE Security & Privacy, August 07, 2022.

“When Corporate Interests and International Cyber Agreements Collide,” The Cipher Brief, May 05, 2022.

News

“<cite>Firewalls Don’t Stop Dragons</cite> 300th Episode,” Firewalls Don't Stop Dragons, November 28, 2022.

“Book Review: <cite>A Hacker’s Mind</cite>,” Kirkus Reviews, November 16, 2022.

“"Hacking" the Legal System: Bruce Schneier (World-renowned Security Expert and Blogger),” Aiming for the Moon, September 11, 2022.

“Bruce Schneier on the Crypto/Blockchain Disaster,” Cyber Protection Magazine, August 11, 2022.

“Understanding Crypto 6: Bruce Schneier: Security, Trust, and Blockchain,” Rational Reminder, July 08, 2022.

“Schneier: “Le votazioni elettroniche? Non fatelo, non è sicuro”,” Cybersecurity 360, July 04, 2022.

“Expert Interviews: Hacktivism,” Cyber.RAR, June 29, 2022.

“Why AIs Will Become Hackers,” Dark Reading, June 09, 2022.

“Schneier on Security for Tomorrow’s Software,” The Changelog, May 20, 2022.

Crypto-Gram

November 15, 2022:

New Book: A Hacker’s Mind, Hacking Automobile Keyless Entry Systems, Qatar Spyware, Museum Security, Interview with Signal’s New President, Adversarial ML Attack that Secretly Gives a Language Model a Point of View, On the Randomness of Automatic Card Shufflers, Australia Increases Fines for Massive Data Breaches, Critical Vulnerability in Open SSL, Apple Only Commits to Patching Latest OS Version, Iran’s Digital Surveillance Tools Leaked, NSA on Supply Chain Security, The Conviction of Uber’s Chief Security Officer, Using Wi-FI to See through Walls, Defeating Phishing-Resistant Multifactor Authentication, An Untrustworthy TLS Certificate in Browsers, NSA Over-surveillance, A Digital Red Cross, Upcoming Speaking Engagements

October 15, 2022:

Relay Attack against Teslas, Massive Data Breach at Uber, Large-Scale Collection of Cell Phone Data at US Borders, Credit Card Fraud That Bypasses 2FA, Automatic Cheating Detection in Human Racing, Prompt Injection/Extraction Attacks against AI Systems, Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses, Leaking Passwords through the Spellchecker, New Report on IoT Security, Cold War Bugging of Soviet Facilities, Differences in App Security/Privacy Based on Country, Security Vulnerabilities in Covert CIA Websites, Detecting Deepfake Audio by Modeling the Human Acoustic Tract, NSA Employee Charged with Espionage, October Is Cybersecurity Awareness Month, Spyware Maker Intellexa Sued by Journalist, Complex Impersonation Story, Inserting a Backdoor into a Machine-Learning System, Recovering Passwords by Measuring Residual Heat, Digital License Plates, Regulating DAOs, Upcoming Speaking Engagements

September 15, 2022:

$23 Million YouTube Royalties Scam, Remotely Controlling Touchscreens, Zoom Exploit on MacOS, USB "Rubber Ducky" Attack Tool, Hyundai Uses Example Keys for Encryption System, Signal Phone Numbers Exposed in Twilio Hack, Mudge Files Whistleblower Complaint against Twitter, Man-in-the-Middle Phishing Attack, Security and Cheap Complexity, Levels of Assurance for DoD Microelectronics, FTC Sues Data Broker, High-School Graduation Prank Hack, Clever Phishing Scam Uses Legitimate PayPal Messages, Montenegro Is the Victim of a Cyberattack, The LockBit Ransomware Gang Is Surprisingly Professional, Facebook Has No Idea What Data It Has, Responsible Disclosure for Cryptocurrency Security, New Linux Cryptomining Malware, FBI Seizes Stolen Cryptocurrencies, Weird Fallout from Peiter Zatko’s Twitter Whistleblowing, Upcoming Speaking Engagements

August 15, 2022:

San Francisco Police Want Real-Time Access to Private Surveillance Cameras, Facebook Is Now Encrypting Links to Prevent URL Stripping, NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders, Russia Creates Malware False-Flag App, Critical Vulnerabilities in GPS Trackers, Apple’s Lockdown Mode, Securing Open-Source Software, New UEFI Rootkit, Microsoft Zero-Days Sold and Then Used, Ring Gives Videos to Police without a Warrant or User Consent, Surveillance of Your Car, Drone Deliveries into Prisons, SIKE Broken, NIST’s Post-Quantum Cryptography Standards, Hacking Starlink, A Taxonomy of Access Control, Twitter Exposes Personal Information for 5.4 Million Accounts, Upcoming Speaking Engagements

July 15, 2022:

M1 Chip Vulnerability, Attacking the Performance of Machine Learning Systems, Tracking People via Bluetooth on Their Phones, Hertzbleed: A New Side-Channel Attack, Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills, Symbiote Backdoor in Linux, On the Subversion of NIST by the NSA, On the Dangers of Cryptocurrencies and the Uselessness of Blockchain, 2022 Workshop on Economics and Information Security (WEIS), When Security Locks You Out of Everything, Ecuador’s Attempt to Resettle Edward Snowden, ZuoRAT Malware Is Targeting Routers, Analyzing the Swiss E-Voting System, NIST Announces First Four Quantum-Resistant Cryptographic Algorithms, Ubiquitous Surveillance by ICE, Apple’s Lockdown Mode, Nigerian Prison Break, Security Vulnerabilities in Honda’s Keyless Entry System, Post-Roe Privacy, New Browser De-anonymization Technique, Upcoming Speaking Engagements

June 15, 2022:

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms, Attacks on Managed Service Providers Expected to Increase, iPhone Malware that Operates Even When the Phone Is Turned Off, Websites that Collect Your Data as You Type, Bluetooth Flaw Allows Remote Unlocking of Digital Locks, The Onion on Google Map Surveillance, Forging Australian Driver’s Licenses, The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking, Manipulating Machine-Learning Systems through the Order of the Training Data, Malware-Infested Smart Card Reader, Security and Human Behavior (SHB) 2022, The Limits of Cyber Operations in Wartime, Clever -- and Exploitable -- Windows Zero-Day, Remotely Controlling Touchscreens, Me on Public-Interest Tech, Long Story on the Accused CIA Vault 7 Leaker, Leaking Military Secrets on Gaming Discussion Boards, Smartphones and Civilians in Wartime, Twitter Used Two-Factor Login Details for Ad Targeting, Cryptanalysis of ENCSecurity’s Encryption Implementation, Hacking Tesla’s Remote Key Cards, Upcoming Speaking Engagements

May 15, 2022:

Undetectable Backdoors in Machine-Learning Models, Clever Cryptocurrency Theft, Long Article on NSO Group, Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries, SMS Phishing Attacks are on the Rise, Zero-Day Vulnerabilities Are on the Rise, Microsoft Issues Report of Russian Cyberattacks against Ukraine, Video Conferencing Apps Sometimes Ignore the Mute Button, Using Pupil Reflection in Smartphone Camera Selfies, New Sophisticated Malware, 15.3 Million Request-Per-Second DDoS Attack, Corporate Involvement in International Cybersecurity Treaties, Apple Mail Now Blocks Email Trackers, ICE Is a Domestic Surveillance Agency, Surveillance by Driverless Car, Upcoming Speaking Engagements