Essays

“How to Cut Down on Ransomware Attacks Without Banning Bitcoin,” Slate, June 17, 2021.

“Hacked Drones and Busted Logistics Are the Cyber Future of Warfare,” Brookings TechStream, June 05, 2021.

“Russia’s Hacking Success Shows How Vulnerable the Cloud Is,” Foreign Policy, May 24, 2021.

“‘Grassroots’ Bot Campaigns Are Coming. Governments Don’t Have a Plan to Stop Them.,” The Washington Post, May 20, 2021.

“Hackers Used to Be Humans. Soon, AIs Will Hack Humanity,” Wired, April 19, 2021.

“Bitcoin’s Greatest Feature Is Also Its Existential Threat,” Wired, March 09, 2021.

“Illuminating SolarStorm: Implications for National Strategy and Policy,” Aspen Institute, March 04, 2021.

“Why Was SolarWinds So Vulnerable to a Hack?,” The New York Times, February 23, 2021.

“The Government Will Guard Biden’s Peloton from Hackers. What About the Rest of Us?,” The Washington Post, February 02, 2021.

News

“Click Here To Kill Everybody,” Power Corrupts, September 07, 2021.

“Bruce Schneier: We Are Asking the Wrong Cybersecurity Questions,” CDO Trends, August 23, 2021.

“Secure Ventures Podcast,” Secure Ventures with Kyle McNulty, July 27, 2021.

“Going Meta: A Conversation and AMA with Bruce Schneier,” 8th Layer Insights, July 20, 2021.

“The Coming AI Hackers. How Will They Put Society At Risk?,” Cybercrime Magazine, June 15, 2021.

“The Coming AI Hackers,” Exponential View, June 09, 2021.

“The Next Phase in Cyber Warfare,” The Red Line, May 16, 2021.

“When AI Becomes the Hacker,” Dark Reading, May 13, 2021.

“Hacking Is a Task AI Will Excel at (And We Are Not Far from That Point),” ZDNet, May 06, 2021.

“Bruce Schneier Wants You to Make Software Better,” IEEE Spectrum, April 28, 2021.

“Data, Surveillance & Internet Security with Bruce Schneier,” CSINT Conversations, March 03, 2021.

“Artificial Intelligence in Politics,” Unpublished Cafe, February 19, 2021.

Crypto-Gram

September 15, 2021:

Tetris: Chinese Espionage Tool, Apple’s NeuralHash Algorithm Has Been Reverse-Engineered, T-Mobile Data Breach, More on Apple’s iPhone Backdoor, Surveillance of the Internet Backbone, Interesting Privilege Escalation Vulnerability, Details of the Recent T-Mobile Breach, Excellent Write-up of the SolarWinds Security Breach, More Military Cryptanalytics, Part III, Zero-Click iPhone Exploits, History of the HX-63 Rotor Machine, Hacker-Themed Board Game, Tracking People by their MAC Addresses, Lightning Cable with Embedded Eavesdropping, Security Risks of Relying on a Single Smartphone, More Detail on the Juniper Hack and the NSA PRNG Backdoor, ProtonMail Now Keeps IP Logs, Designing Contact-Tracing Apps, Upcoming Speaking Engagements

August 15, 2021:

Colorado Passes Consumer Privacy Law, REvil is Off-Line, Candiru: Another Cyberweapons Arms Manufacturer, NSO Group Hacked, Nasty Windows Printer Driver Vulnerability, Commercial Location Data Used to Out Priest, Disrupting Ransomware by Disrupting Bitcoin, Hiding Malware in ML Models, De-anonymization Story, AirDropped Gun Photo Causes Terrorist Scare, Storing Encrypted Photos in Google’s Cloud, I Am Parting With My Crypto Library, The European Space Agency Launches Hackable Satellite, Paragon: Yet Another Cyberweapons Arms Manufacturer, Zoom Lied about End-to-End Encryption, Using "Master Faces" to Bypass Face-Recognition Authenticating Systems, Defeating Microsoft’s Trusted Platform Module, Apple Adds a Backdoor to iMessage and iCloud Storage, Cobalt Strike Vulnerability Affects Botnet Servers, Using AI to Scale Spear Phishing, Upcoming Speaking Engagements

July 15, 2021:

Andrew Appel on New Hampshire’s Election Audit, VPNs and Trust, Paul van Oorschot’s Computer Security and the Internet, Intentional Flaw in GPRS Encryption Algorithm GEA-1, Peloton Vulnerability Found and Fixed, The Future of Machine Learning and Cybersecurity, Apple Will Offer Onion Routing for iCloud/Safari Users, Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer, Banning Surveillance-Based Advertising, AI-Piloted Fighter Jets, NFC Flaws in POS Devices and ATMs, Risks of Evidentiary Software, Insurance and Ransomware, More Russian Hacking, Stealing Xbox Codes, Vulnerability in the Kaspersky Password Manager, Details of the REvil Ransomware Attack, Analysis of the FBI’s Anom Phone, Iranian State-Sponsored Hacking Attempts, China Taking Control of Zero-Day Exploits, Upcoming Speaking Engagements

June 15, 2021:

Is 85% of US Critical Infrastructure in Private Hands?, Adding a Russian Keyboard to Protect against Ransomware, Apple Censorship and Surveillance in China, Bizarro Banking Trojan, Double-Encrypting Ransomware, AIs and Fake Comments, New Disk Wiping Malware Targets Israel, The Story of the 2011 RSA Hack, The Misaligned Incentives for Cloud Security, Security Vulnerability in Apple’s Silicon "M1" Chip, The DarkSide Ransomware Gang, Security and Human Behavior (SHB) 2021, The Supreme Court Narrowed the CFAA, Vulnerabilities in Weapons Systems, Information Flows and Democracy, Detecting Deepfake Picture Editing, FBI/AFP-Run Encrypted Phone, TikTok Can Now Collect Biometric Data, Upcoming Speaking Engagements

May 15, 2021:

DNI’s Annual Threat Assessment, NSA Discloses Vulnerabilities in Microsoft Exchange, Cybersecurity Experts to Follow on Twitter, Details on the Unlocking of the San Bernardino Terrorist’s iPhone, Biden Administration Imposes Sanctions on Russia for SolarWinds, Backdoor Found in Codecov Bash Uploader, On North Korea’s Cyberattack Capabilities, When AIs Start Hacking, Security Vulnerabilities in Cellebrite, Identifying People Through Lack of Cell Phone Use, Serious MacOS Vulnerability Patched, Identifying the Person Behind Bitcoin Fog, Tesla Remotely Hacked from a Drone, New Spectre-Like Attacks, The Story of Colossus, Teaching Cybersecurity to Children, Newly Declassified NSA Document on Cryptography in the 1970s, Ransomware Shuts Down US Pipeline, AI Security Risk Assessment Tool, New US Executive Order on Cybersecurity, Ransomware Is Getting Ugly, Upcoming Speaking Engagements

April 15, 2021:

Security Analysis of Apple’s "Find My..." Protocol, On the Insecurity of ES&S Voting Machines’ Hash Code, Illegal Content and the Blockchain, Exploiting Spectre Over the Internet, Easy SMS Hijacking, Details of a Computer Banking Scam, Accellion Supply Chain Hack, Determining Key Shape from Sound, Hacking Weapons Systems, System Update: New Android Malware, Fugitive Identified on YouTube By His Distinctive Tattoos, Malware Hidden in Call of Duty Cheating Software, Wi-Fi Devices as Physical Object Sensors, Phone Cloning Scam, Signal Adds Cryptocurrency Support, Google’s Project Zero Finds a Nation-State Zero-Day Operation, Backdoor Added -- But Found -- in PHP, More Biden Cybersecurity Nominations, The FBI Is Now Securing Networks Without Their Owners’ Permission, Upcoming Speaking Engagements

March 15, 2021:

On Vulnerability-Adjacent Vulnerabilities, Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed, US Cyber Command Valentine’s Day Cryptography Puzzles, Malicious Barcode Scanner App, Browser Tracking Using Favicons, Virginia Data Privacy Law, WEIS 2021 Call for Papers, Router Security, GPS Vulnerabilities, Dependency Confusion: Another Supply-Chain Vulnerability, Twelve-Year-Old Vulnerability Found in Windows Defender, On Chinese-Owned Technology Platforms, The Problem with Treating Data as a Commodity, National Security Risks of Late-Stage Capitalism, Mysterious Macintosh Malware, Encoded Message in the Perseverance Mars Lander’s Parachute, Chinese Hackers Stole an NSA Windows Exploit in 2014, Four Microsoft Exchange Zero-Days Exploited by China, Threat Model Humor, No, RSA Is Not Broken, Hacking Digitally Signed PDF Files, On Not Fixing Old Vulnerabilities, More on the Chinese Zero-Day Microsoft Exchange Hack, Fast Random Bit Generation, Metadata Left in Security Agency PDFs, Upcoming Speaking Engagements

February 15, 2021:

Cell Phone Location Privacy, Injecting a Backdoor into SolarWinds Orion, Sophisticated Watering Hole Attack, SVR Attacks on Microsoft 365, Insider Attack on Home Surveillance Systems, Massive Brazilian Data Breach, Dutch Insider Attack on COVID-19 Data, Police Have Disrupted the Emotet Botnet, New iMessage Security Features, Including Hackers in NATO Wargames, Georgia’s Ballot-Marking Devices, More SolarWinds News, Another SolarWinds Orion Hack, Presidential Cybersecurity and Pelotons, NoxPlayer Android Emulator Supply-Chain Attack, SonicWall Zero-Day, Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer, Ransomware Profitability, Attack against Florida Water Treatment Facility, Medieval Security Techniques, Chinese Supply-Chain Attack on Computer Systems