Essays

“How to Cut Down on Ransomware Attacks Without Banning Bitcoin,” Slate, June 17, 2021.

“Hacked Drones and Busted Logistics Are the Cyber Future of Warfare,” Brookings TechStream, June 05, 2021.

News

“We Have to Trust Technology,” Conversation with Nobel Minds, January 09, 2022.

“Bruce Schneier on Regulating at the Pace of Tech,” Transform, December 30, 2021.

“<cite>Click Here to Kill Everybody</cite>,” Conversation with Nobel Minds, December 26, 2021.

“Who’s Controlling the Internet?,” Project Save the World, October 28, 2021.

“Bruce Schneier’s book <cite>Secrets and Lies</cite>,” Byte, October 18, 2021.

“"את הפריצות המסוכנות ביותר לא מבצעים האקרים אלא העשירים",” Calcalist, September 08, 2021.

“Click Here To Kill Everybody,” Power Corrupts, September 07, 2021.

“Bruce Schneier: We Are Asking the Wrong Cybersecurity Questions,” CDO Trends, August 23, 2021.

“Secure Ventures Podcast,” Secure Ventures with Kyle McNulty, July 27, 2021.

“Going Meta: A Conversation and AMA with Bruce Schneier,” 8th Layer Insights, July 20, 2021.

“The Coming AI Hackers. How Will They Put Society At Risk?,” Cybercrime Magazine, June 15, 2021.

“The Coming AI Hackers,” Exponential View, June 09, 2021.

Crypto-Gram

January 15, 2022:

More Log4j News, More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers, Stolen Bitcoins Returned, Apple AirTags Are Being Used to Track People and Cars, More Russian Cyber Operations against Ukraine, People Are Increasingly Choosing Private Web Search, Norton’s Antivirus Product Now Includes an Ethereum Miner, Fake QR Codes on Parking Meters, Apple’s Private Relay Is Being Blocked, Faking an iPhone Reboot, Using Foreign Nationals to Bypass US Surveillance Restrictions, Using EM Waves to Detect Malware, Upcoming Speaking Engagements

December 15, 2021:

Securing Your Smartphone, Why I Hate Password Rules, Wire Fraud Scam Upgraded with Bitcoin, Is Microsoft Stealing People’s Bookmarks?, New Rowhammer Technique, “Crypto” Means “Cryptography,” Not “Cryptocurrency”, Apple Sues NSO Group, Proposed UK Law Bans Default Passwords, Intel Is Maintaining Legacy Technology for Security Research, Smart Contract Bug Results in $31 Million Loss, Testing Faraday Cages, Thieves Using AirTags to “Follow” Cars, Someone Is Running Lots of Tor Relays, New German Government is Pro-Encryption and Anti-Backdoors, Google Shuts Down Glupteba Botnet, Sues Operators, Law Enforcement Access to Chat Data and Metadata, NSO Group’s Pegasus Spyware Used Against US State Department Officials, On the Log4j Vulnerability, Upcoming Speaking Engagements

November 15, 2021:

Book Sale: Click Here to Kill Everybody and Data and Goliath, Security Risks of Client-Side Scanning, Missouri Governor Doesn’t Understand Responsible Disclosure, Ransomware Attacks against Water Treatment Plants, Using Machine Learning to Guess PINs from Video, Textbook Rental Scam, Problems with Multifactor Authentication, Nation-State Attacker of Telecommunications Networks, New York Times Journalist Hacked with NSO Spyware, How the FBI Gets Location Information, More Russian SVR Supply-Chain Attacks, Squid Game Has a Cryptocurrency, Hiding Vulnerabilities in Source Code, On Cell Phone Metadata, Using Fake Student Accounts to Shill Brands, US Blacklists NSO Group, Squid Game Cryptocurrency Was a Scam, Drones Carrying Explosives, Hacking the Sony Playstation 5, Advice for Personal Digital Security, MacOS Zero-Day Used against Hong Kong Activists, Upcoming Speaking Engagements

October 15, 2021:

Identifying Computer-Generated Faces, Zero-Click iMessage Exploit, Alaska’s Department of Health and Social Services Hack, FBI Had the REvil Decryption Key, ROT8000, The Proliferation of Zero-days, I Am Not Satoshi Nakamoto, Tracking Stolen Cryptocurrencies, Check What Information Your Browser Leaks, Hardening Your VPN, A Death Due to Ransomware, Cheating on Tests, Facebook Is Down, Syniverse Hack, The European Parliament Voted to Ban Remote Biometric Surveillance, Airline Passenger Mistakes Vintage Camera for a Bomb, Suing Infrastructure Companies for Copyright Violations, Recovering Real Faces from Face-Generation ML System, Upcoming Speaking Engagements

September 15, 2021:

Tetris: Chinese Espionage Tool, Apple’s NeuralHash Algorithm Has Been Reverse-Engineered, T-Mobile Data Breach, More on Apple’s iPhone Backdoor, Surveillance of the Internet Backbone, Interesting Privilege Escalation Vulnerability, Details of the Recent T-Mobile Breach, Excellent Write-up of the SolarWinds Security Breach, More Military Cryptanalytics, Part III, Zero-Click iPhone Exploits, History of the HX-63 Rotor Machine, Hacker-Themed Board Game, Tracking People by their MAC Addresses, Lightning Cable with Embedded Eavesdropping, Security Risks of Relying on a Single Smartphone, More Detail on the Juniper Hack and the NSA PRNG Backdoor, ProtonMail Now Keeps IP Logs, Designing Contact-Tracing Apps, Upcoming Speaking Engagements

August 15, 2021:

Colorado Passes Consumer Privacy Law, REvil is Off-Line, Candiru: Another Cyberweapons Arms Manufacturer, NSO Group Hacked, Nasty Windows Printer Driver Vulnerability, Commercial Location Data Used to Out Priest, Disrupting Ransomware by Disrupting Bitcoin, Hiding Malware in ML Models, De-anonymization Story, AirDropped Gun Photo Causes Terrorist Scare, Storing Encrypted Photos in Google’s Cloud, I Am Parting With My Crypto Library, The European Space Agency Launches Hackable Satellite, Paragon: Yet Another Cyberweapons Arms Manufacturer, Zoom Lied about End-to-End Encryption, Using "Master Faces" to Bypass Face-Recognition Authenticating Systems, Defeating Microsoft’s Trusted Platform Module, Apple Adds a Backdoor to iMessage and iCloud Storage, Cobalt Strike Vulnerability Affects Botnet Servers, Using AI to Scale Spear Phishing, Upcoming Speaking Engagements

July 15, 2021:

Andrew Appel on New Hampshire’s Election Audit, VPNs and Trust, Paul van Oorschot’s Computer Security and the Internet, Intentional Flaw in GPRS Encryption Algorithm GEA-1, Peloton Vulnerability Found and Fixed, The Future of Machine Learning and Cybersecurity, Apple Will Offer Onion Routing for iCloud/Safari Users, Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer, Banning Surveillance-Based Advertising, AI-Piloted Fighter Jets, NFC Flaws in POS Devices and ATMs, Risks of Evidentiary Software, Insurance and Ransomware, More Russian Hacking, Stealing Xbox Codes, Vulnerability in the Kaspersky Password Manager, Details of the REvil Ransomware Attack, Analysis of the FBI’s Anom Phone, Iranian State-Sponsored Hacking Attempts, China Taking Control of Zero-Day Exploits, Upcoming Speaking Engagements

June 15, 2021:

Is 85% of US Critical Infrastructure in Private Hands?, Adding a Russian Keyboard to Protect against Ransomware, Apple Censorship and Surveillance in China, Bizarro Banking Trojan, Double-Encrypting Ransomware, AIs and Fake Comments, New Disk Wiping Malware Targets Israel, The Story of the 2011 RSA Hack, The Misaligned Incentives for Cloud Security, Security Vulnerability in Apple’s Silicon "M1" Chip, The DarkSide Ransomware Gang, Security and Human Behavior (SHB) 2021, The Supreme Court Narrowed the CFAA, Vulnerabilities in Weapons Systems, Information Flows and Democracy, Detecting Deepfake Picture Editing, FBI/AFP-Run Encrypted Phone, TikTok Can Now Collect Biometric Data, Upcoming Speaking Engagements