Essays

“When Corporate Interests and International Cyber Agreements Collide,” The Cipher Brief, May 05, 2022.

“Why Vaccine Cards Are So Easily Forged,” The Atlantic, March 08, 2022.

“Letter to the US Senate Judiciary Committee on App Stores,” , January 31, 2022.

“Robot Hacking Games,” IEEE Security & Privacy, January 01, 2022.

News

“Expert Interviews: Hacktivism,” Cyber.RAR, June 29, 2022.

“Why AIs Will Become Hackers,” Dark Reading, June 09, 2022.

“Schneier on Security for Tomorrow’s Software,” The Changelog, May 20, 2022.

“Unscripted with Bruce Schneier,” PSICC Data Privacy Week 2022, February 04, 2022.

“Bruce Schneier on Regulating at the Pace of Tech,” Transform, February 01, 2022.

“History of Hacking,” Cybercrime Magazine, January 29, 2022.

“We Have to Trust Technology,” Conversation with Nobel Minds, January 09, 2022.

“Bruce Schneier on Regulating at the Pace of Tech,” Transform, December 30, 2021.

“<cite>Click Here to Kill Everybody</cite>,” Conversation with Nobel Minds, December 26, 2021.

Crypto-Gram

June 15, 2022:

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms, Attacks on Managed Service Providers Expected to Increase, iPhone Malware that Operates Even When the Phone Is Turned Off, Websites that Collect Your Data as You Type, Bluetooth Flaw Allows Remote Unlocking of Digital Locks, The Onion on Google Map Surveillance, Forging Australian Driver’s Licenses, The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking, Manipulating Machine-Learning Systems through the Order of the Training Data, Malware-Infested Smart Card Reader, Security and Human Behavior (SHB) 2022, The Limits of Cyber Operations in Wartime, Clever -- and Exploitable -- Windows Zero-Day, Remotely Controlling Touchscreens, Me on Public-Interest Tech, Long Story on the Accused CIA Vault 7 Leaker, Leaking Military Secrets on Gaming Discussion Boards, Smartphones and Civilians in Wartime, Twitter Used Two-Factor Login Details for Ad Targeting, Cryptanalysis of ENCSecurity’s Encryption Implementation, Hacking Tesla’s Remote Key Cards, Upcoming Speaking Engagements

May 15, 2022:

Undetectable Backdoors in Machine-Learning Models, Clever Cryptocurrency Theft, Long Article on NSO Group, Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries, SMS Phishing Attacks are on the Rise, Zero-Day Vulnerabilities Are on the Rise, Microsoft Issues Report of Russian Cyberattacks against Ukraine, Video Conferencing Apps Sometimes Ignore the Mute Button, Using Pupil Reflection in Smartphone Camera Selfies, New Sophisticated Malware, 15.3 Million Request-Per-Second DDoS Attack, Corporate Involvement in International Cybersecurity Treaties, Apple Mail Now Blocks Email Trackers, ICE Is a Domestic Surveillance Agency, Surveillance by Driverless Car, Upcoming Speaking Engagements

April 15, 2022:

US Critical Infrastructure Companies Will Have to Report When They Are Hacked, Breaking RSA through Insufficiently Random Primes, "Change Password", Why Vaccine Cards Are So Easily Forged, Developer Sabotages Open-Source Software Package, White House Warns of Possible Russian Cyberattacks, NASA’s Insider Threat Program, Linux Improves Its Random Number Generator, Gus Simmons’s Memoir, A Detailed Look at the Conti Ransomware Gang, Stalking with an Apple Watch, Chrome Zero-Day from North Korea, Bypassing Two-Factor Authentication, Wyze Camera Vulnerability, Hackers Using Fake Police Data Requests against Tech Companies, Cyberweapons Arms Manufacturer FinFisher Shuts Down, US Disrupts Russian Botnet, AirTags Are Used for Stalking Far More than Previously Reported, De-anonymizing Bitcoin, John Oliver on Data Brokers, Russian Cyberattack against Ukrainian Power Grid Prevented, Industrial Control System Malware Discovered, Upcoming Speaking Engagements

March 15, 2022:

Secret CIA Data Collection Program, Vendors are Fixing Security Flaws Faster, Possible Government Surveillance of the Otter.ai Transcription App, Stealing Bicycles by Swapping QR Codes, A New Cybersecurity "Social Contract", Bypassing Apple’s AirTag Security, An Elaborate Employment Con in the Internet Age, Privacy Violating COVID Tests, Insurance Coverage for NotPetya Losses, Decrypting Hive Ransomware Data, Vulnerability in Stalkerware Apps, Details of an NSA Hacking Operation, Samsung Encryption Flaw, Hacking Alexa through Alexa’s Speech, Using Radar to Read Body Language, Fraud on Zelle, Where’s the Russia-Ukraine Cyberwar?, Leak of Russian Censorship Data, Upcoming Speaking Events

February 15, 2022:

An Examination of the Bug Bounty Marketplace, UK Government to Launch PR Campaign Undermining End-to-End Encryption, Are Fake COVID Testing Sites Harvesting Data?, San Francisco Police Illegally Spying on Protesters, China’s Olympics App Is Horribly Insecure, Linux-Targeted Malware Increased by 35%, Merck Wins Insurance Lawsuit re NotPetya Attack, New DeadBolt Ransomware Targets NAS Devices, Tracking Secret German Organizations with Apple AirTags, Twelve-Year-Old Linux Vulnerability Discovered and Patched, Me on App Store Monopolies and Security, Finding Vulnerabilities in Open Source Projects, Interview with the Head of the NSA’s Research Directorate, The EARN IT Act Is Back, Amy Zegart on Spycraft in the Internet Age, Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer, Bunnie Huang’s Plausibly Deniable Database, On the Irish Health Services Executive Hack, Upcoming Speaking Engagements

January 15, 2022:

More Log4j News, More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers, Stolen Bitcoins Returned, Apple AirTags Are Being Used to Track People and Cars, More Russian Cyber Operations against Ukraine, People Are Increasingly Choosing Private Web Search, Norton’s Antivirus Product Now Includes an Ethereum Miner, Fake QR Codes on Parking Meters, Apple’s Private Relay Is Being Blocked, Faking an iPhone Reboot, Using Foreign Nationals to Bypass US Surveillance Restrictions, Using EM Waves to Detect Malware, Upcoming Speaking Engagements

December 15, 2021:

Securing Your Smartphone, Why I Hate Password Rules, Wire Fraud Scam Upgraded with Bitcoin, Is Microsoft Stealing People’s Bookmarks?, New Rowhammer Technique, “Crypto” Means “Cryptography,” Not “Cryptocurrency”, Apple Sues NSO Group, Proposed UK Law Bans Default Passwords, Intel Is Maintaining Legacy Technology for Security Research, Smart Contract Bug Results in $31 Million Loss, Testing Faraday Cages, Thieves Using AirTags to “Follow” Cars, Someone Is Running Lots of Tor Relays, New German Government is Pro-Encryption and Anti-Backdoors, Google Shuts Down Glupteba Botnet, Sues Operators, Law Enforcement Access to Chat Data and Metadata, NSO Group’s Pegasus Spyware Used Against US State Department Officials, On the Log4j Vulnerability, Upcoming Speaking Engagements