Latest Essays

Don't Waste Your Breath Complaining to Equifax about Data Breach

  • Bruce Schneier
  • CNN
  • September 11, 2017

Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses vulnerable to fraud.

Many sites posted guides to protecting yourself now that it's happened. But if you want to prevent this kind of thing from happening again, your only solution is government regulation (as unlikely as that may be at the moment).

Read More →

IoT Security: What’s Plan B?

  • Bruce Schneier
  • IEEE Security & Privacy
  • September/October 2017

In August, four US Senators introduced a bill designed to improve Internet of Things (IoT) security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn’t regulate the IoT market. It doesn’t single out any industries for particular attention, or force any companies to do anything.

Read More →

‘Twitter and Tear Gas’ Looks at How Protest Is Fueled and Crushed by the Internet

The new book from Zeynep Tufekci looks at how the web has helped demonstrations take off around the globe, but also made them harder to sustain.

  • Bruce Schneier
  • Motherboard
  • July 11, 2017

There are two opposing models of how the internet has changed protest movements. The first is that the internet has made protesters mightier than ever. This comes from the successful revolutions in Tunisia (2010-11), Egypt (2011), and Ukraine (2013). The second is that it has made them more ineffectual.

Read More →

Why the NSA Makes Us More Vulnerable to Cyberattacks

The Lessons of WannaCry

  • Bruce Schneier
  • Foreign Affairs
  • May 30, 2017

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims' access to their computers until they pay a fee. Then there are the users who didn't install the Windows security patch that would have prevented an attack. A small portion of the blame falls on Microsoft, which wrote the insecure code in the first place.

Read More →

Who Are the Shadow Brokers?

What is—and isn’t—known about the mysterious hackers leaking National Security Agency secrets

  • Bruce Schneier
  • The Atlantic
  • May 23, 2017

In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of National Security Agency secrets. Since last summer, they've been dumping these secrets on the internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands of anyone who wants them. They have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers, forcing those companies and their customers to scramble.

Read More →

What Happens When Your Car Gets Hacked?

  • Bruce Schneier
  • The New York Times
  • May 19, 2017

As devastating as the latest widespread ransomware attacks have been, it's a problem with a solution. If your copy of Windows is relatively current and you've kept it updated, your laptop is immune. It's only older unpatched systems on your computer that are vulnerable.

Patching is how the computer industry maintains security in the face of rampant internet insecurity.

Read More →

Why Extending Laptop Ban Makes No Sense

  • Bruce Schneier
  • CNN
  • May 16, 2017

The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effectively allowing wealthier and more frequent fliers to bring their computers with them. This will only exacerbate the divide between the haves and the have-nots—all without making us any safer.

In March, both the United States and the United Kingdom required that passengers from 10 Muslim countries give up their laptop computers and larger tablets, and put them in checked baggage.

Read More →

The Next Ransomware Attack Will Be Worse than WannaCry

We'll need new security standards when hackers go after the Internet of Things.

  • Bruce Schneier
  • The Washington Post
  • May 16, 2017

Ransomware isn't new, but it's increasingly popular and profitable.

The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step-by-step instructions on how to pay, sometimes even offering a help line for victims unsure how to buy bitcoin.

Read More →

Three Lines of Defense against Ransomware Attacks

  • Bruce Schneier
  • New York Daily News
  • May 15, 2017

Criminals go where the money is, and cybercriminals are no exception.

And right now, the money is in ransomware.

It's a simple scam. Encrypt the victim's hard drive, then extract a fee to decrypt it.

Read More →

Online Voting Won’t Save Democracy

But letting people use the internet to register to vote is a start.

  • Bruce Schneier
  • The Atlantic
  • May 10, 2017

Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process.

First, the voter registration process can be improved. The whole process can be streamlined.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.