Essays: 2018 Archives
This essay appeared as half of a point/counterpoint with Priscilla Regan, in a CQ Researcher report on Privacy and the Internet.
Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the internet, it is vulnerable.
But just because everything is hackable doesn't mean everything will be hacked.
What the battle looks like after Section 702's reauthorization
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On Jan. 18, when President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of U.S. law.
Unprecedented computer-chip vulnerabilities exposed this month paint a grim picture of the future of cybersecurity.
On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched—at least to the extent possible.
This news isn't really any different from the usual endless stream of security vulnerabilities and patches, but it's also a harbinger of the sorts of security problems we're going to be seeing in the coming years. These are vulnerabilities in computer hardware, not software.
The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution—which,of course, is not a solution—is to throw them all away and buy new ones that may be available in a few years.
On Wednesday, researchers announced a series of major security vulnerabilities in the microprocessors at the heart of the world's computers for the past 15 to 20 years. They've been named Spectre and Meltdown, and they operate by manipulating different ways processors optimize performance by rearranging the order of instructions or performing different instructions in parallel. An attacker who controls one process on a system can use the vulnerabilities to steal secrets from elsewhere on the computer.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.