Essays in the Category "Computer and Information Security"

Page 1 of 30

Centralized Vs. Decentralized Data Systems—Which Choice Is Best?

  • David Weldon
  • VentureBeat
  • September 12, 2022

Healthcare and insurance payers spend nearly $496 billion each year on billing and insurance-related costs, noted Bruce Schneier, chief of security architecture at Inrupt—a company created by the father of the modern web, Tim Berners-Lee. As the amount of data continues to grow, it is becoming more difficult for healthcare providers to access necessary information when treating patients.

Providers typically turn to centralized means such as healthcare information exchanges, but these present a laundry list of potential problems, Schneier argued…

Letter to the US Senate Judiciary Committee on App Stores

  • Bruce Schneier
  • January 31, 2022

View or Download in PDF Format

The Honorable Dick Durbin
Chair
Committee on Judiciary
711 Hart Senate Office Building
Washington, D.C. 20510

The Honorable Amy Klobuchar
Chair
Subcommittee on Competition Policy,
Antitrust, and Consumer Rights
425 Dirksen Senate Office Building
Washington, D.C. 20510

The Honorable Chuck Grassley
Ranking Member
Committee on Judiciary
135 Hart Senate Office Building
Washington, D.C. 20510

The Honorable Mike Lee
Ranking Member
Subcommittee on Competition Policy,
Antitrust, and Consumer Rights
361A Russell Senate Office Building…

Robot Hacking Games

  • IEEE Security & Privacy
  • January/February 2022

View or Download in PDF Format

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems and exploiting them in others’. It’s the software vulnerability lifecycle.

These days, dozens of teams from around the world compete in weekend-long marathon events held all over the world. People train for months. Winning is a big deal. If you’re into this sort of thing, it’s pretty much the most fun you can possibly have on the Internet without committing multiple felonies…

How to Cut Down on Ransomware Attacks Without Banning Bitcoin

  • Bruce Schneier and Nicholas Weaver
  • Slate
  • June 17, 2021

Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. The first is the realization that no one values data more than its original owner, and it makes more sense to ransom it back to them—sometimes with the added extortion of threatening to make it public—than it does to sell it to anyone else. The second is a safe way of collecting ransoms: Bitcoin.

This is where the suggestion to ban cryptocurrencies as a way to “solve” ransomware comes from. Lee Reiners, executive director of the Global Financial Markets Center at Duke Law, …

Russia’s Hacking Success Shows How Vulnerable the Cloud Is

The cloud is everywhere. It’s critical to computing. And it’s under attack.

  • Foreign Policy
  • May 24, 2021

Russia’s Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and U.S. federal agencies, including the Treasury, Energy, Justice, and Homeland Security departments. A crucial part of the Russians’ success was their ability to move through these organizations by compromising cloud and local network identity systems to then access cloud accounts and pilfer emails and files.

Hackers said by the U.S. government to have been working for the Kremlin targeted a widely used Microsoft cloud service that synchronizes user identities. The hackers …

Bitcoin’s Greatest Feature Is Also Its Existential Threat

The cryptocurrency depends on the integrity of the blockchain. But China’s censors, the FBI, or powerful corporations could fragment it into oblivion.

  • Barath Raghavan and Bruce Schneier
  • Wired
  • March 9, 2021

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger. Since the blockchain is globally accessible and hard to take down, the botnet’s operators appear to be safe…

Illuminating SolarStorm: Implications for National Strategy and Policy

  • Aspen Institute
  • March 4, 2021

This essay appeared as part of a round table on how to respond to the SolarWinds attack.

This operation was a tremendous intelligence success for the Russian government, and recovering from it is going to be much harder than people think. It might not even be possible. It requires much more than simply patching the Sunburst vulnerability. It means burning the infected networks to the ground and rebuilding them from scratch, just as you might reinstall your computer’s operating system after a bad virus. But even that won’t be enough.

The Russians were slow and deliberate, using the backdoor in the SolarWinds update to obtain initial footholds in only a few of the 18,000 vulnerable networks, and then working over months to establish persistence by creating alternative means of access that would survive discovery of the initial vulnerability…

The Government Will Guard Biden’s Peloton from Hackers. What About the Rest of Us?

The Security Threat to Worry About Is the One Facing the Public, Not the President

  • Bruce Schneier
  • The Washington Post
  • February 2, 2021

President Biden wants his Peloton in the White House. For those who have missed the hype, it’s an Internet-connected stationary bicycle. It has a screen, a camera and a microphone. You can take live classes online, work out with your friends or join the exercise social network. And all of that is a security risk, especially if you are the president of the United States.

Any computer brings with it the risk of hacking. This is true of our computers and phones, and it’s also true about all of the Internet-of-Things devices that are increasingly part of our lives. These large and small appliances, cars, medical devices, toys and—yes—exercise machines are all computers at their core, and they’re all just as vulnerable. Presidents face special risks when it comes to the IoT, but Biden has the National Security Agency to help him handle them…

The Solarwinds Hack Is Stunning. Here’s What Should Be Done

  • Bruce Schneier
  • CNN
  • January 5, 2021

The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses—primarily through a malicious update of the SolarWinds network management software—may have slipped under most people’s radar during the holiday season, but its implications are stunning.

According to a Washington Post report, this is a massive intelligence coup by Russia’s Foreign Intelligence Service (SVR). And a massive security failure on the part of the United States is also to blame. Our insecure internet infrastructure has become a critical national security risk—one that we need to take seriously and spend money to reduce…

The US Has Suffered a Massive Cyberbreach. It’s Hard to Overstate How Bad It Is

This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols

  • Bruce Schneier
  • The Guardian
  • December 24, 2020

Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but that’s wrong on two accounts. It wasn’t a cyber-attack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.

Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk—and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack…

1 2 3 30

Sidebar photo of Bruce Schneier by Joe MacInnis.