News: 2014 Archives

Video: Was the Sony Hack an "Act of War"?

  • All In with Chris Hayes
  • December 18, 2014

Bruce Schneier and former CIA deputy division chief Bruce Klingner spoke with Ari Melber about the Sony hack.

Watch the Video on

Video: Security Expert: We Saw Sony Attack Coming

  • Wall Street Journal's The News Hub
  • December 18, 2014

The security hack that happened to Sony could happen to anyone. Co3 Systems’ Bruce Schneier explains on the News Hub with Geoff Rogow.

Watch the Video or Read the Transcript on

Top 10 Information Security Bloggers in 2014

  • Dejan Kosutic
  • The ISO 27001 & ISO 22301 Blog
  • December 17, 2014


Schneier on Security by Bruce Schneier

One of those security blogs you cannot afford to avoid, it focuses on a wide range of subjects, and one of the most common topics in 2014 was the NSA and Edward Snowden affair. I like this blog because Bruce doesn’t publish only his articles: he also comments on various other security news and publications, so you can use it as a kind of a portal to a wider picture of the security world.

One of his most popular posts was on the Heartbleed bug—almost 300 comments there.

Bruce Schneier: Sony Hackers "Completely Owned This Company"

  • Jason Koebler
  • Motherboard
  • December 16, 2014

The Sony hack is “every CEO’s worst nightmare” and the leaked data is probably going to send someone to jail, security expert Bruce Schneier says. That, not any threat of violence, is the real power of this hack.

The “Guardians of Peace,” as the group behind the attack has called itself, posted a new dump of emails today, this time from CEO Michael Lynton. The hackers also issued a warning implying that any theater screening the political comedy The Interview, which is about the assassination of North Korean leader Kim Jong-un, could be the target of a physical attack as well…

Sony Hackers: It's Not the North Korean Government, nor an Insider, Suggests Security Expert Bruce Schneier

  • Graeme Burton
  • Computing
  • December 15, 2014

Cryptographer and security expert Bruce Schneier has suggested that the hackers behind the devastating hack and leak of internal data from Sony Pictures is neither the work of the North Korean government, nor of insiders.

"At this point, the attacks seem to be a few hackers and not the North Korean government. (My guess is that it’s not an insider, either). That we live in the world where we aren’t sure if any given cyber attack is the work of a foreign government or a couple of guys should be scary to us all," he wrote in a blog post.

Instead, he added, …

Reboot 25: Industry Pioneers

  • Danielle Walker
  • SC Magazine
  • December 8, 2014


According to Bruce Schneier, his career in IT security has been an endeavor he naturally “flowed into.” Schneier, a prominent cryptologist who developed numerous encryption algorithms, including Blowfish and Twofish, has continued to contribute to the industry through his musings and insight on his esteemed blog “Schneier on Security,” and newsletter “Crypto-Gram,” which have garnered a major following in the community. Having gotten his start in cryptography, Schneier says he eventually moved into computer security, network security and security technology as a focus. In his attempt to “understand context” as it pertains to the threat landscape, Schneier also turned to examining the economics, psychology and sociology of security and now he primarily studies and shares his views on the political science of security, he tells …

Video: Schneier on Internet Safety

  • Boom Bust
  • December 5, 2014

Bruce Schneier, noted cryptologist and fellow at the Berman Center for Internet & Society at Harvard Law School, tells us how to protect our Wi-Fi connection in public and prevent ISPs from tracking our mobile internet use.

Watch or Download the Video on

Bruce Schneier: There Are Three Big Threats to Cybersecurity—and One Defense

  • Dennis Keohane
  • BetaBoston
  • December 5, 2014

BetaBoston partnered with Silicon Valley Bank, Hack/Reduce, and Terrible Labs on Thursday to host the Cyber Security Symposium. Security experts from Credit Suisse, Threat Stack, Bit9 and others convened for a day-long event, the second niche-focused conference put together by SVB, Atlas Venture’s Cort Johnson and Terrible Labs’ Smith Anderson after the Quantified Self Conference in March.

The event was capped off with a talk by security expert Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard, and the chief technology officer at Co3 Systems…

Video: Bruce Schneier: "Encryption Makes the Internet Safer"

  • Boom Bust
  • November 12, 2014

Erin Ade sits down with Bruce Schneier – noted author, cryptologist, and fellow at the Berkman Center for Internet and Security and Harvard Law School. Bruce gives us his take on President Obama’s recent statement on net neutrality and explains why encryption is vital to personal security and privacy.

Watch the Video on YouTube

5 Questions For Cybersecurity Expert Bruce Schneier After the Latest White House Hacking

  • Margaret Talev
  • October 29, 2014

Democrats didn’t need this: Another cyberattack on an unclassified White House computer network (and unconfirmed reports of Russian involvement) in the closing days of a midterm election in which voter frustration toward President Barack Obama,  government dysfunction and national security fears already are hurting their chances of hanging onto control of the Senate.

Chinese hackers reportedly targeted White House staffers’ Gmail accounts in 2011.  The next year, Chinese hackers reportedly used spear phishing to break into an unclassified…

Video: Surveillance: The Hidden Ways You’re Tracked

Just how much of your life is watched? Security expert Bruce Schneier points out that it is more than most people think, says Chris Baraniuk.

  • Chris Baraniuk
  • BBC
  • October 27, 2014

Watch the Video on

Do you have secrets? Security expert Bruce Schneier has little patience for those who say they don’t.

When asked about government and corporate surveillance, there are some who shrug their shoulders and say they have nothing to fear because they have nothing to hide. Schneier’s response? “I ask them their salary and they won’t tell me. I ask them about their sexual fantasy world and they won’t tell me. The whole ‘I have nothing to hide’ thing is stupid, that’s a dumb comment,” he says. What’s more, your day-to-day behaviour is monitored in ways you wouldn’t even realise, so these details and many more could be open for all to see – and use against you. And that’s a problem, even if you happen to trust your government to use the data for good…

"A Motivated, Funded, Skilled Hacker Will Always Get In"—Schneier

It's how you respond that's key, says securo guru

  • John Leyden
  • The Register
  • October 9, 2014

Hacking attacks are more or less inevitable, so organisations need to move on from the protection and detection of attacks towards managing their response to breaches so as to minimise harm, according to security guru Bruce Schneier.

Prevention and detection are necessary, but not sufficient, he said. Improving response means that organisations stay on their feet even after they are hit by a serious security breach or hacking attack.

“A sufficiently motivated, funded and skilled hacker will always get in,” Schneier told delegates during a keynote at the IP Expo conference in London. The security guru added that criminals and hackers are now using the sort of tools and techniques that were once the sole purview of intel agencies…

Internet Turned into "Giant Surveillance Platform" by NSA

  • Ruadhán Mac Cormaic
  • The Irish Times
  • October 6, 2014

The US National Security Agency (NSA) has turned the internet into a “giant surveillance platform,” a leading security specialist has said.

Bruce Schneier, who has written extensively on digital security and privacy, told an audience in Dublin tonight that the revelations by whistleblower Edward Snowden of large-scale surveillance by the NSA showed that we were living in a “golden age of surveillance.”

In a lecture for the human rights group Front Line Defenders, Mr. Schneier said the NSA’s role changed completely after the 9/11 attacks, when US intelligence agencies were given “an impossible mission: never again.” “The only way to ensure something doesn’t happen is to know everything that is happening,” he said…

Liars & Outliers—an Enjoyable & Thoughtful Read

  • Ben Spaulding
  • October 1, 2014

In February of 2012 the venerable Bruce Schneier published yet another book, Liars & Outliers. It was a book that I really wanted to read, but at the time was lacking both funds and the time.

Some months later he posted an offer to his blog: buy the book cheap if you promise to post a review. Impulsively, I jumped on it. Save some money, get a great book, and it comes with a little pressure to read it quickly and get a review up; that sounded like just the deal I needed!

I’m embarrassed to say that was over two years ago. While I had started reading the book immediately, it was not until last month that I set a firm goal to read it and finally completed the book. I regret not having done that earlier because …

A Look Back at ‘The State of Incident Response’ by Bruce Schneier

  • Zubair Ashraf
  • Security Intelligence
  • September 24, 2014

In my continuing series of keynote recaps, I will be covering Bruce Schneier’s keynote at Black Hat USA 2014—yes, it can be called a keynote even though it is more of a briefing. By the way, Black Hat: Next time, please give him appropriate space; people were lining up outside the room waiting to get in because of the lack of space.

I will be sharing what I learned from his speech in my own words with selected graphics. Schneier’s “The State of Incident Response” talk is available online, but if you don’t have an hour to watch that, read this as a recap. Hopefully, it will help you take some action or remind you of your New Year’s resolution to improve security. Finally, I hope this serves as a good resource for those starting in the field who are too focused on their day-to-day cyberdefense role to step back and look at the bigger picture…

Audio: Breaking up the NSA

  • Future Tense
  • September 21, 2014

Almost a year and a half after the Snowden revelations, it’s business as usual for America’s giant global eavesdropping and spying organisation: the NSA, the National Security Agency.

As revelations continue to unfold, legislative attempts to rein in the NSA’s powers appear to be stalling. But, Harvard University security analyst Bruce Schneier says the situation is unacceptable.

In the future, argues Schneier, people will look back at the way we ignore privacy today and ask “how could we be that immoral?” He’s put forward his own plan for breaking -up the NSA, and in so doing, bringing its activities under greater civilian control…

BlackHat 2014: Incident Response Best Practice & Automation Key to Success—Bruce Schneier

  • Fahmida Y. Rashid
  • Infosecurity Magazine
  • August 11, 2014

Network breaches are inevitable. It’s what happens next that really matters, said renowned cryptographic expert Bruce Schneier during the Black Hat security conference.

If there is something the organization has the attacker wants, the attacker will figure out a way to get in. Regardless of how much the organization invests in its defenses, attackers need to find that one weak spot to succeed. This is why incident response—being able to detect an incident had occurred, and then being able to respond effectively to remediate the incident—is so critical…

Carry On: Sound Advice from Schneier on Security (Review)

  • Ben Rothke
  • RSA Conference Blog
  • August 11, 2014

Bruce Schneier has been called an information security rock star. If that’s the case, then Carry On: Sound Advice from Schneier on Security is his greatest hits collection 2008-2013.

The roughly 175 essays in the book represent a collection of articles Schneier wrote for this Crypto-Gram newsletter, his blog and other blogs, magazines, newspapers and other periodicals.

Some of the articles, such as the 2008 piece “Chinese Cyberattacks: Myth or Menace?” are clearly dated. A number of the other articles are somewhat redundant in that they were written on the same topic for different audiences…

Incident Response: Beyond the Breach

Bruce Schneier on Expanding the Use of Automated Tools

  • Eric Chabrow
  • InfoRisk Today
  • August 8, 2014

When the organizers of the just-concluded Black Hat USA conference wanted to explore incident response, they turned to Bruce Schneier, the cryptographer, author, blogger and cybersecurity expert, to make a presentation. Until recently, however, Schneier’s name wouldn’t be on most people’s list of incident response experts.

Schneier’s reputation, after all, was built on his keen observations of the influence of IT security on society and vice versa, as well as bringing to light the previously unknown, such as the National Security Agency’s tampering with cryptography guidance from the National Institute of Standards and Technology (see …

Black Hat: Bruce Schneier Talks Incident Response, Trends

  • Adam Greenberg
  • SC Magazine
  • August 7, 2014

In his Black Hat 2014 session entitled “The State of Incident Response,” security guru Bruce Schneier, CTO of Co3 Systems, Inc., said that hackers will invariably breach networks, but it is what comes next that really matters.

Placing a great deal of emphasis on automated systems and technology being used to support the people needed for incident response, Schneier proposed a four-step approach: observe, context, decide, and act.

Observe means knowing what is happening on networks in real-time, which can be done using log monitoring, log analysis tools, network management tools and the like, Schneier said…

Video: Bruce Schneier Talks Data-Mining, Surveillance & Embedded Computing Systems

  • Boom Bust
  • July 31, 2014

Erin Ade talks to Bruce Schneier about the efforts of government and private companies to track us and our personal information. However, our outrage over this invasion of privacy is overshadowed by the convenience of using technology. This tension has led to our ongoing, intense debate over the tradeoffs between security and surveillance. To help sort out all of these issues Schneier weighs in.

Watch the Video on YouTube

Video: Incident Response Management Breaking New Ground

  • SearchSecurity
  • July 7, 2014

Bruce Schneier is one of the best-known security professionals both within the field and in the larger world of technology policymaking. He’s written 12 books, produces the influential "Schneier on Security" blog and is widely quoted in the press. After a multi-year stint at BT Managed Security Solutions, Schneier has moved to a startup: Co3 Systems. The new company, where he serves as Chief Technology Officer, makes a tool that focuses specifically on security incident response management.

"It’s software that allows companies to coordinate their response," Schneier says. "You put in your response plan—or if you don’t have one, it generates best practices. It knows the laws; it knows the regulations. You tell it who does what. And when an incident happens, it generates tasks, it follows up on them, and it makes sure that everything that’s supposed to get done gets done."…

Video: UO Today #583 Bruce Schneier

  • UO Today
  • June 25, 2014

Bruce Schneier, cyber-security expert and author of Liars and Outliers: Enabling the Trust Society Needs to Thrive, talks about corporate and governmental data collection and surveillance. Schneier gave a lecture, “Internet, Security, and Power” on May 28, 2014 at the UO in Eugene and at the UO in Portland on May 29, 2014.

Watch the Video on The UO Channel

Bruce Schneier: Web Attackers Are Trouncing Defenders

  • Dan Worth
  • June 5, 2014

Cyber defenders are currently fighting a losing battle against hackers and government agencies, according to security expert Bruce Schneier.

Speaking in London on Thursday, the security guru said that with cyber criminals’ attacks increasing in sophistication all the time, incidents like the Target credit card theft will only become more common.

“Security is a battle of attack versus defence and right now on the internet attack is much easier than defence,” he said at the Good Exchange event, attended by V3.

Schneier pointed to advanced persistent threats (APT) as an area where organisations are woefully ill-prepared to prevent attacks…

Schneier: "Most of the World Is Under Surveillance"

Security technologist Bruce Schneier tells DW why he finds it curious that the German BND is getting a free pass on surveillance and why Europe should take the lead on protecting privacy in the digital age.

  • Michael Krigge
  • Deutsche Welle
  • June 4, 2014

DW: One year ago the Guardian published the first article on the NSA’s surveillance activities based on the disclosures of Edward Snowden. Many other revelations have followed since and triggered a robust international debate about surveillance and privacy. Now one year later what is the most significant consequence of Snowden’s disclosures?

Bruce Schneier: Right now the most significant consequence has been the knowledge that has fueled the debate. A lot of what we have read from these NSA documents isn’t surprising, but the details make them real in a way that speculation doesn’t. And by putting the documents in front of the world and forcing the debate Snowden has made an enormous contribution. And that is I think why he has been given all these awards and people respect him…

Audio: Incident Response Redux

  • Security Advisor Alliance Podcast
  • April 22, 2014

Bruce Schneier is the special guest on Episode 11 of the Security Advisor Alliance, on Incident Response.

Listen to the Podcast on Security Advisor Alliance

How to Create a Safer Password

A short password, or one using a name or a word in a dictionary, can be easily cracked by computers. And simply adding "@" for the letter "a" isn't going to fool the bad guys.

  • Susie Poppick
  • Money Magazine
  • April 14, 2014

Here’s cryptographer and computer security expert Bruce Schneier’s advice on using and managing your passwords.

1. Use a “passphrase”: a sentence you can remember. Then replace each word of the phrase with its initial, a similar digit or symbol, or, at random, use a whole word.

For example:


m d N8 w @ r ! h s

The new password is mdN8w@r!hs. (Don’t use this one, though.)

2. That may still be tough to remember. If you need to, write a reminder and hide the paper somewhere safe. But write the phrase or a hint, not the password…

Schneier: Internet Has Delivered a "Golden Age of Surveillance"

  • Taylor Armerding
  • CSO
  • April 11, 2014

“Information is power,” has been true for so long that it has become a cliché.

But the Internet has increased the power to collect, store and analyze information by such an order of magnitude that we are now in what Bruce Schneier called “the golden age of surveillance,” in his keynote address Wednesday morning at SOURCE Boston.

That would be golden for those doing the surveillance, not the subjects of it.

Schneier, author, security guru, blogger and CTO of Co3 Systems, said the expectation that the Internet would mainly empower the powerless—grassroots groups, hackers, minorities and other relatively fringe groups—did come true for a number of years. But governments around the world have now caught up, he said. And they are better prepared to use power than small, disparate groups…

Audio: Bruce Schneier talks about the Shift of Power on the Internet

  • Trusted Software Alliance
  • April 9, 2014

‘’It’s only metadata’ is a mischaracterization that plays into goverment hands.’—Bruce Schneier

At the 2014 Source Conference in Boston, I was able to sit down with Bruce Schneier after his keynote to clarify his position on several topics he brought up. The Twitter stream was on fire during his presentation as he described how the power of government and large corporations affects the internet. Where are the boundaries between personal data and corporate/government usage of that data? What is our responsibility in the equation?

An interesting observation from Bruce is that despite the government’s insistence that they are only collecting metadata, which according to them has no intrinsic value, that presupposes  metadata is somehow less important or less personal when it comes to interrogating the data. This despite that it can be used to generate a network of contacts such as …

Audio: Bruce Schneier, NSA and Toaster Hacking

  • Occupy Radio
  • April 9, 2014

In G-Force, the 2009 Disney movie, a group of secret agent rodents stops a kitchen gadget robot apocalypse. In the real world, we’re in no danger from weaponized blenders, but our toasters just might be used in a denial of service attack.

Rivera Sun and Getch talk with computer security, and privacy specialist, Bruce Schneier. We get the scoop on the latest from the NSA, as well as the security vulnerabilities in the vast internet of things, this week on Occupy Radio.

Listen to the Audio on

Surveillance is the Business Model of the Internet: Bruce Schneier

  • Fahmida Y. Rashid
  • SecurityWeek
  • April 9, 2014

Data is a natural consequence of computing, and as search tools get better, it shifts the balance of power towards mass collection and surveillance, renowned security expert Bruce Schneier said at the SOURCE Boston conference on Wednesday.

“Surveillance is the business model of the Internet,” Schneier told attendees. “We build systems that spy on people in exchange for services. Corporations call it marketing.”

The data economy—the growth of mass data collection and tracking—is changing how power is perceived, Schneier said in his keynote speech. The Internet and technology has changed the impact a group can have on others, where dissidents can use the Internet to amplify their voices and extend their reach. Governments already have a lot of power to begin with, so when they take advantage of technology, their power is magnified, he said…

Bruce Schneier: Technology Magnifies Power in Surveillance Era

  • Michael Mimoso
  • Threatpost
  • April 9, 2014

BOSTON—History is not entirely kind to those responsible for the Industrial Age in the 19th century. How, for example, were the consequences of industrial innovation such as pollution largely ignored?

Flash forward to today’s digital age and ask the same question: How are those responsible for building our infrastructure callously disregarding privacy and security in favor of rapid online innovation?

“I think this is the issue by which we will be judged when our grandchildren read the history of the early days of the Internet,” said Bruce Schneier today during his Source Boston keynote…

Security Expert Bruce Schneier On Passwords, Privacy and Trust

  • Ryan Dube
  • MakeUseOf
  • March 20, 2014

In today’s interconnected world, all it takes is one security mistake to make your whole world come crashing down. Who better to turn to for advice than security expert Bruce Schneier?

If you have even a passing interest in security matters, then you’ve surely come across the writings of Bruce Schneier, a world-renowned security guru who has served on numerous government committees, testified before Congress, and is the author of 12 books on security issues so far, as well as countless essays and academic papers.

After hearing about Schneier’s newest book, …

Audio: Google Moves to Take Back the Net from Spying Eyes

  • 2ser's The Daily
  • March 18, 2014

News emerged this week that web giant Google is routinely encrypting web searches conducted in China in a move designed to offset the national government’s ability to censor the Internet and track what individuals are viewing. The Google move is part of a global expansion of privacy technology to counter surveillance by government intelligence agencies, police and hackers and is seen as a direct consequence of whistleblower, Edward Snowden’s release last year of US National Security Agency (NSA) documents exposing the extent of government surveillance of the Internet…

Glenn Greenwald's Encryption Guru

Bruce Schneier says the key to good security is accepting that perfect security doesn’t exist.

  • Alex Carp
  • Politico Magazine
  • March 16, 2014

Last fall, not long after Bruce Schneier quietly revealed himself as the cryptographer who had helped journalist Glenn Greenwald review Edward Snowden’s NSA documents, he found himself on CNN International, talking about allegations that the United States had spied on the chancellor of Germany.

An exasperated host beamed Schneier in from Minneapolis, where he lives, and asked him to “help us,” as she put it, “decipher this enigma.” Schneier is a legendary encryption specialist who has written or edited 13 books on the subject, and worked for the Department of Defense, telecommunications companies, banks and governments. Most recently, he’s been a vocal advocate of the idea that the best security systems accept a reasonable amount of risk; a blind focus on protecting against every threat, he says, usually comes with unexpected costs…

Audio: Josh Corman Talks to Bruce about His Upcoming Keynote at SOURCE

  • SOURCE Security Conference
  • March 13, 2014

Josh Corman talks to Bruce about his keynote at the 2014 SOURCE Security Conference.

Watch the Video at

Video: Bruce Schneier on Incident Response and His Next Book

  • eSecurity Planet
  • March 13, 2014

Few figures in the IT security landscape command the respect and admiration of so many people as does Bruce Schneier. The well-regarded expert recently changed jobs, moving from BT to become the CTO of Co3 Systems in January of this year.

In a video interview with eSecurity Planet, Schneier explains why the incident response technology that Co3 Systems builds is an important part of the modern IT security lifecycle. A key part of what Co3 does is to automate the details of incident response, he said.

“When you’re under attack, the last thing you want to do is worry about all the details,” he said. “You want someone to do that for you; otherwise you’ll forget something.”…

Don't Look Now, but Our Smart Machines May Be Sharing Data about You with… Anyone

We are entering a new era of Internet connectivity — the Internet of Things. Suddenly our devices are much more than just the computers we can hold in our laps.

  • Adam Wernick
  • Public Radio International
  • March 10, 2014

These new devices collect information and make decisions on their own. What does this mean for us?

Bruce Schneier, an author and security technologist who has written several articles about the darker side of the Internet of Things, describes the new situation this way:

“The Internet of yesterday was the Internet of the things we typed into it. It was Facebook. It was text messages. It was a lot of data, but it was data that we gave it. Now the Internet is starting to look around for itself,” he says. 

Schneier says the Internet of Things has a set of eyes and ears that it never had before. And this raises troubling questions about privacy and security. …

Audio: Delving into the Security of an Internet of Things

  • Science Friday
  • March 7, 2014

If your car, your thermostat, and your refrigerator are all online and communicating with the world, is enough attention being given to who might be listening—or talking—to your networked things? And what happens if there’s a security flaw in the networking component of, say, your toaster? Security expert Bruce Schneier says that the world is at a crisis point regarding embedded network security, and that an Internet of Things could mean ubiquitous surveillance.

Listen to the Audio on

Video: Next Future Terrifying Technology Will Blow Your Mind

  • CoolTechNews
  • March 4, 2014

Bruce Schneier appeared on an episode of Inventing the Future with Robert Tercek about the collision between open society and surveillance.

Watch the Video on YouTube

Video: Joseph Menn Interviews Bruce Schneier

  • TrustyCon
  • March 4, 2014

Joseph Menn interviews Bruce Schneier at TrustyCon 2014, held on February 27, 2014 in San Francisco, California.

Watch the Video on YouTube

Video: Bruce Schneier Hints at New Snowden Documents, Analysis Techniques

  • SearchSecurity
  • March 4, 2014

Think the Edward Snowden-NSA storyline is played out? Think again.

“I think this story is going to keep going for at least a year, probably longer,” said Bruce Schneier, chief technology officer with Co3 Systems, who is working with The Intercept‘s Glenn Greenwald to analyze and report on the NSA documents allegedly stolen and leaked by former contractor Edward Snowden. “There’s an enormous pile of documents; they’re very technical [and] hard to understand, and as you go through them, you find stories.”

In this interview recorded at the 2014 RSA Conference…

TrustyCon 2014: NSA Surveillance "a Benign Enemy," Says Bruce Schneier

Reuters Technology reporter Joseph Menn interviewed security expert Bruce Schneier in front of last week's TrustyCon audience in San Francisco, where the security expert provided his analysis of the government surveillance controversy

  • Infosecurity
  • March 4, 2014

Bruce Schneier has been a vocal critic of the mass surveillance being conducted by the NSA and GCHQ. The security expert recently left his post at BT and joined the board of digital rights firm Electronic Frontier Foundation (EFF), one of TrustyCon’s organizers. Although several of TrustyCon’s speakers were part of the group who withdrew from their speaking commitments at last week’s RSA Conference, Schneier was featured on the agenda at both events.

Schneier said that the NSA’s surveillance capabilities are far and away the most advanced in the world, but not necessarily the most skilled. What the Snowden documents have provided are a window into what’s going on at the NSA, he added, “but they are the same sorts of things that any well-funded government is doing – Israel, China, France, and anyone with a budget. It just so happens that the US has the largest budget.”…

Q&A: Schneier on Trust, NSA Spying and the End of US Internet Hegemony

  • Iain Thomson
  • The Register
  • February 27, 2014

Bruce Schneier is the man who literally wrote the book on modern encryption, publishing Applied Cryptography in 1994, and for the past 20 years has been an important and sometimes outspoken voice in the security industry.

He founded the firm Counterpane Internet Security (later sold to BT), and is also a board member of the Electronic Frontier Foundation and an Advisory Board Member of the Electronic Privacy Information Center.

More recently he’s been working on documents released by Edward Snowden on NSA activities and presented his findings at this year’s RSA conference in San Francisco. …

Video: Bruce Schneier Discusses What Should be Done With the NSA

  • eWeek
  • February 26, 2014

Bruce Schneier is a legendary figure in the security community, well-known for his expertise in cryptography and more recently for his insight into the surveillance activities of the National Security Agency (NSA). Schneier currently serves as the CTO of incident response management vendor Co3 Systems. In an interview with eWEEK at the RSA conference here, Schneier detailed his views on the NSA’s surveillance activities. When it comes to domestic surveillance and metadata collection, Schneier firmly believes that the Federal Bureau of Investigation is the right agency to handle that data. He noted that the FBI already has domestic security capabilities and is responsible for the national fingerprint database. “The FBI is where we have laws and we have transparency,” Schneier said. “Spying on Americans is not the job of the U.S. military; it’s the job of the FBI.”Schneier added that anything that involves actually breaking into networks should fall under a military command. In his view, the NSA should be focused on defense and communication security, making software and networks more secure…

Are Apple iOS, OS X Flaws Really Backdoors for Spies?

  • Ellen Messmer
  • NetworkWorld
  • February 26, 2014

Two recently-discovered flaws in Apple iOS and Mac OS X have security experts openly asking whether the software vulnerabilities represent backdoors inserted for purposes of cyber-espionage. There’s no clear answer so far, but it just shows that anxiety about state-sponsored surveillance is running high.

‘One line of code—was it an accident or enemy action? I don’t know, but it’s the kind of bug I’d put in,’ remarked Bruce Schneier, chief technology officer at Co3 Systems, about the flaw in Apple OS X SSL encryption that was revealed last week. Schneier, a cryptography expert, alluded to the …

Schneier: NSA Snooping Tactics Will Be Copied by Criminals in 3 to 5 Years

The good news? Strong crypto still works

  • Iain Thomson
  • The Register
  • February 26, 2014

RSA 2014 If you thought NSA snooping was bad, you ain’t seen nothing yet: online criminals have also been watching and should soon be able to copy the agency’s invasive surveillance tactics, according to security guru Bruce Schneier.

“The NSA techniques give about a three to five year lead on what cyber-criminals will do,” he told an audience at the RSA 2014 conference in San Francisco.

“These techniques for exfiltrating data aren’t magical, they are just expensive. Everything we know about technology is that it gets cheaper. So the notion of putting up a fake cell tower or wireless access point, of jumping air gaps, you’re going to see this stuff—it’s really just a matter of time.”…

The NSA is "Not Made of Magic"

  • Dennis Fisher
  • Threatpost
  • February 26, 2014

Of the small pool of people who have seen the Snowden documents, few, if any, are as technically savvy and knowledgeable about security and surveillance as Bruce Schneier. And after reading through stacks and stacks of them, Schneier says that yes, the NSA is extremely capable and full of smart people but “they are not made of magic”.

A cryptographer by training and a security thinker by trade, Schneier has spent many hours reading the Snowden documents and thinking about what they mean, both in terms of the NSA’s actual capabilities and their effect on data security and privacy. Much of the news, clearly, is not good on that front. The NSA has a dual mission: to protect the communications infrastructure of the United States and to eavesdrop on the communications of foreign nations The agency, Schneier said, is very, very good at both of those missions, but it’s the eavesdropping piece that has grown exponentially in recent years as the Internet and mobile devices have became pervasive…

RSAC: Defeating NSA Surveillance Isn't the Real Problem

  • Max Eddy
  • PC Magazine SecurityWatch
  • February 26, 2014

When Bruce Schneier went on to a different stage at the RSA Conference, resplendent in a purple floral shirt, he gave a very different presentation than an earlier panel from Washington intelligence insiders. Schneier, the CTO of Co3 Systems and author, gave the security-geek view. He also gave his answer to the question everyone has been asking: how do we keep from being spied on?

Collect Everything

Schneier laid out the situation as he sees it today: that the NSA has turned the Internet into a giant surveillance platform that is both technically and legally robust. “Fundamentally, the NSA’s mission is to collect everything,” said Schneier, tracing this view to the US’s “voyeuristic” interest in the USSR during the Cold War…

RSA 2014: Bruce Schneier—Privacy Has Not Been Lost To The NSA

Don't feel futile, the Internet can be saved, according to cryptography luminary

  • Tom Brewster
  • TechWeek Europe
  • February 25, 2014

There are ways for people to win back their privacy from global intelligence agencies, largely by making bulk collection of data economically unviable, encryption luminary Bruce Schneier told delegates at the RSA 2014 conference today.

This would be doable by placing secure encryption in places where it currently does not reside, from vulnerable mobile applications to people’s hard drives.

“Encryption frustrates the NSA at scale,” he said. “Our goal should be to leverage economics, physics and maths to make the Internet secure, to make surveillance more expensive…

RSA 2014: Bruce Schneier Champions Encryption in 'Golden Age' of Government Surveillance

Cryptography expert Bruce Schneier, now CTO of Co3 Systems, continued his criticism of the National Security Agency's surveillance during his well-attended talk at the RSA Conference in San Francisco today.

  • Doug Drinkwater
  • SC Magazine
  • February 25, 2014

Schneier has been a fierce critic of the National Security Agency (NSA) ever since the details of this surveillance were first revealed by former CIA contractor Edward Snowden last summer. And following on from an interview with CNN this week where he argued for the NSA to be split up, he took the opportunity to champion for stronger encryption in front of a packed audience at the RSA Conference.

Schneier, who left BT—also reportedly offering back doors in products—to join Co3 Systems in December, mused from the beginning that the talk was going to be a prickly and hotly-contested subject. “This will be a fun topic.”…

What's Bruce Schneier Doing at Co3?

  • Sam Pfeifle
  • The Privacy Advisor
  • January 28, 2014

When incident response software maker Co3 announced earlier this month that Bruce Schneier was joining the company as its first CTO, some observers might have wondered: Huh?

Why would an internationally known thinker on security issues leave a gig as chief security technology officer at a large telecom like BT to serve as CTO of a much smaller software company? Well, the answer is pretty basic. He sees the company offering a product the security and privacy communities desperately need.

“What I see of value is a way to coordinate incident response, which is lacking,” he said in an interview with …

Video: Bruce Schneier: "NSA and GCHQ Have Betrayed the Trust of the Internet"

  • BBC News
  • January 27, 2014

Security expert and technologist Bruce Schneier has told the BBC that he believes the NSA and GCHQ have “betrayed the trust of the internet”.

Mr Schneier said: “We have to trust the infrastructure [of the internet]… The fact that it has been subverted in ways we don’t understand… we don’t know what to trust. And that is an enormous blow to the global promise of the internet.”

He added that the NSA’s “collect-it-all” mentality is “not effective” but it is the way the “intelligence community operates”.

Watch the Video on

Video: Future of U.S. Surveillance

  • CBC News
  • January 17, 2014

Security expert Bruce Schnier comments on U.S. President Barack Obama’s proposed changes to surveillance programs.

Watch the Video on

"The NSA Wasn't Forthcoming," So a Computer Security Expert Briefed Congress Instead

  • Matt Sledge
  • Huffington Post
  • January 16, 2014

A computer cryptography expert revealed that he met Thursday with members of Congress to explain Edward Snowden’s revelations about the National Security Agency because “the NSA wasn’t forthcoming.”

In a brief post on his blog, Bruce Schneier said that he had held a roundtable discussion with six House members, organized by Rep. Zoe Lofgren (D-Calif.), to discuss the NSA’s activities.

Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School, co-authored a Guardian article with reporter Glenn Greenwald on the NSA’s attempts to hack an anonymizing web service and has taken a peek at many of the documents that Snowden leaked…

Q&A: Cybersecurity Guru Bruce Schneier Joins a Startup

  • Byron Acohido
  • USA Today
  • January 7, 2014

Cyptographer, essayist, book author, free thinker, privacy advocate and cybersecurity thought leader Bruce Schneier announced a few days ago that he’s joining Co3 Systems as its new CTO. The Cambridge, Mass.-based start up helps companies comply deal with data privacy and data loss disclosure regulations. Schneier shared what’s top of his mind with CyberTruth.

CT: You started in encryption, and had a great run as a globe trotting cybersecurity guru. What got you interested in doing hands-on vendor work again?

Schneier: Who says I can’t do it all? After seven years at British Telcom, I was itching to join a start-up again. I have been involved with Co3 Systems for about a year, first as an informal advisor and then on their Technical Advisory Board. All of what I do and write about it predicated on real-world problems and solutions, and it will be good to get up close to actual corporate security customers again. But I have no plans on stopping any of my other writing or speaking projects…

Bruce Schneier Departs BT For Startup Co3 Systems

Schneier says new gig at incident response management vendor a natural progression for him

  • Kelly Jackson Higgins
  • Dark Reading
  • January 6, 2014

Other articles about Bruce Schneier’s new position with Co3 Systems appeared in InfoSecurity Magazine, SearchSecurity, TechWeekEurope, The Inquirer, ZDNet, Help Net Security, Security Week, The Register, SecurityCurrent, Boston Business Journal, Network World, and Threatpost.

Famed security expert Bruce Schneier has left BT and is now CTO of incident response (IR) management startup Co3 Systems.

Schneier, who previously had served on Co3 Systems’ advisory board and has helped shape the look and feel of the software-as-a-service firm’s architecture, says the time had come for him to make a change and leave BT. He had been the security futurologist for BT since it purchased his network monitoring services firm Counterpane Internet Security in October 2006…

Sidebar photo of Bruce Schneier by Joe MacInnis.