News: 2014 Archives

Video: Was the Sony Hack an "Act of War"?

  • All In with Chris Hayes
  • December 18, 2014

Bruce Schneier and former CIA deputy division chief Bruce Klingner spoke with Ari Melber about the Sony hack.

Watch the Video on MSNBC.com

Read More →

Video: Security Expert: We Saw Sony Attack Coming

  • Wall Street Journal's The News Hub
  • December 18, 2014

The security hack that happened to Sony could happen to anyone. Co3 Systems' Bruce Schneier explains on the News Hub with Geoff Rogow.

Watch the Video or Read the Transcript on WSJ.com

Read More →

Top 10 Information Security Bloggers in 2014

  • Dejan Kosutic
  • The ISO 27001 & ISO 22301 Blog
  • December 17, 2014

Excerpt

Schneier on Security by Bruce Schneier

One of those security blogs you cannot afford to avoid, it focuses on a wide range of subjects, and one of the most common topics in 2014 was the NSA and Edward Snowden affair. I like this blog because Bruce doesn't publish only his articles: he also comments on various other security news and publications, so you can use it as a kind of a portal to a wider picture of the security world.

One of his most popular posts was on the Heartbleed bug—almost 300 comments there.

Read More →

Bruce Schneier: Sony Hackers "Completely Owned This Company"

  • Jason Koebler
  • Motherboard
  • December 16, 2014

The Sony hack is "every CEO's worst nightmare" and the leaked data is probably going to send someone to jail, security expert Bruce Schneier says. That, not any threat of violence, is the real power of this hack.

The "Guardians of Peace," as the group behind the attack has called itself, posted a new dump of emails today, this time from CEO Michael Lynton. The hackers also issued a warning implying that any theater screening the political comedy The Interview, which is about the assassination of North Korean leader Kim Jong-un, could be the target of a physical attack as well.

Read More →

Sony Hackers: It's Not the North Korean Government, nor an Insider, Suggests Security Expert Bruce Schneier

  • Graeme Burton
  • Computing
  • December 15, 2014

Cryptographer and security expert Bruce Schneier has suggested that the hackers behind the devastating hack and leak of internal data from Sony Pictures is neither the work of the North Korean government, nor of insiders.

"At this point, the attacks seem to be a few hackers and not the North Korean government. (My guess is that it's not an insider, either). That we live in the world where we aren't sure if any given cyber attack is the work of a foreign government or a couple of guys should be scary to us all," he wrote in a blog post.

Read More →

Reboot 25: Industry Pioneers

  • Danielle Walker
  • SC Magazine
  • December 8, 2014

Excerpt

According to Bruce Schneier, his career in IT security has been an endeavor he naturally "flowed into." Schneier, a prominent cryptologist who developed numerous encryption algorithms, including Blowfish and Twofish, has continued to contribute to the industry through his musings and insight on his esteemed blog "Schneier on Security," and newsletter "Crypto-Gram," which have garnered a major following in the community. Having gotten his start in cryptography, Schneier says he eventually moved into computer security, network security and security technology as a focus. In his attempt to "understand context" as it pertains to the threat landscape, Schneier also turned to examining the economics, psychology and sociology of security and now he primarily studies and shares his views on the political science of security, he tells SC Magazine. Schneier is currently working on a book called Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (due late February), and at Co3 Systems, he focuses on building coordination software for incident response, "a long-neglected aspect of IT security," as he puts it.

Read More →

Video: Schneier on Internet Safety

  • Boom Bust
  • December 5, 2014

Bruce Schneier, noted cryptologist and fellow at the Berman Center for Internet & Society at Harvard Law School, tells us how to protect our Wi-Fi connection in public and prevent ISPs from tracking our mobile internet use.

Watch or Download the Video on RT.com

Read More →

Bruce Schneier: There Are Three Big Threats to Cybersecurity—and One Defense

  • Dennis Keohane
  • BetaBoston
  • December 5, 2014

BetaBoston partnered with Silicon Valley Bank, Hack/Reduce, and Terrible Labs on Thursday to host the Cyber Security Symposium. Security experts from Credit Suisse, Threat Stack, Bit9 and others convened for a day-long event, the second niche-focused conference put together by SVB, Atlas Venture's Cort Johnson and Terrible Labs' Smith Anderson after the Quantified Self Conference in March.

The event was capped off with a talk by security expert Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard, and the chief technology officer at Co3 Systems.

Schneier noted three trends he's currently tracking.

Read More →

Video: Bruce Schneier: "Encryption Makes the Internet Safer"

  • Boom Bust
  • November 12, 2014

Erin Ade sits down with Bruce Schneier – noted author, cryptologist, and fellow at the Berkman Center for Internet and Security and Harvard Law School. Bruce gives us his take on President Obama’s recent statement on net neutrality and explains why encryption is vital to personal security and privacy.

Watch the Video on YouTube

Read More →

5 Questions For Cybersecurity Expert Bruce Schneier After the Latest White House Hacking

  • Margaret Talev
  • Bloomberg.com
  • October 29, 2014

Democrats didn't need this: Another cyberattack on an unclassified White House computer network (and unconfirmed reports of Russian involvement) in the closing days of a midterm election in which voter frustration toward President Barack Obama,  government dysfunction and national security fears already are hurting their chances of hanging onto control of the Senate.

Chinese hackers reportedly targeted White House staffers' Gmail accounts in 2011.  The next year, Chinese hackers reportedly used spear phishing to break into an unclassified network of the White House Military Office. But the problem didn't start with Obama—attempted cyberattacks on the White House date at least to 2008, during George W. Bush's administration.

Read More →

Video: Surveillance: The Hidden Ways You’re Tracked

Just how much of your life is watched? Security expert Bruce Schneier points out that it is more than most people think, says Chris Baraniuk.

  • Chris Baraniuk
  • BBC
  • October 27, 2014

Watch the Video on BBC.com

Do you have secrets? Security expert Bruce Schneier has little patience for those who say they don't.

When asked about government and corporate surveillance, there are some who shrug their shoulders and say they have nothing to fear because they have nothing to hide. Schneier's response?

Read More →

"A Motivated, Funded, Skilled Hacker Will Always Get In"—Schneier

It's how you respond that's key, says securo guru

  • John Leyden
  • The Register
  • October 9, 2014

Hacking attacks are more or less inevitable, so organisations need to move on from the protection and detection of attacks towards managing their response to breaches so as to minimise harm, according to security guru Bruce Schneier.

Prevention and detection are necessary, but not sufficient, he said. Improving response means that organisations stay on their feet even after they are hit by a serious security breach or hacking attack.

"A sufficiently motivated, funded and skilled hacker will always get in," Schneier told delegates during a keynote at the IP Expo conference in London.

Read More →

Internet Turned into "Giant Surveillance Platform" by NSA

  • Ruadhán Mac Cormaic
  • The Irish Times
  • October 6, 2014

The US National Security Agency (NSA) has turned the internet into a "giant surveillance platform," a leading security specialist has said.

Bruce Schneier, who has written extensively on digital security and privacy, told an audience in Dublin tonight that the revelations by whistleblower Edward Snowden of large-scale surveillance by the NSA showed that we were living in a "golden age of surveillance."

In a lecture for the human rights group Front Line Defenders, Mr. Schneier said the NSA's role changed completely after the 9/11 attacks, when US intelligence agencies were given "an impossible mission: never again." "The only way to ensure something doesn't happen is to know everything that is happening," he said.

This desire to "collect everything" coincided with changes in technology, notably the spread of smartphones, the rise of cloud storage and the fact that it became cheaper for individuals to store data and thereby leave deeper digital footprints for the state to pursue. "The NSA has turned the internet into a giant surveillance platform," he said.

Read More →

A Look Back at ‘The State of Incident Response’ by Bruce Schneier

  • Zubair Ashraf
  • Security Intelligence
  • September 24, 2014

In my continuing series of keynote recaps, I will be covering Bruce Schneier’s keynote at Black Hat USA 2014—yes, it can be called a keynote even though it is more of a briefing. By the way, Black Hat: Next time, please give him appropriate space; people were lining up outside the room waiting to get in because of the lack of space.

I will be sharing what I learned from his speech in my own words with selected graphics. Schneier’s “The State of Incident Response” talk is available online, but if you don’t have an hour to watch that, read this as a recap.

Read More →

Audio: Breaking up the NSA

  • Future Tense
  • September 21, 2014

Almost a year and a half after the Snowden revelations, it’s business as usual for America’s giant global eavesdropping and spying organisation: the NSA, the National Security Agency.

As revelations continue to unfold, legislative attempts to rein in the NSA's powers appear to be stalling. But, Harvard University security analyst Bruce Schneier says the situation is unacceptable.

In the future, argues Schneier, people will look back at the way we ignore privacy today and ask "how could we be that immoral?" He’s put forward his own plan for breaking -up the NSA, and in so doing, bringing its activities under greater civilian control.

Read More →

BlackHat 2014: Incident Response Best Practice & Automation Key to Success—Bruce Schneier

  • Fahmida Y. Rashid
  • Infosecurity Magazine
  • August 11, 2014

Network breaches are inevitable. It's what happens next that really matters, said renowned cryptographic expert Bruce Schneier during the Black Hat security conference.

If there is something the organization has the attacker wants, the attacker will figure out a way to get in. Regardless of how much the organization invests in its defenses, attackers need to find that one weak spot to succeed.

Read More →

Incident Response: Beyond the Breach

Bruce Schneier on Expanding the Use of Automated Tools

  • Eric Chabrow
  • InfoRisk Today
  • August 8, 2014

When the organizers of the just-concluded Black Hat USA conference wanted to explore incident response, they turned to Bruce Schneier, the cryptographer, author, blogger and cybersecurity expert, to make a presentation. Until recently, however, Schneier's name wouldn't be on most people's list of incident response experts.

Schneier's reputation, after all, was built on his keen observations of the influence of IT security on society and vice versa, as well as bringing to light the previously unknown, such as the National Security Agency's tampering with cryptography guidance from the National Institute of Standards and Technology (see NIST to Drop Crypto Algorithm from Guidance).

But since the beginning of the year, Schneier has been serving as chief technology officer of 4-year-old Co3 Systems, which provides automated incident response systems.

Read More →

Black Hat: Bruce Schneier Talks Incident Response, Trends

  • Adam Greenberg
  • SC Magazine
  • August 7, 2014

In his Black Hat 2014 session entitled "The State of Incident Response," security guru Bruce Schneier, CTO of Co3 Systems, Inc., said that hackers will invariably breach networks, but it is what comes next that really matters.

Placing a great deal of emphasis on automated systems and technology being used to support the people needed for incident response, Schneier proposed a four-step approach: observe, context, decide, and act.

Observe means knowing what is happening on networks in real-time, which can be done using log monitoring, log analysis tools, network management tools and the like, Schneier said.

Context is tantamount to gathering data and intelligence, as in knowing the latest malware and vulnerabilities.

Read More →

Video: Bruce Schneier Talks Data-Mining, Surveillance & Embedded Computing Systems

  • Boom Bust
  • July 31, 2014

Erin Ade talks to Bruce Schneier about the efforts of government and private companies to track us and our personal information. However, our outrage over this invasion of privacy is overshadowed by the convenience of using technology. This tension has led to our ongoing, intense debate over the tradeoffs between security and surveillance. To help sort out all of these issues Schneier weighs in.

Read More →

Video: Incident Response Management Breaking New Ground

  • SearchSecurity
  • July 7, 2014

Bruce Schneier is one of the best-known security professionals both within the field and in the larger world of technology policymaking. He's written 12 books, produces the influential "Schneier on Security" blog and is widely quoted in the press. After a multi-year stint at BT Managed Security Solutions, Schneier has moved to a startup: Co3 Systems. The new company, where he serves as Chief Technology Officer, makes a tool that focuses specifically on security incident response management.

Read More →

Video: UO Today #583 Bruce Schneier

  • UO Today
  • June 25, 2014

Bruce Schneier, cyber-security expert and author of Liars and Outliers: Enabling the Trust Society Needs to Thrive, talks about corporate and governmental data collection and surveillance. Schneier gave a lecture, “Internet, Security, and Power” on May 28, 2014 at the UO in Eugene and at the UO in Portland on May 29, 2014.

Watch the Video on The UO Channel

Read More →

Bruce Schneier: Web Attackers Are Trouncing Defenders

  • Dan Worth
  • V3.co.uk
  • June 5, 2014

Cyber defenders are currently fighting a losing battle against hackers and government agencies, according to security expert Bruce Schneier.

Speaking in London on Thursday, the security guru said that with cyber criminals' attacks increasing in sophistication all the time, incidents like the Target credit card theft will only become more common.

"Security is a battle of attack versus defence and right now on the internet attack is much easier than defence," he said at the Good Exchange event, attended by V3.

Schneier pointed to advanced persistent threats (APT) as an area where organisations are woefully ill-prepared to prevent attacks.

Read More →

Schneier: "Most of the World Is Under Surveillance"

Security technologist Bruce Schneier tells DW why he finds it curious that the German BND is getting a free pass on surveillance and why Europe should take the lead on protecting privacy in the digital age.

  • Michael Krigge
  • Deutsche Welle
  • June 4, 2014

DW: One year ago the Guardian published the first article on the NSA's surveillance activities based on the disclosures of Edward Snowden. Many other revelations have followed since and triggered a robust international debate about surveillance and privacy. Now one year later what is the most significant consequence of Snowden's disclosures?

Bruce Schneier: Right now the most significant consequence has been the knowledge that has fueled the debate. A lot of what we have read from these NSA documents isn't surprising, but the details make them real in a way that speculation doesn't.

Read More →

Audio: Incident Response Redux

  • Security Advisor Alliance Podcast
  • April 22, 2014

Bruce Schneier is the special guest on Episode 11 of the Security Advisor Alliance, on Incident Response.

Listen to the Podcast on Security Advisor Alliance

Read More →

How to Create a Safer Password

A short password, or one using a name or a word in a dictionary, can be easily cracked by computers. And simply adding "@" for the letter "a" isn't going to fool the bad guys.

  • Susie Poppick
  • Money Magazine
  • April 14, 2014

Here's cryptographer and computer security expert Bruce Schneier's advice on using and managing your passwords.

1. Use a "passphrase": a sentence you can remember. Then replace each word of the phrase with its initial, a similar digit or symbol, or, at random, use a whole word.

Read More →

Schneier: Internet Has Delivered a "Golden Age of Surveillance"

  • Taylor Armerding
  • CSO
  • April 11, 2014

"Information is power," has been true for so long that it has become a cliché.

But the Internet has increased the power to collect, store and analyze information by such an order of magnitude that we are now in what Bruce Schneier called "the golden age of surveillance," in his keynote address Wednesday morning at SOURCE Boston.

That would be golden for those doing the surveillance, not the subjects of it.

Schneier, author, security guru, blogger and CTO of Co3 Systems, said the expectation that the Internet would mainly empower the powerless—grassroots groups, hackers, minorities and other relatively fringe groups—did come true for a number of years.

Read More →

Bruce Schneier: Technology Magnifies Power in Surveillance Era

  • Michael Mimoso
  • Threatpost
  • April 9, 2014

BOSTON—History is not entirely kind to those responsible for the Industrial Age in the 19th century. How, for example, were the consequences of industrial innovation such as pollution largely ignored?

Flash forward to today's digital age and ask the same question: How are those responsible for building our infrastructure callously disregarding privacy and security in favor of rapid online innovation?

"I think this is the issue by which we will be judged when our grandchildren read the history of the early days of the Internet," said Bruce Schneier today during his Source Boston keynote.

Read More →

Surveillance is the Business Model of the Internet: Bruce Schneier

  • Fahmida Y. Rashid
  • SecurityWeek
  • April 9, 2014

Data is a natural consequence of computing, and as search tools get better, it shifts the balance of power towards mass collection and surveillance, renowned security expert Bruce Schneier said at the SOURCE Boston conference on Wednesday.

"Surveillance is the business model of the Internet," Schneier told attendees. "We build systems that spy on people in exchange for services. Corporations call it marketing."

The data economy—the growth of mass data collection and tracking—is changing how power is perceived, Schneier said in his keynote speech.

Read More →

Audio: Bruce Schneier, NSA and Toaster Hacking

  • Occupy Radio
  • April 9, 2014

In G-Force, the 2009 Disney movie, a group of secret agent rodents stops a kitchen gadget robot apocalypse. In the real world, we're in no danger from weaponized blenders, but our toasters just might be used in a denial of service attack.

Rivera Sun and Getch talk with computer security, and privacy specialist, Bruce Schneier. We get the scoop on the latest from the NSA, as well as the security vulnerabilities in the vast internet of things, this week on Occupy Radio.

Read More →

Audio: Bruce Schneier talks about the Shift of Power on the Internet

  • Trusted Software Alliance
  • April 9, 2014

‘'It's only metadata' is a mischaracterization that plays into goverment hands.'—Bruce Schneier

At the 2014 Source Conference in Boston, I was able to sit down with Bruce Schneier after his keynote to clarify his position on several topics he brought up. The Twitter stream was on fire during his presentation as he described how the power of government and large corporations affects the internet. Where are the boundaries between personal data and corporate/government usage of that data? What is our responsibility in the equation?

Read More →

Security Expert Bruce Schneier On Passwords, Privacy and Trust

  • Ryan Dube
  • MakeUseOf
  • March 20, 2014

In today's interconnected world, all it takes is one security mistake to make your whole world come crashing down. Who better to turn to for advice than security expert Bruce Schneier?

If you have even a passing interest in security matters, then you've surely come across the writings of Bruce Schneier, a world-renowned security guru who has served on numerous government committees, testified before Congress, and is the author of 12 books on security issues so far, as well as countless essays and academic papers.

After hearing about Schneier's newest book, Carry On: Sound Advice from Schneier on Security, we decided that it was about time to reach out to Bruce to get some sound advice concerning some of our own pressing privacy and security concerns.

Read More →

Audio: Google Moves to Take Back the Net from Spying Eyes

  • 2ser's The Daily
  • March 18, 2014

News emerged this week that web giant Google is routinely encrypting web searches conducted in China in a move designed to offset the national government's ability to censor the Internet and track what individuals are viewing. The Google move is part of a global expansion of privacy technology to counter surveillance by government intelligence agencies, police and hackers and is seen as a direct consequence of whistleblower, Edward Snowden's release last year of US National Security Agency (NSA) documents exposing the extent of government surveillance of the Internet.

Among the many fears Snowden's leaked revelations have raised is the claim that the NSA and other leading western intelligence agencies are involved in programs to deliberately weaken the Net's security standards to make it easier for them to break in.

Bruce Schneier is a leading US cryptology expert and Chief Technology Officer at CO3 Systems.

The Daily's Kim Williams spoke to him earlier about Google's latest moves to combat alleged privacy intrusions into the Net.

Read More →

Glenn Greenwald's Encryption Guru

Bruce Schneier says the key to good security is accepting that perfect security doesn’t exist.

  • Alex Carp
  • Politico Magazine
  • March 16, 2014

Last fall, not long after Bruce Schneier quietly revealed himself as the cryptographer who had helped journalist Glenn Greenwald review Edward Snowden's NSA documents, he found himself on CNN International, talking about allegations that the United States had spied on the chancellor of Germany.

An exasperated host beamed Schneier in from Minneapolis, where he lives, and asked him to "help us," as she put it, "decipher this enigma." Schneier is a legendary encryption specialist who has written or edited 13 books on the subject, and worked for the Department of Defense, telecommunications companies, banks and governments. Most recently, he's been a vocal advocate of the idea that the best security systems accept a reasonable amount of risk; a blind focus on protecting against every threat, he says, usually comes with unexpected costs.

Outside of the cryptography community, however, this view is not widely held, and the simplicity and directness with which Schneier expresses it tends to take people by surprise.

Read More →

Video: Bruce Schneier on Incident Response and His Next Book

  • eSecurity Planet
  • March 13, 2014

Few figures in the IT security landscape command the respect and admiration of so many people as does Bruce Schneier. The well-regarded expert recently changed jobs, moving from BT to become the CTO of Co3 Systems in January of this year.

In a video interview with eSecurity Planet, Schneier explains why the incident response technology that Co3 Systems builds is an important part of the modern IT security lifecycle. A key part of what Co3 does is to automate the details of incident response, he said.

Read More →

Audio: Josh Corman Talks to Bruce about His Upcoming Keynote at SOURCE

  • SOURCE Security Conference
  • March 13, 2014

Josh Corman talks to Bruce about his keynote at the 2014 SOURCE Security Conference.

Watch the Video at SourceConference.com

Read More →

Don't Look Now, but Our Smart Machines May Be Sharing Data about You with... Anyone

We are entering a new era of Internet connectivity — the Internet of Things. Suddenly our devices are much more than just the computers we can hold in our laps.

  • Adam Wernick
  • Public Radio International
  • March 10, 2014

These new devices collect information and make decisions on their own. What does this mean for us?

Bruce Schneier, an author and security technologist who has written several articles about the darker side of the Internet of Things, describes the new situation this way:

"The Internet of yesterday was the Internet of the things we typed into it. It was Facebook.

Read More →

Audio: Delving into the Security of an Internet of Things

  • Science Friday
  • March 7, 2014

If your car, your thermostat, and your refrigerator are all online and communicating with the world, is enough attention being given to who might be listening—or talking—to your networked things? And what happens if there’s a security flaw in the networking component of, say, your toaster? Security expert Bruce Schneier says that the world is at a crisis point regarding embedded network security, and that an Internet of Things could mean ubiquitous surveillance.

Listen to the Audio on ScienceFriday.com

Read More →

TrustyCon 2014: NSA Surveillance "a Benign Enemy," Says Bruce Schneier

Reuters Technology reporter Joseph Menn interviewed security expert Bruce Schneier in front of last week's TrustyCon audience in San Francisco, where the security expert provided his analysis of the government surveillance controversy

  • Infosecurity
  • March 4, 2014

Bruce Schneier has been a vocal critic of the mass surveillance being conducted by the NSA and GCHQ. The security expert recently left his post at BT and joined the board of digital rights firm Electronic Frontier Foundation (EFF), one of TrustyCon's organizers. Although several of TrustyCon's speakers were part of the group who withdrew from their speaking commitments at last week's RSA Conference, Schneier was featured on the agenda at both events.

Schneier said that the NSA's surveillance capabilities are far and away the most advanced in the world, but not necessarily the most skilled.

Read More →

Video: Bruce Schneier Hints at New Snowden Documents, Analysis Techniques

  • SearchSecurity
  • March 4, 2014

Think the Edward Snowden-NSA storyline is played out? Think again.

"I think this story is going to keep going for at least a year, probably longer," said Bruce Schneier, chief technology officer with Co3 Systems, who is working with The Intercept's Glenn Greenwald to analyze and report on the NSA documents allegedly stolen and leaked by former contractor Edward Snowden. "There's an enormous pile of documents; they're very technical [and] hard to understand, and as you go through them, you find stories."

In this interview recorded at the 2014 RSA Conference, SearchSecurity Editorial Director Robert Richardson sits down with Schneier to discuss his role in reviewing the Snowden documents.

Read More →

Video: Joseph Menn Interviews Bruce Schneier

  • TrustyCon
  • March 4, 2014

Joseph Menn interviews Bruce Schneier at TrustyCon 2014, held on February 27, 2014 in San Francisco, California.

Watch the Video on YouTube

Read More →

Video: Next Future Terrifying Technology Will Blow Your Mind

  • CoolTechNews
  • March 4, 2014

Bruce Schneier appeared on an episode of Inventing the Future with Robert Tercek about the collision between open society and surveillance.

Watch the Video on YouTube

Read More →

Q&A: Schneier on Trust, NSA Spying and the End of US Internet Hegemony

  • Iain Thomson
  • The Register
  • February 27, 2014

Bruce Schneier is the man who literally wrote the book on modern encryption, publishing Applied Cryptography in 1994, and for the past 20 years has been an important and sometimes outspoken voice in the security industry.

He founded the firm Counterpane Internet Security (later sold to BT), and is also a board member of the Electronic Frontier Foundation and an Advisory Board Member of the Electronic Privacy Information Center.

More recently he's been working on documents released by Edward Snowden on NSA activities and presented his findings at this year's RSA conference in San Francisco. The Register took the opportunity of sitting down with Schneier at the event and chewing through the current state of security, privacy and government intrusion online.

Read More →

RSAC: Defeating NSA Surveillance Isn't the Real Problem

  • Max Eddy
  • PC Magazine SecurityWatch
  • February 26, 2014

When Bruce Schneier went on to a different stage at the RSA Conference, resplendent in a purple floral shirt, he gave a very different presentation than an earlier panel from Washington intelligence insiders. Schneier, the CTO of Co3 Systems and author, gave the security-geek view. He also gave his answer to the question everyone has been asking: how do we keep from being spied on?

Collect Everything

Schneier laid out the situation as he sees it today: that the NSA has turned the Internet into a giant surveillance platform that is both technically and legally robust.

Read More →

The NSA is "Not Made of Magic"

  • Dennis Fisher
  • Threatpost
  • February 26, 2014

Of the small pool of people who have seen the Snowden documents, few, if any, are as technically savvy and knowledgeable about security and surveillance as Bruce Schneier. And after reading through stacks and stacks of them, Schneier says that yes, the NSA is extremely capable and full of smart people but "they are not made of magic".

A cryptographer by training and a security thinker by trade, Schneier has spent many hours reading the Snowden documents and thinking about what they mean, both in terms of the NSA's actual capabilities and their effect on data security and privacy. Much of the news, clearly, is not good on that front.

Read More →

Schneier: NSA Snooping Tactics Will Be Copied by Criminals in 3 to 5 Years

The good news? Strong crypto still works

  • Iain Thomson
  • The Register
  • February 26, 2014

RSA 2014 If you thought NSA snooping was bad, you ain't seen nothing yet: online criminals have also been watching and should soon be able to copy the agency's invasive surveillance tactics, according to security guru Bruce Schneier.

"The NSA techniques give about a three to five year lead on what cyber-criminals will do," he told an audience at the RSA 2014 conference in San Francisco.

"These techniques for exfiltrating data aren't magical, they are just expensive. Everything we know about technology is that it gets cheaper.

Read More →

Are Apple iOS, OS X Flaws Really Backdoors for Spies?

  • Ellen Messmer
  • NetworkWorld
  • February 26, 2014

Two recently-discovered flaws in Apple iOS and Mac OS X have security experts openly asking whether the software vulnerabilities represent backdoors inserted for purposes of cyber-espionage. There's no clear answer so far, but it just shows that anxiety about state-sponsored surveillance is running high.

'One line of code—was it an accident or enemy action? I don't know, but it's the kind of bug I'd put in,' remarked Bruce Schneier, chief technology officer at Co3 Systems, about the flaw in Apple OS X SSL encryption that was revealed last week.

Read More →

Video: Bruce Schneier Discusses What Should be Done With the NSA

  • eWeek
  • February 26, 2014

Bruce Schneier is a legendary figure in the security community, well-known for his expertise in cryptography and more recently for his insight into the surveillance activities of the National Security Agency (NSA). Schneier currently serves as the CTO of incident response management vendor Co3 Systems. In an interview with eWEEK at the RSA conference here, Schneier detailed his views on the NSA's surveillance activities. When it comes to domestic surveillance and metadata collection, Schneier firmly believes that the Federal Bureau of Investigation is the right agency to handle that data. He noted that the FBI already has domestic security capabilities and is responsible for the national fingerprint database.

Read More →

RSA 2014: Bruce Schneier Champions Encryption in 'Golden Age' of Government Surveillance

Cryptography expert Bruce Schneier, now CTO of Co3 Systems, continued his criticism of the National Security Agency's surveillance during his well-attended talk at the RSA Conference in San Francisco today.

  • Doug Drinkwater
  • SC Magazine
  • February 25, 2014

Schneier has been a fierce critic of the National Security Agency (NSA) ever since the details of this surveillance were first revealed by former CIA contractor Edward Snowden last summer. And following on from an interview with CNN this week where he argued for the NSA to be split up, he took the opportunity to champion for stronger encryption in front of a packed audience at the RSA Conference.

Schneier, who left BT—also reportedly offering back doors in products—to join Co3 Systems in December, mused from the beginning that the talk was going to be a prickly and hotly-contested subject. "This will be a fun topic."

His talk was entitled "NSA Surveillance: What we know and what to do about it" and he first ran into the attack techniques—sometimes obscured by odd code names—being used by the NSA and GCHQ to carry out mass surveillance.

Read More →

RSA 2014: Bruce Schneier—Privacy Has Not Been Lost To The NSA

Don't feel futile, the Internet can be saved, according to cryptography luminary

  • Tom Brewster
  • TechWeek Europe
  • February 25, 2014

There are ways for people to win back their privacy from global intelligence agencies, largely by making bulk collection of data economically unviable, encryption luminary Bruce Schneier told delegates at the RSA 2014 conference today.

This would be doable by placing secure encryption in places where it currently does not reside, from vulnerable mobile applications to people's hard drives.

"Encryption frustrates the NSA at scale," he said. "Our goal should be to leverage economics, physics and maths to make the Internet secure, to make surveillance more expensive.

Read More →

What's Bruce Schneier Doing at Co3?

  • Sam Pfeifle
  • The Privacy Advisor
  • January 28, 2014

When incident response software maker Co3 announced earlier this month that Bruce Schneier was joining the company as its first CTO, some observers might have wondered: Huh?

Why would an internationally known thinker on security issues leave a gig as chief security technology officer at a large telecom like BT to serve as CTO of a much smaller software company? Well, the answer is pretty basic. He sees the company offering a product the security and privacy communities desperately need.

Read More →

Video: Bruce Schneier: "NSA and GCHQ Have Betrayed the Trust of the Internet"

  • BBC News
  • January 27, 2014

Security expert and technologist Bruce Schneier has told the BBC that he believes the NSA and GCHQ have "betrayed the trust of the internet".

Mr Schneier said: "We have to trust the infrastructure [of the internet]... The fact that it has been subverted in ways we don't understand... we don't know what to trust.

Read More →

Video: Future of U.S. Surveillance

  • CBC News
  • January 17, 2014

Security expert Bruce Schnier comments on U.S. President Barack Obama's proposed changes to surveillance programs.

Watch the Video on CBC.ca

Read More →

"The NSA Wasn't Forthcoming," So a Computer Security Expert Briefed Congress Instead

  • Matt Sledge
  • Huffington Post
  • January 16, 2014

A computer cryptography expert revealed that he met Thursday with members of Congress to explain Edward Snowden's revelations about the National Security Agency because "the NSA wasn't forthcoming."

In a brief post on his blog, Bruce Schneier said that he had held a roundtable discussion with six House members, organized by Rep. Zoe Lofgren (D-Calif.), to discuss the NSA's activities.

Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School, co-authored a Guardian article with reporter Glenn Greenwald on the NSA's attempts to hack an anonymizing web service and has taken a peek at many of the documents that Snowden leaked.

"Lofgren asked me to brief her and a few Representatives on the NSA," Schneier wrote. "She said that the NSA wasn't forthcoming about their activities, and they wanted me—as someone with access to the Snowden documents—to explain to them what the NSA was doing.

Read More →

Q&A: Cybersecurity Guru Bruce Schneier Joins a Startup

  • Byron Acohido
  • USA Today
  • January 7, 2014

Cyptographer, essayist, book author, free thinker, privacy advocate and cybersecurity thought leader Bruce Schneier announced a few days ago that he's joining Co3 Systems as its new CTO. The Cambridge, Mass.-based start up helps companies comply deal with data privacy and data loss disclosure regulations. Schneier shared what's top of his mind with CyberTruth.

CT: You started in encryption, and had a great run as a globe trotting cybersecurity guru.

Read More →

Bruce Schneier Departs BT For Startup Co3 Systems

Schneier says new gig at incident response management vendor a natural progression for him

  • Kelly Jackson Higgins
  • Dark Reading
  • January 6, 2014

Other articles about Bruce Schneier's new position with Co3 Systems appeared in InfoSecurity Magazine, SearchSecurity, TechWeekEurope, The Inquirer, ZDNet, Help Net Security, Security Week, The Register, SecurityCurrent, Boston Business Journal, Network World, and Threatpost.

Famed security expert Bruce Schneier has left BT and is now CTO of incident response (IR) management startup Co3 Systems.

Schneier, who previously had served on Co3 Systems' advisory board and has helped shape the look and feel of the software-as-a-service firm's architecture, says the time had come for him to make a change and leave BT. He had been the security futurologist for BT since it purchased his network monitoring services firm Counterpane Internet Security in October 2006.

Word that Schneier was leaving BT leaked publicly last month, and speculation arose that it had to do with his outspoken criticism of surveillance by the NSA and Britain's GCHQ.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.