Entries Tagged "books"
Page 3 of 15
My Applied Cryptography is on a list of books banned in Oregon prisons. It’s not me—and it’s not cryptography—it’s that the prisons ban books that teach people to code. The subtitle is “Algorithms, Protocols, and Source Code in C”—and that’s the reason.
My more recent Cryptography Engineering is a much better book for prisoners, anyway.
Click Here to Kill Everybody is finally available on Audible.com. I have ten download codes. Not having anything better to do with them, here they are:
Congratulations to the first ten people to try to use them.
EDITED TO ADD (12/30): All the codes are long gone.
My latest book is doing well. And I’ve been giving lots of talks and interviews about it. (I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Harry Shearer.) My book talk at Google is also available.
The Audible version was delayed for reasons that were never adequately explained to me, but it’s finally out.
I still have signed copies available. Be aware that this is both slower and more expensive than online bookstores.
It’s impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin.
There have been others—like the Lawfare, Cyberlaw, and Hidden Forces podcasts—but they haven’t been published yet. I also did a book talk at Google that should appear on YouTube soon.
If you’ve bought and read the book, thank you. Please consider leaving a review on Amazon.
I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security.
I argue that this changes everything about security. Attacks are no longer just about data, they now affect life and property: cars, medical devices, thermostats, power plants, drones, and so on. All of our security assumptions assume that computers are fundamentally benign. That, no matter how bad the breach or vulnerability is, it’s just data. That’s simply not true anymore. As automation, autonomy, and physical agency become more prevalent, the trade-offs we made for things like authentication, patching, and supply chain security no longer make any sense. The things we’ve done before will no longer work in the future.
This is a book about technology, and it’s also a book about policy. The regulation-free Internet that we’ve enjoyed for the past decades will not survive this new, more dangerous, world. I fear that our choice is no longer between government regulation and no government regulation; it’s between smart government regulation and stupid regulation. My aim is to discuss what a regulated Internet might look like before one is thrust upon us after a disaster.
Click Here to Kill Everybody is available starting today. You can order a copy from Amazon, Barnes & Noble, Books-a-Million, Norton’s webpage, or anyplace else books are sold. If you’re going to buy it, please do so this week. First-week sales matter in this business.
Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they’re all DRM-free.
Even better, a portion of the proceeds goes to the EFF. As a board member, I’ve seen the other side of this. It’s significant money.
Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It’s based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to—and can—adjust to the new realities. The book is accessible to techies and non-techies alike, and is strongly recommended.
And if you’ve already read it, give it a review on Amazon. Reviews sell books, and this one needs more of them.
Daniel Miessler criticizes my writings about IoT security:
I know it’s super cool to scream about how IoT is insecure, how it’s dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it’s fun to be invited to talk about how everything is doom and gloom.
I absolutely respect Bruce Schneier a lot for what he’s contributed to InfoSec, which makes me that much more disappointed with this kind of position from him.
InfoSec is full of those people, and it’s beneath people like Bruce to add their voices to theirs. Everyone paying attention already knows it’s going to be a soup sandwich—a carnival of horrors—a tragedy of mistakes and abuses of trust.
It’s obvious. Not interesting. Not novel. Obvious. But obvious or not, all these things are still going to happen.
I actually agree with everything in his essay. “We should obviously try to minimize the risks, but we don’t do that by trying to shout down the entire enterprise.” Yes, definitely.
I don’t think the IoT must be stopped. I do think that the risks are considerable, and will increase as these systems become more pervasive and susceptible to class breaks. And I’m trying to write a book that will help navigate this. I don’t think I’m the prophet of doom, and don’t want to come across that way. I’ll give the manuscript another read with that in mind.
My next book is still on track for a September 2018 publication. Norton is still the publisher. The title is now Click Here to Kill Everybody: Peril and Promise on a Hyperconnected Planet, which I generally refer to as CH2KE.
The table of contents has changed since I last blogged about this, and it now looks like this:
- Introduction: Everything is Becoming a Computer
- Part 1: The Trends
- 1. Computers are Still Hard to Secure
- 2. Everyone Favors Insecurity
- 3. Autonomy and Physical Agency Bring New Dangers
- 4. Patching is Failing as a Security Paradigm
- 5. Authentication and Identification are Getting Harder
- 6. Risks are Becoming Catastrophic
- Part 2: The Solutions
- 7. What a Secure Internet+ Looks Like
- 8. How We Can Secure the Internet+
- 9. Government is Who Enables Security
- 10. How Government Can Prioritize Defense Over Offense
- 11. What’s Likely to Happen, and What We Can Do in Response
- 12. Where Policy Can Go Wrong
- 13. How to Engender Trust on the Internet+
- Conclusion: Technology and Policy, Together
Two questions for everyone.
1. I’m not really happy with the subtitle. It needs to be descriptive, to counterbalance the admittedly clickbait title. It also needs to telegraph: “everyone needs to read this book.” I’m taking suggestions.
2. In the book I need a word for the Internet plus the things connected to it plus all the data and processing in the cloud. I’m using the word “Internet+,” and I’m not really happy with it. I don’t want to invent a new word, but I need to strongly signal that what’s coming is much more than just the Internet—and I can’t find any existing word. Again, I’m taking suggestions.
Sidebar photo of Bruce Schneier by Joe MacInnis.