Page 15 of 46
I’ll be participating in an end-of-year trends and predictions webinar on Thursday, December 17, at 1:00 PM EST. Join me here.
In other news, Resilient has joined the IBM Security App Exchange community. And we’re still hiring for a bunch of positions.
Back in September, I announced my intention to survey the world market of cryptographic products. The goal is to compile a list of both free and commercial encryption products that can be used to protect arbitrary data and messages. That is, I’m not interested in products that are specifically designed for a narrow application, like financial transactions, or products that provide authentication or data integrity. I am interested in products that people like FBI director James Comey can possibly claim help criminals communicate securely.
Together with a student here at Harvard University, we’ve compiled a spreadsheet of over 400 products from many different countries.
At this point, we would like your help. Please look at the list. Please correct anything that is wrong, and add anything that is missing. Use this form to submit changes and additions. If it’s more complicated than that, please e-mail me.
As the rhetoric surrounding weakening or banning strong encryption continues, it’s important for policymakers to understand how international the cryptographic market is, and how much of it is not under their control. My hope is that this survey will contribute to the debate by making that point.
The German edition of Data and Goliath has been published.
Amazon chose Data and Goliath as one of its Best Books of 2015, in both the nonfiction and business categories.
The show is about security theater. I am a disembodied head on a scooter.
Here’s a teaser. Here’s the full episode (for pay, but cheap).
The scooter idea was a hack when I couldn’t find the time to fly to LA for live filming. The whole thing was a lot of fun.
This coming Thursday, I’ll be talking with Larry Poneman about cyber-resilience and the results of a new survey he’s releasing. Join us here. The event is sponsored by my company, Resilient Systems, Inc.
Yet another example of my surreal life. (No, I have no idea who did this.)
I could use some help with finding a host for my monthly newsletter, Crypto-Gram. My old setup just wasn’t reliable enough. I had a move planned, but that fell through when the new host’s bounce processing system turned out to be buggy and they admitted the problem might never be fixed.
Clearly I need something a lot more serious. My criteria include subscriber privacy, reasonable cost, and a proven track record of reliability with large mailing lists. (I would use MailChimp, but it has mandatory click tracking for new accounts.)
One complication is that SpamCop, a popular anti-spam service, tells me I have at least one of their “spamtrap” addresses on the list. Spamtraps are addresses that—in theory—have never been used, so they shouldn’t be on any legitimate list. I don’t know how they got on my list, since I make people confirm their subscriptions by replying to an e-mail or clicking on an e-mailed link. But I used to make rare exceptions for people who just asked to join, so maybe a bad address or two got on that way. Spamtraps don’t work if you tell people what they are, so I can’t just find and remove them. And this has caused no end of problems for subscribers who use SpamCop’s blacklist.
At a minimum, I need to be sure that a new host won’t kick me out for couple of spamtraps. And if the solution to this problem involves making all 100,000 people on the list reconfirm their subscriptions, then that has to be as simple and user-friendly a process as possible.
If you can recommend a host that would work, I’m interested. Even better would be talking to an expert with lots of experience running large mailing lists who can guide me. If you know a person like that, or if you are one, please leave a comment or e-mail me at the address on my Contact page.
I’m speaking at an Infoedge event at Bali Hai Golf Club in Las Vegas, at 5 pm on August 5, 2015.
I’m speaking at Def Con 23 on Friday, August 7, 2015.
I’m speaking—remotely via Skype—at LinuxCon in Seattle on August 18, 2015.
I’m speaking at CloudSec in Singapore on August 25, 2015.
I’m speaking at MindTheSec in São Paulo, Brazil, on August 27, 2015.
I’m speaking on the future of privacy at a public seminar sponsored by the Institute for Future Studies, in Stockholm, Sweden on September 21, 2015.
I’m speaking at Next Generation Threats 2015 in Stockholm, Sweden, on September 22, 2015.
I’m speaking at Next Generation Threats 2015 in Gothenburg, Sweden, on September 23, 2015.
I’m speaking at Free and Safe in Cyberspace in Brussels on September 24, 2015.
I’ll be on a panel at Privacy. Security. Risk. 2015 in Las Vegas on September 30, 2015.
I’m speaking at the Privacy + Security Forum, October 21-23, 2015, at The Marvin Center in Washington, DC.
I’m speaking at the Boston Book Festival on October 24, 2015.
I’m speaking at the 4th Annual Cloud Security Congress EMEA in Berlin on November 17, 2015.
If you subscribe to my monthly e-mail newsletter, Crypto-Gram, you need to read this.
Sometime between now and the August issue, the Crypto-Gram mailing list will be moving to a new host. When the move happens, you’ll get an e-mail asking you to confirm your subscription. In the e-mail will be a link that you will have to click in order to join the new list. The link will go to dreamhost.com—that’s the new host—not to schneier.com. It’s just the one click, and you won’t be asked for any additional information.
(Yes, I am asking you all to click on a link you’ve received in e-mail. The fact that I’m writing about this in Crypto-Gram and posting about it on this blog is the best confirmation I can provide.)
If for any reason you don’t want to receive Crypto-Gram anymore, just don’t click the confirmation link, and you’ll automatically drop off the list.
I’ll post updates on the status of the move on the main list page.
Sidebar photo of Bruce Schneier by Joe MacInnis.