Schneier on Security: Tagged Schneier news

Home Blog Entries By Tag

Entries Tagged "Schneier news"

Page 8 of 43

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak:

I’m speaking at Kiwicon in Wellington, New Zealand on November 16, 2018.
I’m appearing on IBM Resilient’s End of Year Review webinar on “The Top Cyber Security Trends in 2018 and Predictions for the Year Ahead,” December 6, 2018 at 12:00 PM EST.
I’m giving a talk on “Securing a World of Physically Capable Computers” at MIT on December 6, 2018.
I’m speaking at the The Digital Society Conference 2018: Empowering Ecosystems on December 11, 2018.
I’m speaking at the University of Basel in Basel, Switzerland on December 12, 2018.
I’m speaking at the Hyperledger Forum in Basel, Switzerland on December 13, 2018.
I’m speaking at the OECD Global Forum on Digital Security for Prosperity in Paris, France on December 14, 2018.

The list is maintained on this page.

Posted on November 14, 2018 at 8:03 AM • View Comments

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak:

I’m speaking at Data in Smarter Cities in New York City on October 23, 2018.
I’m speaking at the Cyber Security Summit in Minneapolis, Minnesota on October 24, 2018.
I’m speaking at ISF’s 29th Annual World Congress in Las Vegas, Nevada on October 30, 2018.
I’m speaking at Kiwicon in Wellington, New Zealand on November 16, 2018.
I’m speaking at the The Digital Society Conference 2018: Empowering Ecosystems on December 11, 2018.
I’m speaking at the Hyperledger Forum in Basel, Switzerland on December 13, 2018.

The list is maintained on this page.

Posted on October 14, 2018 at 6:01 AM • View Comments

Click Here to Kill Everybody Reviews and Press Mentions

It’s impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin.

I’ve also done a bunch of interviews—either written or radio/podcast—including the Washington Post, a Reddit AMA, “The 1A ” on NPR, Security Ledger, MIT Technology Review, CBC Radio, and WNYC Radio.

There have been others—like the Lawfare, Cyberlaw, and Hidden Forces podcasts—but they haven’t been published yet. I also did a book talk at Google that should appear on YouTube soon.

If you’ve bought and read the book, thank you. Please consider leaving a review on Amazon.

Posted on September 14, 2018 at 2:14 PM • View Comments

Reddit AMA

I did a Reddit AMA on Thursday, September 6.

Posted on September 7, 2018 at 2:22 PM • View Comments

New Book Announcement: Click Here to Kill Everybody

I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security.

I argue that this changes everything about security. Attacks are no longer just about data, they now affect life and property: cars, medical devices, thermostats, power plants, drones, and so on. All of our security assumptions assume that computers are fundamentally benign. That, no matter how bad the breach or vulnerability is, it’s just data. That’s simply not true anymore. As automation, autonomy, and physical agency become more prevalent, the trade-offs we made for things like authentication, patching, and supply chain security no longer make any sense. The things we’ve done before will no longer work in the future.

This is a book about technology, and it’s also a book about policy. The regulation-free Internet that we’ve enjoyed for the past decades will not survive this new, more dangerous, world. I fear that our choice is no longer between government regulation and no government regulation; it’s between smart government regulation and stupid regulation. My aim is to discuss what a regulated Internet might look like before one is thrust upon us after a disaster.

Click Here to Kill Everybody is available starting today. You can order a copy from Amazon, Barnes & Noble, Books-a-Million, Norton’s webpage, or anyplace else books are sold. If you’re going to buy it, please do so this week. First-week sales matter in this business.

Reviews so far from the Financial Times, Nature, and Kirkus.

Posted on September 4, 2018 at 6:20 AM • View Comments

I'm Doing a Reddit AMA

On Thursday, September 6, starting at 10:00 am CDT, I’ll be doing a Reddit “Ask Me Anything” in association with the Ford Foundation. It’s about my new book, but—of course—you can ask me anything.

No promises that I will answer everything….

Posted on August 31, 2018 at 2:06 PM • View Comments

Three of My Books Are Available in DRM-Free E-Book Format

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they’re all DRM-free.

Even better, a portion of the proceeds goes to the EFF. As a board member, I’ve seen the other side of this. It’s significant money.

Posted on August 3, 2018 at 2:10 PM • View Comments

Security and Human Behavior (SHB 2018)

I’m at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior.

SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

The goal is to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to 7-10 minutes. The rest of the time is left to open discussion. Four hour-and-a-half panels per day over two days equals eight panels; six people per panel means that 48 people get to speak. We also have lunches, dinners, and receptions—all designed so people from different disciplines talk to each other.

I invariably find this to be the most intellectually stimulating conference of my year. It influences my thinking in many different, and sometimes surprising, ways.

This year’s program is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is liveblogging the talks. (Ross also maintains a good webpage of psychology and security resources.)

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio recordings of the various workshops.

Next year, I’ll be hosting the event at Harvard.

Posted on May 25, 2018 at 1:57 PM • View Comments

Can Consumers' Online Data Be Protected?

Everything online is hackable. This is true for Equifax’s data and the federal Office of Personal Management’s data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable.

But just because everything is hackable doesn’t mean everything will be hacked. The difference between the two is complex, and filled with defensive technologies, security best practices, consumer awareness, the motivation and skill of the hacker and the desirability of the data. The risks will be different if an attacker is a criminal who just wants credit card details and doesn’t care where he gets them from or the Chinese military looking for specific data from a specific place.

The proper question isn’t whether it’s possible to protect consumer data, but whether a particular site protects our data well enough for the benefits provided by that site. And here, again, there are complications.

In most cases, it’s impossible for consumers to make informed decisions about whether their data is protected. We have no idea what sorts of security measures Google uses to protect our highly intimate Web search data or our personal e-mails. We have no idea what sorts of security measures Facebook uses to protect our posts and conversations.

We have a feeling that these big companies do better than smaller ones. But we’re also surprised when a lone individual publishes personal data hacked from the infidelity site AshleyMadison.com, or when the North Korean government does the same with personal information in Sony’s network.

Think about all the companies collecting personal data about you the websites you visit, your smartphone and its apps, your Internet-connected car—and how little you know about their security practices. Even worse, credit bureaus and data brokers like Equifax collect your personal information without your knowledge or consent.

So while it might be possible for companies to do a better job of protecting our data, you as a consumer are in no position to demand such protection.

Government policy is the missing ingredient. We need standards and a method for enforcement. We need liabilities and the ability to sue companies that poorly secure our data. The biggest reason companies don’t protect our data online is that it’s cheaper not to. Government policy is how we change that.

This essay appeared as half of a point/counterpoint with Priscilla Regan, in a CQ Researcher report titled “Privacy and the Internet.”

Posted on February 14, 2018 at 6:43 AM • View Comments

New Book Coming in September: "Click Here to Kill Everybody"

My next book is still on track for a September 2018 publication. Norton is still the publisher. The title is now Click Here to Kill Everybody: Peril and Promise on a Hyperconnected Planet, which I generally refer to as CH2KE.

The table of contents has changed since I last blogged about this, and it now looks like this:

Introduction: Everything is Becoming a Computer
Part 1: The Trends
- 1. Computers are Still Hard to Secure
- 2. Everyone Favors Insecurity
- 3. Autonomy and Physical Agency Bring New Dangers
- 4. Patching is Failing as a Security Paradigm
- 5. Authentication and Identification are Getting Harder
- 6. Risks are Becoming Catastrophic
Part 2: The Solutions
- 7. What a Secure Internet+ Looks Like
- 8. How We Can Secure the Internet+
- 9. Government is Who Enables Security
- 10. How Government Can Prioritize Defense Over Offense
- 11. What’s Likely to Happen, and What We Can Do in Response
- 12. Where Policy Can Go Wrong
- 13. How to Engender Trust on the Internet+
Conclusion: Technology and Policy, Together

Two questions for everyone.

1. I’m not really happy with the subtitle. It needs to be descriptive, to counterbalance the admittedly clickbait title. It also needs to telegraph: “everyone needs to read this book.” I’m taking suggestions.

2. In the book I need a word for the Internet plus the things connected to it plus all the data and processing in the cloud. I’m using the word “Internet+,” and I’m not really happy with it. I don’t want to invent a new word, but I need to strongly signal that what’s coming is much more than just the Internet—and I can’t find any existing word. Again, I’m taking suggestions.

Posted on January 5, 2018 at 12:45 PM • View Comments

←Previous 1 … 6 7 8 9 10 … 43 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.