Bruce Schneier isn't just a cypherpunk god, he's also an inveterate foodie. The restaurant guides he and Karen Cooper write are good enough to garner Hugo nominations, and chock full of fantastic foodie obsessiveness. I've never read any document quite like this one, in fact. — Read the rest
Bruce Schneier's new Crypto-Gram has a terrific, commonsense analysis of the new airport security measures, and why they're uniformly pointless.
…[W]hat is the threat, and how does turning an airplane into a kindergarten classroom reduce the threat? If the threat is hijacking, then the countermeasure doesn't protect against all the myriad of ways people can subdue the pilot and crew.
Security guru Bruce Schneier gave a speech a few days ago in which he stated that a reliance on surveillance is the failure of security. In other words, good security relies on keeping people out, not catching people at breaking in. — Read the rest
Schneier's latest Crypto-Gram is out, with the results of a provocative study:
A random computer on the Internet is scanned dozens of times a day. The life expectancy of a default installation of Red Hat 6.2 server, or the time before someone successfully hacks it, is less than 72 hours.
Robert Wardhaugh is perhaps the most dedicated Dungeon Master in the world. He started a campaign in 1982 and never stopped. Around 60 people are currently playing The Game. "The only thing that's going to limit it, I suppose, is my lifespan," he says. — Read the rest
“Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.”
Bruce Schneier writes in the New York Times that banning facial recognition (as cities like San Diego, San Francisco, Oakland, Brookline and Somerville have done) is not enough: there are plenty of other ways to automatically recognize people (gait detection, high-resolution photos of hands that reveal fingerprints, voiceprints, etc), and these will all be used for the same purpose that makes facial recognition bad for our world: to sort us into different categories and treat us different based on those categories.
[Yesterday, we published my review of Tim Schwartz's new guide for whistleblowers, A Public Service: Whistleblowing, Disclosure and Anonymity; today, I'm delighted to include this generous excerpt from Schwartz's book. Schwartz is an activist whom I've had the pleasure of working with and I'm delighted to help him get this book into the hands of the people who need to read it. — Read the rest
A team of researchers from Microsoft and Harvard's Berkman Center have published a taxonomy of "Failure Modes in Machine Learning," broken down into "Intentionally-Motivated Failures" and "Unintended Failures."
Caroline McCarthy is a journalist and ex-googler who now works as an ad-tech exec for a startup that Fox bought and they transfered to Disney when the two companies merged; in this great, impassioned Tedx talk, she lays out the case for being a "tech policy activist" and explains how the field of tech policy, though neglected by politicians and pollsters, is vital to many aspects of our daily lives, and how it fails to decompose neatly on left-right lines and nevertheless demands our close attention lest it be formulated in ways that disappoint or even harm us. — Read the rest
During a lunch break at the "New Future for Antitrust" conference at the University of Utah, Lina Khan (previously), Marshall Steinbaum (previously), and Tim Wu (previously) drafted "https://onezero.medium.com/the-utah-statement-reviving-antimonopoly-traditions-for-the-era-of-big-tech-e6be198012d7"The Utah Statement, setting out a program for fighting monopolies beyond the mere revival and exercise of antitrust law, premised on the notion "that concentrated private power has become a menace, a barrier to widespread prosperity." — Read the rest
Jim Baker served as the FBI's general counsel from 2014 until 2017, and he presided over the the FBI's attempt to force Apple to undermine its cryptography under the rubric of investigating the San Bernadino shooters; he has long been a prominent advocate for mass surveillance, but he has had a change of heart: in a long, detailed essay on Lawfare, Baker explains why he believes that governments should not seek to introduce defects into cryptographic systems.
Australian politics are a revolting mess of unstable governments dominated by xenophobic, climate-denying far-right oligarchs, and the only check on their power is the fact that Australian governments are so riven by internal strife and unhinged authoritarianism that they tend to collapse on a quarterly basis, triggering new elections and/or leadership contests.
The Cyber Independent Testing Lab is a security measurement company founded by Mudge Zadko (previously), late of the Cult of the Dead Cow and l0pht Heavy Industries and the NSA's Tailored Access Operations Group; it has a unique method for assessing the security of devices derived from methods developed by Mudge at the NSA.
For decades, people (including me) have predicted that cyberinsurers might be a way to get companies to take security seriously. After all, insurers have to live in the real world (which is why terrorism insurance is cheap, because terrorism is not a meaningful risk in America), and in the real world, poor security practices destroy peoples' lives, all the time, in wholesale quantities that beggar the imagination.
Early this month, Google's Project Zero revealed a breathtaking attack on multiple OSes, including Apple's Ios, in which a website that served Uyghur people was found to be hosting at least five different kinds of Ios malware that exploited previously unknown defects in Apple's code (the attack is presumed to have been the work of the Chinese state, which has been prosecuting a genocidal campaign against Uyghurs, whose high-tech fillips have seen both cities and apps suborned to aid in the pogrom).
Apple's Faceid — a facial recognition tool that unlocks mobile devices — has a countermeasure that is designed to prevent attackers from scanning an sleeping/unconscious (or dead) person's face to unlock their phone, by scanning the face for signs of consciousness.
Illustrating abstract articles is a pain in the ass, and in the age of social media, a post without an illustration is likely to disappear without attaining any kind of readership, which leaves those of us who cover the field endlessly remixing HAL9000 eyes using walls of code, Matrix text-waterfalls, or variations on hacker-in-a-hoodie.