A collection of popular essays from security guru Bruce Schneier
In his latest collection of essays, security expert Bruce Schneier tackles a range of cybersecurity, privacy, and real-world security issues ripped from the headlines. Essays cover the ever-expanding role of technology in national security, war, transportation, the Internet of Things, elections, and more. Throughout, he challenges the status quo with a call for leaders, voters, and consumers to make better security and privacy decisions and investments.
Bruce's writing has previously appeared in some of the world's best-known and most-respected publications, including The Atlantic, the Wall Street Journal, CNN, the New York Times, the Washington Post, Wired, and many others. And now you can enjoy his essays in one place - at your own speed and convenience.
- Timely security and privacy topics
- The impact of security and privacy on our world
- Perfect for fans of Bruce's blog and newsletter
- Lower price than his previous essay collections
The essays are written for anyone who cares about the future and implications of security and privacy for society.
Table of Contents
Introduction xi
1 Crime, Terrorism, Spying, and War 1
Cyberconflicts and National Security 1
Counterterrorism Mission Creep 4
Syrian Electronic Army Cyberattacks 7
The Limitations of Intelligence 8
Computer Network Exploitation vs Computer Network Attack 11
iPhone Encryption and the Return of the Crypto Wars 13
Attack Attribution and Cyber Conflict 16
Metal Detectors at Sports Stadiums 19
The Future of Ransomware 21
2 Travel and Security 25
Hacking Airplanes 25
Reassessing Airport Security 28
3 Internet of Things 31
Hacking Consumer Devices 31
Security Risks of Embedded Systems 32
Samsung Television Spies on Viewers 36
Volkswagen and Cheating Software 38
DMCA and the Internet of Things 41
Real-World Security and the Internet of Things 43
Lessons from the Dyn DDoS Attack 47
Regulation of the Internet of Things 50
Security and the Internet of Things 53
Botnets 69
IoT Cybersecurity: What’s Plan B? 70
4 Security and Technology 73
The NSA’s Cryptographic Capabilities 73
iPhone Fingerprint Authentication 76
The Future of Incident Response 78
Drone Self-Defense and the Law 81
Replacing Judgment with Algorithms 83
Class Breaks 87
5 Elections and Voting 89
Candidates Won’t Hesitate to Use Manipulative Advertising to Score Votes 89
The Security of Our Election Systems 91
Election Security 93
Hacking and the 2016 Presidential Election 96
6 Privacy and Surveillance 99
Restoring Trust in Government and the Internet 99
The NSA is Commandeering the Internet 102
Conspiracy Theories and the NSA 104
How to Remain Secure against the NSA 106
Air Gaps 110
Why the NSA’s Defense of Mass Data Collection Makes No Sense 114
Defending Against Crypto Backdoors 117
A Fraying of the Public/Private Surveillance Partnership 121
Surveillance as a Business Model 123
Finding People’s Locations Based on Their Activities in Cyberspace 125
Surveillance by Algorithm 128
Metadata = Surveillance 132
Everyone Wants You to Have Security, But Not from Them 133
Why We Encrypt 136
Automatic Face Recognition and Surveillance 137
The Internet of Things that Talk about You behind Your Back 141
Security vs Surveillance 143
The Value of Encryption 145
Congress Removes FCC Privacy Protections on Your Internet Usage 148
Infrastructure Vulnerabilities Make Surveillance Easy 150
7 Business and Economics of Security 155
More on Feudal Security 155
The Public/Private Surveillance Partnership 158
Should Companies Do Most of Their Computing in the Cloud? 160
Security Economics of the Internet of Things 165
8 Human Aspects of Security 169
Human-Machine Trust Failures 169
Government Secrecy and the Generation Gap 171
Choosing Secure Passwords 173
The Human Side of Heartbleed 177
The Security of Data Deletion 179
Living in a Code Yellow World 180
Security Design: Stop Trying to Fix the User 182
Security Orchestration and Incident Response 184
9 Leaking, Hacking, Doxing, and Whistleblowing 189
Government Secrets and the Need for Whistleblowers 189
Protecting Against Leakers 193
Why the Government Should Help Leakers 195
Lessons from the Sony Hack 197
Reacting to the Sony Hack 200
Attack Attribution in Cyberspace 203
Organizational Doxing 205
The Security Risks of Third-Party Data 207
The Rise of Political Doxing 210
Data is a Toxic Asset 211
Credential Stealing as an Attack Vector 215
Someone is Learning How to Take Down the Internet 216
Who is Publishing NSA and CIA Secrets, and Why? 218
Who are the Shadow Brokers? 222
On the Equifax Data Breach 226
10 Security, Policy, Liberty, and Law 229
Our Newfound Fear of Risk 229
Take Back the Internet 232
The Battle for Power on the Internet 234
How the NSA Threatens National Security 241
Who Should Store NSA Surveillance Data? 244
Ephemeral Apps 247
Disclosing vs Hoarding Vulnerabilities 249
The Limits of Police Subterfuge 254
When Thinking Machines Break the Law 256
The Democratization of Cyberattack 258
Using Law against Technology 260
Decrypting an iPhone for the FBI 263
Lawful Hacking and Continuing Vulnerabilities 265
The NSA is Hoarding Vulnerabilities 267
WannaCry and Vulnerabilities 271
NSA Document Outlining Russian Attempts to Hack Voter Rolls 275
Warrant Protections against Police Searches of Our Data 277
References 281
