economics of security

Dave Plummer explains the CrowdStrike IT Outage - Retired Windows Developer

The CrowdStrike Outage and Market-Driven Brittleness

| | economics of security, externalities, incentives, risk assessment, Uncategorized
Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and ...
Schneier on Security

Backdoor in XZ Utils That Almost Happened

| | backdoors, economics of security, essays, Hacking, Infrastructure, Linux, national security policy, open source, SSH, supply chain, Uncategorized
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
Schneier on Security

Ross Anderson

| | cryptanalysis, cryptography, Cybersecurity, economics of security, Security Conferences, Security Engineering, Uncategorized
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the ...
Schneier on Security

Drones and the US Air Force

| | Defense, Department of Defense, drones, economics of security, Uncategorized, War
Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform ...
Schneier on Security

What Will It Take?

| | Cybersecurity, economics of security, essays, Infrastructure, laws, Uncategorized
What will it take for policy makers to take cybersecurity seriously? Not minimal-change seriously. Not here-and-there seriously. But really seriously. What will it take for policy makers to take cybersecurity seriously enough ...
Schneier on Security

Hacking the Tax Code

| | economics of security, Hacking, laws, loopholes, Uncategorized
The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the ...
Schneier on Security

SolarWinds and Market Incentives

| | breaches, Data breaches, economics of security, essays, Uncategorized
In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration ...
Schneier on Security

An Examination of the Bug Bounty Marketplace

| | economics of security, Hacking, Reports, Uncategorized
Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of ...
Schneier on Security

Illegal Content and the Blockchain

| | Bitcoin, blockchain, botnets, censorship, cryptocurrency, economics of security, essays, tor, Uncategorized
Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the ...
Schneier on Security
The Century of the Self - Part 1: "Happiness Machines"

Should There Be Limits on Persuasive Technologies?

| | economics of security, essays, Marketing, national security policy, propaganda, Uncategorized
Persuasion is as old as our species. Both democracy and the market economy depend on it. Politicians persuade citizens to vote for them, or to support different policy positions. Businesses persuade consumers ...
Schneier on Security