national security policy

CVE Program Almost Unfunded

| | DHS, national security policy, Uncategorized
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded ...
Schneier on Security

Arguing Against CALEA

| | CALEA, Cybersecurity, eavesdropping, national security policy, Telecom, Uncategorized
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and ...
Schneier on Security

DIRNSA Fired

| | national security policy, nsa, Privacy, surveillance, Uncategorized
In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch of us were saying at the ...
Schneier on Security

DOGE as a National Cyberattack

| | breaches, Hacking, national security policy, Uncategorized
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, ...
Schneier on Security

The Scale of Geoblocking by Nation

| | academic papers, Cuba, national security policy, Privacy, surveillance, Uncategorized
Interesting analysis: We introduce and explore a little-known threat to digital equality and freedom­websites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information ...
Schneier on Security

NIST Releases First Post-Quantum Encryption Algorithms

| | cryptography, encryption, national security policy, NIST, quantum computing, security standards, Uncategorized
From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was ...
Schneier on Security
U.S. Capitol Dome at sunset

House Passes Privacy-Preserving Bill, but Biden Blasts it

| | 4th Amendment, adtech, Advertising and AdTech, Biden, Biden administration, Biden-Harris, Congress, congressional legislation, Data Broker, Data broker regulations, Data Brokers, foreign adtech, Fourth Amendment, Fourth Amendment is Not For Sale Act (FANFSA ), H.R. 4639, House of Representatives, Joe Biden, national security, national security policy, President Biden, SB Blogwatch, US Congress, White House
Are you a FANFSA fan? The White House isn’t. It says the bill “threatens national security.” ...
Security Boulevard

Backdoor in XZ Utils That Almost Happened

| | backdoors, economics of security, essays, Hacking, Infrastructure, Linux, national security policy, open source, SSH, supply chain, Uncategorized
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
Schneier on Security

OpenAI Is Not Training on Your Dropbox Documents—Today

| | Artificial Intelligence, Data Collection, national security policy, Trust, Uncategorized
There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced, but there’s still a lot ...
Schneier on Security

Spying through Push Notifications

| | metadata, national security policy, Privacy, spyware, surveillance, transparency, Uncategorized
When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own ...
Schneier on Security
Load more