Securing the International IoT Supply Chain

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: ...

Zoom’s Commitment to User Security Depends on Whether you Pay It or Not

Zoom was doing so well.... And now we have this: Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level ...

Security of Health Information

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization (WHO), the US ...

The US National Cyber Strategy

Last month, the White House released the "National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad ...

Five-Eyes Intelligence Services Choose Surveillance Over Security

The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a "Statement of Principles on Access to Evidence ...

E-Mailing Private HTTPS Keys

I don't know what to make of this story: The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities ...