…trying to make digital files uncopyable is like trying to make water not wet.

#BruceSchneier #Quote

...

on the hood...

*FACEPALM*

cc: @elfin
#BruceSchneier #SelfDrivingCars

Disabling Self-Driving Cars with a Traffic Cone

https://www.schneier.com/blog/archives/2023/07/disabling-self-driving-cars-with-a-traffic-cone.html

Two decades ago, my life changed forever: hearing #BruceSchneier explain that "#security" doesn't exist in the abstract. You can only be secure *from some threat*. A fire alarm won't protect you from burglaries. A condom won't protect you from mass shootings. It seems obvious, but how often do we hear about "security" without any mention of *who* is being made secure, and from *which* threat?

1/

Metadata is surveillance.
-- Bruce Schneier (Data and Goliath)

⬆ #Quotes #BruceSchneier #Data #Surveillance

⬇ #Photography #Panorama #TheMaze #Dollhouse #Canyonlands #Utah

#BruceSchneier
Power LED Side-Channel Attack

This is a clever new side-channel attack:The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­or of an attached peripheral device­during cryptographic operations.

https://www.schneier.com/blog/archives/2023/06/power-led-side-channel-attack.html

Via #BruceSchneier ±1 hour ago: "Operation Triangulation: Zero-Click iPhone Malware"

https://www.schneier.com/blog/archives/2023/06/operation-triangulation-zero-click-iphone-malware.html

#fz_links / #VulnerabilityDisclosure #iMessage #iOS #Apple #infosec #malware

Segnalo questo articolo di #BruceSchneier, una retrospettiva dell'affaire #Snowden a 10 anni da questo

https://www.schneier.com/blog/archives/2023/06/snowden-ten-years-later.html

"We have entered an era of LLM democratization."

https://www.schneier.com/blog/archives/2023/06/open-source-llms.html

#BruceSchneier #OpenSource #FreeSoftware #LLM #LLaMa #Meta #AI

Trying to make digital files uncopyable is like trying to make water not wet.
-- Bruce Schneier (Wired News (Sep, 07, 2006))

⬆ #Quotes #BruceSchneier #CopyProtection

⬇ #Photography #Panorama #Sunrise #LakeSantaFe #Florida

@me @BleepingComputer @mozilla @torproject because if there's one thing everyone from #BruceSchneier to the stupidest Windows-#Sysadmin will agree upon it's: "DON'T #TAMPER WITH #ENCRYPTION AND DON'T TRY TO BE "SMARTASS" UNLESS YOU KNOW EXACLTY WHAT YOU'RE DOING!"

As shit like that get people understandably sussy...

"Security vulnerabilities in the standards—­the protocols and software for 5G—­ensure that vulnerabilities will remain, regardless of who provides the hardware and software. These insecurities are a result of market forces that prioritize costs over security and of governments, including the United States, that want to preserve the option of surveillance in 5G networks."

#BruceSchneier, 2020

https://www.schneier.com/blog/archives/2020/01/china_isnt_the_.html

#5G #5Eyes

Excellent take on the #ai issue from #bruceschneier

https://www.schneier.com/blog/archives/2023/04/ai-to-aid-democracy.html

The 'nothing to hide argument' comes up again and again and it's obviously ridiculous. #Privacy is not about something to hide. Privacy is about human dignity
#BruceSchneier

Bruce #Schneier at EPFL Lausanne:
How to reclaim power in the digital world? Conversation with Bruce Schneier
Thursday, March 16, 2023

Info, registration:
https://memento.epfl.ch/event/how-to-reclaim-power-in-the-digital-world-conversa/

#bruceschneier #security #privacy #epfl

Bruce #Schneier at EPFL Lausanne:
How to reclaim power in the digital world? Conversation with Bruce Schneier
Thursday, March 16, 2023

Info, registration:
https://memento.epfl.ch/event/how-to-reclaim-power-in-the-digital-world-conversa/

#bruceschneier #security #privacy #epfl

Banning #TikTok
Congress is currently #debating #bills that would #ban TikTok in the United States.

We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter.

There are several ways Congress might ban TikTok, each with different efficacies and side effects.

Kommentsr
Man definiert u. teilt der Welt mit wer die Guten u. wer die Bösen sind.

Schneier on Security #BruceSchneier
https://www.schneier.com/blog/archives/2023/02/banning-tiktok.html

Banning #TikTok
Congress is currently #debating #bills that would #ban TikTok in the United States.

We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter.

There are several ways Congress might ban TikTok, each with different efficacies and side effects.

Kommentsr
Man definiert u. teilt der Welt mir wer die Guten u. wer die Bösen sind.

Schneier on Security #BruceSchneier
https://www.schneier.com/blog/archives/2023/02/banning-tiktok.html

hacking the tax code #BruceSchneier

The tax code isn’t software. But it’s still code. It’s a series of algorithms that takes an input, financial information and produces an output: the amount of tax owed. It’s incredibly complex code;
Like computer code, the tax code has bugs. They might be mistakes in how the tax laws were written. (...)
That’s a bug, but not a vulnerability. An example of a vulnerability is the “Double Irish with a Dutch Sandwich.”
https://cutt.ly/l3vfhYR
#security #tax

I largely agree with #BruceSchneier here, although there are limitations to using an approach backed by non-conflict safety-oriented analogies (car crashes, fresh food, fire-resistant pajamas [!] -- good luck vs a weapon). Still...

"[I]mprove government software procurement... to evaluate the security of the software and the security practices of the company, in detail, [and] to ensure that they are sufficient to meet the security needs of the network they’re being installed in. If these evaluations are made public, along with the list of companies that meet them, all network buyers can benefit from them."

and

"The government needs to set minimum security standards for software that’s used in critical network applications, just as it sets software standards for avionics."

https://www.schneier.com/blog/archives/2023/02/solarwinds-and-market-incentives.html

While still a step forward, Mr Schneier's approach still has problems:

1) regulatory capture of government agencies by scrutinized vendors;

2) irrelevant assessments leading to irrelevant results;

3) apathetic / ignorant / incapable customers who cannot put any useful government assessments to work in their environments.

While harsh, I advocate for regulation and practices that price insecure organizations out of the market. If it's too expensive to run your insecure IT, then you'll look for cheaper alternatives.

#cybersecurity

Book review: #BruceSchneier on #AI and #hacking civil society https://apnews.com/article/technology-science-cybercrime-reviews-4415c6770938cc9e3d923108b7389818 Schneier opines that "if strict guardrails aren’t put on AI, #robots with agency could unravel trust in vital institutions, social cohesion, civil engagement. Schneier worries about a repeat of the regulatory inattention that enabled Big Tech’s assault on privacy."