Publications by Bruce Schneier http://www.belfercenter.org/rss/expert/54135/feed en Rediscovering Vulnerabilities http://www.belfercenter.org/publication/rediscovering-vulnerabilities <time datetime="00Z" class="datetime">Jul 21, 2017</time> <p>What is the likelihood that multiple parties will independently discover the same software vulnerability? Herr and Schneier discuss their recent paper "<a href="http://www.belfercenter.org/publication/taking-stock-estimating-vulnerability-rediscovery">Taking Stock: Estimating Vulnerability Rediscovery</a>." </p> Belfer Center http://www.belfercenter.org/publication/rediscovering-vulnerabilities Taking Stock: Estimating Vulnerability Rediscovery http://www.belfercenter.org/publication/taking-stock-estimating-vulnerability-rediscovery <time datetime="00Z" class="datetime">Jul 19, 2017</time> <p>This paper presents a new dataset of more than 4,300 vulnerabilities, and estimates vulnerability rediscovery across different vendors and software types. It concludes that rediscovery happens more than twice as often as the 1-9% range previously reported.</p> Belfer Center http://www.belfercenter.org/publication/taking-stock-estimating-vulnerability-rediscovery Russia's Attempt to Hack Voting Systems Shows That Our Elections Need Better Security http://www.belfercenter.org/publication/russias-attempt-hack-voting-systems-shows-our-elections-need-better-security <time datetime="00Z" class="datetime">Jun 6, 2017</time> <p>While the most recent leaked NSA document isn't much of a smoking gun, it's yet more evidence of widespread Russian attempts to interfere last year.</p> Belfer Center http://www.belfercenter.org/publication/russias-attempt-hack-voting-systems-shows-our-elections-need-better-security Why the NSA Makes Us More Vulnerable to Cyberattacks http://www.belfercenter.org/publication/why-nsa-makes-us-more-vulnerable-cyberattacks <time datetime="00Z" class="datetime">May 30, 2017</time> <p>Bruce Schneier discusses WannaCry, the National Security Agency, and the Vulnerabilities Equities Process and asks what the government's responsibility is when it discovers a vulnerability in a piece of software: alert the software vendor or keep it secret to use offensively.</p> Belfer Center http://www.belfercenter.org/publication/why-nsa-makes-us-more-vulnerable-cyberattacks Who Are the Shadow Brokers? http://www.belfercenter.org/publication/who-are-shadow-brokers <time datetime="00Z" class="datetime">May 23, 2017</time> <p>After the WannaCry outbreak, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools. Who are these guys? And how did they steal this information? The short answer is: We don't know. But we can make some educated guesses based on the material they've published.</p> Belfer Center http://www.belfercenter.org/publication/who-are-shadow-brokers What Happens When Your Car Gets Hacked? http://www.belfercenter.org/publication/what-happens-when-your-car-gets-hacked <time datetime="00Z" class="datetime">May 19, 2017</time> <p>Bruce Schneier advocates for stricter government regulation to improve security on "Internet of Things" (IoT) devices.  Without that, he argues, we are going to see hackers attacking our cars, digital video recorders, web cameras, refrigerators, and so much more as our dependency on IoT devices grows.  </p> Belfer Center http://www.belfercenter.org/publication/what-happens-when-your-car-gets-hacked The Next Ransomware Attack will be Worse than WannaCry http://www.belfercenter.org/publication/next-ransomware-attack-will-be-worse-wannacry <time datetime="00Z" class="datetime">May 16, 2017</time> <p>As more and more of our everyday devices connect to the Internet, they become vulnerable to ransomware and other computer threats. Bruce Schneier advocates for minimum security standards for critical IoT devices.</p> Belfer Center http://www.belfercenter.org/publication/next-ransomware-attack-will-be-worse-wannacry Making Democracy Harder to Hack http://www.belfercenter.org/publication/making-democracy-harder-hack <time datetime="00Z" class="datetime">May 1, 2017</time> <p>With the Russian government hack of the Democratic National Convention email servers and related leaks, the drama of the 2016 U.S. presidential race highlights an important point: nefarious hackers do not just pose a risk to vulnerable companies; cyber attacks can potentially impact the trajectory of democracies.</p> Belfer Center http://www.belfercenter.org/publication/making-democracy-harder-hack U.S. Elections are a Mess, Even Though There's No Evidence This One Was Hacked http://www.belfercenter.org/publication/us-elections-are-mess-even-though-theres-no-evidence-one-was-hacked <time datetime="00Z" class="datetime">Nov 23, 2016</time> <p>"Accountability is a major problem for U.S. elections. The candidates are the ones required to petition for recounts, and we throw the matter into the courts when we can't figure it out. This all happens after an election, and because the battle lines have already been drawn, the process is intensely political. Unlike many other countries, we don't have an independent body empowered to investigate these matters."</p> Belfer Center http://www.belfercenter.org/publication/us-elections-are-mess-even-though-theres-no-evidence-one-was-hacked American Elections Will Be Hacked http://www.belfercenter.org/publication/american-elections-will-be-hacked <time datetime="00Z" class="datetime">Nov 9, 2016</time> <p>"We need national security standards for voting machines, and funding for states to procure machines that comply with those standards. <a href="https://www.verifiedvoting.org/">Voting-security experts</a> can deal with the technical details, but such machines must include <a href="http://votingmachines.procon.org/view.answers.php?questionID=000291">a </a><a href="http://votingmachines.procon.org/view.answers.php?questionID=000291">paper ballot</a> that provides a record verifiable by voters. The simplest and most reliable way to do that is already practiced in 37 states: optical-scan paper ballots, marked by the voters, counted by computer but recountable by hand. And we need a system of pre-election and postelection security audits to increase confidence in the system."</p> Belfer Center http://www.belfercenter.org/publication/american-elections-will-be-hacked