We Have Root: Even More Advice from Schneier on Security

We Have Root......Page 3
About the Author......Page 7
Contents......Page 9
Why I Write about Tech for Popular Audiences......Page 13
Cyberconflicts and National Security......Page 17
Counterterrorism Mission Creep......Page 20
Syrian Electronic Army Cyberattacks......Page 23
The Limitations of Intelligence......Page 24
Computer Network Exploitation vs. Computer Network Attack......Page 27
iPhone Encryption and the Return of the Crypto Wars......Page 29
Attack Attribution and Cyber Conflict......Page 32
Metal Detectors at Sports Stadiums......Page 35
The Future of Ransomware......Page 37
Hacking Airplanes......Page 41
Reassessing Airport Security......Page 44
Hacking Consumer Devices......Page 47
Security Risks of Embedded Systems......Page 48
Samsung Television Spies on Viewers......Page 52
Volkswagen and Cheating Software......Page 54
DMCA and the Internet of Things......Page 57
Real-World Security and the Internet of Things......Page 59
Lessons from the Dyn DDoS Attack......Page 63
Regulation of the Internet of Things......Page 66
Security and the Internet of Things......Page 69
Botnets......Page 85
IoT Cybersecurity: What’s Plan B?......Page 86
The NSA’s Cryptographic Capabilities......Page 89
iPhone Fingerprint Authentication......Page 92
The Future of Incident Response......Page 94
Drone Self-Defense and the Law......Page 97
Replacing Judgment with Algorithms......Page 99
Class Breaks......Page 103
Candidates Won’t Hesitate to Use Manipulative Advertising to Score Votes......Page 105
The Security of Our Election Systems......Page 107
Election Security......Page 109
Hacking and the 2016 Presidential Election......Page 112
Restoring Trust in Government and the Internet......Page 115
The NSA Is Commandeering the Internet......Page 118
Conspiracy Theories and the NSA......Page 120
How to Remain Secure against the NSA......Page 122
Air Gaps......Page 126
Why the NSA’s Defense of Mass Data Collection Makes No Sense......Page 130
How the NSA Gets Its Backdoors......Page 133
How the NSA Designs Backdoors......Page 134
Design Strategies for Defending against Backdoors......Page 135
A Fraying of the Public/Private Surveillance Partnership......Page 137
Surveillance as a Business Model......Page 139
Finding People’s Locations Based on Their Activities in Cyberspace......Page 141
Tracking Locations with Cell Towers......Page 142
Finding You from Your Web Connection......Page 143
Surveillance by Algorithm......Page 144
Metadata = Surveillance......Page 148
Everyone Wants You to Have Security, But Not from Them......Page 149
Why We Encrypt......Page 152
Automatic Face Recognition and Surveillance......Page 153
The Internet of Things that Talk about You behind Your Back......Page 157
Security vs. Surveillance......Page 159
The Value of Encryption......Page 161
Congress Removes FCC Privacy Protections on Your Internet Usage......Page 164
Infrastructure Vulnerabilities Make Surveillance Easy......Page 166
Exploiting Existing Vulnerabilities......Page 168
“Wrongheaded and Dangerous”......Page 169
More on Feudal Security......Page 171
The Public/Private Surveillance Partnership......Page 174
Should Companies Do Most of Their Computing in the Cloud?......Page 176
Security Economics of the Internet of Things......Page 181
Human-Machine Trust Failures......Page 185
Government Secrecy and the Generation Gap......Page 187
Choosing Secure Passwords......Page 189
The Human Side of Heartbleed......Page 193
The Security of Data Deletion......Page 195
Living in a Code Yellow World......Page 196
Security Design: Stop Trying to Fix the User......Page 198
Security Orchestration and Incident Response......Page 200
Government Secrets and the Need for Whistleblowers......Page 205
Protecting Against Leakers......Page 209
Why the Government Should Help Leakers......Page 211
Lessons from the Sony Hack......Page 213
Reacting to the Sony Hack......Page 216
Attack Attribution in Cyberspace......Page 219
Organizational Doxing......Page 221
The Security Risks of Third-Party Data......Page 223
The Rise of Political Doxing......Page 226
Data Is a Toxic Asset......Page 227
Credential Stealing as an Attack Vector......Page 231
Someone Is Learning How to Take Down the Internet......Page 232
Who Is Publishing NSA and CIA Secrets, and Why?......Page 234
Who Are the Shadow Brokers?......Page 238
On the Equifax Data Breach......Page 242
Our Newfound Fear of Risk......Page 245
Take Back the Internet......Page 248
The Battle for Power on the Internet......Page 250
How the NSA Threatens National Security......Page 257
Who Should Store NSA Surveillance Data?......Page 260
Ephemeral Apps......Page 263
Disclosing vs. Hoarding Vulnerabilities......Page 265
The Limits of Police Subterfuge......Page 270
When Thinking Machines Break the Law......Page 272
The Democratization of Cyberattack......Page 274
Using Law against Technology......Page 276
Decrypting an iPhone for the FBI......Page 279
Lawful Hacking and Continuing Vulnerabilities......Page 281
The NSA Is Hoarding Vulnerabilities......Page 283
WannaCry and Vulnerabilities......Page 287
NSA Document Outlining Russian Attempts to Hack Voter Rolls......Page 291
Warrant Protections against Police Searches of Our Data......Page 293
References......Page 297
EULA......Page 306