Type Book
Date 2019
Pages 289
Tags nonfiction, collection, security

We Have Root: Even More Advice from Schneier on Security

Name Role
Bruce Schneier Author


Introduction xi
1: Crime, Terrorism, Spying, and War 1
    Cyberconflicts and National Security 1
    Counterterrorism Mission Creep 4
    Syrian Electronic Army Cyberattacks 7
    The Limitations of Intelligence 8
    Computer Network Exploitation vs. Computer Network Attack 11
    iPhone Encryption and the Return of the Crypto Wars 13
    Attack Attribution and Cyber Conflict 16
    Metal Detectors at Sports Stadiums 19
    The Future of Ransomware 21
2: Travel and Security 25
    Hacking Airplanes 25
    Reassessing Airport Security 28
3: Internet of Things 31
    Hacking Consumer Devices 31
    Security Risks of Embedded Systems 32
    Samsung Television Spies on Viewers 36
    Volkswagen and Cheating Software 38
    DMCA and the Internet of Things 41
    Real-World Security and the Internet of Things 43
    Lessons from the Dyn DDoS Attack 47
    Regulation of the Internet of Things 50
    Security and the Internet of Things 53
    Botnets 69
    IoT Cybersecurity: What’s Plan B? 70
4: Security and Technology 73
    The NSA’s Cryptographic Capabilities 73
    iPhone Fingerprint Authentication 76
    The Future of Incident Response 78
    Drone Self-Defense and the Law 81
    Replacing Judgment with Algorithms 83
    Class Breaks 87
5: Elections and Voting 89
    Candidates Won’t Hesitate to Use Manipulative Advertising to Score Votes 89
    The Security of Our Election Systems 91
    Election Security 93
    Hacking and the 2016 Presidential Election 96
6: Privacy and Surveillance 99
    Restoring Trust in Government and the Internet 99
    The NSA Is Commandeering the Internet 102
    Conspiracy Theories and the NSA 104
    How to Remain Secure against the NSA 106
    Air Gaps 110
    Why the NSA’s Defense of Mass Data Collection Makes No Sense 114
    Defending Against Crypto Backdoors 117
    A Fraying of the Public/Private Surveillance Partnership 121
    Surveillance as a Business Model 123
    Finding People’s Locations Based on Their Activities in Cyberspace 125
    Surveillance by Algorithm 128
    Metadata = Surveillance 132
    Everyone Wants You to Have Security, But Not from Them 133
    Why We Encrypt 136
    Automatic Face Recognition and Surveillance 137
    The Internet of Things that Talk about You behind Your Back 141
    Security vs. Surveillance 143
    The Value of Encryption 145
    Congress Removes FCC Privacy Protections on Your Internet Usage 148
    Infrastructure Vulnerabilities Make Surveillance Easy 150
7: Business and Economics of Security 155
    More on Feudal Security 155
    The Public/Private Surveillance Partnership 158
    Should Companies Do Most of Their Computing in the Cloud? 160
    Security Economics of the Internet of Things 165
8: Human Aspects of Security 169
    Human-Machine Trust Failures 169
    Government Secrecy and the Generation Gap 171
    Choosing Secure Passwords 173
    The Human Side of Heartbleed 177
    The Security of Data Deletion 179
    Living in a Code Yellow World 180
    Security Design: Stop Trying to Fix the User 182
    Security Orchestration and Incident Response 184
9: Leaking, Hacking, Doxing, and Whistleblowing 189
    Government Secrets and the Need for Whistleblowers 189
    Protecting Against Leakers 193
    Why the Government Should Help Leakers 195
    Lessons from the Sony Hack 197
    Reacting to the Sony Hack 200
    Attack Attribution in Cyberspace 203
    Organizational Doxing 205
    The Security Risks of Third-Party Data 207
    The Rise of Political Doxing 210
    Data Is a Toxic Asset 211
    Credential Stealing as an Attack Vector 215
    Someone Is Learning How to Take Down the Internet 216
    Who Is Publishing NSA and CIA Secrets, and Why? 218
    Who Are the Shadow Brokers? 222
    On the Equifax Data Breach 226
10: Security, Policy, Liberty, and Law 229
    Our Newfound Fear of Risk 229
    Take Back the Internet 232
    The Battle for Power on the Internet 234
    How the NSA Threatens National Security 241
    Who Should Store NSA Surveillance Data? 244
    Ephemeral Apps 247
    Disclosing vs. Hoarding Vulnerabilities 249
    The Limits of Police Subterfuge 254
    When Thinking Machines Break the Law 256
    The Democratization of Cyberattack 258
    Using Law against Technology 260
    Decrypting an iPhone for the FBI 263
    Lawful Hacking and Continuing Vulnerabilities 265
    The NSA Is Hoarding Vulnerabilities 267
    WannaCry and Vulnerabilities 271
    NSA Document Outlining Russian Attempts to Hack Voter Rolls 275
    Warrant Protections against Police Searches of Our Data 277
References 281