On Chinese-Owned Technology Platforms
Schneier on Security
FEBRUARY 25, 2021
I am a co-author on a report published by the Hoover Institution: “ Chinese Technology Platforms Operating in the United States.”
This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Schneier on Security
FEBRUARY 25, 2021
I am a co-author on a report published by the Hoover Institution: “ Chinese Technology Platforms Operating in the United States.”
Krebs on Security
OCTOBER 26, 2021
federal investigators today raided the Florida offices of PAX Technology , a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. FBI agents entering PAX Technology offices in Jacksonville today. Headquartered in Shenzhen, China, PAX Technology Inc. organizations. Source: WOKV.com.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JUNE 1, 2023
Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. Poses ‘Risk of Extinction,’ Industry Leaders Warn.”
Schneier on Security
OCTOBER 30, 2020
Sunoo Park and Kendra Albert have published “ A Researcher’s Guide to Some Legal Risks of Security Research.” Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance.
Schneier on Security
MARCH 1, 2021
The company outsourced much of its software engineering to cheaper programmers overseas, even though that typically increases the risk of security vulnerabilities. In other words, the risk of a cyberattack can be transferred to the customers. SolarWinds certainly seems to have underspent on security.
Schneier on Security
DECEMBER 2, 2022
Technology changes the amplitude of the noise. The risks we face today are existential in a way they never have been before. The magnifying effects of technology enable short-term damage to cause long-term planet-wide systemic damage. It’s a “noisy” process. We can’t be sure of that anymore.
Joseph Steinberg
OCTOBER 12, 2022
Join Bonnie Stith, former Director of the CIA’s Center for Cyber Intelligence , and and Joseph Steinberg, renowned cybersecurity expert witness and columnist , for a special, free educational webinar, Best Practices for Asset Risk Management in Hospitals. The discussion will cover: * How IT asset risks have evolved.
Joseph Steinberg
DECEMBER 2, 2022
Patent number US 11,438,334 entitled Systems and Methods for Securing Social Media for Users and Businesses and Rewarding for Enhancing Security , discloses a robust invention that addresses the risks that posts to social media may pose to businesses and individuals alike. All of the patents can be read by visiting my Google Scholar page.
The Last Watchdog
OCTOBER 10, 2024
It powers rapid analysis of identity exposures across organizations, VIPs and supply chains, pattern of life analysis, threat actor attribution, insider risk analysis, financial crimes research, and more. To learn more and see insights on your company’s exposed data, users can visit spycloud.com.
Schneier on Security
MAY 12, 2023
as a broad set of technologies being marketed to companies to help them cut their costs, the question becomes: how do we keep those technologies from working as “capital’s willing executioners”? The question is worth considering across different meanings of the term “A.I.” If you think of A.I. Alternatively, if you imagine A.I.
Joseph Steinberg
JULY 20, 2022
And, while today’s commercially-created quantum machines are nowhere near powerful enough to approach quantum supremacy, absolutely nobody knows the true extent of the quantum capabilities of all of the technologically-advanced governments around the world. Clearly, there is a need to act in advance – and acting takes time.
The Last Watchdog
NOVEMBER 15, 2021
Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse. So, how do organizations prepare against such threats?
Daniel Miessler
MAY 14, 2020
What follows is a set of basic security hygiene steps that will significantly reduce your risk online. Turn on automatic updates, install updates from the operating system when you’re asked to, and make a regular habit of updating everything in your technology ecosystem. So, I decided to update the advice myself. Everything.
Joseph Steinberg
JULY 8, 2021
Ironically, while many larger enterprises purchase insurance to protect themselves against catastrophic levels of hacker-inflicted damages, smaller businesses – whose cyber-risks are far greater than those of their larger counterparts – rarely have adequate (or even any) coverage.
Joseph Steinberg
MAY 23, 2024
To read the piece, please see Oversight of the Management of Cybersecurity Risks: The Skill Most Corporate Boards Need, But Don’t Have on Newsweek.com. Earlier today, Newsweek published an op-ed that I wrote on this important topic.
The Last Watchdog
AUGUST 29, 2023
Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. There was another warning from the U.S.
Lohrman on Security
JANUARY 29, 2023
So what are the opportunities and risks with using this technology across different domains? ChatGPT is an AI-powered chatbot created by OpenAI.
The Last Watchdog
JANUARY 2, 2024
In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Related: How AI is transforming DevOps The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to organizations of all sizes and industries.
Schneier on Security
DECEMBER 13, 2022
As with any new technology, the development and deployment of ChatGPT is likely to have a significant impact on the field of cybersecurity. In many ways, ChatGPT and other AI technologies hold great promise for improving the ability of organizations and individuals to defend against cyber threats.
The Last Watchdog
MAY 5, 2022
Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. Best practices.
Security Affairs
OCTOBER 25, 2024
DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. So, how can you conduct a DLP risk assessment? What is a DLP Risk Assessment? Why Conduct a DLP Risk Assessment? Protecting sensitive data is what cybersecurity is all about.
The Last Watchdog
OCTOBER 4, 2023
The Omdia analysts called out a a handful of key proactive methodologies: Risk-Based Vulnerability Management (RBVM), Attack Surface Management (ASM), and Incident Simulation and Testing (IST). RBVM solutions don’t merely identify vulnerabilities, it quantifies and prioritizes them, making risk management more strategic.
Schneier on Security
NOVEMBER 15, 2022
But it risks giving the Egyptian government permission to read users’ emails and messages. The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices.
Security Boulevard
DECEMBER 4, 2024
China's growing presence in the global market for LiDAR, a remote sensing technology widely used in defense and commercial system, presents a national security risk for the United States, which already is dealing with intrusions into critical infrastructure networks by China-backed threat groups, according to a reporte.
Schneier on Security
SEPTEMBER 11, 2023
It wasn’t until the American Society of Mechanical Engineers demanded risk analysis and transparency that dangers from these huge tanks of boiling water, once considered mystifying, were made easily understandable. Fatalities in the first decades of aviation forced regulation, which required new developments in both law and technology.
Schneier on Security
MARCH 23, 2022
Consequently, the Agency may be facing a higher-than-necessary risk to its unclassified systems and data. However, on-going concerns including staffing challenges, technology resource limitations, and lack of funding to support such an expansion would need to be addressed prior to enhancing the existing program.
Schneier on Security
NOVEMBER 16, 2020
While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures.Online voting may seem appealing: voting from a computer or smart phone may seem convenient and accessible. You may have heard of Voatz, which uses blockchain for voting.
Schneier on Security
MAY 11, 2023
This means, at a minimum, the technology needs to be transparent. The problem isn’t the technology—that’s advancing faster than even the experts had guessed —it’s who owns it. Today’s AIs are primarily created and run by large technology companies, for their benefit and profit.
Schneier on Security
JANUARY 30, 2023
Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)? Do the proposed changes support different use cases in various sectors, types, and sizes of organizations (and with varied capabilities, resources, and technologies)? Are the proposed changes sufficient and appropriate?
Security Boulevard
DECEMBER 19, 2024
With technology front and center in virtually all business processes, it may seem counterintuitive to suggest that todays greatest cybersecurity risks dont stem from technology, but from people.Its widely recognized that people pose the greatest risk to data and security.
Schneier on Security
OCTOBER 2, 2023
The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil.
The Last Watchdog
APRIL 1, 2024
The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available. These key capabilities fall under the four competencies of oversight, process risk management, technology risk management, and human risk management.
Schneier on Security
MAY 31, 2022
Underlying these expectations are broadly shared assumptions that information technology increases operational effectiveness. In theory, subversion provides a way to exert influence at lower risks than force because it is secret and indirect, exploiting systems to use them against adversaries.
The Last Watchdog
SEPTEMBER 14, 2023
Fastly addresses these technological vulnerabilities by utilizing tools like Rust and WebAssembly. Leveraging WebAssembly’s sandboxing capabilities allows us to isolate potential risks, while Rust provides the memory safety essential for our modern internet applications. People are wary of technology and its creators.
Schneier on Security
JULY 25, 2024
In information technology, brittleness also results from the fact that hundreds of companies, none of which you;ve heard of, each perform a small but essential role in keeping the internet running. We have built a society based on complex technology that we’re utterly dependent on, with no reliable way to manage that technology.
The Last Watchdog
JULY 25, 2024
With this in mind, Last Watchdog sought commentary from technology thought leaders about what the CrowdStrike outage says about the state of digital resiliency. Implementing zero trust across the entirety of the technology stack would go a long way toward increasing resilience against events like this.
Joseph Steinberg
JANUARY 18, 2024
Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business Human society is increasingly dependent on computer systems and the data housed and utilized within IT (information technology) infrastructure. In none of the aforementioned three cases would any rational person try to “wing it” alone.
Krebs on Security
JULY 30, 2020
based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip.
Jane Frankland
APRIL 17, 2024
As technology weaves deeper into our lives, the swift exchange of information has become our reality. Without upholding digital trust, with every click, we not only risk security breaches, fraud and the misuse of our data but one’s own company’s reputation and the very foundation of our business operations.
Schneier on Security
NOVEMBER 13, 2023
Some items on my list are still speculative, but none require science-fictional levels of technological advance. When reading about the successes and failures of AI systems, it’s important to differentiate between the fundamental limitations of AI as a technology, and the practical limitations of AI systems in the fall of 2023.
Penetration Testing
NOVEMBER 30, 2024
Industrial environments are increasingly relying on wireless technologies to power critical operations.
Joseph Steinberg
NOVEMBER 17, 2021
He is also the inventor of several information-security technologies widely used today; his work is cited in over 500 published patents. Sepio’s hardware fingerprinting technology discovers all managed, unmanaged and hidden devices that are otherwise invisible to all other security tools.
Daniel Miessler
SEPTEMBER 17, 2021
is the transition from external security checks to internal risk analysis. If we only used vendors that have never been hacked, we’d be writing our own operating systems, CMS software, and 100 other pieces of core technology. Let’s add more detail to what we are proposing with Vendor Risk 2.0. Risk Visibility.
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content