The 2020 Workshop on Economics and Information Security (WEIS)
The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free. EDITED TO ADD (12/22): Ross Anderson...
View ArticleShould There Be Limits on Persuasive Technologies?
Persuasion is as old as our species. Both democracy and the market economy depend on it. Politicians persuade citizens to vote for them, or to support different policy positions. Businesses persuade...
View ArticleWEIS 2021 Call for Papers
The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers.
View ArticleIllegal Content and the Blockchain
Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to...
View ArticleAn Examination of the Bug Bounty Marketplace
Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives...
View ArticleInsurance Coverage for NotPetya Losses
Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must...
View ArticleSolarWinds and Market Incentives
In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of...
View ArticleHacking the Tax Code
The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of...
View ArticleWhat Will It Take?
What will it take for policy makers to take cybersecurity seriously? Not minimal-change seriously. Not here-and-there seriously. But really seriously. What will it take for policy makers to take...
View ArticleThe Security Vulnerabilities of Message Interoperability
Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that...
View ArticleDrones and the US Air Force
Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for...
View ArticleGoogle Pays $10M in Bug Bounties in 2023
BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch...
View ArticleRoss Anderson
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human...
View ArticleIn Memoriam: Ross Anderson, 1956-2024
Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version. EDITED TO ADD (4/11): Two weeks before he passed away, Ross gave an...
View ArticleBackdoor in XZ Utils That Almost Happened
Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much...
View Article
