Obfuscation and network security.  [Packet Pushers]

Using LLMs to exploit vulnerabilities.  [Schneier]

Exploiting mistyped URLs.  [Schneier]  [ACM DL]

Breaking a password manager.  [Schneier]  [Wired]

How did authorities identify the alleged Lockbit boss?  [Krebs]

Submarine cables must have high-priority protection.  [The Register]

E2E encryption is already out there.  [The Register]

Whale song code.  [Schneier]  [TWZ]

Microsoft is a national security threat.  [The Register]  [Schneier]  [The Register]

Stateful firewall cluster HA theatre.  [ipSpace]

Cybersecurity is broken.  [ipSpace]  [CrankySec]

Declassified NSA newsletters.  [Schneier]  [PDF]

Secure network design starts with segmentation.  [Packet Pushers]

Details of a phone scam.  [Schneier]  [The Cut]  [Pluralistic]

On passkey usability.  [Schneier]  [Wired]

How not to write about network security.  [The Register]

What is a ransomware attack?  [ipCisco]

Spaf on the Morris worm.  [Schneier]  [Purdue]

Victims of success.  [Networking Nerd]

Side Eye attack: recovering audio from still smartphone images.  [Restore Privacy]

Thoughts on zero trust architecture.  [ipSpace]

Tourists give themselves away by looking up - and so do most network intruders.  [Krebs]

Top security benefits of improved network resiliency.  [Network Computing]

Practice your security prompting skills.  [Schneier]

Why is it so rare to hear about Western cyber-attacks?  [BBC News]

How the FBI uncovered the IP address of a Tor hidden service.  [Restore Privacy]

Spoofing ICMP redirects for fun and profit.  [ipSpace]

Network security vulnerabilities - the root causes.  [ipSpace]

Security risks of AI.  [Schneier]  [CSET PDF]

IPv6 security in Layer 2 firewalls.  [ipSpace]

Turning WiFi into a thick yellow cable.  [ipSpace]

The hidden danger to zero trust: excessive cloud permissions.  [Graham Cluley]

Friction as a network security concept.  [Networking Nerd]

Scanning SSH servers.  [Weberblog]

Deep dive into ransomware evolution.  [Trend Micro: part 1]

What CISOs should understand about the zero trust model.  [Network Computing]

Companies struggle with zero trust as attackers adapt to get round it.  [DC Knowledge]

Zero trust and the modern enterprise - a practical path forward.  [DC Knowledge]

Passwords are terrible - surprising nobody.  [Schneier]  [Ars Technica]

A guide to phishing attacks.  [Schneier]  [TidBITS]

NSA IPv6 security guide.  [The Register]  [NSA PDF]

Who sends TCP RSTs?  [Weberblog]

Hacking cars remotely with just their VIN.  [Graham Cluley]

Defeating phishing-resistant MFA.  [Schneier]  [LinkedIn]

NSA on supply chain security.  [Schneier]  [NSA]

Improving network security through segmentation.  [Network Computing]  [No Jitter]

Know your adversaries: top network bad actors.  [Network Computing]

Improving network security through segmentation.  [No Jitter]

How 1-time passcodes became a corporate liability.  [Krebs]

Levels of assurance for DoD microelectronics.  [Schneier]  [NSA, PDF]

Why ZTNA isn't really about the network.  [Network Computing]

The security pros and cons of using email aliases.  [Krebs]

How social engineering impacts physical security.  [DC Knowledge]

NSA's zero trust guidelines - an explainer.  [Network Computing]

Article on NSO Group.  [Schneier]  [The New Yorker]

Mitigate supply chain attacks with microsegmentation and ZTNA.  [Packet Pushers]

Bypassing 2FA.  [Schneier]  [Ars Technica]

Network encryption: a double-edged sword for cybersecurity.  [DC Knowledge]

Conti ransomware group diaries:

• Part 1 - Evasion.  [Krebs]

• Part 2 - The office.  [Krebs]

• Part 3 - Weaponry.  [Krebs]

• Part 4 - Cryptocrime.  [Krebs]

How to choose a red team service provider.  [Network Computing]

Keep it locked.  [The Verge]

• How to hide your email address from data collectors.  [The Verge]

Advice for personal digital security.  [Schneier]  [Ars Technica: part 1, part 2, part 3, part 4]

Why I hate password rules.  [Schneier]

DNSSEC with RSA-4096 keys.  [Geoff Huston]

Security risks of client-side scanning.  [Schneier]

Hardening your VPN.  [Schneier]  [NSA]  [PDF]

Does your organisation have a security.txt file?  [Krebs]

History of the HX-63 rotoro machine.  [Schneier]  [IEEE Spectrum]

Implementing zero trust for a borderless world.  [Packet Pushers]

No More Ransonware website.  [Graham Cluley]

Intentional flaw in GPRS encryption algorithm GEA-1.  [Schneier]

VPNs and trust.  [Schneier]

Firewall basics - sent vs received values.  [Weberblog]

Hacker lexicon: What is a supply chain attack?  [Ars Technica]

The misaligned incentives for cloud security.  [Schneier]

How to tell a job offer from an ID theft trap.  [Krebs]

Declassified NSA document on cryptography in the 1970s.  [Schneier]  [PDF]

A networking perspective on zero trust architecture (ZTA).  [Ethan Banks]

Zero trust networking -- too hard?  [Packet Pushers]

Does Tor provide more benefit or harm?  [Ars Technica]

Why do we still have DDoS attacks?  [NANOG 80]

Fixing firewall ruleset problems for good.  [ipSpace]

Confessions of an ID theft kingpin.  [Krebs: part 1, part 2]

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users.  [Ars Technica]  [Engadget]  [The Register]  [Schneier]  [NSA PDF]

Everything you need to know about getting a VPN.  [Engadget]

How to use 2FA.  [Restore Privacy]

How to create strong passwords.  [Restore Privacy]

How to start using a password manager.  [Engadget]

NSA on securing VPNs.  [Schneier]  [NSA Short PDF]  [NSA Full PDF]

Nmap tutorial to find network vulnerabilities.  [NetworkChuck]

The unintended harms of cybersecurity.  [Schneier]  [CAM PDF]

Off-path TCP attacks.  [Russ White]

Password changing after a breach.  [Schneier]

Choosing 2FA authenticator apps can be hard.  [Ars Technica]

Types of VPN.  [Weberblog]

Cyber attacks, network attacks.  [ipCisco]

The case for limiting your browser extensions.  [Krebs]

SIM hijacking.  [Schneier]

Inside ‘Evil Corp,’ a $100M cybercrime menace.  [Krebs]

How to ensure that a firewall is still providing adequate protection.  [Network Computing]

Homemade TEMPEST receiver.  [Schneier]  [THG]

ICT supply-chain security.  [Schneier]  [Carnegie]

Why passwords don't work, and what will replace them.  [BBC News]

Dark traffic.  [Geoff Huston]

Factoring 2048-bit numbers using 20 milion qubits.  [Schneier]

IPv6 backscatter and address space scanning.  [Russ White]

MFA isn't perfect, but that's not a reason to not use it.  [Bitdefender]

Cracking forgotten passwords.  [Schneier]  [Engadget]

The Verge guide to privacy and security.  [The Verge]

The myth of consumer-grade security.  [Schneier]

Spies, lies and data thieves: it's time to get a VPN.  [Engadget]

The untold story behind the world's first major Internet attack: the Morris worm.  [ExtremeTech]  [Mashable]

You need a password manager -- right now.  [Engadget]

There is always a back door.  [Russ White]

How legendary hackers wound up working for the CIA.  [Engadget]

Regulating international trade in commercial spyware.  [Schneier]

Five firewall configuration mistakes to avoid.  [Network Computing]

Complex networks getting harder to secure.  [Network Computing]

The risks of password managers.  [Security]  [Medium]

Password psychology.  [ITP Techblog]

How does the zero trust security model impact network design?  [Packet Pushers]

Fingerprinting iPhones with the built-in gyroscope.  [Graham Cluley]  [Schneier]

When can we finally get rid of passwords?  [The Verge]

How not to acknowledge a data breach.  [Krebs]

Four tips to worsen your network security.  [Network Computing]

Why phone numbers stink as identity proof.  [Krebs]

Cybersecurity for the public interest.  [Schneier]

Inside the DNSpionage hacks that hijack domains at an unprecedented scale.  [Ars Technica]

Long-Tail DoS attacks.  [Network Collective]  [Russ White]

Military carrier pigeons in the era of electronic warfare.  [Schneier]  [War On The Rocks]

3 basic security practices will protect your DNS from compromise.  [Network Computing]

The evolution of Darknets.  [Schneier]  [Opaque]

El Chapo's encryption defeated by turning his IT consultant.  [Schneier]  [NYT]

How to know if a bot has sent an email from your account.  [BBC News]

Back issues of NSA's Cryptolog.  [Schneier]  [National Security Archive]

How a hacker obtained Motorola source code with a few phone calls.  [HardOCP]  [Motherboard YouTube]

Online security and privacy: what an email address reveals.  [BBC News]

DDoS mitigation.  [Network Collective]  [Russ White]

Make VPN work for you: IPsec vs SSL.  [DC Journal]

The diminishing returns of strong passwords.  [Russ White]

Operational security considerations for IPv6 networks.  [ipSpace]  [IETF Draft]

Best Internet security: layers of protection and good habits.  [The Wirecutter]

The best antivirus is not traditional antivirus.  [The Wirecutter]

Primer on 2FA security.  [Schneier]  [Medium]

Network security shrinks to zero-trust.  [Network Computing]

Why you should embrace zero-trust networking.  [No Jitter]

How to secure your accounts with better 2FA.  [Wired]

DDoS evolution and enhancing DDoS protection with BGP flowspec.  [NANOG YouTube]

Bypassing security with IPv6.  [Russ White]  [Dark Reading]

Font steganography.  [Schneier]  [CS PDF]  [Security Boulevard]  [ScienceDaily]  [Wired]

TLS 3.0.  [Russ White]  [Dark Reading]

Why DDoS won't die.  [Russ White]  [Dark Reading]

Supply chain security.  [Schneier]  [Russ White]

Advantages and risks of cloud computing regarding security.  [ReadWriteWeb]

Just how random are two-factor authentication codes?  [Wired]

Disaggregation and firewalls.  [Russ White]

Find out who is leaking your secrets with help from invisible zero-width characters.  [Graham Cluley]

11 telltale signs your accounts and devices have been hacked.  [Gizmodo]

The evolution of DDoS attacks.  [Russ White]  [CircleID]

Side channel attacks.  [Russ White]

How creative DDoS attacks still slip past defences.  [Wired]

Operation Bayonet -- inside the sting that hijacked an entire Dark Web drug market.  [Wired]

Lookalike domains and visual confusion.  [Krebs]

A new twist in SSDP DDoS attacks.  [NANOG 72 YouTube]

Communication is key when responding to a cybersecurity incident.  [Bitdefender]

Quantum computing and cryptography.  [Russ White]  [ECI Telecom]

Firewall policies.  [Russ White]  [APNIC Blog]

What to put in your password manager.  [Lifehacker]

The 'doublespeak' of responsible encryption.  [Wired]

Get a password manager -- no more excuses.  [Wired]

Nmap tutorial.  [Network Computing]

Security planner.  [Schneier]  [Security Planner]

The Wired guide to digital security.  [Wired]

• Smartphone security 101.  [Wired]

• The grand Tor: how to go anonymous online.  [Wired]

• What to do if you're being doxed.  [Wired]

• The most secure account of all.  [Wired]

• Resist phishing attacks with three golden rules.  [Wired]

• Extreme security measures for the extra paranoid.  [Wired]

• How to encrypt all of the things.  [Wired]

• The ABCs of keeping your kids safe online.  [Wired]

• Physical measures to increase your digital security.  [Wired]

• Take these 7 steps to reach password perfection.  [Wired]

History of DDoS.  [Russ White]

Hiding the DNS.  [Geoff Huston]  [Russ White]

DDoS and the DNS.  [Geoff Huston]  [Russ White]

Simple security techniques for your environment.  [Packet Pushers]

Honeypots and the art of deceiving hackers.  [DC Knowledge]

History of DDoS.  [Network Collective]

Motherboard digital security guide.  [Schneier]  [Motherboard]

Account hijacks.  [Russ White]  [Google Security]

Everything you have been told about passwords is wrong.  [NZ Herald]

Hacking back.  [Schneier]  [Slate]  [Russ White]

Stealing passwords by asking.  [Russ White]  [Felix Krause]

Hacking a power grid in three not-so-easy steps.  [Wired]

Changes in password best practices.  [Schneier]  [NIST PDF]

Operationalizing ISP cooperation during DDoS attacks.  [NANOG YouTube]

Network survival in an age of pervasive DDoS.  [NANOG YouTube]

The only safe email is text-only email.  [HardOCP]  [The Conversation]

Three steps to avoid ransomware.  [DC Journal]

What is DNS hijacking?  [Wired]

Ross Anderson on the history of the Crypto Wars in the UK.  [Schneier]  [CU: YouTube]  [Light Blue Touchpaper]

How to create a strong password.  [Lifehacker]

What's the most secure way to lock your smartphone?  [Gizmodo]

Alternatives to government-mandated encryption backdoors.  [Schneier]  [Scribd]  [Lawfare]

How to use a password manager - and why you really should.  [The Verge]

Implementing security as a set of services.  [Russ White]  [APNIC Blog]

Checklist for getting a grip on DDoS attacks and the botnet army.  [DC Knowledge]

How I learned to stop worrying (mostly) and love my threat model.  [Ars Technica]

Your phone is your most valuable gadget -- protect it now.  [Wired]

How to protect your digital self.  [Wired]

Getting serious about security: how MSPs can deliver.  [DC Journal]

The hidden risks of WiFi.  [PocketNow]

What is steganography?  [Wired]

How to spot and remove stalkerware.  [Gizmodo]

How to spring clean your digital clutter to protect yourself.  [Wired]

How to build your own VPN if you’re (rightfully) wary of commercial options.  [Ars Technica]

Ransomware and IoT.  [Schneier]

Network-sniffing, automation, machine learning: how to get better threat intel.  [The Register]

Site-to-site IPSec VPN.  [Packet Pushers]

• Site-to-site IPSec VPN through NAT.  [Packet Pushers]

Password and security recommendations.  [Russ White]  [CircleID]

Faking domain names with unicode characters.  [Schneier]  [Xudong Zheng]

PDoS attacks.  [Russ White]  [Radware]

Firewall reviews from the frontlines.  [Network Computing]  [IT Central Station]

Defence in Depth: A 'layered' strategy can repel cold attackers.  [The Register]

Building better ransomware.  [Russ White]  [Cryptography Engineering]

History of US information warfare.  [Schneier]  [The Strategy Bridge]

18 ways to make your online accounts more secure.  [Gizmodo]

Cybersecurity tips for the mildly paranoid.  [Stuff]

Hacker lexicon: what is an attack surface?  [Wired]

A one-stop guide to zero-day exploits.  [Wired]

Defence against doxing.  [Schneier]

All about the dark web, and how to use it.  [ExtremeTech]

Botnets.  [Schneier]

DDoS mitigation:

• Mitigating DDoS.  [Russ White]

• Blocking a DDoS upstream.  [Russ White]

Top 10 ways to stay safe on public Wi-Fi networks.  [Lifehacker]

How Google fought back against a crippling IoT-powered botnet and won.  [Ars Technica]  [Krebs]

Running from DDoS.  [Russ White]  [Arbor Networks]

DDoSing has evolved in the vacuum left by IoT's total absence of security.  [The Register]

Dispersing a DDoS: initial thoughts on DDoS protection.  [Russ White]

Hacker lexicon: what is the attribution problem?  [Wired]

Firewalls 101: how to choose the right one.  [Network Computing]

I’m throwing in the towel on PGP, and I work in security.  [Ars Technica]  [Schneier]

• Why I’m not giving up on PGP.  [Ars Technica]  [Schneier]

A guide to VPN basics.  [Network Computing]

Why your password is still important - even if you use multi-factor authentication.  [Graham Cluley]

Blocking DDoS at domain registration.  [Russ White]  [CircleID]

Why DDoS mitigation solutions must address small-scale attacks.  [DC Knowledge]

New strategies for securing our personal lives.  [Russ White]  [Lawfare]

How to stop hackers from spying with your webcam.  [Gizmodo]

How to protect your home network.  [Stuff]

Stop trying to deter cyber criminals.  [Russ White]  [ACM]

The psychology of bad password habits.  [Schneier]  [HelpNetSecurity]  [Russ White]

Do I need redundant firewalls?  [ipSpace]

Elliptic curve cryptography and DNS.  [Russ White]  [Geoff Huston]

The difference between two-factor and two-step authentication.  [Lifehacker]  [StackExchange]

Using DNS names in firewall rulesets.  [ipSpace]  [Russ White]

Infographic: common ways scammers try to phish your account.  [Lifehacker]  [Digital Guardian]

Security tips: stop trying to fix the user.  [Schneier]

Exploring the cybercrime underground:

• Part 1: an introduction.  [Palo Alto Networks]

• Part 2: the forum ecosystem.  [Palo Alto Networks]

The trick to choosing a password that's easy to remember but hard to crack.  [Stuff]

Inside ‘The Attack That Almost Broke the Internet'.  [Krebs]  [CloudFlare]

Tracking the hackers.  [Russ White]  [The Smoking Gun]

How to protect yourself from mobile ID theft.  [Graham Cluley]

What is the dark web?  [BBC News]  [NZ Herald]

How hackers get your passwords in non-technical ways - and what to do about it.  [Lifehacker]  [TheMediaShow YouTube]

Frequent password changes is a bad security idea.  [Schneier]  [Ars Technica]  [HardOCP]

Which form of 2FA should I use?  [Lifehacker]

How to check if someone else is using your social media accounts.  [Gizmodo]

Thwarting APT attacks.  [Network Computing]

How to protect your data in hotels, airports and public spaces when traveling.  [NZ Herald]  [Stuff]

DNS cookies and DDoS attacks.  [Russ White]

Why complex password requirements don't necessarily make you safer.  [Lifehacker]

Encryption is a red herring.  [Russ White]  [Real Clear Policy]

Sophisticated hack attack? Don't believe the hype.  [Engadget]

How to stay safe on public WiFi.  [Gizmodo]

You may take password security seriously now, but your past can haunt you.  [Graham Cluley]  [Stuff]  [Wired]  [NZ Herald]

Seven password experts on how to lock down your online security.  [Wired]

How to evade the NSA: OpSec guide for journalists also used by terrorists.  [The Register]  [Trend Micro]

Encryption explained for the less tech savvy.  [Lifehacker]

The untold story of the teen hackers who transformed the early Internet.  [Gizmodo]

Hacker lexicon: what are white hat, gray hat, and black hat hackers?  [Wired]

Botnets.  [Computerphile]

Securing a Cisco router: the basics.  [Network Computing]

Top 10 tech security basics every person should follow.  [Lifehacker]

Confused by crypto? Here's what that password hashing stuff means in English.  [The Register]

Cryptography is harder than it looks.  [Schneier]

There can be no middle ground on encryption.  [ExtremeTech]

Cyberthreat: how to respond...and when.  [The Register]

Should we stop encryption? Can we?  [Russ White]

1981 US document on encryption policy.  [Schneier]  [ITS, PDF]

How social engineering attacks happen, and how you can avoid them.  [Lifehacker]  [Smart]

Ransomware: anatomy of an attack.  [EE Times]

Two-factor authentication (2FA) versus two-step verification (2SV).  [Graham Cluley]

Classifying data structures security.  [Russ White]  [DC Journal]

Research - TEMPEST edition.  [Russ White]

What happens when you dare expert hackers to hack you.  [HardOCP]  [YouTube]

Password length does matter.  [Network Inferno]

Security by obscurity.  [Network Guru]

Security vs surveilance.  [Schneier]

Should firewalls track TCP sequence numbers?  [ipSpace]

Horrible story of digital harassment.  [Schneier]  [Fusion]

Hacker lexicon: what are DoS and DDoS attacks?  [Wired]

Security starts with the network.  [Network Computing]

1981 CIA report on deception.  [Schneier]  [Government Attic PDF]

Different kinds of encryption and why it’s so important in today’s mobile lifestyle.  [PocketNow]

More writings on the second crypto wars.  [Schneier]  [Huffington Post]  [CQure]

Why 30-year-old computer hacking methods still work.  [Gizmodo]

How close are you to your passwords?  [Graham Cluley]

A use case for an SSH bastion host.  [Scott Lowe]

NSA lectures on communications security from 1973.  [Schneier]

Five security best practices for cloud and virtualization platforms.  [DC Knowledge]

These are Snowden's favorite security tools -- that anyone can use.  [THG]

How to create an untraceable messaging device with an old phone.  [Lifehacker]

Create complex passwords you'll always remember with poetry.  [Lifehacker]  [ISI PDF]

Don't kill the password -- change the password.  [Wired]

Must read: James Mickens on security.  [ipSpace]  [Usenix PDF]

The benefits of endpoint encryption.  [Schneier]  [FTC]

How security flaws work: the buffer overflow.  [Ars Technica]

How to stop a domestic abuser stalking you via your smartphone.  [Graham Cluley]

Sysadmins who fail to change default configurations, leave petabytes of data at risk.  [Graham Cluley]

The outing of ECHELON.  [Schneier]  [The Intercept]

Why the password hackers never trigger an account lockout.  [Graham Cluley]

Using secure chat.  [Schneier]  [The Intercept]

TEMPEST attack.  [Schneier]  [TAU]  [Wired]

Why we encrypt.  [Schneier]

History of the first crypto war.  [Schneier]  [OTI]

How to hack into an email account, just by knowing your victim's mobile number.  [Graham Cluley]

The Dark Web as you know it is a myth.  [Wired]

Why using security questions to reset your online password is unsafe.  [Stuff]

How I learned to stop worrying and embrace the security freeze.  [Krebs]

What to do when you lose your phone.  [PocketNow]

This video explains everything you need to know about DDoS attacks.  [Lifehacker]  [YouTube]

Net of insecurity: the making of a vulnerable internet:  [Schneier]

• Part 1: A flaw in the design.  [Washington Post]

• Part 2: The long life of a quick fix.  [Washington Post]

• Part 3: A disaster foretold -- and ignored.  [Washington Post]

Why firewalls won't matter in a few years.  [EtherealMind]

What I do as an ethical hacker.  [Lifehacker]

How DDoS has evolved into new threats against a data center.  [DC Knowledge]

IdentityTheft.gov shows you how to recover from a stolen identity.  [Lifehacker]  [identitytheft.gov]

Who's scanning your network?  Answer: everyone.  [Krebs]

Web Served: How to make your site all-HTTPS, all the time, for everyone.  [Ars Technica]

Encrypting your laptop demystified.  [BoingBoing]  [The Intercept]

What's your security maturity level?  [Krebs]

The life of an ex-hacker who is now banned from using the Internet.  [Gizmodo]

How to detect sneaky NSA 'quantum insert' attacks.  [Wired]  [The Register]  [Schneier]

Why sharing your security secrets is a good thing.  [Wired]

Why the entire premise of Tor-enabled routers is ridiculous.  [Ars Technica]

Hacker lexicon: what is phishing and spear phishing?  [Wired]

Cellphone OpSec.  [Schneier]  [FastCompany]

How to combat online scam artists.  [Stuff]

Automating network security.  [ipSpace, YouTube]

Your strong password may be weaker than you think.  [ReadWriteWeb]

NSA-proof passwords.  [BoingBoing]  [Gizmodo]  [The Intercept]

Snowden-approved: The ‘Citizenfour’ hacker’s toolkit.  [ExtremeTech]

Paper on digital intelligence.  [Schneier]  [Cigi]

A history of internet spying.  [Gizmodo: part 1, part 2, part 3, part 4, part 5]

How we become habituated to security warnings on computers.  [Schneier]  [BYU PDF]

Automating network security.  [ipSpace, ipSpace]

Evaluation guide: encryptors for metro and carrier ethernet.  [ipSpace]  [Christoph Jaggi: PDF]

9 facts about computer security that experts wish you knew.  [Gizmodo]

Three steps to save ourselves from firmware attacks.  [BoingBoing]  [EFF]

How to sabotage encryption software, and not get caught.  [Wired]

Companies should never try to intercept their users' encrypted traffic.  [BoingBoing]  [EFF]

Being hacked is good for business - or why you need to do security detection not security prevention.  [EtherealMind]

How hackers can hijack your website and read your email, without hacking your company  [TripWire]

The most common numbers in 10 million passwords.  [Gizmodo]

A history of Internet spying.  [Gizmodo: part 1, part 2, part 3, part 4, part 5]

The root of the problem: how to prevent security breaches.  [Wired]

Stop trolls stealing your online identity.  [BBC News]

Securing a logging environment.  [Network Inferno]

The real impact of surveillance.  [BoingBoing]  [Open Rights Group]

What's the best file encryption tool?  [Lifehacker]

• Five best encryption tools.  [Lifehacker]

• Most popular file encryption tool: VeraCrypt.  [Lifehacker]

Today's hackers are more sophisticated than you think.  [ReadWriteWeb]

The industrialisation of hacking.  [Cisco]

Securing your connection anywhere you go.  [PacketU]

Here is EFF's master plan for ending global mass surveillance.  [Gizmodo]  [EFF]

Accountability as a security system.  [Schneier]

How to protect your information from the Internet.  [Kotaku]

How to stop data thieves from stealing information off your old gadgets.  [Gizmodo]

The EFF’s secure messaging scorecard. Which app will you use?  [Lumension]  [EFF]

The importance of deleting old stuff -- another lesson from the Sony attack.  [Ars Technica]

How browsers store passwords.  [Schneier]  [RaiderSec]

What's the best password manager?  [Lifehacker]

• Five best password managers.  [Lifehacker]

• Most popular password manager: LastPass.  [Lifehacker]

• The best password managers, compared.  [Lifehacker]

• What to do if you lost the master password to your password manager.  [Lifehacker]

Traveling with two-factor: how to access your accounts abroad.  [Gizmodo]

Attributing cyberattacks.  [Schneier]  [TFO]

• Attack attribution in cyberspace.  [Schneier]

• Attack attribution and cyber conflict.  [Schneier]

How to keep your internet-connected home safe and secure.  [Lifehacker]

Doxing as an attack.  [Schneier]

Five ways to delete yourself from the Internet.  [HardOCP]  [cNet]

How DDoS attacks work, and why they're so hard to stop.  [Kotaku]

Spam was changed by a Moscow car wreck.  [Stuff]

Vendor marketing as a security risk – badge scans and sign-up attack vectors.  [EtherealMind]

Explore the world’s biggest data breaches with this interactive chart  [Lifehacker]  [Information is Beautiful]

Cyberwarefare mapped in real time.  [HardOCP]  [IP Viking]

• Real-time attack trackers.  [Krebs]  [FireEye]  [IP Viking]  [Arbior Networks]

The business of security is business.  [Wired]

Implementing a zero-trust security architecture.  [Network Inferno]

How you can use the genetic code for passwords.  [Gizmodo]

How much your inbox is worth to cybercriminals.  [Gizmodo]

• Five ways to make your email safer in case of a hack attack.  [NZ Herald]

The best privacy- and security-focused web browsers.  [Lifehacker]

What we can learn from the biggest corporate hacks.  [Lifehacker]

Understanding zero-knowledge proofs.  [Schneier]  [Cryptography Engineering]

What happens if I use two-factor authentication and lose my phone?  [Lifehacker]

Hacker lexicon: what is an air gap?  [Wired]

Don't use personal information in your WiFi network name.  [Lifehacker]  [Avast]

The tech that will kill passwords dead.  [Gizmodo]  [HardOCP]  [The Verge]  [The Register]

Password mistakes hackers hope you'll make.  [HardOCP]  [State of the Net]  [Gizmodo]

The security underpinnings of cryptography.  [Schneier]  [AMS PDF]

How splitting a computer into multiple realities can protect you from hackers.  [Wired]

What do your “keepsake passwords,” the ones drawn from life experience, say about you?  [BoingBoing]  [NYT]

Hacker lexicon: what Is the Dark Web?  [Wired]

Erroneous beliefs that could leave you susceptible to DDoS attacks.  [DC Knowledge: Part 1, Part 2]

How to stay safe on public WiFi networks.  [Lifehacker]  [letsencrypt.org]  [Voxy]

How to lock down your internet-enabled houseful of gadgets.  [Gizmodo]

See how secure most messaging systems are with this scorecard.  [Lifehacker]  [EFF]

How to steal data from an airgapped computer using FM radioi waves.  [TripWire]

Forging administrator cookies and crocking crypto... for dummies.  [The Register]

What you need to know about keeping your cloud data safe.  [The Register]

How hackers reportedly side-stepped Google's 2FA.  [Gizmodo]  [Hacker News]

Opsec, Snowden style.  [BoingBoing]  [The Intercept]

The history of Tor.  [The Register]

Create a USB password stealer to see how secure your info really is.  [Lifehacker]

How new types of DDoS affect the cloud.  [DC Knowledge]

How to boost your phishing detection skills and avoid email scams.  [Lifehacker]

Securing data needs to evolve beyond building moats around castles.  [Graham Cluley]

ECDSA and DNSSEC.  [Geoff Huston]

What hackers do with your data.  [HardOCP]  [Business Insider]

Even a golden key can be stolen: inside Apple’s encryption decision.  [Gizmodo]

Privacy and security -- five objectives.  [Geoff Huston]

There's no back door that only works for good guys.  [BoingBoing]  [The Guardian]

DDoS attacks: why hosting providers need to take action.  [DC Knowledge]

Security of SHA family of hash functions.  [Schneier]  [Konklone]

How to make sure no one's secretly stealing your home WiFi.  [Gizmodo]

How to protect yourself against big bank card hacks.  [Wired]

The start-to-finish guide to securing your cloud storage.  [Lifehacker]

Why social engineering should be your biggest security concern.  [Lifehacker]

Tor: explaining the web browser that hides its tracks.  [BBC News]

The future of security: zeroing in on un-hackable data with quantum key distribution.  [Wired]

Has the flawed password system finally had its day?  [BBC News]

The security of al Qaeda encryption software.  [Schneier]

The 8 worst security breaches in history.  [BGR]

The perfect password: is there such a thing, and how to choose it?  [PocketNow]

Turns out your complex passwords aren’t that much safer.  [Wired]  [HardOCP]

Botnets: what are they, and how can you protect your computer?  [Collaborista]

7 steps to stronger, more secure passwords.  [NZ Herald]

How to protect your data before your phone gets stolen.  [Gizmodo]

How your security system could be used to spy on you.  [Forbes]

How hackers hid a money-mining botnet in Amazon’s cloud.  [Wired]  [Schneier]

Memorize complex sequences -- like passwords -- with spaced repetiton.  [Lifehacker]  [Wired]

An illustrated guide to the world's worst computer viruses.  [Gizmodo]  [Wired]

How elite hackers (almost) stole the NASDAQ.  [Ars Technica]  [Schneier]  [Business Week]

Inside Dark Wallet: two crypto-anarchists' user-friendly system for anonymous Bitcoin transactions.  [Wired]

Tips for crafting a strong password that really pops.  [Schneier]  [ClickHole]

Five computer security myths debunked.  [Lifehacker]

Four methods to create a secure password you'll actually remember.  [Lifehacker]  [BufferApp]

Routing considerations in DDoS protection environments.  [Lost in Transit]

Seven things you should know about Tor.  [BoingBoing]  [EFF]

The 5 biggest cybersecurity myths, debunked.  [Wired]

How to watch hacking, and cyberwarfare between the USA and China, in real time.  [ExtremeTech]  [Norse]

The risks of not understanding one-way functions.  [Schneier]  [Ars Technica]

Tech support scams and the wisdom of Solomon.  [Graham Cluley]

Paying people to infect their computers.  [Schneier]  [Engadget]  [Gizmodo]

Metro and carrier ethernet encryption.  [ipSpace]  [PDF]

If it sounds too good to be true...  [Krebs]

What to do when someone gets unauthorised access to your computer.  [Lifehacker]

Hacking into someone’s webcam isn’t funny.  [Graham Cluley]

Two-factor authentication is ruining my life, and it's all my fault.  [Gizmodo]

OpenStack security guide.  [OpenStack]

An introduction to Zero Trust virtualization-centric security.  [Brad Hedlund]

Should we think of hackers as the Internet's immune system?  [Gizmodo]  [TED]

Ransomware 101: FAQ for computer users and smartphone owners.  [WeLiveSecurity]

Backstage with the Gameover botnet hijackers.  [Krebs]

How to encrypt everything.  [Gizmodo]  [Stuff]

Data Fortress 101: Is it possible to make a computer that’s totally invulnerable to the NSA?  [ExtremeTech]

Peek inside a professional carding shop.  [Krebs]

Ne’er-Do-Well News, Volume I.  [Krebs]

Are all security vulnerabilities preventable?  [DC Knowledge]

Why it's impossible to make an NSA-proof computer.  [BGR]

Complexity as the enemy of security.  [Krebs]

Why security is terrible: computers, software, and the people who use them are broken.  [Medium]

Password encryption, hashing and salting explained with the help of a shoe.  [Graham Cluley]

The guy who invented computer passwords thinks they're a nightmare.  [Gizmodo]

Disclosing vs hoarding vulnerabilities.  [Schneier]

Two stupid password tricks.  [Stuff]  [NZ Herald]

Should US hackers fix cybersecurity holes or exploit them?  [HardOCP]  [The Atlantic]

Watch this: the changing face of malware.  [The Register]

How spammers spoof your email address, and how to protect yourself.  [Lifehacker]

350 DBAs stare blankly when reminded super-users can pinch data.  [The Register]

Schneier: the NSA's offense leaves Americans undefended.  [BoingBoing]  [The Atlantic]

Could your mobile voicemail system help hackers unlock your online accounts?  [Graham Cluley]

Pervasive monitoring as network attack.  [Schneier]  [RFC7258]

Why you are your best cyber security.  [Stuff]

Teach children good password habits by making it a game.  [Lifehacker]  [WSJ]

How to stop an insider from stealing all your secrets.  [Schneier]  [CACM]

Is antivirus dead?  [Schneier]  [WSJ]  [Krebs]

Espionage vs surveillance.  [Schneier]

How to better secure your Twitter account.  [Graham Cluley]

Internet subversion.  [Schneier]

Why Cleo is a terrible name for your cat, but Cn3tqz is just fine.  [Graham Cluley]

Tor: network security for domestic abuse survivors.  [BoingBoing]

Data center security lessones from Heartbleed and Target.  [DC Knowledge]

The Federal Reserve System's cyberdefense force.  [Schneier]  [Foreign Policy]

Here’s everything you need to stay secure on public Wi-Fi networks.  [BGR]

BYOD: bring your own danger?  [Vasco/Graham Cluley]

How computer attackers have changed.  [Vasco/Graham Cluley]

Add a second layer of protection online.  [Stuff]

How to securely erase your SSD without destroying it.  [HardOCP]  [MakeUseOf]

Why should passwords be encrypted if they’re stored in a secure database?  [Ars Technica]

Your clever password tricks aren't protecting you from today's hackers.  [Lifehacker]

This guide will teach you how to create stronger passwords.  [BGR]

Networking, security, and the grand unified theory.  [Network Computing]

Watch every cyber attack in the world in real time.  [Gizmodo]  [Kaspersky]  [HardOCP]  [Engadget]  [BGR]

Smarter people are more trusting.  [Schneier]  [Plos One]

Chilean drug trafficker pencil-and-paper code.  [Schneier]  [InSightCrime]

Why client-side encryption is critical for cloud privacy.  [Network Computing]

Computer network exploitation vs computer network attack.  [Schneier]

NTP and evil.  [Geoff Huston]

• NTP and the winter 2013 network DDoS attacks.  [EtherealMind]

New kind of DDoS that could cripple the Internet.  [Gizmodo]

How NIST develop cryptographic standards.  [Schneier]  [NIST PDF]

Choosing secure passwords.  [Schneier]

Inside w00w00 -- the billion dollar hacking club.  [TechCrunch]

What are the dangers of using an untrusted USB drive?  [Lifehacker]

Decoding the Voynich manuscript.  [Schneier]  [Medievalists]

The perils of passwords – and how to avoid them.  [WeLiveSecurity]

What is Tor and should I use it?  [Lifehacker]

Building an information security policy:

• Part 1: network devices.  [Network Computing]

• Part 2: hardware and software.  [Network Computing]

• Part 3: logical and physical design.  [Network Computing]

You need to take mobile security seriously.  [Collaborista]

Fend off collateral damage of DDoS attacks.  [DC Knowledge]

Apple's Secure Coding Guide is an invaluable tool for new and veteran developers alike.  [TUAW]  [Apple PDF]

The insecurity of secret IT systems.  [Schneier]

Lifting the lid on a Colossal secret.  [BBC News]  [BBC News]

1971 social engineering attack.  [Schneier]  [BoingBoing]

Stopping the Edward Snowden in your organisation.  [CollaboristaBlog]

My $50k Twitter username was stolen thanks to PayPal and GoDaddy.  [Medium]  [Wired]

• Another credit-card-as-authentication hack.  [Schneier]

• Picking up the pieces after the @N Twitter account theft.  [Ars Technica]

• Stolen Twitter username returned.  [BBC News]

Securing the distributed network perimeter.  [Network Computing]  [Dark Reading]

A beginner's guide to encryption: what it is and how to set it up.  [Lifehacker]

Secure networks: how to develop an information security policy.  [Network Computing]

Five steps to take immediately if you're the victim of identity theft.  [Lifehacker]

Shape-shifting software 'defends against botnet hacks'.  [BBC News]

Zombie botnets: Why some crime networks refuse to die.  [BBC News]

New cyber-attack model helps predict timing of the next Stuxnet.  [Ars Technica]

This is why passwords need to die.  [BGR]  [Wouter Smet]

Want to develop information security skills?  Capture the flag.  [Network Computing]

Security risks of embedded systems.  [Schneier]  [Wired]

Six New Year’s resolutions for better home computer security.  [Graham Cluley]

Joseph Stiglitz on trust.  [Schneier]  [NYT]

Operation Vula.  [Schneier]  [ANC]

Three key security threats seen during 2013 – and how to protect against them.  [Graham Cluley]

Cisco Security Group Access: an introduction.  [Network Computing]

Security vulnerabilities of legacy code.  [Schneier]  [ACSAC]

WWII anecdote about trust and security.  [Schneier]  [Red Team Journal]

Check if you’re the victim of a database breach with ‘Have I Been Pwned?’.  [Graham Cluley]  [HaveIBeenPwned]  [HardOCP]  [Geek]  [Gizmodo]

Inside the effort to kill a web fraud "botnet".  [WSJ ATD]  [WSJ]

Guide to protecting Internet accounts.  [Stuff]

Telepathwords: a new password strength estimator.  [Schneier]  [Microsoft Research]

The problem with EULAs.  [Schneier]

The gentle art of cracking passwords.  [BBC News]

Security needs to focus on architecture, not products.  [Network Computing]

A switch as a security device?  [Juniper]

How somebody forced the world's Internet traffic through Belarus and Iceland.  [WSJ ATD]

Security tents.  [Schneier]  [The Age]

Another Snowden lesson: people are the weak security link.  [Schneier]  [Reuters]

Service provider vs enterprise security -- is there a difference?  [Juniper]

Risk-based authentication.  [Schneier]  [WSJ]

What are the top IPv6 security risks?  [IPv6 Act Now]  [Network World]

IP addresses and traceback.  [Geoff Huston]

How are robots beating my CAPTCHAs?  [Ars Technica]

How to avoid CryptoLocker ransomware.  [Krebs]

• How to fight CryptoLocker and evade its ransomware demands.  [ReadWriteWeb]

How not to get tricked: your favorite online safety tips.  [Google Blog]

How to crack a WiFi password.  [Lifehacker]

Do NIST information security standards matter?  [Network Computing]

How to break into a computer.  [Lifehacker]

MPLS vs encrypted VPNs -- traffic security?  [StackExchange]

Understanding threats in cyberspace.  [Schneier]

A (relatively easy to understand) primer on elliptic curve cryptography.  [Ars Technica]  [Schneier]

Can I be trusted?  [Schneier]  [Slashdot]

Next-generation data centers require next-generation security.  [DC Knowledge]

How to design -- and defend against -- the perfect security backdoor.  [Wired]  [Schneier]

Why is IPSec so complex?  [ipSpace]

The big bad Internet.  [Geoff Huston]

Fingerprinting burner phones.  [Schneier]  [Ars Technica]

Air gaps.  [Schneier]  [BoingBoing]

WTF is a SQL injection?  [Gizmodo]

How to defeat the 'Great Firewall of  China' with an iPhone.  [TUAW]

How does nmap distinguish closed ports from filtered ports?  [StackExchange]

EFF: NSA has endangered us all by sabotaging security.  [BoingBoing]  [EFF]

Is cybersecurity a profession?  [Schneier]  [CSO]  [NAP]

How many of these simple security tips do you actually use?  [Gizmodo]

On secrecy.  [Schneier]  [National Security Archive]

Schneier on TEDx.  [Schneier]  [TEDxTalks YouTube]  [BoingBoing]

When biometrics fail.  [PacketU]

Are fingerprint scanners really more secure?  [Lifehacker]

• Unlike passwords, fingerprints are fair game to law enforcement.  [Lifehacker]

Understanding the business value behind DDoS protection.  [DC Knowledge]

Seven questions about security for Kleiner Perkins’ Ted Schlein.  [WSJ ATD]

How to make your entire Internet life more secure in one day.  [Lifehacker]

Understanding encryption: here's the key.  [ReadWriteWeb]

Long passwords are good, but too much length can be a DoS hazard.  [Ars Technica]

How websites keep passwords safe.  [Stuff]

Take back the Internet.  [Schneier]  [The Guardian]

Fingerprint authentication.  [Schneier]

• Why fingerprints make lousy authentication tokens.  [BoingBoing]

Human-machine trust failures.  [Schneier]

Stick-figure AES: crypto explanations for the rest of us.  [BoingBoing]  [Moserware]

Our newfound fear of risk.  [Schneier]

Thwart DNS hijackers: 5 tips.  [Network Computing]  [Information Week]

Online attack leads to peek into spam den.  [NYT]

How many leakers came before Snowden?  [Schneier]

Who built the SEA?  [Krebs]

How to avoid getting your DNS hacked like the NYT.  [ReadWriteWeb]

“thereisnofatebutwhat­wemake”—Turbo-charged cracking comes to long passwords.  [Ars Technica]

Protecting against leakers.  [Schneier]

Hacking consumer devices.  [Schneier]

How security becomes banal.  [Schneier]  [BJC]

Measuring entropy and its application to encryption.  [Schneier]

How not to DDoS your former employer.  [Krebs]

The cryptopocalypse.  [Schneier]

Taking down “the largest child pornography conspiracy ever prosecuted”.  [Ars Technica]

Stories from MI5.  [Schneier]  [BBC]

Self-encrypting drives aren't magic security dust.  [Network Computing]

Response: morals in IT security.  [EtherealMind]

What is "top secret"?  [BoingBoing]  [NYT]

Focus on recovering from social engineering hacks, not prevention.  [Lifehacker]  [The Verge]

Dual-stack security exposures.  [ipSpace, video]

Why everyone needs to read this jihadist manual for web safety.  [ReadWriteWeb]

Neighbourhood security: feeling vs reality.  [Schneier]  [The Atlantic]

Really clever bank card fraud.  [Schneier]  [The Guardian]

Mail from the (velvet) cybercrime underground.  [Krebs]  [BBC News]  [Schneier]

When smart homes get hacked: I haunted a complete stranger's house via the Internet.  [Forbes]  [BoingBoing]

Secret information is more trusted.  [Schneier]  [NYT]

Security vendors: do no harm, heal thyself.  [Krebs]

Hacker explains tricks of the trade.  [Stuff]

ANCHORY: NSA's 1990s catalog of spook assets.  [BoingBoing]  [MuckRock]

Haunted by the ghosts of ZeuS & DNSChanger.  [Krebs]

Toward a greater mobile mal-awareness.  [Krebs]

The Google of vulnerability search.  [Juniper]

One-stop bot chop-shops.  [Krebs]

The Secret Service agent who collared cybercrooks by selling them fake IDs.  [Wired]

Effective attack techniques series.  [Juniper: part 1, part 2, part 3, part 4, part 5, part 6, part 7]

Who's behind the Styx-Crypt exploit pack?  [Krebs]

• Styx-Crypt makers push DDoS, anti-AV services.  [Krebs]

Tapping submarine cables.  [Schneier]  [The Atlantic]  [Washington Post]

All eyes on the Five Eyes.  [Stuff]

Walls around nations.  [Schneier]  [The Atlantic]

F2P monetisation tricks.  [Schneier]  [Gamasutra]

How elite security ninjas choose and safeguard their passwords.  [Ars Technica]

NSA's project SHAMROCK.  [Schneier]  [Ars Technica]

Koru Club -- where secrets are spilled.  [Stuff]

Musing on secret languages.  [Schneier]  [The Junket]

What is a distributed firewall?  [Brad Hedlund]

Protecting email from eavesdropping.  [Schneier]

Is cryptography engineering or science?  [Schneier]

Protect yourself from sneaky cyber crooks.  [Stuff]

Use multiple large words as passwords to boost spelling and security.  [Lifehacker]  [Reddit]

Malware that foils two-factor authentication.  [Schneier]  [American Banker]

Lessons from biological security.  [Schneier]  [HBR]

MAD in cyberspace.  [Schneier]  [Rod Beckstrom: YouTube, PDF]

Aging infrastructure and evolving threats -- Data Center 2.0 is redefining security.  [DC Knowledge]

Not all data encryption is created equal.  [The Register]

NSA-proof encryption exists -- why doesn't anyone use it?  [Washington Post]

Declassified spy outpost lurks on the dark side of the Earth.  [Wired]

The value of a hacked email account.  [Krebs]

CIA releases analyst's fascinating tale of cracking the Kryptos sculpture.  [Wired]  [Schneier]

• NSA cracked CIA "Kryptos" sculpture before CIA.  [BoingBoing]  [Wired]  [Schneier]

Cyberwar: the silent war.  [Vanity Fair]

Eugene Spafford answers questions on CNN.  [Schneier]  [CNN]

Security and human behaviour.  [Schneier]

The security risks of unregulated Google search.  [Schneier]

How tech made the Boston bombing manhunt possible.  [Gizmodo]

How to boost your Internet security with DNScrypt.  [Lifehacker]

Quantum encryption isn't as unbreakable as you think.  [ExtremeTech]

Why we lie.  [Schneier]

Helping passwords better protect you.  [Google]

This Pentagon project makes cyberwar as easy as Angry Birds.  [Wired]

Are we finally thinking sensibly about terrorism?  [Schneier]

The politics of security in a democracy.  [Schneier]

Nassim Nicholas Taleb on risk perception.  [Schneier]

Anatomy of a hack: how crackers ransack passwords like "qeadzcwrsfxv1331".  [BoingBoing]  [Ars Technica]

• Ars readers react: cracking passwords with 90% success.  [Ars Technica]

• A really good article on how easy it is to crack passwords.  [Schneier]

Forget the word 'cyberwar' says Marcus Ranum.  [The Register]

Experts: network security deteriorating, privacy a lost cause.  [The Register]

Inside GCHQ: welcome to Cheltenham's cottage industry.  [The Register]

DDoS as civil disobedience.  [Schneier]  [Scribd]

"The Global Cyber Game".  [Schneier]  [MoD DA]

Surveillance and internet of things.  [BoingBoing]  [Schneier]

How do I know if my VPN is trustworthy?  [Lifehacker]

Security risks of too much security.  [Schneier]  [Global Post]

Conversations with a bulletproof hoster.  [Krebs]

How to hack a nation's infrastructure.  [BBC News]

Google: users are still tech's largest security flaw.  [GottaBeMobile]  [HardOCP]  [cNet]

Ragebooter: 'legit' DDoS service or Fed backdoor?  [BoingBoing]  [HardOCP]  [Krebs]

Is it wrong to use data from the world's first 'nice' botnet?  [Wired]

Transparency and accountability.  [Schneier]

It's official: password strength meters aren't security theater.  [Ars Technica]

Beware: we may be entering the age of cybersabotage.  [ReadWriteWeb]

Would you trust one company to oversee all of your passwords?  [Gizmodo]

Dear hacker: please let us eavesdrop on our customers.  [Ars Technica]

Use these secret NSA Google search tips to become your own spy agency.  [Wired]  [NSA PDF]  [Gizmodo]  [The Register]  [Schneier]

• What you can learn from the NSA's declassified guide to online spying.  [ExtremeTech]

Intelligence analysis and the connect-the-dots metaphor.  [Schneier]

Honeywords.  [Schneier]  [MIT: PDF]

Risks of networked systems.  [Schneier]  [Science Daily]

Pinging the entire Internet.  [Schneier]  [MIT Technology Review]

Why your passwords can't have symbols, or be longer than 16 characters.  [Ars Technica]

Why security holes in critical infrastructure are so hard to fix.  [ReadWriteWeb]

What a DDoS attack looks like.  [Gizmodo]  [HardOCP]  [Mashable]

Six open source security myths debunked.  [HardOCP]  [ZDNet]

Urban myths of staying safe online.  [BBC News]

A discussion of redaction.  [Schneier]  [Nuclear Secrecy]

SWATting incidents tied to ID theft sites?  [Krebs]

Developing a framework to improve critical infrastructure cybersecurity.  [Secure64]

Fueled by super botnets, DDoS attacks grow meaner and ever more powerful.  [Ars Technica]

• DDoS attacks are getting bigger and badder.  [WSJ ATD]

Hacking and how to protect yourself.  [Stuff]

A beginner's guide to building botnets -- with a little assembly required.  [Ars Technica]

How a single Android smartphone can crash an airplane.  [BGR]  [Help Net Security]  [Ars Technica]  [Engadget]  [Gizmodo]  [Schneier]

• FAA disagrees.  [Forbes]  [Ask the Pilot]  [PPRN]  [InformationWeek]  [Gizmodo]  [The Register]

Security externalities and DDoS attacks.  [Schneier]  [Freedom to Tinker]

Botnet warlord: meet the man who will kill your computer.  [Gizmodo]

Nice security mindset example.  [Schneier]  [Tanya Khovanova]

Are you ready to change your security paradigm?  [ipSpace]

• Compromised security zone = game over (or not).  [ipSpace]

Elite panic.  [Schneier]  [BombSite]  [BoingBoing]

Government use of hackers as an object of fear.  [Schneier]  [The Atlantic]

Fool me once...  [Krebs]

The dangers of surveillance.  [Schneier]  [SSRN]

Unwitting drug smugglers.  [Schneier]  [NYT]

You won't believe how adorable this kitty is -- click for more!  [WSJ]

Security awareness training.  [BoingBoing]  [Schneier]

VPNs: what they do, how they work, and why you're dumb for not using one.  [Gizmodo]

The NSA's Cryptolog.  [Schneier]  [NSA]  [BoingBoing]  [WSJ ATD]

The spectrum of firewall statefulness.  [ipSpace]

Our internet surveillance state.  [Schneier]

How I became a password cracker.  [BoingBoing]  [Ars Technica]

• Security damn well is a dirty word.  [The Register]

How whitehats stopped the DDoS attack that knocked Spamhaus offline.  [Ars Technica]

When technology overtakes security.  [Schneier]

Lessons from the FBI's Insider Threat Programme.  [Schneier]  [Dark Reading]

Our security models will never work -- no matter what we do.  [Wired]

Sharing stories of Bletchley Park: home of the code breakers.  [Google Blog]

Cloud computing's security pitfalls.  [BBC News]

The logic of surveillance.  [Schneier]  [Ian Welsh]

Meet the men who spy on women through their webcams.  [BoingBoing]  [Ars Technica]

The NSA's Ragtime surveillance programme and the need for leaks.  [Schneier]

What to do after you've been hacked.  [Wired]

Technologies of surveillance.  [Schneier]

The 5 easiest ways to get your identity stolen.  [Gizmodo]

Getting security incentives right.  [Schneier]

Can IPS devices and firewalls stop DDoS threats?  [DC Knowledge]

How complex systems fail.  [Schneier]  [CTLab PDF]

Security lessons from the battle of Hoth.  [Schneier]  [Wired]

The US cybersecurity's hired guns.  [Stuff]

Why IPS devices and firewalls fail to stop DDoS threats.  [DC Knowledge]

Making the case for DDoS protection.  [DC Knowledge]

Anti-cheating security in casinos.  [Schneier]  [The Verge]

Locking out the bad guys with asymmetric encryption.  [Ars Technica]

Our new regimes of trust.  [Schneier]

Preventing a botnet attack on your data center.  [DC Knowledge]

Platform fragmentation as a security issue.  [Schneier]  [Washington Post]

Five homeland security 'bots coming to spy on you -- if the aren't already.  [Wired]

Inauguration security.  [Schneier]  [Mystery Incorporated]

Security seals.  [Schneier]  [ANL PDF]

Viruses, trojans, and worms: the basics on malware.  [Ars Technica]

Jared Diamond on common risks.  [Schneier]  [NYT]

FixTracking shows you how to browse securely and privately on any browser.  [Lifehacker]  [fixtracking.com]

Complexity and security.  [Schneier]

Security companies: stop your scare-tactic marketing.  [ReadWriteWeb]

Dangerous security theatre: scrambling fighter jets.  [Schneier]

Inside the Gozi bulletproof hosting facility.  [Krebs]

Two-factor authorisation is awesome -- until you lose the token.  [ReadWriteWeb]

Thinking about obscurity.  [Schneier]  [The Atlantic]

Essay on FBI-mandated backdoors.  [Schneier]  [Wired]

Expect to see more attacks on cloud services.  [Voxy]

Design -- security involvement in design and audit stages.  [Network Sherpa]

How the most important code of WW2 was cracked.  [Gizmodo]  [YouTube]

Spam volumes: past & present, global & local.  [Krebs]

The FBI needs hackers, not backdoors.  [Wired]

How to avoid an Internet scam.  [Stuff]

Details of an Amazon MarketPlace scam.  [Schneier]  [RJS Smart Security]

Classifying a shape.  [Schneier]  [Nuclear Secrecy Blog]

Apollo Robbins, pickpocket.  [Schneier]  [The New Yorker]

Terms of service as a security threat.  [Schneier]

Becoming a police informant in exchange for a lighter sentence.  [Schneier]  [USA Today]

Public shaming as a security measure.  [Schneier]  [Balancing Jane]

Exploring the market for stolen passswords.  [Krebs]

How hackable is your bank account?  Call customer services to find out.  [Lifehacker]

Anonymous TSA "insider" blog.  [BoingBoing]  [Taking Sense Away]

7 codes you'll never ever break.  [Wired]

How to bring down mission-critical GPS networks with $2,500.  [Ars Technica]

The 30-year-old prank that became the first computer virus.  [The Register]

Why and how to destroy your data.  [ReadWriteWeb]

The National Cyber Security Framework Manual.  [Schneier]  [CCDCOE]

A closer look at two bigtime botmasters.  [Krebs]

How a browser worm slithered across a huge number of Tumblr accounts.  [Ars Technica]  [Stuff]

• A few words on Tumblr's troll hack.  [Juniper]

Feudal security.  [Schneier]

How script kiddies can hijack your browser to steal your password.  [Ars Technica]

Forget disclosure -- hackers should keep security holes to themselves.  [Wired]

IT for oppression.  [Schneier]

Preventing catastrophic threats.  [Schneier]  [FAS PDF]  [FAS]

Use a unique, secure email address solely for password recovery.  [Lifehacker]  [Wired]

What do we do about untrustworthy certificate authorities.  [BoingBoing]  [Nature - PDF]

How to listen to real spy broadcasts right now.  [Lifehacker]

The truth about virtualisation security.  [Juniper]

How to plant a dead drop without everyone finding it.  [Lifehacker]

Petraeus affair offers unintentional lesson on password reuse.  [Ars Technica]

• Gmail location data led FBI to uncover top spy's affair.  [Wired]  [Gizmodo]  [WSJ]  [Stuff]  [BBC News]

• How to get away with an affair in 2012.  [Gizmodo]

• How to stop spies digging up your personal information.  [Lifehacker]

• Petraeus reportdedlye used draft emails to converse with mistress.  [cNet]  [Lifehacker]  [Schneier]  [AP]

• Petraeus scandal: this is the national security establishment turning the surveillance apparatus on itself.  [BoingBoing]  [The New Yorker]  [Ars Technica]

• As the world burns: Petraeus scandal cheat-sheet and infographic.  [BoingBoing]  [Mother Jones]

• The Petraeus affair: human nature beats IT security every time.  [ReadWriteWeb]

• How to follow the Petraeus clusterfuck: a flowchart.  [BoingBoing]  [lilsarg.com]

• Petraeus cyberclusterfuck: Broadwell used world's dumbest email troll security protocols.  [BoingBoing]  [Washington Post]

• Now the CIA is investigating Petraeus.  [Wired]

• Lessons from Petraeus cyberclusterfuck: email isn't safe.  [BoingBoing]  [WSJ]

• FBI's Petraeus/Broadwell email dragnet reveals agency's sweeping surveillance power.  [BoingBoing]  [Washington Post]

• Petraeus: if you think the FBI has broad email snooping powers, get a load of their phone-spying.  [BoingBoing]  [ProPublica]

• Email security in the wake of Petraeus.  [Schneier]  [Reuters]  [ACLU]  [The Week]

Encryption in cloud computing.  [Schneier]  [NextGov]

How terrorist groups disband.  [Schneier]  [RAND]

How crypto keys can be stolen across the cloud.  [Schneier]  [PDF]  [Ars Technica]  [Gizmodo]

Micromorts.  [Schneier]  [Stubborn Mule]

Rethinking computing and security.  [Juniper]

The risks of trusting experts.  [Schneier]

How to crack a Wi-Fi password.  [Lifehacker: WEP, WPA]

Managing security in transitioning to the private cloud.  [DC Knowledge]

Anatomy of a botnet.  [DC Knowledge]

Protecting your DNS.  [Secure64]

Master keys.  [Schneier]

The scrap value of a hacked PC.  [Krebs]

"Ask nicely" doesn't work as a security mechanism.  [Schneier]  [Shanghaiist]

The insecurity of networks.  [Schneier]  [ScienceNews]

New encryption method avoids hacks by saving your password in multiple locations.  [ExtremeTech]  [Technology Review]

"I am calling you from Windows" -- a tech support scammer dials Ars Technica.  [Ars Technica]

In a zero-day world, it's active attacks that matter.  [Krebs]

Why best practices are important.  [Evil Routers]

Easily reveal hidden passwords in any browser.  [Lifehacker]  [Labnol]

Making the case for DDoS protection.  [DC Knowledge]

Quantum cryptography.  [Schneier]  [Ars Technica]

Homomorphic encryption.  [Schneier]  [American Scientist]

Which type of password manager is most secure?  [Lifehacker]

The NSA and the risk of off-the-shelf devices.  [Schneier]  [ACLU]

An accountable algorithm for running a secure random checkpoint.  [BoingBoing]  [Freedom to Tinker]

Stopping terrorism.  [Schneier]  [ForeignPolicy]

The hacker who isn't old enough to drive, but can destroy your digital life.  [Gizmodo]  [Wired]

Hacks that never happened.  [BoingBoing]  [Wired]

Why you should start using a VPN.  [Lifehacker]

HOWTO protect yourself from ATM skimmers.  [BoingBoing]  [Krebs]

How secure are you online: the checklist.  [Lifehacker]

Why security SaaS?  [Juniper: part 1, part 2]

How I cracked my neighbour's WiFi password without breaking a sweat.  [Ars Technica]

The importance of security engineering.  [Schneier]

How to hide data in plain sight.  [BBC News]

HOWTO survive a DDoS attack.  [BoingBoing]  [EFF]

Five "neglects" in risk management.  [Schneier]

Why passwords have never been weaker, and crackers have never been stronger.  [BoingBoing]  [Ars Technica]  [Gizmodo]  [Lifehacker]

Inside a 'Reveton' ransomware operation.  [Krebs]

How can I protect against social engineering hacks?  [Lifehacker]

I was a teenage hacker.  [Gizmodo]

How to stay safe in the cloud.  [HardOCP]  [MSN Blog]

• 9 things you absolutely must do to keep your online identity secure.  [Gizmodo]

Woz predicts "horrible problems" with cloud computing.  [HardOCP]  [news.com.au]

• Why Wozniak is right and wrong about the cloud.  [Wired]

A nightmare story about being hacked.  [Wired]  [GottaBeMobile]  [Emptyage]  [MacRumors]  [AppleInsider]

• Apple tech support allows hacker access to journalist's iCloud account.  [AppleInsider]

• Apple knows about a massive hack exploit -- and has done nothing.  [Gizmodo]

• Matt Honan's tale of being hacked will make you think twice about Internet security.  [GottaBeMobile]

• Amazon fixes security flaw hackers used against Mat Honan.  [Ars Technica]  [Wired]  [Gizmodo]

• How not to become Mat Honan: a short primer on online security.  [Wired]

• Please turn on two-factor authentication.  [Matt Cutts]

• Strong passwords aren't enough: how to ensure the Apple and Amazon exploit never happens to you.  [Lifehacker]

• After epic hack, Apple suspends over-the-phone AppleID password resets.  [BoingBoing]   [Wired]

  • Apple confirms suspension of over-the-phone password resets.  [Wired]

• Apple really doesn't know how to fix its massive security exploit.  [Gizmodo]

• Yet another risk of storing everything in the cloud.  [Schneier]

• Is 'cloud security' an oxymoron?  [ExtremeTech]

  • What would it feel like to live in the cloud?  [ExtremeTech]

• Please turn on 2-factor authentication.  [Lifehacker]

• How a hacker can gut the core of your Apple digital life?  [Juniper]

• How a digital life was recovered using 1Password, Dropbox, and DrivesSavers.  [iMore]  [Wired]

Kill the password: why a string of characters can't protect us anymore.  [BoingBoing]  [HardOCP]  [Wired]

Overreaction and overly specific reactions to rare risks.  [Schneier]  [CNN]

Tagging and tracking espionage botnets.  [Krebs]

Why changing your password isn't enough.  [Juniper]

Meeting security challenges in virtualised data centers.  [DC Knowledge]

Four vulnerabilities in infrastructure defense.  [Secure64]

Threat asymmetry and security posture.  [EtherealMind]

The evolution of DDoS attacks.  [BBC News]

Five ways to stop national security leaks -- but do you really want to?  [Wired]

Why "good enough" security really is good enough for most companies.  [ReadWriteWeb]

How can I prevent my ISP from tracking my every move?  [Lifehacker]

HOWTO become a security expert, Bruce Schneier style.  [BoingBoing]  [Krebs: Schneier, Grossman, Miller]  [Schneier]

How to surf safely: from LastPass to tin foil hats, and everything in between.  [ExtremeTech]

How your passwords are stored on the Internet (and when your password strength doesn't matter).  [Lifehacker]

Move over, quantum cryptography: classical physics can be unbreakable too.  [ExtremeTech]

Cyberwar treaties.  [Schneier]

Understanding OAuth: what happens when you login to a site with Google, Twitter, or Facebook.  [Lifehacker]

Changing surveillance techniques for changed communications technologies.  [Schneier]  [SSRN]

Browse like Bond: use any computer without leaving a trace.  [Lifehacker]

Avoiding password breaches 101: salt your hashes.  [ReadWriteWeb]

• HOWTO securely hash passwords.  [BoingBoing]  [Krebs]

Millions of LinkedIn passwords stolen.  [Juniper]

The vulnerabilities market and the future of security.  [Schneier]

How a trio of hackers brough Google's reCAPTCHA to its knees.  [Ars Technica]

The problem of false alarms.  [Schneier]  [Washington Post]

Revealed: hundreds of words to avoid using online if you don't want the government spying on you.  [MailOnline]  [Lifehacker]

The trouble with airport profiling.  [Schneier]

• To profile or not to profile?  [BoingBoing]  [Sam Harris]

• My last post about ethnic profiling at airports.  [Schneier]

Hide your most private files in a secret encrypted volume.  [Lifehacker]  [TinkerNut]

The ultimate counterfeiter isn't a crook -- he's an artist.  [Schneier]  [Wired]

How to share sensitive information over the Internet.  [Lifehacker]

Do I really need to worry about security when I'm using public Wi-Fi?  [Lifehacker]

Secret Alan Turing cryptanalysis papers released by GCHQ.  [BoingBoing]  [BBC News]

How to wipe a hard drive.  [ExtremeTech]

How thieves steal identity, and how you can protect yourself.  [Lifehacker]

Why do hackers want Facebook data?  [EtherealMind: part 1, part 2]  [Imperva: part 1, part 2]

Rise of "forever day" bugs in ICS threatens critical infrastructure.  [Ars Technica]

Five ways to keep your Google browsing private.  [ReadWriteWeb]

Infographic: social media security basics.  [ReadWriteWeb]

How safe is my data stored in the iCloud?  [Ars Technica]

• Apple holds the master decryption key when it comes to iCloud security, privacy.  [Ars Technica]

Create a hidden encrypted volume on your computer to hide sensitive data when you're forced to decrypt.  [Lifehacker]  [CSO]

Data breaches increasingly caused by hacks, malicious attacks.  [Ars Technica]

Hacking critical infrastructure.  [Schneier]  [NYT]

DARPA seeks to free the world from passwords.  [ExtremeTech]

Avi Rubin on computer security.  [Schneier]  [TEDx YouTube]

How changing technology affects security.  [Schneier]

Contradiction in security perception vs reality -- report.  [Voxy]

Destroy digital evidence before it destroys you.  [HardOCP]  [Network World]

Your privacy kind of sucks; fix it up this weekend.  [Lifehacker]

You should probably change your PIN now: here's how to remember your new, secure PIN.  [Lifehacker]

How you're breaking the law every day (and what you can do about it).  [Lifehacker]

Access sensitive data remotely.  [Wired]

15 February 1995: Mitnick arrested.  [Wired]

How advanced fraud detection services work.  [ReadWriteWeb]

The risk of using apps that access your Gmail account.  [BoingBoing]  [Wired]

DLP, an essential piece in network security.  [Juniper]

Your passwords suck.  [Gizmodo]

IOS zone-based firewall.  [PacketLife]

The best time to change all your passwords.  [Gizmodo]

How to build a (nearly) hack-proof password system with LastPass and a thumb drive.  [Lifehacker]

How can family sysadmins make a safe Internet playground for kids?  [The Register]

How to create a strong password and remember it.  [HardOCP]  [The Consumerist]

Tor opsec.  [Schneier]  [Cryptome]

Use this infographic to pick a good, strong password.  [Lifehacker]

Account hacked?  These password managers keep your everything safe.  [Gizmodo]

How can I found out why my email account just spammed my friends and family?  [Lifehacker]

How can I protect my computers and data when someone else is using my network?  [Lifehacker]

Top 10 ways to break into and out of almost anything.  [Lifehacker]

How to boost your phishing scam detection skills.  [Lifehacker]

How to encrypt your disks.  [BoingBoing]  [EFF]

Anonymous 101.  [Wired: part 1, part 2, part 3]  [BoingBoing]

Be careful who you friend on social networks.  [ReadWriteWeb]

Hacking Marconi's wireless in 1903.  [Schneier]  [New Scientist]

What does my ISP see when I'm downloading torrents?  [Lifehacker]

EFF releases guide to help travelers defend private data.  [Voxy]  [EFF]  [Schneier]

Is NAT a security feature?  [ipSpace]

Recent developments in full disclosure.  [Schneier]

How to force a friendship on Facebook in three easy steps.  [Gizmodo]

Log the source ports of HTTP sessions.  [ipSpace]

The surveillance catalog.  [WSJ ATD]  [WSJ]

Full disk encryption is too good, says US intelligence agency.  [ExtremeTech]  [Schneier]

How to protect yourself from online fraud and identity theft.  [Lifehacker]

Keep sensitive info out of your chat logs and email.  [Lifehacker]

How to create a personal encryption scheme to easily hide your data in plain sight.  [Lifehacker]

APT -- advanced persistent threat.  [Schneier]

IPv6 security: getting bored @ BRU airport.  [IOS Hints]

Anonymous -- a tale in 10 videos.  [Wired]

Want to avoid all private-data breaches, ever?  Here's how.  [The Register]

Concepts in IDP signature writing: why are there so many HTTP URL contexts and what do they do?  [Juniper]

When passwords attack: the problem with aggressive password policies.  [Ars Technica]

How to create a fake identity and stay anonymous online.  [Lifehacker]

How to convince someone you work in their building.  [Lifehacker]

How to break into a computer -- and prevent it from happening to you.  [Lifehacker]

A guide to sniffing out passwords and cookies, and how to protect yourself against it.  [Lifehacker]

The most common hiding places for workplace passwords.  [Lifehacker]

Mitigating intelligent DDoS attacks.  [DC Knowledge]

Security by obscurity not so bad after all, argues professor.  [The Register]

Why sandboxing alone is a false sense of security.  [Juniper]

How to beat terrorism: refuse to be terrorised.  [Wired]

How 9/11 completely changed surveillance in the US.  [Wired]

How do I securely wipe a computer?  [Lifehacker]

How to become the most wanted hacker in the world.  [Gizmodo]

Inside the secret world of hackers.  [The Guardian]

Top 10 secret agent security tips and tricks.  [Lifehacker]

IPv6 security: 5 things you need to know.  [Fix6]  [Light Reading]

Software vulnerability management at Microsoft.  [Schneier]

Source MAC address spoofing DoS attack.  [IOS Hints]

The cyberwar arms race.  [Schneier]  [Business Week]

Introduction to virtual firewalls.  [IOS Hints]  [TechTarget]

‘Some Will Call Me a Torturer’: CIA Man Reveals Secret Jail.  [Wired]

Free two-factor authentication for your servers and VPNs.  [Evil Routers]

NSA style manual.  [Schneier]

Lifetimes of cryptographic hash functions.  [Schneier]  [Valerie Aurora]

It's time to abandon passwords.  [Gizmodo]

CIA chief Leon Panetta: the next Pearl Harbor could be a cyber attack.  [CS Monitor]

• Panetta is wrong: the next Pearl Harbor will not be a cyber attack.  [Gizmodo]

Analysis of redaction failures.  [Schneier]

Steven Levy on the perils of cloud computing.  [Wired]

10 simple privacy tricks everyone should use.  [Lifehacker]

DNS filtering: absolutely the wrong way to defend copyrights.  [Ars Technica]

Google Chrome OS: too secure to need security?  [The Register]  [Google]

Don't let your networks speak to strangers.  [The Register]

Lock down your computer like the NSA.  [Lifehacker]

Former NSA genius apologises for his super spying software.  [Gizmodo]  [The New Yorker]

BIOS protection.  [Schneier]  [Science Daily]

Why firewalls don't have Telnet or SSH clients.  [EtherealMind]  [Jimmy's Cyber Corner]

Microsoft security intelligence report: cybercriminals increasingly targeting consumers.  [GeekZone]  [Microsoft]

What professional password guessers look for in your password.  [Lifehacker]

• How I'd hack your weak passwords.  [Lifehacker]

TED talk.  [Schneier]  [TED]

The cyberwar arms race.  [Schneier]  [Mercatus]  [Mercatus]

Are we talking "cyber war" like the Bush administration talked WMDs?  [Ars Technica]

Software as evidence.  [Schneier]

Schneier's law.  [Schneier]

Israel's counter-cyberterrorism unit.  [Schneier]  [The Register]

How did the CIA and FBI know that Australian government computers were hacked?  [Schneier]  [Daily Telegraph AU]

On the Internet, no one watched the wiretappers.  [Forbes]

Private browsing mode in web browsers.  [Juniper: part 1]

Authenticating the authenticators.  [Schneier]  [Slate]

Use Dropbox to locate your lost or stolen computer.  [Lifehacker]

How to track and (potentially) recover your stole laptop (or Android) with Prey.  [Lifehacker]

The only secure password is the one you can't remember.  [Lifehacker]

Threats vs vulnerabilities.  [Schneier]

HTTPS is more secure, so why isn't the web using it?  [Wired]

• HTTPS is great: here's why everyone needs to use it (so we can too).  [Ars Technica]

• Tech insight: HTTPS is evil.  [Dark Reading]

Ask Ars: how can I secure data I need to carry with me?  [Ars Technica]

Ask Ars: where should I store my passwords?  [Ars Technica]

Full body scanners.  [Schneier]  [Wired: part 1, part 2, part 3]

The need for intelligent DDoS mitigation systems.  [DC Knowledge]

Embed a Truecrypt volume inside a playable video file.  [Lifehacker]

Flash drives dangerously hard to purge of sensitive data.  [The Register]

• Self-erasing flash drives destroy court evidence.  [The Register]

The computer attacks you've never heard of.  [Lifehacker]

32 ways to secure your digital life.  [Gizmodo]

Some file-sharers leave trails to their front door.  [HardOCP]  [TorrentFreak]