<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>reports &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/reports/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Mon, 13 Oct 2025 14:13:56 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>The Trump Administration’s Increased Use of Social Media Surveillance</title>
		<link>https://noise.getoto.net/2025/10/14/the-trump-administrations-increased-use-of-social-media-surveillance/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 14 Oct 2025 11:09:54 +0000</pubDate>
				<category><![CDATA[activism]]></category>
		<category><![CDATA[AI]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Social Media]]></category>
		<category><![CDATA[surveillance]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70954</guid>

					<description><![CDATA[<p>This chilling paragraph is in a comprehensive <a href="https://www.brookings.edu/articles/how-tech-powers-immigration-enforcement/">Brookings report</a> about the use of tech to deport people from the US:</p>
<blockquote><p>The administration has also adapted its methods of social media surveillance. Though agencies like <a href="https://www.brennancenter.org/our-work/research-reports/social-media-surveillance-us-government">the State Department</a> have gathered millions of handles and monitored political discussions online, the Trump administration has been more explicit in who it’s targeting. Secretary of State Marco Rubio announced a new, zero-tolerance <a href="https://www.axios.com/2025/03/06/state-department-ai-revoke-foreign-student-visas-hamas">“Catch and Revoke” strategy,</a> which uses AI to monitor the public speech of foreign nationals and <a href="https://www.forbes.com/sites/stuartanderson/2025/05/05/rubio-makes-immigration-threat-to-revoke-student-h-1b-and-other-visas/">revoke visas...</a></p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Friday Squid Blogging: Squid Overfishing in the Southwest Atlantic</title>
		<link>https://noise.getoto.net/2025/10/04/friday-squid-blogging-squid-overfishing-in-the-southwest-atlantic/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 03 Oct 2025 21:05:28 +0000</pubDate>
				<category><![CDATA[reports]]></category>
		<category><![CDATA[squid]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70881</guid>

					<description><![CDATA[Article. Report.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Use of Generative AI in Scams</title>
		<link>https://noise.getoto.net/2025/10/01/use-of-generative-ai-in-scams/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 01 Oct 2025 11:09:51 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[scams]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70899</guid>

					<description><![CDATA[<p>New report: “<a href="https://datasociety.net/library/scam-gpt/">Scam GPT: GenAI and the Automation of Fraud</a>.”</p>
<blockquote><p>This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them.</p>
<p>AI-enhanced scams are not merely financial or technological crimes; they also exploit social vulnerabilities ­ whether short-term, like travel, or structural, like precarious employment. This means they require social solutions in addition to technical ones. By examining how scammers are changing and accelerating their methods, we hope to show that defending against them will require a constellation of cultural shifts, corporate interventions, and eff­ective legislation...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Surveying the Global Spyware Market</title>
		<link>https://noise.getoto.net/2025/09/19/surveying-the-global-spyware-market/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 19 Sep 2025 11:01:02 +0000</pubDate>
				<category><![CDATA[reports]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70837</guid>

					<description><![CDATA[<p>The Atlantic Council has published its second annual report: “<a href="https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/mythical-beasts-diving-into-the-depths-of-the-global-spyware-market/">Mythical Beasts: Diving into the depths of the global spyware market</a>.”</p>
<p>Too much good detail to summarize, but here are two items:</p>
<blockquote><p>First, the authors found that the number of US-based investors in spyware has notably increased in the past year, when compared with the sample size of the spyware market captured in the first Mythical Beasts project. In the first edition, the United States was the second-largest investor in the spyware market, following Israel. In that edition, twelve investors were observed to be domiciled within the United States—­whereas in this second edition, twenty new US-based investors were observed investing in the spyware industry in 2024. This indicates a significant increase of US-based investments in spyware in 2024, catapulting the United States to being the largest investor in this sample of the spyware market. This is significant in scale, as US-based investment from 2023 to 2024 largely outpaced that of other major investing countries observed in the first dataset, including Italy, Israel, and the United Kingdom. It is also significant in the disparity it points to ­the visible enforcement gap between the flow of US dollars and US policy initiatives. Despite numerous US policy actions, such as the addition of spyware vendors on the ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>SIGINT During World War II</title>
		<link>https://noise.getoto.net/2025/08/13/sigint-during-world-war-ii/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 13 Aug 2025 11:08:00 +0000</pubDate>
				<category><![CDATA[GCHQ]]></category>
		<category><![CDATA[history of cryptography]]></category>
		<category><![CDATA[history of security]]></category>
		<category><![CDATA[intelligence]]></category>
		<category><![CDATA[NSA]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[war]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70567</guid>

					<description><![CDATA[The NSA and GCHQ have jointly published a history of World War II SIGINT: &#8220;Secret Messengers: Disseminating SIGINT in the Second World War.&#8221; This is the story of the British SLUs (Special Liaison Units) and the American SSOs (Special Securi...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Measuring the Attack/Defense Balance</title>
		<link>https://noise.getoto.net/2025/07/30/measuring-the-attack-defense-balance/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 30 Jul 2025 11:07:43 +0000</pubDate>
				<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[defense]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70530</guid>

					<description><![CDATA[<p>“Who’s winning on the internet, the attackers or the defenders?”</p>
<p>I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer.  But Jason Healey and Tarang Jain’s latest Lawfare piece has <a href="https://www.lawfaremedia.org/article/are-cyber-defenders-winning">amassed data</a>.</p>
<p>The essay provides the first framework for metrics about how we are all doing collectively—and not just how an individual network is doing. Healey wrote to me in email:</p>
<blockquote><p>The work rests on three key insights: (1) defenders need a framework (based in threat, vulnerability, and consequence) to categorize the flood of potentially relevant security metrics; (2) trends are what matter, not specifics; and (3) to start, we should avoid getting bogged down in collecting data and just use what’s already being reported by amazing teams at Verizon, Cyentia, Mandiant, IBM, FBI, and so many others...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Report from the Cambridge Cybercrime Conference</title>
		<link>https://noise.getoto.net/2025/07/14/report-from-the-cambridge-cybercrime-conference/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 14 Jul 2025 18:46:05 +0000</pubDate>
				<category><![CDATA[conferences]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70463</guid>

					<description><![CDATA[The Cambridge Cybercrime Conference was held on 23 June. Summaries of the presentations are here.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Surveillance Used by a Drug Cartel</title>
		<link>https://noise.getoto.net/2025/07/03/surveillance-used-by-a-drug-cartel/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 03 Jul 2025 11:06:42 +0000</pubDate>
				<category><![CDATA[drug trade]]></category>
		<category><![CDATA[fbi]]></category>
		<category><![CDATA[geolocation]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[surveillance]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70431</guid>

					<description><![CDATA[<p>Once you build a surveillance system, you <a href="https://www.theguardian.com/world/2025/jun/27/sinaloa-cartel-fbi-hackers">can’t control</a> who will use it:</p>
<blockquote><p>A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report.</p>
<p>The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a term used to describe the global proliferation of cameras and the thriving trade in vast stores of communications, travel, and location data...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Chinese-Owned VPNs</title>
		<link>https://noise.getoto.net/2025/05/27/chinese-owned-vpns/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 27 May 2025 11:07:57 +0000</pubDate>
				<category><![CDATA[china]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vpn]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70290</guid>

					<description><![CDATA[<p>One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain.</p>
<p>A <a href="https://www.techtransparencyproject.org/articles/apple-offers-apps-with-ties-to-chinese-military">new study</a> found that many commercials VPNS are (often surreptitiously) owned by Chinese companies.</p>
<blockquote><p>It would be hard for U.S. users to avoid the Chinese VPNs. The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies. TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S. users by piecing together corporate documents from around the world. None of those apps clearly disclosed their Chinese ownership...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”</title>
		<link>https://noise.getoto.net/2025/05/19/the-nsas-fifty-years-of-mathematical-cryptanalysis-1937-1987/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 19 May 2025 11:06:23 +0000</pubDate>
				<category><![CDATA[cryptanalysis]]></category>
		<category><![CDATA[mathematics]]></category>
		<category><![CDATA[NSA]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70269</guid>

					<description><![CDATA[In response to a FOIA request, the NSA released &#8220;Fifty Years of Mathematical Cryptanalysis (1937-1987),&#8221; by Glenn F. Stahly, with a lot of redactions.
Weirdly, this is the second time the NSA has declassified the document. John Young got a ...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NCSC Guidance on “Advanced Cryptography”</title>
		<link>https://noise.getoto.net/2025/05/02/ncsc-guidance-on-advanced-cryptography/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 02 May 2025 11:03:11 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[homomorphic encryption]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70197</guid>

					<description><![CDATA[<p>The UK’s National Cyber Security Centre just released its <a href="https://www.ncsc.gov.uk/whitepaper/advanced-cryptography">white paper</a> on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty computation.</p>
<p>It’s full of good advice. I especially appreciate this warning:</p>
<blockquote><p>When deciding whether to use Advanced Cryptography, start with a clear articulation of the problem, and use that to guide the development of an appropriate solution. That is, you should not start with an Advanced Cryptography technique, and then attempt to fit the functionality it provides to the problem. ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Report on Paragon Spyware</title>
		<link>https://noise.getoto.net/2025/03/25/report-on-paragon-spyware/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 25 Mar 2025 11:05:01 +0000</pubDate>
				<category><![CDATA[israel]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70043</guid>

					<description><![CDATA[<p>Citizen Lab has a <a href="https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/">new report</a> on Paragon’s spyware:</p>
<blockquote><p><strong>Key Findings:</strong></p>
<ul>
<li><strong>Introducing Paragon Solutions.</strong> Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious for.
</li><li><strong>Infrastructure Analysis of Paragon Spyware.</strong> Based on a tip from a collaborator, we mapped out server infrastructure that we attribute to Paragon’s Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
...</li></ul></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NIST Recommends Some Common-Sense Password Rules</title>
		<link>https://noise.getoto.net/2024/09/27/nist-recommends-some-common-sense-password-rules/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 27 Sep 2024 11:01:53 +0000</pubDate>
				<category><![CDATA[nist]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69432</guid>

					<description><![CDATA[<p>NIST’s second draft of its “<a href="https://pages.nist.gov/800-63-4/sp800-63b.html">SP 800-63-4</a>“—its digital identify guidelines—finally contains some really good rules about passwords:</p>
<blockquote><p>The following requirements apply to passwords:</p>
<ol>
<li>lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
</li><li>Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
</li><li>Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
</li><li>Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a signgle character when evaluating password length.
...</li></ol></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Long Analysis of the M-209</title>
		<link>https://noise.getoto.net/2024/09/05/long-analysis-of-the-m-209/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 05 Sep 2024 11:05:49 +0000</pubDate>
				<category><![CDATA[encryption]]></category>
		<category><![CDATA[history of cryptography]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69325</guid>

					<description><![CDATA[Really interesting analysis of the American M-209 encryption device and its security.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The State of Ransomware</title>
		<link>https://noise.getoto.net/2024/08/19/the-state-of-ransomware/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 19 Aug 2024 11:05:01 +0000</pubDate>
				<category><![CDATA[ransomware]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69271</guid>

					<description><![CDATA[<p>Palo Alto Networks published its <a href="https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/">semi-annual report</a> on ransomware. From the Executive Summary:</p>
<blockquote><p>Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed.</p>
<p>In February, we reported a 49% increase year-over-year in alleged victims posted on ransomware leak sites. So far, in 2024, comparing the first half of 2023 to the first half of 2024, we see an even further increase of 4.3%. The higher level of activity observed in 2023 was no fluke...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>People-Search Site Removal Services Largely Ineffective</title>
		<link>https://noise.getoto.net/2024/08/09/people-search-site-removal-services-largely-ineffective/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 09 Aug 2024 13:24:18 +0000</pubDate>
				<category><![CDATA[Privacy]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[searches]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69235</guid>

					<description><![CDATA[<p>Consumer Reports has a <a href="https://innovation.consumerreports.org/wp-content/uploads/2024/08/Data-Defense_-Evaluating-People-Search-Site-Removal-Services-.pdf">new study</a> of people-search site removal services, concluding that they don’t really work:</p>
<blockquote><p>As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did save time compared with manually opting out. But, without exception, information about each participant still appeared on some of the 13 people-search sites at the one-week, one-month, and four-month intervals. We initially found 332 instances of information about the 28 participants who would later be signed up for removal services (that does not include the four participants who were opted out manually). Of those 332 instances, only 117, or 35%, were removed within four months...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.</title>
		<link>https://noise.getoto.net/2024/08/06/rapid7s-ransomware-radar-report-shows-threat-actors-are-evolving-fast/</link>
		
		<dc:creator><![CDATA[Tom Caiazza]]></dc:creator>
		<pubDate>Tue, 06 Aug 2024 13:00:00 +0000</pubDate>
				<category><![CDATA[Labs]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[reports]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=79081bb23a271520b1da61a2ac986867</guid>

					<description><![CDATA[The Ransomware Radar Report offers some startling insights into who ransomware threat actors are and how they’ve been operating in the first half of 2024.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/08/GettyImages-1499410369.jpg" length="0" type="" />

			</item>
		<item>
		<title>New Research: The Proliferation of Cellular in IoT</title>
		<link>https://noise.getoto.net/2024/07/30/new-research-the-proliferation-of-cellular-in-iot/</link>
		
		<dc:creator><![CDATA[Deral Heiland]]></dc:creator>
		<pubDate>Tue, 30 Jul 2024 13:00:00 +0000</pubDate>
				<category><![CDATA[IOT]]></category>
		<category><![CDATA[reports]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=199d74c9e2767f6a1d9147de89e498c2</guid>

					<description><![CDATA[Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/07/GettyImages-1419766496.jpg" length="0" type="" />

			</item>
		<item>
		<title>Lessons from a Ransomware Attack against the British Library</title>
		<link>https://noise.getoto.net/2024/03/29/lessons-from-a-ransomware-attack-against-the-british-library/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 29 Mar 2024 11:03:14 +0000</pubDate>
				<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68663</guid>

					<description><![CDATA[You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>On Secure Voting Systems</title>
		<link>https://noise.getoto.net/2024/03/26/on-secure-voting-systems/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 26 Mar 2024 11:08:16 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[voting]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68650</guid>

					<description><![CDATA[<p>Andrew Appel shepherded a <a href="https://freedom-to-tinker.com/2024/03/18/suggested-principles-for-state-statutes-regarding-ballot-marking-and-vote-tabulation/">public comment</a>—signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature.</p>
<p>From the executive summary:</p>
<blockquote><p>We believe that no system is perfect, with each having trade-offs. Hand-marked and hand-counted ballots remove the uncertainty introduced by use of electronic machinery and the ability of bad actors to exploit electronic vulnerabilities to remotely alter the results. However, some portion of voters mistakenly mark paper ballots in a manner that will not be counted in the way the voter intended, or which even voids the ballot. Hand-counts delay timely reporting of results, and introduce the possibility for human error, bias, or misinterpretation...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 51/300 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-05 16:16:30 by W3 Total Cache
-->