On Microsoft's Lousy Cloud Security - Schneier on Security
ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica. Or, as one member of the team put it: “The package is a pile of shit.” For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security...
US Bans All Foreign-Made Consumer Routers
This is for new routers; you don’t have to throw away your existing ones:
The Executive Branch determination noted that foreign-produced routers (1) in... https://www.schneier.com/blog/archives/2026/04/us-bans-all-foreign-made-consumer-routers.html
#nationalsecuritypolicy #Uncategorized #cyberattack #hardware #China
US Bans All Foreign-Made Consumer Routers - Schneier on Security
This is for new routers; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.” More information: Any new router made outside the US will now need to be approved by the FCC before it can be imported, marketed, or sold in the country...
Is “Hackback” Official US Cybersecurity Strategy?
The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for ... https://www.schneier.com/blog/archives/2026/04/is-hackback-official-us-cybersecurity-strategy.html
#nationalsecuritypolicy #Uncategorized #cybersecurity #hackback #hacking
Is "Hackback" Official US Cybersecurity Strategy? - Schneier on Security
The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” This sounds like a call for hackback: giving private companies permission to conduct offensive cyber operations. The Economist noticed (alternate link) this, too. I think this is an incredibly dumb idea: In warfare, the notion of counterattack is extremely powerful. Going after the enemy—its positions, its supply lines, its factories, its infrastructure—is an age-old military tactic. But in peacetime, we call it revenge, and consider it dangerous. Anyone accused of a crime deserves a fair trial. The accused has the right to defend himself, to face his accuser, to an attorney, and to be presumed innocent until proven guilty...
Jailbreaking the F-35 Fighter Jet
Countries around the world are becoming increasingly concerned about their dependencies on the US. If you’ve purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance.
The Dutch Defense Secretary recentl... https://www.schneier.com/blog/archives/2026/03/jailbreaking-the-f-35-fighter-jet.html
#nationalsecuritypolicy #Uncategorized #Netherlands #DRM
Jailbreaking the F-35 Fighter Jet - Schneier on Security
Countries around the world are becoming increasingly concerned about their dependencies on the US. If you’ve purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance. The Dutch Defense Secretary recently said that he could jailbreak the planes to accept third-party software.
US Declassifies Information on JUMPSEAT Spy Satellites
The US National Reconnaissance Office has declassified information about a fleet of spy satellites operating between 1971... https://www.schneier.com/blog/archives/2026/02/us-declassifies-information-on-jumpseat-spy-satellites.html
#nationalsecuritypolicy #historyofsecurity #Uncategorized #espionage
US Declassifies Information on JUMPSEAT Spy Satellites - Schneier on Security
The US National Reconnaissance Office has declassified information about a fleet of spy satellites operating between 1971 and 2006. I’m actually impressed to see a declassification only two decades after decommission.
The Constitutionality of Geofence Warrants
The US Supreme Court is considering the constitutionality of geofence warrants.
The case centers on the trial of Okello Chatrie, a Virginia man who p... https://www.schneier.com/blog/archives/2026/01/the-constitutionality-of-geofence-warrants.html
#nationalsecuritypolicy #Uncategorized #searches #courts
The Constitutionality of Geofence Warrants - Schneier on Security
The US Supreme Court is considering the constitutionality of geofence warrants. The case centers on the trial of Okello Chatrie, a Virginia man who pleaded guilty to a 2019 robbery outside of Richmond and was sentenced to almost 12 years in prison for stealing $195,000 at gunpoint. Police probing the crime found security camera footage showing a man on a cell phone near the credit union that was robbed and asked Google to produce anonymized location data near the robbery site so they could determine who committed the crime. They did so, providing police with subscriber data for three people, one of whom was Chatrie. Police then searched Chatrie’s home and allegedly surfaced a gun, almost $100,000 in cash and incriminating notes...
A Cyberattack Was Part of the US Assault on Venezuela
We don’t have many details:
President Donald Trump suggested Saturday that the U.S. used cyberattacks or other technica... https://www.schneier.com/blog/archives/2026/01/a-cyberattack-was-part-of-the-us-assault-on-venezuela.html
#nationalsecuritypolicy #infrastructure #Uncategorized #cyberattack #kidnapping
A Cyberattack Was Part of the US Assault on Venezuela - Schneier on Security
We don’t have many details: President Donald Trump suggested Saturday that the U.S. used cyberattacks or other technical capabilities to cut power off in Caracas during strikes on the Venezuelan capital that led to the capture of Venezuelan President Nicolás Maduro. If true, it would mark one of the most public uses of U.S. cyber power against another nation in recent memory. These operations are typically highly classified, and the U.S. is considered one of the most advanced nations in cyberspace operations globally.
White House Bans WhatsApp
Reuters is reporting that the White House has banned WhatsApp on all employee devices:
The notice said the “O... https://www.schneier.com/blog/archives/2025/06/white-house-bans-whatsapp.html
#nationalsecuritypolicy #Uncategorized #cybersecurity #WhatsApp #Meta
White House Bans WhatsApp - Schneier on Security
Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.” TechCrunch has more commentary, but no more information.
US as a Surveillance State - Schneier on Security
Two essays were just published on DOGE’s data collection and aggregation, and how it ends with a modern surveillance state. It’s good to see this finally being talked about. EDITED TO ADD (5/3): Here’s a free link to that first essay.
Schneier on Security RSS