Homepage for Mathew Schwartz

Google Researcher Reveals Zero-Day Windows Bug
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
InformationWeek (May 24, 2013)

Strike Back If China Steals IP, Companies Told
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
InformationWeek (May 23, 2013)

Twitter Two-Factor Security Combats Takeovers
Authentication measure comes in wake of Syrian Electronic Army account hacks, further security steps coming.
InformationWeek (May 23, 2013)

Dropbox Adopts Single Sign-On Technology
Dropbox says any off-the-shelf or homegrown identity management system that's compatible with the Security Assertion Markup Language (SAML) standard can be configured to automatically sign users into its service.
InformationWeek (May 22, 2013)

FBI Arrests NYPD Detective On Hacking Charges
Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization.
InformationWeek (May 22, 2013)

Google Aurora Hack Was Chinese Counterespionage Operation
Attackers were after U.S. government surveillance requests for undercover Chinese operatives, say former government officials.
InformationWeek (May 21, 2013)

Microsoft Tech Support Scams: Why They Thrive
Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
InformationWeek (May 13, 2013)

Huawei CEO Dismisses Security, Spying Concerns
Company founder denies that Huawei employees would ever be forced to spy for China.
InformationWeek (May 10, 2013)

Washington State Courts Reveal Security Breach
State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format.
InformationWeek (May 10, 2013)

McAfee, AV's King Of Crazy, Resurfaces
Antivirus pioneer and former fugitive from justice in Belize John McAfee shares more about his code-slinging and drug-smuggling past.
InformationWeek (May 09, 2013)

More: Archive

*SELECTED WRITING:*
Breaking Security News	Selected Stories
Google Researcher Reveals Zero-Day Windows Bug Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability, InformationWeek (May 24, 2013) Strike Back If China Steals IP, Companies Told Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks. InformationWeek (May 23, 2013) Twitter Two-Factor Security Combats Takeovers Authentication measure comes in wake of Syrian Electronic Army account hacks, further security steps coming. InformationWeek (May 23, 2013) Dropbox Adopts Single Sign-On Technology Dropbox says any off-the-shelf or homegrown identity management system that's compatible with the Security Assertion Markup Language (SAML) standard can be configured to automatically sign users into its service. InformationWeek (May 22, 2013) FBI Arrests NYPD Detective On Hacking Charges Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization. InformationWeek (May 22, 2013) Google Aurora Hack Was Chinese Counterespionage Operation Attackers were after U.S. government surveillance requests for undercover Chinese operatives, say former government officials. InformationWeek (May 21, 2013) Microsoft Tech Support Scams: Why They Thrive Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers. InformationWeek (May 13, 2013) Huawei CEO Dismisses Security, Spying Concerns Company founder denies that Huawei employees would ever be forced to spy for China. InformationWeek (May 10, 2013) Washington State Courts Reveal Security Breach State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format. InformationWeek (May 10, 2013) McAfee, AV's King Of Crazy, Resurfaces Antivirus pioneer and former fugitive from justice in Belize John McAfee shares more about his code-slinging and drug-smuggling past. InformationWeek (May 09, 2013) More: Archive	FBI Briefs Bank Executives On DDoS Attack Campaign FBI expedited security clearances so it could share classified info on Operation Ababil, a distributed denial of service attack that continues to disrupt U.S. financial websites. InformationWeek (May 14, 2013) Apple iPhone Decryption Backlog Stymies Police Apple's waiting list to bypass security controls on latest-generation iPhone and iPad devices means months-long delays for law enforcement investigators. InformationWeek (May 14, 2013) CISPA 2.0: House Intelligence Committee Fumbles Privacy Again Cybersecurity bill's backers portray threat intelligence sharing as a panacea, but yet again ignore the potential privacy and security downsides. InformationWeek (April 16, 2013) Banks Hit Downtime Milestone In DDoS Attacks Top 15 U.S. banks have experienced double the downtime from same period last year. Lawmakers demand passage of a cyber threat intelligence sharing bill. InformationWeek (April 04, 2013) Kill Passwords: Hassle-Free Substitute Wanted Passwords keep proliferating, but do new technologies and approaches offer an alternative? Maybe. InformationWeek (March 04, 2013) Don't Blame China For Security Hacks, Blame Yourself Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs. InformationWeek (February 25, 2013) China Denies U.S. Hacking Accusations: 6 Facts Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul. InformationWeek (February 21, 2013) BK Hack Triggers Twitter Password Smackdown "Operation Whopper" takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitter's "friendly reminder" to use strong passwords. InformationWeek (February 21, 2013) Uncertain State Of Cyber War Just what does "cyber warfare" mean? We're still figuring out tactics and capabilities. InformationWeek (January 21, 2013) TV-Monitoring Patent Prompts Privacy Worries Could a television soon monitor your every move and conversation? IAPP (January 17, 2013) Exclusive: Anatomy Of A Brokerage IT Meltdown Regulators last year issued the SEC's first-ever privacy fine against broker-dealer GunnAllen for failing to protect customer data. But former IT staffers say regulators didn’t seem to know half of this cautionary tale of outsourcing and oversight gone wrong. InformationWeek (October 08, 2012) More: Archive
See my archive of all stories written by year: 2013 \| 2012 \| 2011 \| 2010 \| 2009 \| 2008 \| 2007 \| 2006 \| 2005 \| 2004 \| 2003

Travel Writing & Photography
11 Security Sights Seen Only At Black Hat Who says fun, sun, malware, and penetration testing don't mix? This year's Black Hat conference in Las Vegas offered information security training, hardware hacking, pool time, and more.
Istanbul in 5... Istanbul, a Turkish port city on the Bosporus, has long been celebrated as a place where east meets west. Geographically, at least, that’s true, since the bicoastal city spans two European coasts and one in Asia, with each offering something different.
Tenerife in 5... Find a different beach -- sandy, south-facing, and sunny -- for every day of your vacation on Tenerife, the largest of the Canary Islands, an autonomous part of Spain located near the northwest coast of Africa.
Croatian Beaches in 5... Never mind that the beaches are mostly made of pebbles and rocks, Croatia’s islands, off the coast of Dalmatia, make for a singular beach getaway that won’t wreck your budget.
Paris in 5... Whether it’s your first visit to Paris or your tenth, you ought to try something that may seem fiendishly simple, because it is: Living like a Parisian.
Fodor's Guide to The Da Vinci Code Full-color guide ("on the trail of the bestselling novel") profiles the locations, people, historic events, and symbols featured in the novel. Also included: relevant travel information, plus hotel and food recommendations. The guide opens with three of my essays, including profiles of the Paris Ritz (where the novel begins) and the Police Judiciaire, the real-life French law enforcement agency which employs Bezu Fache, the novel's fictional inspector. See my updates page for more information, or read more travel writing.

Photography
	Ireland From Clonmacnoise, to Dingle, to Dublin.	Portraits Headshots + friends
	Rome Springtime in Italy.	Publicity Singing ensemble, yoga instructors, and more.
Travel photo galleries: Budapest Chicago Cornwall Ireland Istanbul Massachusetts Panoramics Paris Rome

*Selected:*
Intranet Information Architecture (IA) This two-volume, 1,293-page report details numerous IA best practices, and profiles the actual information architecture of 56 organizations' intranets — from BT Global Services and McDonald's, to Vodafone and Zeiss. (Co-authored.) Nielsen Norman Group (November 2007)	Usability of Intranet Portals: A Report from the Trenches—Experiences From Real-Life Portal Projects This 188-page report on intranet portal usability uses case studies and lessons learned from portal projects in numerous companies, as well as government agencies, to determine best practices for creating intranet portals. (Co-authored.) Nielsen Norman Group (October 2005)