Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« The Ultimate Movie Plot Threat: Killer Asteroids | Main | Incompetence at the Border »

March 22, 2007

"Psychology of Security" Excerpt

My Wired.com column for today is an excerpt from my "Psychology of Security" essay.

Posted on March 22, 2007 at 7:20 AM6 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Dave AronsonMarch 22, 2007 7:57 AM

Link is broken; needs .html appended.

Dave AronsonMarch 22, 2007 7:58 AM

(Er, the link to the full essay, I mean.)

MDMarch 22, 2007 3:32 PM

There was a similarly themed op-ed in the LA Times last July:
http://www.latimes.com/news/opinion/commentary/...

alexMarch 22, 2007 5:02 PM

Good piece!

I would suggest however to read "And when those heuristics fail, our feeling of security diverges from the reality of security." as:
And when those heuristics fail - or are deliberately tampered with - our feeling of security diverges from the reality of security.

See for instance "Folk Devils and Moral Panics" of Stanley Cohen or Adam Curtis' documentary "The Power of Nightmares" (http://news.bbc.co.uk/1/hi/programmes/3755686.stm)

Clive RobinsonMarch 26, 2007 9:52 AM

Bruce,

I know it's a draft and I am being a bit picky but,

I personaly would avoid using a statment like,

"That screws up avaiability"

In quite a few parts of the world part of the expression will cause offence.

Your last two paragraphs in Representativeness caused me to whince...

In your Base Rate explination you say "even an accurate test" and go on to imply it is not accurate, ie that it can fail and that the rate of failier is significant if not greater than the actual occurance of what it is testing for. The test is either accurate or it is not, otherwise the test has probabilities and confidence levels.

Then when talking about the law of small numbers you use the analagy of a coin toss without stating it is a "fair coin" which in practice does not exist except as an ideal.

Oh and the bibliography, you have numerous duplicates the most obvious is the three mentions of Danial Gilbert's artical in the first page (for obvious reasons a three letter word makes it easy to spot even at a cursory glance).

All of that asside It was a good read, and an interesting starting point, I look forward to reading more in the near future.

GPEMarch 27, 2007 10:24 AM

The Wired.com link appears to be dead as well.

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Subscribe
Atom Feed Facebook Twitter E-Mail Newsletter (Crypto-Gram)
Subscribe via Kindle
Blog Menu

Search

Powered by DuckDuckGo


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Tags

more tags

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier