Schneier on Security

Bruce,

Was this edited in a way that tweaks the meaning of some of your statements?

This is one of the first times that I find myself in disagreement with the spirit of your opinion. You seem to be indicating that since you are forced by circumstance to trust 3rd parties for some things, you might as well trust them with everything. When it comes to data, I tend to disagree, especially when it comes to business. For home users with little experience and few resources to allocate to the problem, it's a tenable position. For businesses? Absolutely not!

There's a big difference between:
- living with the fact that I can't write all the software I need myself and must trust a 3rd party to not insert anything malicious in the code they sell me, and;
- deciding to trust a 3rd party with direct access to my data.

There are so many more concerns than malicious intent when it comes to third party access to data. The plain fact is that they have their own interests and those won't always coincide with mine. It's normal in a case of conflict of interest to expect that a third party will always have their own interests at heart.

@ Bruce,

I can see the Internet headlines now,

"OMG Bruce Schneier well known Security Guru admits to being human"

8)

Your going to have to upset your publisher and give up the "Chuck Norris" image 8)

Speaking of which hows the "action figure" investigation coming along?

@ Bruce,

Speaking of how rumors get started and how they have a habit of poping up years later.

Have you seen this Spaf posting,

http://www.cerias.purdue.edu/site/blog/post/...

It shows a number of points not unrelated to this thread.

Regards,

Clive.

@Bruce,

"So, yes, this was edited badly"

Ah! though so. Sucks that the summary under the picture puts words in your mouth that are likely much more black and white than anything you said.

"the full answer to that question is long and complicated."

As most correct answers are... ;-)