Comments

vanillaAugust 13, 2011 4:46 PM

Just read your interview (thanks for link). I think your point about cybercrime being largely ignored is accurate. I recently learned that family members have been hit in a very big way. And while there has been some help with tracking how it was done, there is zero help with recovery. We are all more vulnerable than we would like to think ...

Muhammad Naveed KhurshidAugust 13, 2011 7:11 PM

Everyone has their own opinion and I respect Schneier opinions. However, I have some different opinions.

I believe in recent years,
Attacks on military industry have increased.
Attacks on gaming Industry have increased.
Attacks on government organizations have increased
Attacks on financial institutes have increased.
Attacks on safety critical systems have increased.

(For references please check my blog at http://www.softeng.org/blog/?p=28)

Schneier commented that in order to cope with problem of hacking, nothing magical needs to be done, infact, he believes, there is a need to use old practices.

I believe, "we cannot predict future but we can sense future". My senses says that something big will happen in next year or two.

Regardless of the fact that implementation of turning off internet (restricting internet) is hard but still government of the United Kingdom will spend 690 million Great British Pound to tackle cyber crime. This means that UK government is doing opposite of USA government (According to facts).

tommyAugust 13, 2011 11:42 PM

As Voltaire (1694 – 1778) said, "Common sense is quite rare." (The popular paraphrase, "Common sense is quite uncommon", doesn't seem to be found in his works.)

Common sense is quite rare these days, in TV news, Internet, all media. Finding it is an "uncommon" pleasure. Bruce, thanks for being a refreshing voice of common sense in a hysterical world.

SteveAugust 14, 2011 5:39 PM

It looks as if Bruce is trying to avoid the cattle prod the used to get him to be interviewed.

GabrielAugust 14, 2011 8:17 PM

Awesome. Bruce told them it was a wash in no veiled terms and no bursting out into "this is all bull**** dumb***!" as many of us would. He also did not succumb to kissing the ring of the curent president when asked to.

No, he wasnt avoiding a cattle prod. He just stepped aside and didn't let them pull him into validating the government's line. I'm surprised they actually put the transcript up and didn't edit it. If only people like Bruce, rational
And logical, were in power. Unfortunately, Bruce would have to sell his soul in order to climb the political ladder.

anonymousAugust 15, 2011 4:54 AM

Some of the problems of cyberattacks stem from the fact that PCs and operating systems were invented years before the existence of the internet and PC makers never adequately made the adjustment to the connectivity. Manufacturers built stand-alone boxes, not internet-connected computers.

GabrielAugust 15, 2011 7:34 AM

@anonymous: that may have been true as late as the early 90's, but that changed very quickly over 15 years ago. Even unix systems, including the clones and microkernels, while battle hardened since the 70's, do not provide high assurance security. As many have discussed on here previously, high security systems were prohibitively expensive, and when developed, were often export controlled as munitions. The problem is, even the defense department accepted commodity systems instead of these secure systems.

Combine insecure systems with the influx in PEBKAC since the 90's, and you have the current state of affairs. There's enough dumb users who won't follow even reasonable precautions (like not downloading codecs to watch p*rn). Then you have a global network on which many sites require code provided by the alleged server to run on untrusted machines. Javascript is a massive security failure, you can rewrite any page, take over many browser ui functions, and post back any input. All security solutions are bandaids, with the best of them like being wrapped in a body cast that won't let you move, hence why you don't have the majority of people using noscript.

tommyAugust 15, 2011 6:14 PM

@ Nick P.:

"Nice summary. Much shorter than my version as well. :)"

Actually, for the first couple of sentences, I thought it *was* your version. ;) (ID-ing writers by style and topic...) Until I noted that the first letter of the comment wasn't capitalized. :über-forensic:

GabrielAugust 15, 2011 7:22 PM

@Tommy: It could have been Nick P on a smartphone as well. At least when I comment on a smartphone, my spelling and grammar tend to suffer. Such as a stray newline in the middle of a sentence; resulting in the following conjunction being capitalized as a result...

Nick PAugust 16, 2011 3:20 AM

@ tommy

"Actually, for the first couple of sentences, I thought it *was* your version. ;) "

It was heavily borrowed from my posts. Some of it verbatim. I'm actually glad in this case because it's a message I've been trying to get out for a while. Gabriel is one of hopefully many success stories of the truth being told and spread. Maybe somewhere along the lines the message reaches the person who can act to stem the problem. This is why I encourage unmitigated, even unattributed spread of these points. It can only help. ;)

@ Gabriel

"It could have been Nick P on a smartphone as well. At least when I comment on a smartphone, my spelling and grammar tend to suffer."

It's probably worse with me. I have extremely poor hand-eye coordination. Typing on my touchscreen smartphone is quite a pain. Since I usually have little time to post, I do little revision and sometimes even use "text-speak:" the shortened version of everything that texters often use. If you see a post from me like that or that looks hasty, I was either very busy or on a smartphone. :)

tommyAugust 16, 2011 6:50 PM

@ Nick P.:

"I have extremely poor hand-eye coordination. "

Doesn't that make it difficult to, say, "write code"? lol ;)

(I know you'd take much more care there, but the one-liner was irresistible. My typing sux too, even on a full keyboard. I try to preview if the time's there, but as you said....)

I use only dumbphones for other reasons (security & privacy relative to smart), but I can't see myself typing on one very well, either.

GabrielAugust 16, 2011 9:18 PM

@Tommy: at least vim/ emacs/ides/pico won't autocorrect your typos like a smartphone will. People have inadvertently sent some very embarrassing emails due to autocorrect. And of course gcc/msvc or whatever compiler you use will give you a syntax error for your typos.

Now imagine a compiler frontend that will run an autocorrecter on your code first. That will be fun. Will it be changed into a symbol, a keyword, or an operator?

GabrielAugust 17, 2011 7:32 PM

@Richard: that's assuming that once you tune it you will actuall be able to receive a decent signal. I believe they use the headphones as an antenna, which most of the time aren't quite long enough.

Remember, the national association of broadcasters (nab) wanted everyone to have one on their phone, because Riaa wanted to charge them higher licenses. Of course, that would probably be the most secure function on your phone. Can't leak information quite as easily that way.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..