Click Here to Kill Everybody Reviews and Press Mentions

It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin.

I've also done a bunch of interviews -- either written or radio/podcast -- including the Washington Post, a Reddit AMA, "The 1A " on NPR, Security Ledger, MIT Technology Review, CBC Radio, and WNYC Radio.

There have been others -- like the Lawfare, Cyberlaw, and Hidden Forces podcasts -- but they haven't been published yet. I also did a book talk at Google that should appear on YouTube soon.

If you've bought and read the book, thank you. Please consider leaving a review on Amazon.

Posted on September 14, 2018 at 2:14 PM • 22 Comments

Comments

echoSeptember 15, 2018 1:17 AM

I'm fairly unhappy the whole discussion of security is very heavily tilted towards "boys toys". I know Bruce has his speciality and the more political and social aspects of security can be difficult and unfamiliar to the dominant mainstream. I have seen this with other industries too. This was admitted at the time too and there was a later surge in expanding discussion and formalising systems in broader areas. Things have returned again to "boys toys" discussion again. I'm not sur what to make of this but fairly sure "security" needs more voices than whathas traditionaly been the case.

Scott1847September 15, 2018 11:11 AM

@echo

When you say "boys toys" what specifically are you referring to? Your comments are puzzling to me. How do "boys toys" relate to security within the context of this blog and Mr. Schneier's publications?

BTW, his new book is really good...anyone using networked computers should read it. It provides a perspective that is of interest to all level of computer competence.

Gorlak, the cavemanSeptember 15, 2018 9:05 PM

Are we talking computer security or physical security "boys toys"? I'm confused.

Clive RobinsonSeptember 15, 2018 9:29 PM

@ All,

The expression "boys toys" is as unacceptable as "Girly bags".

The simple fact is that there are also a lot of girls bying the same toys as the boys though I'm doubtfull that there are a lot of boys buying the same bags as the girls (though if you think I'm wrong on the latter point sing out).

echoSeptember 15, 2018 9:49 PM

@Scott1847

I explained everything in the one paragraph. Do men actually read and comprehend stuff? It's like men hit one word then their whole brain derails.

Scott1847September 16, 2018 9:50 AM

@echo

If I'd understood I would not have asked about the meeting of "boys toys" in the context of this blog. But as you clearly stated, I'm too stupid to understand or participate in this dialogue. So I'll leave.

Jesse ThompsonSeptember 16, 2018 6:30 PM

@echo

Well, at least I get what you mean. But I can appreciate why some folk might get confused. Are you sure it's not worth offering some examples of ways that the present security conversation gets stuck in a rut, and what some broader topics might address instead?

I would offer some that I see, but I don't want to steal the mic in case your concerns lie elsewhere.

echoSeptember 17, 2018 11:35 AM

@Jesse Thompson

Thanks. Yes, your suggestion is helpful. I have tried before but find things get lost in the stampede. It's actually very difficult explaining things when the established body of reasoning doesn't fully exist or descriptive terms vary.

JackSeptember 17, 2018 2:16 PM

You can "invent" all the eliptical curve pseudo-rng's you want, as long as the "inventors" hold a TLA security-clearance, they are "boys toys", no matter what some PC-obsessed
dude says, including "Snowden is old news" . Oh, you already knew everything the NSA did ? Where were you when they called people "paranoid conspiracy-theorists" for claiming all emails got NSA-stored ?

lessSeptember 17, 2018 5:38 PM

@echo, @Jesse Thompson

Would one of you mind explaining what you are talking about please? I am with Scott1847 on this one - there is not enough context in your comments for me to figure out what you are unhappy about. As well as "boys toys" you said "the more political and social aspects of security can be difficult and unfamiliar to the dominant mainstream" - as far as I can see the book does talk quite a bit about the political and social aspects of security. But it sounds like you have something more specific in mind?

Also.. I am a bit hesitant to bring this up because I don't want to derail this conversation. echo I thought your reply to Scott1847 was pretty hostile and dismissive. He did not do anything to deserve that. And it actively discourages further discussion on a topic you care about. Please cut out the insults, we can still have a constructive conversation about this.

HmmSeptember 18, 2018 1:40 AM

"Do men actually read and comprehend stuff? It's like men hit one word then their whole brain derails."

I read and comprehend this as kind of a bigoted statement that would be uncalled for in converse, so...

Bruce SchneierSeptember 18, 2018 10:04 AM

@echo

I'm also interested in understanding what you are referring to. Feel free to email me privately if you prefer.

Clive RobinsonSeptember 18, 2018 1:09 PM

@ Bruce, echo,

If I read @echo's issues correctly they deal with stack level nine and above "soft security" very much institutionalized human issues.

Where as mostly we deal here with "hard security" issues that are technology focused, with some layer seven and eight issues.

Unfortunatly due to the fact politicians and legislators are pushing there noses even further into our tent on a daily basis at the behest of others, and without any consideration to consequences we are finding those level nine and above issues are reaching down to us one way or another. Which is something we need to be aware of.

Much as it was pre Ed Snowden when we did not want to think that some Goverment IC entities were actively out to get ordinary citizens data. Later to find out that LEOs were also actively doing the same with active encoragment of the likes of the FBI and DoJ.

But we changed, we now need to make another change and realise that ALL government agencies and many NGO's actively see us as the enemy and want to act against our legal rights at every level from thugish "guard labour" all the way up through the "proffessions" often pushrd down from the top most levels on a "Do or Die" basis.

It's in part the worsening of the behaviours as they get emboldened and in part the revulsion many feel inside these organisations that caused the rise in "Whistleblowers" and the swingeing attacks against them that Pres Obama decreed that ended up in a phone tapping scandle.

In the UK there are not just less protections, there are even less remidies available to those who have been harmed. The UK police have a massive history of ignoring abuse not just in thrir own ranks but also in other entities and even in public places. Whilst UK police are generaly not armed the increase in use of tazers and illegal restraint techniques that cause real harm and death are indicative of deeply seated "canteen mentality" attitudes further pushed by the attitude of "with us or against us" that also forces "closed ranks" and failures to investigate.

Unless you have been on the receiving end of it (which I have several times) it's often difficult to get it over to people who more by luck than anything else have not been...

In the main it's due to the majority of people not wanting to undergo the cognative dissonance of having to come to terms with the fact they were in effect brain washed when young and indoctrinated into a false belief system, about their relationship to the state and how the state actually views them.

Clive RobinsonSeptember 18, 2018 1:39 PM

For those that don't get "boys toys"

It's a little tounge in cheek but here's a boy's toy explaining boy's toys,

https://m.youtube.com/watch?v=Cf74rBSguZc

As for the other "Girly bags" idiom it kind of derives from the lines of a song "hand bags and glad rags" that was released back in 1966 by Chris Farlow and has been recorded by several others since, one of which was used for the comedy show "The Office".

    They told me you missed school today. So what I suggest you just throw them all away, The handbags and the gladrags, that your poor old Granddad had to sweat to buy you.

Both idioms demonstrate an extream of behaviour in adults that is percieved as "gender biased" but not attacking by gender.

You can see it on any magazine rack in a news agent, general store, or supermarket. You have "fashion mags" and "tech/gadget mags".

There are sociological arguments that it goes back to what toys we were given as children (dolls / cars) and the gender indoctrination we were brought up in. It does not matter if it's true or not it's a perception given out by many in marketing etc.

echoSeptember 19, 2018 11:42 AM

@Clive

I don't perceive things as a stack but a collection of parallel things with interactions. I can speak to the technical as much as anyone but for me personally technical issues are trivial and my personal interests means I follow a different emphasis.

I've lost count of the number of times we have said the same thing only using different words.

Clive RobinsonSeptember 19, 2018 3:59 PM

@ echo,

I don't perceive things as a stack but a collection of parallel things with interactions.

The reason for saying "stack" is "techies" kind of understand the ISO OSI Seven Layer Model, that got expanded into the "computing stack" that in theory covers from the lower levels of Quantum Mechanics all the way up to "near deities" as some of the SigInt agencies seniors tend to consider themselves.

The problem is different people have diferent extentions...

I tend to think user, managment, legislative, political, treaty. As 8-12 but some HCI people take three to five layers on that...

Any way, it tends not to matter if you think of things in parallel as many see themselves in a hierarchy any way, thus defer / command accordingly. But my view point is moving from technical security up to legal and political --with a little p-- and how it impinges on managment and users.

As I indicated the politico's like the famed camal stick their nose unbiden but insistent into our tent where they most definitely are unwanted. Thus I view them as being a significant nuisance at the least to a deadly pest at worst. Either way they are detrimental to good security practice.

With regards saying the same thing but with different words, kind of tells us we have interests in common but view points from different backgrounds or vantage points.

echoSeptember 20, 2018 11:21 AM

@Clive

Yes, what you say is close enough. There are times when I think in terms of stack. It depends really.

Steve BranamSeptember 21, 2018 10:25 AM

I haven't read the book yet, that's my vacation reading next week, but I follow Schneier on Risks Digest.

There are 3 aspects to the (in)security of high-tech "toys". First, the people who buy vulnerable devices are themselves vulnerable to direct compromise. Think IOT cameras and microphones that allow malicious eavesdropping, or other devices that infect the home network and start exposing (or exporting!) personal data or traffic.

But second, the much broader aspect with regard to society as a whole, is that these vulnerable devices are turning our large-scale security safety infrastructure into a permeable membrane, if not a wholesale sieve. EVERYTHING we do on the Internet as part of our everyday lives becomes vulnerable.

Think how much of your daily life you transact online now. All your personal finances, banking, bill-paying, etc. Plus all the basic services like credit card payments and POS terminals at the gas station and grocery store that depend on networked backend systems. When large-scale DDOS events like those perpetrated via the Mirai botnet are able to grind those mundane daily activities to a halt, society at a whole is placed at risk, regardless of who owned the "toys" that provided the attack vector.

Third, these technologies are rapidly moving from the "toys" into the everyday mundane devices around us. Society in general is becoming more and more dependent on them and their safe and secure operation. And the safe and secure management of all the offline data they produce, under all use cases.

That's why I argue that those of us who are developers need to build security in: We Need To Build Security In.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.