Essays Tagged "CNET"

Page 1 of 1

Who says safe computing must remain a pipe dream?

  • Bruce Schneier
  • CNET
  • December 9, 2004

Spanish translation

I am regularly asked what average Internet users can do to ensure their security. My first answer is usually, “Nothing—you’re screwed.”

But that’s not true, and the reality is more complicated. You’re screwed if you do nothing to protect yourself, but there are many things you can do to increase your security on the Internet.

Two years ago, I published a list of PC security recommendations. The idea was to give home users concrete actions they could take to improve security. This is an update of that list: a dozen things you can do to improve your security…

Saluting the data encryption legacy

  • Bruce Schneier
  • CNET
  • September 27, 2004

The Data Encryption Standard, or DES, was a mid-’70s brainchild of the National Bureau of Standards: the first modern, public, freely available encryption algorithm. For over two decades, DES was the workhorse of commercial cryptography.

Over the decades, DES has been used to protect everything from databases in mainframe computers, to the communications links between ATMs and banks, to data transmissions between police cars and police stations. Whoever you are, I can guarantee that many times in your life, the security of your data was protected by DES…

We Are All Security Customers

  • Bruce Schneier
  • CNET
  • May 4, 2004

National security is a hot political topic right now, as both presidential candidates are asking us to decide which one of them is better fit to secure the country.

Many large and expensive government programs—the CAPPS II airline profiling system, the US-VISIT program that fingerprints foreigners entering our country, and the various data-mining programs in research and development—take as a given the need for more security.

At the end of 2005, when many provisions of the controversial Patriot Act expire, we will again be asked to sacrifice certain liberties for security, as many legislators seek to make those provisions permanent…

Slouching Towards Big Brother

  • Bruce Schneier
  • CNET
  • January 30, 2004

Last week the Supreme Court let stand the Justice Department’s right to secretly arrest noncitizen residents.

Combined with the government’s power to designate foreign prisoners of war as “enemy combatants” in order to ignore international treaties regulating their incarceration, and their power to indefinitely detain U.S. citizens without charge or access to an attorney, the United States is looking more and more like a police state.

Since the Sept. 11 attacks, the Justice Department has asked for, and largely received, additional powers that allow it to perform an unprecedented amount of surveillance of American citizens and visitors. The USA Patriot Act, passed in haste after Sept. 11, started the ball rolling…

Internet Worms and Critical Infrastructure

  • Bruce Schneier
  • CNET
  • December 9, 2003

Did MSBlast cause the Aug. 14 blackout? The official analysis says “no,” but I’m not so sure. A November interim report a panel of government and industry officials issued concluded that the blackout was caused by a series of failures with the chain of events starting at FirstEnergy, a power company in Ohio. A series of human and computer failures then turned a small problem into a major one. And because critical alarm systems failed, workers at FirstEnergy did not stop the cascade, because they did not know what was happening.

This is where I think MSBlast, also known as Blaster, may have been involved…

Con: Trust, but verify, Microsoft's pledge

  • Bruce Schneier
  • CNET
  • January 18, 2002

Microsoft Chairman Bill Gates should be given credit for making security and privacy a top priority for his legions of engineers, but we’ll have to wait to see if his call represents a real change or just another marketing maneuver.

Microsoft has made so many empty claims about its security processes—and the security of its processes—that when I hear another one, I can’t help believing it’s more of the same flim-flam.

Anyone remember last November when Microsoft’s Jim Allchin, group vice president, said in a published interview that all buffer overflows were eliminated in Windows XP? Or that the new operating system installed in a minimalist way, with features turned off by default? Not only did the Universal Plug and Play (UPnP) vulnerability that was found last month exploit an unneeded feature that was enabled by default, but it also was a buffer overflow…

Sidebar photo of Bruce Schneier by Joe MacInnis.