Schneier on Security

View or Download in PDF Format

The full disclosure vs bug secrecy debate is a lot larger than computer security. Blaze’s paper on master-key locking systems in this issue is an illustrative case in point. It turns out that the ways we’ve learned to conceptualize security and attacks in the computer world are directly applicable to other areas of security—like door locks. But the most interesting part of this entire story is that the locksmith community went ballistic after learning about what Blaze did.

The technique was known in the locksmithing community and in the criminal community for over a century, but was never discussed in public and remained folklore. Customers who bought these master key systems for over a century were completely oblivious to the security risks. Locksmiths liked it this way, believing that the security of a system is increased by keeping these sorts of vulnerabilities from the general population…

View or Download in PDF Format

Computer security is vital, and IEEE is launching this new magazine devoted to the topic. But there’s more to security than what this magazine is going to talk about. If we don’t help educate the average computer user about how to be a good security consumer, little of what we do matters.

Dozens of times a day, we are security consumers. Every time we cross the street, we’re buying security. When we brush our teeth in the morning, we’re buying security. We buy security when we lock our door, or our car. When you reach down at a checkout counter to buy a candy bar and notice that the package has been opened, why do you reach for another? It’s because for the price of the candy bar, you want to also buy as much security as you can…