News: 2000 Archives
Attack Defense
Number 2 of the top 14 security vulnerabilities, according to the recently released second edition of Hacking Exposed (Osborne/McGraw-Hill, $40): “Unsecured and unmonitored remote access points provide one of the easiest means of access to your corporate network. Telecommuters often connect to the Internet with little protection, exposing sensitive files to attack.”
Microsoft’s security experts appear to have overlooked this concept: It’s what seems to have happened in the company’s recent experience of being hacked from afar.
For a more readable but depressing look at just how tough it can be to maintain security, there’s …
Think You’re Safe Online? Think Again!
Let’s assume for a moment that you are not a techie or a hacker. You’re browsing in a bookstore and happen to pick up a copy of Secrets and Lies: Digital Security in a Networked World (John Wiley & Sons, $29.99). As you idly flip through it, all you see are dense paragraphs on arcana: the role of symmetric algorithms in encryption systems, the relative merits of code signing and access control at the interfaces, and what a one-way hash function does. Whoa! This is way over your head, you think, as you sheepishly put the book down and look for the latest Grisham thriller…
Tell Me No Secrets
Secrets and Lies: Digital Security in a Networked World
By Bruce Schneier
John Wiley & Sons, 2000, $29.99
Bruce Schneier’s latest book on security is a rare achievement, as it takes a highly technical and often deadly dull topic and creates a surprisingly accessible and often fascinating read for even the least techy exec. Secrets and Lies lays out the current landscape of network security—from the challenges presented by hackers and viruses to the often ineffectual state of corporate security systems. Schneier offers enough gritty history, cautionary tales and colorful explanations to keep readers engrossed, whether they’re new to the security field or seasoned professionals. In addition, he has managed to pepper his text (especially the latter sections) with plenty of useful tips and advice that can help companies battle their way through the dangerous and often confusing task of securing their most valued assets. …
The Encryption Algorithm Demolition Derby
Contestant would do it again 'in a second'
Last month we reported the triumph of two Belgian academics in the US encryption standard contest. But how was the contest organised? If you’re not interested, stop reading now.
In the early seventies the US government put out a call for an encryption algorithm. It had no response. A year later in 1973 they tried again and got one response, from IBM. Then followed a bit of politicking, but by 1975 DES was born.
DES was initially a FIPS (Federal Information Procurement Standard), but was quickly adopted around the world as the de facto standard for encryption…
A Security State of Mind
It’s not encryption. It’s not a password. It’s not connecting through a VPN or an anonymizing service. Security means vastly different things to a national government, an e-commerce site, or a home user.
Governments are rightly paranoid about little things like their military preparedness, new weapons systems, communications codes, and sensitive information about other governments. E-commerce sites amass records for millions of consumers; a break-in could net huge numbers of credit cards. Businesses are constantly evolving, and your chief competitor would love to know what you’re up to…
Briefly Noted: Perfection Still Leaks
Bruce Schneier, author of Applied Cryptography, reportedly shelved the unfinished manuscript for his latest book, Secrets and Lies ($29.99, Wiley), because it was too depressing. He let it sit for two years, derailed by the fact that, for all he knew about threats to security in the digital age, he could offer no truly effective solutions. Cryptography, he discovered, was not the answer. As he put it, “Mathematics is perfect; reality is subjective. Mathematics is defined; computers are ornery. Mathematics is logical; people are erratic, capricious, and barely comprehensible.”…
Secrets & Lies: Digital Security in a Networked World (Review)
Book explains risks and strategies for protecting digital information
Rarely does an author start out telling you about the mistakes he made in his previous book. But that’s exactly what Bruce Schneier does in Secrets & Lies: Digital Security In A Networked World.
Schneier is chief technology officer and co-founder of Counterpane Internet Security Inc., San Jose, CA. He also is the author of Applied Cryptography (John Wiley & Sons Inc., 1994), which he says mistakenly stated that cryptography, based on logical mathematics, was the great technological equalizer that could provide individuals and businesses with data security. At the beginning of …
Secrets & Lies: Digital Security In A Networked World
Bruce Schneier, well-known security and encryption expert, and author of Applied Cryptography has recently had his newest book published, entitled Secrets & Lies: Digital Security in a Networked World, which explores the world of security as a system. Read the entire review below.
Secrets & Lies: Digital Security in a Networked World
author: Bruce Schneier
pages: 412
publisher: John Wiley & Sons, 09/2000
rating: 10
reviewer: Jeff “hemos” Bates
ISBN: 0471253111
summary: A well written, well researched exploration of digital security as a system…
Secrets and Lies Book Is Encyclopedic
Do you need to know about security? Of course. But first, you have to accept that it’s impossible to know everything. Then you have to decide how much you need to know.
Understanding the limits of computer and network security and the limits of knowledge about those topics is one of the main purposes of Bruce Schneier’s book “Secrets and Lies: Digital Security in a Networked World,” published by John Wiley & Sons Inc.
Although Schneier’s style is lively and spiced with unusual vocabulary (try looking up “banausic” and “flagitious” in your Funk and Wagnalls), no one is going to pick up this book for the sake of a good read. They want the information contained therein…
The Secrets & Lies of Cyber-Security
In a readable new book, an expert tells managers how to keep the hackers at bay—almost
A computer virus shuts down your corporate e-mail for a day. Hackers deface your Web site with pornography. The need to share data with customers and vendors exposes critical corporate information to online theft. With your business ever more dependent on safe use of the Internet, security savvy has become as important as understanding marketing or finance.
Such savvy, however, has been hard for nontechie executives to acquire. Books and articles on security generally came in two equally useless varieties: incomprehensible or sensationalized. Remember all those books on how the Y2K bug would end civilization as we knew it? Now, Bruce Schneier, a highly respected security expert, has stepped into the breach with …
To Catch a Thief
From a security maven, a new book on how to think like a hacker
In April 1999, Bruce Schneier, mathematician, digital security expert and unlikely hacker-scene hero, had an epiphany. It prodded him to reorganize this company, Counterpane Internet Security, and altered his view of securing computer systems. The fruits of that thinking also make up the bulk of his engaging and exhaustive new book, Secrets and Lies: Digital Security in a Networked World.
Schneier, the creator of two widely used data-scrambling formulas and author of the definitive Applied Cryptography, realized that he and his colleagues were trained to view security as a hopeless prophylactic, a passive approach that relies too heavily on complex technologies to keep hackers and criminals out. “Too many system designers think about security design as a cookbook thing,” writes Schneier. Add a firewall and a pinch of encryption, and eventually you’ll have a secure system…
Put Not Your Trust in Maths
Secrets and Lies: Digital Security in a Networked World.
By Bruce Schneier.
John Wiley & Sons; 432 pages; $29.99 and £19.50
WHEN an acknowledged expert suddenly announces that his previous views are completely wrong, it is time to take notice. That is exactly what Bruce Schneier, an authority on computer security, has just done in “Secrets and Lies”. Like many in his field, he used to be beguiled by the mathematics of cryptography, and believed that, with enough fancy encryption and authentication, it was possible to build a totally secure system—a mathematical utopia he described in a previous book, “Applied Cryptography”, which became a standard work. But Mr Schneier now believes that he was wrong, and “Secrets and Lies” is his bid to correct this mistake…
Security out of Obscurity
Secrets and Lies by Bruce Schneier, John Wiley, £19.50, ISBN 0471253111
An exceptional amount of disinformation plagues the world of information security. For decades spies obstructed the “proliferation” of cryptographic and security know-how. This made their job of snooping far easier.
When in 1993 I tried to organise a research programme in computer security, cryptography and coding theory, a spook in a suit approached the institute involved. He told the director that “There’s nothing interesting happening in cryptography, and Her Majesty’s government would like this state of affairs to continue.” To his great credit, the director spilled the beans; the institute’s reaction guaranteed our funding…
You Believe in Computer Security? Then There’s a Bridge in Brooklyn You Should Buy
You have to respect an author who begins a book by confessing that he wrote it “partly to correct a mistake,” especially when that author is one of the most respected authorities in a highly technical field. That’s exactly how Bruce Schneier begins his new book on computer security, Secrets and Lies: Digital Security in a Networked World (John Wiley & Sons, Inc. New York. 2000). What he is actually confessing is a kind of naiveté shared by altogether too many people regarding computer security: that technology is the answer. That was the implied thesis of his earlier book on applied cryptography, still an excellent guide to the guts of cryptographic systems…
Secrets and Lies: Digital Security in a Networked World
Internationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how to assess business and corporate security needs, and much more…
Ain’t No Network Strong Enough
Master cryptographer Bruce Schneier's Secrets and Lies explains why computer security is an oxymoron.
The cloak-and-dagger capers of computer no-goodniks may seem like prime page-turning material, but most books on the subject have all the sex appeal of a VCR manual. The typical tome on digital security is a dreary assemblage of techno-jargon, geared toward the small clique that gets its hardcore jollies from Perl programming. Most laymen are asleep by Page 10, or at least yearning for their dog-eared copy of “Hannibal.”
Bruce Schneier, master cryptographer and idol of the computer underground, targets those short-attention-spanners in his latest book, …
Software Development Magazine Product Excellence Awards
Bruce Schneier’s book Secrets and Lies won a Productivity Award in the 13th Annual Software Development Magazine Product Excellence Awards.
Sidebar photo of Bruce Schneier by Joe MacInnis.