News: 2003 Archives

How to Avoid Pickpockets, and Other Horror Stories

  • USA Today
  • December 26, 2003

Excerpt

Think sensibly, and act with confidence

Security expert Bruce Schneier takes a much-ado-about-nothing view of terrorist fears. The odds of such an attack are close to zero, so better to worry about things that have at least some likelihood of occurring, he maintains.

“We as a society always fear the rare and spectacular more than the pedestrian,” says the cyber-security whiz and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, $25).

Though not geared specifically to travelers, his new book espouses the notion that security measures involve trade-offs—both monetary and personal. The book maps out a five-step plan to help individuals assess whether those trade-offs are worth it. …

Management Week Security Book Review: Book Lowers Fear of Threats

  • Iain Thomson
  • IT Week
  • December 15, 2003

Bruce Schneier’s latest book on data security offers a logical and realistic approach to creating policies and educating staff.

Security guru Bruce Schneier has written several books but is best known for his first: Applied Cryptography. One problem with this earlier work is that it demands a high level of mathematical understanding.

His latest book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, is designed to help ordinary IT staff, business managers and end-users get to grips with current security issues.

The guide could prove useful for IT managers wanting to convey the importance of information security for the wider business, for example when negotiating budgets or attempting to get projects signed off…

The Visionaries: IT Leaders Make Predictions about the Future

  • InfoWorld
  • December 12, 2003

Excerpt

Q: Will computers be more or less secure in 2028 than they are today?

A: Computers will be just as insecure, but computing will be more secure. Right now our major problem is that computer security is brittle; when it breaks, it breaks completely. As computing becomes embedded and invisible, it will become more resilient. Different systems will work in tandem, providing defense in depth. Cyberspace is no different than the real world: The individual pieces may be insecure, but the collection of pieces we call society hums along just fine…

"Bankernas kunder utan säkerhet"

  • ComputerSweden
  • December 12, 2003

Först skrev han “Applied Cryptography” som snabbt blev standardverket om kryptering. Sedan började han tvivla på att kryptering var nyckeln till datasäkerhet.

Datasäkerhet, säger Bruce Schneier, står och faller med mänskligt omdöme. I stället för att jaga efter nya krypteringsmetoder bör vi komma ihåg gamla sanningar som att ingen kedja är starkare än sin svagaste länk. Här svarar Bruce Schneier på Computer Swedens frågor om IT-säkerhet.

Vad brukar företag och myndigheter bortse från när det gäller IT-säkerhet?

– Människorna. De utgår från att säkerhet är ett tekniskt problem och tar till tekniska lösningar. Säkerhet är i själva verket ett socialt problem och det som behövs är sociala lösningar…

The Best: People

  • Information Security
  • December 2003

Excerpt

Like or loathe him, you’ve got to admit that cryptographer Bruce Schneier knows how to capture media attention. From titillating talks to shamelessly promote his books (including the best-selling Secret & Lies and the recently released Beyond Fear), to outrageous remarks on the speaker circuit, Schneier frequently grabs the spotlight with outspoken opinion and candor.

For example: “Most advisories trade on fear. Most newspaper and magazine articles trade on fear,” Schneier said in a recent Information Security interview. “Too many security companies are crying wolf far too often, and it hurts us all.” Not exactly a measured comment, considering his company, Counterpane Internet Security, is one of those companies vying for attention…

Review: Beyond Fear

  • V. Stagg
  • Computing Reviews
  • December 1, 2003

Having been a long time reader of the Crypto-Gram column, and well aware of Schneier’s knowledge and expertise in the information security field, it was with some eagerness that I received a copy of his latest book, Beyond Fear. Needless to say, I was not let down by this entertaining and insightful tome.

Schneier provides an interesting view of the notion of security, outlining a simple five-step process that can be applied to deliver effective and sensible security decisions. These steps are addressed in detail throughout the book, and applied to various scenarios to show how simple, yet effective they can be…

Improved Security Requires IT Diversity

  • Jaikumar Vijayan
  • Computerworld
  • November 24, 2003

In his recently released book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, 2003), security guru Bruce Schneier argues for a more common-sense and less technology-centric approach to both IT security and physical security. In this interview with Computerworld, Schneier shares his views on IT security.

You recently co-wrote the report “CyberInsecurity: The Cost of Monopoly. How the Dominance of Microsoft’s Products Poses a Risk to Security.” Would you have written it if the world had been standardized around another operating system? …

REVIEW: Practical Cryptography, Bruce Schneier/Niels Ferguson

  • Rob Slade
  • RISKS Digest
  • November 17, 2003

The preface points out that cryptography has done more harm than good in terms of securing information systems, not because cryptography fails in and of itself, but, rather, due to the improper use or implementation of the technology. This book is intended to provide concrete advice to those designing and implementing cryptographic systems. As such, it is not the usual introduction to cryptography, and is aimed at a fairly limited group.

Chapter one asserts that we should be engineering for security, rather than speed or bells and whistles. Security is only as strong as the weakest link, we are told in chapter two, and (following from the idea of defence in depth) we need to have engineering in depth (and probably breadth, as well). The issues are important, but there is some lack of clarity to the organization and flow of the text and arguments: the reader may start to wonder what the essence of the message is. (I see that I should have trademarked “professional paranoia” when I started using it years ago, but it is nice to note that the point is being taken.) Chapter three is a rather unusual “Introduction to Cryptography” (and the mathematical format of the text doesn’t make it easier for the math-phobic to concentrate on the meaning), but focussing on the applications and problems, the cryptanalytic attacks, and repeating the injunctions against complexity and the sacrifice of security for performance is a reasonable position…

Booksellers’ Choice: Minding Your Business

Four specialist booksellers choose the best of the forthcoming or recently published business and computer titles

  • James Lake, Sean Pratley, Martin Cox, and Andrew Duffield
  • Bookseller
  • October 24, 2003

Excerpt

Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Bruce Schneier

One of the world’s foremost security experts and author of Applied Cryptography an d Secrets and Lies confronts (in terms that the general reader can easily digest) a series of current computer security topics including why national ID cards are a technically unsound, even dangerous idea; why buying online is actually safe; and why we should not invest in biometrics-based scanners for airports.

A Tax on the Honest

  • The Economist
  • October 16, 2003

HOW useful are ID checks in large office buildings? Is it safe to use a credit card online? Can face-scanning systems make airports safer? Not very, yes, and no, says Bruce Schneier in “Beyond Fear”, the latest of several books on security to have appeared since September 11th 2001.

Mr. Schneier, however, comes at these questions from an unusual and informative perspective. He is one of the world’s leading experts on computer security, and arguably the most articulate. For years, he has explained the ins and outs of his field by drawing analogies with real-world security. In his new book, he turns this approach on its head, using his analytical skills, honed in the field of computer security, to evaluate the other security measures that are now so common…

Risky Business?—Examining the Difference Between Safety and Security

  • Bruce Ramsey
  • The Seattle Times
  • October 12, 2003

In Beyond Fear, security consultant Bruce Schneier undertakes to teach the reader “to think about security.” That focus is the book’s strength and its limitation.

First, the limitation. The book refers to crimes, accidents and attacks, many of which would be fascinating to know about. But this book is not about any of those prospective events. It has a more practical purpose.

Thinking about security will be particularly valuable for anyone who has to make a decision about that—a business owner, perhaps, or a policymaker. Schneier lays out a set of questions to ask about any system: What is it trying to protect? From what? What good will it do? What problems will it create?…

Beyond Fear: Thinking Sensibly About Security in an Uncertain World

  • Future Survey
  • October 2003

A “professional thinker about security” and author of Applied Cryptography (1994), said to have sold >200,000 copies, applies the methods developed for computer security to broader security issues, especially security against terrorism. “Security issues affect us more and more in our daily lives, and we should all make an effort to understand them better. We need to stop accepting uncritically what politicians and pundits are telling us. We need to move beyond fear and start making sensible security trade-offs.” Everyone makes security trade-offs, every day. We live our lives making judgments, assessments, assumptions, and choices about security (e.g., when we lock the door to our home, we make a security trade-off: the inconvenience of using a key in exchange for some security against burglary). Making security trade-offs isn’t some mystical art: “the goal of this book is to demystify security, to help you move beyond fear.” To get beyond fear, you have to start thinking intelligently about trade-offs, the risks you face, and the options for dealing with those risks. A lot of lousy security is available for purchase, and a lot of lousy security is imposed on us by government. Once we move beyond fear, we can recognize bad or overpriced security…

Security Bookshelf

  • Vince Tuesday
  • Computerworld
  • September 29, 2003

Beyond Fear, by Bruce Schneier, Copernicus Books, 2003.

Schneier is a world-renowned cryptography expert who literally wrote the book on the subject when he penned Applied Cryptography. In these pages, he tackles broader security issues in the wake of the 9/11 attacks.

Beyond Fear is intriguing and thought-provoking. Taking examples from the headlines and from his experiences studying homeland security issues, Schneier teaches us to avoid fear and use good sense when making security choices. He cites interesting facts to help readers keep things in perspective. For example, he reports that while many people may worry about shark attacks, more people die each year in pig attacks than shark attacks…

Security through Simplicity

  • The Sydney Morning Herald
  • September 13, 2003

Bruce Schneier is one of the world’s best known and most pragmatic security experts. He is also a man of considerable breadth of knowledge, if one were to judge from his latest book, Beyond Fear.

What Schneier could have chosen to do in this book—or for that matter any book he writes—was to create a treatise for experts. He has the expertise to do it, is eminently qualified to do so and would be taken seriously if he did. Instead, he has chosen to cater to the masses and written what is, in my opinion, the best primer on security, one that can be understood by the man in the street…

Audio: Beyond Fear

  • The Kojo Nnamdi Show
  • September 11, 2003

Two years after 9/11, are we safer? Security expert Bruce Schneier brings his common sense approach to the idea of national security and explains why arming pilots and issuing national I.D.s only makes us less secure.

Listen to the Audio on TheKojoNnamdiShow.org

Security Executive Stresses Trade-Offs

  • Michael Krey
  • Investor's Business Daily
  • September 10, 2003

It’s a gutsy way to start a book on security. In “Beyond Fear,” published this month by Copernicus Books, Bruce Schneier asks us to set aside our revulsion and horror to grasp what the 9-11 terrorists accomplished. What they did, he says, was efficient, audacious, well-planned, simple and, from their view, successful. This understanding is key to moving beyond fear and improving security, says Schneier, who created some well-known encryption algorithms—formulas used to scramble and unscramble computer data. He’s also founder and chief technology officer of Cupertino, Calif.-based computer security monitoring company Counterpane Internet Security Inc. The privately held company has attracted more than $50 million from some big-name venture funds. To improve security, we must demystify it and consider the trade-offs, he says. He hates the idea of national ID cards, opposes use of computerized voting machines and abhors the notion of arming commercial airline pilots. He recently spoke with IBD about security…

Bruce Schneier: The Evolution of a Cryptographer

  • Scott Berinato
  • CSO Magazine
  • September 1, 2003

For a while, it seemed as if Bruce Schneier himself was encrypted. No one could decipher his whereabouts for an interview with CSO. This was unusual because Schneier, founder and CTO of Counterpane Internet Security, is usually aggressively available to the press. Plus, he has a new book to promote—Beyond Fear: Thinking Sensibly About Security in an Uncertain World—a decidedly iconoclastic and non-IT view of security. But the book also challenges physical security practitioners to learn a thing or two from the infosecurity ranks: to think in terms of systems…

"We've Made Bad Security Tradeoffs"

  • Alex Salkever
  • Businessweek
  • September 1, 2003

Bruce Schneier is a rare creature in the computer-security world. Although he made his name as an alpha geek in cryptography and later, as chief technology officer of Net-security outfit Counterpane, Schneier can also speak to laypeople about the general security matters that increasingly touch all of our lives.

In the post September 11 era, he has emerged as one of the more cogent and quotable thinkers on the topic. In particular, he has asked hard questions about the effectiveness of some of the security measures passed after the terrorists’ massacre. Schneier’s latest book, Beyond Fear (Copernicus Books, 2003), is a highly readable compendium of his thoughts on the various aspects of real-world security. Designed for a general audience, it’s a great introduction to a complicated and confusing topic. I interviewed Schneier via e-mail over the week of Aug. 25. Here are edited excerpts of our exchange:…

Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Review)

  • Paul Boutin
  • Wired
  • September 2003

Does arming pilots make flying safer? Computer security guru Schneier applies his analytical skills to real-world threats like terrorists, hijackers, and counterfeiters. Beyond Fear may come across as the dry, meticulous prose of a scientist, but that’s actually Schneier’s strength. Are you at risk or just afraid? Only by cutting away emotional issues to examine the facts, he says, will we reduce our risks enough to stop being scared.

Practical Cryptography (Review)

  • Ben Rothke
  • Security Management
  • September 2003

Practical Cryptography. By Niels Ferguson and Bruce Schneier; published by John Wiley and Sons, 877/762-2974 (phone), 800/597-3299 (fax), www.wiley.com (Web); 432 pages; 150.

As Mark Twain acidulously remarked, “A classic is something that everybody wants to have read and nobody wants to read.” Bruce Schneier’s Applied Cryptography, published in 1996, is a classic in the canon of computer security works; it’s a seminal, important book for the experts in the field or for those with the technical background, but it is far too complex and mathematical for most readers…

Book Review: Beyond Fear

  • Paul B. Brown
  • CIO Insight
  • September 1, 2003

The most appealing part of Bruce Schneier’s thorough, well-reasoned approach to security strategies—personal, corporate and computer—is what he does not do. He does not propose concrete solutions (“We need more police. We need national ID cards. You need to build better firewalls.”) Instead, he lays out the issues, debates the pros and cons, and leaves it to the reader to pick a solution.

What makes the discussion worthwhile is that Schneier, founder of consulting firm Counterpane Internet Security Inc. and publisher of the security newsletter Crypto-Gram, takes great pains to identify the key issues and examine some proposed solutions, pointing out the costs involved and the likelihood of success. For example, he believes that the idea of using biometric scanners—programmed to search out known criminals and terrorists based on their physical characteristics—probably won’t work because false positives will overwhelm the system…

Perspectives from the Field: Bruce Schneier, Encryption Expert

  • Joab Jackson
  • Washington Technology
  • March 24, 2003

Bruce Schneier contends that the strongest security systems benefit from redundancy and variety. And as the Homeland Security Department consolidates a number of different agencies, Schneier warns that entrusting a centralized authority with securing the nation may make the country less, rather than more, secure.

Few in the field of information technology security have more expertise and industry respect than Schneier. Not only is he the author of “Applied Cryptography,” one of the seminal textbooks on encryption, but his Two fish encryption algorithm was a finalist far the National Institute of Standards and Technology’s new Federal Advanced Encryption Standard. He is also founder and chief technical officer of managed security service provider Counterpane Internet Security Inc., Cupertino, Calif., and publishes his own Crypto-Gram newsletter (http://www.counterpane .com/crypto-gram.html). Schneier Spoke with Staff Writer Joab Jackson to discuss how best to secure the nation’s IT and physical infrastructures…

Book Review: Beyond Fear

  • Tony Bradley
  • About.com
  • 2003

The Bottom Line

This is an excellent addition to what seems to be an emerging genre of books—those about national security or the lack thereof. Bruce Schneier gives a plain-English and well thought out overview of the security measures that have been implemented since the 9/11 terrorist attacks. He points out that security and liberty are not mutually exclusive. I recommend this book for anyone. It is important that we, as citizens, understand these issues so we can make informed decisions.

Pros

  • Excellent and timely information
  • Non-techies and techies alike can understand this book…

Review of Beyond Fear

  • Curtis D. Frye
  • Technology & Society
  • 2003

Security is a complex business. If you’re looking at the security of a computer network, for example, you can’t just look at the physical characteristics of the system. Humans help protect the system, and humans attack it. Yes, most humans aren’t clever enough to create their own attacks, but they can master the rudimentary skills required to go after the system using automated tools the innovators create.

But how do you evaluate a security system, whether it’s meant to protect a computer, an airport, or an individual? In Beyond Fear, security expert and founder of Counterpane Internet Security, Bruce Schneier advocates a five-part analytical framework:…

ITsec PEP Review of: Beyond Fear: Thinking Sensibly About Security in an Uncertain World

  • Edgar Danielyan
  • ITsecurity.com
  • 2003

I am going to keep this review short. Schneier’s first book I read, Applied Cryptography (2nd edition), left me fascinated by the art and science of cryptography. Another Schneier book, Secrets & Lies, told things many were not inclined to share. Practical Cryptography (co-authored with Niels Ferguson) presented such a clear, practical, and down-to-earth view of cryptography that I thought anyone who is lucky enough to read the book and follow the advice is going to really understand cryptography in context. Now, Beyond Fear. If it can be said that Practical Cryptography followed Applied Cryptography, then Beyond Fear follows Secrets & Lies. Once again, Schneier manages to describe complex security concepts and interdependencies without a word of technical jargon, so loved by many pseudo-experts trying to disguise their lack of clear understanding. Once again Schneier advocates “understand before you act”, which seems not to match some governments’ approach to security – security in a wider sense. Once again Schneier proves he is the one of few people who indeed understand security, and what is more important and more difficult, that he can explain complex security concepts to people not specializing in security. Whatever your trade and whatever your background, go ahead and read it because security affects your life…

Sidebar photo of Bruce Schneier by Joe MacInnis.