News: 2004 Archives
Book Notes: Beyond Fear: Thinking Sensibly About Security in an Uncertain World
It seems like a good deal: the sign says that if the cashier fails to give a receipt you get your purchase free. Who knows? Maybe you track your expenses or you need the receipt for a reimbursement. Plus, it never hurts to have a shot at something free.
Actually, Bruce Schneier writes, the offer is a clever security maneuver. The store’s owner wants to make sure the cashier rings up sales, and generating a receipt for the customer also creates an internal register receipt. The offer enlists the customer as a security agent—not receiving a receipt means the customer will ask for reimbursement and the manager or owner will be notified that the cashier did not ring up the sale…
An Interview with Bruce Schneier
BRUCE SCHNEIER is an internationally renowned security technologist and author. Described by The Economist as a “security guru,” Schneier is best known as a candid and lucid security critic and commentator. He has written articles for, among other publications, Boston Globe, San Francisco Chronicle, Sydney Morning Herald, International Herald Tribune, The Baltimore Sun, Newsday, Salon.com, Wired Magazine, and San Jose Mercury News. He is also the founder and CTO of Counterpane Internet Security, Inc., the world’s leading protector of networked information—the inventor of outsourced security monitoring and the foremost authority on effective mitigation of emerging IT threats…
Schneier: Microsoft still has work to do
Part 1
Bruce Schneier is founder and chief technology officer of Mountain View, Calif.-based MSSP Counterpane Internet Security Inc. and author of Applied Cryptography, Secrets and Lies and Beyond Fear. He also publishes Crypto-Gram, a free monthly newsletter, and writes op-ed pieces for various publications. Schneier spoke to SearchSecurity.com about the latest threats, Microsoft’s ongoing security struggles and other topics in a two-part interview that took place by e-mail and phone last month. In this installment, he talks about the “hype” of SP2 and explains why it’s “foolish” to use Internet Explorer…
Beyond Fear
Security expert Bruce Schneier talks with CIO Update about how CIOs can best meet the security challenge.
Bruce Schneier, one of the country’s leading computer-security experts, is the author of the highly acclaimed Beyond Fear. This no-nonsense look at security—both in the real-world and on corporate networks—dissects security in such a way as to help readers become better consumers of it.
Schneier certainly knows his way around such questions. He is the founder of Counterpane Internet Security, a global provider of outsourced security monitoring services. With a suite of services—including firewall and IDS device management, vulnerability scanning and consulting—Counterpane monitors security on more than 400 networks in 32 countries…
Survival Guide: Bruce Schneier, cofounder of Counterpane Internet Security Inc
f
Bruce Schneier, an international security expert and author
The Sept. 11 Commission’s recommendation that Congress create a national intelligence director to oversee the country’s 15 information-gathering agencies has been gaining support in recent weeks. But Bruce Schneier, an international security expert and author of numerous books on security technology, said the government should focus more on changing the culture of U.S. intelligence agencies.
The cofounder and chief technical officer of Counterpane Internet Security Inc., a Mountain View, Calif., provider of managed security-monitoring services, Schneier takes a skeptical view of centralized security efforts such as the Homeland Security Department and its U.S. Visit program to track foreign visitors…
Neowin Interview : Bruce Schneier
Described by The Economist as a “security guru”, Bruce Schneier is a well known security analyst who has gained notoriety from his popular security mailing list, Cryptogram, and his 3 books on various security subjects. Bruce was kind enough to take the time to have a chat with Neowin, and talk about himself, security, Microsoft, and much more.
Bruce, thanks for taking the time to talk to Neowin; could you start by giving us a brief history of yourself, what you’ve done, and what you’re doing at the moment?
My security career seems to have been a continuing process of becoming more generalized. First cryptography, then computer security, and now general security. You can see the progression in my books. Applied Cryptography was my attempt to explain cryptography to programmers. Secrets and Lies was my attempt to explain computer security to IT people. And my latest book, Beyond Fear, explains security and security technology to anyone interested; in today’s world, that should be everyone…
Books: Schneier's Beyond Fear; O'Reilly's Network Security; Global Whistleblowing
Excerpt
Here are some recently released top-quality books:
Beyond Fear: Thinking Sensibly About Security In An Uncertain World, by Bruce Schneier. Schneier continues proving himself a leading thinker on security issues, in part because he continues to evolve from an expert who first approached security as a techno-centrist to one who now sees security as a process involving a broader set of factors, including power, agenda, bureaucracy and people. A goal of the latest book is to take the lessons that Schneier has learned in his computer security work and apply them to other security concerns, like protecting the nation from terrorist attacks, or protecting homes from burglars…
Review: Beyond Fear
The subtitle, “Thinking about security in an uncertain world”, describes this book accurately. Schneier is a security consultant, offering a five-step approach to assess the merits of measures proposed to meet a perceived threat.
- What assets are you trying to protect?
- What are the threats to those assets?
- How well do the measures mitigate these risks?
- What other risks do these measures cause?
- What costs and trade-offs are involved?
His main theme is the threat from terrorism, exemplified by the attacks in the USA on September 11th, 2001, but he also discusses (for example) how householders can protect against intruders, travelers can best guard their possessions or users defend against credit card fraud…
REVIEW: Beyond Fear, Bruce Schneier
It is instructive to view this book in light of another recent publication. Marcus Ranum, in “The Myth of Homeland Security” (cf. BKMYHLSC.RVW) [See Rob’s review in RISKS-23.02 and Marcus’s response in RISKS-23.14. PGN] complains that the DHS (Department of Homeland Security) is making mistakes, but provides only tentative and unlikely solutions. Schneier shows how security should work, and does work, presenting basic concepts in lay terms with crystal clarity. Schneier does not tell you how to prepare a security system as such, but does illustrate what goes on in the decision-making process…
Book Reviews: Bruce Schneier, Beyond Fear
When one becomes more than an expert in an area, he or she generally begins to take a philosophical and abstract view of the subject and gains an ability to explain the essence of the subject in simplistic layman terms. That, in short, would describe Bruce Schneier’s book Beyond Fear.
It’s a question many of us need to ask ourselves. Are we really at risk? Or are we just afraid? Schneier provides us with hundreds of small examples repeatedly emphasizing the need to take another look at our reactions to the recent global security threats. Coming from an expert in security, and cryptologist, the book attempts to wash away the possibility of taking a standard approach to managing security. He dispels the notion that security is only for experts and convincingly proves that anyone can understand security…
Book Review: Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Security is a tax on the honest. Schneier, in his book’s last chapter, fittingly titled Security Demystified, explains that in a world of honorable and law abiding citizens our lives would be a lot simpler. Unfortunately, this is not the case: during our life we are constantly facing dangers and risks and often have to evaluate complex tradeoffs that involve the safety of ourselves and the people we love.
For thousands of years the planning of security was conducted by specialists working on isolated domains like defense, banking, or civil aviation. Security decisions, good or (often) bad, were not publicized and the general public was kept in the dark regarding important security tradeoffs and weaknesses. Advances in information and networking technology have resulted in immensely increased requirements for secure applications and associated algorithms and protocols to conduct e-commerce, store private data, and communicate on the open internet. As a result, a new generation of security researchers started working in an open environment of scientific discourse and exchange, publishing their results in the open literature and communicating across previously isolated domain boundaries. These efforts have made information security an important element of computer science with a systematized body of knowledge and accepted practices. Bruce Schneier, a respected member of the information security community, in his book …
Audio: Beyond Fear: Behind the Mic
Host Doug Kaye says, “This is the one interview I hope everyone will hear.”
In his latest book, Beyond Fear, security guru Bruce Schneier goes beyond cryptography and network security to challenge our post-9/11 national security practices. Here are some teasers:
- “We’re seeing so much nonsense after 9/11, and so many people are saying things about security, about terrorism that just makes no sense.”
- “Homeland security measures are an enormous waste of money.”
- “If the goal of security is to protect against yesterday’s attacks, we’re really good at it.”…
Review of Beyond Fear
Bruce Schneier is perhaps the best example of why IT security professionals are “eating the lunch” of physical security managers in some corporations. He thinks creatively, he expresses himself logically, and he has cultivated the ear of people high on the corporate food chain. His latest book will be food for thought for security professionals.
Beyond Fear is organized into three sections: “Sensible Security,” “How Security Works,” and “The Game of Security.” The first section introduces three of Schneier’s core concepts: that all security involves trade-offs, that trade-offs are subjective, and that they depend on power and agenda…
Author Q & A: Bruce vs. Bruce
The following is a conversation between Bruce Schneier—a renowned security expert and founder and CTO of Counterpane Internet Security, Inc. whose newest book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, explains how security really works—and Bruce Sterling, whose new techno-thriller, The Zenith Angle, is about computer security and Washington politics. Sterling also wrote The Hacker Crackdown: Law and Disorder on the Electronic Frontier, a nonfiction book about computer hackers and cyber-police. The two Bruces, long-time admirers of each other’s work, got together to discuss the nexus of security, technology, and the real world…
'An Enormous Waste of Money'
A security expert argues that America is spending its money ineffectively in the fight against terrorism
March 17 – The coordinated train bombings last Thursday in Spain marked the country’s deadliest terror attack ever, killing at least 200 and injuring at least 1,500. Indications—still unconfirmed—that Islamic fundamentalists with ties to Al Qaeda may have been behind the blasts have prompted emergency meetings among European leaders and raised fears of another attack on the United States. But are Washington’s precautions enough? And has its allocation of resources focused too much on air safety and not enough on other forms of public transportation?…
Beyond Fear a Security Primer for Troubled Minds
It’s a rare security book that can raise awareness without resorting to sensationalism, but Bruce Schneier’s recent title Beyond Fear is one of them. It covers the theory behind both good and bad security practices, though it’s not a manual. It does not explain how to make whatever you wish to defend more secure, but it will help you to think clearly about how to do that.
The book clearly defines the essential concepts and basic practices behind security in all areas of life. Indeed, computers and networks hardly come up. It’s the universal principles that Schneier is concerned with here, and he illustrates them with numerous everyday examples from the airport to the ATM to the local supermarket…
Beyond Fear into Reason
Bruce Schneier has been one of my heroes for many years, not least because of the clarity of his thought and the crispness of his writing. Readers of this column have seen references in the past to his free monthly Crypto-Gram newsletter, and I hope you have subscribed to that always-worthwhile publication.
In 2000, Schneier published a groundbreaking primer for non-nerds called Secrets & Lies in which he confronted many misunderstandings and outright myths about security in the digital realm. In 2003, he continued his educational efforts with …
Fears—Real and Illusory
In 1996, a man named Willis Robinson reprogrammed a computerized cash register at a Taco Bell in Maryland. The compromised machine would ring a $2.99 item internally as a one-cent sale, even as it showed the proper amount on its screen. Robinson skimmed $3,600 from his employer. He was caught only because he bragged about his exploits.
Bruce Schneier has much to say about technology in his new book Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, $25). The book uses anecdotes and examples to show how security changes. In the Robinson case, technology created a new kind of threat, and that is what technology tends to do. Sure, you could play fast and loose with a store’s account from a manual or electric cash register, but you would have to do it repeatedly, and the theft would be visible. Robinson’s hack allowed him to pocket all the money that any cashier unwittingly rang up day or night…
Review of Beyond Fear
“That’s just it, Peter. We have to appear to know what’s happening, and what it means. Even if we don’t really know very much about either.”
Unnamed police informant to the reviewer. Source report graded B 2 (NATO system).
Bruce Schneier’s eminently well-informed and sensible text should be essential reading for any police official charged with making a “risk assessment,” or in any other way taking part in the risk management industry which as a result of 9/11 is likely to engulf—if you will forgive the pun—us all.
Mr Schneier is a real expert on security systems and their consequences, and therefore does not pretend to know everything. Nor is he prepared to accept responsibility for decisions that others need to make, on the basis of that combination of necessarily incomplete knowledge and arguable value-judgement that any real security decision involves. His book is the best kind of knowledge, for it enables us to decide things for ourselves, more effectively than if we had not read it beforehand. It contains what in one sense we knew, but did not dare say: and there is a wealth of detail to back it up…
Sidebar photo of Bruce Schneier by Joe MacInnis.