News: 2004 Archives
BRUCE SCHNEIER is an internationally renowned security technologist and author. Described by The Economist as a "security guru," Schneier is best known as a candid and lucid security critic and commentator. He has written articles for, among other publications, Boston Globe, San Francisco Chronicle, Sydney Morning Herald, International Herald Tribune, The Baltimore Sun, Newsday, Salon.com, Wired Magazine, and San Jose Mercury News. He is also the founder and CTO of Counterpane Internet Security, Inc., the world's leading protector of networked information—the inventor of outsourced security monitoring and the foremost authority on effective mitigation of emerging IT threats.
Schneier's book publications include Beyond Fear: Thinking Sensibly About Security in an Uncertain World; Secrets & Lies: Digital Security in a Networked World; Applied Cryptography; Protect Your Macintosh; E-Mail Security; Practical Cryptography (with co-author Niels Ferguson); and The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age or Surveillance (with co-author David Banisar).
Schneier also publishes a free monthly newsletter, Crypto-Gram (http:// www.schneier.com/crypto-gram.html), which counts over 100,000 readers. Additionally, Schneier maintains a weblog, covering security and security technology issues.
Bruce Schneier is founder and chief technology officer of Mountain View, Calif.-based MSSP Counterpane Internet Security Inc. and author of Applied Cryptography, Secrets and Lies and Beyond Fear. He also publishes Crypto-Gram, a free monthly newsletter, and writes op-ed pieces for various publications. Schneier spoke to SearchSecurity.com about the latest threats, Microsoft's ongoing security struggles and other topics in a two-part interview that took place by e-mail and phone last month. In this installment, he talks about the "hype" of SP2 and explains why it's "foolish" to use Internet Explorer.
What's the biggest threat to information security at the moment?
Security expert Bruce Schneier talks with CIO Update about how CIOs can best meet the security challenge.
Bruce Schneier, one of the country's leading computer-security experts, is the author of the highly acclaimed Beyond Fear. This no-nonsense look at security -- both in the real-world and on corporate networks -- dissects security in such a way as to help readers become better consumers of it.
Schneier certainly knows his way around such questions. He is the founder of Counterpane Internet Security, a global provider of outsourced security monitoring services. With a suite of services -- including firewall and IDS device management, vulnerability scanning and consulting -- Counterpane monitors security on more than 400 networks in 32 countries.
Described by The Economist as a "security guru", Bruce Schneier is a well known security analyst who has gained notoriety from his popular security mailing list, Cryptogram, and his 3 books on various security subjects. Bruce was kind enough to take the time to have a chat with Neowin, and talk about himself, security, Microsoft, and much more.
Bruce, thanks for taking the time to talk to Neowin; could you start by giving us a brief history of yourself, what you've done, and what you're doing at the moment?
My security career seems to have been a continuing process of becoming more generalized. First cryptography, then computer security, and now general security.
Bruce Schneier, an international security expert and author
The Sept. 11 Commission's recommendation that Congress create a national intelligence director to oversee the country's 15 information-gathering agencies has been gaining support in recent weeks. But Bruce Schneier, an international security expert and author of numerous books on security technology, said the government should focus more on changing the culture of U.S. intelligence agencies.
The cofounder and chief technical officer of Counterpane Internet Security Inc., a Mountain View, Calif., provider of managed security-monitoring services, Schneier takes a skeptical view of centralized security efforts such as the Homeland Security Department and its U.S.
Here are some recently released top-quality books:
Beyond Fear: Thinking Sensibly About Security In An Uncertain World, by Bruce Schneier. Schneier continues proving himself a leading thinker on security issues, in part because he continues to evolve from an expert who first approached security as a techno-centrist to one who now sees security as a process involving a broader set of factors, including power, agenda, bureaucracy and people. A goal of the latest book is to take the lessons that Schneier has learned in his computer security work and apply them to other security concerns, like protecting the nation from terrorist attacks, or protecting homes from burglars.
A theme of this latest book, Schneier's third in a series, is that "security" always involves "trade-offs." He outlines five steps for evaluating a security program's worth: (1) What assets are you trying to protect?
Host Doug Kaye says, "This is the one interview I hope everyone will hear."
In his latest book, Beyond Fear, security guru Bruce Schneier goes beyond cryptography and network security to challenge our post-9/11 national security practices. Here are some teasers:
- "We're seeing so much nonsense after 9/11, and so many people are saying things about security, about terrorism that just makes no sense."
- "Homeland security measures are an enormous waste of money."
- "If the goal of security is to protect against yesterday's attacks, we're really good at it."
- "The system didn't fail in the way the designers expected."
- "Attackers exploit the rarity of failures."
- "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."
- "Did you ever wonder why tweezers were confiscated at security checkpoints, but matches and cigarette lighters--actual combustible materials--were not?...If the tweezers lobby had more power, I'm sure they would have been allowed on board as well."
- "When the U.S. Government says that security against terrorism is worth curtailing individual civil liberties, it's because the cost of that decision is not borne by those making it."
- "...people make bad security trade-offs when they're scared."
Read or listen to this terrific interview in which Bruce also says what he thinks of the 9/11 hearings and answers questions from listeners regarding spam and biometrics. This is one of our best.
Bruce Schneier is perhaps the best example of why IT security professionals are "eating the lunch" of physical security managers in some corporations. He thinks creatively, he expresses himself logically, and he has cultivated the ear of people high on the corporate food chain. His latest book will be food for thought for security professionals.
Beyond Fear is organized into three sections: "Sensible Security," "How Security Works," and "The Game of Security." The first section introduces three of Schneier's core concepts: that all security involves trade-offs, that trade-offs are subjective, and that they depend on power and agenda.
The following is a conversation between Bruce Schneier -- a renowned security expert and founder and CTO of Counterpane Internet Security, Inc. whose newest book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, explains how security really works -- and Bruce Sterling, whose new techno-thriller, The Zenith Angle, is about computer security and Washington politics. Sterling also wrote The Hacker Crackdown: Law and Disorder on the Electronic Frontier, a nonfiction book about computer hackers and cyber-police. The two Bruces, long-time admirers of each other’s work, got together to discuss the nexus of security, technology, and the real world.
Schneier: We both write about security and technology. I see technology continually changing the balance between attacker and defender.
March 17 - The coordinated train bombings last Thursday in Spain marked the country's deadliest terror attack ever, killing at least 200 and injuring at least 1,500. Indications -- still unconfirmed -- that Islamic fundamentalists with ties to Al Qaeda may have been behind the blasts have prompted emergency meetings among European leaders and raised fears of another attack on the United States. But are Washington's precautions enough? And has its allocation of resources focused too much on air safety and not enough on other forms of public transportation?
It's a rare security book that can raise awareness without resorting to sensationalism, but Bruce Schneier's recent title Beyond Fear is one of them. It covers the theory behind both good and bad security practices, though it's not a manual. It does not explain how to make whatever you wish to defend more secure, but it will help you to think clearly about how to do that.
The book clearly defines the essential concepts and basic practices behind security in all areas of life.
Bruce Schneier has been one of my heroes for many years, not least because of the clarity of his thought and the crispness of his writing. Readers of this column have seen references in the past to his free monthly Crypto-Gram newsletter, and I hope you have subscribed to that always-worthwhile publication.
In 2000, Schneier published a groundbreaking primer for non-nerds called Secrets & Lies in which he confronted many misunderstandings and outright myths about security in the digital realm. In 2003, he continued his educational efforts with Beyond Fear, a superb analysis of the basis of rational thought about security in the wider world—not just computers and networks.
In 1996, a man named Willis Robinson reprogrammed a computerized cash register at a Taco Bell in Maryland. The compromised machine would ring a $2.99 item internally as a one-cent sale, even as it showed the proper amount on its screen. Robinson skimmed $3,600 from his employer. He was caught only because he bragged about his exploits.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.