News: 2005 Archives

The Top 5 Influential IT Security Thinkers

  • SC Magazine
  • December 15, 2005

Excerpt

The seemingly constant industry buzz surrounding Schneier is well-deserved. With a trail of bestselling books in his wake and two encryption algorithms, Blowfish and Twofish, to his credit, Schneier is well-placed to discuss/argue various IT security-related issues in his free monthly newsletter Crypto-Gram. Most recently, he questioned reported comments made by Howard Schmidt that noted Schmidt’s support for holding programmers personally accountable for insecure code. These published accounts, which sometimes seem to allude to personal liability, are inaccurate, Schmidt says. He notes that his comments were made “in the context of how [programmers’] ability to write secure code should be a part of performance reviews.” Schneier says, however, “It is the software manufacturers that should be held liable” for insecure code. Although the additional costs for making products more secure would fall to consumers, he says securer solutions would prove cost-effective in the long run since users already pay more than they bargained for to fix holes of products they have deployed…

Bruce Schneier: Questions & Answers

  • Agatino Grillo
  • Isacaroma Newsletter
  • October 28, 2005

(Italian version)

IsacaRoma: Who are you? Your biography says you are an author, technologist and a “security guru.”  What is your cultural background?  How did you arrive at cryptography and security as a profession?

Bruce Schneier: Security is a mindset, and the best security experts come by the profession naturally.  They constantly go about the world looking at how to get around security: how to vote twice, how to shoplift, how to sneak in and out.  They probably won’t do any of these things, but they’re always thinking about them.

My background is physics and computer science, and I started working in cryptography first for the U.S. government and then as a consultant.  The interesting thing about being a consultant is that you get to work on a wide variety of different problems.  Many of these problems suggested avenues of research, which further broadened my interests…

Does Trusted Computing provide security for users or from them?

  • Scott M. Fulton, III
  • TG Daily
  • October 6, 2005

Mountain View (CA) – Throughout the past two decades, Bruce Schneier has provided one of the most well-reasoned, clear, and unbiased perspectives regarding the broad and complex topic of implementing security and trust in computer systems and networks. Schneier co-developed the widely used Twofish encryption algorithm, authored 1995’s ground-breaking Applied Cryptography – which defined how crypto could be used reliably for authentication and communication – and founded network security provider Counterpane, where he currently serves as CTO. But his life’s mission of late has been to cast a skeptical eye upon any and every measure that purports to solve the overall problem of security, even from a personal vantage point…

On the Record

  • Jim McKay, Justice and Public Safety Editor
  • Government Technology
  • July 27, 2005

You call “identity theft” a misnomer, saying that the fight against fraud might be more effective if we thought of it as impersonation rather than ID theft. Could you elaborate on why?

“Identity theft” doesn’t make sense as a term. Your identity is the only thing about you that cannot be stolen. The real crime is fraud due to impersonation. Even worse, by calling it “identity theft,” we naturally focus on the wrong solution: making personal information harder to steal.

We need to make personal information less valuable, harder to use. By calling the crime what it really is, it’s more obvious where the solutions lie…

Recommended Reading: Getting Smart About Information Security

  • Becky Bright
  • The Wall Street Journal
  • July 18, 2005

p. R2

Bruce Schneier, founder and chief technical officer of Counterpane Internet Security Inc., has spent much of his career educating people about digital security.

His book, “Secrets and Lies: Digital Security in a Networked World,” serves as a non-technical introduction to the full, messy complexity of digital security.

Most recently, Mr. Schneier wrote, “Beyond Fear: Thinking Sensibly About Security in an Uncertain World.” This book about security technology—computer and otherwise, is geared toward the intelligent layman: anyone from a security engineer to a concerned citizen. “Thinking about security means thinking differently,” he says, and he believes people who read the book will never look at security the same way again…

CTO 25 Award

  • InfoWorld
  • April 11, 2005

As CTO and founder of Counterpane Internet Security, Bruce Schneier invented outsourced security-monitoring services. Following methodology similar to that used by the Centers for Disease Control, Counterpane has created a worldwide early-warning system that responds quickly to attacks on corporate infrastructures. But that’s only one of Schneier’s full-time jobs. Inventor of the Blowfish encryption algorithm and author of eight books on cryptography and security, Schneier consults with organizations as diverse as the Department of Homeland Security and the American Civil Liberties Union. His monthly Cryptogram newsletter has become required reading among security pros. “There are great products out there, but no one is using them,” he says. “My new slogan for Counterpane is: We don’t make the technology; we make the technology work.”…

The Cryptography Guru

Founder of Internet Security Firm Inspires Reaction: 'We Trust Bruce'

  • Dan Lee
  • Mercury News
  • March 23, 2005

Bruce Schneier, founder and chief technical officer of Counterpane Internet Security, might be as close as the computer security industry gets to its own celebrity.

Although not as well known as Larry Ellison at Oracle or Bill Gates at Microsoft, Schneier is still the public face of his company, recognized by industry insiders as one of their gurus. Businesses hire Counterpane to guard their networks from hackers and viruses in the same way a nervous homeowner would pay a home-security provider like ADT to watch for fires or burglars.

But unlike most entrepreneurs, Schneier admits that he spends much of his time not focused on his creation…

Audio: Internet Security

  • The New York Times
  • January 12, 2005

John Markoff, a reporter for the New York Times, talks with Bruce Schneier.

Listen to the Audio on NYTimes.com

Books Briefly Noted: Beyond Fear

  • The Journal of Technology Studies
  • Winter/Spring 2005

Searching kids and grandmas actually improves airport security, but arming pilots makes us all less secure; shopping with a credit card is just as secure as using it over the phone or by mail. These, and the dozens of other surprising insights in this book, will help you develop a keen sense of what today’s most talked-about security measures can and cannot do.

Security is not mysterious, Bruce Schneier tells us, and contrary to popular belief, it is not hard. What is hard is separating the hype from what really matters. You already make security choices every day, from what side of the street you walk on to whether you park your car under a streetlight. You do it naturally. This book guides you, step by step, through the process of making all your security choices just as natural…

Book Review: Secrets & Lies: Digital Security in a Networked World

  • John D. Chenoweth
  • Journal of Information Privacy and Security
  • 2005

Secrets & Lies provides interested readers with a guide for understanding the environment in which computer security must reside, the technical tools for implementing security, and a strategic approach for that security. Although the book was published in 2000, most of what Schneier presents is relevant today. The paperback edition includes a preface by the author addressing the time withstanding themes of security in light of the attacks of 9/11. The author breaks the text into three sections: The Landscape, Technologies, and Strategies.

The first section of the book provides the context in which security is discussed. In the introductory chapter, Schneier sets the scene by listing security events, software vulnerabilities, and website defacements that made the news in March 2000. In this chapter, the author argues, “…the reason that it is so hard to secure a complex system like the Internet is, basically, because it’s a complex system.” In the following four chapters, the author describes digital threats, attacks, adversaries, and security needs. Schneier articulates the ways in which digital security is different from other types of security. He then gives attack scenarios ranging from denial of service attacks, to surveillance, to legal attacks. Adversaries are categorized as lone criminals, the press, organized crime, the police, terrorists, national intelligence organizations and info-warriors. Finally, in this section, Schneier describes security needs in terms of privacy, anonymity, authenticity, and integrity…

Sidebar photo of Bruce Schneier by Joe MacInnis.