News: 2008 Archives

Video: Screening the TSA

  • 60 Minutes
  • December 18, 2008

Excerpt

But the question is: is everything we go through at checkpoints actually making us safer? Security expert Bruce Schneier says no. He says much of it is just "security theater."

"It's a phrase I coined for security measures that look good, but don't actually do anything," he explained.

Schneier, who has been an adviser to TSA but also its most persistent thorn-in-the-side, says there are too many silly rules.

Read More →

Bruce Schneier on IT Insecurity

There are no easy solutions to today's security challenges, and companies often approach them in the wrong way, says Bruce Schneier.

  • Edward Cone
  • CIO Insight
  • December 16, 2008

Talking with security expert Bruce Schneier does not always leave a person feeling more secure. That's because Schneier doesn't sell easy solutions. Instead, he challenges businesses, governments and individuals to examine their assumptions about risk, to eschew simplistic answers and to accept the fact that no system is—or can be—perfectly secure.

Now the chief security technology officer of BT, Schneier worked at the Department of Defense and Bell Labs before founding Counterpane Internet Security, which was acquired by BT.

Read More →

Top 25 Most Influential People in the Security Industry

  • Erin J. Wolford
  • Security Magazine
  • December 1, 2008

Excerpt

#19: Bruce Schneier, Influential Security Technologist

Bruce Schneier is an internationally renowned security technologist, referred to by The Economist as a "security guru." He is the author of eight books – including the best sellers Beyond Fear: Thinking Sensibly about Security in an Uncertain World; Secrets and Lies; and Applied Cryptography – as well as hundreds of articles and essays in national and international publications, and many more academic papers. His influential newsletter Crypto-Gram, and his blog Schneier on Security, are read by over 250,000 people. "I consider myself a synthesist and a communicator. My biggest accomplishments involve understanding complex ideas and explaining them simply, as well as finding connections and patterns and commonalities among diverse ideas.

Read More →

Bruce Schneier: Securing Your PC and Your Privacy

  • James Maguire
  • Datamation
  • November 12, 2008

He might be called the international rock star of computer security. Having testified before Congress and given well-regarded speeches the world over, when Bruce Schneier talks about security, experts listen. A prolific author, he has penned articles for publications ranging from Wired to The Guardian to the Sydney Morning Herald. His books include Applied Cryptography, which delves into the science of secret codes, and Beyond Fear, which details how to protect security on the personal and national level.

Read More →

Interview with Bruce Schneier

  • Ed Cone
  • Know It All
  • November 6, 2008

An edited version of this interview will appear in CIO Insight.

I asked security guru Bruce Schneier about those troublesome voting machines and the mindset that foists them upon us.

Schneier: The security of voting machines points to two big issues. The first one is that security is actually very hard. People think technology magically makes security worries a thing of the past, but it's just not true.

Read More →

Video: 3 Qüestions: Bruce Schneier

  • Universitat Autònoma de Barcelona
  • November 3, 2008

Bruce Schneier és considerat internacionalment com un gurú de la seguretat informàtica. Va fundar, i actualment dirigeix, la divisió tecnològica de la companyia BT Counterpane, especialitzada en serveis de seguretat informàtica. Citat habitualment als mitjans de comunicació, Schneier ha escrit nombrosos articles a la premsa i ha testificat diverses vegades sobre seguretat al Congrés dels Estats Units.

Note: in this video, the questions are in Spanish but Bruce Schneier's responses are in English.

Watch the Video on YouTube

Read More →

The Things He Carried

  • Jeffrey Goldberg
  • The Atlantic
  • November 2008

Excerpt

This day, however, would feature a different sort of experiment, designed to prove not only that the TSA often cannot find anything on you or in your carry-on, but that it has no actual idea who you are, despite the government's effort to build a comprehensive "no-fly" list. A no-fly list would be a good idea if it worked; Bruce Schneier's homemade boarding passes were about to prove that it doesn't. Schneier is the TSA's most relentless, and effective, critic; the TSA director, Kip Hawley, told me he respects Schneier's opinions, though Schneier quite clearly makes his life miserable.

"The whole system is designed to catch stupid terrorists," Schneier told me.

Read More →

Schneier on Security (Book Review)

  • Ben Rothke
  • Slashdot
  • October 20, 2008

"There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply buy products and magically get instant security by flipping on the switch. The reality is that security is not something you can buy; it is something you must get."

Perhaps no one in the world gets security like author Bruce Schneier does.

Read More →

Data Guru Says Secret to Security Is to Focus on People

  • Karlin Lillington
  • The Irish Times
  • October 3, 2008

WHEN IT comes to security, Bruce Schneier would like people to stop worrying about what he calls "movie plot" scenarios. Exploding aircraft, attacks on landmark buildings, the whole category of "cyberterrorism" all rankle with Schneier, who thinks the ultimate security risk is "people."

He may not be a household name, but he is quite possibly the most namechecked security expert in the world among technologists - and science fiction fans.

Schneier, who with ponytail and greying beard looks pleasingly like an eminent cryptologist should look, created two of the best-known security algorithms, nicknamed Blowfish and Twofish, and wrote Applied Cryptography, the bible of the digital security industry. The Economist hails him as "a security guru." He is even mentioned in The Da Vinci Code.

Read More →

Security Is a State of Mind

Checking in with expert Bruce Schneier about the state of security.

  • Jon Erickson
  • Dr. Dobb's Journal
  • October 1, 2008

DDJ: A decade ago, you said that computer security, with all of its advances, would likely get worse in the future. Is this the way things turned out? If so, why? And what does this tell us about the next 10 years?

Read More →

Living in an Insecure World

  • John C. Tanner
  • Telecom Asia
  • September 8, 2008

It's been ten years since Bruce Schneier - founder of security monitoring firm Counterpane Internet Security - launched  his newsletter, Crypto-Gram, which expanded from covering computer security issues to a broader investigation into security issues of all sorts. Now Counterpane belongs to BT, where Schneier is chief security technology officer, and as he tells global technology editor John C Tanner security is still a hard sell

Telecom Asia: Your background is computer security and cryptography - how did you end up applying that knowledge into the world at large?

Schneier: I think it's just what happens when I start looking at something. I start looking at the bigger picture. The first sort of major milestone was the post 9/11 issue.

Read More →

Net Value: Combat Cyber Threats

  • EdgeDaily
  • June 9, 2008

One of the meetings held in conjunction with the recent World Congress on Information Technology (WCIT) 2008 in Kuala Lumpur was the Infosec.my information security conference and the International Multilateral Partnership Against Cyber Terrorism (IMPACT) World Cyber Security Summit. While the thought of combating cyber terrorism is exciting, Bruce Schneier, founder and chief technical officer of BT Counterpane, thinks the term "cyber terrorism" is misleading and its usage cheapens the meaning of terrorism.

"Cyber terrorism is a myth," he says. "We all know what terrorism is; it involves innocent people being killed in a very public way, in an attempt to cause terror in the greater population."

However, Schneier does believe very much in cyber threats and thinks governments should do more, such as cooperating to use their collective bargaining power to demand more security from software vendors.

Read More →

A Silver Lining in a Gloomy Outlook

  • Zam Karim
  • The Star
  • June 5, 2008

We recently sat down with security guru Bruce Schneier to talk about Internet security and, boy, did we get more than what we bargained for.

WITH the advance of new and better cybersecurity technologies, you'd expect the Internet to be a lot safer place for average users.

However, the world-renowned security expert Bruce Schneier paints an entirely different picture — in fact, a pretty gloomy one where no matter what you do to beef up security, it will not be enough. And in the future, things will even get a lot worse.

Read More →

Bruce Schneier Q&A: The Endless Broadening of Security

For Bruce Schneier, the security discipline still evolves and expands. Now he's the one trying to expand it.

  • Scott Berinato
  • CSO
  • June 2, 2008

In September 2003, CSO published a groundbreaking interview with security guru Bruce Schneier. At the time, Schneier was evolving from cryptographer to general security thinker. An emerging generation of Internet criminals and the new realities of a post-9/11 world were fueling his ideas beyond information security to the broader realm where technology and the physical world interacted. He was beginning to see security as a social science.

Read More →

Video: Security Experts Bruce Schneier and Ray Stanton on the Human Side of Security

  • ComputerWeekly
  • April 30, 2008

BT's Bruce Schneier and Ray Stanton talk security with ComputerWeekly.com's security blogger David Lacey at Infosecurity 2008.

Watch the Video on ComputerWeekly.com

Read More →

Schneier: Lots of Security Software is "Snake Oil"

  • Jeremy Kirk
  • IDG News Service
  • April 23, 2008

Bruce Schneier is one of the foremost experts on cryptography and is a well-known security author and commentator. He is the founder of the managed security services company Counterpane, which was acquired in October 2006 by BT. Schneier sat down with IDG News Service at the Infosec security show in London to talk about the effectiveness of security products and the psychology of security.

Are antivirus products just making money by giving people a "feeling" of security rather than true security?

Schneier: Antivirus is easy.

Read More →

Infosecurity Europe Hall of Fame

  • April 22, 2008

Bruce Schneier was inducted into the Infosecurity Europe Hall of Fame at Infosecurity Europe 2008.

Read More →

Audio: Scott Horton Interviews Bruce Schneier

  • Antiwar Radio
  • April 11, 2008

Bruce Schneier, cryptographer, computer security specialist, writer, and author, discusses the Justice Department’s bogus prosecutions of barely-terrorists in the JFK, Ft. Dix, Lackawanna, Miami and other cases, the increasing danger to Americans’ liberties due to the large numbers of new Joint Terrorism Task Forces across the country and their temptation to entrap the innocent, the rise of the domestic security industrial complex, the economics of airline security, information as the answer to the problem of consolidated power, the government’s data mining programs and the death of the Real ID.

Listen to the Audio on Antiwar.com

Read More →

Bruce Schneier's New View on Security Theater

  • Peter Glaskowsky
  • CNET
  • April 9, 2008

Security expert Bruce Schneieris rightly regarded as one of the industry's most intelligent and insightful participants. He has made substantial personal contributions to the science of cryptology, and has written some of the best books on the subject.

Like many smart people, Schneier is also highly opinionated. Although I have yet to hear a technical opinion from Schneier that I disagree with, some of his nontechnical opinions are--in my opinion--open to debate.

Read More →

Audio: Session Preview with Bruce Schneier: Reconceptualizing Security

  • RSA Conference 2008
  • April 7, 2008

Bruce Schneier, CTO, BT Counterpane, is an internationally renowned security technologist and author, and a frequent speaker at RSA Conference. His session at RSA Conference 2008 is called Reconceptualizing Security.

Listen to the Audio on Archive.org

Read More →

Bruce Schneier Shares Security Ideas at Museum

"Security theater" lecture complements photography exhibit showcasing images of fear, safety and liberty in post-9/11 America

  • Ann Bednarz
  • Network World
  • March 31, 2008

Bruce Schneier shared his ideas about the psychology of security, and the need for thinking sensibly about security, in his hometown last week when he gave a lecture at the Weisman Art Museum in the US.

Schneier's lecture was scheduled in conjunction with an exhibition of photographer Paul Shambroom's images of power (Shambroom's photographs capture scenes in industrial, business, community and military environments.) The association of Schneier's lecture with the photography exhibit says a lot about how the security guru's focus has evolved over the years from the bits and bytes of cryptography and computer security to include a more broad examination of personal safety, crime, corporate security and national security.

The theme of Schneier's talk was the "security theater," a term he uses to describe security measures that are designed to make people feel safer but don't necessarily do so.

"Security is really two different things.

Read More →

Does the Security Industry Have a Future?

  • Peter Schooff
  • ebiz
  • March 20, 2008

MP3 podcast available

What follows is a transcript of my discussion with Bruce Schneier, Founder and Chief Technology Officer of BT Counterpane and the well-known Schneier on Security blogger. In this podcast we discuss current vulnerabilities, what the future of the security industry will look like, security industry consolidation, encryption, and finally, the time frame for changes in the industry to come about.

First, what threats do you see that companies need to be most concerned with at this point?

The biggest threat right now is crime. About five years ago, criminals discovered the internet in a big way and whether it's identity theft which is fraud or denial of service extortion or other attempts to make money, crime is the primary threat on the net and when we're worried about internet threats, we're worried about crime.

Read More →

Audio: Does the Security Industry Have a Future?

  • ebizQ
  • March 20, 2008

Bruce Schneier and Peter Schoof of ebizQ discuss current vulnerabilities, what the future of the security industry will look like, security industry consolidation, encryption, and finally, the time frame for changes in the industry to come about.

Listen to the Audio on ebizQ.net

Transcript

First, what threats do you see that companies need to be most concerned with at this point?

The biggest threat right now is crime. About five years ago, criminals discovered the internet in a big way and whether it's identity theft which is fraud or denial of service extortion or other attempts to make money, crime is the primary threat on the net and when we're worried about internet threats, we're worried about crime.

I've read some of your general comments about, essentially, in a perfect world, the security industry would be unneeded.

Read More →

The Halfway House Between Science and Secrets

An Interview With Bruce Schneier on Science and Security

  • Jonathan Pfeiffer
  • Science Progress
  • March 19th, 2008

Streaming and MP3 audio available

Earlier this month the National Research Council released a Congressionally-mandated report, "Science and Security in a Post 9/11 World," which recognizes that the 9/11 attacks provoked a misallocation of United States security resources and led to counter-productive security measures. The NRC warns that the widespread practice of labeling scientific research as "sensitive but unclassified" has had grave consequences for our security and our economy. In order to encourage more sensible science-security policymaking, the NRC has recommended the creation of a new high-level Science and Security Commission to give scientists and government security officials a place to deliberate and negotiate security policies as they relate to science and engineering research.

To better understand the relationship between scientific research and national defense, Science Progress spoke with security technologist and author Bruce Schneier about why secrecy makes for bad policy in science and engineering, and whether or not a new institutionalized science-security dialogue would be helpful or simply theatrical.

Read More →

Audio: The Halfway House Between Science and Secrets

  • Science Progress
  • March 19, 2008

A recent National Research Council report recognizes that the 9/11 attacks provoked counter-productive security measures that stifle access to fruitful scientific research. Security expert Bruce Schneier talks with Science Progress about the science that makes us smarter and the security that makes us safer.

Listen to the Audio on ScienceProgress.org

Transcript

Earlier this month the National Research Council released a Congressionally-mandated report, 'Science and Security in a Post 9/11 World,' which recognizes that the 9/11 attacks provoked a misallocation of United States security resources and led to counter-productive security measures. The NRC warns that the widespread practice of labeling scientific research as 'sensitive but unclassified' has had grave consequences for our security and our economy.

Read More →

On People, the Death of Privacy, and Data Pollution

  • Matt Pasiewicz
  • EDUCAUSE Review
  • March/April 2008

The following is an excerpt from an interview with Bruce Schneier. Matt Pasiewicz, EDUCAUSE content program manager, conducted the interview at the EDUCAUSE 2007 Annual Conference.
Full podcast

MP: Bruce, perhaps you can get us started by sharing some of your thoughts about the psychology and economics of security.

Schneier: Security is a lot more about people than technology. One thing I've learned from studying economics, the psychology of risk, security, and people is that those problems are actually way harder than the tech problems.

Read More →

Q&A with Bruce Schneier

Expert says security benefits must be weighed against tradeoffs

  • Jonathan Gaw
  • Minneapolis Star Tribune
  • February 23, 2008

Q: When a company or government entity has a security proposal, how should they evaluate that? What sort of principles should they be looking for to determine whether this is going to be an effective security solution?

A: First, you have to understand that security is a tradeoff. Whether you give money, or time, or convenience, or civil liberties, or American servicemen's lives, you give something and you get some security in return.

Read More →

Computer Security's Dubious Future

InfoWorld's Roger Grimes weighs in on why security expert Bruce Schneier thinks computer security won't get any better in the next 10 years

  • Roger Grimes
  • InfoWorld
  • February 22, 2008

As longtime readers already know, I'm a big fan of Bruce Schneier, CTO and founder of BT Counterpane. Besides being a cryptographic and computer security authority, cryptographic algorithm creator, and author of many best-selling books on security, Bruce produces some of the most relevant conversations on computer security. I consider his books, his Cryptogram newsletter, and his blog must-reads for anyone in computer security.

Bruce is a guy who pushes us to rethink our currently held paradigms.

Read More →

Video: Schneier: Bad News Is Good News, Not So for Security

  • ZDNet
  • February 15, 2008

While the media bombards consumers with frightening stories, discussions about security are thwarted by the failure of language to separate the "feeling" and "reality" of security, says security guru Bruce Schneier.

Schneier, author of Applied Cryptography and his most recent book Beyond Fear, reckons there is a fundamental problem with the way humans think about security. And its roots can be drawn back to a failure of language.

"'Security' is a complicated word," Schneier told ZDnet.com.au at linuxconf08.

"You can feel secure and there's the reality of security -- how secure you are.

Read More →

The Insider

  • Stefan Hammond
  • Computerworld
  • February 12, 2008

Bruce Schneier, founder and CTO of Counterpane, outlines the cybercrime landscape enterprises face today. He explains to CWHK's Stefan Hammond that insiders are a problem, managed security services are a solution, and a determined crew with a chainsaw and a truck is a big problem.

CWHK: Computer security never seems to get better, only worse. Why?

Bruce Schneier: Because security is fundamentally not a technology problem--it's a people problem.

Read More →

Talking security with Bruce Almighty

  • Sam Varghese
  • ITWire
  • February 1, 2008

When the good folk at Linux Australia sat down with the organisers of the Australian national Linux conference and decided that Bruce Schneier would be the keynote speaker on the opening day of the main conference, they couldn't have made a more correct decision.

Schneier is a man whose security credentials are impeccable, who's probably the world's top security technologist. At the same time, he can talk about security concepts to a teenager - and the kid will understand exactly what he's saying.

When you realise that this same man is an inventor of the Blowfish, Twofish and Yarrow algorithms, then you begin to understand what the word intellectual means.

Read More →

Information is our Only Security Weapon: Bruce Schneier at Linux.conf.au

  • Sarah Stokely
  • CRN Australia
  • January 31, 2008

Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards and public CCTV security cameras in his keynote address to Linux.conf.au this morning.

These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, he said.

"Camera companies are pushing it, but all the actual data points the other way," Schneier said. "RFID is another one -- the industry pushing it is very much distorting facts."

The discussion of public security -- which has always been clouded by emotional decision making -- has been railroaded by groups with vested interests such as security vendors and political groups, he said.

Read More →

CPSR's 2008 Norbert Wiener Award given to Bruce Schneier

  • CPSR Press Release
  • January 24, 2008

Computer Professionals for Social Responsibility honors Bruce Schneier, internationally renowned security technologist and author, with its 2008 Norbert Wiener Award.

CPSR's Vice President, Fyodor Vaskovich, notes that "Bruce has long been a passionate advocate for privacy, security, and civil liberties. He is distinguished by technical accomplishments such as designing the Blowfish and Twofish algorithms, bringing cryptography to a wider audience with his book Applied Cryptography, and founding security vendor BT Counterpane. But CPSR particularly applauds Bruce for his higher level social and political accomplishments.

Read More →

Bruce Schneier Reflects on a Decade of Security Trends

Author, blogger, cryptographer and security luminary Bruce Schneier shares his opinions on the trends and technology of the last 10 years in information security.

  • Michael S. Mimoso
  • SearchSecurity
  • January 15, 2008

Share your opinion on the most important trend(s) of the last decade; technology trends, as well as overall strategic/business trends?

Bruce Schneier: The most amazing thing about the last ten years is how little things have changed technologically. Firewalls, IDSs, worms and viruses, spam, denial of service: they're all still here. Sure, there have been technological advances in both attacks and defences - phishing is relatively new, for example - but for the most part we're using the same technological defences against the same technological attacks.

What has changed is the business motivations.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.