News: 2008 Archives

Video: Screening the TSA

  • 60 Minutes
  • December 18, 2008

Excerpt

But the question is: is everything we go through at checkpoints actually making us safer? Security expert Bruce Schneier says no. He says much of it is just "security theater."

"It’s a phrase I coined for security measures that look good, but don’t actually do anything," he explained.

Schneier, who has been an adviser to TSA but also its most persistent thorn-in-the-side, says there are too many silly rules.

Take the baggies for liquids, which became a rule in 2006 when British authorities uncovered a plot to bring liquid bombs on board airliners headed for the U.S.: Schneier says the liquid limits may make us feel safe, but do little to stop terrorists…

Bruce Schneier on IT Insecurity

There are no easy solutions to today's security challenges, and companies often approach them in the wrong way, says Bruce Schneier.

  • Edward Cone
  • CIO Insight
  • December 16, 2008

Talking with security expert Bruce Schneier does not always leave a person feeling more secure. That’s because Schneier doesn’t sell easy solutions. Instead, he challenges businesses, governments and individuals to examine their assumptions about risk, to eschew simplistic answers and to accept the fact that no system is—or can be—perfectly secure.

Now the chief security technology officer of BT, Schneier worked at the Department of Defense and Bell Labs before founding Counterpane Internet Security, which was acquired by BT. He has a master’s degree in computer science and a B. A. in physics…

Top 25 Most Influential People in the Security Industry

  • Erin J. Wolford
  • Security Magazine
  • December 1, 2008

Excerpt

#19: Bruce Schneier, Influential Security Technologist

Bruce Schneier is an internationally renowned security technologist, referred to by The Economist as a “security guru.” He is the author of eight books – including the best sellers Beyond Fear: Thinking Sensibly about Security in an Uncertain World; Secrets and Lies; and Applied Cryptography – as well as hundreds of articles and essays in national and international publications, and many more academic papers. His influential newsletter Crypto-Gram, and his blog Schneier on Security, are read by over 250,000 people. “I consider myself a synthesist and a communicator. My biggest accomplishments involve understanding complex ideas and explaining them simply, as well as finding connections and patterns and commonalities among diverse ideas. I write, I speak, I write more. The single thing that fans say to me that makes me the most proud of my work is: ‘You’ve changed the way I think.’ That’s what I want to do: change the way people think about security…

Bruce Schneier: Securing Your PC and Your Privacy

  • James Maguire
  • Datamation
  • November 12, 2008

He might be called the international rock star of computer security. Having testified before Congress and given well-regarded speeches the world over, when Bruce Schneier talks about security, experts listen. A prolific author, he has penned articles for publications ranging from Wired to The Guardian to the Sydney Morning Herald. His books include Applied Cryptography, which delves into the science of secret codes, and Beyond Fear, which details how to protect security on the personal and national level.

His recently released book, Schneier on Security…

Interview with Bruce Schneier

  • Ed Cone
  • Know It All
  • November 6, 2008

An edited version of this interview will appear in CIO Insight.

I asked security guru Bruce Schneier about those troublesome voting machines and the mindset that foists them upon us.

Schneier: The security of voting machines points to two big issues. The first one is that security is actually very hard. People think technology magically makes security worries a thing of the past, but it’s just not true. Security is very hard and very subtle.

These voting machine companies were no better than any other software, or hardware, computer company we’ve seen in the past few years. They did a really lousy job. And because the systems were proprietary, because the companies had a vested interest in keeping the flaws secret, the public didn’t know about them. So we have this problem of insecure voting machines…

Video: 3 Qüestions: Bruce Schneier

  • Universitat Autònoma de Barcelona
  • November 3, 2008

Bruce Schneier és considerat internacionalment com un gurú de la seguretat informàtica. Va fundar, i actualment dirigeix, la divisió tecnològica de la companyia BT Counterpane, especialitzada en serveis de seguretat informàtica. Citat habitualment als mitjans de comunicació, Schneier ha escrit nombrosos articles a la premsa i ha testificat diverses vegades sobre seguretat al Congrés dels Estats Units.

Note: in this video, the questions are in Spanish but Bruce Schneier’s responses are in English.

Watch the Video on YouTube

The Things He Carried

  • Jeffrey Goldberg
  • The Atlantic
  • November 2008

Excerpt

This day, however, would feature a different sort of experiment, designed to prove not only that the TSA often cannot find anything on you or in your carry-on, but that it has no actual idea who you are, despite the government’s effort to build a comprehensive “no-fly” list. A no-fly list would be a good idea if it worked; Bruce Schneier’s homemade boarding passes were about to prove that it doesn’t. Schneier is the TSA’s most relentless, and effective, critic; the TSA director, Kip Hawley, told me he respects Schneier’s opinions, though Schneier quite clearly makes his life miserable…

Schneier on Security (Book Review)

  • Ben Rothke
  • Slashdot
  • October 20, 2008

“There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply buy products and magically get instant security by flipping on the switch. The reality is that security is not something you can buy; it is something you must get.”

Perhaps no one in the world gets security like author Bruce Schneier does. Schneier is a person who I am proud to have as a colleague [Schneier and I are both employed by the same parent company, but work in different divisions, in different parts of the country]. …

Data Guru Says Secret to Security Is to Focus on People

  • Karlin Lillington
  • The Irish Times
  • October 3, 2008

WHEN IT comes to security, Bruce Schneier would like people to stop worrying about what he calls “movie plot” scenarios. Exploding aircraft, attacks on landmark buildings, the whole category of “cyberterrorism” all rankle with Schneier, who thinks the ultimate security risk is “people.”

He may not be a household name, but he is quite possibly the most namechecked security expert in the world among technologists – and science fiction fans.

Schneier, who with ponytail and greying beard looks pleasingly like an eminent cryptologist should look, created two of the best-known security algorithms, nicknamed Blowfish and Twofish, and wrote Applied Cryptography, the bible of the digital security industry. The Economist hails him as “a security guru.” He is even mentioned in The Da Vinci Code…

Security Is a State of Mind

Checking in with expert Bruce Schneier about the state of security.

  • Jon Erickson
  • Dr. Dobb's Journal
  • October 1, 2008

DDJ: A decade ago, you said that computer security, with all of its advances, would likely get worse in the future. Is this the way things turned out? If so, why? And what does this tell us about the next 10 years?

BS: It has gotten worse. In all of computer science, security is unique in that it has completely failed almost all the time. There are a lot of reasons for this, but the most important is complexity. Complexity is the worst enemy of security: as systems get more complex, they get less secure. So even though there have been, and continue to be, a constant stream of improvements in security—new ideas, new research, new techniques, new products, and services—things continue to get worse. Systems are getting more complex faster than security is improving, so we lose ground even as we get better…

Living in an Insecure World

  • John C. Tanner
  • Telecom Asia
  • September 8, 2008

It’s been ten years since Bruce Schneier – founder of security monitoring firm Counterpane Internet Security – launched  his newsletter, Crypto-Gram, which expanded from covering computer security issues to a broader investigation into security issues of all sorts. Now Counterpane belongs to BT, where Schneier is chief security technology officer, and as he tells global technology editor John C Tanner security is still a hard sell

Telecom Asia: Your background is computer security and cryptography – how did you end up applying that knowledge into the world at large?…

Net Value: Combat Cyber Threats

  • EdgeDaily
  • June 9, 2008

One of the meetings held in conjunction with the recent World Congress on Information Technology (WCIT) 2008 in Kuala Lumpur was the Infosec.my information security conference and the International Multilateral Partnership Against Cyber Terrorism (IMPACT) World Cyber Security Summit. While the thought of combating cyber terrorism is exciting, Bruce Schneier, founder and chief technical officer of BT Counterpane, thinks the term “cyber terrorism” is misleading and its usage cheapens the meaning of terrorism.

“Cyber terrorism is a myth,” he says. “We all know what terrorism is; it involves innocent people being killed in a very public way, in an attempt to cause terror in the greater population.”…

A Silver Lining in a Gloomy Outlook

  • Zam Karim
  • The Star
  • June 5, 2008

We recently sat down with security guru Bruce Schneier to talk about Internet security and, boy, did we get more than what we bargained for.

WITH the advance of new and better cybersecurity technologies, you’d expect the Internet to be a lot safer place for average users.

However, the world-renowned security expert Bruce Schneier paints an entirely different picture — in fact, a pretty gloomy one where no matter what you do to beef up security, it will not be enough. And in the future, things will even get a lot worse.

People tend to think that just because it’s technology, there is some magical solution to solve all the security concerns, Schneier said…

Bruce Schneier Q&A: The Endless Broadening of Security

For Bruce Schneier, the security discipline still evolves and expands. Now he's the one trying to expand it.

  • Scott Berinato
  • CSO
  • June 2, 2008

In September 2003, CSO published a groundbreaking interview with security guru Bruce Schneier. At the time, Schneier was evolving from cryptographer to general security thinker. An emerging generation of Internet criminals and the new realities of a post-9/11 world were fueling his ideas beyond information security to the broader realm where technology and the physical world interacted. He was beginning to see security as a social science. “Real security means making hard choices,” Schneier said at the time. It’s one of his favorite interviews, and one of ours, too…

Video: Security Experts Bruce Schneier and Ray Stanton on the Human Side of Security

  • ComputerWeekly
  • April 30, 2008

BT’s Bruce Schneier and Ray Stanton talk security with ComputerWeekly.com’s security blogger David Lacey at Infosecurity 2008.

Watch the Video on ComputerWeekly.com

Schneier: Lots of Security Software is "Snake Oil"

  • Jeremy Kirk
  • IDG News Service
  • April 23, 2008

Bruce Schneier is one of the foremost experts on cryptography and is a well-known security author and commentator. He is the founder of the managed security services company Counterpane, which was acquired in October 2006 by BT. Schneier sat down with IDG News Service at the Infosec security show in London to talk about the effectiveness of security products and the psychology of security.

Are antivirus products just making money by giving people a “feeling” of security rather than true security?

Schneier: Antivirus is easy. Antivirus products actually work. They have for years. A lot of the software on this show floor is just snake oil, but antivirus does work. You should have an antivirus program. You should have it updated regularly. It doesn’t make you secure, but it gets that bottom layer of the trivial stuff. That’s why. It’s not sufficient but it’s certainly necessary…

Infosecurity Europe Hall of Fame

  • April 22, 2008

Bruce Schneier was inducted into the Infosecurity Europe Hall of Fame at Infosecurity Europe 2008.

Audio: Scott Horton Interviews Bruce Schneier

  • Antiwar Radio
  • April 11, 2008

Bruce Schneier, cryptographer, computer security specialist, writer, and author, discusses the Justice Department’s bogus prosecutions of barely-terrorists in the JFK, Ft. Dix, Lackawanna, Miami and other cases, the increasing danger to Americans’ liberties due to the large numbers of new Joint Terrorism Task Forces across the country and their temptation to entrap the innocent, the rise of the domestic security industrial complex, the economics of airline security, information as the answer to the problem of consolidated power, the government’s data mining programs and the death of the Real ID…

Bruce Schneier's New View on Security Theater

  • Peter Glaskowsky
  • CNET
  • April 9, 2008

Security expert Bruce Schneieris rightly regarded as one of the industry’s most intelligent and insightful participants. He has made substantial personal contributions to the science of cryptology, and has written some of the best books on the subject.

Like many smart people, Schneier is also highly opinionated. Although I have yet to hear a technical opinion from Schneier that I disagree with, some of his nontechnical opinions are–in my opinion–open to debate.

For example, Schneier coined the term “Security Theater” to describe measures that serve to make people feel safer without significantly improving security in any real sense…

Audio: Session Preview with Bruce Schneier: Reconceptualizing Security

  • RSA Conference 2008
  • April 7, 2008

Bruce Schneier, CTO, BT Counterpane, is an internationally renowned security technologist and author, and a frequent speaker at RSA Conference. His session at RSA Conference 2008 is called Reconceptualizing Security.

Listen to the Audio on Archive.org

Bruce Schneier Shares Security Ideas at Museum

"Security theater" lecture complements photography exhibit showcasing images of fear, safety and liberty in post-9/11 America

  • Ann Bednarz
  • Network World
  • March 31, 2008

Bruce Schneier shared his ideas about the psychology of security, and the need for thinking sensibly about security, in his hometown last week when he gave a lecture at the Weisman Art Museum in the US.

Schneier’s lecture was scheduled in conjunction with an exhibition of photographer Paul Shambroom‘s images of power (Shambroom’s photographs capture scenes in industrial, business, community and military environments.) The association of Schneier’s lecture with the photography exhibit says a lot about how the security guru’s focus has evolved over the years from the bits and bytes of cryptography and computer security to include a more broad examination of personal safety, crime, corporate security and national security…

Audio: Does the Security Industry Have a Future?

  • ebizQ
  • March 20, 2008

Bruce Schneier and Peter Schoof of ebizQ discuss current vulnerabilities, what the future of the security industry will look like, security industry consolidation, encryption, and finally, the time frame for changes in the industry to come about.

Listen to the Audio on ebizQ.net

Transcript

First, what threats do you see that companies need to be most concerned with at this point?

The biggest threat right now is crime. About five years ago, criminals discovered the internet in a big way and whether it’s identity theft which is fraud or denial of service extortion or other attempts to make money, crime is the primary threat on the net and when we’re worried about internet threats, we’re worried about crime. …

Does the Security Industry Have a Future?

  • Peter Schooff
  • ebiz
  • March 20, 2008

MP3 podcast available

What follows is a transcript of my discussion with Bruce Schneier, Founder and Chief Technology Officer of BT Counterpane and the well-known Schneier on Security blogger. In this podcast we discuss current vulnerabilities, what the future of the security industry will look like, security industry consolidation, encryption, and finally, the time frame for changes in the industry to come about.

First, what threats do you see that companies need to be most concerned with at this point?

The biggest threat right now is crime. About five years ago, criminals discovered the internet in a big way and whether it’s identity theft which is fraud or denial of service extortion or other attempts to make money, crime is the primary threat on the net and when we’re worried about internet threats, we’re worried about crime…

Audio: The Halfway House Between Science and Secrets

  • Science Progress
  • March 19, 2008

A recent National Research Council report recognizes that the 9/11 attacks provoked counter-productive security measures that stifle access to fruitful scientific research. Security expert Bruce Schneier talks with Science Progress about the science that makes us smarter and the security that makes us safer.

Listen to the Audio on ScienceProgress.org

Transcript

Earlier this month the National Research Council released a Congressionally-mandated report, ‘Science and Security in a Post 9/11 World,’ which recognizes that the 9/11 attacks provoked a …

The Halfway House Between Science and Secrets

An Interview With Bruce Schneier on Science and Security

  • Jonathan Pfeiffer
  • Science Progress
  • March 19th, 2008

Streaming and MP3 audio available

Earlier this month the National Research Council released a Congressionally-mandated report, “Science and Security in a Post 9/11 World,” which recognizes that the 9/11 attacks provoked a misallocation of United States security resources and led to counter-productive security measures. The NRC warns that the widespread practice of labeling scientific research as “sensitive but unclassified” has had grave consequences for our security and our economy. In order to encourage more sensible science-security policymaking, the NRC has recommended the creation of a new high-level Science and Security Commission to give scientists and government security officials a place to deliberate and negotiate security policies as they relate to science and engineering research…

On People, the Death of Privacy, and Data Pollution

  • Matt Pasiewicz
  • EDUCAUSE Review
  • March/April 2008

The following is an excerpt from an interview with Bruce Schneier. Matt Pasiewicz, EDUCAUSE content program manager, conducted the interview at the EDUCAUSE 2007 Annual Conference.
Full podcast

MP: Bruce, perhaps you can get us started by sharing some of your thoughts about the psychology and economics of security.

Schneier: Security is a lot more about people than technology. One thing I’ve learned from studying economics, the psychology of risk, security, and people is that those problems are actually way harder than the tech problems. We have as much technology as we need, but securing the people end is hard. I’m doing a lot of research in psychology right now. People are very complex: they’re not linear and rational, and they’re not computers at all. We try to think of them as logical and rational, and that’s just not true. People have internal contradictions…. No matter how good the tech is, if we don’t solve the human end, it’s just not going to work…

Q&A with Bruce Schneier

Expert says security benefits must be weighed against tradeoffs

  • Jonathan Gaw
  • Minneapolis Star Tribune
  • February 23, 2008

Q: When a company or government entity has a security proposal, how should they evaluate that? What sort of principles should they be looking for to determine whether this is going to be an effective security solution?

A: First, you have to understand that security is a tradeoff. Whether you give money, or time, or convenience, or civil liberties, or American servicemen’s lives, you give something and you get some security in return. There’s no such thing as absolute security: It’s a continuum and it’s a tradeoff.

The next question to ask is, is it worth it? You have to go through a security tradeoff, tease out what the risks are, how good the countermeasures are, what the costs are, and then decide “Is it worth it?”…

Computer Security's Dubious Future

InfoWorld's Roger Grimes weighs in on why security expert Bruce Schneier thinks computer security won't get any better in the next 10 years

  • Roger Grimes
  • InfoWorld
  • February 22, 2008

As longtime readers already know, I’m a big fan of Bruce Schneier, CTO and founder of BT Counterpane. Besides being a cryptographic and computer security authority, cryptographic algorithm creator, and author of many best-selling books on security, Bruce produces some of the most relevant conversations on computer security. I consider his books, his Cryptogram newsletter, and his blog must-reads for anyone in computer security.

Bruce is a guy who pushes us to rethink our currently held paradigms. He lays bare unsubstantiated dogma. I don’t always agree with Bruce. But many of the potent ideas that I disagreed with when he espoused them a half decade ago, I find myself agreeing with years later, ideas like how two-factor authentication won’t stop malicious hackers from stealing gobs of money from the online banking industry, and how the biggest problem with security, in general, is us and our irrational ranking of threats…

Video: Schneier: Bad News Is Good News, Not So for Security

  • ZDNet
  • February 15, 2008

While the media bombards consumers with frightening stories, discussions about security are thwarted by the failure of language to separate the “feeling” and “reality” of security, says security guru Bruce Schneier.

Schneier, author of Applied Cryptography and his most recent book Beyond Fear, reckons there is a fundamental problem with the way humans think about security. And its roots can be drawn back to a failure of language.

“‘Security’ is a complicated word,” Schneier told ZDnet.com.au at linuxconf08.

“You can feel secure and there’s the reality of security — how secure you are. And they’re different things. You can …

The Insider

  • Stefan Hammond
  • Computerworld
  • February 12, 2008

Bruce Schneier, founder and CTO of Counterpane, outlines the cybercrime landscape enterprises face today. He explains to CWHK‘s Stefan Hammond that insiders are a problem, managed security services are a solution, and a determined crew with a chainsaw and a truck is a big problem.

CWHK: Computer security never seems to get better, only worse. Why?

Bruce Schneier: Because security is fundamentally not a technology problem–it’s a people problem. And while the technology continues to improve, increasing complexity makes the problem worse.

It’s war. But it’s much more interesting, and it’s always pervasive…

Talking security with Bruce Almighty

  • Sam Varghese
  • ITWire
  • February 1, 2008

When the good folk at Linux Australia sat down with the organisers of the Australian national Linux conference and decided that Bruce Schneier would be the keynote speaker on the opening day of the main conference, they couldn’t have made a more correct decision.

Schneier is a man whose security credentials are impeccable, who’s probably the world’s top security technologist. At the same time, he can talk about security concepts to a teenager – and the kid will understand exactly what he’s saying.

When you realise that this same man is an inventor of the Blowfish, Twofish and Yarrow algorithms, then you begin to understand what the word intellectual means…

Information is our Only Security Weapon: Bruce Schneier at Linux.conf.au

  • Sarah Stokely
  • CRN Australia
  • January 31, 2008

Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards and public CCTV security cameras in his keynote address to Linux.conf.au this morning.

These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, he said.

“Camera companies are pushing it, but all the actual data points the other way,” Schneier said. “RFID is another one — the industry pushing it is very much distorting facts.”…

CPSR's 2008 Norbert Wiener Award given to Bruce Schneier

  • CPSR Press Release
  • January 24, 2008

Computer Professionals for Social Responsibility honors Bruce Schneier, internationally renowned security technologist and author, with its 2008 Norbert Wiener Award.

CPSR’s Vice President, Fyodor Vaskovich, notes that “Bruce has long been a passionate advocate for privacy, security, and civil liberties. He is distinguished by technical accomplishments such as designing the Blowfish and Twofish algorithms, bringing cryptography to a wider audience with his book Applied Cryptography, and founding security vendor BT Counterpane. But CPSR particularly applauds Bruce for his higher level social and political accomplishments. Through his best selling books, popular newsletter, tireless speaking schedule, and high-level contacts, Bruce fights to prevent America from succumbing to a culture of fear. He coined the term ‘security theater’ to deride showy government security initiatives which may cost a lot of money, look impressive, and often invade privacy, but don’t materially improve security. The Transport Security Administration has become notorious for this.”…

Bruce Schneier Reflects on a Decade of Security Trends

Author, blogger, cryptographer and security luminary Bruce Schneier shares his opinions on the trends and technology of the last 10 years in information security.

  • Michael S. Mimoso
  • SearchSecurity
  • January 15, 2008

Share your opinion on the most important trend(s) of the last decade; technology trends, as well as overall strategic/business trends?

Bruce Schneier: The most amazing thing about the last ten years is how little things have changed technologically. Firewalls, IDSs, worms and viruses, spam, denial of service: they’re all still here. Sure, there have been technological advances in both attacks and defences – phishing is relatively new, for example – but for the most part we’re using the same technological defences against the same technological attacks…

Sidebar photo of Bruce Schneier by Joe MacInnis.