News: 2010 Archives
Bruce Schneier: We Need "Cyberwar Hotlines" to Match Nuclear Hotlines
Security expert Bruce Schneier has called for governments to establish ‘hotlines’ between their cyber commands, much like the those between nuclear commands, to help them battle against cyber attacks.
Cyber security is high on the national agenda, and is regarded as a top threat to the UK’s security. It is also top a concern for other nations around the world. Last month, the EU announced plans to cybercrime centre by 2013, and it agreed with the US to set up a working group on cybersecurity. Meanwhile, NATO also adopted its Strategic Concept Charter, which outlines plans to develop new capabilities to combat cyber attacks on military networks…
Cryptography Engineering: Design Principles and Practical Applications (Review)
Cryptography Engineering: Design Principles and Practical Applications. By Niels Ferguson et al; published by John Wiley & Sons, Inc., www.wiley.com; 384 pages; $55.
Good cryptography can ensure that your data is readable only to authorized parties. The danger of bad cryptography is a false sense of data security. The line between the two is exceptionally thin, and the difference between the two is spelled out in great detail in this text.
The first edition of coauthor Bruce Schneier’s Applied Cryptography came out in 1994. What was revolutionary then, and launched a new generation of security mavens, is now obsolete in many parts. …
Video: False Sense of Security?
Are new enhanced TSA procedures a waste of resources?
Video: Fear of Flying
Bruce Schneier appeared on Countdown with Keith Olbermann to discuss full-body scanners and the TSA.
Security and Terrorism Expert Bruce Schneier: TSA Scans "Won't Catch Anybody"
Since 9/11, cryptology expert and security consultant Bruce Schneier has been one of the most pointed critics of the government’s anti-terrorism security programs. In his 2003 book “Beyond Fear,” he coined the phrase “security theater” to refer to measures which are undertaken not because they will be effective at thwarting attacks, but because the agencies carrying them out need to appear to be doing something useful. We spoke to Schneier about the recent controversy involving the Transport Security Agency’s use of invasive scanners and full-body pat-downs…
Special Report: Bruce Schneier on the Future of IT Security
A security guru has debunked cyber war and cyber terrorism myths.
The threats of cyber war and cyber terrorism have been grossly exaggerated and are hindering a real understanding of risks on the internet, one of the world’s leading information security experts has said. Bruce Schneier, the author and security technologist who is also chief security technology officer with BT, was speaking in Dublin yesterday at an event held by the Irish Institute for European Affairs (IIEA).
Schneier referred to the denial of service attack in Latvia in 2007, which brought down several government services for a time, and said it was most likely the first such cyber war attack against a state. However, he pointed out that just one person was convicted—an ethnic Russian living in Latvia who was apparently angered by the authorities’ decision to remove some statues dating from the Communist era…
Bruce Schneier Writes Down Passwords. So Can You
After the conference is over I get some time to talk to security guru Bruce Schneier.
His talk on security was not, what you might imagine, about HTTPS and secure sockets, but rather a much more philosophical talk on the psychology of security. The point Mr. Schneier was making was that there is a difference between actually being secure, and the feeling of secure.
You can be secure when you don’t feel as if you are. And conversely there are times when you think you are secure, but actually you are not—for example the most dangerous part of any holiday journey is the drive to the airport, not the flight in the plane…
Video: RSA Conference Europe: Hugh Thompson and Bruce Schneier
Two RSA Conference Europe 2010 Keynote speakers discuss Bruce Schneier’s session on Security, Privacy and the Generation Gap.
Book: Secrets & Lies (Review)
Everyone knows Bruce Schneier (at least everyone reading my blog); to begin with, this is not a technical book about cryptography, it’s a book that wants to give almost the exact opposite message, that is that cryptography by itself cannot do much since security is comprised by numerous factors. This book was a present of a friend of mine and just for your information, this review/overview was written by reading it just once despite B. Schneier’s suggestion of reading it at least twice in order to understand the message “between the lines”. In any case, here it is……
Audio: Scott Horton Interviews Bruce Schneier
Bruce Schneier discusses Joe Lieberman’s proposal for an internet “kill switch,” why shutting down the internet during a crisis would cause more harm than good, and how controversial websites like WikiLeaks use data redundancy spread out in different countries to prevent being shut down.
CSO Compass Award: Bruce Schneier
As an author of books on security, the influential Crypto-Gram newsletter and the blog Schneier on Security (www.schneier.com), as well as a frequent guest on TV and radio, Bruce Schneier has become something of a celebrity in the world of security: He may be the only CSO whose likeness is used to sell T-shirts. Still, the most rewarding aspect of his career, as he conveyed in this interview conducted by e-mail, is that he believes he is having an impact on people’s thinking about security.
CSO: What are three fail-proof principles of security leadership?…
Security Expert: Data Is the Pollution of the Information Age
During a panel discussion at the recent Worldwide Cybersecurity Summit in Dallas that otherwise was as dry as a highway in the Sahara, security guru Bruce Schneier made a provocative argument.
He contended that just as pollution was the unfortunate byproduct of the Industrial Revolution, data is the waste product of the digital revolution.
And just like pollution, all the data we generate during our lives never degrades.
He noted that almost every transaction and interaction now generates data.
Whether it’s buying a product with a debit card when we used to pay with cash, or communicating via text message or e-mail when we used to just make a phone call, activities that previously left no trace now generate a significant digital trail…
What Faisal Shahzad could learn from "The Wire"
Excerpt
In the wake of Shahzad’s arrest, the dangers of disposable phones are likely to be scrutinized once again—and there are sure to be renewed calls for their closer regulation. We called Bruce Schneier, security technologist, chief security technology officer at British Telecom, and author of “Beyond Fear: Thinking Sensibly About Security in an Uncertain World,” to find out how dangerous they really are.
How dangerous are these disposable cellphones from a national security perspective?
I think it’s a trivial danger. There are a lot of people who will say these anonymous cellphones are bad, that we’re all going to die. But stealing a cellphone is easy. It’s easy to get a cellphone in somebody else’s name. Cellphone hijacking is easy. I actually don’t believe that disposable cellphones are a problem—it’s a huge red herring…
Video: Bruce Schneier on Cryptography and Government Information Security
Author and leading security expert Bruce Schneier digs into the topics of the current state of cryptography and whether or not companies should care about the U.S. government’s release of portions of the CNCI.
Video: Bruce Schneier on Security for Cloud Computing
In part one of this interview with Bruce Schneier, he discusses the impending shift in how security will be delivered. Schneier expects security to be embedded in Web-based services and sold directly to service providers, rather than to enterprises and end users. This is a radical transformation for the security industry that security professionals must prepare for. Schneier also discusses consumerization and how traditional security technologies and services must adjust as more untrusted devices connect to trusted networks.
Audio: Virtually Speaking with Jay Ackroyd
Bruce Schneier and James Fallows of The Atlantic appeared on Virtually Speaking with Jay Ackroyd.
Review of the Book Beyond Fear
1. Summary of the review
Bruce Schneier’s Beyond Fear is a book about security in general. In contrast to many other books, Schneier explains how security works in the most general case, starting from protecting your diary of your sister to protecting the nation from global terrorism. Schneier’s book does not focus on cryptography or network security, instead it uses examples of systems everyone is expected to be familiar with. Such examples include home burglar systems, airport security or hotel room security.
2. Summary of the book
Bruce Schneier’s …
RSA 2010: Q&A with Bruce Schneier
Schneier on security, SSL and squid
V3.co.uk managed to get five minutes with security legend Bruce Schneier at RSA 2010 in San Francisco to get his views on the current threat landscape.
Yesterday we saw a presentation saying that anti-virus systems are failing 10-30 per cent of the time. What’s your take on that?
I don’t believe that, otherwise I’d be infected with lots of malware. If it is, I’m not paying attention. It’s true that signature-based anti-virus is reaching the end of its useful life, but I’m not seeing data that supports that position.
We’ve also seen Secure Sockets Layer (SSL) come under attack, and some experts are saying it is useless. Do you agree?…
Security Guru Bruce Schneier '88 Demystifies Technology
“Security affects every aspect of people’s lives,” says world renowed security expert and critic Bruce Schneier, CAS/MS ’88. “It helps people make better personal, corporate, and national decisions.”
A regular columnist for the Wall Street Journal and the Guardian newspaper in the UK, Schneier calls himself “an explainer.” Through his best-selling books, Applied Cryptography, Secrets and Lies, and Beyond Fear, and countless mainstream and security media articles and speaking engagements, he explains difficult topic matter to regular folks. His reputation as a leading cryptographer even got him mentioned in Dan Brown’s mega-bestseller, …
Security Superstars 2010: Visionaries
Excerpt
Schneier is the official rock star of the security industry with deep knowledge of crytopgraphy and privacy. He is the author of Applied Cryptography; Beyond Fear: Thinking Sensibly About Security in an Uncertain World; and Secrets and Lies: Digital Security in a Networked World. Schneier is also a frequent speaker at security events as well as the author of the BlowFish and TwoFish algorithms.
Bruce Schneier: Geek of the Week
If one were to close one’s eyes and imagine a BT Executive, one would never conjure up Bruce Schneier. He is one of the greatest experts in cryptography, and a well-known mathematician. He even got a brief mention in the book The Da Vinci Code. He also remains an outspoken and articulate critic of the way that security is actually implemented in applications, as Richard Morris found out when we dispatched him to interview him.
Once a sleepy IT backwater, Identity Management has been thrust into the spotlight over the past few years. More and more companies, alarmed by the escalating incidence of identity theft, have come to understand the importance of protecting the integrity of digital information held about individuals and the grave risks they run if they neglect to do it…
Privatsphäre ist eine Voraussetzung der Freiheit, der Demokratie, des Kapitalismus
Der Experte für IT-Sicherheit über Lauschangriffe ohne Nutzwert, notwendiges Vertrauen und Daten als Umweltverschmutzung des Informationszeitalters
Lufthansa Exclusive: Mr. Schneier, Sie sind Spezialist für IT-Sicherheit und Kryptografie. Trotzdem als Erstes eine Frage, die eher ins Fach Psychologie fällt. Ich versende manche E-Mails verschlüsselt, das eingebaute Mikrofon meines Computers ist im Normalfall deaktiviert, auf meiner Festplatte befindet sich eine verschlüsselte Partition. Und wenn ich ein wirklich vertrauliches Gespräch unter vier Augen führen wollte, würde ich den Akku aus meinem Smartphone entfernen. Bin ich ein Fall für den Psychiater?
Bruce Schneier: Nur wenn Sie das besagte vertrauliche Gespräch mit ihm führen wollen. Sicherheit ist ein Kompromiss, und ich kann Ihre Sicherheitsmaßnahmen nicht beurteilen, wenn ich nicht mehr über Ihre Risiken weiß. Einiges von dem, was Sie da aufführen, ist extrem, aber es gibt Menschen, die extremen Risiken ausgesetzt sind – Menschenrechtler in totalitären Staaten zum Beispiel. Ich persönlich verschlüssele meine Festplatte, aber ich führe einige meiner wirklich vertraulichen Gespräche über mein Smartphone…
Sidebar photo of Bruce Schneier by Joe MacInnis.