News: 2012 Archives
Bruce Schneier is a bestselling author, TED speaker, and the founder and chief technology officer of BT Managed Security Solutions. ReadWrite got the chance to speak with the candid technologist about digital feudalism, widely considered one of the foremost voices in the world of security and privacy, government regulations and the reality of cyber warfare.
Online Lord & Vassal
ReadWrite: I read your blog post the other day about Facebook having a "feudal lord" relationship with its users. Tell me what feudal security is.
Computerworld Hong Kong (CWHK): Are we actually any more secure today than we were five years ago?
Bruce Schneier (BS): In short, no. It's interesting that every year we have new technologies, new products, new ideas, companies and research, yet people continue to ask why things are so bad with security? And the answer is that fundamentally the problem is complexity.
Trying to predict the next security problem is the wrong way to go about things said Bruce Schneier, chief security technology officer at BT who was speaking at an event in Singapore.
"The more we try to predict, the more the bad guys react around us," Schneier said. Contrary to popular IT security ideology, what was more important was the ability to react as well as mitigate and recover.
This attempt to predict where the next attack will come from is creating a gap between security and attackers where cyber criminals will be constantly evolving to develop and exploit new attack vectors with IT departments constantly playing catchup.
SINGAPORE--Companies looking to predict cyberthreats to fend off attacks will not improve their IT systems' security robustness as the criminals responsible will evolve and develop their technologies accordingly.
Speaking at a seminar here Monday, Bruce Schneier, chief security technology officer at BT, said technology has affected the balance of society and social mechanisms such as law and punishment, which help keep people in check so they will not commit crimes, online or otherwise.
For instance, the Internet has given rise to anonymity and made it easier for cybercriminals to perpetrate their attacks without getting caught, Schneier observed.
In response to these online threats, IT security professionals and law enforcement agents often try to predict what kind of cyberattack will hit them to better prepare their network security is robust and catch the online intruders, the executive added.
Bruce Schneier, a legend among hackers and security experts, is having trouble convincing the world that the threat of cyberwar is overstated. In 2010, the year after the US launched a Cyber Command division of its military, he lost a public debate on the subject. And in October, US Secretary of Defense Leon Panetta said that the US should gird itself for a cyber Pearl Harbor . Yet Schneier is undeterred.
As we all buy smartphones and use the cloud, we are doing something that's never been done before: trusting a few big IT companies with our lives. That's not necessarily in our best interest, but we have no choice.
So says world-famous security expert Bruce Schneier.
Schneier's latest book, "Liars and Outliers," looks at the psychology needed to keep humans safe.
Jeg har lige lagt Bruce Schneiers "Liars and Outliers" fra mig og det bliver ikke nemt at gøre den retfærdighed i en boganmeldelse.
Denne gang har han skrevet en bog om sikkerhed der ikke handler om computere og faktisk kun halvvejs handler om sikkerhed.
Bogen er i bund og grund en analyse af hvordan mennesker omgås hinanden, hverken mere eller mindre, men det er ikke nogen særlig hjælpsom opsummering, for det dækker alt fra affaldshåndtering over skattelovgivning til computersikkerhed.
Crypto guru urges creative thinking from security pros
Cryptography guru Bruce Schneier called for more creative thinking and a broader perspective as a means to tackle security problems.
For example, the music industry, faced with an explosion in online file-sharing, hired security pros to develop anti-piracy measures, such as digital rights management technology. But these inconvenienced punters while doing little or nothing to stem copyright infringement. A better approach was making songs affordable and easy to buy, a model that has since lined Apple's deep pockets.
A famed computer security expert believes governments are trying to seize control of the internet, but will fail in the long term to reach that goal.
Bruce Schneier, BT's chief technology officer and author of several important books on security, said that governments that didn't understand the internet were trying to take control of it. He looked at US proposals of creating an 'internet kill-switch', claiming that policy makers were crazy to even think of a single mechanism to shut-off all internet traffic.
He said: "You see these types of government proposals, and they come from law enforcement, lobbyists or the military, and we're going to see more of those.
The world's governments are destined to fail in their attempts to control the internet, according to BT security expert Bruce Schneier.
Schneier claimed that the internet is currently going through a dark period, with legislators creating ill-conceived cyber policies that are damaging rather than helping online developments.
"Governments are starting to use it [the internet] for power," said Schneier at a press conference in London.
"We're hitting a period in internet history where governments are seizing more control; one where governments that don't understand the internet are trying to interfere with it."
Schneier touted the recent US proposal to create a "killswitch" for the internet as a prime example of policymaker's lack of understanding.
Security guru Bruce Schneier calls for societal pressure to convince would-be hackers that their actions are not in their own interests
Cyber crime will not be resolved with technology alone, security guru Bruce Schneier warned at the RSA conference in London today. Societal pressure is also need to discourage people from becoming cyber criminals, he argued.
Security experts will always be catching up with criminals when it comes to technological exploits, argued Schneier, who is BT's chief security technology officer. "Attackers have a natural advantage because they can make use of innovations faster and have no procurement pressure or institutional inertia," he said.
Paul Muller (@xthestreams), Chief Evangelist, HP Software speaks with two of the HP Protect 2012 keynote speakers about security and risk management.
Paul speaks with Bruce Schneier, Security Technologist - Author of Liars and Outliers - How societies can use security to enable the trust the need to survive. Paul and Bruce discuss:
- How can security technologists get in front of the security risks resulting from new technologies and general evolutions?
- The importance of swift reaction to inevitable breaches and exploitation tactics.
- Thinking about security in the terms of decision cycles to best anticipate and mitigate risk.
Bruce Schneier, the well-known American cryptographer and security specialist, gives an interview to Radio New Zealand's Bryan Crump during his visit to the country, discussing real-world security issues and whether anti-terror measures done by the authorities worldwide are as effective as expected.
(Bryan Crump): -- Bruce Schneier is a security specialist who seems to be trying to talk himself out of a job. His point is a lot of what we do to protect ourselves against terrorism is pointless. The best weapons against terror are, in his opinion, good intelligence and refusing to be terrorized. Bruce is based in the United States of America, was in New Zealand for a conference on identity and identity theft.
Bruce Schneier ordered a Coke, no ice, at the Rio casino on a Saturday afternoon. I ordered Diet Coke, also no ice, and handed the bartender an American Express card. He said he needed to see proof of identity. Credit cards are often stolen around here, and eight casino workers had recently been fired for not demanding ID, he quietly explained.
Bruce Schneier knows a thing or two about security. The author of multiple books on cryptography, Schneier is widely considered to be an expert on the subject of encryption as well as the broader topic of information security. So we jumped at the opportunity to sit down with him for an in-depth interview at the Black Hat 2012 conference in late July. Here are some of the highlights of what he had to say.The State of Encryption: "Not that great, and getting worse"
Asked to share his view of the state of encryption in this new age of cloud computing, Schneier says: "It's not that great, and it's getting worse."
Here's why: "As you move stuff to the cloud you lose control of the data," Schneier says.
Bruce Schneier talks to Sean Michael Kerner about what's wrong with encryption today and provides insight into what the best browser and operating system to use might be.
This year, more than $22 billion in enterprise security products and services is expected to be sold worldwide. But according to Bruce Schneier, well-known cryptology expert and security luminary, technology alone isn't the answer to better security.
In an in-depth interview with eSecurity Planet at the Black Hat 2012 conference in Las Vegas last week, Schneier argued that looking at security solely from a technology perspective is to take a too narrow view of the problem.
"If you look at broader society, there is a lot of security that happens at a much more personal level," Schneier said.
Bruce Schneier gives us his views on why morality might well be the key ingredient for better Internet security.
Bruce Schneier takes audience questions at the DEF CON 20 hacker convention in Las Vegas.
"Liars & Outliers: Enabling the Trust that Society Needs to Thrive," by Bruce Schneier
Internationally renowned security expert Bruce Schneier delves into the world of trust, bringing together "ideas from across the social and biological sciences to explain how society induces trust ... how trust works and fails in social settings, communities, organizations, countries and the world."
Stuxnet Cyberattack by US a "Destabilizing and Dangerous" Course of Action, Security Expert Bruce Schneier Says
Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran's uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S.
Tomas Gilså har läst ”Liars & Outliers” – en utmärkt grundkurs i mänskligt beteende utifrån ett säkerhetsperspektiv.
Bruce Schneier, it-säkerhetsbranschens husgud, har lyft blicken än en gång. Efter att ha börjat med ”Applied Cryptography” 1994 och fortsatt med böcker om allmän it-säkerhet, informationssäkerhet och praktisk säkerhet är han idag framme vid sin trettonde bok, ”Liars & Outliers”. Med den tar han steget upp på samhällsnivå.
”Liars & Outliers” förklarar säkerhet som en funktion av tillit, dess fördelar och tilkortakommanden.
This week, we’re talking about trust and cooperation, and the implications these social values have for security in the era of global networking. We’re joined by security technologist and author Bruce Schneier, to talk about his book Liars and Outliers: Enabling the Trust Society Needs to Survive. And anthropologist/blogger Greg Laden returns to discuss speculation about cognitive limits on the use of social networks.
On the 74th episode of The Silver Bullet Security Podcast, Gary talks for a second time with Bruce Schneier. They revisit Bruce’s prediction in episode 9 that insight into economics and security would help vendors sell their products more efficiently. In addition, they discuss Bruce’s new book Liars and Outliers: Enabling the Trust that Society Needs to Thrive, how far behind the government is in terms of security, cloud computing, and Uncle Milton’s ant farm.
One of the best books I've read this year is by a security technologist, Bruce Schneier. In Liars and Outliers, he sets out to investigate how trust works in society and in business, how it is betrayed and the degree to which technology changes all of that, for the better or the worse.
Schneier absolutely understands how profoundly trust oils the wheels of business and of daily life. "The more customers trust merchants, the more business gets done.
[In The Righteous Mind, Jonathan] Haidt writes:
Moral systems are interlocking sets of values, virtues, norms, practices, identities, institutions, technologies, and evolved psychological mechanisms that work together to suppress or regulate self-interest and make cooperative societies possible.
It is interesting to compare this perspective with what one finds in Liars and Outliers, a recent book by Bruce Schneier on the social problem of trust and security. Schneier, a security consultant, views our lives from the perspective of game theory. Every day, we must decide whether to cooperate or to defect.
Society runs on trust. We have no choice but to trust that the random people, institutions, and systems we interact with will cooperate and be trustworthy. Join Ben Merens and his guest Bruce Schneier as they discuss how security can protect us from defectors; and what enables us to trust strangers at the local, national, and global scale.
Bruce Schneier, internationally renowned security expert and author, discusses his new book entitled, “Liars & Outliers: Enabling the Trust That Society Needs To Thrive.” Schneier starts the discussion by looking at society and trust and explains why he thinks the two are necessary for civilization. According to Schneier, two concepts contribute to a trustful society: first, humans are mostly moral; second, informal reputation systems incentivize trustworthy behavior. The discussion turns to technology and trust, and Schneier talks about how the information society yields greater consequences when trust is breached. He then describes how society deals with technology and trust and why he thinks the system is not perfect but working well overall.
Davi Ottenheimer, President of flyingpenguin, interviews Bruce Schneier on his latest book.
We don't demand a background check on the plumber who shows up to fix the leaky sink. We don't do a chemical analysis on food we eat. In the absence of personal relationships, we have no choice but to substitute confidence for trust, compliance for trustworthiness.
Bruce Schneier discussed his book Liars and Outliers at the RSA Conference 2012.
Software liability laws are needed to hold software companies accountable for making faulty products, argued Bruce Schneier, chief technology security officer with BT during a pro-con debate held Wednesday at the RSA Conference.
Schneier said that liability laws would transfer the economic cost for faulty software from the user to the developer and provide an incentive for the developer to fix the problem.
He compared the situation of the software market to the early days of the automobile industry when Congress passed laws that held auto manufacturers responsible for faulty vehicles that caused accidents. This prompted the auto industry to begin fixing the problems, such as stop using wooden wheels that would fall apart at high speeds.
"The only way to convince vendors to actually fix the problem is to make it in their financial interest to do so.
Bruce Schneier's latest book, Liars and Outliers, is a departure from his previous landmark books on cryptography and information security. In Liars and Outliers, Schneier pulls back from technology and looks at trust and security and how those very human concepts have evolved in concert with the development of cooperative societies to build the trust and security mechanisms we have today.
In this interview conducted at RSA Conference 2012, Schneier explains his interest in the sociology of security and trust and how today's online interactions are changing the trust dynamic. He paints a not-so-bleak picture of why the Internet remains a trustworthy and viable platform for communication and ecommerce, and talks about whether social networking and technical feedback mechanisms comprise the new trust going forward.
In his session at the RSA Conference in San Francisco, February 28th 2012, Bruce Schneier listed what he perceives to be the three biggest risks to information security right now: The rise of big data; ill-conceived law enforcement regulations; and the cyberwar arms race.The rise of big data
The rise of big data, Schneier declared, is inevitable due to the cost of saving data being so cheap. "It's easy and cheaper to search than sort," he said. "The collection of data is being aggravated – mainly so the companies doing it can make more money… Companies like Apple, Amazon and Google are all competing to be the company that monetises your data."
Schneier spoke of the lack of control that users have over their smartphones and portable devices. "I can't do things as a security professional on my iPhone.
RSA 2012: Schneier on Why Anonymous Is Not a Group and Why They're Certainly Not As Good As You Think They Are
At the RSA Conference 2012 in San Francisco, February 29, Bruce Schneier and Davi Ottenheimer discuss Schneier's latest book and how to enable the trust that society needs to thrive.
Following on from Schneier's talk yesterday on the three biggest risks to information security in 2012, this discussion focussed purely on the topic of Schneier's latest book, Liars and Outliers.
Here are some of the session highlights:
- Security depends on people. "I started in cryptography because I didn't like people. I wanted to study numbers. Anyone in security needs to understand that people act in unpredictable ways."
- The ID theft concern is great. "We worry that ID theft will become such a danger that people would stop shopping and doing stuff online.
RSA 2012 Usually the bête noire of the annual RSA conference is the criminal hacking community, but security guru Bruce Schneier asserts that government, business, and the military may well pose a bigger threat to security professionals.
"The current risks to internet freedom, openness, and innovation don't come from the bad guys -- they are political and technical. I suppose I should call this talk 'Layer eight and nine threats'," he told his audience on Tuesday at RSA 2012.
Attempts at ill-conceived legislation are a major concern, he said.
Cybercriminals are not the greatest threat to Internet security. It's the many forces trying to bend the world's computer network to fit their interests.
That's according to Bruce Schneier, a renowned security technologist and author of several books, including "Applied Cryptography." Schneier told attendees Tuesday at the RSA Conference that the three greatest dangers are Big Data companies, poorly thought out government regulations, and the cyberwar arms race.
These threats foster instability through those lobbying for changes that further their self-interests, instead of what's better universally, Schneier said.
Dennis Fisher talks with cryptographer and author Bruce Schneier about his new book, Liars and Outliers, the role of trust in society and security, the ways in which technology helps promote trust and how various groups and actors defect the norm and take advantage of that trust.
Jean Friedman interviewed Bruce Schneier about his talk at RSA 2012.
Modern society depends on trust more than we realise, and the basis for that trust is security. The trick, says the security guru, is preserving the forces that allow us to trust one another, while also knowing who not to trust
You're best known as a security expert but our theme today is "trust". How would you describe the connection between the two?
Security exists to facilitate trust. Trust is the goal, and security is how we enable it. Think of it this way: As members of modern society, we need to trust all sorts of people, institutions and systems.
As Bruce Schneier spent the past decade watching the growing rash of phishers, malware attacks, and identity theft, a new Internet threat has emerged that poses even greater risks, the security expert said.
Unlike the security risks posed by criminals, the threat from government regulation and data hoarders such as Apple and Google are more insidious because they threaten to alter the fabric of the Internet itself. They're also different from traditional Internet threats because the perpetrators are shielded in a cloak of legitimacy. As a result, many people don't recognize that their personal information or fortunes are more susceptible to these new forces than they ever were to the Russian Business Network or other Internet gangsters.
Security Myth No. 1: "More Security is Always Better."
Bruce Schneier, security expert and author of several books, including his most recent, Liars and Outliers, explains why this security concept of "you can't get enough" that's often bandied about is off the mark to him. Schneier explains: "More security isn't necessarily better. First security is always a trade-off, and sometimes additional security costs more than it's worth. For example, it's not worth spending $100,000 to protect a donut.
Bruce Schneier is concerned that without trust, society itself may be impossible
Socrates famously asked if a person could lead a just life in an unjust society. A new book, Liars & Outliers, by Bruce Schneier doesn’t in so many words raise the question, Can a person lead a secure life in an insecure society? but it does answer it. There’s only so much we can do without there being a framework of trust: There have to be moral codes; peer pressures are needed; institutions have to have their own codes of conduct, and so on.
Society runs on trust and would collapse without it. The interconnectedness of the modern world creates new and dangerous risks to trust.
Bruce Schneier's recent book Liars and Outliers is a philosophical exploration of the role of trust in society, and is likely to appeal more to policy makers and academics than to information security practitioners. He describes how theories regarding trust (and perhaps trust itself) have evolved over time and sets this within the context of today's global interconnected society.
Schneier has done a very careful literature review, citing theories and experiments across multiple disciplines such as sociology, anthropology, and psychology.
Liars and Outliers, Bruce Schneier's most recent security-related text, is an interesting and wide-ranging review of trust in commerce and broader society. And I do mean wide-ranging -- he covers everything from the implications of early mankind's organization into groups of around 150 individuals (the "Dunbar number") to reputation systems such as eBay and Yelp reviews. Liars and Outliers doesn't hang together quite as well as his previous books, but it's still a terrific primer for readers who want more insights into the complex world of security and trust.
I had the opportunity to speak with Dr. Schneier about his book.
Bruce Schneier’s new book explores the relationships of trust on which civilization depends
Bruce Schneier is a security icon, the cryptological equivalent of action-movie superstar Chuck Norris, able to straighten elliptic curves with his bare hands. Liars & Outliers isn’t the book you’d expect from someone whose portrait adorns posters—nor from the coauthor of several important encryption algorithms (one of them a finalist for the next generation of national encryption standards).
On his blog, Schneier reminds us almost daily that protecting our secrets with a 4096-bit key doesn’t do much good if we have to tape the new pass phrase to our monitors, and that an unforgeable ID card can be a very bad idea if someone can get one by slipping 20 bucks to a file clerk. In Liars & Outliers, however, he takes an almost Aristotelian step back from those frontline concerns to discuss the first causes of security: the kinds of trust that security measures help to enable; why we secure things in the first place, even when—indeed, especially when—we know that security will never be perfect; and why we probably shouldn’t even want security to be perfect.
Since the days when Plato and Aristotle walked this Earth, philosophers have debated what constitutes the ideal state and, more specifically, what holds societies together. Why doesn't society just fall apart? How does society function when you know you can't possibly trust everyone in it? And why aren't we living in what Thomas Hobbes memorably referred to as a state of constant "war of all against all"?
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.