News in the Category "Text"
Page 61 of 64
Secrets and Lies: Digital Security in a Networked World
Internationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how to assess business and corporate security needs, and much more…
Ain’t No Network Strong Enough
Master cryptographer Bruce Schneier's Secrets and Lies explains why computer security is an oxymoron.
The cloak-and-dagger capers of computer no-goodniks may seem like prime page-turning material, but most books on the subject have all the sex appeal of a VCR manual. The typical tome on digital security is a dreary assemblage of techno-jargon, geared toward the small clique that gets its hardcore jollies from Perl programming. Most laymen are asleep by Page 10, or at least yearning for their dog-eared copy of “Hannibal.”
Bruce Schneier, master cryptographer and idol of the computer underground, targets those short-attention-spanners in his latest book, …
Software Development Magazine Product Excellence Awards
Bruce Schneier’s book Secrets and Lies won a Productivity Award in the 13th Annual Software Development Magazine Product Excellence Awards.
Words of Warning from a Cyber-Security Guru
Bruce Schneier of Counterpane Internet Security says computing today is unsafe at any speed. But we can minimize the dangers
Hardly a week goes by when corporate computing czars don’t have to absorb some rude piece of news from the security front. It may be a gaping hole somebody discovers in a browser or e-mail system, or a virulent new pest with a name like Melissa or Worm.ExploreZip. Against these mounting threats, the usual defensive arsenal of virus-scanning software, encryption, and firewalls seems flimsy indeed.
Brace yourself: The situation is going to get worse, according to Bruce Schneier, 36-year-old cryptography guru and author of Crypto-gram, an influential monthly newsletter. As new releases of common software grow more complex—and interact with one another in ways that nobody can predict—security products purchased off-the-rack will offer less and less protection from malicious viruses and hackers, Schneier warns. To be safe, companies may once again have to reengineer how they do business on the Net…
Crypto Guru Bruce Schneier Answers
Most of the questions we got for crypto guru Bruce Schneier earlier this week were pretty deep, and so are his answers. But even if you’re not a crypto expert, you’ll find them easy to understand, and many of Bruce’s thoughts (especially on privacy and the increasing lack thereof) make interesting reading even for those of you who have no interest in crypto because you believe you have “nothing to hide.” This is a *long and strong* Q&A session.
First Bruce says, by way of introduction…
“I’d like to start by thanking people for sending in questions. I enjoyed answering all of them…
Editors' Choice: Security Suites
Excerpt
The Internet is not a danger zone, but you do need to take steps to safeguard your PC and your privacy. Of the products we tested, these four tools offer the best personal protection.
…
Password Safe 1.7
Counterpane Systems’ Password Safe is an easy, secure, and free solution to the password problem. Password Safe locks all of your user names and passwords in a vault and encrypts them using the strong Blowfish algorithm for maximum protection.
Windows-Based VPNs Not "Industrial Strength"?
In a paper released last week, computer security specialists from Counterpane Security and L0pht Heavy Industries went over with a fine-tooth comb Microsoft Corp.’s built-in Windows virtual private network (VPN) support.
Their target: Microsoft Point-to-Point Tunneling Protocol (PPTP) version 2. Their conclusions? While better than version 1, MS PPTP still leaves VPNs open to attack.
PPTP is a generic protocol that allows Point-to-Point Protocol (PPP) connections to pass through firewalls. The resulting connection is treated as if it had originated behind the firewall, creating a VPN. MS PPTP is Microsoft’s implementation of the PPTP, and is built into the Windows 95, 98, and NT operating systems. While VPN vendors are increasingly moving towards IPSec, PPTP remains important because of its wide distribution on Windows platforms…
Applied Cryptography / Bruce Schneier
This review also appeared in Slashdot.
More than any other field in computer science, cryptography is associated with computer warfare. Recent international treaties define cryptographic algorithms as weapons, and the laws of many countries prohibit either the development, the usage, or the export of cryptographic algorithms. Yet while feared by governments, cryptography is one of the most fascinating—and useful—fields of algorithmics.
The whole point of cryptography is to solve problems. (Actually, that’s the whole point of computers—something many people tend to forget.) Cryptography solves problems that involve secrecy, authentication, integrity, and dishonest people. You can learn all about cryptographic algorithms and techniques, but these are academic unless they can solve a problem…
Random Acts of Cryptography
For encryption developers, a secure system is only as good as its pseudorandom number generator (PRNG). PRNGs produce unique keys that can lock and unlock encrypted data. But Bruce Schneier, president of Counterpane Systems, says that PRNGs lack security and portability.
PRNGs generate numbers based on a variety of factors, such as a user’s mouse movements, and store this data in an entropy pool, which is later tapped by security software to create an encryption key. PRNGs fail, insists Schneier, because hackers can intercept the entropy source and thus predict the output. His response is Yarrow, a new PRNG with an expanded source that creates a larger, less predictable pool. “We’ve added new randomness,” says Schneier of Yarrow’s unique entropy pool, “like radio noise, arrival times of network packets, and disk-drive latency. Even if the source is turned off,” he says, “it still works.”…
Cryptographers Seek DES Successor
The successor to the aging Data Encryption Standard (DES) will begin to emerge this week as some of the world’s top cryptographers convene to review proposals for a new, advanced encryption standard.
Officials at the National Institute for Standards and Technology (NIST) will kick off the first round of “evaluation and analysis” of proposed DES algorithm replacements at the Advanced Encryption Standard (AES) Candidate Conference in Ventura, Calif., later this week.
“This is sort of the debut of the candidate algorithms and the opportunity for any interested [cryptographer] to find out how they work,” said Miles Smid, manager of NIST’s security technology group…
Sidebar photo of Bruce Schneier by Joe MacInnis.