News in the Category “Written Interviews”
Does latest data dump mean people should throw out their smartphones?
Metro spoke to cybersecurity expert Bruce Schneier about the latest revelations from Wikileaks about U.S. government spying and what they mean to regular people. The leaked documents, which appear to be from the Central Intelligence Agency, describes software tools that the agency uses to hack into cellphones, computers and internet-connected televisions.
Metro: Do these revelations from Wikileaks surprise you at all?
According to the IT security expert Bruce Schneier, the consequences of unrestricted connectivity in the Internet of Things could be devastating. In the interview, he calls for greater security for the Internet of Things (IoT).
"The era of fun and games is over," said Bruce Schneier at the Telekom Security Congress in Frankfurt in November 2016. The American expert for IoT security and cryptography is Chief Technology Officer (CTO) of IBM Resilient.
The hacking of Democratic Party organizations has made internet security germane to the 2016 presidential election campaign. America's intelligence community has accused high-level Russian officials of backing these cyberattacks in an attempt to influence the election result. Such allegations have helped thrust relations between Washington and Moscow to their lowest point in decades.
Meanwhile, the integrity of America's internet infrastructure was tested on Oct. 21, 2016 with a distributed denial of service (DDoS) attack.
Security expert Bruce Schneier discusses security from the perspectives of both the National Security Agency and the National Institution of Standards and Technology.
Since the 1930s at Bletchley Park, there has been a continuous arms race to both improve and break cryptography. The files leaked by National Security Agency (NSA) contractor Edward Snowden made it clear that governments regularly gather data on average citizens, which makes us wonder if privacy is even possible. Do our carefully designed cryptographic systems protect our information as we expect them to, or are they just thin veils that can easily be pierced by the government? I posed these questions to leading security expert Bruce Schneier.
It's going to get worse before it gets better
Security guru Bruce Schneier is a regular at shows like RSA and his talks are usually standing-room-only affairs.
Schneier has written some of the definitive texts for modern cryptography teaching and his current book, Data and Goliath, examines the perils and solutions to government and corporate surveillance of internet users. The Register sat down with him to talk over the news of the day, and to get an idea of where the security industry is going.
Q: First things first—you're the CTO of Resilient Systems, which IBM is in the process of buying.
Networked technology increasingly touches all aspects of our lives. When essential systems are connected to a networked environment, it becomes important to make sure that they're protected from attack. We continue improving the mathematics and algorithms used to secure these systems, but attackers tend to exploit weaknesses in how the math-ematics and technologies are used.
As effective security becomes more vital, many computer science students are becoming interested in making security part of their education.
If the subject is security, chances are Bruce Schneier has an opinion on it, and that opinion has been published somewhere—on his blog, in the New York Times, on the BBC, in the Guardian, in Wired, in one of his 13 books. You get the point. On security, Schneier is among the most well-known and most prolific authorities in the world. Since coming to prominence in the mid-90s through his writings on cryptography, he has testified on the floor of Congress, served on several government committees, coined the term 'security theater' in the wake of 9/11, and hooked a global following of some quarter-million readers through his website and newsletter alone.
The American security guru fears that the diffusion of the software could be used by criminal groups
This interview also appeared in Italian.
You wrote in your blog: "I don't think the company is going to survive". However, at least in Italy and in the US Hacking Team has powerful sponsors...Will they survive?
«It remains to be seen. We know from the leaked documents that they have sold their products to the most repressive governments in the world...and overcharged them whenever possible.
Cyberattacks are getting more frequent, sophisticated and successful. Can organizations adapt security choices to cope better?
Nobody would disagree that IT security is necessary.
At minimum, it's needed to satisfy relevant government and industry compliance regulations, along with your insurance company, investors, suppliers, customers and other business partners. At most, it also protects your data and systems from much-dreaded cyberattacks.
The hard part lies in the details.
Bruce Schneier has been writing about security issues on his blog, his blog, Schneier on Security, since 2004, and in a monthly newsletter since 1998. He writes books, articles, and academic papers. Currently, he is the Chief Technology Officer of Resilient Systems, a fellow at Harvard's Berkman Center, and a board member of Electronic Frontier Foundation.
What do you see as the greatest cyber risks today?
I don't like ranking risks, and I worry that concentrating on the 'greatest' risk obscures all of the other risks. Basically, the big cyber risks are what everyone is talking about.
This week, as part of our new 'Infosec Influencer' series, I had the pleasure of sitting down with Bruce Schneier, an internationally renowned security technologist and one of The State of Security's Top Influencers in Security You Should Be Following in 2015. He has written 12 books, including Liars and Outliers: Enabling the Trust Society Needs to Thrive, not to mention published hundreds of articles and essays. His blog has is read by over 250,000 people, and he is regularly quoted by the press. Additionally, he regularly testifies before Congress and is an advisory board member for EFF and EPIC, among other organizations.
iPhone and mobile banking can feel like setting foot in the jungle: You don't know what's in there, but you suspect a lot of it's not good. We hear a lot of terms thrown around when it comes to iPhone banking security: 128 bit encryption, two factor authentication, security dongles—and a lot of scary anecdotes about millions of credit card account numbers being stolen from this or that company. Getting to the bottom of whether iPhone banking is safe can be confusing at best. So is iPhone banking safe?
Corporate and government IT teams have been rushing to prevent the kind of large-scale cyberattack experienced recently by Sony Pictures, Blue Cross, Anthem, Target, Home Depot and the U.S. Department of the Interior, among others. In each of these cases, hackers from locations around the globe were able to gain access to computer networks housing sensitive information, accounts, and personal data, such as the social security and credit card numbers of consumers and employees. The consequences of such security breaches can be devastating.
A highly respected cryptographer and security expert is warning that David Cameron's proposed ban on strong encryption threatens to "destroy the internet."
Last week, the British Prime Minister told Parliament that he wants to "ensure that terrorists do not have a safe space in which to communicate."
Strong encryption refers to the act of scrambling data in such a way that it cannot be understood by anyone without the correct key or password — even law enforcement with a warrant, or the software manufacturer itself. It's used in some of the most popular tech products in the world, including the iPhone, WhatsApp messenger, and Facebook.
But amid heightened terror fears, Cameron says "we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on."
The Prime Minister first indicated that he would try and clamp down on secure communications that could not be decrypted by law enforcement even with a warrant back in January, in the aftermath of the Charlie Hebdo shootings in Paris. His comments sparked an immediate flurry of condemnation from privacy and security activists, but his recent statements show he's not backing down.
Bruce Schneier has been called a "security guru" by the Economist. He has written 13 books and hundreds of articles, and his influential newsletter Crypto-Gram and his blog Schneier on Security have over 250,000 readers. He has testified before the U.S. Congress, is a frequent guest on television and radio, and has served on several U.S.
This interview originally appeared in French on VICE France.
Today's terrorist attack in the Rhône-Alpes region of France, involving the decapitation of a man, has been met with widespread horror and condemnation. So have those in Tunisia, killing 28, and another in Kuwait killing 25. These horrific events are sure to fuel discussion about how to stop this kind of atrocity happening again.
Following January's Charlie Hebdo attacks in Paris, the French government decided to expedite a new surveillance law.
Bruce Schneier is an internationally renowned security technologist and the author of 13 books—including 'Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World'—as well as hundreds of articles, essays, and academic papers. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Resilient Systems, Inc. You can follow him on Twitter @schneierblog
Christy Quinn: As of Tuesday, President Obama has just signed the USA Freedom Act into law, banning the NSA's bulk collection of telephony metadata. Do you think this marks the acceptance amongst security officials and policymakers in the US that there need to be limits to metadata collection?
Bruce Scheier: It's certainly a watershed moment, because it's the first time the US government has placed limitations on the NSA's metadata collection. The limitations are minimal, and won't have much actual effect on the surveillance of Americans by the NSA.
Over the past two decades, few voices have shouted louder from the rooftops about global cybersecurity and digital privacy concerns than Bruce Schneier. He's the CTO of Resilient Systems, a board member of the Electronic Frontier Foundation (EFF) and has authored 14 books—his latest, Data and Goliath, was published in March.
As Facebook and Google have infiltrated our every waking moment, Schneier warns that these data giants, if left unchecked, could compromise the very principles of a democratic society. Web companies collect metrics like age, gender and social interests (to serve up better advertisements), while cellular networks track everyone's geolocation with homing devices we call smartphones.
Computer security expert Bruce Schneier says there's a big difference between feeling secure and actually being secure. He explains why we worry about unlikely dangers while ignoring more probable risks.
GUY RAZ, HOST:
It's the TED Radio Hour from NPR. I'm Guy Raz. And on the show today, we're exploring ideas about Maslow's hierarchy of human needs, and ranked at number two, security - the second step on the pyramid.
Who are you, and what do you do?
Security expert Bruce Schneier has looked at and written about difficulties the Internet of Things presents - such as the fact that the "things" are by and large insecure and enable unwanted surveillance—and concludes that it's a problem that's going to get worse before it gets better.
After a recent briefing with him at Resilient Systems headquarters in Cambridge, Mass., where he is CTO, he answered a few questions about the IoT and what corporate security executives ought to be doing about it right now. Here's a transcript of the exchange.
What should enterprises worry about when it comes to the Internet of things?
As author of a dozen books plus hundreds of shorter works on security and privacy, security technologist Bruce Schneier, Chief Technology Officer of Resilient Systems, is one of the better known—and frequently quoted—experts in these areas. His "Schneier on Security" blog and Crypto-Gram monthly newsletter are read by an estimated quarter-million people. You can follow him on Twitter @schneierblog.
Schneier's most recent book—a New York Times bestseller—is "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World", which, Schneier said in his blog, "is a book about surveillance, both government and corporate.
Your cellphone emits a signal that tags your location every minute of every day. Your Google search log records your private anxieties and interests. Your text messages and social media accounts capture every detail of your social life. Your store purchases produce records of your spending habits.
MARK COLVIN: The ALP has agreed to support an amended version of the Government's bill to force Internet Service Providers to keep their customers' data for two years.
It'll let government agencies see what we've all been doing on the phone or online.
Bipartisan support means the bill is likely to pass.
The bodies expected to get access range from various police and customs agencies to the Competition watchdog, the ACCC.
Part 2 of our discussion with Bruce Schneier about about the golden age of surveillance and his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World."
AMY GOODMAN: This is Democracy Now!, democracynow.org, The War and Peace Report. I'm Amy Goodman, with Juan González. Our guest is Bruce Schneier. He is a leading security technologist.
Leading security and privacy researcher Bruce Schneier talks about about the golden age of surveillance and his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World." The book chronicles how governments and corporation have built an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency's surveillance practices, less attention has been paid to other forms of everyday surveillance—license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining.
JUAN GONZÁLEZ: We turn now to look at what our next guest calls the "golden age of surveillance." The leading security and privacy researcher Bruce Schneier is out with a new book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. The book chronicles how governments and corporations have build an unprecedented surveillance state.
Bruce Schneier did a one-hour open question and answer session on Gizmodo.
EMMA ALBERICI, PRESENTER: One of the world's leading experts in online security is Bruce Schneier. He's a fellow at Harvard University's Berkman Center for Internet and Society. His latest book, 'Data and Goliath', is about how governments and corporations are using and controlling our data.
I spoke to Bruce Schneier from Minneapolis.
Stop feeling guilty about skimming the Terms of Service. Get mad instead.
Reading this right now?
Congratulations. You're winning.
Yes, all of the usual corporate and government entities know you're here.
In December of 2011, Tripwire published a list of security's top 25 influencers. More than three years later, we are pleased to announce a new list for 2015—The Infosec Avengers!
For each influencer whom we have selected, we include their Twitter handle, blog URL and reasoning for selecting them. We also include their answer for what infosec-related superpower they would choose to have.
After the online breach of JPMorgan Chase, cybersecurity awareness is growing in the financial world. But what exactly is cybersecurity (and cybervulnerability)? What can or cannot be done to make sensitive information more secure?
A leading computer security and privacy expert, Bruce Schneier is one of the world's most recognizable voices on cybersecurity, author of the popular security blog Schneier on Security, board member of the Electronic Frontier Foundation, and CTO of Co3 Systems.
Democrats didn't need this: Another cyberattack on an unclassified White House computer network (and unconfirmed reports of Russian involvement) in the closing days of a midterm election in which voter frustration toward President Barack Obama, government dysfunction and national security fears already are hurting their chances of hanging onto control of the Senate.
Chinese hackers reportedly targeted White House staffers' Gmail accounts in 2011. The next year, Chinese hackers reportedly used spear phishing to break into an unclassified network of the White House Military Office. But the problem didn't start with Obama—attempted cyberattacks on the White House date at least to 2008, during George W. Bush's administration.
Almost a year and a half after the Snowden revelations, it’s business as usual for America’s giant global eavesdropping and spying organisation: the NSA, the National Security Agency.
As revelations continue to unfold, legislative attempts to rein in the NSA's powers appear to be stalling. But, Harvard University security analyst Bruce Schneier says the situation is unacceptable.
In the future, argues Schneier, people will look back at the way we ignore privacy today and ask "how could we be that immoral?" He’s put forward his own plan for breaking -up the NSA, and in so doing, bringing its activities under greater civilian control.
Security technologist Bruce Schneier tells DW why he finds it curious that the German BND is getting a free pass on surveillance and why Europe should take the lead on protecting privacy in the digital age.
DW: One year ago the Guardian published the first article on the NSA's surveillance activities based on the disclosures of Edward Snowden. Many other revelations have followed since and triggered a robust international debate about surveillance and privacy. Now one year later what is the most significant consequence of Snowden's disclosures?
Bruce Schneier: Right now the most significant consequence has been the knowledge that has fueled the debate. A lot of what we have read from these NSA documents isn't surprising, but the details make them real in a way that speculation doesn't.
In today's interconnected world, all it takes is one security mistake to make your whole world come crashing down. Who better to turn to for advice than security expert Bruce Schneier?
If you have even a passing interest in security matters, then you've surely come across the writings of Bruce Schneier, a world-renowned security guru who has served on numerous government committees, testified before Congress, and is the author of 12 books on security issues so far, as well as countless essays and academic papers.
After hearing about Schneier's newest book, Carry On: Sound Advice from Schneier on Security, we decided that it was about time to reach out to Bruce to get some sound advice concerning some of our own pressing privacy and security concerns.
Bruce Schneier is the man who literally wrote the book on modern encryption, publishing Applied Cryptography in 1994, and for the past 20 years has been an important and sometimes outspoken voice in the security industry.
He founded the firm Counterpane Internet Security (later sold to BT), and is also a board member of the Electronic Frontier Foundation and an Advisory Board Member of the Electronic Privacy Information Center.
More recently he's been working on documents released by Edward Snowden on NSA activities and presented his findings at this year's RSA conference in San Francisco. The Register took the opportunity of sitting down with Schneier at the event and chewing through the current state of security, privacy and government intrusion online.
Cyptographer, essayist, book author, free thinker, privacy advocate and cybersecurity thought leader Bruce Schneier announced a few days ago that he's joining Co3 Systems as its new CTO. The Cambridge, Mass.-based start up helps companies comply deal with data privacy and data loss disclosure regulations. Schneier shared what's top of his mind with CyberTruth.
CT: You started in encryption, and had a great run as a globe trotting cybersecurity guru.
Becoming a fellow isn't your first interaction with the Berkman Center—you spoke here in April about "IT, Security, and Power" with Jonathan Zittrain. In light of that talk and the research you intend to conduct exploring the intersection of security, technology, and people, can you tell us more about the direction your research is going in, any challenges you currently face, and what you will be focusing on as a Berkman fellow?
I've been thinking about several things, all centered around power in the information age. I summarized them here before my Spring Berkman visit, and perhaps it's better to send readers there than to rewrite what I wrote then. Since then, of course, I have been thinking and writing about the Snowden documents and ubiquitous Internet surveillance.
There needs to be wider debate on the value of privacy on the internet — and in society as a whole, a leading computer security and privacy specialist said at the Summit on the Global Agenda in Abu Dhabi. Cryptographer Bruce Schneier says classified documents leaked by former US National Security Agency contractor Edward Snowden could ultimately make all internet users more secure.
The documents leaked by the American whistleblower show how easy it is for parties to indiscriminately capture the personal data on a global scale, said Schneier, who is participating in the summit as a member of the Global Agenda Council on the Future of the Internet. The future of surveillance has been identified as an urgent emerging issue by Global Agenda Council Members in the World Economic Forum's 2014 Outlook report.
During a podcast on Occupy Radio, the host and a renowned security expert Bruce Schneier get to discuss the NSA practices in terms of treating citizen privacy and other related issues.
- Bruce Schneier is an internationally recognized expert on cryptography and data security. He was dubbed a 'Security Guru' by the Economist magazine. His most recent book is 'Liars and Outliers: Enabling the Trust that Society Needs to Thrive'. Bruce's newsletter, Cryptogram, and his blog Schneier on Security are read by over a quarter of a million people.
The security researcher Bruce Schneier, who is now helping the Guardian newspaper review Snowden documents, suggests that more revelations are on the way.
Bruce Schneier, a cryptographer and author on security topics, last month took on a side gig: helping the Guardian newspaper pore through documents purloined from the U.S. National Security Agency by contractor Edward Snowden, lately of Moscow.
In recent months that newspaper and other media have issued a steady stream of revelations, including the vast scale at which the NSA accesses major cloud platforms, taps calls and text messages of wireless carriers, and tries to subvert encryption.
This year Schneier is also a fellow at Harvard's Berkman Center for Internet and Society.
In an effort to undermine cryptographic systems worldwide, the National Security Agency has manipulated global encryption standards, utilized supercomputers to crack encrypted communications, and has persuaded—sometimes coerced—Internet service providers to give it access to protected data. Is there any way to confidentially communicate online? We speak with security technologist and encryption specialist Bruce Schneier, who is a fellow at Harvard's Berkman Center for Internet and Society. He has been working with The Guardian on its recent NSA stories and has read hundreds of top-secret NSA documents provided by Edward Snowden.
Five More Questions: Privacy Expert Bruce Schneier Sees Outdated Data Laws Benefiting Feds, Businesses
Editor's note: Five More Questions is an occasional series by Brian Lambert that follows up on people who recently made news.
Bruce Schneier has carved out an interesting niche for himself.
The southwest Minneapolis resident has become one, if not the best-known, of credible voices on the topics of privacy and security, personal and otherwise. His thinking on matters from Edward Snowden and the NSA to the nexus of government and corporate data-mining has made him a regular presence on The Atlantic, Forbes, Foreign Policy, Bloomberg and Guardian websites.
It also earned him a nod in the current issue of Wired magazine as one of the 101 essential "signals" (as opposed to "noise") to follow on the Internet.
As Edward Snowden is linked to one country after the next, the media has its eye fixed on where he will next request asylum. (Today, it's Russia.) Meanwhile, back at US headquarters, as NSA officials speak in a House Judiciary Committee hearing, the agency is still doing what it's doing. To get more information on exactly what that means, the TED Blog wrote to two security experts, Bruce Schneier (watch his talk) and Mikko Hypponen (see his talk), to ask them about what it is we should be worried about. Turns out, pretty much everything.
From online companies tracking users' digital footprints to the trend for more and more data to be stored on cloud servers, Internet privacy seems like a thing of the past -- if it ever existed at all. RFE/RL correspondent Deana Kjuka recently spoke about these issues with online security analyst Bruce Schneier, author of the book "Liars and Outliers: Enabling the Trust Society Needs to Survive."
RFE/RL: It is no secret that online companies like Google, Facebook, and Twitter are tracking users' digital footprints. How accurate are these online profiles? What are they used for, other than advertising?
Bruce Schneier: We don't know how accurate it is.
A couple weeks ago we asked Bruce Schneier if he would be kind enough to respond to a few questions about security related to critical infrastructures such as the power grid. We are delighted and honored that Mr. Schneier would take the time from his busy schedule to answer our request! Below is a perspective that we are certain you will find interesting and useful in your quests to build and support practical security solutions at your organization.
Q1: There seems to be a great deal of fear and hyperbole about potentially catastrophic cyberattacks against critical infrastructure such as the power grid. How do we clear away the hype and determine what threats realistically exist and what should the industry consider doing about them?
Bruce: With expertise.
Bruce Schneier is a bestselling author, TED speaker, and the founder and chief technology officer of BT Managed Security Solutions. ReadWrite got the chance to speak with the candid technologist about digital feudalism, widely considered one of the foremost voices in the world of security and privacy, government regulations and the reality of cyber warfare.
Online Lord & Vassal
ReadWrite: I read your blog post the other day about Facebook having a "feudal lord" relationship with its users. Tell me what feudal security is.
Computerworld Hong Kong (CWHK): Are we actually any more secure today than we were five years ago?
Bruce Schneier (BS): In short, no. It's interesting that every year we have new technologies, new products, new ideas, companies and research, yet people continue to ask why things are so bad with security? And the answer is that fundamentally the problem is complexity.
As we all buy smartphones and use the cloud, we are doing something that's never been done before: trusting a few big IT companies with our lives. That's not necessarily in our best interest, but we have no choice.
So says world-famous security expert Bruce Schneier.
Schneier's latest book, "Liars and Outliers," looks at the psychology needed to keep humans safe.
Bruce Schneier, the well-known American cryptographer and security specialist, gives an interview to Radio New Zealand's Bryan Crump during his visit to the country, discussing real-world security issues and whether anti-terror measures done by the authorities worldwide are as effective as expected.
(Bryan Crump): -- Bruce Schneier is a security specialist who seems to be trying to talk himself out of a job. His point is a lot of what we do to protect ourselves against terrorism is pointless. The best weapons against terror are, in his opinion, good intelligence and refusing to be terrorized. Bruce is based in the United States of America, was in New Zealand for a conference on identity and identity theft.
Stuxnet Cyberattack by US a "Destabilizing and Dangerous" Course of Action, Security Expert Bruce Schneier Says
Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran's uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S.
Modern society depends on trust more than we realise, and the basis for that trust is security. The trick, says the security guru, is preserving the forces that allow us to trust one another, while also knowing who not to trust
You're best known as a security expert but our theme today is "trust". How would you describe the connection between the two?
Security exists to facilitate trust. Trust is the goal, and security is how we enable it. Think of it this way: As members of modern society, we need to trust all sorts of people, institutions and systems.
Liars and Outliers, Bruce Schneier's most recent security-related text, is an interesting and wide-ranging review of trust in commerce and broader society. And I do mean wide-ranging -- he covers everything from the implications of early mankind's organization into groups of around 150 individuals (the "Dunbar number") to reputation systems such as eBay and Yelp reviews. Liars and Outliers doesn't hang together quite as well as his previous books, but it's still a terrific primer for readers who want more insights into the complex world of security and trust.
I had the opportunity to speak with Dr. Schneier about his book.
Homeland Security NewsWire: In your opinion, what is the cause behind the recent increase of sophisticated cyber attacks against major corporations and government entities by hacktivist groups like Anonymous, AntiSec, and LulzSec?
Bruce Schneier: I'm not sure there has been any recent increase of sophisticated cyberattacks. There has certainly been a recent increase in the press reporting incidences of sophisticated cyber attacks. I think this is because several groups have attached them to political causes -- for example the torture of Bradley Manning by the United States -- and because media attention begets more media attention.
BT's Bruce Schneier has made a reputation for himself by exploring the unconventional sides of security. Drew Amorosi sat down with this industry luminary to gain a greater understanding of the man and, briefly, dive into the mind and life that is Bruce S
Bruce Schneier is, without question, a superstar of the security industry. Often labeled as a security "expert" or "guru," there is perhaps nobody in the field that is more often quoted or respected. His name is as synonymous with security as Michael Jordan's is with basketball, or the Beatles are with rock and roll. But, as he told me when I sat down with him in London this spring, "Bruce Schneier the security celebrity" was spawned from rather accidental beginnings.
As Russia reels in the aftermath of a brutal terror attack yielding an estimated 35 casualties at Domodedovo Airport -- Moscow's busiest -- much of the awe and reaction toward this specific incident is focused on the location: not just an airport, but a restaurant at an airport, outside of the baggage claim, before anyone reaches a security checkpoint. Especially as the terrorists in question are initially being reported as Arab, governments (and specifically: ours) beginning to react on their own turfs outside of Russia is a given. Yet, while responses by Western Governments to terror attacks anywhere are subject to variables generally extending to who's been attacked, who has done the attacking, and whether continuity within the attack is a possibility, they all typically have a common link: the intensifying of security at corresponding locations. Is that going to happen here?
Since 9/11, cryptology expert and security consultant Bruce Schneier has been one of the most pointed critics of the government's anti-terrorism security programs. In his 2003 book "Beyond Fear," he coined the phrase "security theater" to refer to measures which are undertaken not because they will be effective at thwarting attacks, but because the agencies carrying them out need to appear to be doing something useful. We spoke to Schneier about the recent controversy involving the Transport Security Agency's use of invasive scanners and full-body pat-downs.
Q: What is really being seen by these machines?
As an author of books on security, the influential Crypto-Gram newsletter and the blog Schneier on Security (www.schneier.com), as well as a frequent guest on TV and radio, Bruce Schneier has become something of a celebrity in the world of security: He may be the only CSO whose likeness is used to sell T-shirts. Still, the most rewarding aspect of his career, as he conveyed in this interview conducted by e-mail, is that he believes he is having an impact on people's thinking about security.
CSO: What are three fail-proof principles of security leadership?
Bruce Schneier: One, tell the truth as you see it. Two, don't be afraid to change your mind.
In the wake of Shahzad's arrest, the dangers of disposable phones are likely to be scrutinized once again -- and there are sure to be renewed calls for their closer regulation. We called Bruce Schneier, security technologist, chief security technology officer at British Telecom, and author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," to find out how dangerous they really are.
How dangerous are these disposable cellphones from a national security perspective?
I think it's a trivial danger. There are a lot of people who will say these anonymous cellphones are bad, that we're all going to die.
Schneier on security, SSL and squid
V3.co.uk managed to get five minutes with security legend Bruce Schneier at RSA 2010 in San Francisco to get his views on the current threat landscape.
Yesterday we saw a presentation saying that anti-virus systems are failing 10-30 per cent of the time. What's your take on that?
I don't believe that, otherwise I'd be infected with lots of malware. If it is, I'm not paying attention.
If one were to close one's eyes and imagine a BT Executive, one would never conjure up Bruce Schneier. He is one of the greatest experts in cryptography, and a well-known mathematician. He even got a brief mention in the book The Da Vinci Code. He also remains an outspoken and articulate critic of the way that security is actually implemented in applications, as Richard Morris found out when we dispatched him to interview him.
Once a sleepy IT backwater, Identity Management has been thrust into the spotlight over the past few years.
Der Experte für IT-Sicherheit über Lauschangriffe ohne Nutzwert, notwendiges Vertrauen und Daten als Umweltverschmutzung des Informationszeitalters
Lufthansa Exclusive: Mr. Schneier, Sie sind Spezialist für IT-Sicherheit und Kryptografie. Trotzdem als Erstes eine Frage, die eher ins Fach Psychologie fällt. Ich versende manche E-Mails verschlüsselt, das eingebaute Mikrofon meines Computers ist im Normalfall deaktiviert, auf meiner Festplatte befindet sich eine verschlüsselte Partition. Und wenn ich ein wirklich vertrauliches Gespräch unter vier Augen führen wollte, würde ich den Akku aus meinem Smartphone entfernen.
Could you please tell us how you got involved in security?
Cryptography has always been a hobby of mine. My first job after college was with the Department of Defense. Years later, I was laid off from AT&T Bell Labs; I started writing about cryptography for computer magazines, and then my first book: Applied Cryptography. I also started doing cryptography consulting, forming a company Counterpane.
Bruce Schneier, my security guru, thinks that the President should confront the American people with the hard truth: Onerous new security regimes in our civilian aviation system won't protect us. What will protect us is our own resilience. I had an e-mail exchange with Bruce yesterday, and here is an edited transcript:
Jeffrey Goldberg: Do you think that we are moving toward the Israelification of American airport security?
Bruce Schneier: I don't think it's possible.
BT Group PLC Chief Security Technology Officer Bruce Schneier logs long hours trudging through airports to attend conferences and speaking engagements on a wide range of security issues. By his own count, he will take 170 flights this year.
Mr. Schneier relishes pointing out flaws in institutions' security plans--sometimes testing the boundaries himself--and has been a critic of post-9/11 security measures like those at airports. He recently spoke to The Wall Street Journal about "airport-land" rules, skipping to the head of the security line and getting your sandwich taken by the U.S.
Leading security expert Bruce Schneier was in London this week on a whirlwind lecture tour. ZDNet UK caught up with the ex-NSA man, who is now BT's chief security technology officer, at lectures in parliament and at University College London.
Schneier talked to ZDNet UK about his views on behavioural advertising, the efforts of various governments to tackle unlawful file-sharing, cyber-warfare and vendor lock-in.
Q: The UK government is currently trying to pass the Digital Economy Bill, which includes provisions to penalise unlawful file-sharing. Is this technically feasible?
A: The problem with a lot of these measures is that they only affect the average user.
Cybercrime is just like any other type of crime only with different tactics, Bruce Schneier tells Infosecurity.
"In information security there are very real threats, and the main threat is crime," Schneier said, although he also pointed out that many information security threats are due to 'accidents' rather than malice.
Another trend going forward, is the interaction between IT and physical systems such as ID cards, ATM machines, Oyester cards, etc. "When the physical hits the IT world.
Managing security effectively is critical when sharing data over the internet
Dubai: Online security, server crashes, disaster recovery, data theft, cyber crime... these are just some of the challenges faced by businesses worldwide.
How does one handle them? The solution lies with the information technology departments and their heads — usually chief technology officers.
In a security industry full of FUD and hype, cryptographer and consultant Bruce Schneier offers a no-nonsense reality check verging on social commentary.
He has worked on numerous ciphers, hash functions, and other cryptographic algorithms that are arcane to the average computer user but which have been instrumental in protecting the privacy of data. But his influence extends beyond the world of encryption.
Schneier wrote several bestselling books--including "Secrets and Lies: Digital Security in a Networked World," "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," and his latest, "Schneier on Security"--that provide perspective on risks and threats in everything from e-mail to airport security.
Security guru Bruce Schneier says that whatever cloud computing is, the security issues and conversations around it are nothing new. The key, he says, always comes down to trust and transparency.
Cloud computing is all the buzz. Amidst all the noise, a lot of the discussion has been about what cloud computing actually is. Some say it is anything you consume outside the firewall.
Security guru Bruce Schneier is best known as the developer of the Blowfish and Twofish encryption algorithms and author of books that examine security and society. He is the chief security technology officer of BT Group and a founder and the chief technical officer of BT Counterpane. Described by The Economist as a "security guru," Bruce has authored a series of books on security and related technologies. His first bestseller, Applied Cryptography explained how the arcane science of secret codes works, and was described by Wired as "the book the National Security Agency wanted never to be published." His latest book, Beyond Fear, tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security.
The IAPP is pleased that security guru, chief technologist and author Bruce Schneier will present a keynote address at the Privacy Summit, March 11-13 in Washington, DC. Here's a preview of what you'll hear when Schneier takes the stage.
IAPP: You have a cult-like following youon Facebook. One group is called Bruce Schneier for president (31 members); another calls itself Bruce Schneier is my hero (200 members).
Security expert Bruce Schneier talks about privacy and property in the information state
As Washington, D.C., gears up for the inauguration, there's one thing that you're not seeing around town. Shoe-checking stations. While one attempted shoe bombing was enough to make all of us wander unshod through the airports of this great nation for years -- there will be security check points all over Capitol Hill -- shoe checking will not be part of the action.
Bruce Schneier, a security commentator and author who The Register calls, "The closest the security industry has to a rock star," took time to correspond via e-mail with Government Technology about the latest security threats to public-sector IT.
He publishes a popular blog and newsletter on Schneier.com. His most recent book, Schneier on Security, is a collection of previously published essays on security-related topics, such as identification cards, cyber-crime, election security and the psychology of security.
A few CIOs in government are touting "user-generated government" -- i.e., mash-up applications and open source built by citizens.
Bruce Schneier's evolution of interests is well documented, moving from encryption to broader and broader perspectives on security. (Hence his recent appearance on 60 Minutes, commenting on TSA's airport screening procedures.) To bring wider perspectives to bear on security issues, Schneier (Chief Security Technology Officer at BT) held in 2008 the first Workshop in Security and Human Behavior, with participants from a broad swath of disciplines including economics, psychology and more. Schneier spoke with CSOonline about his multidisciplinary view of the field and plans for 2009.
CSO: What was the biggest surprise or most enlightening development at the Workshop in Security and Human Behavior?
The most interesting aspect of the workshop was how different the ways in which people were thinking about the same sorts of issues.
There are no easy solutions to today's security challenges, and companies often approach them in the wrong way, says Bruce Schneier.
Talking with security expert Bruce Schneier does not always leave a person feeling more secure. That's because Schneier doesn't sell easy solutions. Instead, he challenges businesses, governments and individuals to examine their assumptions about risk, to eschew simplistic answers and to accept the fact that no system is—or can be—perfectly secure.
Now the chief security technology officer of BT, Schneier worked at the Department of Defense and Bell Labs before founding Counterpane Internet Security, which was acquired by BT.
He might be called the international rock star of computer security. Having testified before Congress and given well-regarded speeches the world over, when Bruce Schneier talks about security, experts listen. A prolific author, he has penned articles for publications ranging from Wired to The Guardian to the Sydney Morning Herald. His books include Applied Cryptography, which delves into the science of secret codes, and Beyond Fear, which details how to protect security on the personal and national level.
An edited version of this interview will appear in CIO Insight.
Schneier: The security of voting machines points to two big issues. The first one is that security is actually very hard. People think technology magically makes security worries a thing of the past, but it's just not true.
Checking in with expert Bruce Schneier about the state of security.
DDJ: A decade ago, you said that computer security, with all of its advances, would likely get worse in the future. Is this the way things turned out? If so, why? And what does this tell us about the next 10 years?
It's been ten years since Bruce Schneier - founder of security monitoring firm Counterpane Internet Security - launched his newsletter, Crypto-Gram, which expanded from covering computer security issues to a broader investigation into security issues of all sorts. Now Counterpane belongs to BT, where Schneier is chief security technology officer, and as he tells global technology editor John C Tanner security is still a hard sell
Telecom Asia: Your background is computer security and cryptography - how did you end up applying that knowledge into the world at large?
Schneier: I think it's just what happens when I start looking at something. I start looking at the bigger picture. The first sort of major milestone was the post 9/11 issue.
One of the meetings held in conjunction with the recent World Congress on Information Technology (WCIT) 2008 in Kuala Lumpur was the Infosec.my information security conference and the International Multilateral Partnership Against Cyber Terrorism (IMPACT) World Cyber Security Summit. While the thought of combating cyber terrorism is exciting, Bruce Schneier, founder and chief technical officer of BT Counterpane, thinks the term "cyber terrorism" is misleading and its usage cheapens the meaning of terrorism.
"Cyber terrorism is a myth," he says. "We all know what terrorism is; it involves innocent people being killed in a very public way, in an attempt to cause terror in the greater population."
However, Schneier does believe very much in cyber threats and thinks governments should do more, such as cooperating to use their collective bargaining power to demand more security from software vendors.
For Bruce Schneier, the security discipline still evolves and expands. Now he's the one trying to expand it.
In September 2003, CSO published a groundbreaking interview with security guru Bruce Schneier. At the time, Schneier was evolving from cryptographer to general security thinker. An emerging generation of Internet criminals and the new realities of a post-9/11 world were fueling his ideas beyond information security to the broader realm where technology and the physical world interacted. He was beginning to see security as a social science.
Bruce Schneier is one of the foremost experts on cryptography and is a well-known security author and commentator. He is the founder of the managed security services company Counterpane, which was acquired in October 2006 by BT. Schneier sat down with IDG News Service at the Infosec security show in London to talk about the effectiveness of security products and the psychology of security.
Are antivirus products just making money by giving people a "feeling" of security rather than true security?
Schneier: Antivirus is easy.
What follows is a transcript of my discussion with Bruce Schneier, Founder and Chief Technology Officer of BT Counterpane and the well-known Schneier on Security blogger. In this podcast we discuss current vulnerabilities, what the future of the security industry will look like, security industry consolidation, encryption, and finally, the time frame for changes in the industry to come about.
First, what threats do you see that companies need to be most concerned with at this point?
The biggest threat right now is crime. About five years ago, criminals discovered the internet in a big way and whether it's identity theft which is fraud or denial of service extortion or other attempts to make money, crime is the primary threat on the net and when we're worried about internet threats, we're worried about crime.
Bruce Schneier and Peter Schoof of ebizQ discuss current vulnerabilities, what the future of the security industry will look like, security industry consolidation, encryption, and finally, the time frame for changes in the industry to come about.
First, what threats do you see that companies need to be most concerned with at this point?
The biggest threat right now is crime. About five years ago, criminals discovered the internet in a big way and whether it's identity theft which is fraud or denial of service extortion or other attempts to make money, crime is the primary threat on the net and when we're worried about internet threats, we're worried about crime.
I've read some of your general comments about, essentially, in a perfect world, the security industry would be unneeded.
An Interview With Bruce Schneier on Science and Security
Earlier this month the National Research Council released a Congressionally-mandated report, "Science and Security in a Post 9/11 World," which recognizes that the 9/11 attacks provoked a misallocation of United States security resources and led to counter-productive security measures. The NRC warns that the widespread practice of labeling scientific research as "sensitive but unclassified" has had grave consequences for our security and our economy. In order to encourage more sensible science-security policymaking, the NRC has recommended the creation of a new high-level Science and Security Commission to give scientists and government security officials a place to deliberate and negotiate security policies as they relate to science and engineering research.
To better understand the relationship between scientific research and national defense, Science Progress spoke with security technologist and author Bruce Schneier about why secrecy makes for bad policy in science and engineering, and whether or not a new institutionalized science-security dialogue would be helpful or simply theatrical.
A recent National Research Council report recognizes that the 9/11 attacks provoked counter-productive security measures that stifle access to fruitful scientific research. Security expert Bruce Schneier talks with Science Progress about the science that makes us smarter and the security that makes us safer.
Earlier this month the National Research Council released a Congressionally-mandated report, 'Science and Security in a Post 9/11 World,' which recognizes that the 9/11 attacks provoked a misallocation of United States security resources and led to counter-productive security measures. The NRC warns that the widespread practice of labeling scientific research as 'sensitive but unclassified' has had grave consequences for our security and our economy.
The following is an excerpt from an interview with Bruce Schneier. Matt Pasiewicz, EDUCAUSE content program manager, conducted the interview at the EDUCAUSE 2007 Annual Conference.
MP: Bruce, perhaps you can get us started by sharing some of your thoughts about the psychology and economics of security.
Schneier: Security is a lot more about people than technology. One thing I've learned from studying economics, the psychology of risk, security, and people is that those problems are actually way harder than the tech problems.
Expert says security benefits must be weighed against tradeoffs
Q: When a company or government entity has a security proposal, how should they evaluate that? What sort of principles should they be looking for to determine whether this is going to be an effective security solution?
A: First, you have to understand that security is a tradeoff. Whether you give money, or time, or convenience, or civil liberties, or American servicemen's lives, you give something and you get some security in return.
Bruce Schneier, founder and CTO of Counterpane, outlines the cybercrime landscape enterprises face today. He explains to CWHK's Stefan Hammond that insiders are a problem, managed security services are a solution, and a determined crew with a chainsaw and a truck is a big problem.
CWHK: Computer security never seems to get better, only worse. Why?
Bruce Schneier: Because security is fundamentally not a technology problem--it's a people problem.
When the good folk at Linux Australia sat down with the organisers of the Australian national Linux conference and decided that Bruce Schneier would be the keynote speaker on the opening day of the main conference, they couldn't have made a more correct decision.
Schneier is a man whose security credentials are impeccable, who's probably the world's top security technologist. At the same time, he can talk about security concepts to a teenager - and the kid will understand exactly what he's saying.
When you realise that this same man is an inventor of the Blowfish, Twofish and Yarrow algorithms, then you begin to understand what the word intellectual means.
Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards and public CCTV security cameras in his keynote address to Linux.conf.au this morning.
These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, he said.
"Camera companies are pushing it, but all the actual data points the other way," Schneier said. "RFID is another one -- the industry pushing it is very much distorting facts."
The discussion of public security -- which has always been clouded by emotional decision making -- has been railroaded by groups with vested interests such as security vendors and political groups, he said.
Author, blogger, cryptographer and security luminary Bruce Schneier shares his opinions on the trends and technology of the last 10 years in information security.
Share your opinion on the most important trend(s) of the last decade; technology trends, as well as overall strategic/business trends?
Bruce Schneier: The most amazing thing about the last ten years is how little things have changed technologically. Firewalls, IDSs, worms and viruses, spam, denial of service: they're all still here. Sure, there have been technological advances in both attacks and defences - phishing is relatively new, for example - but for the most part we're using the same technological defences against the same technological attacks.
What has changed is the business motivations.
Schneier is one of three keynote speakers at Linux.conf.au 2008 and speaks with Dahna McConnachie about his presentation, books and thoughts.
Internationally renowned security guru, Bruce Schneier, will be encouraging technologists at linux.conf.au to take a lesson from Luke Skywalker, and "feel the force" a little more when it comes to security.
Schneier, who is CTO of BT Counterpane, is one of the three keynote speakers at the 2008 Linux.conf.au. He joins Python release manager, Anthony Baxter and founding member of HP's Linux division, Stormy Peters.
Dahna McConnachie speaks with Schneier about his talk, "Reconceptualising Security" and how technologists need to remember the importance of the human element.
Last week, we solicited your questions for Internet security guru Bruce Shneier. He responded in force, taking on nearly every question, and his answers are extraordinarily interesting, providing mandatory reading for anyone who uses a computer. He also plainly thinks like an economist: search below for “crime pays” to see his sober assessment of why it’s better to earn a living as a security expert than as a computer criminal.
Thanks to Bruce and to all of you for participating.
They'll be absorbed by big companies as security gets built into products, Bruce Schneier predicts to OO GIN LEE
He is sounding the death knell of the consumer IT security market.
IT security guru Bruce Schneier is "100 per cent sure" that consumer security products will cease to exist in the future.
"Companies like Symantec, Network Associates and Qualis will be eventually subsumed as part of larger IT vendors," said Bruce, who was in town earlier this month to give a talk to the local security industry.
Bruce who is mentioned in the Da Vinci Code novel as a modern cryptologist, gave the recent examples of IBM buying security company Internet Security Systems (ISS)and British Telecom (BT) acquiring Counterpane, the company he founded.
BT Counterpane's Bruce Schneier talks to Eleanor Dallaway about why he hasn't been fired yet
Bruce Schneier has increased BT's press mentions in the North American press by 21% since the UK telecom giant's acquisition of his firm Counterpane one year ago. BT insists that the acquisition ran smoothly and that the two companies are working well together, and Bruce tells us that the Counterpane people are happy. But it seems there are a few creases in the BT Counterpane story that still need to be ironed out -- Bruce's job title being the first.
"I thought that by now I'd have had a BT title, but find me the person to give me one," Schneier said, speaking to Infosecurity at the RSA Conference on 23 October.
In April, Kip Hawley, the head of the Transportation Security Administration (TSA), invited me to Washington for a meeting. Despite some serious trepidation, I accepted. And it was a good meeting. Most of it was off the record, but he asked me how the TSA could overcome its negative image.
A screen shot of a blocked website in Iran (RFE/RL)
June 27, 2007 (RFE/RL) --A recent reportby Freedom House has detailed a "new form of censorship" that has taken hold in CIS states. A particular target of governments' efforts to control what their citizens read is the Internet -- and blocking websites has become common practice in some countries. RFE/RL correspondent Heather Maher asked Bruce Schneier, chief technical officer of computer-security company BT Counterpane, about how such blocking works and what can be done to counter it.
RFE/RL: How exactly does someone -- a government official -- block a website?
Or is security the computer equivalent of the War on Terror? Bruce Schneier gives us the story.
Bruce Schneier is as close as you can get to being a rock star in the security industry. A cryptographer, computer security specialist and bestselling author of numerous books, he’s written countless articles and columns on security issues. He blogs about them at "Schneier on Security" http://www.schneier.com/blog, and publishes the monthly Crypto-Gram Newsletter that has a global readership of around 130,000.
He also finds time to be active in the industry as chief technology officer of BT Counterpane, http://www.counterpane.com/ a managed security services and consulting company he started in 1999 – plus he's one of our Top 59 Influencers in IT Security .
Security is a trade, says BT's Chief Technical Officer Bruce Schneier: and currently we're trading off the risk of crime on the internet today with the big, scary 'cyber terrorism', which is largely a media creation. Here's more.
Chris Gibbons: Well coming up at the end of the month, 22 to 25 May, in fact is the IT Web Security Summit. Now in recent years, security has dominated the corporate agenda.
Sikkerhetsguru Bruce Schneier forteller det nettbankene ikke tør si.
— Gi opp sikkerhet hvis svindel er billigere!
Bruce Schneier er det nærmeste man kommer en rockestjerne innen it-sikkerhet. Teknologisjefen i BT Counterpane er mest kjent som frittalende blogger, og nyter usedvanlig stor respekt for sin innsikt i sikkerhet.
Spissformuleringene sitter tett når han snakker, og nylig var han i Oslo på Ciscos sikkerhetskonferanse for å snakke om det eneste middelet han tror på for å få orden på it-sikkerheten – ren egeninteresse.
Slik vurderer Bruce Schneier, kjent ekspert innen IT-sikkerhet, Microsofts utvikling de siste årene.
Bruce Schneier er blant verdens mest kjente eksperter på IT-sikkerhet. Han er utdannet innen kryptografi og er gründer og teknisk sjef i et selskap som i fjor høst ble kjøpt av British Telecom (BT). Selskapet heter nå BT Counterpane.
Schneier var i forrige uke i Norge og digi.no fikk en prat med ham.
BT Counterpane's founder and chief technology officer talks to SA Mathieson at Infosecurity Europe
Bruce Schneier packed out the show's keynote theatre when he spoke about 'The Psychology of Security', based on a draft essay he published in February. He outlined a range of research suggesting that our perceptions of a given risk are heightened if it is - among other things - spectacular, discussed widely, outside our normal experience or willingly taken rather than beyond our control. Such biases are ideal for hunter-gatherers living in small family groups in Kenya in 100 000BC, he argues, but not for modern life.
So how does this apply to infosecurity risks?
According to the sleeve of his latest book, Beyond Fear: Thinking Sensibly About Security "in an Uncertain World, Bruce Schneier is the go-to security expert for business leaders and policy makers." If only the policy makers would listen, we'd be safer, happier and still free.
Other books include Applied Cryptography, described by Wired as "the book the NSA wanted never to be published."
Beyond Fear deals with security issues ranging from personal safety to national security and terrorism. Schneier is also a frequent contributor to Wired magazine, The Minneapolis Star-Tribune, and many other fine periodicals. He also writes a monthly newsletter, Cryptogram.
Balancing security and functionality is nothing new. But is there a way to fairly allocate the security costs to the users who benefit from the functionality? We ask the LinuxWorld OpenSolutions Summit keynote speaker Bruce Schneier.
LinuxWorld: Welcome to the Linux World Podcast.
Bruce Schneier started his immensely popular blog Schneier on Security in October 2004. He is the CTO of BT Counterpane and the author of eight books, including the bestselling Beyond Fear: Thinking Sensibly About Security in an Uncertain World, Secrets and Lies: Digital Security in a Networked World, Applied Cryptography, and Practical Cryptography.
Bruce, 44, has a B.S. in Physics from the University of Rochester and an M.S.
Security guru Bruce Schneier busts the myths of post-9/11 safety measures
Bruce Schneier has little patience for pointless security measures. As an internationally acclaimed cryptographer and security expert who travels extensively for work, he encounters them every day. Most airline passengers probably have wondered whether taking off their shoes for airport screeners accomplishes anything. Schneier not only understands why it doesn't, he can explain why it actually make us less secure.
1 - Would a more proactive approach to security—working to ensure that stronger software security is built into applications—work any better than the reactive approaches, such as patches and external software safeguards?
Of course. It's the only possible approach. The notion that we can write lousy software, throw it out into the world and then patch it later has failed. It doesn't work.
Which IT security issues are really important? Which are the main topics enterprises are dealing with in 2006? What is the role of encryption? – When people want to know how security really works, they often turn to Bruce Schneier, internationally-renowned security technologist and author.
Bruce Schneier is an expert for cryptography and computer security, developer of popular crypto algorithms, author of many books and co-founder of Counterpane Internet Security.
scip AG: Hello Bruce. Thank you very much for your time. How is it going?
IsacaRoma: Who are you? Your biography says you are an author, technologist and a "security guru." What is your cultural background? How did you arrive at cryptography and security as a profession?
Bruce Schneier: Security is a mindset, and the best security experts come by the profession naturally.
Mountain View (CA) - Throughout the past two decades, Bruce Schneier has provided one of the most well-reasoned, clear, and unbiased perspectives regarding the broad and complex topic of implementing security and trust in computer systems and networks. Schneier co-developed the widely used Twofish encryption algorithm, authored 1995's ground-breaking Applied Cryptography - which defined how crypto could be used reliably for authentication and communication - and founded network security provider Counterpane, where he currently serves as CTO. But his life's mission of late has been to cast a skeptical eye upon any and every measure that purports to solve the overall problem of security, even from a personal vantage point.
So when Schneier proclaims there's something he actually fears, alarm bells should sound.
You call "identity theft" a misnomer, saying that the fight against fraud might be more effective if we thought of it as impersonation rather than ID theft. Could you elaborate on why?
"Identity theft" doesn't make sense as a term. Your identity is the only thing about you that cannot be stolen. The real crime is fraud due to impersonation.
BRUCE SCHNEIER is an internationally renowned security technologist and author. Described by The Economist as a "security guru," Schneier is best known as a candid and lucid security critic and commentator. He has written articles for, among other publications, Boston Globe, San Francisco Chronicle, Sydney Morning Herald, International Herald Tribune, The Baltimore Sun, Newsday, Salon.com, Wired Magazine, and San Jose Mercury News. He is also the founder and CTO of Counterpane Internet Security, Inc., the world's leading protector of networked information—the inventor of outsourced security monitoring and the foremost authority on effective mitigation of emerging IT threats.
Schneier's book publications include Beyond Fear: Thinking Sensibly About Security in an Uncertain World; Secrets & Lies: Digital Security in a Networked World; Applied Cryptography; Protect Your Macintosh; E-Mail Security; Practical Cryptography (with co-author Niels Ferguson); and The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age or Surveillance (with co-author David Banisar).
Schneier also publishes a free monthly newsletter, Crypto-Gram (http:// www.schneier.com/crypto-gram.html), which counts over 100,000 readers. Additionally, Schneier maintains a weblog, covering security and security technology issues.
Bruce Schneier is founder and chief technology officer of Mountain View, Calif.-based MSSP Counterpane Internet Security Inc. and author of Applied Cryptography, Secrets and Lies and Beyond Fear. He also publishes Crypto-Gram, a free monthly newsletter, and writes op-ed pieces for various publications. Schneier spoke to SearchSecurity.com about the latest threats, Microsoft's ongoing security struggles and other topics in a two-part interview that took place by e-mail and phone last month. In this installment, he talks about the "hype" of SP2 and explains why it's "foolish" to use Internet Explorer.
What's the biggest threat to information security at the moment?
Security expert Bruce Schneier talks with CIO Update about how CIOs can best meet the security challenge.
Bruce Schneier, one of the country's leading computer-security experts, is the author of the highly acclaimed Beyond Fear. This no-nonsense look at security -- both in the real-world and on corporate networks -- dissects security in such a way as to help readers become better consumers of it.
Schneier certainly knows his way around such questions. He is the founder of Counterpane Internet Security, a global provider of outsourced security monitoring services. With a suite of services -- including firewall and IDS device management, vulnerability scanning and consulting -- Counterpane monitors security on more than 400 networks in 32 countries.
Described by The Economist as a "security guru", Bruce Schneier is a well known security analyst who has gained notoriety from his popular security mailing list, Cryptogram, and his 3 books on various security subjects. Bruce was kind enough to take the time to have a chat with Neowin, and talk about himself, security, Microsoft, and much more.
Bruce, thanks for taking the time to talk to Neowin; could you start by giving us a brief history of yourself, what you've done, and what you're doing at the moment?
My security career seems to have been a continuing process of becoming more generalized. First cryptography, then computer security, and now general security.
Bruce Schneier, an international security expert and author
The Sept. 11 Commission's recommendation that Congress create a national intelligence director to oversee the country's 15 information-gathering agencies has been gaining support in recent weeks. But Bruce Schneier, an international security expert and author of numerous books on security technology, said the government should focus more on changing the culture of U.S. intelligence agencies.
The cofounder and chief technical officer of Counterpane Internet Security Inc., a Mountain View, Calif., provider of managed security-monitoring services, Schneier takes a skeptical view of centralized security efforts such as the Homeland Security Department and its U.S.
The following is a conversation between Bruce Schneier -- a renowned security expert and founder and CTO of Counterpane Internet Security, Inc. whose newest book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, explains how security really works -- and Bruce Sterling, whose new techno-thriller, The Zenith Angle, is about computer security and Washington politics. Sterling also wrote The Hacker Crackdown: Law and Disorder on the Electronic Frontier, a nonfiction book about computer hackers and cyber-police. The two Bruces, long-time admirers of each other’s work, got together to discuss the nexus of security, technology, and the real world.
Schneier: We both write about security and technology. I see technology continually changing the balance between attacker and defender.
March 17 - The coordinated train bombings last Thursday in Spain marked the country's deadliest terror attack ever, killing at least 200 and injuring at least 1,500. Indications -- still unconfirmed -- that Islamic fundamentalists with ties to Al Qaeda may have been behind the blasts have prompted emergency meetings among European leaders and raised fears of another attack on the United States. But are Washington's precautions enough? And has its allocation of resources focused too much on air safety and not enough on other forms of public transportation?
Först skrev han "Applied Cryptography" som snabbt blev standardverket om kryptering. Sedan började han tvivla på att kryptering var nyckeln till datasäkerhet.
Datasäkerhet, säger Bruce Schneier, står och faller med mänskligt omdöme. I stället för att jaga efter nya krypteringsmetoder bör vi komma ihåg gamla sanningar som att ingen kedja är starkare än sin svagaste länk.
In his recently released book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, 2003), security guru Bruce Schneier argues for a more common-sense and less technology-centric approach to both IT security and physical security. In this interview with Computerworld, Schneier shares his views on IT security.
You recently co-wrote the report "CyberInsecurity: The Cost of Monopoly. How the Dominance of Microsoft's Products Poses a Risk to Security." Would you have written it if the world had been standardized around another operating system?
It's a gutsy way to start a book on security. In "Beyond Fear," published this month by Copernicus Books, Bruce Schneier asks us to set aside our revulsion and horror to grasp what the 9-11 terrorists accomplished. What they did, he says, was efficient, audacious, well-planned, simple and, from their view, successful. This understanding is key to moving beyond fear and improving security, says Schneier, who created some well-known encryption algorithms—formulas used to scramble and unscramble computer data.
For a while, it seemed as if Bruce Schneier himself was encrypted. No one could decipher his whereabouts for an interview with CSO. This was unusual because Schneier, founder and CTO of Counterpane Internet Security, is usually aggressively available to the press. Plus, he has a new book to promote—Beyond Fear: Thinking Sensibly About Security in an Uncertain World—a decidedly iconoclastic and non-IT view of security.
Bruce Schneier is a rare creature in the computer-security world. Although he made his name as an alpha geek in cryptography and later, as chief technology officer of Net-security outfit Counterpane, Schneier can also speak to laypeople about the general security matters that increasingly touch all of our lives.
In the post September 11 era, he has emerged as one of the more cogent and quotable thinkers on the topic. In particular, he has asked hard questions about the effectiveness of some of the security measures passed after the terrorists' massacre.
Bruce Schneier contends that the strongest security systems benefit from redundancy and variety. And as the Homeland Security Department consolidates a number of different agencies, Schneier warns that entrusting a centralized authority with securing the nation may make the country less, rather than more, secure.
Few in the field of information technology security have more expertise and industry respect than Schneier. Not only is he the author of "Applied Cryptography," one of the seminal textbooks on encryption, but his Two fish encryption algorithm was a finalist far the National Institute of Standards and Technology's new Federal Advanced Encryption Standard.
Tech entrepreneur Bruce Schneier is one of America's best-known computer security experts. His testimony before Congress helped defeat legal restrictions on cryptography sought by the FBI and the National Security Agency when an appellate court ruled in 1999 that crypto algorithms were a form of speech covered by the First Amendment.
Schneier co-founded security services company Counterpane Internet Security, where he serves as chief technologist. Arguing that constant vigilance, not technology, is the best defense against computer break-ins, Schneier believes security breaches are nonetheless fated to increase as networking systems become more complex.
Security expert pushes full disclosure, forcing vendors to admit and fix bugs quickly.
Bruce Schneier is founder and chief technology officer of Internet security firm Counterpane. He has written two books on cryptography and computer security, Secrets and Lies and Applied Cryptography, and is an outspoken critic of Microsoft and other software vendors that produce products that contain dangerous security holes. We spoke with him about who is responsible for software security flaws and what consumers can do about the growing problem.
PCW: Are there more security holes in software, or are we just getting better at finding them?
Most of the questions we got for crypto guru Bruce Schneier earlier this week were pretty deep, and so are his answers. But even if you're not a crypto expert, you'll find them easy to understand, and many of Bruce's thoughts (especially on privacy and the increasing lack thereof) make interesting reading even for those of you who have no interest in crypto because you believe you have "nothing to hide." This is a *long and strong* Q&A session.
First Bruce says, by way of introduction...
"I'd like to start by thanking people for sending in questions. I enjoyed answering all of them.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.