books Archives - Page 14 of 17 - Schneier on Security

Entries Tagged "books"

Page 14 of 17

Ant Warfare

According to Moffett, we might actually learn a thing or two from how ants wage war. For one, ant armies operate with precise organization despite a lack of central command. “We’re accustomed to being told what to do,” Moffett says. “I think there’s something to be said for fewer layers of control and oversight.”

Which, according to Moffett, is what can make human cyberwar and terrorist cells so effective. Battles waged on the web are often “downright ant-like,” with massive, networked groups engaging in strategic teamwork to rise up with little hierarchy. “Such ‘weak ties’ wide-ranging connections that take us beyond the tight-knit groups we interact with regularly—are likely of special importance in organizing both ants and people,” Moffett notes in his book.

Posted on August 9, 2010 at 7:12 AM • View Comments

Book Review: How Risky Is It, Really?

David Ropeik is a writer and consultant who specializes in risk perception and communication. His book, How Risky Is It, Really?: Why Our Fears Don’t Always Match the Facts, is a solid introduction to the biology, psychology, and sociology of risk. If you’re well-read on the topic already, you won’t find much you didn’t already know. But if this is a new topic for you, or if you want a well-organized guide to the current research on risk perception all in one place, this pretty close to the perfect book.

Ropeik builds his model of human risk perception from the inside out. Chapter 1 is about fear, our largely subconscious reaction to risk. Chapter 2 discusses bounded rationality, the cognitive shortcuts that allow us to efficiently make risk trade-offs. Chapter 3 discusses some of the common cognitive biases we have that cause us to either overestimate or underestimate risk: trust, control, choice, natural vs. man-made, fairness, etc.—thirteen in all. Finally, Chapter 4 discusses the sociological aspects of risk perception: how our estimation of risk depends on that of the people around us.

The book is primarily about how we humans get risk wrong: how our perception of risk differs from the reality of risk. But Ropeik is careful not to use the word “wrong,” and repeatedly warns us not to do it. Risk perception is not right or wrong, he says; it simply is. I don’t agree with this. There is both a feeling and reality of risk and security, and when they differ, we make bad security trade-offs. If you think your risk of dying in a terrorist attack, or of your children being kidnapped, is higher than it really is, you’re going to make bad security trade-offs. Yes, security theater has its place, but we should try to make that place as small as we can.

In Chapter 5, Ropeik tries his hand at solutions to this problem: “closing the perception gap” is how he puts it; reducing the difference between the feeling of security and the reality is how I like to explain it. This is his weakest chapter, but it’s also a very hard problem. My writings along this line are similarly weak. Still, his ideas are worth reading and thinking about.

I don’t have any other complaints with the book. Ropeik nicely balances readability with scientific rigor, his examples are interesting and illustrative, and he is comprehensive without being boring. Extensive footnotes allow the reader to explore the actual research behind the generalities. Even though I didn’t learn much from reading it, I enjoyed the ride.

How Risky Is It, Really? is available in hardcover and for the Kindle. Presumably a paperback will come out in a year or so. Ropeik has a blog, although he doesn’t update it much.

Posted on August 2, 2010 at 6:38 AM • View Comments

1921 Book on Profiling

Here’s a book from 1921 on how to profile people.

Posted on July 26, 2010 at 12:30 PM • View Comments

Book on GCHQ

A book on GCHQ, and two reviews.

EDITED TO ADD (7/26): Another review.

Posted on July 21, 2010 at 12:56 PM • View Comments

Vigilant Citizens: Then vs. Now

This is from Atomic Bombing: How to Protect Yourself, published in 1950:

Of course, millions of us will go through our lives never seeing a spy or a saboteur going about his business. Thousands of us may, at one time or another, think we see something like that. Only hundreds will be right. It would be foolish for all of us to see enemy agents lurking behind every tree, to become frightened of our own shadows and report them to the F.B.I.

But we are citizens, we might see something which might be useful to the F.B.I. and it is our duty to report what we see. It is also our duty to know what is useful to the F.B.I. and what isn’t.

[…]

If you think your neighbor has “radical” views—that is none of your or the F.B.I.’s business. After all, it is the difference in views of our citizens, from the differences between Jefferson and Hamilton to the differences between Truman and Dewey, which have made our country strong.

But if you see your neighbor—and the views he expresses might seem to agree with yours completely—commit an act which might lead you to suspect that he might be committing espionage, sabotage or subversion, then report it to the F.B.I.

After that, forget about it. Mr. Hoover also said: “Do not circulate rumors about subversive activities, or draw conclusions from information you furnish the F.B.I. The data you possess might be incomplete or only partially accurate. By drawing conclusions based on insufficient evidence grave injustices might result to innocent persons.”

In other words, you might be wrong. In our system, it takes a court, a trial and a jury to say a man is guilty.

It would be nice if this advice didn’t seem as outdated as the rest of the book.

Posted on July 1, 2010 at 1:05 PM • View Comments

New Book: Cryptography Engineering

I have a new book, sort of. Cryptography Engineering is really the second edition of Practical Cryptography. Niels Ferguson and I wrote Practical Cryptography in 2003. Tadayoshi Kohno did most of the update work—and added exercises to make it more suitable as a textbook—and is the third author on Cryptography Engineering. (I didn’t like it that Wiley changed the title; I think it’s too close to Ross Anderson’s excellent Security Engineering.)

Cryptography Engineering is a techie book; it’s for practitioners who are implementing cryptography or for people who want to learn more about the nitty-gritty of how cryptography works and what the implementation pitfalls are. If you’ve already bought Practical Cryptography, there’s no need to upgrade unless you’re actually using it.

EDITED TO ADD (3/23): Signed copies are available. See the bottom of this page for details.

EDITED TO ADD (3/29): In comments, someone asked what’s new in this book.

We revised the introductory materials in Chapter 1 to help readers better understand the broader context for computer security, with some explicit exercises to help readers develop a security mindset. We updated the discussion of AES in Chapter 3; rather than speculating on algebraic attacks, we now talk about the recent successful (theoretical, not practical) attacks against AES. Chapter 4 used to recommended using nonce-based encryption schemes. We now find these schemes problematic, and instead recommend randomized encryption schemes, like CBC mode. We updated the discussion of hash functions in Chapter 5; we discuss new results against MD5 and SHA1, and allude to the new SHA3 candidates (but say it’s too early to start using the SHA3 candidates). In Chapter 6, we no longer talk about UMAC, and instead talk about CMAC and GMAC. We revised Chapters 8 and 15 to talk about some recent implementation issue to be aware of. For example, we now talk about the cold boot attacks and challenges for generating randomness in VMs. In Chapter 19, we discuss online certificate verification.

Posted on March 23, 2010 at 2:42 PM • View Comments

Public Reactions to Terrorist Threats

Interesting research:

For the last five years we have researched the connection between times of terrorist threats and public opinion. In a series of tightly designed experiments, we expose subsets of research participants to a news story not unlike the type that aired last week. We argue that attitudes, evaluations, and behaviors change in at least three politically-relevant ways when terror threat is more prominent in the news. Some of these transformations are in accord with conventional wisdom concerning how we might expect the public to react. Others are more surprising, and more disconcerting in their implications for the quality of democracy.

One way that public opinion shifts is toward increased expressions of distrust. In some ways this strategy has been actively promoted by our political leaders. The Bush administration repeatedly reminded the public to keep eyes and ears open to help identify dangerous persons. A strategy of vigilance has also been endorsed by the new secretary of Homeland Security, Janet Napolitano.

Nonetheless, the breadth of increased distrust that the public puts into practice is striking. Individuals threatened by terrorism become less trusting of others, even their own neighbors. Other studies have shown that they become less supportive of the rights of Arab and Muslim Americans. In addition, we found that such effects extend to immigrants and, as well, to a group entirely remote from the subject of terrorism: gay Americans. The specter of terrorist threat creates ruptures in our social fabric, some of which may be justified as necessary tactics in the fight against terrorism and others that simply cannot.

Another way public opinion shifts under a terrorist threat is toward inflated evaluations of certain leaders. To look for strong leadership makes sense: crises should impel us toward leadership bold enough to confront the threat and strong enough to protect us from it. But the public does more than call for heroes in times of crisis. It projects leadership qualities onto political figures, with serious political consequences.

In studies conducted in 2004, we found that individuals threatened by terrorism perceived George W. Bush as more charismatic and stronger than did non-threatened individuals. This projection of leadership had important consequences for voting decisions. Individuals threatened by terrorism were more likely to base voting decisions on leadership qualities rather than on their own issue positions or partisanship. You did read that correctly. Threatened individuals responded with elevated evaluations of Bush’s capacity for leadership and then used those inflated evaluations as the primary determinant in their voting decision.

These findings did not just occur among Republicans, but also among Independents and Democrats. All partisan groups who perceived Bush as more charismatic were also less willing to blame him for policy failures such as faulty intelligence that led to the war in Iraq.

[…]

A third way public opinion shifts in response to terrorism is toward greater preferences for policies that protect the homeland, even at the expense of civil liberties, and active engagement against terrorists abroad. Such a strategy was advocated and implemented by the Bush administration. Again, however, we found that preferences shifted toward these objectives regardless of one’s partisan stripes and, as well, outside the U.S.

Nothing surprising here. Fear makes people deferential, docile, and distrustful, and both politicians and marketers have learned to take advantage of this.

Jennifer Merolla and Elizabeth Zechmeister have written a book, Democracy at Risk: How Terrorist Threats Affect the Public. I haven’t read it yet.

Posted on November 16, 2009 at 6:39 AM • View Comments

"The Cult of Schneier"

If there’s actually a cult out there, I want to hear about it. In an essay by that name, John Viega writes about the dangers of relying on Applied Cryptography to design cryptosystems:

But, after many years of evaluating the security of software systems, I’m incredibly down on using the book that made Bruce famous when designing the cryptographic aspects of a system. In fact, I can safely say I have never seen a secure system come out the other end, when that is the primary source for the crypto design. And I don’t mean that people forget about the buffer overflows. I mean, the crypto is crappy.

My rule for software development teams is simple: Don’t use Applied Cryptography in your system design. It’s fine and fun to read it, just don’t build from it.

[…]

The book talks about the fundamental building blocks of cryptography, but there is no guidance on things like, putting together all the pieces to create a secure, authenticated connection between two parties.

Plus, in the nearly 13 years since the book was last revised, our understanding of cryptography has changed greatly. There are things in it that were thought to be true at the time that turned out to be very false….

I agree. And, to his credit, Viega points out that I agree:

But in the introduction to Bruce Schneier’s book, Practical Cryptography, he himself says that the world is filled with broken systems built from his earlier book. In fact, he wrote Practical Cryptography in hopes of rectifying the problem.

This is all true.

Designing a cryptosystem is hard. Just as you wouldn’t give a person—even a doctor—a brain-surgery instruction manual and then expect him to operate on live patients, you shouldn’t give an engineer a cryptography book and then expect him to design and implement a cryptosystem. The patient is unlikely to survive, and the cryptosystem is unlikely to be secure.

Even worse, security doesn’t provide immediate feedback. A dead patient on the operating table tells the doctor that maybe he doesn’t understand brain surgery just because he read a book, but an insecure cryptosystem works just fine. It’s not until someone takes the time to break it that the engineer might realize that he didn’t do as good a job as he thought. Remember: Anyone can design a security system that he himself cannot break. Even the experts regularly get it wrong. The odds that an amateur will get it right are extremely low.

For those who are interested, a second edition of Practical Cryptography will be published in early 2010, renamed Cryptography Engineering and featuring a third author: Tadayoshi Kohno.

EDITED TO ADD (9/16): Commentary.

Posted on September 3, 2009 at 1:56 PM • View Comments

Book Review: The Science of Fear

Daniel Gardner’s The Science of Fear was published last July, but I’ve only just gotten around to reading it. That was a big mistake. It’s a fantastic look at how how humans deal with fear: exactly the kind of thing I have been reading and writing about for the past couple of years. It’s the book I wanted to write, and it’s a great read.

Gardner writes about how the brain processes fear and risk, how it assesses probability and likelihood, and how it makes decisions under uncertainty. The book talks about all the interesting psychological studies—cognitive psychology, evolutionary psychology, behavioral economics, experimental philosophy—that illuminate how we think and act regarding fear. The book also talks about how fear is used to influence people, by marketers, by politicians, by the media. And lastly, the book talks about different areas where fear plays a part: health, crime, terrorism.

There have been a lot of books published recently that apply these new paradigms of human psychology to different domains—to randomness, to traffic, to rationality, to art, to religion, and etc.—but after you read a few you start seeing the same dozen psychology experiments over and over again. Even I did it, when I wrote about the psychology of security. But Gardner’s book is different: he goes further, explains more, demonstrates his point with the more obscure experiments that most authors don’t bother seeking out. His writing style is both easy to read and informative, a nice mix of data an anecdote. The flow of the book makes sense. And his analysis is spot-on.

My only problem with the book is that Gardner doesn’t use standard names for the various brain heuristics he talks about. Yes, his names are more intuitive and evocative, but they’re wrong. If you have already read other books in the field, this is annoying because you have to constantly translate into standard terminology. And if you haven’t read anything else in the field, this is a real problem because you’ll be needlessly confused when you read about these things in other books and articles.

So here’s a handy conversion chart. Print it out and tape it to the inside front cover. Print another copy out and use it as a bookmark.

Rule of Typical Things = representativeness heuristic
Example Rule = availability heuristic
Good-Bad Rule = affect heuristic
confirmation bias = confirmation bias

That’s it. That’s the only thing I didn’t like about the book. Otherwise, it’s perfect. It’s the book I wish I had written. Only I don’t think I would have done as good a job as Gardner did. The Science of Fear should be required reading for…well, for everyone.

The paperback will be published in June. But, amazingly enough, the hardcover is on sale for only $6 at Amazon. Buy two and give one to someone else.

Here’s a link from Powell’s, if you’re boycotting Amazon.

Posted on April 20, 2009 at 6:16 AM • View Comments

James Bamford Interview on the NSA

Worth reading. One excerpt:

The problem is that NSA was never designed for what it’s doing. It was designed after World War II to prevent another surprise attack from another nation-state, particularly the Soviet Union. And from 1945 or ’46 until 1990 or ’91, that’s what its mission was. That’s what every piece of equipment, that’s what every person recruited to the agency, was supposed to do, practically—find out when and where and if the Russians were about to launch a nuclear attack. That’s what it spent 50 years being built for. And then all of a sudden the Soviet Union is not around anymore, and NSA’s got a new mission, and part of that is going after terrorists. And it’s just not a good fit. They missed the first World Trade Center bombing, they missed the attack on the U.S.S. Cole, they missed the attack on the U.S. embassies in Africa, they missed 9/11. There’s this string of failures because this agency was not really designed to do this. In the movies, they’d be catching terrorists all the time. But this isn’t the movies, this is reality.

The big difference here is that when they were focused on the Soviet Union, the Soviets communicated over dedicated lines. The army communicated over army channels, the navy communicated over navy channels, the diplomats communicated over foreign-office channels. These were all particular channels, particular frequencies, you knew where they were; the main problem was breaking encrypted communications. [The NSA] had listening posts ringing the Soviet Union, they had Russian linguists that were being pumped out from all these schools around the U.S.

Then the Cold War ends and everything changes. Now instead of a huge country that communicated all the time, you have individuals who hop from Kuala Lampur to Nairobi or whatever, from continent to continent, from day to day. They don’t communicate [electronically] all the time—they communicate by meetings. [The NSA was] tapping Bin Laden’s phone for three years and never picked up on any of these terrorist incidents. And the [electronic] communications you do have are not on dedicated channels, they’re mixed in with the world communication network. First you’ve got to find out how to extract that from it, then you’ve got to find people who can understand the language, and then you’ve got to figure out the word code. You can’t use a Cray supercomputer to figure out if somebody’s saying they’re going to have a wedding next week whether it’s really going to be a wedding or a bombing.

So that’s the challenge facing the people there. So even though I’m critical about them for missing these things, I also try in the book to give an explanation as to why this is. It’s certainly not because the people are incompetent. It’s because the world has changed.

I think the problem is more serious than people realize. I talked to the people at Fort Gordon [in Georgia], which is the main listening post for the Middle East and North Africa. What was shocking to me was the people who were there were saying they didn’t have anybody [at the time] who spoke Pashtun. We’re at war in Afghanistan and the main language of the Taliban is Pashtun.

The answer here is to change our foreign policy so that we don’t have to depend on agencies like NSA to try to protect the country. You try to protect the country by having reasonable policies so that we won’t have to worry about terrorism so much. It’s just getting harder and harder to find them.

Also worth reading is his new book.

Posted on December 18, 2008 at 6:42 AM • View Comments

←Previous 1 … 12 13 14 15 16 17 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.