Simon Willison’s Weblog

Items tagged security, bruceschneier

Filters: security × bruceschneier ×

Schneier on Stuxnet. Stuxnet now rivals Wikileaks as the real life plot most likely to have leaked from science fiction. # 9th October 2010, 10:57 am

Intercepting Predator Video. Bruce Schneier’s take on the unencrypted Predator UAV story. A fascinating discussion of key management and the non-technical side of cryptography. # 24th December 2009, 9:26 pm

Whenever you build a security system that relies on detection and identification, you invite the bad guys to subvert the system so it detects and identifies someone else. [...] Build a detection system, and the bad guys try to frame someone else. Build a detection system to detect framing, and the bad guys try to frame someone else framing someone else. Build a detection system to detect framing of framing, and well, there’s no end, really.

Bruce Schneier # 17th October 2009, 4:55 pm

“Digital Manners Policies” is a marketing term. Let’s call this what it really is: Selective Device Jamming. It’s not polite, it’s dangerous. It won’t make anyone more secure—or more polite.

Bruce Schneier # 1st July 2008, 2:51 pm

Since 9/11, approximately three things have potentially improved airline security: reinforcing the cockpit doors, passengers realizing they have to fight back and—possibly—sky marshals. Everything else—all the security measures that affect privacy—is just security theater and a waste of effort.

Bruce Schneier # 29th January 2008, 12:14 pm

I don’t understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It’s public, and rather obvious. It makes no sense from an engineering perspective: It’s too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.

Bruce Schneier # 16th November 2007, 10:25 am

A school in the UK is using RFID chips in school uniforms to track attendance. So now it’s easy to cut class; just ask someone to carry your shirt around the building while you’re elsewhere.

Bruce Schneier # 24th October 2007, 8:36 pm

Global Hackers Create a New Online Crime Economy (via) Fascinating, detailed look at the evolution of the hacker service economy. Of particular interest: a web application that sells access to hacked machines to identity thieves on a timeshare basis. # 17th October 2007, 9:46 pm

The Storm Worm. Bruce Schneier describes the Storm Worm, a fantastically advanced piece of malware that’s been spreading for nearly a year and is proving almost impossible to combat. Its effects are virtually invisible but infected machines are added to a multi-million machine botnet apparently controlled by anonymous Russian hackers. # 6th October 2007, 12:25 am

Bruce Schneier interviews Kip Hawley. The head of the Transportation Security Administration in conversation with one of his most eloquent critics. # 7th August 2007, 3:23 pm

The Psychology of Security. I haven’t even started on this yet, but I bet it’s worth reading. # 9th February 2007, 1:27 am

Choosing Secure Passwords. Bruce Schneier describes the state of the art in password cracking software. # 11th January 2007, 2:55 pm

Real-World Passwords. Random passwords phished from MySpace are surprisingly decent. # 14th December 2006, 2:14 pm

BT acquires Counterpane Internet Security (via) They just bought Bruce Schneier. # 25th October 2006, 10:57 am

Bruce Schneier Facts. “SSL is invulnerable to man-in-the-middle attacks. Unless that man is Bruce Schneier.” # 17th August 2006, 2:19 pm

Schneier on Security: New Airline Security Rules. “I’m sure glad I’m not flying anywhere this week” says Bruce. Now I wish I wasn’t! # 10th August 2006, 4:26 pm

Schneier on Security: Cryptanalysis of SHA-1. If you want to understand the “breaking” of SHA-1, this is the place to go. Surprisingly accessible. # 19th February 2005, 3:12 pm

Bruce vs. Bruce (via) Schneier and Sterling discuss security and technology. # 15th June 2004, 10:04 pm

Bruce Schneier: We are all security customers. How can the US get the best return on investment for homeland security? # 4th May 2004, 6:34 pm

Slouching toward Big Brother (via) Security is a trade-off # 30th January 2004, 7:18 pm

Blaster and the great blackout (via) Bruce Schneier writes for # 17th December 2003, 3:10 am

High security is low security

Via Crypto-Gram, a great piece from Bruce Tognazzini about how tough security measures can actively reduce the security of a system:

[... 225 words]