Bruce Schneier Interview on Salon 84
citmanual wrote to us with the Schneier interview on Salon. He's promoting his new book Secrets and Lies. I'm just about finished with it, and will be doing a review soon - it's quite good.
This discussion has been archived.
No new comments can be posted.
Bruce Schneier Interview on Salon
Related Links Top of the: day, week, month.
Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker
Re:Hemos, Can I borrow it (Score:1)
Re:Hemos, Can I borrow it (Score:1)
Epiphany (Score:3)
That's one of the reasons Schneier rocks as hard as he does. He's a down-to-earth kind of renaissance man and he's pretty much always been like that in the years I've known him. Not only is he one of the best 10 or 50 cryptographers in the world (of which about 40 are probably NSA), but he's a regular guy. I had the good fortune to see Richard Thieme speak and he's similar in that regard (though he's more of a humanities guy than a science guy).
I read something recently describing a self-proclaimed epiphany he experienced a few years ago that set him in the direction of holistic security versus the crypto-heavy approach he favored since he entered the field. I'd be curious to know more about it because I felt he's always had a hint of that approach. Just go back and read his essays "Why Cryptography Is Harder Than It Looks" [counterpane.com] and "Security Pitfalls in Cryptography" [counterpane.com]... substitute "cryptography" for "computer security" or "network security" and you'll see what I mean.
In 1996 I think it was, Bruce, Niels Ferguson, and I were working on the problem of creating a file system offering plausible deniability of the existence of any files the user wanted to keep secret. We came up with some really neat ideas on how to avoid creating proof that certain files existed. I think it would have worked, but I made the realization that it wouldn't work successfully with technology of the day. Microsoft Word (heck, the Start -> Documents listing broke us too) will list the last several documents accessed: what if one of them was supposed to remain secret? If it's hidden, but the attacker sees you modified it and they can't find it, the game is over--you can't deny it exists and the system is broken.
Why is this such a big problem? Because if we were to create a special OS and set of applications that didn't track that stuff, the only people who would use it were those with something to hide (this wasn't a court of law--we couldn't assume you were innocent until proven guilty). So, the user loses the game before it even started simply by having that special OS and application set.
Keep on "keeping on", Bruce.
couldn't resist this silly quip (Score:1)
Still the thought of millions of people being permanently connected on-line without adequate security 'common sense' should concern us. You just have to assume that the vast majority will have to put their trust in 'the experts' to keep their networks from being broken into.
I've been playing around with linux for 2 years now, and quite frankly I am daunted by the amount of RTFM'ing I have to do before I will feel comfortable being permanently on-line.
I guess the first thing is to shut off most of your network listening services unless you REALLY know your stuff, and change root password every 30 days.
---
Why my house is as secure as it gets (Score:2)
Still, my house is only one house, on one street, in one neighborhood in this city, and I count on that "anonymity" to provide a measure of safety. All that's necessary is to provide potential thieves ("house hackers?") with sufficient motivation to either overlook the house or move on to an easier target (hence the Security System sign in the front). It's a play on human nature - count on the baddies to take the path of least resistance, and don't call attention to yourself by parading how many secrets you have locked up or how confidential your data is.
Net privacy may be a concern, but net anonymity is also good cover. My real name is so commonplace and vanilla that I use it frequently as my login - tempting fate perhaps, but do a search on it in any database and you'll be swamped with results. Which one is me? I'll never tell...
Too Pessimistic, Security is not Hopeless (Score:2)
Taking another poster's Java example. If you use a language like Java, you have no buffer overruns. But this is at the cost of checking array bounds.
Many of Microsoft's security problems is because MS wants to give you convenience and damn the security implications. Macros in Word files and email attachments as clickable applications are just two examples.
The problem of ignorance is twofold. One is that many users are not knowledgable system admins, and yet they will be on the Internet 24/7. The other is that the current OS model is just not security conscious. It take enormous work (e.g., OpenBSD) to get a semi-secure OS and even then, it is easy to slap on telnet, ftp, and every other insecure service. Combining ignorant users with inherently insecure OSes is a potent mix.
Dealing with cost and convenience is a social issue. Costumers will have to demand security as a top priority before anything much happens here. That probably won't happen until we get a disaster that costs a lot of people a lot of money. There is not much you can do about ignorant users. You can educate some, but certainly not most. It is a matter of research to make OSes more secure, and this is something that the government and the military are very interested in.
Computer security compared to real life (Score:4)
For example, it is possible to easily execute money transfers and stock trades as someone else at A Large Internet Broker Who Will Remain Unnamed. This sounds bad, and it is bad, but it isn't much worse than the equivalent security at non-Internet banks and brokerages. At my bank, I can execute a money transfer by simply sending a fax with my signature to the bank. Now, any waiter, billing clerk, or grocery checkout monkey to whom I have ever given a check has my account number, the name of my bank, the bank's routing number, and an original of my signature. Photo reproduction is more than good enough for a forged fax, so it would be trivial to walk down to the local copy shop and start faxing money transfers to people's banks.
Credit cards are even worse. You need only possess the physical card, or a reproduction thereof, to use the card fraudulently. The number of register operators who actually check the card signature against positive identification and then note the form and number of the identification is incredibly small. With near-full employment here in the U.S.A., the diligence of the rank register operator has become even worse in recent years. Fraud is trivially perpetrated in real-world banking and retail.
My final example involves my own clients. I am in a line of business that automates business processes in medium and large companies. Invariably, the client wants to ensure that the computer-automated process is totally secure. This is good and I applaud their concern. However, it is funny to note that the manual processes they are replacing haven't the least bit of security at all. Often, the "process" involves one person rubber-stamping a piece of paper and placing it in an open bin on some other person's desk. Yet they insist on impenetrable electronic security.
Re:There is hope yet (Score:4)
Usually the tradeoff isn't program performance vs. security but coding time vs. security/performance/whataver.
More ranting (Score:1)
Re:Very scary (Score:4)
Salon takes this quote out of context. Schneier goes on to say:
I haven't read the book yet, but my understanding from what Schneier says regularly on his very interesting mailing list is that he and others had been looking at security the wrong way. The analogy he uses frequently is to safes. Safes don't claim to be uncrackable; instead they come with ratings specifying how many minutes it would take a skilled safecracker to open them. Schneier's argument is that this is the same approach we should be taking to information security. Not "this security is crackable and that security isn't," but "this security can be cracked by a skilled intruder after X minutes/hours, giving you that much lead time to respond. Plan accordingly."
-
Re:REVIEW not INTERVIEW (Score:1)
Analogy (Score:2)
I'm sure that the NSA could break into my home box, no problems. I don't really care about that. There's not much I can do about that. That doesn't mean I won't put up enough security to keep the script-kiddies out.
The same applies for a corporate box. You don't give up just because you can't keep everyone out. It is good enough to have enough security that any attacker is highly skilled enough that he wouldn't bother with your site.
I disagree... (Score:2)
I believe the moral of the book (which I gather from Bruce's comments in Crypto-gram [counterpane.com]) is that security breaches are inevitable, and therefore it's imperative to have a recovery plan.
He doesn't claim that since perfect security is impossible we should stop trying to attain it. He says that we need to stop assuming our efforts will always protect us and make sure we're prepared for the alternative.
Re:There are no *moral* arguments against regulati (Score:2)
"Who watches the watchmen?"
All the rest is just elaboration on that.
Re:Computer security compared to real life (Score:1)
Many people look at certifications like C2 and think "what's the point just logging the break-in - shouldn't we prevent it?" These people are usually frontline types (sysadmins who fear an open port, for instance), but there's a lot of security that goes on after the fact, and much of it is done by people in apparently less exciting lines of work (accountants, say
Re:Pragmatic view of security (Score:2)
Re:Pretty lame article (Score:1)
In you followup post, you seem to infer that the code you write is exempt from the emperical rule that every thousand lines of quality code will have three bugs on average. Of course, I've not read any of your code, but if you write error free code I've got a job for you. I think I'm a pretty good coder, but I come across the "how did I ever overlook *this*" kind of bug more often than I care for.
The article obviously was not written with coders as the primary audience, so you'll have to read through some of the parabole that's just to get peoples attention. As Bruce explains in his latest CRYPTO-GRAM newsletter, his biggest eye opener was that attaining perfect security (even if the code itself is perfect, which it is rarely if ever) is impossible, and therefore we (as coders and sysadmins alike) should focus more on detection and damage control, and less on perfection. I cannot fault any of his reasoning.
Anyway, when judging his work, I'd suggest to look more at his freely available writings and less on the secondhand hype like on Salon. Counterpane [counterpane.com] has a pretty complete history of his musings. They're free, and very entertaining to read (my favorite is his "doghouse" column), and it paints a much better picture of what to expect from the book.
Security != Impregnable (Cost vs. Benefit) (Score:1)
Therefore, the strategy is not to build the super-fort, the one that keeps bad guys out no matter what. That doesn't work.
Instead, modern thinking on security is all about layered defenses which raise the cost of attack to (hopefully) unacceptable levels to the attacker(s), as well as preserving flexability and resiliancy.
Although IANAMH (I am not a military historian), I have read enough to generally agree with these ideas. I don't disagree with Schneyer's main thesis, I just am not that surprised by it.
Here is a fairly interesting article called From Sandbags to Computers: What's New in Field Fortifications and Protective Structures [army.mil]. Maybe we can analogize some of modern military tactical theory to cyber-defense.
---
In a hundred-mile march,
Spelling, of course, should be Schneier (Score:1)
---
In a hundred-mile march,
Re:Hemos, Can I borrow it [Now I'm OT FFS] (Score:1)
Re:Hemos, Can I borrow it (Score:1)
Well if da Taco replies....
Re:Where's my dictionary? (Score:2)
"Marked by exhortation or strong urging: a hortatory speech."
That's funny, for a second there, I thought that I had a new word to use in my second job: High-Jammy-Pimpmaster Supreme.
Shucks.
Rami
--
Re:Hemos, Can I borrow it (Score:1)
not surprisingly
Re:There is hope yet (Score:1)
I sometimes wonder about that. I am a programmer who is reading slashdot before going in to check some network code he just wrote, so I might as well write.
Observations:
#1- There is a tradeoff between stability and 'interestingness.' It is an early age of computers, is it not better to make rashes of mistakes in creating something that overall is interesting?
#2- "Mission-critical systems" are designed for cases where people die from some programmer goof, and they do not depend on input from non-missioncritical systems. These probably have warranties, or are important enough that warranties mean nothing.
#3- Competition provides some level of accountability. Not a terribly great amount, but companies like Sun and Oracle make money because people who really care about stability will pay for it. Really, when NT crashes, do people care that much? As long as they saved, people do consider failure acceptable. (And when someone is demoing software if you're at a job interview, a crash feels kind of comfortable.. has happened to me.)
#4- Code is thought. That's a hacker mainstay, since we tend to wish to give speech status to code. When you're formulating positions on some subject, don't your thoughts start out a bit unsound, but lead to more insightful ideas? Same with code.
(And a quiet observation to round out the list: The great majority of programmers don't know what assumptions they're making. High-level languages really do hide them because they try to be self-contained little universes.)
Re:There is hope yet (Score:2)
Most will choose stability, and I think, no I hope more are choosing security when programming but this also falls under the category of human error.
A lot of programmers are just not aware of their errors. Most programs with buffer overflows may be very stable in theory, but they assume that the user will not make errors. Or assume that noone will ever enter a string longer than 1024 characters. Or maybe they don't expect anyone to use an other interface than their own, and put their security in the wrong place
A lot of programs still in use today were written in a time when the internet was still a relatively friendly place. I hope books like this one will make programmers today more aware of the problems that plague the internet in it's new form.
You don't have to be perfect... (Score:2)
There is neither cause for irrational exuberance nor hopeless despair. Frankly I'm disappointed in the last 3.5 years of running a NT net that we've had no break ins, security compromises, etc; sure there's been the ocassional StealthBoot.B viri and one person executed a 'fireworks' attachment w/ a virus that took a half hour to clean up, but that's been about it. Eternal vigilance and watch is my key, try to convince mgmt to keep things simple enough to keep it under control w/ ability to recover should a disaster occur and all will be find. I'm looking fwd to e-commerce while watching for some bastard to 'make my day'
I agree, but.. (Score:1)
Re:There are no *moral* arguments against regulati (Score:1)
Overbroad monitoring was a fact of life in communist countries - indeed, if you look at the lifestyles of many of those who did speak out, they weren't particurly pleasant.
By putting a full monitoring system into place you immediately allow such a system to occur. It's not being monitored per-se - most people, except for extremists will understand the necessity of some wiretaps etc. It's bulk monitoring. Many nations, such as Britain (and quite possibly the US) have a number of laws on the books to attempt to stop abuse by the government - and one of them is to give you privacy against search and seizure, and, in certain circumstances, anonymity
In the UK, a huge storm errupted over the fact that a number of members of the current cabinet were spied upon - mostly for being socialist. The British RIP bill allows a vast quantity of information to be recorded about you - and some of this can be looked at by people you know.
If I get my jollies from various obscure forms of (legal) sex, then I might not want Plod who works at the policestation down the road to know - indeed, I don't think he has a right to know unless he has *very good reason*. If I was tapped because I had met with lots of dodgy terroristy like people and so on, and the information was destroyed, and those possessing it were under strict regulation - then I would accept it.
If however, I want to say that the government laws on drugs are wrong, I don't want to be targeted and monitored simply *because* I disagree with governmental policy. I don't think it's right, and I don't think it's just.
By setting up the means to abuse free speech on a large scale you won't have it
(PS, yes, I'm bad at articulating, I'm coding VB at the moment - destroys your brain)
Re:There are no *moral* arguments against regulati (Score:1)
Jefferson bemoaned the rise of large cities full of strangers. His whole ideology is based on the premise of small-medium sized communties of people who know one another. Part of being a member of society means being accountable to others in your community. That's why murder laws are possible. So it's important to get beyond the misconception that we are guaranteed a right to anonymnity in all matters, so we can decide just what the community does have a right to know about the individuals who make it up.
Re:Pretty lame article (Score:1)
Re:Epiphany (Score:1)
I have to take issue with the acclaim Bruce gets as a cryptographer. His work doesn't stand up to the standard set by the many, many computer scientists and mathematicans who have brought the field of cryptology to its glory. Bruce Schneier, by his work, is not a cryptographer (nor is he a cryptologist). He is a computer security engineer whose contributions have been mostly practical symmetric-key cryptosystems. He is also been the layman's "crypto expert". But no cryptographer is he; his papers are imprecise and obvious, his book Applied Cryptography is poorly written (his description of his own Blowfish algorithm is shady; he could learn a lot from the Cormen, Rivest, and Leiserson CS Bible). Finally there is a better crypto book out there anyways: it called the Handbook for Applied Cryptography by Vanstone et al.
For what he is, he has been very effective, I think. But to place him amongst the top cryptographers in the world is to be reckless. Can you honestly associate his work with that of luminaries like Ron Rivest, Shafi Goldwasser, Don Coppersmith, Andrew Odlyzko, Scott Vanstone, Menezes, Joseph Silvermann, Neal Koblitz? I cringe at the notion.
Intrusion detection is easier said than done (Score:2)
What is being sold today under the Intrusion Detection System label usually is a cobbled together set of attack signatures that spuriously trigger thousands of times per day. The ones I've seen do not have the flexibility to do things like suppress the check for ".asp." if a word consituent character follows it. And needless to say, the way they work, chances are that successful attempts to break in are overlooked.
This of course if yet another instance of false security. A lot of work has to be done still to make IDS systems work reasonably out of the box, and that is not even taking issues like training into account.
Mind you, people who actually read the book will know better, but I've lived in corporate hell for much too long to know just where this IDS thing will end. "Do we have a firewall? Check. Do we have an IDS? Check. Hey, what's this guy doing on our systems? Call legal and sue the IDS vendor."
Re:Problems, unfortunately (Score:2)
So have individuals, yet trust is extended to them. There is no monolithic "government". It is made up of people. The "government" didn't commit Watergate. A few people within it did. Just like a few people within society commit crimes. Yet I'm sure you would agree that we shouldn't revoke our trust of all people on the basis of the violations of a few.
Re:Computer security compared to real life (Score:1)
You make an excellent point and that has been my experience as well.
However, Schneier points out some important differences between a manual process and a computer system based one:-
Problems, unfortunately (Score:2)
The problem is that government has violated the trust given them. Again, look at Watergate and the Nixon enemies list as an example. Its those kinds of violations that make people nervous about giving them more trust.
...phil
Re:Problems, unfortunately (Score:2)
When the people act in the name of "the government", then yes there *is* a monolithic entitiy called "the government", and yes, it's resonable to revoke trust in it.
...phil
Insightful... reference? (Score:2)
But what I'd love more is a reference telling me where I can read this view of Jefferson's, and others. Can anyone help?
Re:There are no *moral* arguments against regulati (Score:2)
Nonsense. The Net servers and accounts are the property of the ISPs and users. Theft is immoral. Quod Erat Demonstrandum.
Wake up people, there are some very evil people out there
Yep -- and the levers of government power are their natural homes.
/.
For Cmdr Taco (Score:3)
Hey Taco, This book is for you man!
Very scary (Score:2)
I find it really, really scary when someone of Bruce Schneier's reputaion has seeming given up on the idea of secure software.
If that is the case, what possible arguements can we muster against things like internet regulation. If we can't have better living through software, then there is a bunch of special interest groups and three leter agencies who would be happy to say "just install this box on every network, and we'll be able to trace all hackers"
Real world analogy (Score:2)
How to make a sig
without having an idea
This is why the net will never work (Score:2)
At least, not for vitally important applications and services. There has been a push recently towards providing every kind of service imaginable over the net, but people have already learnt that some things just aren't safe to do online - the notable failures of internet banks such as Egg [egg.co.uk] to keep their sites secure being one recent incident.
Another foolhardy venture I read about in the paper today (no links, I couldn't find anything online) is of a company in Thailand which has developed a security robot armed with an air gun as standard, but which can be fitted with any other type of weapon, lethal or not. Whilst it can be set to work automatically, it can also be aimed and fired manually, using a command sent over the Internet! Is this the most stupid thing ever or what? Now hackers can shoot people from the comfort of their own bedrooms!
Despite the recent rush to get online, I can see that the craze will die down in years to come, as people and companies realise that some things are much safer in a real world environment where factors such as ease of interception and physical location make every transaction far more secure.
At the end of the day, the amazing lack of online security and privacy means that the net is good only for unimportant information and trivial communications. Who wants every hacker with a root exploit to know their most personal and important details?
Big Brother Sucks. (Score:1)
--------------------
Pragmatic view of security (Score:2)
Is this a situation where there is no hope? I don't think that's the right question or conclusion. We all have houses with locks that are adequate 99.9% of the time. They will fail from time to time but that is something we've all accepted (well, 99.9% of us:).
Computer security is the same way and Schneier's conclusion seems to me to be common sense. Not that he doesn't - probably - present all sorts of interesting anecdotes.
To be eternally secure we'd have to be eternally vigilant. No one can do that. So we do a best effort sort of thing, get on with our lives and have to be prepared to pick up the pieces when it falls apart. What else is new.
IMHO, as per
J:)
No better living through hardware, either... (Score:2)
It's a damn good book (Score:1)
Re:Very scary (Score:2)
I mean sure Open Source helps a tremendous amount, however are you going to debug every StarOffice program that comes along before you install it?
I like his "Dancing Pig" analogy because it fits nicely into this paranoia mentality on the net. My friends are constantly sending me crap (similar to Elf bowling), but I refuse to open it on Windoze98. When they ask why and explain that they have all the Mcafee (C) updates in place, I just say "thats nice" and delete the files anyway. All it takes is some nice little backdoor (a la Netbus) that is programmed NOT to look like a virus...and either A.)Bye Bye data or B.)Little kiddy is watching everything you are doing.
**shudder**
Re:Very scary (Score:4)
Re:Very scary (Score:1)
If that is the case, what possible arguements can we muster against things like internet regulation.
One very important argument: our freedom. If we wish to take the risks of communing online, then it's partially our own fault. I believe in taking personal responsibility for my system, that's why my personal lan is protected by a carefully managed firewall, and I do backups of any crucial data regularly. Any sensitive information (such as code I'm working on) is kept on another machine, on another network, that is not directly accessable to the outside world. The only way to get it would be to slice through my firewall, gain access to one of my workstations, and then hack the system containing the data, which they don't know is there. If they do all this, which is very possible, I do have backups.
"Evil beware: I'm armed to the teeth and packing a hampster!"
There is hope yet (Score:4)
An example:
The article mentions buffer overflows, which, in my experience, have been virtually deleted in a language like Java. Sure, checking array bounds every single time may be a performance hit, but I will choose a performance hit over a security hit any day.
Basically, when you write software, don't make assumptions. Not on anything. I've seen plenty programs crash because they tried to access the network and found that it was not installed, or play a sound and find the device busy.
We may not be able to fix the people, but I think fixing the the software is possible. All it requires is ridding the world of software licences that deny responsibility. Once financial gain is at stake, corporations will put a lot more time into security, and hopefully a lot less in screwing eachother for financial gain.
Re:Limits of Formal Methods (Score:2)
Re:Limits of Formal Methods (Score:3)
Going from one extreme to the other.
Of course you can't have full safety, but that holds true as well for the real world. You can't prevent anyone from getting into a building, but you can make it so hard, that only a few will manage. And you have to pay in a way for that.
Re:Mirror if /.'ed (Score:1)
Re:Limits of Formal Methods (Score:2)
Re:Limits of Formal Methods (Score:4)
Simply because it's not possible to create perfect security does not mean that we should give up the ghost and go home. Quite the contrary, it is simply an indication that computers are indeed a part of the real world. Are real world banks 100% secure? Do the never get robbed? Obviously not, but we still have trust in them. Simply because "you cannot build a robbery proof bank" does not mean that we should give up banks (and their like) alltogether. And, while the Fort Knox gold repository isn't precisely invulnerable, it is sufficiently close to being so for the purposes necessary.
Computer security will necessarily ebb and flow as people recognize the issues and concerns and understand how to deal with them, etc., etc. Currently, there are many examples of poor and lax security because A) the favored model for computing has many security problems, B) unix is not a very secure operating system (face it guys, I love unix to death, but in many ways it is fundamentally broken when it comes to security [luckily, unix is so flexible that you can patch up the huge gigantic rents enough to make it pretty a box pretty damn secure]), C) everyone and their mother has some sort of semi-important server, which when combined with D) very few people actually understand even the basics of making a network / server / system secure can only cause problems.
In the semi near term, one of two things will most likely happen. Either 1) people will in general become more security concious, or 2) programs and systems will be made more inherently secure. I think 2 is much more likely, though a combination of 2 and a little bit of 1 would go a very long way.
Re:There ARE moral arguments against regulation (Score:2)
{sarcasm on}
Then I'm sure you'll have no problem handing over your social security number, street address and phone number, credit card numbers (with exp. dates, please) and bank account info, along with that for your kids. What? You're not going to? Why, then, you must have something to hide!
{sarcasm off}
That's the first problem with your stance - you do have an expecation of privacy, and I don't think you're a terrorist or a child pornographer.
The second problem is that parts of the government has historically shown an annoying tendency to violate privacy rights for no particular good reason. Watergate and other things Nixon is a classic example, particularly the 'enemies list'. (For those who don't remember, Nixon and his cronies ordered the FBI and the IRS to investigate and cause trouble for people who Nixon considered his political enemies - classic cases of misuse of power.) These reasons are enough for people to want to protect their privacy themselves, since we've already seen we can't rely on the government to do it.
Wake up people, there are some very evil people out there, and it is our duty as decent Christians to do everything we can to help stop them.
Many people, myself included, find it evil for the powers-that-be to trample all over the innocent in pursuit of the evil. And, given the recent track record of the government in the issue of things like wrongful convictions (remember that the gov. of Illinois has put all death sentences on hold, because of massive uncertainty in the process, or you can check here [truthinjustice.org] for organizations which track this sort of thing), many people are not sure the government is the best organization to give our absolute trust to.
Also note, while the vast majority are probably decent, there are a lot of people who are not christian. You're not calling their decency into question, are you?
...phil
Re:There are no *moral* arguments against regulati (Score:1)
But you know why I wouldnt?
It is wrong to judge a person for his beliefs as whoever modded this as falmebait did.
That said if this is not a Troll people do truly believe things like that.. although we could ahve done without the final line
"It is our duty as decent Christians to do everything we can to help stop them."
That was rather trollish Jon...
Jeremy
When pigs dance (Score:3)
This last line of the article is telling. A user of an Internet-connected computer is in possession of a powerful, potentially dangerous tool - maybe it's been long enough that people look at them as some kind of silly toy. On the one hand computing ought to be fun and people shouldn't have to do it in fear (implying they should be given software tools that, though they can never be completely secure, at least aren't braindamagedly insecure). On the other hand they should probably need some bare cognizance of what they're getting into and what they might, through ignorance and negligence, allow someone else to do in the world. Dancing pigs (or penguins) might be cute, but people need to consider that there can be real-world consequences of what they allow to be done to their networked computer.
We tell our kids not to take toys from strangers, but then we go and download and play with the software equivalent without a second thought...
A quote from the article (Score:1)
Doh! There goes my carefully planned security system. Thanks, Bruce.
Re:There is hope yet (Score:1)
1) Use a morphing chip. Transmeta could make a package for server builders that makes a unique assembler/microcode for you, you build the server source and presto no buffer overrun will get you since this is your isa not someone elses. The payload will dump core and the intrusion will be short lived.
2) Use a vmware and a linux guest as the portal to the DSL/cable modem with a linux host monitoring the md5 tripwire results of the guest. Should the results change, kill the vmware process and start a new one from a fresh copy of the virtual image. The masq'd VPN on the host is not penetrated and script kiddies get limited fun. This is what I call an Etch'a'sketch server.
Hedley
Re:Epiphany (Score:3)
Re:There is hope yet (Score:1)
The article mentions buffer overflows, which, in my experience, have been virtually deleted in a language like Java. Sure, checking array bounds every single time may be a performance hit, but I will choose a performance hit over a security hit any day.
Not knowing anything about Java, I can't comment much but I do have this question:
If my C program checks all user input, the only thing which could then take me down is a program/compiler bug, no? Do I not get all the benefit of bounds checking without the performance-sapping problem of checking the calculated values on every loop iteration?
I don't cringe. (Score:3)
Insofar as "Bruce Schneier, by his work, is not a cryptographer (nor is he a cryptologist)"... I've got to recommend that you talk to your dealer about the purity of your rock. Strictly speaking, a cryptographer is one who develops and devises codes and ciphers. Schneier has written lots of ciphers, ranging from the lousy (MacGuffin) to the profoundly brilliant (Blowfish, and maybe Twofish).
He has also published cryptanalytic results against the major AES candidates, including (I believe) RIJNDAEL. I like RIJNDAEL. Joan Daemen (I'm misspelling the name here) is a brilliant cryptographer, responsible for a lot of extremely high-quality stuff--and if Schneier, et. al., can cryptanalize RIJNDAEL, that says something about Schneier's skill.
Insofar as Applied Cryptography being shady, I'm going to have to ask you for some verification. How is his description of Blowfish "shady"? After reading his description of Blowfish I was able to implement it, from scratch, without looking at any source code. My version passed the Blowfish compatability vectors, so apparently his description was clear and concise.
Finally there is a better crypto book out there anyways: it called the Handbook for Applied Cryptography by Vanstone et al.
Err... no. The Handbook of Applied Cryptography (notice the name), edited by Menezes, Vanstone, et. al., is a very good book. I refer to it often. However, I refer to Applied Cryptography more--why? Because I want to know the accepted way of how to do something, not a formal proof that the accepted way works. If you want to know how to encrypt the last block of a CBC mode cipher so that the cleartext is the same size as the ciphertext, Schneier tells you this in the space of a paragraph or two. The Handbook of Applied Cryptography goes into much more mathematical rigor.
This is not to say that the Handbook of Applied Cryptography is inferior: it's not. The two books are meant for different audiences who need different things, and claiming that one is superior to the other is pretty specious.
His papers are imprecise and obvious
... Are you telling me that you could have cryptanalyzed RIJNDAEL?
Seriously. Get a grip. Schneier is no demigod, that much is true; he's a human being just like anyone else, and occasionally screws it up past all recognition (just like anyone else). However, he is a hell of a lot better than I am.
My own beef with Schneier is something totally different. Schneier works as part of a team, not a solo operator. His best work has always been collaborative, with Doug Whiting, Niels Ferguson, etc. While I don't begrudge Schneier his fame--I think he's more than earned it--I do wish that people, particularly Slashdotters and the news media, would realize that Schneier may be the crypto version of Buckaroo Banzai, but--just like Buckaroo Banzai--he's nothing without his crew of Hong Kong Cavaliers and Blue Blazes Irregulars backing him up.
Re:Hemos, Can I borrow it (Score:1)
Pretty lame article (Score:1)
Where's my dictionary? (Score:2)
"If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet," Schneier writes, "he's going to choose the dancing pigs over computer security any day."
Make it dancing penguins and I'll give up security too. <grin>
Wait a minute... hortatory?
"Free your mind and your ass will follow"
In other words (Score:1)
No hope (Score:3)
--------------------
Re:Hemos, Can I borrow it (Score:1)
Anyway, how many UIN's are on
ie. do I still count as a newbie !?
Limits of Formal Methods (Score:5)
Then one day I read a paper about the *limits* of formal methods. The one phrase summary of the article was that once a formally-verified program meets the real world, each time it's executed is a conjecture.
The paper seemed to be an argument against formal methods and as you might guess, all the heavy hitters with PhDs and post-doctoral work to defend generated a storm of complaint, the one phrase summary of which was that while formal methods might not be perfect, they shouldn't be abandoned.
I mention this because of the author's original notion of protecting ourselves by wrapping ourselves in mathematics, and his current appearance of despair.
It appears to me that the book's more a reaction to a crisis in faith than anything else. I don't think anyone really expects security to be uncrackable - we're got history going back to the pharaohs on that one, but neither should we throw the baby out with the bath water. I mean, I think I've seen at least one reaction that uses this article to predict the *imminent* *death* *of* *the* *internet*. As if!
Re:Very scary (Score:2)
Wasn't it that great political philosopher, Thomas Paine, who said that the price of a secure network is eternal vigilance? Or something like that.
Re:Hemos, Can I borrow it (Score:1)
no problem (Score:2)
Government violates privacy precisely because they expect to labor under secrecy. If they didn't have that "expectation of privacy" that you talk about then they wouldn't trample all over the innocent.
Re:There are no *moral* arguments against regulati (Score:1)
Anonymous mailers, encryption, and online security is just the application of the ideals of privacy and personal rights in our technological society. Certainly they are used by criminals, in much the same way criminals now use banks, cars, and hand tools to perpetrate their crimes. At some point, the majority of the online population will be computer savvy enough to use these tools. That is the goal of the developers, to make online security and privacy as available as physical security and privacy.
I'll accept the risks. I'll do my best to prevent other people from making that decision for me.
They're coming for the privacy nuts now. Who's going to be left when they come for you?
Re:There are no *moral* arguments against regulati (Score:1)
Re:This is why the net will never work (Score:1)
Reality check (Score:2)
And nothing bad has ever happened to me. Am I just lucky or is this article a little hyperventilated?
There are an average of five to 15 bugs in every thousand lines of code, which means that Windows 98 is riddled with somewhere between 90,000 and 270,000 oopsies.
It's probably the use of "oopsies" by an adult that set me off, but the first half of that statement seems exaggerated and the second half is just bad logic. What, that absurd claim about "65,000+" documented bugs in W2K isn't absurd enough?
---------
Re:This is why the net will never work (Score:1)
So if we put a BFG9000 on it....
That was an interview? (Score:1)
Re:Hemos, Can I borrow it (Score:1)
There are no *moral* arguments against regulation (Score:1)
If that is the case, what possible arguements can we muster against things like internet regulation.
I'm afraid that there aren't any moral arguments than can be presented against allowing the agencies that protect us and our children to attempt to make the net a safer, more secure place for everyone. Strawman arguments for privacy only benefit those with something to hide, and allow criminals and terrorists to plan their campaigns behind the shield of anonymity. If we were supposed to be able to hide our wrongdoings, the Lord wouldn't have made us all different.
With the current increase in the amount of material like child pornography (up 19% last year according to FBI statistics) and terrorist manifestos, we need to have safeguards in place to deal with these threats. Unfortunately, the ivory tower academics that designed the net didn't think to include such measures, and as a result we're forced to add them now.
And what is the result? People with such petty, insignificant lives that no self-respecting law enforcement agency would want to snoop on them are complaining that their "privacy" is being violated. Wake up people, there are some very evil people out there, and it is our duty as decent Christians to do everything we can to help stop them.
---
Jon E. Erikson
Oh, Hemos. (Score:1)
What did you do, wait until you were almost finished with the book before posting this, so your book wouldn't get slashdotted?
--
Welcome to the Critic's Corner (Score:1)
Well hell I don't need a review now.
Re:There is hope yet (Score:2)
Most will choose stability, and I think, no I hope more are choosing security when programming but this also falls under the category of human error.
You say: We may not be able to fix the people, but I think fixing the the software is possible. All it requires is ridding the world of software licences that deny responsibility. Once financial gain is at stake, corporations will put a lot more time into security, and hopefully a lot less in screwing eachother for financial gain.
No matter what we do there will always be human error as a factor. No matter how much time is spent on a project looking for security holes there will, dare I say, always be another hole to be found by the bored teenager, security professional, etc... I think that is what Schneier is trying to say. No matter what we do there are always security problems and we just have to be prepared for those problems the best we can.