Bruce Schneier
There are two types of encryption: one that will prevent your sister from reading your diary and one that will prevent your government.Collection: Government
People don't understand computers. Computers are magical boxes that do things. People believe what computers tell them.Collection: Computers
I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'.Collection: Computers
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.Collection: Technology
Air travel survived decades of terrorism, including attacks which resulted in the deaths of everyone on the plane. It survived 9/11. It'll survive the next successful attack. The only real worry is that we'll scare ourselves into making air travel so onerous that we won't fly anymore.Collection: Travel
You can't defend. You can't prevent. The only thing you can do is detect and respond.
It is poor civic hygiene to install technologies that could someday facilitate a police state.
When a big company lays you off, they often give you a year's salary to 'go pursue a dream.' If you're stupid, you panic and get another job. If you're smart, you take the money and use the time to figure out what you want to do next.
No one can duplicate the confidence that RSA offers after 20 years of cryptanalytic review.
The user's going to pick dancing pigs over security every time.
Think of your existing power as the exponent in an equation that determines the value of information. The more power you have, the more additional power you derive from the new data.
There's an entire flight simulator hidden in every copy of Microsoft Excel 97.
It's frustrating; terrorism is rare and largely ineffectual, yet we regularly magnify the effects of both their successes and failures by terrorizing ourselves.
When people are scared, they need something done that will make them feel safe, even if it doesn't truly make them safer. Politicians naturally want to do something in response to crisis, even if that something doesn't make any sense. But unfortunately for politicians, the security measures that work are largely invisible.
Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy our country's way of life; it's only our reaction to that attack that can do that kind of damage.
Amateurs hack systems, professionals hack people.Collection: People
The mantra of any good security engineer is: "Security is a not a product, but a process." It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together.Collection: Strong
More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.Collection: Pigs
Security is a process, not a product.Collection: Process
People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.Collection: Security Systems
The more technological a society is, the greater the security gap is.Collection: Gaps
It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.Collection: Law
Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.Collection: Requirements
Surveillance is the business model of the Internet.Collection: Surveillance
History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.Collection: Technology
Only amateurs attack machines; professionals target people.Collection: People
If someone steals your password, you can change it. But if someone steals your thumbprint, you can't get a new thumb. The failure modes are very different.Collection: Different
Don't make the mistake of thinking you're Facebook's customer, you're not - you're the product.Collection: Mistake
Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.Collection: Locks
There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.Collection: Reading
Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.Collection: Clueless
The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember.Collection: Ideas
If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security.Collection: Lines
For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that-either now or in the uncertain future-patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.Collection: Children
Terrorists can only take my life. Only my government can take my freedom.Collection: Government
The very definition of news is something that hardly ever happens. If an incident is in the news, we shouldn't worry about it. It's when something is so common that its no longer news - car crashes, domestic violence - that we should worry.Collection: Worry
Privacy is a fundamental human need.Collection: Needs
Terrorism is a crime against the mind. We win by refusing fear.Collection: Winning
Buy American Doesn’t Sell Well Anymore Because It Means Give A Copy To The NSACollection: Mean
When my mother gets a prompt 'Do you want to download this?' she's going to say yes. It's disingenuous for Microsoft to give you all of these tools with which to hang yourself, and when you do, then say it's your fault.Collection: Mother
Given the credible estimate that we've spent $1 trillion on anti-terrorism securityCollection: Philosophical
But in this country, while you have to be competent to pull off a terrorist attack, you don't have to be competent to cause terror. All you need to do is start plotting an attack and - regardless of whether or not you have a viable plan, weapons or even the faintest clue - the media will aid you in terrorizing the entire population.Collection: Country
We no longer know whom to trust. This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix.Collection: Nsa
Technical problems can be remediated. A dishonest corporate culture is much harder to fix.Collection: Culture
It is sort of interesting that in our society this days we are very quick to apply the term 'war' to places where thare are no actual wars, and loath to apply the term 'war' when we are actually fighting wars.Collection: War
Societies without a reservoir of people who don't follow the rules lack an important mechanism for societal evolution. Vibrant societies need a dishonest minority; if society makes its dishonest minority too small, it stifles dissent as well as common crime.Collection: People
Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.Collection: Book
Chaos is hard to create, even on the Internet.Collection: Chaos
We can't keep weapons out of prisons; we can't possibly expect to keep them out of airports.Collection: Airports
Secret courts making secret rulings on secret laws, and companies flagrantly lying to consumers about the insecurity of their products and services, undermine the very foundations of our society.Collection: Lying