Bruce Schneier
Microsoft knows that reliable software is not cost effective. According to studies, 90% to 95% of all bugs are harmless. They're never discovered by users, and they don't affect performance. It's much cheaper to release buggy software and fix the 5% to 10% of bugs people find and complain about.Collection: Learning
ID can be hijacked, and cards can be faked. All of the 9/11 terrorists had fake IDs, yet they still got on the planes. If the British national ID card can't be faked, it will be the first on the planet.Collection: Fake
Why is it that we all - myself included - believe these stories? Why are we so quick to assume that the TSA is a bunch of jack-booted thugs, officious and arbitrary and drunk with power? It's because everything seems so arbitrary, because there's no accountability or transparency in the DHS.Collection: Believe
Cryptography products may be declared illegal, but the information will never beCollection: May
A colleague once told me that the world was full of bad security systems designed by people who read Applied CryptographyCollection: Security Systems
Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four.Collection: Children
Liberty requires security without intrusion, security plus privacy.Collection: Liberty
The question to ask when you look at security is not whether this makes us safer, but whether it's worth the trade-off.Collection: Looks
Metadata equals surveillance; it's that simple.Collection: Simple
Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but there is much more. Computer security helps ensure that your computers, networks, and peripherals work as expected all the time, and that your data is safe in the event of hard disk crash or a power failure resulting from an electrical storm. Computer security also makes sure no damage is done to your data and that no one is able to read it unless you want them to.Collection: Night
Surveillance of power is one of the most important ways to ensure that power does not abuse its status. But, of course, power does not like to be watched.Collection: Abuse
Digital files cannot be made uncopyable, any more than water can be made not wet.Collection: Water
It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security.Collection: Easier
And honestly, if anyone thinks they can get an accurate picture of anyplace on the planet by reading news reports, they're sadly mistaken.Collection: Reading
The fundamental driver in computer security, in all of the computer industry, is economics. That requires a lot of re-education for us security geeks.Collection: Fundamentals
I tell people: if it's in the news, don't worry about it, because by definition, news is something that almost never happens.Collection: People
The more we expect technology to protect us from people in the same way it protects us from nature, the more we will sacrifice the very values of our society in futile attempts to achieve this security.Collection: Sacrifice
Corporate and government surveillance aren't separate; they're an alliance of interests.Collection: Government
Choosing providers is not a choice between surveillance/not; it's just choosing which feudal lord gets to spy on you.Collection: Choices
The real targets of terrorism are the rest of us: the billions of us who are not killed but are terrorized because of the killing. The real point of terrorism is not the act itself, but our reaction to the act. And we're doing exactly what the terrorists want [...] Our politicians help the terrorists every time they use fear as a campaign tactic. The press helps every time it writes scare stories about the plot and the threat. And if we're terrified, and we share that fear, we help.Collection: Real
Microsoft made a big deal about Windows NT getting a C2 security rating. They were much less forthcoming with the fact that this rating only applied if the computer was not attached to a network and had no network card, and had its floppy drive epoxied shut, and was running on a Compaq 386. Solaris's C2 rating was just as silly.Collection: Running
It doesn't matter how good the card is if the issuance process is flawed.Collection: Cards
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community.Collection: Mean
Trying to make bits uncopyable is like trying to make water not wet. The sooner people accept this, and build business models that take this into account, the sooner people will start making money again.Collection: People
Something that looks like a protocol but does not accomplish a task is not a protocol—it’s a waste of time.Collection: Doe