Sign in with Facebook
Secrets and Lies Quotes
Secrets and Lies: Digital Security in a Networked World
by
Bruce Schneier1,795 ratings, 3.93 average rating, 74 reviews
Open Preview
Secrets and Lies Quotes
Showing 1-7 of 7
“Anyone who tries to create his or her own cryptographic primitive is either a genius or a fool. Givent the genius/fool ratio of our species, the odds aren't very good.”
― Secrets and Lies: Digital Security in a Networked World
― Secrets and Lies: Digital Security in a Networked World
“If you do enough threat modeling, you start noticing all kinds of instances where people get the threat profoundly wrong:
* The cell phone industry spent a lot of money designing their systems to detect fraud, but they misunderstood the threat. They thought the criminals would steal cell phone service to avoid paying the charge. Actually, what the criminals wanted was anonymity; they didn't want cell phone calls traced back to them. Cell phone identities are stolen off the air, used a few times, and then thrown away. The antifraud system wasn't designed to catch this kind of fraud.
* The same cell phone industry, back in the analog days, didn't bother securing the connection because (as they said): 'scanners are expensive, and rare.' Over the years, scanners became cheap and plentiful. Then, in a remarkable display of not getting it, the same industry didn't bother securing digital cell phone connections because 'digital scanners are expensive, and rare.' Guess what? They're getting cheaper, and more plentiful.
* Hackers often trade hacking tools on Web sites and bulletin boards. Some of those hacking tools are themselves infected with Back Orifice, giving the tool writer access to the hacker's computer. Aristotle called this kind of thing 'poetic justice.'
[...]
These attacks are interesting not because of flaws in the countermeasures, but because of flaws in the threat model. In all of these cases, there were countermeasures in place; they just didn't solve the correct problem. Instead, they solved some problem near the correct problem. And in some cases, the solutions created worse problems than they solved.”
― Secrets and Lies: Digital Security in a Networked World
* The cell phone industry spent a lot of money designing their systems to detect fraud, but they misunderstood the threat. They thought the criminals would steal cell phone service to avoid paying the charge. Actually, what the criminals wanted was anonymity; they didn't want cell phone calls traced back to them. Cell phone identities are stolen off the air, used a few times, and then thrown away. The antifraud system wasn't designed to catch this kind of fraud.
* The same cell phone industry, back in the analog days, didn't bother securing the connection because (as they said): 'scanners are expensive, and rare.' Over the years, scanners became cheap and plentiful. Then, in a remarkable display of not getting it, the same industry didn't bother securing digital cell phone connections because 'digital scanners are expensive, and rare.' Guess what? They're getting cheaper, and more plentiful.
* Hackers often trade hacking tools on Web sites and bulletin boards. Some of those hacking tools are themselves infected with Back Orifice, giving the tool writer access to the hacker's computer. Aristotle called this kind of thing 'poetic justice.'
[...]
These attacks are interesting not because of flaws in the countermeasures, but because of flaws in the threat model. In all of these cases, there were countermeasures in place; they just didn't solve the correct problem. Instead, they solved some problem near the correct problem. And in some cases, the solutions created worse problems than they solved.”
― Secrets and Lies: Digital Security in a Networked World
“Security is hard; while you can show that a particular algorithm is weak, you can't show that one algorithm you don't know how to break is more secure than another.”
― Secrets and Lies: Digital Security in a Networked World
― Secrets and Lies: Digital Security in a Networked World
“Anyone who tries to create his or her own cryptographic primitive is either a genius or a fool. Givent the geius/fool ratio of our species, the odds aren't very good.”
― Secrets and Lies: Digital Security in a Networked World
― Secrets and Lies: Digital Security in a Networked World
“Windows NT is much worse. The operating system is an example of completely ignoring security lessons from history. Things that are in the kernel are defined as secure, so smart engineering says to make the kernel as small as possible, and make sure everything in it is secure. Windows seems to take the position that since things in the kernel are defined as secure, than you should put everything in the kernel.”
― Secrets and Lies: Digital Security in a Networked World
― Secrets and Lies: Digital Security in a Networked World
“Windows NT is much worse. The operating system is an example of completely ignoring security lessons from history. Things that are in the kernel are defined as secure, so smart engineering says to make the kernel as small as possible, and make sure everything in it is secure.”
― Secrets and Lies: Digital Security in a Networked World
― Secrets and Lies: Digital Security in a Networked World
“People don't understand computers. Computers are magical boxes in things. People believe what computers tell them. People just want to get their jobs done. people don't understand risks. They may, in a general sense, when the risk is immediate. People lock their doors and latch their windows. They check to make sure no one is following them when they down a darkened alley. People don't understand subtle threats, don't think that a package could be a bomb, or that the nice convenience store clerk might be selling credit card numbers to the mob on the side. And why should they? It almost never happens.”
― Secrets and Lies: Digital Security in a Networked World
― Secrets and Lies: Digital Security in a Networked World
