Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bruce Schneier on What He Knows Best

Posted by CowboyNeal on from the smart-people-on-smart-topics dept.

Over at CSO Magazine there's a wonderful interview with Bruce Schneier, where he talks about cryptography and security. He has several good points, such as the physical security industry versus the IT security camp, and how true security really boils down to people problems. There's some good commentary on post-9/11 airport security regulations as well.

3 of 110 comments (clear)

  1. Re:Here's a link by Anonymous Coward · · Score: 1, Insightful

    If Slashdotters can use Google, then why is there an Ask Slashdot?

  2. Ummm by Neon_Mango · · Score: 2, Insightful

    Ok so lots of valuable company data is moved from your facility to a bank by an employee on a weekly basis? I think the weakest link in the chain is you. I'm just saying what's to stop someone from taking the tapes from you in transit? Sure the bank has good security (cameras, security guards, a vault), and your company most likely has good security too but when your in transit couldn't someone stop you and take the tapes from you (by force if needed)? Just out of curiosity are there any backup software packages (like something made by Veritas or Computer Associates) that will not only compress data before backup but also encrypt it?

  3. Re:An example by fm6 · · Score: 2, Insightful
    Insisting on me using a booth is like upgrading your encryption when users are writing their passwords on stickies attached to their monitors.
    Or like most banks' online transactions, which are encrypted by the maximum key length supported by non-export browsers, but makes no attempt to make its users use high-entropy passwords to access that encrypted data. My own bank just uses my ATM PIN, which only has 10,000 possible values!

    Most security measures serve to make people feel more secure, not make them safer. As witness the Maginot Line and the NRA.

    Though it does occur to me that a bank might have non-security reasons for insisting that safe-deposit boxes be accessed privately. Many boxes contain contraband, "dirty" money, and other stuff the bank works very hard at not knowing about. If they get in legal hot water, they can point at their see-no-evil policies as evidence of their non-complicity.