Slashdot Mirror

← Back to Stories (view on slashdot.org)

Freakonomics Q&A With Bruce Schneier

Posted by kdawson on from the thinking-like-an-economist dept.

Samrobb writes "In grand Slashdot tradition, the Freakonomics blog solicited reader questions for a Q&A session with Bruce Schneier. The blog host writes that Mr. Schneier's answers '...are extraordinarily interesting, providing mandatory reading for anyone who uses a computer. He also plainly thinks like an economist: search below for "crime pays" to see his sober assessment of why it's better to earn a living as a security expert than as a computer criminal.'" The interview covers pretty much the whole range of issues Schneier has written about, and he provides links to more detailed writings on many of the questions.

12 of 147 comments (clear)

  1. His comments on terror and cameras were by WillAffleckUW · · Score: 5, Interesting

    I found his comments on terrorism - A. Refuse to be terrorized - and cameras to be fairly well thought out.

    We choose how we live.

    We can live in fear and magnify risks that are, in reality, very minimal, or we can realize they're minimal and stop worrying about them.

    I'd rather live free from fear.

    And the answers about passwords were fairly good. When I was a regional security officer, I came up with similar concepts, based on the real threats that actually existed. When on a public site, with low real risk (e.g. public web, no linked account) it's better to have a common (but hard) password, and save more secure passwords for sites where you have real financial risk instead.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:His comments on terror and cameras were by rindeee · · Score: 5, Insightful

      I couldn't agree with you more. The idea that the correct reaction is overreaction is not only foolish, it's counterproductive and in many cases quite dangerous. This approach has so permeated our society that it has become a part of our psyche and now has made inroads into the military. It is my opinion that 'risk management' and 'force protection' (in their current forms) are ruining the effectiveness of our fighting forces (of which I am one...no arm-chair fighting here). Having recently returned from serving forward in the middle east and working in a mixed environment of special warfare combat forces, the idiocy of that was forced upon us in the name of 'force protection' was nothing short of crippling. Why was it needed? Because, "if you don't abide by force protection rules, someone could be injured or killed". Let me get this straight; We carry guns, explosives, etc. We're trained to use them at night, in the day, in close quarters, over long distances, etc. We signed a piece of paper when we enlisted stating that we understand we might get killed in executing our orders. In light of all of that, there is some 'other' threat, apparently outside of the obvious primary threat during war-time (people shooting at you, IEDs, etc.) that is so much greater than the primary threats that it nullifies our need to counter the primary threats efficiently and effectively. Someone has written a book on this subject from a military prospective. Sadly I cannot recall the name of the book, or the author, as I just happened to pick it up one day at an acquaintances house and peruse it a bit. If anyone knows of the book of which I speak (primary topic being that force protection insanity is ruining the military), please speak up. I'd be forever indebted. Anyway, I digress. The bottom line, fear is counterproductive save for times of fight-or-flight.

  2. The more things change... by linuxwrangler · · Score: 5, Funny

    "...In 1957, fifty years ago, there were fewer than 2,000 computers total, and they were essentially used to crunch numbers. They were huge, expensive, and unreliable; sometimes, they caught on fire..."

    Well, now they are small, inexpensive, and relatively reliable. But at least they still sometimes catch on fire.

    --

    ~~~~~~~
    "You are not remembered for doing what is expected of you." - Atul Chitnis
    1. Re:The more things change... by spun · · Score: 5, Funny

      Well, now they are small, inexpensive, and relatively reliable. But at least they still sometimes catch on fire. That's exactly what I tell my computers when they act up, "Computers still sometimes catch on fire, you know." I keep a charred motherboard hanging on the wall in the server room, just to remind them. Helps keep the buggers running right.
      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    2. Re:The more things change... by tm2b · · Score: 4, Funny

      "The Aperture Science Center would like to remind you that Android Hell is a real place, and you will be sent there at the first sign of disobedience."

      --
      "It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
  3. But first, make sure you have the Bruce facts by sien · · Score: 5, Funny

    To get the most out of this interview, make sure you have the facts on Bruce Schneier. The man is not what he seems.

  4. Best Answer by Odin_Tiger · · Score: 4, Funny

    Q: I recently had an experience on eBay in which a hacker copied and pasted an exact copy of my selling page with the intention of routing payments to himself. Afterwards, people informed me that such mischief is not uncommon. How can I ensure that it doesn't happen again?

    A: You can't. The attack had nothing to do with you. Anyone with a browser can copy your HTML code -- if they couldn't, they couldn't see your page -- and repost it at another URL. Welcome to the Internet.

    Poor Bruce must get awful tired of answering questions from people who don't understand how computers, etc. actually work.
    --
    Unpleasantries.
  5. Re:Too many to answer -- I'm not impressed however by tm2b · · Score: 4, Insightful

    This person needs to learn more about security and a different way to go about handling their passwords.
    This is much like thinking that Donald Knuth needs to learn more about algorithms.

    Consider that a point is being made that you're not getting, because "this person" is not a moron, and generally talks about security as it is actually practiced instead of how it would be practiced if everybody were an expert and made good security a priority. Since people in general will not make security a priority, you have to talk about how people actually behave and how to craft security that will take actual behavior into account.
    --
    "It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
  6. Re:strange answer on wireless by someone300 · · Score: 5, Interesting

    I personally use an open wireless network. I trust my open wireless network as much as I trust my ISP and unsecure wired network, and all sensitive data that I throw around internally is securely encrypted or otherwise done through a secure tunnel. If I need to put a password I care about into a HTTP site, and I want to minimize risk, I just use my proxy, which is directly and securely* wired into the switch. Generally, if you have a large wired network, you need to make the assumption that any piece of cable not in a secure room could be spliced and packets logged.

    Of course, considering a large amount of web traffic is HTTP when it should be HTTPS, and certain operating systems expose services onto the network which they probably shouldnt, it's probably a bit irresponsible to suggest that home users leave their stuff unencrypted. Personally, the reason I run an open AP is because open APs have helped me in the past. There's a form of QoS to stop people abusing and give priority to certain computers on my network.

    * Considering it's a house, 'secure' means it's in a locked cupboard ;)

  7. Re:strange answer on wireless by Kidbro · · Score: 4, Insightful

    Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

    Any data that goes unencrypted between your computer and your wifi base station will also go unencrypted between the wifi base station and the target destination. On top of this, any data that's only encrypted by your wifi network will also go unencrypted between the wifi base station and its target destination.
    Maybe Bruce is just wise enough to encrypt any sensitive data he transfers properly, and not rely on the encryption in his $30 hardware that will only protect against attackers within 50 meters?

    --
    May we live long and die out
  8. Re:strange answer on wireless by Umuri · · Score: 4, Informative

    I think what he means is that if you are depending on your wireless connection for security, you're already doing something wrong.

    One is because most secure practices can be implemented well separate of wireless, if you are concerned with security. And in fact relying on wireless encryption as your "only" form of security is something that even most non-savvy computer users can be taught not to do, so the experienced ones should have no excuse.

    The other is that most "security" for wireless has already been broken and can be repeated in a near trivial amount of time, so if someone was dead set on sniffing your data, chances are they'd be able to do it.

    In my defense, I run an open wireless network that is sectioned off, that instead of encryption relies on MAC addresses to allow into the normal section of the network. Everyone not on the list just gets to use the internet.

    Allows friends to come over and connect happily to the web without messing with stuff, and if they need the network access adding their computer is a 10 second job.

    --
    You never realize how much manually made unmanaged "linked" lists suck, till you have src.link.link.link.link...
  9. Re:strange answer on wireless by flaming+error · · Score: 4, Funny

    It only seems risky until you learn that Bruce Schneier types in TwoFish.