Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside The Twisted Mind of Bruce Schneier

Posted by Soulskill on from the it's-dark-in-here dept.

I Don't Believe in Imaginary Property writes "Bruce Schneier has an essay on the mind of security professionals like himself, and why it's something that can't easily be taught. Many people simply don't see security threats or the potential ways in which things can be abused because they don't intend to abuse them. But security pros, even those who don't abuse what they find, have a different way of looking at things. They always try to figure out all the angles or how someone could beat the system. In one of his examples, Bruce talks about how, after buying one of Uncle Milton's Ant Farms, he was enamored with the idea that they would mail a tube of live ants to anyone you asked them to. Schneier's article was inspired by a University of Washington course in which the professor is attempting to teach the 'security mindset.' Students taking the course have been encouraged to post security reviews on a class blog."

4 of 208 comments (clear)

  1. Disappointing by CRCulver · · Score: 3, Interesting

    It seems like ever since Bruce left the cryptography world for general security consulting, he's become less interested in giving useful advice and more interested in self-aggrandizing.

  2. In security by Z00L00K · · Score: 3, Interesting
    It's not necessarily to have a destructive mindset but a great deal of imagination and some paranoia.

    Such a personality may be disastrous in many other cases but works well when it comes to security work.

    And remember that most computer viruses in the beginning weren't really malicious - they just were there "because I can". Even those cases has to be taken into account by security people.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  3. You're damn right, most people don't get it! by MikeRT · · Score: 5, Interesting

    My instincts on this are more of "how would a criminal or terrorist" behave in this setting" because I grew up in a law enforcement family (both parents plus extended family). I've made a few "regular people" upset in the past by pointing out the idiocy of their evacuation plans to them in pointed detail. One example comes from high school when the school shootings were just starting to disappear from the news.

    Our school gets a bomb threat, and the teachers and administrators are freaked out. They move us all, I kid you not, to the football field where we are fenced in by chain link fence, about 1/3 of which is covered by barbed wire. So I point out to my history teacher, one of the only genuinely intelligent public school teachers I have ever met that we had been corralled into an enclosed area, surrounded by strong sniper nests (there were many points where a shooter with a 30.06 and a few mags could have unloaded with impunity), and that ironically, if there were a bomb, and the person who planted it were clever, they'd have put it under the bleachers where about 200-300 of us were sitting.

    He nodded his head in agreement that were this a real thing, we'd probably be fucked because of our administrators' plan, but the one or two regular teachers not far away who overheard acted like I was the real danger for pointing out what should been "the obvious" about this plan. Me? I'd have called in the buses, and shipped everyone off property to be safe right away.

  4. There's a fine line by petes_PoV · · Score: 3, Interesting
    between being "security conscious" and being completely paranoid. When it boils down to it, there's risk involved in everything we do. Nothing is completely secure and there's always a chance that something will go wrong.

    Sadly the world we live in today has massively overestimated the possiblity of problems and hugely inflates the effects they will have (in the tiny percent of occasions when they happen). I think this is a side-effect of improved communications: we all get to hear about the 1 in a million disaster stories, but never about all the other times, when everything goes right. This leads us to think that problems are more common than they actually are.

    The great thing about being a security professional is that you can never be proved wrong. If you claim a security hole and it is never exploited, no-one will say you're wrong - just that it hasn't been exploited yet. If we beleived everything these guys say, no-one would ever do anything as we'd all be too scared. Personally I think we should avoid the obvious problems, get on with our lives and accept that on a few, very few, occasions we might have to spend a little time sorting out a problem.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons