-
Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.
--
Bruce Schneier
#Clueless
#Algorithms
#Break
-
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.
--
Bruce Schneier
#Technology
#Thinking
#Problem
-
More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.
--
Bruce Schneier
#Pigs
#Sharks
#Years
-
No one can duplicate the confidence that RSA offers after 20 years of cryptanalytic review.
--
Bruce Schneier
#Years
#Reviews
#Offers
-
People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.
--
Bruce Schneier
#People
#Links
#Responsible
-
For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that-either now or in the uncertain future-patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.
--
Bruce Schneier
#Children
#Eye
#Individuality
-
The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember.
--
Bruce Schneier
#Ideas
#Remember
#Easy
-
There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.
--
Bruce Schneier
#Reading
#Kids
#Government
-
Don't make the mistake of thinking you're Facebook's customer, you're not – you're the product,
--
Bruce Schneier
#Mistake
#Thinking
-
Terrorism isn't a crime against people or property. It's a crime against our minds, using the death of innocents and destruction of property to make us fearful. Terrorists use the media to magnify their actions and further spread fear. And when we react out of fear, when we change our policy to make our country less open, the terrorists succeed -- even if their attacks fail. But when we refuse to be terrorized, when we're indomitable in the face of terror, the terrorists fail -- even if their attacks succeed.
--
Bruce Schneier
#Country
#Media
#People
-
Amateurs hack systems, professionals hack people.
--
Bruce Schneier
#People
#Security
-
Security is a process, not a product.
--
Bruce Schneier
#Process
#Security
-
The user's going to pick dancing pigs over security every time.
--
Bruce Schneier
#Pigs
#Dancing
#Security
-
Think of your existing power as the exponent in an equation that determines the value of information. The more power you have, the more additional power you derive from the new data.
--
Bruce Schneier
#Thinking
#Data
#Information
-
Air travel survived decades of terrorism, including attacks which resulted in the deaths of everyone on the plane. It survived 9/11. It'll survive the next successful attack. The only real worry is that we'll scare ourselves into making air travel so onerous that we won't fly anymore.
--
Bruce Schneier
#Real
#Successful
#Air
-
Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy our country's way of life; it's only our reaction to that attack that can do that kind of damage.
--
Bruce Schneier
#Country
#Way
#Damage
-
When a big company lays you off, they often give you a year's salary to 'go pursue a dream.' If you're stupid, you panic and get another job. If you're smart, you take the money and use the time to figure out what you want to do next.
--
Bruce Schneier
#Dream
#Jobs
#Smart
-
Privacy is a fundamental human need
--
Bruce Schneier
#Needs
#Fundamentals
#Privacy
-
Microsoft knows that reliable software is not cost effective. According to studies, 90% to 95% of all bugs are harmless. They're never discovered by users, and they don't affect performance. It's much cheaper to release buggy software and fix the 5% to 10% of bugs people find and complain about.
--
Bruce Schneier
#Learning
#People
#Complaining
-
ID can be hijacked, and cards can be faked. All of the 9/11 terrorists had fake IDs, yet they still got on the planes. If the British national ID card can't be faked, it will be the first on the planet.
--
Bruce Schneier
#Fake
#Cards
#Firsts
-
Something that looks like a protocol but does not accomplish a task is not a protocol—it’s a waste of time.
--
Bruce Schneier
#Doe
#Tasks
#Looks
-
Technical problems can be remediated. A dishonest corporate culture is much harder to fix.
--
Bruce Schneier
#Culture
#Problem
#Corporate Culture
-
Only amateurs attack machines; professionals target people.
--
Bruce Schneier
#People
#Target
#Machines
-
Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four.
--
Bruce Schneier
#Children
#Government
#Drug
-
The very definition of news is something that hardly ever happens. If an incident is in the news, we shouldn't worry about it. It's when something is so common that its no longer news - car crashes, domestic violence - that we should worry.
--
Bruce Schneier
#Worry
#Car
#Domestic Violence
-
It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security.
--
Bruce Schneier
#Easier
#Illegal
#Security
-
if anyone thinks they can get an accurate picture of anyplace on the planet by reading news reports, they're sadly mistaken.
--
Bruce Schneier
#Reading
#Thinking
#News
-
Buy American Doesn’t Sell Well Anymore Because It Means Give A Copy To The NSA
--
Bruce Schneier
#Mean
#Nsa
#Giving
-
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community.
--
Bruce Schneier
#Mean
#Engineering
#Community
-
I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'.
--
Bruce Schneier
#Average
#Firsts
#Answers
-
People don't understand computers. Computers are magical boxes that do things. People believe what computers tell them.
--
Bruce Schneier
#Believe
#People
#Magic
-
Given the credible estimate that we've spent $1 trillion on anti-terrorism security
--
Bruce Schneier
#Philosophical
#Terrorism
#Social
-
History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.
--
Bruce Schneier
#Technology
#Errors
#Giving
-
The mantra of any good security engineer is: 'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together.
--
Bruce Schneier
#Strong
#Design
#Together
-
If someone steals your password, you can change it. But if someone steals your thumbprint, you can't get a new thumb. The failure modes are very different.
--
Bruce Schneier
#Different
#Thumbs
#Thumbprints
-
Microsoft made a big deal about Windows NT getting a C2 security rating. They were much less forthcoming with the fact that this rating only applied if the computer was not attached to a network and had no network card, and had its floppy drive epoxied shut, and was running on a Compaq 386. Solaris's C2 rating was just as silly.
--
Bruce Schneier
#Running
#Silly
#Cards
-
Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.
--
Bruce Schneier
#Locks
#Information
#Rooms
-
Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but there is much more. Computer security helps ensure that your computers, networks, and peripherals work as expected all the time, and that your data is safe in the event of hard disk crash or a power failure resulting from an electrical storm. Computer security also makes sure no damage is done to your data and that no one is able to read it unless you want them to.
--
Bruce Schneier
#Night
#Data
#Spy
-
Societies without a reservoir of people who don't follow the rules lack an important mechanism for societal evolution. Vibrant societies need a dishonest minority; if society makes its dishonest minority too small, it stifles dissent as well as common crime.
--
Bruce Schneier
#People
#Important
#Needs
-
It is poor civic hygiene to install technologies that could someday facilitate a police state.
--
Bruce Schneier
#Technology
#Hygiene
#Police
-
There are two types of encryption: one that will prevent your sister from reading your diary and one that will prevent your government.
--
Bruce Schneier
#Sister
#Reading
#Government
-
When my mother gets a prompt 'Do you want to download this?' she's going to say yes. It's disingenuous for Microsoft to give you all of these tools with which to hang yourself, and when you do, then say it's your fault.
--
Bruce Schneier
#Mother
#Giving
#Tools
-
Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
--
Bruce Schneier
#Book
#Example
#Amazon
-
Digital files cannot be made uncopyable, any more than water can be made not wet.
--
Bruce Schneier
#Water
#Digital
#Made
-
Terrorists can only take my life. Only my government can take my freedom.
--
Bruce Schneier
#Government
#Liberty
#Terrorist
-
I tell people if it's in the news don't worry about it. Because by definition news is something that almost never happens.
--
Bruce Schneier
#People
#Worry
#News
-
It doesn't matter how good the card is if the issuance process is flawed.
--
Bruce Schneier
#Cards
#Matter
#Flaws
-
Surveillance is the business model of the Internet.
--
Bruce Schneier
#Surveillance
#Internet
#Models
-
The fundamental driver in computer security, in all of the computer industry, is economics. That requires a lot of re-education for us security geeks.
--
Bruce Schneier
#Fundamentals
#Geek
#Computer
-
There's an entire flight simulator hidden in every copy of Microsoft Excel 97.
--
Bruce Schneier
#Excellence
#Microsoft
#Flight
-
Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.
--
Bruce Schneier
#Requirements
#Maintaining
#Dignity
-
We can't keep weapons out of prisons; we can't possibly expect to keep them out of airports.
--
Bruce Schneier
#Airports
#Weapons
#Prison
