Search For:

Displaying 1-50 out of 51 total
IT for Oppression
Found in: IEEE Security & Privacy
By Bruce Schneier
Issue Date:March 2013
pp. 96
The Internet is becoming a tool for oppressive governments. Whether it's Syria using Facebook to help identify and arrest dissidents or China using its "Great Firewall" to limit access to international news throughout the country, repressive regi...
 
The Importance of Security Engineering
Found in: IEEE Security & Privacy
By Bruce Schneier
Issue Date:September 2012
pp. 88
Columnist Bruce Schneier makes the case for the community needing to learn to talk about security from a nontechnical angle, especially for policy makers, who need to learn how to follow a logical approach instead of an emotional one—an approach...
 
Security and Function Creep
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:January 2010
pp. 88
Far too often we build security for one purpose, only to find it being used for another purposeā€”one it wasn't suited for in the first place. And then the security system has to play catch-up.
 
Nonsecurity Considerations in Security Decisions
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:May 2007
pp. 88
Security decisions are generally made for nonsecurity reasons. For security professionals and technologists, this can be a hard lesson. We like to think that security is vitally important. But anyone who has tried to convince the sales VP to give up her de...
 
Airplane Hackers
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:November 2003
pp. 92
<p>The US Department of Homeland Security and the TSA have been attacked by their first hacker. He wasn?t a terrorist; he wasn?t out to take over the planes. He isn?t even a criminal; he didn?t try to extort money. He was a hacker, plain and simple. ...
 
How Changing Technology Affects Security
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:March 2012
pp. 104
We are vastly short of skilled security people. Therefore, we will never have more than we do now and those we have will never again make as much money as now they do.
 
Detecting Cheaters
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:March 2011
pp. 96, 95
Our brains are specially designed to deal with cheating in social exchanges. The evolutionary psychology explanation is that we evolved brain heuristics for the social problems that our prehistoric ancestors had to deal with. Once humans became good at che...
 
Security, Group Size, and the Human Brain
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:July 2009
pp. 88
If the size of your company grows past 150 people, it's time to get name badges. It's not that larger groups are somehow less secure, it's just that 150 is the cognitive limit to the number of people a human brain can maintain a coherent social relationshi...
 
Architecture of Privacy
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:January 2009
pp. 88
Columnist Bruce Schneier describes the importance of building IT architectures that protect privacy from the initial design and the importance of doing so for future generations.
 
How the Human Brain Buys Security
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:July 2008
pp. 80
Bruce Schneier examines prospect theory and how it applies to computer security. The solution is not to sell security directly, but to include it as part of a more general product or service. Vendors need to build security into the products and services th...
 
The Death of the Security Industry
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:November 2007
pp. 88
Noted security expert Bruce Schneier looks at the security industry as a whole and where it stands today.
 
University Networks and Data Security
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:September 2006
pp. 88
In general, the problems of securing a university network are no different than those of securing any other large corporate network. But when it comes to data security, universities have their own unique problems. It's easy to point fingers at students--a ...
 
SIMS: Solution, or Part of the Problem?
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:September 2004
pp. 88
The key to network security is people, not products. Piling more security products, such as SIMS, onto your network won?t help. This is why I believe that network security will eventually be outsourced. There?s no other cost-effective way to reliably get t...
 
Customers, Passwords, and Web Sites
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:July 2004
pp. 88
Through the use of Trojans and phishing, online criminals are increasingly turning to stealing passwords to earn their living.
 
Security and Compliance
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:May 2004
pp. 96
Just as I advocate software liability as a way to bring the externalities of insecure software into the software manufacturer?s decision-making process, I see data privacy laws as a way to force organizations to take personal data security protection more ...
 
Voting Security and Technology
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:January 2004
pp. 84
<p>Voting seems like the perfect application for technology, but actually applying it is harder than it first appears. To ensure that voters can vote honestly, they need anonymity, which requires a secret ballot.</p>
 
The Speed of Security
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:July 2003
pp. 96
<p></p>
 
Guilty Until Proven Innocent?
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:May 2003
pp. 88, 87
<p></p>
 
Locks and Full Disclosure
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:March 2003
pp. 88
<p>The full disclosure versus bug secrecy debate is a lot larger than computer security. Matt Blaze's article on master-key locking systems in this issue (page 24) is a case in point. It turns out that the ways we?ve learned to conceptualize security...
 
The Future of Incident Response
Found in: IEEE Security & Privacy
By Bruce Schneier
Issue Date:September 2014
pp. 96
Security is a combination of protection, detection, and response. It's taken the industry a long time to get to this point, though. The 1990s was the era of protection. Our industry was full of products that would protect your computers and network. By 200...
   
Trust in Man/Machine Security Systems
Found in: IEEE Security & Privacy
By Bruce Schneier
Issue Date:September 2013
pp. 96
The more machine security is automated, and the more the machine is expected to enforce security without human intervention, the greater the impact of a successful attack. If this sounds like an argument for interface simplicity, it is.
 
Trust in Man/Machine Security Systems
Found in: IEEE Security & Privacy
By Bruce Schneier
Issue Date:September 2013
pp. 96
The more machine security is automated, and the more the machine is expected to enforce security without human intervention, the greater the impact of a successful attack. If this sounds like an argument for interface simplicity, it is.
   
Empathy and Security
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:September 2011
pp. 88
While researching his new book, security expert Bruce Schneier examined the role morals play in providing security. Because security professionals spend most of their time dealing with attackers for whom morals aren't sufficient to keep them from doing wha...
 
A Taxonomy of Social Networking Data
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:July 2010
pp. 88
Bruce Schneier presents a taxonomy of social networking data--as we continue our conversations about what sorts of fundamental rights people have with respect to their data, and more countries contemplate regulation on social networking sites and user data...
 
The Zotob Storm
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:November 2005
pp. 96
Using Zotob worm outbreak as an example, Schneier discusses patches and security processes for preventing more worm outbreaks. Given that it's impossible to know what's coming beforehand, how you respond to an actual worm largely determines your defense?s ...
 
Guest Editors' Introduction: Economics of Information Security
Found in: IEEE Security and Privacy
By Ross Anderson, Bruce Schneier
Issue Date:January 2005
pp. 12-13
Often, the economic considerations of security are more important than the technical considerations. Guests editors Ross Anderson and Bruce Schneier present six articles that delve into all aspects of this economic angle.
 
Authentication and Expiration
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:January 2005
pp. 88
There's a security problem with many Internet authentication systems that's never talked about: there's no way to terminate the authentication.
 
Hacking the Business Climate for Network Security
Found in: Computer
By Bruce Schneier
Issue Date:April 2004
pp. 87-89
We need to change the economics of security, giving the businesses in the best position to fix the problem the motivation to do so.
 
We Are All Security Consumers
Found in: IEEE Security and Privacy
By Bruce Schneier
Issue Date:January 2003
pp. 104
<p>Bruce Schneier advocates security engineers educate consumers to become better security consumers.</p>
 
The Case for Outsourcing Security (Supplement to Computer Magazine)
Found in: Computer
By Bruce Schneier
Issue Date:April 2002
pp. 20-21, 26
Deciding to outsource network security is difficult. The stakes are high, so it?s no wonder that paralysis is a common reaction when contemplating whether to outsource or not:<ul><li>The promised benefits of outsourced security are so attractiv...
 
Cryptography: The Importance of Not Being Different
Found in: Computer
By Bruce Schneier
Issue Date:March 1999
pp. 108-109,112
No summary available.
 
Cryptographic Design Vulnerabilities
Found in: Computer
By Bruce Schneier
Issue Date:September 1998
pp. 29-33
Popular magazines often describe cryptography products in terms of algorithms and key lengths. These security techniques make good headlines (
 
Attack trends: 2004 and 2005
Found in: Queue
By Bruce Schneier
Issue Date:June 2005
pp. 52-53
Hacking has moved from a hobbyist pursuit with a goal of notoriety to a criminal pursuit with a goal of money.
     
Risks of third-party data
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:May 2005
pp. 136
Numerous organizational considerations influence packaged software purchasing.
     
Two-factor authentication: too little, too late
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:April 2005
pp. 136
Creating a new interconnection environment incorporating the Internet, sensor networks, mobile devices, and the interconnection semantics.
     
The nonsecurity of secrecy
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:October 2004
pp. 120
When it comes to gauging the value of IT certification for assessing the competency of job candidates, it really all depends on who's doing the hiring.
     
Insider risks in elections
Found in: Communications of the ACM
By Bruce Schneier, Paul Kocher
Issue Date:July 2004
pp. 104
The result is likely to be increased IT employment diffused throughout the U.S. economy, especially in non-tech industrial sectors.
     
Secure audit logs to support computer forensics
Found in: ACM Transactions on Information and System Security (TISSEC)
By Bruce Schneier, John Kelsey
Issue Date:November 1998
pp. 159-176
In many real-world applications, sensitive information must be kept it log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to l...
     
Cryptanalysis of Microsoft's point-to-point tunneling protocol (PPTP)
Found in: Proceedings of the 5th ACM conference on Computer and communications security (CCS '98)
By Bruce Schneier, Shai Mudge
Issue Date:November 1998
pp. 132-141
We introduce a new definition of confidentiality. It is demonstrated that this new definition, called prerequisite confidentiality, is more effective than previous definitions.We have developed a modelling scheme that is based upon event systems in order t...
     
Toward a secure system engineering methodolgy
Found in: Proceedings of the 1998 workshop on New security paradigms (NSPW '98)
By Bruce Schneier, Chris Salter, Jim Wallner, O. Sami Saydjari
Issue Date:September 1998
pp. 2-10
Virtual Environments (VEs) have the potential to revolutionize traditional product design by enabling the transition from conventional CAD to fully digital product development The presented prototype system targets closing the **digital gap” as intro...
     
Conditional purchase orders
Found in: Proceedings of the 4th ACM conference on Computer and communications security (CCS '97)
By Bruce Schneier, John Kelsey
Issue Date:April 1997
pp. 117-124
We introduce a new definition of confidentiality. It is demonstrated that this new definition, called prerequisite confidentiality, is more effective than previous definitions.We have developed a modelling scheme that is based upon event systems in order t...
     
Inside Risks: The perils of port 80
Found in: Communications of the ACM
By Bruce Schneier, Stephan Somogyi
Issue Date:January 1988
pp. 168
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.
     
Inside risks: cyber underwriters lab
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:January 1988
pp. 128
Case study findings from several corporate environments suggest that successful virtualization does not depend on the degree of technological sophistication. It's how the tools are used that matters.
     
Insurance and the computer industry
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:January 1988
pp. 114-115
Case study findings from several corporate environments suggest that successful virtualization does not depend on the degree of technological sophistication. It's how the tools are used that matters.
     
Inside risks: semantic network attacks
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:January 1988
pp. 168
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.
     
Inside risks: risks of PKI: e-commerce
Found in: Communications of the ACM
By Bruce Schneier, Carl Ellison
Issue Date:January 1988
pp. 152-R
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.
     
Inside risks: risks of PKI: secure email
Found in: Communications of the ACM
By Bruce Schneier, Carl Ellison
Issue Date:January 1988
pp. 160
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.
     
Inside risks: risks of relying on cryptography
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:January 1988
pp. 144
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.
     
Inside risks: the Trojan horse race
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:January 1988
pp. 128
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.
     
Inside risks: the uses and abuses of biometrics
Found in: Communications of the ACM
By Bruce Schneier
Issue Date:January 1988
pp. 136
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.
     
 1  2 Next >>