|
|
entry index
Keep secureAnswers from an expert on the changing
face of computer security
Security expert Bruce Schneier answered questions through the
Freakonomics blog. There are some great answers and comments on those answers.
Here are a few that just jumped out at me. Emphasis
added.
Identity verification will continue to be the hodge-podge of systems we have today. You’re recognized by your face when you see someone you know; by your voice when you talk to someone you know. Open your wallet, and you’ll see a variety of ID cards that identify you in various situations — some by name and some anonymously. Your keys “identify” you as someone allowed in your house, your office, your car. I don’t see this changing anytime soon, and I don’t think it should. Distributed identity is much more secure than a single system. I wrote about this in my critique of REAL ID. <snip> ...More and more, your data isn’t under your direct control. Your e-mail is at Google, Hotmail, or your local ISP. Online merchants like Amazon and eBay have records of what you buy, and what you choose to look at but not buy. Your credit card company has a detailed record of where you shop, and your phone company has a detailed record of who you talk to (your cell phone company also knows where you are). Add medical databases, government databases, and so on, and there’s an awful lot of data about you out there. And data brokers like ChoicePoint and Acxiom collect all of this data and more, building up a surprisingly detailed picture on all Americans. As you point out, one problem is that these commercial and government organizations don’t take good care of our data. It’s an economic problem: because these parties don’t feel the pain when they lose our data, they have no incentive to secure it. I wrote about this two years ago, stating that if we want to fix the problem, we must make these organizations liable for their data losses. Another problem is the law; our Fourth Amendment protections protect our data under our control — which means in our homes, in our cars, and on our computers. We don’t have nearly the same protection when we give our data to some other organization for use or safekeeping. That being said, there’s a lot you can do to secure your own data. I give a list here. <snip> Social engineering will always be easy, because it attacks a fundamental aspect of human nature. As I said in my book, Beyond Fear, “social engineering will probably always work, because so many people are by nature helpful and so many corporate employees are naturally cheerful and accommodating. Attacks are rare, and most people asking for information or help are legitimate. By appealing to the victim’s natural tendencies, the attacker will usually be able to cozen what she wants.” The trick is to build systems that the user cannot subvert, whether by malice, accident, or trickery. This will also help with the other problem you list: convincing individuals to take organizational security seriously. This is hard to do, even in the military, where the stakes are much higher. <snip> Brief note from NeoWayland:. I've recently bought the third season of Veronica Mars on DVD, great series. Most of the tactics used by Veronica Mars and her P.I. father used are based heavily on social engineering and are only one or two steps further than what most people would do. There’s a huge difference between nosy neighbors and cameras. Cameras are everywhere. Cameras are always on. Cameras have perfect memory. It’s not the surveillance we’ve been used to; it’s wholesale surveillance. I wrote about this here, and said this: “Wholesale surveillance is a whole new world. It’s not ‘follow that car,’ it’s ‘follow every car.’ The National Security Agency can eavesdrop on every phone call, looking for patterns of communication or keywords that might indicate a conversation between terrorists. Many airports collect the license plates of every car in their parking lots, and can use that database to locate suspicious or abandoned cars. Several cities have stationary or car-mounted license-plate scanners that keep records of every car that passes, and save that data for later analysis. “More and more, we leave a trail of electronic footprints as we go through our daily lives. We used to walk into a bookstore, browse, and buy a book with cash. Now we visit Amazon, and all of our browsing and purchases are recorded. We used to throw a quarter in a toll booth; now EZ Pass records the date and time our car passed through the booth. Data about us are collected when we make a phone call, send an e-mail message, make a purchase with our credit card, or visit a Web site.” What’s happening is that we are all effectively under constant surveillance. No one is looking at the data most of the time, but we can all be watched in the past, present, and future. And while mining this data is mostly useless for finding terrorists (I wrote about that here), it’s very useful in controlling a population. Great stuff and worth your time. 
Posted: Sat
- December
8, 2007 at 01:10 PM
|
 Pagan Vigil
Pagan philosopher, libertarian, and part-time trouble maker, NeoWayland watches for threats to individual freedom or personal responsiblity. There's more to life than just black and white, using only extremes just increases the problems.  My Thinking Blogger Nominees
Recent
Comments Search
Categories
Guest
Articles Interested in Pagan•Vigil hosting your articles? I'm always looking for tantalizing content that makes people think. Look here for details. E Pleb Neesta AdSense
Pagan Vigil assumes no responsibility for the advertisement content provided by Google, which is neither selected nor endorsed by NeoWayland.
NeoLinks
The News Right Now Radio Free Europe/Radio Liberty
Reason Magazine - Hit & Run Sunni Maravillosa and the Conspirators
Hammer of Truth Life, Liberty and the Pursuit of... Lady Liberty's Constitution Clearing House Law Enforcement Against Prohibition
no authority Center for a Stateless Society
Tammy Bruce.com Latino Issues: A Conservative Blog
The Nation
RealClimate
Papers, Please!
Letter from Hardscrabble Creek
You Are Not Alone A Big Idea from Eject! Eject! Eject! Fully Informed Jury Association World's Smallest Political Quiz Animated Introduction to the Philosophy of Liberty Institute for Liberty and Democracy
World of Ends 60 Second Refutation of Socialism, While Sitting at the Beach from Coyote Blog
World Religions - Religious Forums Ontario Consultants on Religious Tolerance
Who links to me? NeoBlogs
Books
Listmania - Liberty Basics 
Legal
All Guest Articles are © copyright by their respective authors for the date given and subject to the specific restrictions and permissions as stated in that article entry. Guest Article restrictions and permissions are specific to each article and may not be applied to another Guest Article.
Views and opinions expressed in Guest Articles do not necessarily reflect those of NeoWayland. Content from other sources is quoted under the fair use laws of the United States with clear reference to the source material. Unless otherwise noted, all other content at :
www.paganvigil.com Additional Redirect/Frame pages may be found at these web addresses:
members.aol.com/ If your web browser does not show one of these addresses, then this page being used without permission of the author. The views expressed by NeoWayland are his own and do not represent any other enity. NeoWayland freely accepts individual and sole responsibility for his words and actions.
XML/RSS Feeds
Statistics
|
