×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Freakonomics Q&A With Bruce Schneier

kdawson posted more than 6 years ago | from the thinking-like-an-economist dept.

Security 147

Samrobb writes "In grand Slashdot tradition, the Freakonomics blog solicited reader questions for a Q&A session with Bruce Schneier. The blog host writes that Mr. Schneier's answers '...are extraordinarily interesting, providing mandatory reading for anyone who uses a computer. He also plainly thinks like an economist: search below for "crime pays" to see his sober assessment of why it's better to earn a living as a security expert than as a computer criminal.'" The interview covers pretty much the whole range of issues Schneier has written about, and he provides links to more detailed writings on many of the questions.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

147 comments

/. Mods are Jew Rats (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21578401)

Waste your modpoints here, cocksucker.

Re:/. Mods are Jew Rats (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21578531)

A few years ago, while browsing around the library downtown, I
had to take a piss. As I entered the john a balding hippy type with a
pony tail and beard, moid forties, came out of one of the booths.
I stood at the urinal looking at him out of the corner of my eye as he
washed his hands. He didn't once look at me. He was talking to Linux torvaldes
and I didn't have a chance with him.

As soon as he left I darted into the booth he'd vacated,
hoping there might be a lingering smell of shit and even a seat still
warm from his hippy ass. I found not only the smell but the
shit itself. He'd forgotten to flush. And what a treasure he had left
behind. Three or four beautiful specimens floated in the bowl. It
apparently had been a fairly dry, constipated shit, for all were fat,
stiff, and ruggedly textured. The real prize was a great feast of turd
- a nine inch gastrointestinal triumph as thick as a man's wrist.

I knelt before the bowl, inhaling the rich brown fragrance and
wondered if I should obey the impulse building up inside me. I'd
always been a heavy rimmer and had lapped up more than one little
clump of shit, but that had been just an inevitable part of eating ass
and not an end in itself. Of course I'd had jerk-off fantasies of
devouring great loads of it (what rimmer hasn't), but I had never done
it. Now, here I was, confronted with the most beautiful five-pound
turd I'd ever feasted my eyes on, a sausage fit to star in any fantasy
and one I knew to have been hatched from the asshole of the world's
handsomest young stud.

Why not? I plucked it from the bowl, holding it with both
hands to keep it from breaking. I lifted it to my nose. It smelled
like rich, ripe limburger (horrid, but thrilling), yet had the
consistency of cheddar. What is cheese anyway but milk turning to shit
without the benefit of a digestive tract?

I gave it a lick and found that it tasted better then it
smelled. I've found since then that shit nearly almost does.

I hesitated no longer. I shoved the fucking thing as far into
my mouth as I could get it and sucked on it like a big brown cock,
beating my meat like a madman. I wanted to completely engulf it and
bit off a large chunk, flooding my mouth with the intense, bittersweet
flavor. To my delight I found that while the water in the bowl had
chilled the outside of the turd, it was still warm inside. As I chewed
I discovered that it was filled with hard little bits of something I
soon identified as peanuts. He hadn't chewed them carefully and they'd
passed through his body virtually unchanged. I ate it greedily,
sending lump after peanutty lump sliding scratchily down my throat. My
only regret was the donor of this feast wasn't there to wash it down
with his piss.

I soon reached a terrific climax. I caught my cum in the
cupped palm of my hand and drank it down. Believe me, there is no more
delightful combination of flavors than the hot sweetness of cum with
the rich bitterness of shit.

Afterwards I was sorry that I hadn't made it last longer. But
then I realized that I still had a lot of fun in store for me. There
was still a clutch of virile turds left in the bowl. I tenderly fished
them out, rolled them into my handkerchief, and stashed them in my
briefcase. In the week to come I found all kinds of ways to eat the
shit without bolting it right down. Once eaten it's gone forever
unless you want to filch it third hand out of your own asshole. Not an
unreasonable recourse in moments of desperation or simple boredom.

I stored the turds in the refrigerator when I was not using
them but within a week they were all gone. The last one I held in my
mouth without chewing, letting it slowly dissolve. I had liquid shit
trickling down my throat for nearly four hours. I must have had six
orgasms in the process.

I often think of that hippy guy dropping solid gold out
of his sweet, pink asshole every day, never knowing what joy it could,
and at least once did, bring to a grateful shiteater.

Re:/. Mods are Jew Rats (-1)

Anonymous Coward | more than 6 years ago | (#21578801)

Ok... eating a dude's shit turns you on. What about eating a girl's turd? If you found a nice big cosby kid in a toilet, not knowing the gender of the person, would you eat it?

Re:/. Mods are Jew Rats (0, Funny)

Anonymous Coward | more than 6 years ago | (#21579735)

Ok... eating a dude's shit turns you on. What about eating a girl's turd? If you found a nice big cosby kid in a toilet, not knowing the gender of the person, would you eat it?
He's a Mac user. Of course not.

Re:/. Mods are Jew Rats (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21579905)

not the OP, just a dude that likes leather, linux, and rimming...

I've eaten shit, drank piss, felched cum out of my fuck buddy's asshole, cleveland steamers, etc. You name, I've done. And if I haven't, I will tonight *grins*.

Eating shit is a sexual experience for us. Consider anal or oral sex. Does it matter if it's cock or pussy on the other side? You bet it does! (Unless oof course you're bi or pansexual.) I eat shit because it turns me on knowing this brown log was up another man's asshole (and sometimes it's just for the humiliation factor).

Re:/. Mods are Jew Rats (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21578553)

Squeegebar? Is that you?

His comments on terror and cameras were (5, Interesting)

WillAffleckUW (858324) | more than 6 years ago | (#21578431)

I found his comments on terrorism - A. Refuse to be terrorized - and cameras to be fairly well thought out.

We choose how we live.

We can live in fear and magnify risks that are, in reality, very minimal, or we can realize they're minimal and stop worrying about them.

I'd rather live free from fear.

And the answers about passwords were fairly good. When I was a regional security officer, I came up with similar concepts, based on the real threats that actually existed. When on a public site, with low real risk (e.g. public web, no linked account) it's better to have a common (but hard) password, and save more secure passwords for sites where you have real financial risk instead.

Re:His comments on terror and cameras were (5, Insightful)

rindeee (530084) | more than 6 years ago | (#21578791)

I couldn't agree with you more. The idea that the correct reaction is overreaction is not only foolish, it's counterproductive and in many cases quite dangerous. This approach has so permeated our society that it has become a part of our psyche and now has made inroads into the military. It is my opinion that 'risk management' and 'force protection' (in their current forms) are ruining the effectiveness of our fighting forces (of which I am one...no arm-chair fighting here). Having recently returned from serving forward in the middle east and working in a mixed environment of special warfare combat forces, the idiocy of that was forced upon us in the name of 'force protection' was nothing short of crippling. Why was it needed? Because, "if you don't abide by force protection rules, someone could be injured or killed". Let me get this straight; We carry guns, explosives, etc. We're trained to use them at night, in the day, in close quarters, over long distances, etc. We signed a piece of paper when we enlisted stating that we understand we might get killed in executing our orders. In light of all of that, there is some 'other' threat, apparently outside of the obvious primary threat during war-time (people shooting at you, IEDs, etc.) that is so much greater than the primary threats that it nullifies our need to counter the primary threats efficiently and effectively. Someone has written a book on this subject from a military prospective. Sadly I cannot recall the name of the book, or the author, as I just happened to pick it up one day at an acquaintances house and peruse it a bit. If anyone knows of the book of which I speak (primary topic being that force protection insanity is ruining the military), please speak up. I'd be forever indebted. Anyway, I digress. The bottom line, fear is counterproductive save for times of fight-or-flight.

Re:His comments on terror and cameras were (2, Interesting)

WillAffleckUW (858324) | more than 6 years ago | (#21578981)

Well, as a former Army Sergeant, I have to agree with you.

The concept of force protection arose from the objective of battle - the imposition of chaos on the enemy and the reduction of chaos on our own military and economic supply train. But there is no cost effectiveness analysis used, sadly.

Sometimes we need to realize that overreaction, and overprotection, are the wrong responses.

Is it truly worth the time delays and economic disincentives we impose on air travel to screen everyone? Is it worth the disruption to the system from a few networks that don't screen roaming IP wireless users properly to include them? Should we not instead choose more limited and more effective measures instead? For example, let's look at rogue wireless spammers. Why not just ban them until they fix their own routers - or only permit them to receive IP traffic but not send it? We could even screen the outbound IP traffic based on the origin, or insist they use try IPv6 secure traffic, so that we can impose more strict restrictions on just those networks that cause 80 percent of the problem.

But living in fear never works.

Re:His comments on terror and cameras were (1)

s20451 (410424) | more than 6 years ago | (#21579463)

I'm a former navy officer (Canada, not US). Surely you realize that the military doesn't give a rat's ass about you personally getting killed. What they want to prevent is the long string of flag-draped coffins streaming home that is sure to undermine public support for the broader mission.

Re:His comments on terror and cameras were (1)

rindeee (530084) | more than 6 years ago | (#21579717)

Of course, and I have no problem with this. I accepted the fact that I might meet my demise and I don't have any problem with the military taking an 'all business' view of this. My gripe is in the military adopting 'touchy-feely' models when it comes to killing people (sorry, but that IS the job of the military...it is NOT a policing force). Anyway, just one guys opinion. I appreciate your input.

Re:His comments on terror and cameras were (2, Insightful)

WillAffleckUW (858324) | more than 6 years ago | (#21579775)

What they want to prevent is the long string of flag-draped coffins streaming home that is sure to undermine public support for the broader mission.

Well, naval burials at sea make sea battles a bit more palatable.

However, even though Canadian popular support for the War in Afghanistan has gone down as a result of the flag-draped coffins which are more prominently shown on Canadian TV, it's still a lot higher than support here in the US where we basically ban national coverage of dead bodies or flag-draped coffins beyond the local news.

Basically, even though we choose to live in fear, it doesn't increase popular support. And, since you're in a country where people basically feel safe and are not used to living in fear, one could easily argue that that basic attitude probably has a lot to do with why there is more popular support, given the Canadian military being the bulk of the forces in Afghanistan, while most US forces are in Iraq.

Regardless, more interesting are the original article's commentary of Bruce Schneier's answers on privacy and the Net, especially public cameras and password security, IMHO.

Says the military brat: (3, Informative)

UncleTogie (1004853) | more than 6 years ago | (#21580289)

What they want to prevent is the long string of flag-draped coffins streaming home that is sure to undermine public support for the broader mission.

Correction: Actually, they're keeping us from seeing [thebostonchannel.com] the long string of flag-draped coffins streaming home...

I'll third that. (2, Interesting)

Xenographic (557057) | more than 6 years ago | (#21581699)

I'm not a soldier, but I arrived at essentially the same conclusions on my own, right down to writing passwords on a card in your wallet. In fact, I used to teach people that in a local basic computer security awareness class a local library held.

One important thing to note is that you have to be careful about password reuse. Oh, and email, no matter what, should NOT be considered "low security" no matter how boring your private life is because it can often be used as leverage to get more sensitive data. Look at this leak [mediadefen...enders.com] if you want to see the harm losing a simple Gmail account via password reuse can do.

As for the military issues, you have my sympathy. I sincerely wish we had leaders who would tell us "the only thing you have to fear is fear itself" and who would try to calm the public instead of using fear mongering tactics to consolidate political power. Unfortunately, from the responses we've seen over in Boston, I think that the public has been so irrationally terrified at this point that they won't listen any more. Not that I've heard many voices of reason speaking out to begin with, at least on TV.

What really sickens me is that this unrealistic threat evaluation is likely to get nice guys like you killed. I don't envy you :/

Why hard? (1)

SuperKendall (25149) | more than 6 years ago | (#21580847)

When on a public site, with low real risk (e.g. public web, no linked account) it's better to have a common (but hard) password,

No. The point is, it's better to have a common, and super easy to remember password that requires no difficulty at all to use and retain.

Low risk, remember? Why make it more likely you'll forget your common password after a two week trip. KISS.

This is why I despise sites of obviously low security interest, that enforce ANY kind of password limiting (like mandatory mix of numbers and letters and case).

Re:His comments on terror and cameras were (1)

i, Podius (1051904) | more than 6 years ago | (#21582281)

We can live in fear and magnify risks that are, in reality, very minimal, or we can realize they're minimal and stop worrying about them.
Very minimal is right! Consider this think piece [wordpress.com] on the relative dangers of terrorism and peanuts. The essay he linked to: "Portrait of the modern terrorist as an idiot [schneier.com]" mirrors my own thinking on the matters of airport security and average terrorist intelligence, for instance: why wouldn't a terrorist simply hide a dangerous NON-metallic implement under his shirt - perhaps a knife made of toughened glass or some such, to get through the metal detector? Or, better still, why bother boarding the plane at all? Surely these well-funded terrorist masterminds could see fit to sit two suburbs over from the airport with a shoulder-mounted rocket launcher [wikipedia.org]? I imagine if they timed it right at a peak hour, they could probably take out half a dozen aircraft and still get away to terrorise another day. But instead, we find ourselves under attack from shoe bombers [wikipedia.org] who are too stupid to think that maybe they should light their explosives somewhere where they won't be seen, like, say, the toilet?

I remember reading after the London bombings that the terrorists had bought return tickets, which lead the media to surmise that they had been duped into suicide-bombing, and they had expected that they would get away. However, now that I think about it, no-one considered the possibility that they incompetently set the timers? After all, anyone who buys a return ticket on a subway line that they're planning on blowing up obviously isn't the sharpest tool in the drawer.

What is the opinion on (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21578457)

Using abbreviated URLs [snipurl.com] like SnipURL?

Re:What is the opinion on (0)

Anonymous Coward | more than 6 years ago | (#21578683)

we love them

MOD PARENT UP (0)

Anonymous Coward | more than 6 years ago | (#21578697)

It's so much easier to post a snipurl into your html than a similar Google link [google.co.uk]. Plus, you know, they're trendier than the huge URLs you sometimes have to use.

Duh... (1)

FranTaylor (164577) | more than 6 years ago | (#21578521)

it's better to earn a living as a security expert than as a computer criminal

Watch "Catch Me If You Can", this was obvious a long time ago.

Re:Duh... ... not convinced (1)

petes_PoV (912422) | more than 6 years ago | (#21579061)

Better maybe, more profitable, hmmmmm.

The key difference is that most criminals are stupid, while most consultants are much more intelligent. I would suggest that for a given IQ (or however you want to measure intelligence) the balance is far more in favour of the criminal than an equally IQ-endowed consultant.

The reason being that there are more opportunities to get money from a criminal activity than from a security consultancy activity and it will always be easier to exploit a weakness than to fix it.

So why aren't there more super-villains?
Because it's not about the money, it's about the life-style. No really intelligent person would want to spend the rest of their life looking over their shoulder. Neither would they be dumb enough to think they had committed the perfect (i.e. untraceable) crime

Re:Duh... (1)

FranTaylor (164577) | more than 6 years ago | (#21579253)

Did you watch the movie? The dude made millions designing tamper-proof checks for the folks that he ripped off for small change when he was a crook.

Re:Duh... ... not convinced (0)

Anonymous Coward | more than 6 years ago | (#21579957)

So why aren't there more super-villains?
Because super villains don't get caught and hence you'll never hear of them. Otherwise they wouldn't be so super. Duh.

Re:Duh... (1)

TubeSteak (669689) | more than 6 years ago | (#21581137)

A: Basically, you're asking if crime pays. Most of the time, it doesn't, and the problem is the different risk characteristics. If I make a computer security mistake -- in a book, for a consulting client, at BT -- it's a mistake. It might be expensive, but I learn from it and move on. As a criminal, a mistake likely means jail time -- time I can't spend earning my criminal living. For this reason, it's hard to improve as a criminal.
1. Most criminals discount the risks that they're taking, which means they do not have a rational view of their "risk characteristics".

2. His conclusion, "it's hard to improve as a criminal" doesn't really follow from his previous sentence. Many criminals do improve in prison. Learning crime isn't hard when you have lots of free time, are surrounded by other criminals and have access to a library. His point may be somewhat valid for a hacker/cracker, but for all we know, the person will come out with a whole new set of (computer) scams.

The more things change... (5, Funny)

linuxwrangler (582055) | more than 6 years ago | (#21578525)

"...In 1957, fifty years ago, there were fewer than 2,000 computers total, and they were essentially used to crunch numbers. They were huge, expensive, and unreliable; sometimes, they caught on fire..."

Well, now they are small, inexpensive, and relatively reliable. But at least they still sometimes catch on fire.

Re:The more things change... (5, Funny)

spun (1352) | more than 6 years ago | (#21578911)

Well, now they are small, inexpensive, and relatively reliable. But at least they still sometimes catch on fire.
That's exactly what I tell my computers when they act up, "Computers still sometimes catch on fire, you know." I keep a charred motherboard hanging on the wall in the server room, just to remind them. Helps keep the buggers running right.

Re:The more things change... (4, Funny)

tm2b (42473) | more than 6 years ago | (#21579465)

"The Aperture Science Center would like to remind you that Android Hell is a real place, and you will be sent there at the first sign of disobedience."

Re:The more things change... (1)

Krishnoid (984597) | more than 6 years ago | (#21579053)

At least this device [youtube.com] from an IBM training film was particularly robust for its time (pre-1970). But it also caught fire, after a sort.

Re:The more things change... (1)

TheThiefMaster (992038) | more than 6 years ago | (#21579873)

But at least they still sometimes catch on fire.
Mine did.

Twice.

The first was a cheap psu that didn't have short-protection. I'd miswired my front mic/headphone sockets (the case used individual pins instead of a solid plug, and the pins, motherboard and motherboard manual were all labelled differently). I plugged in my headset and "BOOM", I lost the psu. And the fuse in the plug. The psu was full of loose peices afterwards, and a lot of black. Oddly, the motherboard and headset both survived.

The second was a dodgy gigabyte motherboard, with an (optional, but it came bundled) add-in card for the voltage converter (12-phase or something stupid, advertised and everything). I thought, "why not? It says it provides more stable power than the on-board circuits, and with sensitive electronics like a cpu it should really help." The add-in board fell out while the pc was on. THAT'S NOT WHAT I CALL STABLE POWER! The motherboard's own power converters (add-in was optional remember, so it did have them) blew out from the sudden load (flames and everything), and I lost the motherboard. Oh, and the cpu. And the graphics card. The psu survived though, I'd learnt that lesson the first time :)

Essentially, don't buy excessively cheap or gimmicky pc parts, they're not worth the fire hazard.

Re:The more things change... (0)

Anonymous Coward | more than 6 years ago | (#21580829)

> I'd miswired my front mic/headphone sockets (the case used individual pins instead of a solid plug, and the pins, motherboard and motherboard manual were all labelled differently). I plugged in my headset and "BOOM", I lost the psu. And the fuse in the plug. The psu was full of loose peices afterwards, and a lot of black. Oddly, the motherboard and headset both survived.

A case of poor design.

Any power transistor should blow fast enough... to protect the fuse that supposedly protects it.

In your case, somebody goofed. Sure, the big transistor blew, but all the transistors on the motherboard, nor the impedance in your headphones, still didn't blow fast enough to protect that fuse :)

Freakonomics Q&A with Jonathan Coulton (3, Interesting)

FleaPlus (6935) | more than 6 years ago | (#21578575)

I don't think this was mentioned on slashdot, but since this is quasi-related I thought I'd mention that a couple weeks ago Freakonomics also had a Q&A with Jonathan Coulton [nytimes.com], a really awesome (IMHO) singer-songwriter who releases many of his songs under a Creative Commons [jonathancoulton.com] license and whose music often has a rather geeky tilt. He also got quite a bit of attention recently for writing the song "Still Alive" which plays at the end of Portal. Here's a few neat quotes from the interview:

Q: Do you think having music available for free will make releasing some of it on a traditional album more difficult? Also, why aren't more of your songs available on Yahoo Music Engine or iTunes?

A: It's always hard to figure out the actual numbers on this, but I definitely get the feeling that having a more open attitude with MP3s has contributed to my ability to actually make a living. More and more, people don't like to buy things that they haven't heard first, which makes perfect sense when you think about it. This is why they have listening stations in record stores (er, I mean, when they used to have record stores). And because I depend so heavily on word of mouth marketing, it's extremely important that it's as easy as possible to hear my stuff. Again, it comes down to the extremely low cost that comes with digital content -- it's okay if only a small percentage of listeners buy, as long as the number of listeners is very high. That can only happen if you let people listen. ...

Q: When you wrote "Still Alive" for Portal did you have any idea how well the synergy would be with the game? I don't think that there has every been ending credits in any media that has matched the love that people have for the end of Portal. Have you been asked to work on any other video game music since the release of Portal?

A: One of the reasons I agreed to do it was that I understood the character so well -- it was one of those things where I looked at what they had created and it made absolute sense to me. We didn't know all the details of how we were going to finish the game, but I really could sort of feel how it was supposed to end up. Of course I'm thrilled with the reception, and it's been much larger and more positive than I could have imagined. There's nothing else in the works at the moment, but I'm definitely open to doing more things like that if it's the right project. ...

Q: When will Valve release a video game that is also a full musical comedy?

A: Yes please. That would be a great deal of fun to do, whether or not it was any fun to play. I'll put you in touch with Gabe and you can insist that he make it happen.

Re:Freakonomics Q&A with Jonathan Coulton (1)

Etrias (1121031) | more than 6 years ago | (#21578651)

Q: When will Valve release a video game that is also a full musical comedy?

A: Yes please. That would be a great deal of fun to do, whether or not it was any fun to play. I'll put you in touch with Gabe and you can insist that he make it happen.


I got it. The musical Gordon Sings! Released from his mute state, turns out that all he wanted to do was sing and dance, but instead had to save the world. Twice. (Maybe three times)

Re:Freakonomics Q&A with Jonathan Coulton (1)

davidsyes (765062) | more than 6 years ago | (#21579159)

Yeh... like "Combat Riverine Dance", in which FPRD (First-Person River Dancers) stomp the living this, umm living shit out of da enemy... whomever "da enemy" is.

Valve CRD Slogan: "These boots were made for trompin' and stompin'"

Character sayings:

"I love the smell of worn leather in the morning..."

"We don't need no stinkin' bullets..."

"'Air strike'? What's that? All I need is my BOOTS and dazzlin piurette (sp?) and some GRENADES..."

"This is my RIFLE, THIS is my GUN, these are my piurettes, dazzzling by buns..."

Now, all they need is urban combat themed leotards, grenade satchels, and some fluttery helmet garb and a new era of war and pea.. umm piece can commence...

(But, first, send those dipshit politicians to combat first, or back to combat if they've forgotten due to the smell of contract money...)

But first, make sure you have the Bruce facts (5, Funny)

sien (35268) | more than 6 years ago | (#21578579)

To get the most out of this interview, make sure you have the facts [geekz.co.uk] on Bruce Schneier. The man is not what he seems.

Re:But first, make sure you have the Bruce facts (1)

sconeu (64226) | more than 6 years ago | (#21578731)

Who would win a 3-way fight between Chuck Norris, Jack Bauer, and Bruce Schneier?

For full credit, please show your work.

Re:But first, make sure you have the Bruce facts (2, Funny)

JK_the_Slacker (1175625) | more than 6 years ago | (#21579983)

I'm not sure, but I do know that Jason Bourne would limp away.

Oh, and don't forget about the explosion that almost (ALMOST) kills John McClane.

Re:But first, make sure you have the Bruce facts (1)

ceoyoyo (59147) | more than 6 years ago | (#21581815)

Nobody wins in a three-way between CN, JB and BS.

Oh, three-way FIGHT. Whoops.

Re:But first, make sure you have the Bruce facts (1)

mcrbids (148650) | more than 6 years ago | (#21578883)

I like how your linked website downloads random binary files. I'd guess that this is a MALWARE site... (running the GNU "file" command on the binary indicated it as "data" - unknown)

Re:But first, make sure you have the Bruce facts (1)

meringuoid (568297) | more than 6 years ago | (#21579143)

We can add a new one:

Bruce Schneier doesn't bother to secure his wireless network at all. Who would dare, anyway?

FTA: several websites (2, Funny)

mseidl (828824) | more than 6 years ago | (#21578597)

There are several Web sites where I pay for access, and I have the same password for all of them.

And these sites have content, content which gets stored under /.pr0n

Re:FTA: several websites (0)

Anonymous Coward | more than 6 years ago | (#21579005)

content which gets stored under /.pr0n
/.porn? slashdot porn?!??!

Dear sir, please keep your collection to yourself.

Hmmm.... (0)

Anonymous Coward | more than 6 years ago | (#21578629)

Misspelling his name in the first sentence isn't such a good start.

Anyway, I've always found the blogogroupies who cluster around low-level celebrities like both parties here to be a bit creepy. Better Schneier or whatever Freakonomics' name is, who have some useful content, than someone as pointless as Wil Wheaton, but still...

Re:Hmmm.... (0)

Anonymous Coward | more than 6 years ago | (#21581701)

Yeah, I'm a recovering Schneier addict myself. The man is brilliant in crytpogrophy, and for that reason alone he remains in my rss feeds. However, his views on terrorism are often contradictory and he jumps to conclusions without researching all of the facts. But those who post on his blog are often quite mindless groupies. Oh well, I got over my courtney love addiction, I suppose this is easier and less insane. Although, I wonder what she's up to now...

Best Answer (4, Funny)

Odin_Tiger (585113) | more than 6 years ago | (#21578861)

Q: I recently had an experience on eBay in which a hacker copied and pasted an exact copy of my selling page with the intention of routing payments to himself. Afterwards, people informed me that such mischief is not uncommon. How can I ensure that it doesn't happen again?

A: You can't. The attack had nothing to do with you. Anyone with a browser can copy your HTML code -- if they couldn't, they couldn't see your page -- and repost it at another URL. Welcome to the Internet.

Poor Bruce must get awful tired of answering questions from people who don't understand how computers, etc. actually work.

Re:Best Answer (0)

Anonymous Coward | more than 6 years ago | (#21582177)

He missed the opportunity to mention digital signatures, which although not practical today, is the fix to this exact problem.

They could copy her page, but try to modify the payment information and it would fail to validate the signature.

A billion times... (2, Interesting)

Spy der Mann (805235) | more than 6 years ago | (#21578895)

FTA:

Moore's Law predicts that in fifty years, computers will be a billion times more powerful than they are today. I don't think anyone has any idea of the fantastic emergent properties you get from a billion-times increase in computing power.


I do have an idea. For starters, Holovideo. Computers a billion times more powerful than today's will be able to calculate the interference equations required to display true color live holograms on flat screens - or glasses.

Just think about it, put on your glasses and everything seems normal. Turn on your (wearable?) computer and you'll be able to interact (let's assume the glasses got tiny cameras on them, thanks to transparent electronics) with holographic objects - which may include virtual displays which you can move with your hand, a-la minority report (or a-la Nadesico if you're an anime fan ^^). Who says you'll need to use physical keyboards? Probably they'll be virtual, too! No more Repetitive Strain. And that's just for starters - imagine playing with rubik cubes or analyzing/debugging code (for programmers) in 3D.

However, I wonder if software will be advanced enough by then to have AI agents assisting you like most sci-fi flicks. Usually software is the barrier in computing. Programmers are slow.

Re:A billion times... (3, Funny)

AuntieWillow (1188799) | more than 6 years ago | (#21578941)

FTA:

However, I wonder if software will be advanced enough by then to have AI agents assisting you like most sci-fi flicks. Usually software is the barrier in computing. Programmers are slow.
Programmers are slow because, like me, they're probably surfing /. :-)

Re:A billion times... (1)

calebt3 (1098475) | more than 6 years ago | (#21579591)

Your not thinking big enough. How about a Matrix-like storage place for our bodies while we have a live direct-to mind interface with a Star-Trek-like hologram body that we use to interact with the world. It would never get tired physically, can't get injured, have superhuman senses, and it could look like whatever we wanted it to (human or otherwise). Now that would be awesome!

Re:A billion times... (1)

Colin Smith (2679) | more than 6 years ago | (#21579863)

I don't think anyone has any idea of the fantastic emergent properties you get from a billion-times increase in computing power.
I do. You're something similar right now.

 

Re:A billion times... (1)

PWNT (985141) | more than 6 years ago | (#21581615)

ya at a billion times the energy requirements. no thanks, i do not want to require a portable nuclear reactor with me.

Too many to answer -- I'm not impressed however. (0)

garcia (6573) | more than 6 years ago | (#21578929)

This is an economics blog, so you tell me: why don't the computer companies compete on boot-speed?

7 to 10 years ago that might have been a problem but these days with people booting at most once or twice a day (and the majority just putting their laptops to sleep or not turning their machines off at all) I don't see why we should even be discussing this topic.

I can't. No one can; there are simply too many. But I have a few strategies.

None of which are acceptable. This person needs to learn more about security and a different way to go about handling their passwords. Based on the techniques I use I am able to remember every single password for every single site I use with 99% of them being different (I have some legacy passwords on sites that don't require security in the first place but that's because I'm lazy).

There will never be a global repository for public keys, for the same reason there isn't a single ID card in your wallet.

Never is a long time and just like the sci-fi writers of the past getting stuff wrong, this guy is likely to get this wrong as well. If the slippery slope continues to degrade as it has been for the last 7 years, I have a feeling that we will see a different world stage with the players running that stage handling things a little differently than we would have thought about 10 years ago or even today...

There are probably zillions of books and classes on basic computer and Internet skills, and I wouldn't even know where to begin to suggest one. Okay, that's a lie. I do know where to begin. I would Google "basic computer skills" and see what comes up.

This tutorial [umuc.edu] is the first hit. While interesting, I don't believe it's someone who is interested in learning basic computer skills is going to stumble across -- even if you told them what to do. I work with those that don't even have the most basic computer skills and believe me, when you tell them to Google something it isn't processed like it is by those that have at least some basic skills.

Re:Too many to answer -- I'm not impressed however (2, Funny)

jjohnson (62583) | more than 6 years ago | (#21579305)

This person needs to learn more about security



You think Bruce Schneier needs to learn more about security?

Re:Too many to answer -- I'm not impressed however (0)

Anonymous Coward | more than 6 years ago | (#21579337)

Yeah, his response to the question about passwords was absolutely fucking lame. I thought I already explained that.

Re:Too many to answer -- I'm not impressed however (1)

jjohnson (62583) | more than 6 years ago | (#21580143)

No, you just bragged about your extremely clever system for memorizing passwords (that you didn't describe).

Regardless, Schneier's solution is vastly more useful in practice for, well, everyone else.

You still sound like you have no clue who this guy is.

Re:Too many to answer -- I'm not impressed however (4, Insightful)

tm2b (42473) | more than 6 years ago | (#21579561)

This person needs to learn more about security and a different way to go about handling their passwords.
This is much like thinking that Donald Knuth needs to learn more about algorithms.

Consider that a point is being made that you're not getting, because "this person" is not a moron, and generally talks about security as it is actually practiced instead of how it would be practiced if everybody were an expert and made good security a priority. Since people in general will not make security a priority, you have to talk about how people actually behave and how to craft security that will take actual behavior into account.

Re:Too many to answer -- I'm not impressed however (1)

swillden (191260) | more than 6 years ago | (#21579851)

Based on the techniques I use I am able to remember every single password for every single site I use with 99% of them being different

And all of those passwords are:

  • at least 10 characters in length;
  • "random", containing no dictionary words or other predictable sequences;
  • a mixture of letters (upper and lowercase), numbers and punctuation marks; and
  • not related in any way that would allow an attacker who has seen several of them to derive another one.

Right?

This person needs to learn more about security and a different way to go about handling their passwords.

You do realize that this is like suggesting that the Pope learn more about Catholicism, right? Bruce Schneier started as a serious academic cryptographer and branched out into more general security topics. At this point he's more of a public figure than a top tier researcher, but he's still very, very knowledgeable. The safe assumption is that he has considered and discarded whatever sort of scheme you use. Perhaps you've invented something he hasn't seen, but the odds of that are extremely slim.

Re:Too many to answer -- I'm not impressed however (0)

Anonymous Coward | more than 6 years ago | (#21580547)

And all of those passwords are:

Yeah, they are. All of them. Thanks for posting what I figured was obvious and unnecessary.

Re:Too many to answer -- I'm not impressed however (1)

swillden (191260) | more than 6 years ago | (#21582155)

And all of those passwords are:

Yeah, they are. All of them. Thanks for posting what I figured was obvious and unnecessary.

I strongly doubt it. Especially the part about not being related to one another. That's very difficult to do effectively, without using a strong one-way function.

Re:Too many to answer -- I'm not impressed however (0)

Anonymous Coward | more than 6 years ago | (#21580219)

Writing down passwords is perfectly acceptable (i.e. preferable to poor passwords) as long as you never write down the purpose of the passwords and have several of them. Padding the list with fake passwords is okay. If someone steals your password list they will have your passwords, but no idea where those passwords are supposed to be used. Assuming the thief is someone who knows where you might use those passwords they will still have to guess which password to use before you change the password or the system locks them out for too many login attempts. Adding bogus characters to the passwords makes it basically impossible for someone to use your list.

Re:Too many to answer -- I'm not impressed however (1)

ZachPruckowski (918562) | more than 6 years ago | (#21581123)

None of which are acceptable. This person needs to learn more about security and a different way to go about handling their passwords. Based on the techniques I use I am able to remember every single password for every single site I use with 99% of them being different (I have some legacy passwords on sites that don't require security in the first place but that's because I'm lazy).

First of all, you saying "[Bruce Schneier] needs to learn more about security" is like me saying "the Pope needs to learn more about being Catholic".

The reason Mr. Schneier suggested as he did is self-evident: He's addressing non-nerds and wanted to give an answer that balances ease with power. Even a simple two-password system beats the crap out of "password". And note that he said "pay for access" and not "can use my credit card". Thus, you have a three-tiered system: low-level passwords that while embarrassing if stolen, represent no serious loss if cracked and are not very valuable (like Slashdot); mid-level passwords that represent some target to thieves, but little actual loss if compromised (Lexis Nexis, say), and finally the top layer, like Amazon, where having your password lets one purchase things at your expense. Suggesting the writing the passwords down thing was smart, because most people wouldn't, and that prevents them from voluntarily having a password over 6 alphanumeric characters.

Judging by your other thoughts in the comment, I think the overall problem you have is not recognizing that Bruce Schneier is "talking down to" (in a non-condescending way) the Freakonomics readers. A Slashdot Q&A would probably be more in-depth, and would probably offer more complex advice. He's smart enough not to try to push these guys from A to Z in a day. He just wants to get them from A to B.

strange answer on wireless (3, Interesting)

SEAL (88488) | more than 6 years ago | (#21579317)

Q: Is there any benefit to password protecting your home Wifi network? I have IT friends that say the only real benefit is that multiple users can slow down the connection, but they state that there is no security reason. Is this correct?

A: I run an open wireless network at home. There's no password, and there's no encryption. Honestly, I think it's just polite. Why should I care if someone on the block steals wireless access from me? When my wireless router broke last month, I used a neighbor's access until I replaced it.
That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

Re:strange answer on wireless (1)

gnasher719 (869701) | more than 6 years ago | (#21579517)

That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.
What is more likely to happen: That someone reads sensitive data from his unprotected wireless network, or that he is killed in a complete random traffic accident?

Re:strange answer on wireless (2, Insightful)

maraist (68387) | more than 6 years ago | (#21580179)

That someone reads sensitive data from his unprotected wireless network, or that he is killed in a complete random traffic accident?

Or C) that an industrious/bored male techno-teenager lives within his wifi range

Re:strange answer on wireless (5, Interesting)

someone300 (891284) | more than 6 years ago | (#21579637)

I personally use an open wireless network. I trust my open wireless network as much as I trust my ISP and unsecure wired network, and all sensitive data that I throw around internally is securely encrypted or otherwise done through a secure tunnel. If I need to put a password I care about into a HTTP site, and I want to minimize risk, I just use my proxy, which is directly and securely* wired into the switch. Generally, if you have a large wired network, you need to make the assumption that any piece of cable not in a secure room could be spliced and packets logged.

Of course, considering a large amount of web traffic is HTTP when it should be HTTPS, and certain operating systems expose services onto the network which they probably shouldnt, it's probably a bit irresponsible to suggest that home users leave their stuff unencrypted. Personally, the reason I run an open AP is because open APs have helped me in the past. There's a form of QoS to stop people abusing and give priority to certain computers on my network.

* Considering it's a house, 'secure' means it's in a locked cupboard ;)

Re:strange answer on wireless (4, Insightful)

Kidbro (80868) | more than 6 years ago | (#21579655)

Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

Any data that goes unencrypted between your computer and your wifi base station will also go unencrypted between the wifi base station and the target destination. On top of this, any data that's only encrypted by your wifi network will also go unencrypted between the wifi base station and its target destination.
Maybe Bruce is just wise enough to encrypt any sensitive data he transfers properly, and not rely on the encryption in his $30 hardware that will only protect against attackers within 50 meters?

Re:strange answer on wireless (3, Informative)

Cal Paterson (881180) | more than 6 years ago | (#21580007)

This is excellent logic, but I think much of the reasoning behind wifi encryption is that people who do connect to your wifi are essentially getting to fire a load of packets around the internet with your name on them.

Which could be worrying or not, depending on their interests. The number of people connecting to open access points to use kazaa to download the latest movie blockbuster would worry me if I was in an apartment building or something.

Re:strange answer on wireless (4, Informative)

Umuri (897961) | more than 6 years ago | (#21579663)

I think what he means is that if you are depending on your wireless connection for security, you're already doing something wrong.

One is because most secure practices can be implemented well separate of wireless, if you are concerned with security. And in fact relying on wireless encryption as your "only" form of security is something that even most non-savvy computer users can be taught not to do, so the experienced ones should have no excuse.

The other is that most "security" for wireless has already been broken and can be repeated in a near trivial amount of time, so if someone was dead set on sniffing your data, chances are they'd be able to do it.

In my defense, I run an open wireless network that is sectioned off, that instead of encryption relies on MAC addresses to allow into the normal section of the network. Everyone not on the list just gets to use the internet.

Allows friends to come over and connect happily to the web without messing with stuff, and if they need the network access adding their computer is a 10 second job.

Re:strange answer on wireless (4, Funny)

flaming error (1041742) | more than 6 years ago | (#21579969)

It only seems risky until you learn that Bruce Schneier types in TwoFish.

Re:strange answer on wireless (3, Funny)

Brickwall (985910) | more than 6 years ago | (#21581777)

It only seems risky until you learn that Bruce Schneier types in TwoFish.

Gee, what happened to OneFish, and the RedFish and BlueFish?

Re:strange answer on wireless (0)

Anonymous Coward | more than 6 years ago | (#21580001)

"Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC."

What exactly is the problem?

Sure, someone can sniff unencrypted data that goes over the wireless network connection. So, someone sees you're reading the New York Times, or posting to Slashdot. Anything important will go through HTTPS or SSH - someone sees you are sending and receiving encrypted data. The data is encrypted, the network isn't. Adding WEP (even if it weren't easily breakable) would add little additional security. (Part of the point may in fact be that end-to-end security like SSH is good - WEP doesn't protect you after the packet gets sent out on to the internet.)

And given who was giving the advice, I'm sure everything is firewalled if necessary (public wireless _outside_ the firewall).

Re:strange answer on wireless (2, Interesting)

trawg (308495) | more than 6 years ago | (#21580429)

That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.
As others have already pointed out, as long as he's encrypting probably everywhere else it won't make any real difference. If you're on an open wifi network and everything you do is via an SSH tunnel or VPN or something, you're probably doing quite a bit better than using WEP anyway.

I think the really interesting part of this answer is that it doesn't really address the legal issues of someone misusing and abusing your connection for their own evil deeds. I don't know if this has been tested in court but it seems laws about this sort of thing most likely are of the form "you are responsible for what happens with your Internet connection".

I would love to run an open wifi AP for my neighbours and everyone else walking past, but I'm worried about them using it for nefarious deeds when the IP address associated with those deeds is traceable back to me.

Committing a felony is OK (1)

Propaganda13 (312548) | more than 6 years ago | (#21580441)

When my wireless router broke last month, I used a neighbor's access until I replaced it.


From the context, it appears that he used his neighbor's network without permission. Depending on where you live this is considered a felony.

http://money.cnn.com/2005/07/07/technology/personaltech/wireless_arrest/index.htm

You also might be violating terms of service with your ISP by sharing your connection.

Another person using bittorrent to download movies and music can easily swamp your wireless router with the number of connections used. It could also lead to a civil case against you by the MPAA and RIAA. Win or lose, you still pay the lawyers if a defense fund doesn't.

Criminal activity (use of stolen CCs, child porn, etc.) run through your wireless can also have you answering questions while your computer equipment is taken to verify your innocence.

This is all without letting someone sniff your traffic.

People don't let strangers plug into their LAN, why is it different with WIFI?

There are legal issues and responsibilities that really should be cleared up, so people who do want to share WIFI can.

Re:Committing a felony is OK (1)

xant (99438) | more than 6 years ago | (#21580793)

There are legal issues and responsibilities that really should be cleared up, so people who do want to share WIFI can.


You realize, though, that "clearing up" the issues and responsibilities might mean making it illegal to share your WIFI? Let's keep it murky. The law is only going to overreact to the threat, if it even exists.

Which it may not.. how many cases have there been? I suggest that people doing a lot of illegal downloading need a lot of bandwidth. Your neighbor's wifi ain't that.

Re:Committing a felony is OK (1)

Propaganda13 (312548) | more than 6 years ago | (#21581435)

Right now, it is illegal to access open wifi spots without permission. I'd rather be able to access without worry. No, there hasn't been a lot of cases yet.

I used to download distros on business class Road Runner shared through a small apartment building by wifi. The main issues were too many connections would swamp or kill the wifi. A lot of home routers can only handle 128 connections. I lowered the connections and set the scheduler to avoid times commonly used by others to avoid complaints. Bandwidth was not an important issue.

A person doing a lot of illegal downloading is not going to be worried about the overall bandwidth available, assuming broadband. The important points will be it's not their internet account and it's close enough for a signal.

Re:strange answer on wireless (0)

Anonymous Coward | more than 6 years ago | (#21580567)

That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.
What sensitive data?

A lot of sensitive data goes across the Internet. Passwords, credentials, etc. Mostly hashed, sometimes encrypted. Sometimes plaintext (anyone here use non-encrypted e-mail? Me too.) Can you guarantee that the password you just entered to log into Slashdot wasn't sniffed?

You should be more concerned about the Internet in general, than your home wireless network, where someone needs to get within a few hundred feet.

Re:strange answer on wireless (2, Funny)

alexborges (313924) | more than 6 years ago | (#21580799)

My friend. The point is that is almost as easy to get data from a suposedly "encrypted" (weak ass encryption) wifi connection, as to do it from an unencrypted one.

And I mean... what is this, Mr. SEAL, although you have an enviable 5 digit slashdot ID, im gonna HAVE to go with bruce on this one.... hell, id go with bruce on all the rest-of-them as well.

Re:strange answer on wireless (1)

lennier (44736) | more than 6 years ago | (#21580935)

Being not an American, and coming from a country (New Zealand) where broadband Internet access is metered in gigabyte chunks, so if your neighbour borrows your bandwidth you can get a Very Large Bill, I can't actually tell whether Bruce's comment is sarcastic or serious.

I mean, in the USA, *could* you let neighbours use your open WiFi point *without* paying huge $$$ in over-usage charges? If you could, then I guess I'd be happy with running an open access point myself, as long as I implemented my own local encryption for the data I cared about.

Re:strange answer on wireless (1)

ceoyoyo (59147) | more than 6 years ago | (#21581857)

If you're relying on your wireless network encryption for all your security you've got problems. Make sure you do your banking on secure web sites. Use SSH. If your porn collection is really valuable to you make sure your file server uses encrypted passwords.

Most people use their wireless network pretty much exclusively to bridge the gap between their couch and the Internet. Since the Internet is basically public, it really doesn't matter that the last metre is unencrypted, over the air.

Re:strange answer on wireless (0)

Anonymous Coward | more than 6 years ago | (#21582261)

Why would you ever have sensitive data traveling unprotected over the internet?

It's so easy to SSL and ssh your stuff up these days, there's really no excuse. My wireless network is unencrypted as well, as a service to my neighbors. Odds of me putting something important across is in plaintext: damned near zero.

Re:strange answer on wireless (1)

nametaken (610866) | more than 6 years ago | (#21582453)


Agreed. I know if anyone wants to rob my house, a door lock isn't going to stop them. Guess what? I still lock the door when I leave.

"Is there any benefit to password protecting your home Wifi network? I have IT friends that say the only real benefit is that multiple users can slow down the connection, but they state that there is no security reason. Is this correct?"

The answer is, of course, an emphatic "yes". Mr. Dubner needs new IT friends.

His Password Comment (3, Interesting)

OldSoldier (168889) | more than 6 years ago | (#21579805)

I choose the same password for all low-security applications. There are [also?] several Web sites where I pay for access, and I have the same password for all of them.
Has there been any survey of how various systems store passwords? Schneier's policy above is very similar to mine, and I was surprised recently when my Sprint password, which I thought was "secure" was plainly visible to the customer service clerk at my local Sprint store!

Specifically I do not care how my low-security passwords are stored. But for my high security passwords, I would like them all to be stored in a unix-like way, namely only cyphertext is stored and it's impossible for anyone to know what that password is. Sure they may be able to change it on my behalf, but can they tell what it is? No!

I've had this concern for quite a while now and I'm surprised that I haven't found a security certified label that addresses this concern. Sure there are other labels like http://www.truste.org/ [truste.org] or "Verisign Secured", but where's there one that tells me my user-password is stored in a "unix-like" manner?

Re:His Password Comment (0)

Anonymous Coward | more than 6 years ago | (#21581625)

From what I have learned from my university course in security, a truly secure website does not store passwords. They store a hash table that is encrypted. Then when you enter you password it is hashed and encrypted with the same encryption as the table and then compared for a match. No match means invalid password. That way no one but you knows your password and if the system is hacked and the hash table file taken the hacker is going to get a bunch of useless garbage that even if the encryption is broken they are unlikely to be able reverse the hash to get the password.

Writing down your password (2, Interesting)

Beryllium Sphere(tm) (193358) | more than 6 years ago | (#21579887)

Same point as Bruce, but put in terms of a threat analysis translated into everyday terms:
Why you should write down your password [berylliumsphere.com]

Re:Writing down your password (1)

Rick17JJ (744063) | more than 6 years ago | (#21581695)

The article mentions the possibility of storing passwords on a USB flash drive and carring it around your neck. A Corsair Flash Padlock USB flash drive would be ideal for that purpose because it has the added security of buttons on the side like a padlock. It is works with Windows, MAC or Linux. I don't know what type of encryption it uses, but it might not matter since they would have to slowly enter the various possibilities manually. The FBI or NSA might know how to splice directly into the electronics and get through, but it should keep out ordinary identity thieves and hackers.

If that is not enough, a person could put a free open-source password program such as Password Safe, KeePass or KeePassX on the Flash Padlock USB drive. The executable file for either of those programs could be stored on the Flash Padlock USB drive and run from there. On my Linux computer, I briefly tried running both Password Safe and KeePass under wine and and they both seem to run (I only tried running them under wine very briefly). I could then run either password program from the USB drive on either my Linux computer or my Windows computer.

I typically use fairly long passwords with a more or less random combination upper and lower case characters and numbers with a few punctuation characters thrown in. They are too complicated for me to remember, so they need to be written down, either on a piece of paper or stored encrypted in a password program on a Padlock USB drive or something like that. At the moment I have most of them on a piece of paper which I keep hidden somewhere.

As an added touch of paranoia, when first entering my vast collection of passwords into the Password Safe program on my Padlock USB drive, I would first unplug my ethernet cable and boot the computer from a Knoppix disk. That way I could be sure that no keystroke logging software was secretly capturing my keystrokes.

Corsair padlock Flash Drive [corsairmicro.com]

Gay Apes Make My Anus Pucker (0)

Anonymous Coward | more than 6 years ago | (#21580779)

Bruce Schneier for President!

Read up on Freedomnomics (0)

Anonymous Coward | more than 6 years ago | (#21581333)

A really good read and John Lott responds to many of Bruce Schneiers chapters.

ehh, not a great interview (1)

f1055man (951955) | more than 6 years ago | (#21581423)

He kind of annoys me by not answering any of the questions and instead links back to articles he's written before. Why bother giving an interview if you're just going to give a works cited page? I understand not wanting to repeat yourself, but when you're the Chuck Norris of infosec you have to in order to get through to the rest of us mere mortals.

Re:ehh, not a great interview (2, Insightful)

bhima (46039) | more than 6 years ago | (#21582321)

In his defense, had he completely restated the whole of his previously published work he references his responses would be tediously long.

I saw it as more of a "here is a more in depth answer to this question, if you are interested"
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...