Wednesday, July 15, 2009

Podcast: Crypto-Gram 15 June 2008: put your sensive data in memory card of a camera.

from the Jun 15, 2008 Crypto-Gram Newsletter
by Bruce Schneier

* The War on Photography

Given that real terrorists, and even wannabe terrorists, don't seem to photograph anything, why is it such pervasive conventional wisdom that terrorists photograph their targets?

Because it's a movie-plot threat.

* Crossing Borders with Laptops and PDAs

The best defense is to clean up your laptop. A customs agent can't read what you don't have.
Delete everything you don't absolutely need. And use a secure file erasure program to do it. While you're at it, delete your browser's cookies, cache and browsing history.

If you can't, consider putting your sensitive data on a USB drive or even a camera memory card.

* E-Mail After the Rapture

But what if the creator of this site isn't as scrupulous as he implies he is? What if he uses all of that account information, passwords, safe combinations, and whatever *before* any rapture? And even if he is an honest true believer, this seems like a mighty juicy target for any would-be identity thief.

* Fax Signatures

Our legal and business systems need to deal with the underlying problem -- false authentication -- rather than focus on the technology of the moment. Systems need to defend themselves against the possibility of fake signatures, regardless of how they arrive.

* More on Airplane Seat Cameras

How in the world are they "testing" this system without any real terrorists?

* How to Sell Security

It's a better survival strategy to accept small gains rather than risk them for larger ones, and to risk larger losses rather than accept smaller losses.

How does Prospect Theory explain the difficulty of selling the prevention of a security breach? It's a choice between a small sure loss - the cost of the security product - and a large risky loss...

One solution is to stoke fear. Fear is a primal emotion, far older than our ability to calculate trade-offs.

The better solution is not to sell security directly, but to include it as part of a more general product or service.

length: 26:29m
PS: this is my cheat sheet of Bruce Schneier's Podcast:

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home