Tuesday, July 14, 2009

Podcast: Crypto-Gram 15 May 2008: No one wants to buy security. They want to buy something truly useful.

from the May 15, 2008 Crypto-Gram Newsletter
by Bruce Schneier

* Dual-Use Technologies and the Equities Issue

The NSA has two roles:
1) eavesdrop on their stuff
2) protect our stuff

When both sides use the same stuff, the agency has to decide whether to exploit vulnerabilities to eavesdrop on their stuff or close the same vulnerabilities to protect our stuff.

In the 1980s and before, the tendency of the NSA was to keep vulnerabilities to themselves. In the 1990s, the tide shifted, and the NSA was starting to open up and help us all improve our security defense. But after the attacks of 9/11, the NSA shifted back to the attack: vulnerabilities were to be hoarded in secret. Slowly, things in the U.S. are shifting back again.

* Crossing Borders with Laptops and PDAs

If you can't encrypt your HDD, consider putting your sensitive data on a USB drive or even a camera memory card. Encrypt it, slip it in your pocket, and it's likely to remain unnoticed even if the customs agent pokes through your laptop.

If someone does discover it, you can try saying: "I don't know what's on there. My boss told me to give it to the head of the New York office." If you've chosen a strong encryption password, you won't care if he confiscates it.

* The RSA Conference

Over 17,000 people

The problem is that most of the people attending the RSA Conference can't understand what the products do or why they should buy them. So they don't.

Commerce requires a meeting of minds between buyer and seller, and it's just not happening. The sellers can't explain what they're selling to the buyers, and the buyers don't buy because they don't understand what the sellers are selling.

No one wants to buy security. They want to buy something truly useful.

They don't want to have to become IT security experts.

large IT outsourcing contracts that companies are signing - not security outsourcing contracts, but more general IT contracts that include security.

* Risk Preferences in Chimpanzees and Bonobos

People tend to be risk averse when it comes to gains, and risk seeking when it comes to losses - accept small gains rather than risking them for larger ones, and risk larger losses rather than accepting smaller losses.

length: 36:45m
PS: this is my cheat sheet of Bruce Schneier's Podcast:

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home