A reminder for Angelenos: Bruce Schneier is giving a free public talk tonight at 7PM at the USC campus, at the Annenberg School room 207. Bruce is a legendary security expert and a powerful advocate for the idea that security shouldn't come at the expense of freedom. — Read the rest

Bruce Schneier and Bruce Sterling are coming to the University of Southern California's Annenberg School at the end of September as part of my Fulbright Chair.

Bruce Sterling will be here on September 25 at 2PM, at the Annenberg School's room 204. — Read the rest

* Bruce Schneier doesn't need steganography to hide data in innocent-looking files. He just pounds it in with his fist.

* Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.

* Most people use passwords. — Read the rest

Today in Wired News, security expert Bruce Schneier talks about the security risks of letting DRM control your computer:

When technology serves its owners, it is liberating. When it is designed to serve others, over the owner's objection, it is oppressive.

Snip from an opinion piece by digital security expert Bruce Schneier, following up on last week's New York Times story on domestic spying by the NSA:

[T]he president's wartime powers, with its armies, battles, victories, and congressional declarations, now extend to the rhetorical "War on Terror": a war with no fronts, no boundaries, no opposing army, and — most ominously — no knowable "victory."

Security expert Bruce Schneier has written a scathing editorial about the complete inefficacy of the security measures that have been brought to bear for American air travel:

They're bizarre lists: people — names and aliases — who are too dangerous to be allowed to fly under any circumstance, yet so innocent that they cannot be arrested, even under the draconian provisions of the Patriot Act.

Bruce Schneier has a great editorial on Wired News that asks why anti-virus companies — who would normally address a rootkit or similar piece of software within hours — didn't notice Sony's rootkit, which had been in place since mid-2004? Also: why did they initially refuse to patch against it? — Read the rest

Bruce Schneier nails what's wrong and counter-productive about all the Homeland Security efforts since 9/11: they're based on countering threats from movies, not rational consideration about how to secure the world:

The 9/11 terrorists used small pointy things to take over airplanes, so we ban small pointy things from airplanes.

ITConversations is a terrific source of audio interviews with tech folks. In the latest ITC email newsletter, producer Doug Kaye said that his interview last year with security consultant and author Bruce Schneier is one of his all-time favorites.

This is the one interview I hope everyone will hear.

For my money, Bruce Schneier is the best computer security person in the field right now. He's just published a list of security recommendations for individuals who want to make their PCs safer:

Operating systems: If possible, don't use Microsoft Windows.

I try to read everything Internet security consultant Bruce Schneier writes. The good news is, he now has a blog where he'll probably make links to his essays.

He has two recent essays available from his blog, which he describes thusly:

The first talks about terror threat warnings — both the color-coded kind and the more specific ones — and how they're both an ineffective security countermeasure and a political tool.

A pair of thought-provoking op-ed pieces from Bruce Schneier, who says,

This New Haven Register piece looks at the security and privacy issues surrounding a police "gun" that automatically scans licence plates. It's an example of "wholesale surveillance" — something only possible with modern computer technology — and as such requires new thinking about privacy protection.

Bruce Schneier's just published a fantastic editorial about how expanded police powers make us less secure:

The United States is admired throughout the world because of our freedoms and our liberties. The very rights that are being discussed within the halls of the Supreme Court are the rights that keep us all safe and secure.

Bruce Schneier of Counterpane Security explains why the Witty Worm is so awful.

Witty was very well written. It was less than 700 bytes long. It used a random-number generator to spread itself, avoiding many of the problems that plagued previous worms.

Amazing interview (available as a text transcript or audio file) with security guru Bruce Schneier, who really should be hired to run Homeland Security.

Doug Kaye: Now a recurring concept in your book is probably typified by this example: "A terrorist who wants to create havoc will not be deterred by airline security; he will simply switch to another attack and bomb a shopping mall."

Here is my impressionistic transcript of Bruce Schneier's keynote, "Following the Money, or Why Security has so Little to do with Security" from the ToorCon infosec conference in San Diego.

* We want to get the most security for the least trade-off

* Determine the acceptable risk-level

* Figure out the trade-offs

THE BEST WAY TO DO THIS IS TO MAKE THE PERSON WHO CAN FIX THE
PROBLEM ON THE HOOK FOR FIXING THE PROBLEM.

It's always fun to watch Bruce "Applied Cryptography" Schneier tear some security-snakeoil vendor a new asshole. This week, in his Crypto-Gram newsletter, he savages Meganet, a company that made a Slashdot splash (a splashdot?) last week by announcing an "unbreakable" system, with "million-bit keys" that uses "secret new mathematics." — Read the rest

Bruce "Secrets and Lies" Schneier has announced that he's working on a new, untitled book, about using information security techniques to evaluate the post-911 security measures we've been asked to buckle down and shut up about.

I reviewed a draft of this last month, and it is a damned fine book. — Read the rest

The folks at Dr. Dobb's have put up MP3s of all of Bruce Schneier's ETCON keynote (Fixing Network Security by Hacking the Business Climate). This was an amazing talk — better than I had a chance to tell Bruce afterwards (he had to run to catch a plane). — Read the rest

Bruce Schneier and Adam Schostack of Zero Knowledge have penned a wonderful, balanced whitepaper laying out a security map for Microsoft's Trustworthy Computing initiative, spelling out, piece by piece, the root causes of the security problems in MSFT products, and a roadmap for mitigating them in the future. — Read the rest