Freakonomics Q&A With Bruce Schneier 147
Samrobb writes "In grand Slashdot tradition, the Freakonomics blog solicited reader questions for a Q&A session with Bruce Schneier. The blog host writes that Mr. Schneier's answers '...are extraordinarily interesting, providing mandatory reading for anyone who uses a computer. He also plainly thinks like an economist: search below for "crime pays" to see his sober assessment of why it's better to earn a living as a security expert than as a computer criminal.'" The interview covers pretty much the whole range of issues Schneier has written about, and he provides links to more detailed writings on many of the questions.
Re:strange answer on wireless (Score:5, Informative)
One is because most secure practices can be implemented well separate of wireless, if you are concerned with security. And in fact relying on wireless encryption as your "only" form of security is something that even most non-savvy computer users can be taught not to do, so the experienced ones should have no excuse.
The other is that most "security" for wireless has already been broken and can be repeated in a near trivial amount of time, so if someone was dead set on sniffing your data, chances are they'd be able to do it.
In my defense, I run an open wireless network that is sectioned off, that instead of encryption relies on MAC addresses to allow into the normal section of the network. Everyone not on the list just gets to use the internet.
Allows friends to come over and connect happily to the web without messing with stuff, and if they need the network access adding their computer is a 10 second job.
Re:strange answer on wireless (Score:4, Informative)
Which could be worrying or not, depending on their interests. The number of people connecting to open access points to use kazaa to download the latest movie blockbuster would worry me if I was in an apartment building or something.
Says the military brat: (Score:4, Informative)
Correction: Actually, they're keeping us from seeing [thebostonchannel.com] the long string of flag-draped coffins streaming home...
Re:His Password Comment (Score:4, Informative)
Also, even if the site doesn't store your password in cleartext, it will still be sent to them as cleartext. Even if it goes over SSL, the site itself will be able to decrypt it. So, one way or another, They have your password.
I would like to suggest a feature that could be added to browsers. An idea to think about; not a request for implementation just yet. But here's the idea. Let the browser perform the one-way hashing. You enter your password, the browser hashes it, and the hashed value is sent to the site. You can use a different hash for every site, and thus use the same password on your side, but send different values to different sites. That way, no site can pick up your password and use it with another site. You are still open to replay attacks on the same site if the site doesn't protect against that (e.g. by using SSL), but it's a lot better than things are now. You never send out your actual password, so nobody ever gets to know it.
Re:strange answer on wireless (Score:2, Informative)