Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Schneier's Keynote At Linux.conf.au 138

Posted by kdawson from the necessary-security-theater dept.
Stony Stevenson writes "Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards, and public CCTV security cameras in his keynote address to Linux.conf.au (currently being held in Melbourne, Australia). These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, Schneier said. The discussion of public security — which has always been clouded by emotional decision making — has been railroaded by groups with vested interests such as security vendors and political groups, he claimed. 'For most of my career I would insult "security theater" and "snake oil" for being dumb. In fact, they're not dumb. As security designers we need to address both the feeling and the reality of security. We can't ignore one. It's not enough to make someone secure, that person needs to also realize they've been made secure. If no-one realizes it, no-one's going to buy it,' Schneier said."
This discussion has been archived. No new comments can be posted.

Schneier's Keynote At Linux.conf.au More

Schneier's Keynote At Linux.conf.au

Comments Filter:

  • In other words . . . (Score:3, Insightful)

    by base3 ( 539820 ) on Tuesday January 29, 2008 @11:00PM (#22230442)
    . . . Bruce has figured out the real money's in security theater, not in security, and he wants a piece of that action.

  • Re:In other words . . . (Score:5, Insightful)

    by ppanon ( 16583 ) on Tuesday January 29, 2008 @11:53PM (#22230812) Homepage Journal
    No. What Bruce has realized is that, in the boardroom and the lunchroom (where almost nobody knows any better), security theatre often will kick the ass of real security practices because it's marketed by professional sales teams. It also often can be delivered for less (because it can be priced for what the market will bear).

    If you want real security to be provided, you have to learn to sell it at least as well as the snake-oil. You have to make it sufficiently visible, but non-impeding, that people feel safe.

    It's about understanding the human/political side of the equation that can make the difference between a successful deployment and a perceived failure.

  • Re:In other words . . . (Score:5, Insightful)

    by QuantumG ( 50515 ) <qg@biodome.org> on Wednesday January 30, 2008 @12:05AM (#22230848) Homepage Journal
    It's an interesting theory but are you aware of anyone who thinks the bullshit we go through at the airport is for anything other than appearances? It's not just geeks and smart asses who know this, it is everyone.

  • Re:Success... (Score:3, Insightful)

    by ScrewMaster ( 602015 ) on Wednesday January 30, 2008 @12:34AM (#22231002)
    This is an argument I have to make with friends when I claim that Bush-Cheney is the most successful administration in US history. I agree with exactly ZERO of what they have done but as far as scaring the shit out of people, robbing us blind, and in general being dicks you cannot argue that they are unsuccessful.

    It's all about your frame of reference.

    I think of these things as kind of like an electric heater. Most people would argue that an electric heater is one of the most inefficient devices known to mankind. However, when viewed with the proper perspective, it's anything but. Put it this way: an electric heater is basically designed to waste power by transducing electrical energy into heat and spewing it into the immediate environment. A heater does this with virtually no losses. Therefore, an electric heater is almost 100% efficient, as long as there's nothing coming out of it that doesn't qualify as waste.

    Which pretty much describes the Bush Administration.

  • Re:In other words . . . (Score:4, Insightful)

    by QuantumG ( 50515 ) <qg@biodome.org> on Wednesday January 30, 2008 @01:28AM (#22231280) Homepage Journal
    I think you're laboring under the belief that:

    1. the sole of a shoe can contain any significant amount of explosive
    2. that walking on such a shoe would not cause the explosive to go off
    3. that airport scanner technology can tell the difference between explosives and leather

    None of which are the case. The only thing you could maybe fit in the sole of a very hard soled shoe would be a knife.. which hopefully people realize doesn't give a would-be hijacker any more of an advantage than being unarmed - if 50 scared passengers rush you, it doesn't matter that you have a knife. And that's what should have been the lesson of 9/11: if you allow yourself to be victimized you will die.. but if you step up and stop hijackers there is no way to hijack a plane.

    All in all, I wish the government would just let the market decide. There should be a "no security" terminal where people can catch a plane much as you catch a bus.. buy your ticket, get on the next available flight. If you want to be harrassed, go to the security theater terminal.

  • The Reality and Perception of Security (Score:4, Insightful)

    by canterbury rod ( 1229414 ) * on Wednesday January 30, 2008 @01:40AM (#22231330) Homepage
    In Bruce Schneier's keynote address at Linux.conf.au, he essentially admonishes that "security theater" is not only a necessity, it's a critical component that needs to accompany real security solutions. In the article, he states

    the best security solution will fail if it doesn't cater to both the reality and perceptions to do with security.
    He's affirming that sales in the marketplace will be driven when security theater and real security products are matched. That's when end-users will also experience a real sense of security.

  • Ah...NOW I get it! (Score:3, Insightful)

    by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Wednesday January 30, 2008 @02:51AM (#22231630)

    I guess this would explain why just about everybody in Canada thinks crime is on the increase, even though the numbers conclusively prove otherwise.

    You can't sell security hardware and convince nervous old women to throw away their rights if they know there's a long list of things more important than so-called "security". And a lot of those "nervous old women", by the way, are male, in their 30's, and convinced that everything will be fine if we just forget all that due process nonsense and start trusting the cops to throw the right people in jail.

  • Electronic Voting Security Theater-DES. (Score:1, Insightful)

    by Anonymous Coward on Wednesday January 30, 2008 @03:17AM (#22231770)
    "Show us a modern closed encryption algorithm which does not have significant vulnerabilities. "

    DES in stream mode.

  • Someone has to do it (Score:3, Insightful)

    by argent ( 18001 ) <peter@slashdot . ... t a r o nga.com> on Wednesday January 30, 2008 @11:24AM (#22234474) Homepage Journal
    In other words, he is an expert on publicizing what most serious researches already know about general security flaws and problems.

    And the problem with this is what? Given how badly people misunderstand computer security we don't have enough people doing this kind of job.

  • Re:We nerds and geeks need to wake up to theater (Score:3, Insightful)

    by IamTheRealMike ( 537420 ) on Wednesday January 30, 2008 @12:27PM (#22235158)
    Linux has its own security theatre ... the idea that "root vs user" DAC is sufficient to stop malware/viruses etc, when in reality it does no such thing (consider the permissions needed to do the things most botnets do). If I had a penny for every time I see a Linux user tell some hapless n00b that Linux is more secure than Windows because you don't have to run as superuser, I'd be a very rich guy.

Slashdot Top Deals

Anyone can make an omelet with eggs. The trick is to make one with none.

Close