Tuesday, July 14, 2009

Podcast: Crypto-Gram 15 March 2008: Sooner or later the need to buy security will disappear.

from the Mar 15, 2008 Crypto-Gram Newsletter
by Bruce Schneier

* Israel Implementing IFF System for Commercial Aircraft

Israel is implementing an IFF (identification, friend or foe) system for commercial aircraft, designed to differentiate legitimate planes from terrorist-controlled planes.

The critical issue with using this on commercial aircraft is how to deal with user error. The system has to be easy enough to use, and the parts hard enough to lose, that there won't be a lot of false alarms.

* Third Parties Controlling Information

link rot: bits and pieces of the web that disappear.

* The Doghouse: Drecom

They advertise 128-bit AES encryption, but they use XOR.

* Security Products: Suites vs. Best-of-Breed

The real problem is that neither solution really works, and we continually fool ourselves into believing whatever we don't have is better than what we have at the time. And the real solution is to buy results, not products.

No one wants to buy IT security. People want to buy whatever they want -- connectivity, a Web presence, email, networked applications, whatever -- and they want it to be secure. That they're forced to spend money on IT security is an artifact of the youth of the computer industry. And sooner or later the need to buy security will disappear.

length: 16:13m
PS: this is my cheat sheet of Bruce Schneier's Podcast:

Labels: ,


Post a Comment

<< Home