You are previewing Carry On: Sound Advice from Schneier on Security.
O'Reilly logo
Carry On: Sound Advice from Schneier on Security

Book Description

Up-to-the-minute observations from a world-famous security expert

Bruce Schneier is known worldwide as the foremost authority and commentator on every security issue from cyber-terrorism to airport surveillance. This groundbreaking book features more than 160 commentaries on recent events including the Boston Marathon bombing, the NSA's ubiquitous surveillance programs, Chinese cyber-attacks, the privacy of cloud computing, and how to hack the Papal election. Timely as an Internet news report and always insightful, Schneier explains, debunks, and draws lessons from current events that are valuable for security experts and ordinary citizens alike.

  • Bruce Schneier's worldwide reputation as a security guru has earned him more than 250,000 loyal blog and newsletter readers

  • This anthology offers Schneier's observations on some of the most timely security issues of our day, including the Boston Marathon bombing, the NSA's Internet surveillance, ongoing aviation security issues, and Chinese cyber-attacks

  • It features the author's unique take on issues involving crime, terrorism, spying, privacy, voting, security policy and law, travel security, the psychology and economics of security, and much more

  • Previous Schneier books have sold over 500,000 copies

  • Carry On: Sound Advice from Schneier on Security is packed with information and ideas that are of interest to anyone living in today's insecure world.

    Table of Contents

    1. Cover
    2. Chapter 1: The Business and Economics of Security
      1. Consolidation: Plague or Progress
      2. Prediction: RSA Conference Will Shrink Like a Punctured Balloon
      3. How to Sell Security
      4. Why Do We Accept Signatures by Fax?
      5. The Pros and Cons of LifeLock
      6. The Problem Is Information Insecurity
      7. Security ROI: Fact or Fiction?
      8. Social Networking Risks
      9. Do You Know Where Your Data Are?
      10. Be Careful When You Come to Put Your Trust in the Clouds
      11. Is Perfect Access Control Possible?
      12. News Media Strategies for Survival for Journalists
      13. Security and Function Creep
      14. Weighing the Risk of Hiring Hackers
      15. Should Enterprises Give In to IT Consumerization at the Expense of Security?
      16. The Vulnerabilities Market and the Future of Security
      17. So You Want to Be a Security Expert
      18. When It Comes to Security, We're Back to Feudalism
      19. You Have No Control Over Security on the Feudal Internet
    3. Chapter 2: Crime, Terrorism, Spying, and War
      1. America's Dilemma: Close Security Holes, or Exploit Them Ourselves
      2. Are Photographers Really a Threat?
      3. CCTV Doesn't Keep Us Safe, Yet the Cameras Are Everywhere
      4. Chinese Cyberattacks: Myth or Menace?
      5. How a Classic Man-in-the-Middle Attack Saved Colombian Hostages
      6. How to Create the Perfect Fake Identity
      7. A Fetishistic Approach to Security Is a Perverse Way to Keep Us Safe
      8. The Seven Habits of Highly Ineffective Terrorists
      9. Why Society Should Pay the True Costs of Security
      10. Why Technology Won't Prevent Identity Theft
      11. Terrorists May Use Google Earth, but Fear Is No Reason to Ban It
      12. Thwarting an Internal Hacker
      13. Market An Enterprising Criminal Has Spotted a Gap in the Market
      14. We Shouldn't Poison Our Minds with Fear of Bioterrorism
      15. Raising the Cost of Paperwork Errors Will Improve Accuracy
      16. So-Called Cyberattack Was Overblown
      17. Why Framing Your Enemies Is Now Virtually Child's Play
      18. Beyond Security Theater
      19. Cold War Encryption Is Unrealistic in Today's Trenches
      20. Profiling Makes Us Less Safe
      21. Fixing Intelligence Failures
      22. Spy Cameras Won't Make Us Safer
      23. Scanners, Sensors Are Wrong Way to Secure the Subway
      24. Preventing Terrorist Attacks in Crowded Areas
      25. Where Are All the Terrorist Attacks?
      26. Worst-Case Thinking Makes Us Nuts, Not Safe
      27. Threat of “Cyberwar” Has Been Hugely Hyped
      28. Cyberwar and the Future of Cyber Conflict
      29. Why Terror Alert Codes Never Made Sense
      30. Debate Club: An International Cyberwar Treaty Is the Only Way to Stem the Threat
      31. Overreaction and Overly Specific Reactions to Rare Risks
      32. Militarizing Cyberspace Will Do More Harm Than Good
      33. Rhetoric of Cyber War Breeds Fear—and More Cyber War
      34. The Boston Marathon Bombing: Keep Calm and Carry On
      35. Why FBI and CIA Didn't Connect the Dots
      36. The FBI's New Wiretapping Plan Is Great News for Criminals
      37. US Offensive Cyberwar Policy
    4. Chapter 3: Human Aspects of Security
      1. Secret Questions Blow a Hole in Security
      2. When You Lose a Piece of Kit, the Real Loss Is the Data It Contains
      3. The Kindness of Strangers
      4. Blaming the User Is Easy—But It's Better to Bypass Them Altogether
      5. The Value of Self-Enforcing Protocols
      6. Reputation Is Everything in IT Security
      7. When to Change Passwords
      8. The Big Idea: Bruce Schneier
      9. High-Tech Cheats in a World of Trust
      10. Detecting Cheaters
      11. Lance Armstrong and the Prisoner's Dilemma of Doping in Professional Sports
      12. Trust and Society
      13. How Secure Is the Papal Election?
      14. The Court of Public Opinion
      15. On Security Awareness Training
      16. Our New Regimes of Trust
    5. Chapter 4: Privacy and Surveillance
      1. The Myth of the “Transparent Society”
      2. Our Data, Ourselves
      3. The Future of Ephemeral Conversation
      4. How to Prevent Digital Snooping
      5. Architecture of Privacy
      6. Privacy in the Age of Persistence
      7. Should We Have an Expectation of Online Privacy?
      8. Offhand but On Record
      9. Google's and Facebook's Privacy Illusion
      10. The Internet: Anonymous Forever
      11. A Taxonomy of Social Networking Data
      12. The Diffi culty of Surveillance Crowdsourcing
      13. The Internet Is a Surveillance State
      14. Surveillance and the Internet of Things
      15. Government Secrets and the Need for Whistleblowers
      16. Before Prosecuting, Investigate the Government
    6. Chapter 5: Psychology of Security
      1. The Security Mindset
      2. The Difference between Feeling and Reality in Security
      3. How the Human Brain Buys Security
      4. Does Risk Management Make Sense?
      5. How the Great Conficker Panic Hacked into Human Credulity
      6. How Science Fiction Writers Can Help, or Hurt, Homeland Security
      7. Privacy Salience and Social Networking Sites
      8. Security, Group Size, and the Human Brain
      9. People Understand Risks—But Do Security Staff Understand People?
      10. Nature's Fears Extend to Online Behavior
    7. Chapter 6: Security and Technology
      1. The Ethics of Vulnerability Research
      2. I've Seen the Future, and It Has a Kill Switch
      3. Software Makers Should Take Responsibility
      4. Lesson from the DNS Bug: Patching Isn't Enough
      5. Why Being Open about Security Makes Us All Safer in the Long Run
      6. Boston Court's Meddling with “Full Disclosure” Is Unwelcome
      7. Quantum Cryptography: As Awesome as It Is Pointless
      8. Passwords Are Not Broken, but How We Choose Them Sure Is
      9. America's Next Top Hash Function Begins
      10. Tigers Use Scent, Birds Use Calls—Biometrics Are Just Animal Instinct
      11. The Secret Question Is: Why Do IT Systems Use Insecure Passwords?
      12. The Pros and Cons of Password Masking
      13. Technology Shouldn't Give Big Brother a Head Start
      14. Lockpicking and the Internet
      15. The Battle Is On against Facebook and Co. to Regain Control of Our Files
      16. The Difficulty of Un-Authentication
      17. Is Antivirus Dead?
      18. Virus and Protocol Scares Happen Every Day—but Don't Let Them Worry You
      19. The Failure of Cryptography to Secure Modern Networks
      20. The Story behind the Stuxnet Virus
      21. The Dangers of a Software Monoculture
      22. How Changing Technology Affects Security
      23. The Importance of Security Engineering
      24. Technologies of Surveillance
      25. When Technology Overtakes Security
    8. Chapter 7: Travel and Security
      1. Crossing Borders with Laptops and PDAs
      2. The TSA's Useless Photo ID Rules
      3. The Two Classes of Airport Contraband
      4. Fixing Airport Security
      5. Laptop Security while Crossing Borders
      6. Breaching the Secure Area in Airports
      7. Stop the Panic on Air Security
      8. A Waste of Money and Time
      9. Why the TSA Can't Back Down
      10. The Trouble with Airport Profiling
    9. Chapter 8: Security, Policy, Liberty, and Law
      1. Memo to Next President: How to Get Cybersecurity Right
      2. CRB Checking
      3. State Data Breach Notifi cation Laws: Have They Helped?
      4. How to Ensure Police Database Accuracy
      5. How Perverse Incentives Drive Bad Security Decisions
      6. It's Time to Drop the “Expectation of Privacy” Test
      7. Who Should Be in Charge of Cybersecurity?
      8. Coordinate, but Distribute Responsibility
      9. “Zero Tolerance” Really Means Zero Discretion
      10. US Enables Chinese Hacking of Google
      11. Should the Government Stop Outsourcing Code Development?
      12. Punishing Security Breaches
      13. Three Reasons to Kill the Internet Kill Switch Idea
      14. Web Snooping Is a Dangerous Move
      15. The Plan to Quarantine Infected Computers
      16. Close the Washington Monument
      17. Whitelisting and Blacklisting
      18. Securing Medical Research: a Cybersecurity Point of View
      19. Fear Pays the Bills, but Accounts Must Be Settled
      20. Power and the Internet
      21. Danger Lurks in Growing New Internet Nationalism
      22. IT for Oppression
      23. The Public/Private Surveillance Partnership
      24. Transparency and Accountability Don't Hurt Security—They're Crucial to It
      25. It's Smart Politics to Exaggerate Terrorist Threats
    10. References
    11. Introduction