You are previewing Schneier on Security.
O'Reilly logo
Schneier on Security

Book Description

Presenting invaluable advice from the world's most famous computer security expert, this intensely readable collection features some of the most insightful and informative coverage of the strengths and weaknesses of computer security and the price people pay -- figuratively and literally -- when security fails. Discussing the issues surrounding things such as airplanes, passports, voting machines, ID cards, cameras, passwords, Internet banking, sporting events, computers, and castles, this book is a must-read for anyone who values security at any level -- business, technical, or personal.

Table of Contents

  1. Copyright
  2. Credits
  3. Introduction
  4. 1. Terrorism and Security
    1. 1.1. What the Terrorists Want
    2. 1.2. Movie-Plot Threats
    3. 1.3. Fixing Intelligence Failures
    4. 1.4. Data Mining for Terrorists
    5. 1.5. The Architecture of Security
    6. 1.6. The War on the Unexpected
    7. 1.7. Portrait of the Modern Terrorist as an Idiot
    8. 1.8. Correspondent Inference Theory and Terrorism
    9. 1.9. The Risks of Cyberterrorism
  5. 2. National Security Policy
    1. 2.1. The Security Threat of Unchecked Presidential Power
    2. 2.2. Surveillance and Oversight
    3. 2.3. NSA and Bush's Illegal Eavesdropping
    4. 2.4. Private Police Forces
    5. 2.5. Recognizing "Hinky" vs. Citizen Informants
    6. 2.6. Dual-Use Technologies and the Equities Issue
    7. 2.7. Identity-Theft Disclosure Laws
    8. 2.8. Academic Freedom and Security
    9. 2.9. Sensitive Security Information (SSI)
    10. 2.10. Fingerprinting Foreigners
    11. 2.11. U.S. Medical Privacy Law Gutted
  6. 3. Airline Travel
    1. 3.1. Airport Passenger Screening
    2. 3.2. No-Fly List
    3. 3.3. Trusted Traveler Program
    4. 3.4. Screening People with Clearances
    5. 3.5. Forge Your Own Boarding Pass
  7. 4. Privacy and Surveillance
    1. 4.1. Our Data, Ourselves
    2. 4.2. The Value of Privacy
    3. 4.3. The Future of Privacy
    4. 4.4. Privacy and Power
    5. 4.5. Security vs. Privacy
    6. 4.6. Is Big Brother a Big Deal?
    7. 4.7. How to Fight
    8. 4.8. Toward Universal Surveillance
    9. 4.9. Kafka and the Digital Person
    10. 4.10. CCTV Cameras
    11. 4.11. Anonymity and Accountability
    12. 4.12. Facebook and Data Control
    13. 4.13. The Death of Ephemeral Conversation
    14. 4.14. Automated Targeting System
    15. 4.15. Anonymity and the Netflix Dataset
    16. 4.16. Does Secrecy Help Protect Personal Information?
    17. 4.17. Risks of Data Reuse
  8. 5. ID Cards and Security
    1. 5.1. National ID Cards
    2. 5.2. REAL-ID: Costs and Benefits
    3. 5.3. RFID Passports
    4. 5.4. The Security of RFID Passports
    5. 5.5. Multi-Use ID Cards
    6. 5.6. Giving Driver's Licenses to Illegal Immigrants
  9. 6. Election Security
    1. 6.1. Voting Technology and Security
    2. 6.2. Computerized and Electronic Voting
    3. 6.3. Why Election Technology is Hard
    4. 6.4. Electronic Voting Machines
    5. 6.5. Revoting
    6. 6.6. Hacking the Papal Election
  10. 7. Security and Disasters
    1. 7.1. First Responders
    2. 7.2. Accidents and Security Incidents
    3. 7.3. Security at the Olympics
    4. 7.4. Blaster and the August 14th Blackout
    5. 7.5. Avian Flu and Disaster Planning
  11. 8. Economics of Security
    1. 8.1. Economics and Information Security
    2. 8.2. Aligning Interest with Capability
    3. 8.3. National Security Consumers
    4. 8.4. Liability and Security
    5. 8.5. Liabilities and Software Vulnerabilities
    6. 8.6. Lock-In
    7. 8.7. Third Parties Controlling Information
    8. 8.8. Who Owns Your Computer?
    9. 8.9. A Security Market for Lemons
    10. 8.10. Websites, Passwords, and Consumers
  12. 9. Psychology of Security
    1. 9.1. The Feeling and Reality of Security
    2. 9.2. Behavioral Assessment Profiling
    3. 9.3. In Praise of Security Theater
    4. 9.4. CYA Security
    5. 9.5. Copycats
    6. 9.6. Rare Risk and Overreactions
    7. 9.7. Tactics, Targets, and Objectives
    8. 9.8. The Security Mindset
  13. 10. Business of Security
    1. 10.1. My Open Wireless Network
    2. 10.2. Debating Full Disclosure
    3. 10.3. Doping in Professional Sports
    4. 10.4. University Networks and Data Security
    5. 10.5. Do We Really Need a Security Industry?
    6. 10.6. Basketball Referees and Single Points of Failure
    7. 10.7. Chemical Plant Security and Externalities
  14. 11. Cybercrime and Cyberwar
    1. 11.1. Mitigating Identity Theft
    2. 11.2. LifeLock and Identity Theft
    3. 11.3. Phishing
    4. 11.4. Bot Networks
    5. 11.5. Cyber-Attack
    6. 11.6. Counterattack
    7. 11.7. Cyberwar
      1. 11.7.1. The Waging of Cyberwar
      2. 11.7.2. Properties of Cyberwar
    8. 11.8. Militaries and Cyberwar
    9. 11.9. The Truth About Chinese Hackers
  15. 12. Computer and Information Security
    1. 12.1. Safe Personal Computing
    2. 12.2. How to Secure Your Computer, Disks, and Portable Drives
    3. 12.3. Crossing Borders with Laptops and PDAs
    4. 12.4. Choosing Secure Passwords
    5. 12.5. Authentication and Expiration
    6. 12.6. The Failure of Two-Factor Authentication
    7. 12.7. More on Two-Factor Authentication
    8. 12.8. Home Users: A Public Health Problem?
    9. 12.9. Security Products: Suites vs. Best-of-Breed
    10. 12.10. Separating Data Ownership and Device Ownership
    11. 12.11. Assurance
    12. 12.12. Combating Spam
    13. 12.13. Sony's DRM Rootkit: The Real Story
    14. 12.14. The Storm Worm
    15. 12.15. The Ethics of Vulnerability Research
    16. 12.16. Is Penetration Testing Worth It?
    17. 12.17. Anonymity and the Tor Network
    18. 12.18. Kill Switches and Remote Control
  16. A. References