The Silver Bullet Security Podcast

with Gary McGraw

Sponsored by Cigital and IEEE Security & Privacy

Show 009 - An Interview with Bruce Schneier

In the ninth episode of The Silver Bullet Podcast, Gary interviews Bruce Schneier. Bruce is the founder and CTO of Counterpane and is regarded as the “uber-guru” of computer security. He has written eight bestselling books, most recently Beyond Fear: Thinking Sensibly About Security in an Uncertain World and is the editor of the massively popular Cryptogram mailing list. In this episode, Gary and Bruce discuss the connection between physical security its technological component, the idea of risk management, the intersection of economics and security, and the ideas of “wholesale surveillance” and “security theater.” They also discuss patch Tuesday, hack Wednesday, and Microsoft’s approach to software security.

• Bruce’s Wikipedia entry
• Bruce’s books
• Bruce’s recent restaurant reviews
• Counterpane
• Crypto-Gram security podcast
• Property Rights Management - Ed Felten’s discussion of PRM, mentioned on the show
• Copyright Mythbusters: Believe It or Not, Fair Use Exists - a look at the “fair use doesn’t exist” argument
• BBC plans attacked for ‘TV tax’ (March 14, 2006)
• Bruce’s suggestion for “cheap” wines: Loire wines, Provence Wines, Southern Rhone wines

 

 Show 009 - An Interview with Bruce Schneier [24:50m]: Play Now | Play in Popup | Download

This entry was posted on Thursday, December 14th, 2006 at 7:45 am and is filed under Shows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Show 009 - An Interview with Bruce Schneier”

1. N. E. Says:
   December 24th, 2006 at 6:57 am

   Bruce seems quite sanguine about Microsoft’s ability and willingness to secure its platform. But I think it could be argued that, even if it wishes to secure Windows, it may not be able to. And Microsoft has, in any case, shown over a long period of time that it is quite prepared to put security on one side whenever it has an economic motive for doing so - for example, binding the browser into the OS and using Active X to get the drop on Netscape and Sun respectively. There seems no reason to believe that is likely to change its ways.

   Peter Gutmann considers that Vista Content Protection (for which there is an obvious economic motive) has bad implications for reliability and security:

   “As a user, there is simply no escape. Whether you use Windows Vista, Windows XP, Windows 95, Linux, FreeBSD, OS X, Solaris (on x86), or almost any other OS, Windows content protection will make your hardware more expensive, less
   reliable, more difficult to program for, more difficult to support, more vulnerable to hostile code, and with more compatibility problems.”

   http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt

   We’ve yet to see what new round of security problems may issue from these moves, which are fundamentally about who controls distribution of content, security of users coming a very poor second.

2. gem Says:
   January 22nd, 2007 at 4:12 pm

   Good pointer to Peter’s paper. I wrote about that in my darkreading column here:

   http://www.darkreading.com/document.asp?doc_id=114587&WT.svl=column1_1

   BTW, Microsoft has a response here:

   http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/20/windows-vista-content-protection-twenty-questions-and-answers.aspx

   gem

Leave a Reply