Kevin's Weblog

I’m just getting around to reading “Beyond Fear” by Bruce Schneier. Based on the first 100 pages, I’d definitely tend to put this in the required reading category. Two quotes, one amusing, one worrisome:

Military force constitutes an attack, but a discussion of it and of military defense is, for the most part, beyond the scope of this book. If an army is invading your country, please look elsewhere.

...

Defenders benefit from technology all the time, just not as efficiently and effectively as attackers do.

The context of the second quote is fairly depressing. Of course, in many ways, technology makes us safer and more secure. However, the concept of class breaks ought to give pause to anyone who designs computer systems or other technology. As Schneier points out a couple pages later, it no longer suffices to plan for and defend against an average attacker, since a very skilled attacker can defeat a system once and distribute the method to anyone else.

None of this is really news, but it does highlight how security is much tougher in today’s world. It may also explain a bit of why most of the current practitioners don’t seem to be particularly good at it.