Bruce Schneier is arguably the top security and privacy expert in the world. The man is simply a genius when it comes to security. This is not just network security, but real world security as well. In this interview he answers the questions plaguing most people’s minds when it comes to security and privacy.
Q: How do you remember all of your passwords?
A: I can’t. No one can; there are simply too many. But I have a few strategies. One, I choose the same password for all low-security applications. There are several Web sites where I pay for access, and I have the same password for all of them. Two, I write my passwords down. There’s this rampant myth that you shouldn’t write your passwords down. My advice is exactly the opposite. We already know how to secure small bits of paper. Write your passwords down on a small bit of paper, and put it with all of your other valuable small bits of paper: in your wallet. And three, I store my passwords in a program I designed called Password Safe. It’s is a small application — Windows only, sorry — that encrypts and secures all your passwords.
Q: Do you think Google will be able to eliminate the presence of phony malware sites on its search pages? And what can I do to ensure I’m not burned by the same?
A: Google is trying. The browsers are trying. Everyone is trying to alert users about phishing, pharming, and malware sites before they’re taken in. It’s hard; the criminals spend a lot of time trying to stay one step ahead of these identification systems by changing their URLs several times a day. It’s an arms race: we’re not winning right now, but things will get better.
As for how not to be taken in by them, that’s harder. These sites are an example of social engineering, and social engineering preys on the natural tendency of people to believe their own eyes. A good bullshit detector helps, but it’s hard to teach that. Specific phishing, pharming, and other tactics for trapping unsuspecting people will continue to evolve, and this will continue to be a problem for a long time.
I suggest that everyone take the time and read this interview . It is something that everyone will benefit from. The level of the article is low enough for everyone to understand, but technical enough to be interesting to us geeks.
