Carry On: Sound Advice from Schneier on Security

"...the vast majority of essays reveal Schneier's insight and pragmatic approach, which makes this a most important book to read" (RSA Conference, August 2014)

BRUCE SCHNEIER is an internationally renowned security technologist who studies the human side of security. A prolific author, he has produced hundreds of articles, essays, and academic papers, as well as 11 books that together have sold over 500,000 copies. He has testified before Congress, is a frequent guest on television and radio, and is regularly quoted in the press. His blog and monthly newsletter at www.schneier.com reach over 250,000 devoted readers worldwide.

Introduction xv 1 The Business and Economics of Security 1 Consolidation: Plague or Progress 1 Prediction: RSA Conference Will Shrink Like a Punctured Balloon 2 How to Sell Security 4 Why People Are Willing to Take Risks 4 How to Sell Security 6 Why Do We Accept Signatures by Fax? 7 The Pros and Cons of LifeLock 9 The Problem Is Information Insecurity 12 Security ROI: Fact or Fiction? 14 The Data Imperative 15 Caveat Emptor 16 Social Networking Risks 17 Do You Know Where Your Data Are? 18 Be Careful When You Come to Put Your Trust in the Clouds 21 Is Perfect Access Control Possible? 22 News Media Strategies for Survival for Journalists 24 Security and Function Creep 26 Weighing the Risk of Hiring Hackers 27 Should Enterprises Give In to IT Consumerization at the Expense of Security? 29 The Vulnerabilities Market and the Future of Security 30 So You Want to Be a Security Expert 33 When It Comes to Security, We're Back to Feudalism 34 I Pledge Allegiance to the United States of Convenience 35 The Good, the Bad, and the Ugly 36 You Have No Control Over Security on the Feudal Internet 37 2 Crime, Terrorism, Spying, and War 41 America's Dilemma: Close Security Holes, or Exploit Them Ourselves 41 Are Photographers Really a Threat? 43 CCTV Doesn't Keep Us Safe, Yet the Cameras Are Everywhere 45 Chinese Cyberattacks: Myth or Menace? 47 How a Classic Man-in-the-Middle Attack Saved Colombian Hostages 48 How to Create the Perfect Fake Identity 51 A Fetishistic Approach to Security Is a Perverse Way to Keep Us Safe 52 The Seven Habits of Highly Ineffective Terrorists 54 Why Society Should Pay the True Costs of Security 56 Why Technology Won't Prevent Identity Theft 58 Terrorists May Use Google Earth, but Fear Is No Reason to Ban It 60 Thwarting an Internal Hacker 62 An Enterprising Criminal Has Spotted a Gap in the Market 65 We Shouldn't Poison Our Minds with Fear of Bioterrorism 66 Raising the Cost of Paperwork Errors Will Improve Accuracy 68 So-Called Cyberattack Was Overblown 70 Why Framing Your Enemies Is Now Virtually Child's Play 72 Beyond Security Theater 73 Feeling and Reality 74 Refuse to Be Terrorized 76 Cold War Encryption Is Unrealistic in Today's Trenches 77 Profiling Makes Us Less Safe 80 Fixing Intelligence Failures 81 Spy Cameras Won't Make Us Safer 82 Scanners, Sensors Are Wrong Way to Secure the Subway 84 Preventing Terrorist Attacks in Crowded Areas 86 Where Are All the Terrorist Attacks? 87 Hard to Pull Off 88 Few Terrorists 88 Small Attacks Aren't Enough 89 Worst-Case Thinking Makes Us Nuts, Not Safe 89 Threat of "Cyberwar" Has Been Hugely Hyped 92 Cyberwar and the Future of Cyber Conflict 94 Why Terror Alert Codes Never Made Sense 96 Debate Club: An International Cyberwar Treaty Is the Only Way to Stem the Threat 97 Overreaction and Overly Specific Reactions to Rare Risks 99 Militarizing Cyberspace Will Do More Harm Than Good 101 Rhetoric of Cyber War Breeds Fear--and More Cyber War 103 Attacks from China 103 GhostNet 104 Profitable 105 The Boston Marathon Bombing: Keep Calm and Carry On 105 Why FBI and CIA Didn't Connect the Dots 107 The FBI's New Wiretapping Plan Is Great News for Criminals 109 US Offensive Cyberwar Policy 112 3 Human Aspects of Security 117 Secret Questions Blow a Hole in Security 117 When You Lose a Piece of Kit, the Real Loss Is the Data It Contains 118 The Kindness of Strangers 120 Blaming the User Is Easy--But It's Better to Bypass Them Altogether 122 The Value of Self-Enforcing Protocols 123 Reputation Is Everything in IT Security 125 When to Change Passwords 127 The Big Idea: Bruce Schneier 129 High-Tech Cheats in a World of Trust 131 Detecting Cheaters 134 Lance Armstrong and the Prisoner's Dilemma of Doping in Professional Sports 137 The Doping Arms Race as Prisoner's Dilemma 138 The Ever-Evolving Problem 139 Testing and Enforcing 140 Trust and Society 141 How Secure Is the Papal Electi