If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.
Amateurs hack systems, professionals hack people.
More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.
The mantra of any good security engineer is: ‘Security is a not a product, but a process.’ It’s more than designing strong cryptography into a system; it’s designing the entire system such that all security measures, including cryptography, work together.
If someone steals your password, you can change it. But if someone steals your thumbprint, you can’t get a new thumb. The failure modes are very different.
Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.
People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.
Security is a process, not a product.
Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break.
The more technological a society is, the greater the security gap is.
Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.
The fundamental driver in computer security, in all of the computer industry, is economics. That requires a lot of re-education for us security geeks.
It’s frustrating; terrorism is rare and largely ineffectual, yet we regularly magnify the effects of both their successes and failures by terrorizing ourselves.
No one can duplicate the confidence that RSA offers after 20 years of cryptanalytic review.
The user’s going to pick dancing pigs over security every time.
The very definition of news is something that hardly ever happens. If an incident is in the news, we shouldn’t worry about it. It’s when something is so common that its no longer news – car crashes, domestic violence – that we should worry.
There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.
Terrorism is a crime against the mind. We win by refusing fear.