9/24/03

Safety vs. Security

I always enjoy getting Bruce Schneier’s “CRYPTO-GRAM.” This month’s issue, at http://www.schneier.com/crypto-gram-0309.html, has an interesting discussion about “Accidents and Security Incidents.” He quotes computer-security researcher Ross Anderson’s describing the difference as “Murphy vs. Satan.” (This is why I almost put this under “theology”. I would have if he described it as “Our sin nature and Satan”: sometimes it’s the devil and sometimes I don’t need his help to screw up. :-))

Bruce give some examples, including: “Safety: Knives are accidentally left in airplane carry-on luggage and can be spotted by airport X-ray machines. Security: An attacker tries to sneak through a knife made of a material hard to detect with an X-ray machine, and then deliberately positions it in her luggage to make it even harder to detect with the X-ray machine.” Check it out at the URL above and if you like it, subscribe.

I mentioned this same tension in one of my NetSec Letters (here) — someone thought this would make a good marketing line: “Just because you feel safe, doesn’t mean that you’re secure.”

No comments: