Fred Avolio's Musings

musings on security and other topics topics archives
July
Sun Mon Tue Wed Thu Fri Sat
   
   
most recent headlines other links, other blogs  

Wed, 24 Sep 2003
Safety vs. Security
Comments on 15Sep03 “CRYPTO-GRAM”

I always enjoy getting Bruce Schneier’s “CRYPTO-GRAM.” This month’s issue, at http://www.schneier.com/crypto-gram-0309.html, has an interesting discussion about “Accidents and Security Incidents.” He quotes computer-security researcher Ross Anderson’s describing the difference as “Murphy vs. Satan.” (This is why I almost put this under “theology”. I would have if he described it as “Our sin nature and Satan”: sometimes it’s the devil and sometimes I don’t need his help to screw up. :-))

Bruce give some examples, including: “Safety: Knives are accidentally left in airplane carry-on luggage and can be spotted by airport X-ray machines. Security: An attacker tries to sneak through a knife made of a material hard to detect with an X-ray machine, and then deliberately positions it in her luggage to make it even harder to detect with the X-ray machine.” Check it out at the URL above and if you like it, subscribe.

I mentioned this same tension in one of my NetSec Letters (here) — someone thought this would make a good marketing line: “Just because you feel safe, doesn’t mean that you’re secure.”

Comment on this.
[/security/] permanent link


 

Avolio Consulting has no control over what Google ads show up here.