Security is a process, not a product..

I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'..

Surveillance is the business model of the Internet..

Given the credible estimate that we've spent $1 trillion on anti-terrorism security.

Corporate and government surveillance aren't separate; they're an alliance of interests..

The mantra of any good security engineer is: "Security is a not a product, but a process." It's more than designing strong cryptography into a system….

Amateurs hack systems, professionals hack people..

It doesn't matter how good the card is if the issuance process is flawed..

Why is it that we all - myself included - believe these stories? Why are we so quick to assume that the TSA is a bunch of jack-booted thugs, officiou….

It is sort of interesting that in our society this days we are very quick to apply the term 'war' to places where thare are no actual wars, and loath….

Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but ….

Digital files cannot be made uncopyable, any more than water can be made not wet..

When my mother gets a prompt 'Do you want to download this?' she's going to say yes. It's disingenuous for Microsoft to give you all of these tools w….

Microsoft knows that reliable software is not cost effective. According to studies, 90% to 95% of all bugs are harmless. They're never discovered by ….

Something that looks like a protocol but does not accomplish a task is not a protocol—it’s a waste of time..

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better ….

ID can be hijacked, and cards can be faked. All of the 9/11 terrorists had fake IDs, yet they still got on the planes. If the British national ID car….

Secret courts making secret rulings on secret laws, and companies flagrantly lying to consumers about the insecurity of their products and services, ….

Microsoft made a big deal about Windows NT getting a C2 security rating. They were much less forthcoming with the fact that this rating only applied ….

Technical problems can be remediated. A dishonest corporate culture is much harder to fix..

It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security..