This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Schneier on Security: Essays Tagged Computerworld

Schneier on Security

Essays > Essays by Tag >

Essays Tagged “Computerworld”

Page 1 of 1

The Curse of the Secret Question

  • Bruce Schneier
  • Computerworld
  • February 9, 2005

It's happened to all of us: We sign up for some online account, choose a difficult-to-remember and hard-to-guess password, and are then presented with a "secret question" to answer. Twenty years ago, there was just one secret question: "What's your mother's maiden name?" Today, there are more: "What street did you grow up on?" "What's the name of your first pet?" "What's your favorite color?" And so on.

The point of all these questions is the same: a backup password. If you forget your password, the secret question can verify your identity so you can choose another password or have the site e-mail your current password to you.

Read More →

Information Security: How Liable Should Vendors Be?

  • Bruce Schneier
  • Computerworld
  • October 28, 2004

An update to this essay was published in ENISA Quarterly in January 2007.

Information insecurity is costing us billions. We pay for it in theft: information theft, financial theft. We pay for it in productivity loss, both when networks stop working and in the dozens of minor security inconveniences we all have to endure. We pay for it when we have to buy security products and services to reduce those other two losses.

Read More →

Cryptanalysis of MD5 and SHA: Time for a New Standard

  • Bruce Schneier
  • Computerworld
  • August 19, 2004

At the Crypto 2004 conference in Santa Barbara, Calif., this week, researchers announced several weaknesses in common hash functions. These results, while mathematically significant, aren't cause for alarm. But even so, it's probably time for the cryptography community to get together and create a new hash standard.

One-way hash functions are a cryptographic construct used in many applications.

Read More →

The Witty Worm: A New Chapter in Malware

  • Bruce Schneier
  • Computerworld
  • June 2, 2004

If press coverage is any guide, then the Witty worm wasn't all that successful. Blaster, SQL Slammer, Nimda, even Sasser made bigger headlines. Witty infected only about 12,000 machines, almost none of them home users. It didn't seem like a big deal.

Read More →

Technology Was Only Part of the Florida Problem

  • Bruce Schneier
  • Computerworld
  • December 18, 2000

In the wake of the presidential election, pundits have called for more accurate voting and vote counting. To most people, this obviously means more technology. But before jumping to conclusions, let's look at the security and reliability issues surrounding voting technology.

Most of Florida's voting problems are a direct result of "translation" errors stemming from too much technology.

Read More →

Why Computers Are Insecure

  • Bruce Schneier
  • Computerworld
  • November 1999

A shortened version of this essay appeared in the November 15, 1999 issue of Computerworld as "Satan's Computer: Why Security Products Fail Us."

Almost every week the computer press covers another security flaw: a virus that exploits Microsoft Office, a vulnerability in Windows or UNIX, a Java problem, a security hole in a major Web site, an attack against a popular firewall. Why can't vendors get this right, we wonder? When will it get better?

I don't believe it ever will.

Read More →

Clipper Gives Big Brother Far Too Much Power

  • Bruce Schneier
  • Computerworld
  • May 31, 1993

In April, the Clinton administration, cleaning up business left over from the Bush administration, introduced a cryptography initiative that gives government the ability to conduct electronic surveillance. The first fruit of this initiative is Clipper, a National Security Agency (NSA)-designed, tamper-resistant VLSI chip. The stated purpose of this chip is to secure telecommunications.

Clipper uses a classified encryption algorithm.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.