---

Salon: Ain’t no network strong enough [Book Review]

“Master cryptographer Bruce Schneier’s “Secrets and Lies”
explains why computer security is an oxymoron.”

“Bruce Schneier, master cryptographer and idol of the computer
underground, targets those short-attention-spanners in his latest
book, “Secrets and Lies: Digital Security in a Networked World.”
Aiming straight for the vaunted “general audience,” he peppers the
400-plus pages with Yogi Berra quotes, analogies drawn from “Star
Wars” and trivia tidbits from Greek mythology. But the folksy wit
doesn’t obscure a core message as frighteningly entertaining as Dr.
Lecter’s flesh-eating antics: In cyberspace, you’re dead meat on a
stick.”

Computer insecurity is inevitable,” he warns. “Networks
will be hacked. Fraud will be committed. Money will be lost. People
will die.
” Indeed, the bulk of “Secrets and Lies” is a
harrowing rundown of the myriad pitfalls that plague even the
simplest systems. And that nifty new security software your company
just bought for a jillion dollars isn’t going to help — if some
teenage miscreant really, really wants to deface your Web page with
Limp Bizkit lyrics, he’s going to get his way.”

“As Schneier sees it, the wired universe is plagued with
hard-to-fix vulnerabilities. One notable example is buffer overflow
bugs, which permit attackers to overwrite memories with their own
instructions. Even the planet’s smartest, most diligent coder would
be hard-pressed to completely cleanse a program of such holes.
“With any piece of modern, large, complex code, there are just too
many places where buffer overflows are possible,” Schneier laments.
“The larger and more complex the code, the more likely the attack.”
As a result, buffer overflows were the most popular attack of the
1990s, the tactic of choice for lightly skilled “script kiddies”
bent on easy-to-execute mischief.”

Complete
Story