Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Book review: Bruce Schneier's Click Here to Kill Everybody


World-renowned security technologist Bruce Schneier may not have intended it, but he has provided the answer to those who are demanding that industry provide governments with a means to break encryption.

In his latest book, Click Here to Kill Everybody , Schneier, in his characteristic under-stated manner, points out that there is absolutely no need for anyone to create panic about encryption for three simple reasons.

For one, metadata cannot be encrypted and that very metadata tells an investigator much more about a message than the actual content; when third parties are used for data storage and processing, that data cannot be encrypted; and since every device is becoming a little computer and therefore a surveillance device, law enforcement has a myriad more new data streams that will not be encrypted to look for evidence of this or that.

But this incidental, valuable material is not the centrepoint of his book; rather Schneier's focus is the growing world of Internet-connected devices - he calls the network with all its new connected little computers the Internet+ - the problems that they pose, and how the dangers they create can be nullified.

As usual, his tone is sober, pragmatic and with the aim of imparting information though he freely admits that the title is clickbait! The title, incidentally, reminded me of Stephen Gaghan's 2005 film Syriana , which had as its theme

the fact that events in one part of the world could have an unintended fallout in an entirely different region.

Click Here was written in a hurry. But then it had to be, because if it had been published six months later, it would have probably been out of date, so fast is the growth of the Internet of Things, which is giving both individuals and nation-states the means to craft attacks that increasingly threaten the status quo.

Schneier points out that the update process, which is meant to keep software safe, cannot work because of inherent limitations. Neither government nor industry is overly bothered about this, as the insecure environment serves the interests of both. And, he explains, despite all the apparent advances in technology, it is still very hard to secure computing devices.

He outlines the common perception about technology and the reality, before proposing some answers in the second section of the book. Avoiding any hype about so-called cyber war, Schneier nevertheless does warn that things are ramping up to the point where incidents in the online world will have very real impacts on essential services.

In the end, it would have to be government that provides the answer, argues Schneier. And, he says, the threshold for government regulation will be when online attacks result in deaths. We haven't yet seen incidents of that magnitude.

Schneier does not indulge in rosy predictions; apart from detailing what should happen, he also hypothesises what will actually take place. There is hope, he assures his readers, but not before much ground is traversed.

The book contains one error. Schneier claims that a windows exploit known as ETERNALBLUE, created by the NSA, was stolen by the Russians and then leaked on the Web. This is incorrect; a group known as the Shadow Brokers released the exploit and to this day there is no indication of who/what/where the group hails from.

Another shortcoming is the constant references to material from previous chapters this would work with an online text using hyperlinks, but with hard copy it is often an irritant.

The book can be read and understood by anyone who has a decent command of English; it is meant for the average reader who is curious about the implications of having a refrigerator (or any other common device) that now is suddenly connected to the Internet. There are nearly 80 pages of notes, which makes referencing more detail easy.

The book is on sale for US$27.95 and should be available at all major online booksellers.


With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll
be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

Sydney 29-30 November

Brisbane 3-4 December

Melbourne 6-7 December

Register now for YOW! Workshops

Sydney 27-28 November

Melbourne 4-5 December



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

How does business security get breached?

What can it cost to get it wrong?

6 actionable tips


Viewing all articles
Browse latest Browse all 12749