The real problem with Britney's cellphone discussed

The NY area struggled with its first really slippery snow, and some area officials asked drivers to stay off the roads if possible, so many people didn't make the morning keynote.

Too bad, because it was a very interesting keynote. Had I read the topic of the keynote, "The Economics of Information Security," I might have played hooky. Several of his comments raised more than one eyebrow.

Here are some I recall, or rather as best I could after having fallen on a slippery surface. I didn't organise them well, so blame me, not Bruce if they are incoherent:

Most of our info isn't managed by us. During the internet bust, some companies found the only assets they had to sell were their databases. It's not currently in the economic interest of many companies to provide software which has an end result of good security.

Paris Hilton's cellphone info was not obtained because she did yet another thing stupidly, but rather because one of T-Mobile's servers was hacked. Complexity is the enemy of security. You can't protect against you and protect you at the same time.

You now see hackers releasing attacks a day or two before a monthly "patch Tuesday", leaving the problem open for a full month. And probably the notion that caused the most conversations later in the day was the one of making data security a legal responsibility with significant financial liability, as a way of helping solve these problems.

He pointed out that few heads of companies wanted to spend money on IT security until they were warned about potential liabilities from some legislation enacted to help require businesses to be more secure.

For more info about the NY event, and some of the slideshows see the second L'INQ below. µ

L'INQS
www.schneir.com
Linux World