Think of your existing power as the exponent in an equation that determines the value of information. The more power you have, the more additional power you derive from the new data.
— Bruce Schneier
It's frustrating; terrorism is rare and largely ineffectual, yet we regularly magnify the effects of both their successes and failures by terrorizing ourselves.
There's an entire flight simulator hidden in every copy of Microsoft Excel 97.
When a big company lays you off, they often give you a year's salary to 'go pursue a dream.' If you're stupid, you panic and get another job. If you're smart, you take the money and use the time to figure out what you want to do next.
There are two types of encryption: one that will prevent your sister from reading your diary and one that will prevent your government.
Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy our country's way of life; it's only our reaction to that attack that can do that kind of damage.
Air travel survived decades of terrorism, including attacks which resulted in the deaths of everyone on the plane. It survived 9/11. It'll survive the next successful attack. The only real worry is that we'll scare ourselves into making air travel so onerous that we won't fly anymore.
People don't understand computers. Computers are magical boxes that do things. People believe what computers tell them.
No one can duplicate the confidence that RSA offers after 20 years of cryptanalytic review.
The user's going to pick dancing pigs over security every time.
When people are scared, they need something done that will make them feel safe, even if it doesn't truly make them safer. Politicians naturally want to do something in response to crisis, even if that something doesn't make any sense. But unfortunately for politicians, the security measures that work are largely invisible.
You can't defend. You can't prevent. The only thing you can do is detect and respond.
I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'.
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.
It is poor civic hygiene to install technologies that could someday facilitate a police state.