Amateurs hack systems, professionals hack people.
Interpretation
The quote emphasizes that while amateurs focus on technical skills, true experts understand and manipulate human behavior.
Bruce Schneier's quote highlights a critical distinction between amateurs and professionals in the field of hacking. Amateurs often concentrate on the technical aspects of systems, such as exploiting software vulnerabilities, whereas professionals recognize that understanding human psychology and social engineering is essential for successful hacking. This insight emphasizes that the most effective hacking often involves manipulating people rather than just breaking into computer systems.
In practice
This quote can be used in a cybersecurity training session to emphasize the importance of understanding the human factor in security.
History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.
The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember.
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community.
It is poor civic hygiene to install technologies that could someday facilitate a police state.
You can't defend. You can't prevent. The only thing you can do is detect and respond.
Digital files cannot be made uncopyable, any more than water can be made not wet.
A lot of movies about artificial intelligence envision that AI's will be very intelligent but missing some key emotional qualities of humans and therefore turn out to be very dangerous.
There are only two industries that refer to their customers as 'users'.
Ultimately, it's not going to be about man versus machine. It is going to be about man with machines.
Improving the Internet is just one means, albeit an important one, by which to improve the human condition. It must be done with an appreciation for the civil and human rights that deserve protection - without pretending that access itself is such a right.
If you love a medium made of software, there's a danger that you will become entrapped in someone else's recent careless thoughts. Struggle against that.
With tech companies, whoever's the leader is always questioned, you know. They say, 'Is this the end of them?' And - there's more - more times people think that's the case than it really is the case.
Subscribe for the occasional hand-picked quote. No noise.