cryptopanelIn the past, I haven't always stayed to hear the Crypto panel, but based upon the excellent one this year, I'll definitely include it in my plans going forward.  If you want to hear an overview of what they all said, I can recommend Robert Vamosi's story Cryptographers speak of threats, voting, and Blu-Ray rumors.

I want to highlight the points that Martin Hellman raised with respect to 99.9% probability as a martin of safety, complacency and low probability events.

He had one slide - a picture of a glider soaring very low over a runway at the bottom of a high speed, low pass flight.  Hellman is a pilot and pointed out that this activity is safe for those that do it 999 out of 1000 times, but went on to talk about how cautious pilots are when they first attempt it, but after 50 or  100 times of doing it successfully, they simply aren't as cautious or nervous and as a consequence don't necessarily address every risk as seriously as they did early one.

He also talked about The Black Swan: The Impact of the Highly Improbable and gave several excellent examples of how people underestimate the impact of low-probability, high-impact (even catastrophic) events.

The parallel to the issues of Internet Security are pretty clear.

Targeted attacks are increasingly part of the landscape, but it is much harder to convey their seriousness to the average person than some of the high-profiles worms and viruses of the past that got on everyone's radar.  And yet, we heard from Symantec's Stephen Trilling this week how credit card numbers go for as low as $0.40 in the malware underground economy.

Martin's call-for-action was for we security industry practitioners to try be the group of voices that convince the non-security folks to take security more seriously.  I'm happy to join his efforts in that an extol you to do the same.

Regards ~ Jeff