I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'.

The mantra of any good security engineer is: "Security is a not a product, but a process." It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together.

Secret courts making secret rulings on secret laws, and companies flagrantly lying to consumers about the insecurity of their products and services, undermine the very foundations of our society.

Security is a process, not a product.

When a big company lays you off, they often give you a year's salary to 'go pursue a dream.' If you're stupid, you panic and get another job. If you're smart, you take the money and use the time to figure out what you want to do next.

Terrorism is a crime against the mind. We win by refusing fear.

Surveillance is the business model of the Internet.