Bruce Schneier, master cryptographer and idol of the computer underground, targets those short-attention-spanners in his latest book, "Secrets and Lies: Digital Security in a Networked World." Aiming straight for the vaunted "general audience," he peppers the 400-plus pages with Yogi Berra quotes, analogies drawn from "Star Wars" and trivia tidbits from Greek mythology. But the folksy wit doesn't obscure a core message as frighteningly entertaining as Dr. Lecter's flesh-eating antics: In cyberspace, you're dead meat on a stick.

"Computer insecurity is inevitable," he warns. "Networks will be hacked. Fraud will be committed. Money will be lost. People will die." Indeed, the bulk of "Secrets and Lies" is a harrowing rundown of the myriad pitfalls that plague even the simplest systems. And that nifty new security software your company just bought for a jillion dollars isn't going to help -- if some teenage miscreant really, really wants to deface your Web page with Limp Bizkit lyrics, he's going to get his way.

As Schneier sees it, the wired universe is plagued with hard-to-fix vulnerabilities. One notable example is buffer overflow bugs, which permit attackers to overwrite memories with their own instructions. Even the planet's smartest, most diligent coder would be hard-pressed to completely cleanse a program of such holes. "With any piece of modern, large, complex code, there are just too many places where buffer overflows are possible," Schneier laments. "The larger and more complex the code, the more likely the attack." As a result, buffer overflows were the most popular attack of the 1990s, the tactic of choice for lightly skilled "script kiddies" bent on easy-to-execute mischief.

"Secrets and Lies" is a mea culpa of sorts. Schneier's best-known book, "Applied Cryptography," a geek bible of the '90s, trumpeted strong encryption as the key to perfect online security -- "a mathematical utopia." Better cryptography, the book claimed, would spell the end of hackable networks and protect even the measliest Hotmail communiqués. "It is insufficient to protect ourselves with laws," he wrote in that book's second edition. "We must protect ourselves with mathematics."

Schneier looks back on his optimistic pronouncements with more than a hint of embarrassment. "I talked about cryptography as if it were The Answer," he confesses in the preface to "Secrets and Lies." "I was pretty naive ... Readers believed that cryptography was a kind of magic security dust that they could sprinkle over their software and make it secure."

Stupid idea, Schneier now admits. Computer networks, he has come to believe, are so dauntingly complex that loopholes will always remain. Just as brush clearance teams will never rid the world of wildfires -- how could they possibly find every last dried twig? -- security professionals can't head off every attack, no matter how pricey their toys. World-class cryptography is pretty useless, Schneier notes, if the administrator's password is set to "password."

The Free Software Project
Read Andrew Leonard's book-in-progress on Linux and open source -- and post your comments.