Schneier on Security
A blog covering security and security technology.
« GhostBuster |
| SHA-1 Broken »
February 15, 2005
I'm at the RSA Conference here in San Francisco. Is anyone else here? What's interesting on the show floor? Anything?
And what did you all think of Bill Gates's speech this morning?
Posted on February 15, 2005 at 3:17 PM
• 22 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I'll keep my eyes peeled for you.
I was sad to see that Gates' presentation was essentially a product demonstration. I couldn't help but feel we were watching something that could be better accomplished at their booth on the floor. Also, strange that the Microsoft announcement at RSA last year was Service Pack Two (and how it can block popups, trojans, worms) and this year they were showing essentially the same thing. Deja vu all over again?
The only difference at face value seems to be the fact that acquired several companies to extend the functionality beyond the SP2 interface...not exactly what I'd call an open architecture to encourage industry collaboration or greater security.
One thing I couldn't figure out is whether the new software they were showing is actually free or not. At one point Gates said it would be given to home users, but the enterprise software must therefore come with a license?
How about the Symantec presentation? I think he really nailed the topic and had valid criticisms of Gates as well.
"How about the Symantec presentation? I think he really nailed the topic and had valid criticisms of Gates as well."
Ah, well. I missed that one.
I had the privelege of meeting you last year in a brief introduction, as I worked for a company that was one of your company's first overseas clients. Alas I have now moved on, and didn't get a chance to come this year.
I had a lot of fun last year. Really wish I could have been there this year.
Ohhh...I should have been there, atleast to say an `hi' to Bruce. :)
Hey saw ya at the preventsys party - love those bacardi girls :)
The Bicardi party sux.
I am more interested in the Crypto work anyway, I liked the talk Gary Mcgraw gave - interesting.
No one goes to RSA anymore. It's too crowded.
The most interesting thing I saw was Cryptography Research's attempt to get a better DRM solution by implementing a tiny virtual machine in each DVD player, with the code being loaded from each individual DVD - it then can check if it likes the environment and reveals its decryption key or just shows a 1-800 number for help. With the option to publish better code over time if cracks are known. Either the ultimate solution or just something else to be cracked ASAP. And they also have a pretty nice Engima machine in their booth which apparently made the NSA lady jealous :)
"No one goes to RSA anymore. It's too crowded."
- That's the best line I've heard in ages! Thanks for making my day.
Well the MS preso was definitely just an hour long infommertial. As for tech on the floor there is mostly the usual copycat BS that serves no real business use.
There are a couple of interesting players to check out though. Tricipher, who is trying to make strong(er) auth signifigantly easier for the users to actually use. Not so much a technology play as a usability one, and lord knows that this industry is plagued by great tech that is unusable by even the above average bear.
The other is Skybox security. In short they are doing visual risk modelling by combining router and firewall configuration data with VA data. They're is a high barrier to entry of use, but it looks to be a great product once you get a process worked out for easily updating the profuct with updated data.
*No one goes to RSA anymore. It's too *crowded."
*- That's the best line I've heard in *ages! Thanks for making my day.
It's one of Yogi Berra's most famous
Regarding the DRM solution by Cryptography Research, I think it will be cracked very quickly if it goes into use. Someone will create a VM emulator that behaves exactly like a valid VM should, and it will be undetectable. It will be even simpler if software players exist. If the fake VM is written well, even possible updated code will be unable to disable it without breaking early model players.
I, for one, think this is a really good thing. Copy protection like this is little more than a joke to real piracy rings and bootleggers, but it makes it much harder for the average user to exercise fair use rights, possibly transforming him into a criminal under the DMCA.
Hey Bruce! Im also in SF.. though I got to see you on the news, and not in person :-)
Bill Gates' presentation on tue was .. despicable. Just thinking that M$ will have IE7 and will work all the excellent FireFox features into it makes my blood boil. Not to mention, instead of "Spyware removal this" and "Isolation that", they should have followed up on that "major security push" they allegedly started what, two years ago? Honestly, if post XP-SP2 there're 8 *critical* updates, they are NOT doing the right job.
But then, lamentably, people go on using IE. As they will flock to IE7 when it comes out. Like innocent lambs to the slaughter. Alas.
Peace to all,
RSA was packed this year and drew top level execs. Great show. Preventsys/Bacardi party rocked - saw you there. Skybox looks cool, but is it really practical? How does it scale?
Hmmm....flame about " M$ will have IE7 and will work all the excellent FireFox features into it makes my blood boil. Not to mention, instead of "Spyware removal this" and "Isolation that", they should have followed up on that "major security push" they allegedly started what, two years ago? Honestly, if post XP-SP2 there're 8 *critical* updates, they are NOT doing the right job. ?"
...so when you complain about MS IE not having features/security, and they try to fix it, that's bad?
That's like "I told you to lock the front door, and you did, so why did you lock the front door?"
Improvements in security, no matter where they come from (IE, FF, open source, your mother) are good.
Thanks for standing up for regulation at RSA. I think the next thing people need to recognize is that proper regulation spurs innovation and does not stifle it...we can see that the VISA CISP actually creates jobs by creating a huge spike in demand for better products to reach compliance. The current market is broken, it needs to be regulated.
At RSA I think the most interesting thing was the lines at the SUNRays waiting for Internet Access and nobody ( I repeat NOBODY) sitting at the free Windows access terminals
Hmmm, interesting way of using track back pings to surf on other man's success and collect some hits on your site . Suprises me that Google or MSN were not first to exploit this, but I am sure they will follow :-(
The Preventsys En Fuego party kicked ass. Pretty girls, good Bacardi drinks and the pepper eating contest was hilarious! They really know how to throw a party. Hope they have another great party next year!
I do not see anything wrong with an updated IE browser. I do, however, see something wrong with Microsoft's security "announcement" at RSA this year that has little, if any, distinction from last year's...
More to the point, Microsoft's AntiSpyware Beta has already been defeated by the BankAsh-A Trojan, which disables it and suppresses warning messages. It also deletes files within the AntiSpyware program's folder. So it was hard, no painful, to watch Gates' already out-of-date presentation and realize that he is pushing topical ointment to treat a viral disease he is partly responsible for spreading. Anyone else see the irony compared to his philanthropic efforts in healthcare?
I am still in shock at the fact that the Microsoft SpyNet demo showed that Microsoft's "Spyware researchers" in Redmond can view how many people installed (or chose not to install) a long list of programs that included Apple's iTunesHelper app. I mean, here is a program called *SpyNet* which allows Microsoft to see how many people are installing what software on Windows. If this isn't the definition of Spyware, i don't know what is (by contrast, what the Anti-Spyware program blocks is mostly Adware, not Spyware). And then to demo this to a room full of thousands of security professionals and nobody spots the irony. To me, this was the real story of the Microsoft presentation, not IE7.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.