Schneier on Security
A blog covering security and security technology.
« Insurance and Risk Cartoon |
| Real vs. Perceived Risk »
March 15, 2007
BT Interview on Security
As part of BT's Big Thinkers series, Esther Dyson interviewed me and two other people (Risto Siilasmaa, Chairman of F-Secure Corporation; and Michael Barrett, PayPal's CISO) on network security issues. It was interesting and fun.
The other interviews in the series are here.
Posted on March 15, 2007 at 3:03 PM
• 6 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Bruce, very good interview; I am still listening as I write this. I like the idea of authenticating via mobile phone; however, there would be accessibility concerns with this that would have
to be addressed. For example, can the receiver of the message actually read it, and can they somehow press the 'authenticated' button? It will be interesting how this system ends up working.
Are transcripts available?
Or a direct URL to the media file?
The link causes an error message that the Mediaplayer-plugin would have attempted some illegal operation and was shut down.
Interesting discussion. I found it particularly interesting that PayPal is fairly comfortable with the level of fraud that currently exists (losses at less than 0.5%), but is fighting basically a perception problem caused by the phishing. The credit card companies don't have to deal with that.
Also, my playback kept stopping at 44 minutes or so. Couldn't get past that point, so I haven't been about to hear the conclusion. How does it end? Do they ever get off the island?
Excellent discussion, thanks!
During the part on phishing, it (re)occurred to me to wonder why it is we don't restrict who can send out what From: lines. For example, my .procmailrc file checks the Received: line added by *my* ISP (i.e. the box from whom my ISP received the message) and if, for example, the From: line says firstname.lastname@example.org but the message did not come from a host in the paypal.com domain, the message is stuck in a spam file. I do this with the major vendors who are phished and it has not failed yet. I get all the email truly from those domains and I never get a phish message since those are never from that domain.
For regular users who legitimately send out different forwarding addresses through their ISPs, this is a harder sell, but for businesses it would not be that difficult. DNS could have a record added where an email domain for whom an MX record is maintained could also have a way to request the names of all valid SMTP servers for that domain name. If you receive a message that claims to be from email@example.com, you can go look up the valid machines that could send that message to you, and if you aren't talking to one of them, don't accept the message.
This would allow each domain to manage their own list and would require only minor changes (at least for sendmail) on the receiving end.
K Ables, you're pretty much exactly describing "SPF" (sender policy framework, or sender-permitted-from), which is reasonably widely deployed. And it is, as you predict, a pain for people (like me) who occasionally want to send work email from a non-work machine...
A cryptographic approach is DKIM / DomainKeys, in which the sending MTA signs just a few relevant headers (not the entire message text).
For reliable communication between individuals, I still think end-to-end cryptography à la PGP or SMIME is the way to go, but PayPal and eBay are not well-enough coördinated to be able to handle crypto, I think.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.