Essays in the Category "Computer and Information Security"
Page 31 of 32
Click Here to Bring Down the Internet
The Internet is fragile, rickety. It is at the mercy of every hacker and cracker. In recent Congressional testimony, hackers from the L0pht boasted that they could bring down the Internet in under 30 minutes. Should we be concerned?
In almost every area, those with the expertise to build our social infrastructure also have the expertise to destroy it. Mark Loizeaux is President of Controlled Demolitions, Inc.; he blows up buildings for a living. He’s quoted in the July 1997 Harper’s Magazine: “We could drop every bridge in the United States in a couple of days…. I could drive a truck on the Verrazano Narrows Bridge and have a dirt bike on the back, drop that bridge, and I would get away. They would never stop me.” Ask any doctor how to poison someone untraceably, and he can tell you. Ask someone who works in aircraft maintenance how to knock a 747 out of the sky, and he’ll know. The Internet is no different…
Security Pitfalls in Cryptography
Magazine articles like to describe cryptography products in terms of algorithms and key length. Algorithms make good sound bites: they can be explained in a few words and they’re easy to compare with one another. “128-bit keys mean good security.” “Triple-DES means good security.” “40-bit keys mean weak security.” “2048-bit RSA is better than 1024-bit RSA.”
But reality isn’t that simple. Longer keys don’t always mean more security. Compare the cryptographic algorithm to the lock on your front door. Most door locks have four metal pins, each of which can be in one of ten positions. A key sets the pins in a particular configuration. If the key aligns them all correctly, then the lock opens. So there are only 10,000 possible keys, and a burglar willing to try all 10,000 is guaranteed to break into your house. But an improved lock with ten pins, making 10 billion possible keys, probably won’t make your house more secure. Burglars don’t try every possible key (a brute-force attack); most aren’t even clever enough to pick the lock (a cryptographic attack against the algorithm). They smash windows, kick in doors, disguise themselves as policemen, or rob keyholders at gunpoint. One ring of art thieves in California defeated home security systems by taking a chainsaw to the house walls. Better locks don’t help against these attacks…
The Challenge of Cryptography
Never underestimate the time and effort attackers will expend to thwart your security systems.These days, security is on the minds of anyone involved in building or using information systems. After all, every form of commerce has had its share of fraud, from farmers rigging their weight scales to counterfeiters passing off phony currency. Electronic commerce is no exception, with fraud taking the form of forgery, misrepresentation, and denial of service. And it doesn’t stop with electronic transactions. There are privacy breaches, with competitors intercepting communications, and electronic vandalism, with attackers destroying Web pages and mail-bombing ISPs. It seems threats are coming from everywhere…
Cryptography, Security and the Future
From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today’s information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can protect your anonymity or prove your identity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital…
Why Cryptography Is Harder Than It Looks
From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today’s information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can prove your identity or protect your anonymity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital…
Protect Your E-Mail
Safeguard your messages today, and prepare for electronic commerce tomorrow
You may have just started using the Internet for your business, but scientists, academics, and computer programmers have been using it for years. It was designed specifically as a public network for sharing information. Because the availability of information was the priority, provisions for data security were not considered essential. But now that you’re sending proprietary business information over the Internet that openness can become a drawback. You need to take steps to protect your communications…
Electronic Speech – For Domestic Use Only
The U.S. State Department recently ruled that some forms of electronic speech are not protected by the First Amendment and can be prohibited from export. This decision raises questions about freedom of speech on the information superhighway. As business communications continue to migrate from paper mail to electronic mail, these questions will become more important. It is vital that laws address this new form of speech.
Last year, I wrote a book called Applied Cryptography> (John Wiley & Sons, 1994), which explains cryptography in nonmathematical language. It describes how to build cryptography into products, illustrates cryptographic techniques, and evaluates algorithms and makes recommendations on their quality. It even includes source-code listings that enable readers to implement many of the algorithms and techniques described…
High-Tech Government Snooping: Anti-Crime or Orwell Revisited?
Good news! The federal government respects and is working to protect your privacy… just as long as you don’t want privacy from the government itself.
In April 1994, the Clinton administration, cleaning up old business from the Bush administration, introduced a new cryptography initiative that ensures the government’s ability to conduct electronic surveillance. The first fruit of this initiative is CLIPPER, designed to secure telephone communications.
CLIPPER is a tamper-resistant chip designed by the National Security Agency, a super-secret branch of the Department of Defense…
Virus Killers: Macworld Lab Tests Virus Software and Survives
Macintosh users ignore computer viruses at their peril. Viruses can cause irreparable damage to the system or destroy megabytes of data. Fortunately, unlike their biological namesakes, computer viruses are relatively easy and painless to control. With a leading virus-protection software program, it takes only a few minutes a day to remain virus-free.
Macworld Lab tested four antiviral products—the freeware application Disinfectant, Central Point Software’s MacTools ($149.95), Symantec’s Symantec AntiVirus for Macintosh (SAM, $99), and Virex ($99.95) from Datawatch—against every Macintosh virus known at the time of testing, 52 in all. We also looked at each product’s features and measured how fast the programs detected viruses…
Virus Protection on the Mac is Simple But Necessary
“Protecting yourself from Mac virus infection is easy; it’s a wonder there are people who don’t do it,” said Ben Liberman, independent Macintosh consultant in Chicago. There are several good anti-viral software packages, both commercial and free, designed to protect your Mac from attack.
There are two types of anti-viral software: protective and detective. The commercial virus-prevention software packages -Central Point Software Inc.’s Central Point Anti-Virus for Macintosh 2.0, Symantec Corp.’s Symantec Anti-Virus for Macintosh 3.5 and Datawatch Corp.’s Virex 4.1 – support both protective and detective protection. There are two freeware virus-protection programs: Disinfectant, which takes a detective approach, and GateKeeper, which takes a protective approach. Both programs are available on most bulletin board systems and on-line services…
Sidebar photo of Bruce Schneier by Joe MacInnis.