Essays in the Category "Trust"
Page 3 of 3
Be Careful When You Come to Put Your Trust in the Clouds
Cloud computing may represent the future of computing but users still need to be careful about who is looking after their data
This year’s overhyped IT concept is cloud computing. Also called software as a service (Saas), cloud computing is when you run software over the internet and access it via a browser. The salesforce.com customer management software is an example of this. So is Google Docs. If you believe the hype, cloud computing is the future.
But, hype aside, cloud computing is nothing new. It’s the modern version of the timesharing model from the 1960s, which was eventually killed by the rise of the personal computer. It’s what Hotmail and Gmail have been doing all these years, and it’s social networking sites, remote backup companies, and remote email filtering companies such as MessageLabs. Any IT outsourcing – network infrastructure, security monitoring, remote hosting – is a form of cloud computing…
Thwarting an Internal Hacker
Rajendrasinh Makwana was a UNIX contractor for Fannie Mae. On October 24, he was fired. Before he left, he slipped a logic bomb into the organization’s network. The bomb would have “detonated” on January 31. It was programmed to disable access to the server on which it was running, block any network monitoring software, systematically and irretrievably erase everything—and then replicate itself on all 4,000 Fannie Mae servers. Court papers claim the damage would have been in the millions of dollars, a number that seems low. Fannie Mae would have been shut down for at least a week…
NBA Ref Scandal Warns of Single Points of Failure
Sports referees are supposed to be fair and impartial. They’re not supposed to favor one team over another. And they’re most certainly not supposed to have a financial interest in the outcome of a game.
Tim Donaghy, referee for the National Basketball Association, has been accused of both betting on basketball games and fixing games for the mob. He has confessed to far less—gambling in general, and selling inside information on players, referees and coaches to a big-time professional gambler named James “Sheep” Battista. But the investigation continues, and the whole scandal is an enormous black eye for the sport. Fans like to think that the game is fair and that the winning team really is the winning team…
An Easy Path for Terrorists
If you fly out of Logan Airport and don’t want to take off your shoes for the security screeners and get your bags opened up, pay attention. The US government is testing its “Trusted Traveler” program, and Logan is the fourth test airport. Currently, only American Airlines frequent fliers are eligible, but if all goes well the program will be opened up to more people and more airports.
Participants provide their name, address, phone number, and birth date, a set of fingerprints, and a retinal scan. That information is matched against law enforcement and intelligence databases. If the applicant is not on any terrorist watch list and is otherwise an upstanding citizen, he gets a card that allows him access to a special security lane. The lane doesn’t bypass the metal detector or X-ray machine for carry-on bags, but it bypasses more intensive secondary screening unless there’s an alarm of some kind…
The Fallacy of Trusted Client Software
Controlling what a user can do with a piece of data assumes a trust paradigm that doesn’t exist in the real world. Software copy protection, intellectual property theft, digital watermarking-different companies claim to solve different parts of this growing problem. Some companies market e-mail security solutions in which the e-mail cannot be read after a certain date, effectively “deleting” it. Other companies sell rights-management software: audio and video files that can’t be copied or redistributed, data that can be read but not printed and software that can’t be copied. Still other companies have software copy-protection technologies…
Security Pitfalls in Cryptography
Magazine articles like to describe cryptography products in terms of algorithms and key length. Algorithms make good sound bites: they can be explained in a few words and they’re easy to compare with one another. “128-bit keys mean good security.” “Triple-DES means good security.” “40-bit keys mean weak security.” “2048-bit RSA is better than 1024-bit RSA.”
But reality isn’t that simple. Longer keys don’t always mean more security. Compare the cryptographic algorithm to the lock on your front door. Most door locks have four metal pins, each of which can be in one of ten positions. A key sets the pins in a particular configuration. If the key aligns them all correctly, then the lock opens. So there are only 10,000 possible keys, and a burglar willing to try all 10,000 is guaranteed to break into your house. But an improved lock with ten pins, making 10 billion possible keys, probably won’t make your house more secure. Burglars don’t try every possible key (a brute-force attack); most aren’t even clever enough to pick the lock (a cryptographic attack against the algorithm). They smash windows, kick in doors, disguise themselves as policemen, or rob keyholders at gunpoint. One ring of art thieves in California defeated home security systems by taking a chainsaw to the house walls. Better locks don’t help against these attacks…
Sidebar photo of Bruce Schneier by Joe MacInnis.