News: 1999 Archives
Words of Warning from a Cyber-Security Guru
Bruce Schneier of Counterpane Internet Security says computing today is unsafe at any speed. But we can minimize the dangers
Hardly a week goes by when corporate computing czars don’t have to absorb some rude piece of news from the security front. It may be a gaping hole somebody discovers in a browser or e-mail system, or a virulent new pest with a name like Melissa or Worm.ExploreZip. Against these mounting threats, the usual defensive arsenal of virus-scanning software, encryption, and firewalls seems flimsy indeed.
Brace yourself: The situation is going to get worse, according to Bruce Schneier, 36-year-old cryptography guru and author of Crypto-gram, an influential monthly newsletter. As new releases of common software grow more complex—and interact with one another in ways that nobody can predict—security products purchased off-the-rack will offer less and less protection from malicious viruses and hackers, Schneier warns. To be safe, companies may once again have to reengineer how they do business on the Net…
Crypto Guru Bruce Schneier Answers
Most of the questions we got for crypto guru Bruce Schneier earlier this week were pretty deep, and so are his answers. But even if you’re not a crypto expert, you’ll find them easy to understand, and many of Bruce’s thoughts (especially on privacy and the increasing lack thereof) make interesting reading even for those of you who have no interest in crypto because you believe you have “nothing to hide.” This is a *long and strong* Q&A session.
First Bruce says, by way of introduction…
“I’d like to start by thanking people for sending in questions. I enjoyed answering all of them…
Editors' Choice: Security Suites
Excerpt
The Internet is not a danger zone, but you do need to take steps to safeguard your PC and your privacy. Of the products we tested, these four tools offer the best personal protection.
…
Password Safe 1.7
Counterpane Systems’ Password Safe is an easy, secure, and free solution to the password problem. Password Safe locks all of your user names and passwords in a vault and encrypts them using the strong Blowfish algorithm for maximum protection.
Windows-Based VPNs Not "Industrial Strength"?
In a paper released last week, computer security specialists from Counterpane Security and L0pht Heavy Industries went over with a fine-tooth comb Microsoft Corp.’s built-in Windows virtual private network (VPN) support.
Their target: Microsoft Point-to-Point Tunneling Protocol (PPTP) version 2. Their conclusions? While better than version 1, MS PPTP still leaves VPNs open to attack.
PPTP is a generic protocol that allows Point-to-Point Protocol (PPP) connections to pass through firewalls. The resulting connection is treated as if it had originated behind the firewall, creating a VPN. MS PPTP is Microsoft’s implementation of the PPTP, and is built into the Windows 95, 98, and NT operating systems. While VPN vendors are increasingly moving towards IPSec, PPTP remains important because of its wide distribution on Windows platforms…
Applied Cryptography / Bruce Schneier
This review also appeared in Slashdot.
More than any other field in computer science, cryptography is associated with computer warfare. Recent international treaties define cryptographic algorithms as weapons, and the laws of many countries prohibit either the development, the usage, or the export of cryptographic algorithms. Yet while feared by governments, cryptography is one of the most fascinating—and useful—fields of algorithmics.
The whole point of cryptography is to solve problems. (Actually, that’s the whole point of computers—something many people tend to forget.) Cryptography solves problems that involve secrecy, authentication, integrity, and dishonest people. You can learn all about cryptographic algorithms and techniques, but these are academic unless they can solve a problem…
Sidebar photo of Bruce Schneier by Joe MacInnis.