News in the Category "Articles"
Page 19 of 21
How to Avoid Pickpockets, and Other Horror Stories
Excerpt
Think sensibly, and act with confidence
Security expert Bruce Schneier takes a much-ado-about-nothing view of terrorist fears. The odds of such an attack are close to zero, so better to worry about things that have at least some likelihood of occurring, he maintains.
“We as a society always fear the rare and spectacular more than the pedestrian,” says the cyber-security whiz and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, $25).
Though not geared specifically to travelers, his new book espouses the notion that security measures involve trade-offs—both monetary and personal. The book maps out a five-step plan to help individuals assess whether those trade-offs are worth it. …
The Visionaries: IT Leaders Make Predictions about the Future
Excerpt
Q: Will computers be more or less secure in 2028 than they are today?
A: Computers will be just as insecure, but computing will be more secure. Right now our major problem is that computer security is brittle; when it breaks, it breaks completely. As computing becomes embedded and invisible, it will become more resilient. Different systems will work in tandem, providing defense in depth. Cyberspace is no different than the real world: The individual pieces may be insecure, but the collection of pieces we call society hums along just fine…
The Best: People
Excerpt
Like or loathe him, you’ve got to admit that cryptographer Bruce Schneier knows how to capture media attention. From titillating talks to shamelessly promote his books (including the best-selling Secret & Lies and the recently released Beyond Fear), to outrageous remarks on the speaker circuit, Schneier frequently grabs the spotlight with outspoken opinion and candor.
For example: “Most advisories trade on fear. Most newspaper and magazine articles trade on fear,” Schneier said in a recent Information Security interview. “Too many security companies are crying wolf far too often, and it hurts us all.” Not exactly a measured comment, considering his company, Counterpane Internet Security, is one of those companies vying for attention…
Homeland Insecurity
A top expert says America's approach to protecting itself will only make matters worse. Forget "foolproof" technology—we need systems designed to fail smartly
- To stop the rampant theft of expensive cars, manufacturers in the 1990s began to make ignitions very difficult to hot-wire. This reduced the likelihood that cars would be stolen from parking lots—but apparently contributed to the sudden appearance of a new and more dangerous crime, carjacking.
- After a vote against management Vivendi Universal announced earlier this year that its electronic shareholder-voting system, which it had adopted to tabulate votes efficiently and securely, had been broken into by hackers. Because the new system eliminated the old paper ballots, recounting the votes—or even independently verifying that the attack had occurred—was impossible…
The Encryption Algorithm Demolition Derby
Contestant would do it again 'in a second'
Last month we reported the triumph of two Belgian academics in the US encryption standard contest. But how was the contest organised? If you’re not interested, stop reading now.
In the early seventies the US government put out a call for an encryption algorithm. It had no response. A year later in 1973 they tried again and got one response, from IBM. Then followed a bit of politicking, but by 1975 DES was born.
DES was initially a FIPS (Federal Information Procurement Standard), but was quickly adopted around the world as the de facto standard for encryption…
Words of Warning from a Cyber-Security Guru
Bruce Schneier of Counterpane Internet Security says computing today is unsafe at any speed. But we can minimize the dangers
Hardly a week goes by when corporate computing czars don’t have to absorb some rude piece of news from the security front. It may be a gaping hole somebody discovers in a browser or e-mail system, or a virulent new pest with a name like Melissa or Worm.ExploreZip. Against these mounting threats, the usual defensive arsenal of virus-scanning software, encryption, and firewalls seems flimsy indeed.
Brace yourself: The situation is going to get worse, according to Bruce Schneier, 36-year-old cryptography guru and author of Crypto-gram, an influential monthly newsletter. As new releases of common software grow more complex—and interact with one another in ways that nobody can predict—security products purchased off-the-rack will offer less and less protection from malicious viruses and hackers, Schneier warns. To be safe, companies may once again have to reengineer how they do business on the Net…
Editors' Choice: Security Suites
Excerpt
The Internet is not a danger zone, but you do need to take steps to safeguard your PC and your privacy. Of the products we tested, these four tools offer the best personal protection.
…
Password Safe 1.7
Counterpane Systems’ Password Safe is an easy, secure, and free solution to the password problem. Password Safe locks all of your user names and passwords in a vault and encrypts them using the strong Blowfish algorithm for maximum protection.
Windows-Based VPNs Not "Industrial Strength"?
In a paper released last week, computer security specialists from Counterpane Security and L0pht Heavy Industries went over with a fine-tooth comb Microsoft Corp.’s built-in Windows virtual private network (VPN) support.
Their target: Microsoft Point-to-Point Tunneling Protocol (PPTP) version 2. Their conclusions? While better than version 1, MS PPTP still leaves VPNs open to attack.
PPTP is a generic protocol that allows Point-to-Point Protocol (PPP) connections to pass through firewalls. The resulting connection is treated as if it had originated behind the firewall, creating a VPN. MS PPTP is Microsoft’s implementation of the PPTP, and is built into the Windows 95, 98, and NT operating systems. While VPN vendors are increasingly moving towards IPSec, PPTP remains important because of its wide distribution on Windows platforms…
Random Acts of Cryptography
For encryption developers, a secure system is only as good as its pseudorandom number generator (PRNG). PRNGs produce unique keys that can lock and unlock encrypted data. But Bruce Schneier, president of Counterpane Systems, says that PRNGs lack security and portability.
PRNGs generate numbers based on a variety of factors, such as a user’s mouse movements, and store this data in an entropy pool, which is later tapped by security software to create an encryption key. PRNGs fail, insists Schneier, because hackers can intercept the entropy source and thus predict the output. His response is Yarrow, a new PRNG with an expanded source that creates a larger, less predictable pool. “We’ve added new randomness,” says Schneier of Yarrow’s unique entropy pool, “like radio noise, arrival times of network packets, and disk-drive latency. Even if the source is turned off,” he says, “it still works.”…
Cryptographers Seek DES Successor
The successor to the aging Data Encryption Standard (DES) will begin to emerge this week as some of the world’s top cryptographers convene to review proposals for a new, advanced encryption standard.
Officials at the National Institute for Standards and Technology (NIST) will kick off the first round of “evaluation and analysis” of proposed DES algorithm replacements at the Advanced Encryption Standard (AES) Candidate Conference in Ventura, Calif., later this week.
“This is sort of the debut of the candidate algorithms and the opportunity for any interested [cryptographer] to find out how they work,” said Miles Smid, manager of NIST’s security technology group…
Sidebar photo of Bruce Schneier by Joe MacInnis.