February 24, 2004 2:40 PM PST

Is security getting any easier?

By Michael Kanellos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Security in the spotlight at RSA show
February 25, 2004; Search on for source of leaked Windows code
February 13, 2004; U.S. approves stronger encryption standard
December 5, 2001

SAN FRANCISCO--Although governments and companies appear to be making significant headway on many security problems, don't expect headaches like spam to disappear anytime soon, according to security experts.

Human error, combined with the increasing technical sophistication of malicious hackers, creates a situation in which security, ultimately, can never be perfect, security specialists on the cryptographer's panel at the RSA Conference here said Tuesday.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Invariably, individuals will inadvertently open dangerous files or fall for cleverly deceptive spoofs. Even technically sophisticated users will make mistakes, according to Paul Kocher, president of Cryptography Research.

"We simply aren't smart enough as a species to handle this," Kocher said.

At the same time, solutions for solving some of these problems don't necessarily jibe with how individuals conduct themselves online, said Ronald Rivest, a professor of computer science at the Massachusetts Institute of Technology.

Some digital content protection schemes prevent a PC from opening up protected files. While that helps Hollywood, it represents a dramatic shift in the PC-owner relationship.

"You no longer have a PC that does what you tell it to do," Rivest said.

New organization helps companies measure security efforts against similar competitors

Spam presents another dilemma. Rivest, who has spoken out in the past against cryptography export restrictions, said he favors trying out a system in which the sender pays a fee to mail unsolicited messages. Then again, this system could be difficult to administer as increasing amounts of spam are sent from unwitting drone computers, pointed out Bruce Schneier, chief technology officer at Counterpane Internet Security.

Electronic voting also will likely create a host of controversies, Rivest said, because some of the systems already show potential flaws. In one election in Broward County, Fla., for instance, the winner won by 12 votes, but no votes were recorded for 137 people who actually went inside the booth to vote.

On the optimistic side, however, progress toward better security seems to be occurring. Adi Shamir, professor of the Weizmann Institute of Science in Israel, noted that in the past year, no major advanced cryptography system has been broken and no new ones have been introduced. Additionally, a Pentagon committee that oversees encryption has approved the use of the Advanced Encryption Standard (AES) for encrypting classified documents. The approval represents progress, because AES comes from Belgium and has been approved by international bodies.

"This was unthinkable years ago," said Whitfield Diffie, chief security officer at Sun Microsystems.

The panel also discussed the recent release of Windows code on the Internet, but generally concluded that it didn't present that severe of a danger. National governments and other large organizations likely already possessed copies of the source code before the leak, Schneier pointed out. Kocher noted that one of the chief irritants of the leak is that legitimate Windows customers can't look at the code, but hackers can.

Shamir, however, countered that he wasn't going to look through tens of millions of lines of code. Not because it wouldn't reveal flaws, but because "it is boring."

See more CNET content tagged:
cryptography, AES, spam, security, professor

Latest tech news headlines

Was EarthLink's failed citywide Wi-Fi a blessing in disguise?
Posted in News - Wireless by Marguerite Reardon

September 5, 2008 4:00 AM PDT
Behind the prototyping of 'Spore'
Posted in News - Gaming and Culture by Daniel Terdiman

September 5, 2008 4:00 AM PDT
Online content and services via game consoles will generate $8 billion in revenue in 2013
Posted in Negative Approach by Dave Rosenberg

September 5, 2008 3:34 AM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Dell planning to ditch factories
CFO Brian Gladden has said the company has "more work to be done" to improve profitability. Now The Wall Street Journal reports that Dell is planning to lower costs by selling off its factories.
Gallery
Photos: Ron Paul's RNC alternative
As the Republican convention took place just miles away, a crowd rallied for the former presidential candidate and his message of limited government, ensured civil liberties, lower taxes, and peace.
Negative Approach
Online content and services via game consoles will generate $8 billion in revenue in 2013
The revenue possibilities in gaming continue to grow, at least for the big console manufacturers.
Beyond Binary
Microsoft begins big ad push
Microsoft's multi-year push, estimated at $300 million, begins with a spot featuring Bill Gates and Jerry Seinfeld aired during Thursday's NFL game.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Wireless
Was EarthLink's failed citywide Wi-Fi a blessing in disguise?
Wireless Philadelphia, the nonprofit charged with providing broadband bundles to low-income families in Philadelphia, may be better off in the long run without EarthLink.
Video
Political party playlists
We know the Democrats and Republicans are split over policy issues, but does their musical taste fall down party lines too? And what kind of gadgets did they bring to the conventions to listen to their music? CNET reporter Kara Tsuboi finds out.
News - Gaming and Culture
Behind the prototyping of 'Spore'
Many of the components of Will Wright's highly anticipated evolution game started out as small concept projects that are now available to the public.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Photos: The brains behind Google Chrome
Here's a look at some of the engineers and executives who took the stage at the company's headquarters as they unveiled the new browser.
The Cheapskate
Record TV in style with a refurbished TiVo HD, $179.99 shipped
TiVo is offering refurb HD units for cheap, though you'll still have to pay for the TiVo service.
News - Politics and Law
McCain talks up oil drilling, green energy
Republican presidential candidate says we need to drill new wells now, while supporting innovative transportation technologies and "the use of wind, tide, solar and natural gas."