Critical. Authoritative. Strategic.


CBR is proudly produced & published
by Technews
Issue Date: September 2000 (es)

eSecurity Briefs

1 September 2000

Encryption could starve carnivore
Seán Captain,, 24 August, 2000, 12:15 p.m. PT
Even as the FBI slowly releases details of its Carnivore e-mail wiretap technology, software developers are readying schemes to starve Carnivore of meaningful data.
ChainMail and Sigaba are among the companies promoting encryption technology designed to render any captured e-mail meaningless to third parties. Meanwhile, developers like Privada and Zero-Knowledge offer anonymity to both sender and recipient, so a third party has no idea whose e-mail it is reading. In most cases, you need to rely on your Internet service provider to implement this level of technology which keeps private your e-mail - right down to its address.
Expiration of RSA patents opens up net security
Scott Berinato, eWEEK, 25 August, 2000 5:00 PM ET
A unique moment in the history of high tech will occur next month when RSA Security's key patents which are fundamental to most Internet security, expire.
What happens after that will be nothing short of a watershed for the security industry. Observers predict two major trends: the development of security tool kits engineered for performance and for specific markets, such as wireless and the availability of many more security products in the United States.
"This represents a pretty big milestone. People are waiting for this," said Mike Serbinis, Chief Security Officer of San Francisco-based Critical Path which uses security tools from Baltimore Technologies. "Three years ago, I was at a start-up [since acquired by Critical Path] and we were debating then what we would do around the patents expiring. It turns out it will all be good for users."
Software piracy tops R500 million in SA
The BSA (Business Software Alliance) has issued summons in the High Court of South Africa against two high profile companies, Randburg-based Voicetec and the Coin Security Group for allegedly using pirated software.
The BSA obtained a civil order (Anton Piller Order) and conducted a search at the Voicetec premises and found what appeared to be pirated software.
A settlement was negotiated with Voicetec and with Coin Security Technology. However, an amicable agreement could not be reached with either parties and the BSA was forced to issue summons.
In South Africa, software piracy alone costs over R500 million in lost revenues, excluding lost government taxes and job losses. "Piracy and counterfeiting are very real crimes with very real victims: the authors, artists and developers who are never fully compensated for their work and the thousands of jobs that are effectively lost as a result of the detrimental effect on legitimate business.
Encryption gets really small
Scientists at the University of Geneva are collaborating with the Swiss Ministry of Posts and Telecommunications on an experiment that uses quantum computers to run an unbreakable encryption algorithm. Cryptography could, in fact, be the first commercial application for this technology. Quantum computers are molecules, and being that tiny they can process data millions of times faster than the quickest supercomputer. But being so small, they also can take advantage of the peculiar rules of quantum physics.
Conventional computers create bits of information, and each bit is either a 0 or a 1. Quantum bits, or qubits, can be both 0 and 1 or any combination of the two numbers. What is more, qubits cannot be cloned or copied, making it virtually impossible for someone to break code encrypted with a quantum computer.
DVD hacker case ruling sets shocking precedent
Source code is speech. Computer networks are the fastest-growing medium of public and private expression; our rights and liberties, as we engage in commerce and in other forms of discourse via that medium, are protected by instructions to computers. Source code is the means by which these instructions are expressed in ways that people can examine and understand. Source code is speech.
On the Internet, there can be no genuine freedom of speech unless source code is a protected form of speech. This principle is attacked, however, by US District Judge Lewis Kaplan in his ruling that "society must be able to regulate the use and dissemination of code". The judge then enjoined Eric Corley, publisher of 2600 magazine, from assisting his readers in accessing code that unlocks DVD content.
The Supreme Court has already laid the foundation for reversal of this ruling, in Justice Stevens' majority opinion striking down the Communications Decency Act of 1996. That opinion described the discourse of the Internet as a "dynamic, multifaceted category of communication ... as diverse as human thought," and included the vital statement that other cases involving other forms of mass communication provide "no basis for qualifying the level of First Amendment scrutiny that should be applied to this medium."
All 'Love' virus charges dropped
MANILA, Philippines - Prosecutors today dismissed all charges filed against a former computer college student accused of having released the 'I Love You' computer virus that crippled email systems worldwide. The Justice Department said the charges filed by investigators either did not apply to computer hacking, or there was insufficient evidence to back them up.
Onel de Guzman, a former student at the Philippines' AMA Computer College, has acknowledged that he may have released the virus by accident but has refused to say whether he authored it. The virus, unleashed 4 May, rapidly replicated itself via e-mail, overloading corporate email systems in many countries and causing damage estimated as much as $10 billion.
Until Philippines President Joseph Estrada signed a new law in June covering e-commerce and computer hacking, the country had no laws specifically against computer crimes.
Watches could be the key to IT security
A US firm has devised a plan using wristwatches to help in the struggle for PC privacy. The Michigan-based intelligent security company Ensure Technologies points out that despite the furore about hackers, most breaches of security occur in-house - namely in users' complacency in leaving PCs switched on or divulging their passwords to others.
According to PC World, the company has approached watch manufacturer Golden State International to incorporate wireless identification technology into their products. Instead of leaving your PC open to the scrutiny of others while you are away, a miniature transceiver in the watch automatically locks it for you, unlocking it for you on your return.
MasterCard forms group to work on digital Ids
NEW YORK (Reuters) - Credit card network MasterCard International says it has formed a group to develop digital identification that will protect cardholders against fraud when making purchases over cell phones or on the Internet.
"It authenticates you as the holder of your card," Gail Francolini, Vice President of Global Chip Relationship Management at MasterCard International, said of the IDs, which would essentially be a string of numbers.
MasterCard said recently that its new group will give its member banks a selection of providers offering turnkey solutions to help them offer this technology to their cardholders.
"By issuing a multi-application smartcard that includes a digital ID, as well as financial service applications, banks will be able to position themselves at the forefront of technological innovation," said Art Kranzley, Senior Vice President, Electronic Commerce and Emerging Technologies at MasterCard. Participants in MasterCard's new program include SecureNet, ACI Worldwide and Gemplus, it said. Other vendors are expected to join up in time, it added.
Report: UK set for cybercrime surge
Lori Enos, E-Commerce Times, 28 August, 2000
A new survey released by the Association of British Insurers (ABI) predicts that cybercrime - including Internet fraud, e-mail abuse, hacking, and viruses - will increase over the next 20 years.
The report, "Future crime trends in the United Kingdom," comes days after three men were arrested for using bogus accounts to steal money from Egg, one of Britain's most high-profile online banks. Although the thieves reportedly only got away with 'a handful of thousands of pounds' and did not take money from individual customer accounts, the incident added to rising concern over security in online banking.
"Access to information has improved tremendously over the past few years and will continue to do so in the future. But these developments are not cost-free," said Mary Francis, ABI's Director General.
M-commerce being held back by security concerns
Concerns over the risks of buying goods over mobile phones are hampering the success of m-commerce. A study compiled by the Broadband Communications Europe 2000 convention, which interviewed over 10 000 people about their views on m-commerce revealed 52% of people in the UK are concerned that buying goods and services over their mobile telephones will put them at risk of security breaches.
A further 65% believe their private lives will be 'invaded' through the misuse of personal information stored on the internet, as the TV, telephone and web converge.
Hackers attack air traffic control radio
David Morgan, 29 August
A different kind of hijacking is taking place in the skies.
Britain's Civil Aviation Authority has issued a safety alert about a new threat to air passengers: hackers taking over air traffic control transmissions and giving pilots bogus orders.
The number of incidents in which radio hackers have broken into frequencies used by British air traffic controllers and given false instructions to pilots or broadcasted fake distress calls, are on an alarming rise. There were three such incidents there in 1998, 18 last year and now, so far this year, 20.
Fortunately in all those cases, pilots ascertained that the directions given them were fake. But had they not done so, their lives and those of their passengers could have been placed in serious jeopardy.
The problem is not unique to the UK.

Others who read this also read these articles

Search Site

Search Directory

  • Search for:


Previous Issues