Tuesday, August 13, 2002

e-Privacy assurances in our climate of anti-terrorism legislation is the topic of this e-week column by John Taschek.  Ernie the Attorney offers this link to Charles C. Mann Atlantic Homeland Insecurity article on security systemic problems in general, and here is Ernie's earlier post on Security in general.  Here are some examples of our general state of Insecurity thinking. The US government has several networks never connected to the Internet, accessible only withing physically secure buildings.  But they've been infected by computer viruses because humans with lap tops connect to both the Internet and the secure networks, and bypass the security.  The weakest link are the government users. Kerkhoff's Principle:  A good crypto system QUOTE should be able to fall into the enemy's hands without disadvantage.  UNQUOTE Encrypting Internet transactions, says Purdue computer scientist Eugene Spafford, QUOTE is the equivalent of arranging an armored car to deliver credit-card info from someone living in a cardboard box to someone living on a park bench.  UNQUOTE Airport Security thinks that protection against car bombings is practical by having cars park 300 feet away from the terminal, but at the same time passengers can be dropped off right in front of the terminal.  That does not compute. Airports have to be evacuated all the time because of security breaches.  There is no way to shut down just the portion of the people movement where the problem occurred. Carjacking is on the rise partly because Automobile Manufacturers have made it more difficult to hot wire an unattended vehicle. QUOTE Bank Vaults are secure because to break in takes real skill. Computers are not, because to break in takes practically no skill. Millions of credit card numbers have been stolen from computer networks.  UNQUOTE German reporters tested a face recognition system, and iris scanner, and nine fingerprint readers.  All of them could be spoofed using output from a lap top screen.  They photographed an authorized user, blew up the face, cut out the pupils, help the image before their faces like a mask, and the iris scanner was spoofed. An authorized user's fingerprints were lifted from a drinking glass, on a tape pressed against the fingerprint reader, which accepted the data as valid. A corporation replaced paper ballots with electronic shareholder voting, which was hacked into.  Now they cannot reconstruct original votes. Since 9/11, at least 40 government networks have been cracked by vandals. People have trouble with passwords so an easy way to do industrial espionage is to offer pornographic web sites to business people in which they need a password.  Odds are they would use the same password there as for everywhere else. 8:00:52 PM

© Copyright 2002 Al Macintyre.