[iwar] [fc:Security.Not.in.the.Cards]

• Next message: Fred Cohen: "[iwar] http://attacked911.tripod.com/"
• Previous message: Fred Cohen: "[iwar] [fc:Worm.Goes.for.Mass.Mailings]"
• Next in thread: Leo, Ross: "RE: [iwar] [fc:Security.Not.in.the.Cards]"
• Maybe reply: Leo, Ross: "RE: [iwar] [fc:Security.Not.in.the.Cards]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-3317-1003850546-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 23 Oct 2001 08:24:07 -0700 (PDT)
Received: (qmail 20205 invoked by uid 510); 23 Oct 2001 15:21:55 -0000
Received: from n15.groups.yahoo.com (216.115.96.65) by 204.181.12.215 with SMTP; 23 Oct 2001 15:21:55 -0000
X-eGroups-Return: sentto-279987-3317-1003850546-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by n15.groups.yahoo.com with NNFMP; 23 Oct 2001 15:22:22 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 23 Oct 2001 15:22:26 -0000
Received: (qmail 76673 invoked from network); 23 Oct 2001 15:22:25 -0000
Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 23 Oct 2001 15:22:25 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 23 Oct 2001 15:22:25 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9NFMla21423 for iwar@onelist.com; Tue, 23 Oct 2001 08:22:47 -0700
Message-Id: <200110231522.f9NFMla21423@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 23 Oct 2001 08:22:47 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Security.Not.in.the.Cards]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Security Not in the Cards

By Peter Coffee, Eweek, 10/23/2001
<a href="http://www.eweek.com/print_article/0,3668,a%253D16936,00.asp">http://www.eweek.com/print_article/0,3668,a%253D16936,00.asp>

If your only tool is a hammer, it's often said, all problems look like
nails.  What, then, does the world look like to someone who owns a
hammer factory?

Oracle's Larry Ellison and Sun's Scott McNealy each propose to define
terrorist threats in terms of nails that their products can pound down. 
"We need a national ID card with our photograph and thumbprint,"said
Ellison on Sept.  22-adding (no surprise here), "We need a database
behind that." He's offered to donate the software.  I don't accuse him
of profiteering; I'm sure he's quite sincere.  But wrong. 

Sun's McNealy also wants a national identity system, though his vision
is (still less surprising) based on the distributed intelligence of
smart devices using Java to execute authentication algorithms.  "If you
get on a plane," McNealy said on Oct.  11, "I want to know who you are."

Does McNealy see the contradiction between his position on ID cards and
his position on executable Internet content? He disparages Microsoft's
case for cryptographically signed ActiveX controls, but Microsoft's
position equates to McNealy's and Ellison's contention that
identification is safety.  Both are wrong. 

Digital signatures for downloaded code tell you only, after the fact,
whom you can sue for the damage that was done when the code turns out to
be malignant-like finding a passport in the rubble. 

Java proponents have always praised its far more finely grained approach
of granting only specific privileges: If you want to tell a Java program
that it's allowed to open only files whose names begin with "Q" and only
if there's an "r" in the name of the current month, you can enforce that
policy. 

Security isn't a matter of what you allow to get in.  It's a matter of
what you allow to happen and how you arrange to detect and report
attempts to circumvent those limits. 

National ID cards for people, like perimeter security for IT
installations, are not a defense in depth-but they consume resources
without providing the more genuine security that we should be achieving
by other means. 

Tell me what makes you feel secure at peter_coffee@ziffdavis.com. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Fred Cohen: "[iwar] http://attacked911.tripod.com/"
• Previous message: Fred Cohen: "[iwar] [fc:Worm.Goes.for.Mass.Mailings]"
• Next in thread: Leo, Ross: "RE: [iwar] [fc:Security.Not.in.the.Cards]"
• Maybe reply: Leo, Ross: "RE: [iwar] [fc:Security.Not.in.the.Cards]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST