Return-Path: <sentto-279987-3317-1003850546-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 23 Oct 2001 08:24:07 -0700 (PDT) Received: (qmail 20205 invoked by uid 510); 23 Oct 2001 15:21:55 -0000 Received: from n15.groups.yahoo.com (216.115.96.65) by 204.181.12.215 with SMTP; 23 Oct 2001 15:21:55 -0000 X-eGroups-Return: sentto-279987-3317-1003850546-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by n15.groups.yahoo.com with NNFMP; 23 Oct 2001 15:22:22 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 23 Oct 2001 15:22:26 -0000 Received: (qmail 76673 invoked from network); 23 Oct 2001 15:22:25 -0000 Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 23 Oct 2001 15:22:25 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 23 Oct 2001 15:22:25 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9NFMla21423 for iwar@onelist.com; Tue, 23 Oct 2001 08:22:47 -0700 Message-Id: <200110231522.f9NFMla21423@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 23 Oct 2001 08:22:47 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Security.Not.in.the.Cards] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Security Not in the Cards By Peter Coffee, Eweek, 10/23/2001 <a href="http://www.eweek.com/print_article/0,3668,a%253D16936,00.asp">http://www.eweek.com/print_article/0,3668,a%253D16936,00.asp> If your only tool is a hammer, it's often said, all problems look like nails. What, then, does the world look like to someone who owns a hammer factory? Oracle's Larry Ellison and Sun's Scott McNealy each propose to define terrorist threats in terms of nails that their products can pound down. "We need a national ID card with our photograph and thumbprint,"said Ellison on Sept. 22-adding (no surprise here), "We need a database behind that." He's offered to donate the software. I don't accuse him of profiteering; I'm sure he's quite sincere. But wrong. Sun's McNealy also wants a national identity system, though his vision is (still less surprising) based on the distributed intelligence of smart devices using Java to execute authentication algorithms. "If you get on a plane," McNealy said on Oct. 11, "I want to know who you are." Does McNealy see the contradiction between his position on ID cards and his position on executable Internet content? He disparages Microsoft's case for cryptographically signed ActiveX controls, but Microsoft's position equates to McNealy's and Ellison's contention that identification is safety. Both are wrong. Digital signatures for downloaded code tell you only, after the fact, whom you can sue for the damage that was done when the code turns out to be malignant-like finding a passport in the rubble. Java proponents have always praised its far more finely grained approach of granting only specific privileges: If you want to tell a Java program that it's allowed to open only files whose names begin with "Q" and only if there's an "r" in the name of the current month, you can enforce that policy. Security isn't a matter of what you allow to get in. It's a matter of what you allow to happen and how you arrange to detect and report attempts to circumvent those limits. National ID cards for people, like perimeter security for IT installations, are not a defense in depth-but they consume resources without providing the more genuine security that we should be achieving by other means. Tell me what makes you feel secure at peter_coffee@ziffdavis.com. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST