Is security getting any easier?
Although companies are making headway on many security problems, don't expect headaches like spam to disappear anytime soon, security experts say.
Human error, combined with the increasing technical sophistication of malicious hackers, creates a situation in which security, ultimately, can never be perfect, security specialists on the cryptographer's panel at the RSA Conference here said Tuesday.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
"We simply aren't smart enough as a species to handle this," Kocher said.
At the same time, solutions for solving some of these problems don't necessarily jibe with how individuals conduct themselves online, said Ronald Rivest, a professor of computer science at the Massachusetts Institute of Technology.
Some digital content protection schemes prevent a PC from opening up protected files. While that helps Hollywood, it represents a dramatic shift in the PC-owner relationship.
"You no longer have a PC that does what you tell it to do," Rivest said.
Spam presents another dilemma. Rivest, who has spoken out in the past against cryptography export restrictions, said he favors trying out a system in which the sender pays a fee to mail unsolicited messages. Then again, this system could be difficult to administer as increasing amounts of spam are sent from unwitting drone computers, pointed out Bruce Schneier, chief technology officer at Counterpane Internet Security.
Electronic voting also will likely create a host of controversies, Rivest said, because some of the systems already show potential flaws. In one election in Broward County, Fla., for instance, the winner won by 12 votes, but no votes were recorded for 137 people who actually went inside the booth to vote.
"This was unthinkable years ago," said Whitfield Diffie, chief security officer at Sun Microsystems.
The panel also discussed the recent release of Windows code on the Internet, but generally concluded that it didn't present that severe of a danger. National governments and other large organizations likely already possessed copies of the source code before the leak, Schneier pointed out. Kocher noted that one of the chief irritants of the leak is that legitimate Windows customers can't look at the code, but hackers can.
Shamir, however, countered that he wasn't going to look through tens of millions of lines of code. Not because it wouldn't reveal flaws, but because "it is boring."