"Web security threat grows"

CobraBoy (tbyars@earthlink.net)
Wed, 6 Nov 1996 14:29:16 -0800


Forwarded message:

11-04-96.

"Web security threat grows"

With a variety of new technologies like stronger encryption,
smart cards and digital signatures and envelopes emerging to
tighten Web security, experts working on various aspects of the
problem agree the goal of end-to-end security on the Web will
remain elusive as long as insecure operating systems dominate
the commercial market. "You can't build security on top of
insecurity," said Netscape's Jim Roskind, who spent much of a
session on Webware fending off criticism of Java security flaws.
"We have to assume that the [security] problems will be
pervasive forever," warned Peter Neumann. "This is a holistic
problem, and we have to deal with it in a global way."

"Protection sought for U.S. systems"

The initiative will be led by the Pentagon's Computer Emergency
Response Team at Carnegie Mellon University and the Energy
Department's Computer Incident Advisory Capability.

"Motorola unveils chip for contactless smart card"

One chip designing a contactless card that meets all
frequencies of a proposed standard while the other adds
cryptography to a single-chip solution.
The other card incorporates a 1,024-bit modular encryption
processor that is reportedly one of the fastest in the industry.

"U.S.Joint Venture to Market Acoustic Smart Card Technology"

NeTegrity also announced it has invested $1 million in Encotone,
Ltd., for a 10% equity interest in the Israeli company. Other
Encotone, Ltd. investors include ECI Telecom, a $500 million
Israeli telecommunications firm, and Professor Michal Ben Or,
Head of the Department of Computer Science at Hebrew
University of Jerusalem and a worldwide authority on cryptology.

"Microchip Technology launches highly secure smart card family
with KEELOQ code hopping technology"

The SCS152 provides a programmable 64-bit cryptographic key
used to create a digital signature unique to each card, which
reduces the possibility of unwanted access to card information
and the "cloning" of these cards for unauthorized payments.
Other features include programmable user memory and
"anti-tearing," which prevents the information in the card from
being corrupted if the supply voltage is interrupted.

"EEMA Lobbies Over Limiting US Encryption Controls"

EEMA recognizes that the principal reasons for this is the
disparate European legislation that surrounds the use of
encryption, and the fact that inter-working with dominant
US-based computer software -- operating system and application
software -- is subject to US legislation and restrictions.

"Putting EDI to the test"

Security continues to be the main sticking point for using the Net
as a vehicle for EDI. Vendors that will demonstrate secure
E-mail messages transporting EDI documents over the Web.
The technology used is S/MIME, an encrypted version of the
popular MIME protocol.

"V-One Secures New Clients"

NSA runs the nation's code-breaking operations, and DISA is
supposed to keep the nation's networks secure, so there is not
much chance of finding out what they do with the software they
have bought from V-One.

-----

http://jya.com/secure.txt (28 kb)

SEC_ure

--

"The future masters of technology will have to be lighthearted and intelligent. The machine easily masters the grim and the dumb." - Marshall McLuhan 1969

<> tbyars@earthlink.net <>