<http://software.itmanagersjournal.com/print.pl?sid=05/02/17/198257>
IT Manager's Journal Tracking the Evolution of IT Title Gates not his cocky self at RSA conference Date 2005.02.17 14:33 By Roger Smith Topic Security Story URL SAN FRANCISCO -- Hardcore open source security advocates might be tempted to compare Bill Gates' opening keynote at the 14th annual RSA Security conference at the Moscone Center to notorious poisoner Lucretia Borgia being invited to address a convention of master chefs, given Microsoft Windows role in enabling a plethora of security concerns over the past few decades. Microsoft's chairman and chief software architect announced plans for an updated Internet Explorer 7.0 browser and a slew of other initiatives to bolster security in Microsoft products. Reacting to increased phishing, spyware, and malicious software (commonly known as malware) being directed against the IE browser, Gates said that Microsoft now plans to release "a new IE 7 with added levels of security" in mid-2005 rather than include the new browser in the next version of Windows, code-named Longhorn, due in 2006. Gates promised that the new IE would add protection from "Internet-enabled social engineering" scams like phishing, a prevalent type of online attack in which spammers send e-mail messages to dupe recipients into visiting fraudulent Web pages that look like legitimate e-commerce sites to steal sensitive personal information such as passwords and credit card details. Responding directly to a deluge over the past six months of spyware software that gathers and reports information about a computer user without the user's knowledge or consent, Gates also told the 10,000-plus attendees that Microsoft has decided not to charge for the next release of its anti-spyware product, which it acquired when it bought anti-spyware software maker Giant Company Software in December. Microsoft Chairman Bill Gates at the 2005 RSA Conference. The Microsoft founder reiterated his company's plans this year to buy antivirus software maker Sybari Software and to add a Microsoft antivirus engine to Sybari's server product that currently supports multiple antivirus scanning engines. He also announced that a new version of the Windows Update Service due in the first half of 2005 that will better integrate the update process for Windows XP and 2000, Server 2003, Office 2003, and Exchange Server 2003. Having personally seen the Microsoft chairman at last year's RSA Conference announce plans to end spam within a year -- a goal he acknowledged was not met in this year's keynote -- it was refreshing to see a more humble Gates game to tackle less ambitious but equally relevant security concerns in the Microsoft product line. Symantec CEO John Thompson, who followed Gates on the RSA program, wasn't quite as willing to let Microsoft off the hook for its security lapses, saying that Microsoft's announced security initiatives were "insufficient for large enterprises" and did not provide security for computer networks that use different operating systems and technology platforms. "Microsoft is perhaps genetically unable to do cross-platform," Thompson added, to applause from the audience. Unlike Microsoft, Thompson said that Symantec is a company that wasn't distracted by "computer games and a lot of other unrelated stuff." Thompson gave several strong arguments justifying his company's recent merger with data backup company Veritas, saying that Symantec and other security companies need to expand into areas such as storage and systems management to better manage issues such as system availability and network access. "We need to shift the game to offense, and not just respond to threats," Thompson said. The cryptography session included Burt Kaliski, Whitfield Diffie, Paul Kocher, Ron Rivest, and Adi Shamir. Cryptographers' panel time capsule One of the most popular sessions, the Cryptographers' Panel, followed Thompson's keynote. The panel was moderated by Burt Kaliski, vice president of research at RSA Security and chief scientist of RSA Laboratories, included the following panelists: Dr. Whitfield Diffie, Sun Microsystems; Paul Kocher, Cryptography Research; Professor Ronald Rivest, MIT Laboratory for Computer Science; and Professor Adi Shamir of the Weizmann Institute. This year's panel took a time capsule approach, looking at videotaped past panel predictions and how they turned out. One of the more the interesting predictions that didn't turn out was one (from 1993) predicting the widespread use of digital electronic signatures. Several panelists qualified this prediction, saying personal digital signatures aren't widespread but that the digital signature technology is included in SSL and other security approaches. Several predictions about identity theft and the movement away from passwords were seen as prescient by several of the panelists, although Rivest said that he, for one, thought passwords would still be around for several years to come. Other predictions about the growth of optical and quantum computing were reckoned by most of the panelists to be overblown. Looking ahead at the future of cryptography and information security, several of the panelists urged greater awareness of context on the part of security professionals. Kocher noted that "people are using cryptography to build Ferraris when they really want to drive Volvos," and that in many cases 256-bit key encryption was overkill. Adi Shamir of the Weizmann Institute predicted a future evolution to 3-dimensional structures on the part of microprocessor manufacturers like Intel. He also cautioned that many of the current generation of Intel processors that use multi-threading and multi-core technology seem to be vulnerable to timing attacks that can use unprivileged threads to find keys stored in their caches. Homeland security town hall meeting Homeland security, national infrastructure protection, and cyber security in the post-9/11 Era were topics addressed at Wednesday's Town Hall Meeting moderated by Paul Kurtz Executive Director of the Cyber Security Industry Alliance (CSIA) and featuring 9/11 Commissioner Jamie Gorelick and Richard Clarke, the former U.S. cyber security czar who worked inside the White House for George H.W. Bush, Bill Clinton, and George W. Bush until he resigned in March 2003. Now an on-air consultant for ABC News, Clarke is the author of the best-selling memoir "Against All Enemies: Inside America's War on Terror." One of the less-classified tidbits of information heard at the Town Hall Meeting is that Clarke's book is in the process of being made into a major motion picture. RSA conference goes Hollywood Every year, the RSA Conference is built around a different historical theme that celebrates contributions in cryptography and mathematics. This year RSA is focused on the "The Codes of Prohibition," with elaborate Art Deco-styled artwork that draws parallels between Depression-era gangster movie villains and modern "hacker-Capones." The conference concludes Friday with a presentation by Frank Abagnale, security industry consultant and author of "Catch Me If You Can," which details his teenage fraud spree where he impersonated an international airline pilot, pediatrician, stockbroker, college professor, and an assistant attorney general -- while cashing $2.5 million dollars in forged checks. Leonardo DiCaprio played Abagnale in the popular film of the same name and is currently a Best Actor Academy Award-nominee for playing the reclusive billionaire Howard Hughes in the biopic "The Aviator." Given Gates' candor and determination to remove much of the security drama from upcoming MS Windows releases, it seems unlikely that DiCaprio could get nominated for any biopic depicting the life of the far more accessible Redmond billionaire. Roger Smith is former technical editor of Software Development magazine and a regular contributor to ITMJ. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]