Security Specialists At Demo Paint Bleak Picture - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Security Specialists At Demo Paint Bleak Picture

Panelists at the technology showcase agreed security problems will be around for a while and suggested different ways for reducing the risk.

Computer security specialists, gathering at this week's Demo conference in Phoenix to examine the escalating threat scene, said the sheer number of devices linked to the Internet will continue to exacerbate security issues.

During a panel discussion, all agreed that hackers, identity thieves and writers of malicious code are on the upswing and not going away, but there are some solutions. John Patrick, president at Attitude LLC, led the discussion on security with panelists Partha Dasgupta, an associate professor at Arizona State University specializing in cryptography; Hillarie Orman, chief technology officer and vice president of engineering at Shinkuro Inc.; and Charles Palmer, who runs the security unit at IBM Research.

Panelists agreed security problems will be around for awhile. "Computers weren't built with security in mind, and we are paying for it with band-aids and patches," Palmer said. "Instead of having graffitists and drive-by hackers" those attempting to steal information "realize the money is in the Internet."

Dasgupta suggested the security industry needs to head toward Public Key Infrastructure (PKI) and smart cards. Social security numbers and bank numbers will leak regardless of how secure banking and commerce sites are, and people can't depend on shared authentication.

"It (PKIs) will not obliterate crime -- someone could steal your card or put a gun to you-- but makes it incredibly difficult to do identity theft," Dasgupta said. Financial institutions are resisting the move because they don't want to admit a mistake, PKIs are difficult to deploy, and many have spread out the risk as part of the cost of doing business, Dasgupta said. Rather, they installed intrusion software to detect fraud.

Orman worries that smart cards are physically vulnerable to hackers and are not the correct tool for high-value transactions. Timing and radiation attacks on the physical devices can be used to extract data.

Securing operating systems is challenging because they are complicated and huge, panelists said. "A secure OS strategy doesn't solve the problem because you've got applications that misbehave," Dasgupta said. "I can install a bot on top of a secure operating system."

Coming soon is a set of hardware enhancements for computers that independently verify the delivery of content to the machine, checking for rootkits, viruses and corruption inside operating systems.

Dasgupta said these secure approaches, such as Trusted Platform Module from Trusted Computing Platform. Virtual machines are considered far more secure than operating systems. Universities also need to teach students how to write safe code. Unsafe code is contributing to the problem.

Companies also are developing technology that can analyze voices for stress and patterns, Orman said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Slideshows
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
Commentary
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
News
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll