Information Security News mailing list archives
Re: they should have used crypto...
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Mon, 6 Dec 1999 11:10:05 -0700
From: Dan Schrader <Dan_Schrader () trendmicro com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steven M. Bellovin wrote:
Naturally, those of us on this list advocate routine use of cryptography.
But
cases where cryptography or the lack thereof is demonstrably commercially significant are rare. A new one has just come to light.
Actually, routine use of cryptography will result in huge security problems. Why? Because the best place to stop computer viruses, trojans and other malicious code is at the email server - and you can' scan encrypted mail. As the poster wrote, "cases where cryptography or the lack thereof is demonstrably commercially significant are rare." True. However cases of computer viruses being commercially significant are common. Computer Economics Institure found that viruses caused over $7.6 billion in damages in the first 6 months of this year alone - an order of magnitude more then all other security exploits combined. But viruses aren't really a security issue . . . Wrong, viruses such as Melissa varients take documents off your computer and email them to dozens or hundreds of people. Viruses such as Pretty Park take passwords off your machine and post them to IRC sites. And we all remember BO2K, NetBus, etc. What about desktop virus protection? 1. It has demonstrably failed - see damages mentioned above 2. It relies on end user compliance 3. We never will be able to update 100's of millions of desktops fast enough to stop the next Melissa virus. Finally, ISP such as US West and Sprint have started adding virus protection a part of their internet access offerings - which will be a very effective way to contain virus outbreaks - but only if email is not routinly encrypted. Lession: - Encrypt selectively -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOEQrZJpIgtrcTNAvEQJQXwCgxmMOL6Jgt+7dD+9GriApguHrZXgAn1MX VmUtd+9k7CMzIuIWRHYqDUU5 =nGuO -----END PGP SIGNATURE----- ISN is sponsored by Security-Focus.COM
Current thread:
- Re: they should have used crypto... mea culpa (Dec 06)
- <Possible follow-ups>
- Re: they should have used crypto... mea culpa (Dec 07)
- Re: they should have used crypto... mea culpa (Dec 07)
- Re: they should have used crypto... mea culpa (Dec 13)