Source:
https://scmp.com/article/131944/quest-safer-network

Quest on for a safer network

Danyll Wills

Updated: 12:00am, 19 Sep, 1995

Why you can trust SCMP

NO subject connected with personal computers, the Internet, the World-Wide Web, networking or doing business with personal computers on the Net is quite as fraught with mystery and mythology as security.

There are a preponderance of stories about hackers breaking into the most sensitive systems and stealing information.

The slightest hint that a system or a company has been compromised is cause for alarm.

That security matters is self-evident, but we must not let the ignorant and the sensationalists determine what we think.

The main problem is one of the private transmission of sensitive or personal data such as credit card numbers and banking information. Another problem sometimes overlooked is that of verification.

If I receive an E-mail from Mick Jagger, how do I know it really is Jagger who is E-mailing me and not somebody who has simply created an E-mail address called mjag the fax is probably far less safe than the Internet.

Tapping into another another telephone line for information is not technically difficult. Organisations both legal and otherwise do it all the time. The big difference between wire-tapping and poking about on the Internet is that for young men who have a great deal of time and tremendous curiosity, the Internet is a greater challenge and is far more interesting.

It should also be realised that a 'cracker' - someone who deliberately breaks into other people's computing systems - could have access to information about thousands of people while the man who taps a single telephone has access only to a limited amount of data.

There is, of course, a contradiction in the use of the Internet for business and for the free flow of information.

The Internet has become what it is mainly because it supports the free flow of data and information.

It flows freely because it is not subject to multiple layers of security. If the Internet were to become far more security conscious than it now is, it would probably be more cumbersome to use.

Perhaps the main problem with security is that the United States Government is still hesitating about what it wants to do.

At the moment, the US will not allow the better encryption schemes to be exported.

This usually means the 128-bit versions of RSA. What the government wants is control over encryption. It tried and failed to get the 'Clipper' chip put into all computers for encryption purposes. The rumour was that the government had a key that would open any message encrypted with Clipper.

This would have allowed authorities to read anything they wanted to, in much the same way that they could listen in on any telephone conversation - after getting a court order, of course.

The Clipper chip failed more because it turned out to be outdated technology than because it was so unpopular - there was a big uproar in the Internet community but the US Government did not seem bothered.

Today we hear about the Netscape 'crack', the challenge that was successfully met a few weeks ago.

The attention centred on a Frenchman even though he was not the first to crack the code.

The way some people were telling the story one could be forgiven for thinking that the entire Netscape server was easily cracked. What did, in fact, happen was that some people with access to more than 100 powerful computers were able to get the key to a single message and the whole thing was done as a challenge to see not if it could be done, but how long it would take.

Everything was above board and all those who participated said they did not think anything they did compromised Netscape's security. They were able to read a single message which was encoded using the only legal system allowed outside the US today, a system called RC4 using only a 40-bit key.

Netscape is, of course, only one player, though an important one.

Also interested and important in these matters is Sun Microsystems, the maker of the largest number of Internet servers in the world.

Sun has its own system of protection known as Solstice SunScreen and Solstice Firewall-1. The systems were designed to work in a design known as 'stealth' - they are almost impossible to detect, making it difficult for potential crackers to know if someone is watching them.

Other companies and alliances are popping up all the time and it is merely a question of when most people and organisations feel it is safe to go all the way, not if.