Fast-forward, rewind

There's a load of stuff to talk about this week, so hang on.

It will be interesting to see what comes of Symantec Corp.'s latest feeding frenzy. Big Yellow is setting itself up to extend its desktop and server protection franchise and to improve its managed services offerings. And in acquiring Riptech Inc. and SecurityFocus Inc., the company has expanded its reach.

It's hard to predict what might happen next, and I won't bother because reality has a way of making my short-term auguries obsolete. But like a dog gnaws on a bone, I keep wondering whether the bosses at Network Associates Inc. have their act together, given that they can't even figure out how to buy Corp.

One thing I do know is that there are a lot of little players in IT security and they generally make the best pickings when larger companies are on a shopping spree. With all the rumors of sketchy accounting, I won't guess who's telling the truth about their cash reserves, but I smell blood in the water.

A few months ago, I rashly speculated that the supposedly unbreakable AES (Advanced Encryption Standard) would be broken within the foreseeable future. Several readers corrected my math, but more than a few of you pointed out that advances in quantum computing might just prove me right.

Not to reopen that debate, but there's a good chance we might see AES become a common desktop standard in a few years, if only through our Web browsers. This possibility arises because the Internet Engineering Task Force (IETF) has accepted AES as the new basis for TLS (Transport Layer Security), the TLA (three-letter acronym) that replaces SSL (Secure Sockets Layer), the basis for most Web browser security today.

So here's what I wonder: Why expend so much effort on securing the on-the-fly transmissions, when weak database protection and network security vulnerabilities tend to be at the root of most Internet fraud cases? Or am I missing something?

With all the fuss over Liberty Alliance one week and WS-Security (Web Services Security) the next, it's sometimes hard to keep perspective. I've come to the conclusion that by the time any of this stuff becomes useful, it will be next year, anyway. So that's how I'm justifying my flaking on the discussion of the Liberty specs for simplified sign-on, at least. I know you're disappointed, but I figure you'd rather wait another week or two and get my considered viewpoint, instead of a kneejerk reaction.

Although it will take some diplomacy and patience among the parties involved, I'm figuring that it's in the advantage of all the vendors to come up with an interoperable specification, that doesn't give anyone too much of an advantage. For once, everyone's playing nice, at least for now.

Applause goes to reader Dave Looney, who pointed out that the rhyme I quoted last month was from the pen of Henry Wadsworth Longfellow. I was just too lazy to get up and check my Bartlett's Familiar Quotations.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Advanced Encryption StandardAES EnvironmentalIETFInternet Engineering Task ForceLiberty AllianceMcAfee AustraliaMcAfee.comNetwork Associates InternationalQuantumRiptechSecurityFocusSymantec

Show Comments