Stories by M.E. Kabay

RSA founders give perspective on cryptography

The famous cryptographers Leonard Adleman, Ronald Rivest, and Adi Shamir - the developers of the RSA encryption code - received the Association for Computing Machinery's 2002 Turing Award "for their seminal contributions to the theory and practical application of public-key cryptography." Their Turing Award lectures, given last June, are available online.

Spam gets sneakier

I've been watching with growing dismay as the number of unwanted and offensive messages has been rising in my e-mail over the last year. I'm not alone: Reports over the last year have been practically unanimous in suggesting a significant growth in the problem of unsolicited commercial e-mail, or "spam" - to the point where as much as half of all e-mail is now spam.

Sobig a fool as that?

It never ends. Automated social engineering by e-mail-enabled worms is a curse that is approaching unsolicited e-mail in its irritation quotient. These worms, like human spammers, generate misleading subject lines to trick victims into opening messages - and in particular, opening the attachments that contain malicious code and thus executing the code.

How software vendors should handle bug notifications

There's a longstanding discussion about what to do with information about security holes. "Full disclosure" supporters cheerfully post the news, including full details of vulnerabilities and exploits, without bothering to notify organizations first to give them a chance to fix the problems. Others, like GreyMagic Software security engineers, follow the principle of not publishing details until the bugs have been fixed - or unless they receive no response to their alerts. Their advisories are generally respected and acted upon quickly by the product teams whom they inform.

Traffic analysis and inference

One of the interesting techniques used in signals intelligence is called traffic analysis: inferring important information from relatively obscure byproducts of information structure and transmission.

Antivirus antiperformance

Nothing is free - an observation sometimes known as the Second Law of Thermodynamics and sometimes referred to as TANSTAAFL (or TINSTAAFL), standing for "There ain't (is) no such thing as a free lunch." This certainly applies to fighting viruses.

Logic bombs, Part 3

Today's software is often provided by external suppliers. Individual contractors and small software firms play an important role in creating systems especially designed to support the essential operations of countless organizations. Larger firms provide commercial off-the-shelf software to millions of users.

Logic bombs, Part 2

It is very difficult to stop a determined inside attacker from modifying production code to install logic bombs. Preventing such bombs requires a thoroughgoing commitment to quality assurance and strict separation of duties.

Logic bombs, Part 1

A logic bomb is a program which has deliberately been written or modified to produce results when certain conditions are met that are unexpected and unauthorized by legitimate users or owners of the software.

Deterring and exterminating RATs

There is no easy way to stop installation of back doors in software. Because the back door code is passive, just waiting to be activated, it doesn't do anything particular while its carrier program is installed. The rules for preventing infestation are the same for RATs as they are for other cybervermin.

Examples of back doors

Back doors (or "trap doors," as they are often called) have been known for decades. Let's look at some of the history. Willis Ware wrote about them 32 years ago:

Frauds and hoaxes

I can't tell if it's just me, but the number of "Nigerian 4-1-9" fraud letters I'm receiving has been growing to the point where I receive at least one pathetic letter per day telling me about how some creep in a developing country (Nigeria, Ghana, Mozambique, to name a few) has found or inherited a huge cache of illicit money skimmed off from the starving masses.

Back doors

In the 1983 movie "War Games," a young computer cracker (played by a very young Matthew Broderick) becomes interested in breaking through security on a computer system he's located by automatic random dialing ("war dialing") of telephone numbers. Thinking that he's cracking into a video-game site, he eventually manages to break security by locating a secret password that gives him the power to bypass normal imitations. He goes on to play Global Thermonuclear War - which nearly results in the real thing.

Voice mail security

Last month, The San Jose Mercury News reported that a voice-mail message from Hewlett-Packard Chairman and CEO Carly Fiorina to Chief Financial Officer Robert Wayman had been leaked to one of the newspaper's reporters.