News

07:10 PM
Connect Directly
RSS
E-Mail
50%
50%

Security Specialists Paint Bleak Picture

Panelists at a security technology showcase agreed security problems will be around for a while and suggested different ways for reducing the risk.

Computer security specialists, gathering at this week's Demo conference in Phoenix to examine the escalating threat scene, said the sheer number of devices linked to the Internet will continue to exacerbate security issues.

During a panel discussion, all agreed that hackers, identity thieves and writers of malicious code are on the upswing and not going away, but there are some solutions. John Patrick, president at Attitude LLC, led the discussion on security with panelists Partha Dasgupta, an associate professor at Arizona State University specializing in cryptography; Hillarie Orman, chief technology officer and vice president of engineering at Shinkuro Inc.; and Charles Palmer, who runs the security unit at IBM Research.

Panelists agreed security problems will be around for awhile. "Computers weren't built with security in mind, and we are paying for it with band-aids and patches," Palmer said. "Instead of having graffitists and drive-by hackers" those attempting to steal information "realize the money is in the Internet."

Dasgupta suggested the security industry needs to head toward Public Key Infrastructure (PKI) and smart cards. Social security numbers and bank numbers will leak regardless of how secure banking and commerce sites are, and people can't depend on shared authentication.

"It (PKIs) will not obliterate crime -- someone could steal your card or put a gun to you-- but makes it incredibly difficult to do identity theft," Dasgupta said. Financial institutions are resisting the move because they don't want to admit a mistake, PKIs are difficult to deploy, and many have spread out the risk as part of the cost of doing business, Dasgupta said. Rather, they installed intrusion software to detect fraud.

Orman worries that smart cards are physically vulnerable to hackers and are not the correct tool for high-value transactions. Timing and radiation attacks on the physical devices can be used to extract data.

Securing operating systems is challenging because they are complicated and huge, panelists said. "A secure OS strategy doesn't solve the problem because you've got applications that misbehave," Dasgupta said. "I can install a bot on top of a secure operating system."

Coming soon is a set of hardware enhancements for computers that independently verify the delivery of content to the machine, checking for rootkits, viruses and corruption inside operating systems.

Dasgupta said these secure approaches, such as Trusted Platform Module from Trusted Computing Platform. Virtual machines are considered far more secure than operating systems. Universities also need to teach students how to write safe code. Unsafe code is contributing to the problem.

Companies also are developing technology that can analyze voices for stress and patterns, Orman said.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.