[ISN] Open-source group gets Sun security gift

From: InfoSec News (isnat_private)
Date: Thu Sep 19 2002 - 23:52:41 PDT

  • Next message: InfoSec News: "[ISN] Flaws in Microsoft VM. Fix now"

    http://msnbc-cnet.com.com/2100-1001-958679.html
    
    By Stephen Shankland 
    Staff Writer, CNET News.com
    September 19, 2002, 1:27 PM PT
    
    SAN FRANCISCO -- Sun Microsystems has donated new cryptography
    technology to an open-source project at the heart of many secure
    transactions on the Internet.
    
    Sun's "elliptic curve" technology is involved in the process of using
    keys to encrypt and decrypt information for electronic transactions.  
    Such encryption lets people buy products online, for example, while
    shielding their credit card number from prying eyes. The Santa Clara,
    Calif.-based server seller donated the technology to the OpenSSL
    project, a programming group that makes an open-source version of the
    Secure Sockets Layer (SSL) encryption system.
    
    Elliptic curve cryptography will enable secure communications with
    devices that don't have as much calculating power as most desktop
    computers, said Whitfield Diffie, Sun's chief security officer and a
    pioneer of the Diffie-Hellman "public key" cryptography method used
    today in SSL and other encryption systems. Diffie spoke Thursday
    during a news conference at the SunNetwork conference here.
    
    "Small gadgets are the most obvious place to use it," Diffie said, but
    once the technology is built, it likely will spread farther. "The
    deployment schedule is on the order of several years to a decade
    unless something comes along in the interim. I would conjecture that
    by 2010 or so, this will be widely used."
    
    Current encryption technology is based on mathematics developed in the
    17th and 18th centuries, Diffie said. "Elliptic curve cryptography
    brings it forward into the mathematics of the 19th century," he said.
    
    Diffie exhorted companies to build security into computing services
    from the start, not patch it on at the end, and announced Sun products
    to help in that plan. In combination with software and hardware
    companies, Sun announced a partnership to build a "perimeter security"  
    product that handles problems at the boundary of corporate computing
    networks and the public Internet. The product will filter out
    undesired network traffic, detect intrusions and screen for viruses.
    
    Sun also announced a secure Web server, the software that delivers Web
    pages across the Internet. Because Web servers typically are very
    public, they're a particular target for attacks over the network.
    
    The increasing reliance on computer-based records compared with
    paper-based records makes good computing security essential, Diffie
    added. "Ten years ago, probably you'd have been OK if you lost your
    computer files and you had your paper records," but no longer.
    
    Diffie's cryptography work didn't always sit well with U.S. government
    agencies that wanted to keep control over computer security, he said.  
    Today, the government recognizes that there needs to be a
    collaboration with the private sector. Reinforcing the point, Diffie
    shared the stage with Richard Clarke, President Bush's special advisor
    on cyberspace security, who unveiled on Wednesday a public-private
    sector plan to increase computing security.
    
    "The government tried to regulate cyberspace. By the time (the
    policies were) written and published and commented on, the technology
    would have moved on," Clarke said. "We recognize that the government
    neither owns nor operates most of the critical infrastructure in the
    U.S."
    
    Sun long has been concerned with security and frequently jabs its
    nemesis Microsoft for only recently putting a high priority on the
    subject.
    
    Sun touted its Trusted Solaris, a 10-year-old version of its flagship
    operating system. Trusted Solaris assigns security "labels" to
    computer users and the resources they need, such as files.
    
    Trusted Solaris was developed initially for the government to
    accommodate security needs such as varying degrees of information
    secrecy, said Rama Moorthy, a product line manager in Sun's network
    security group. Now, though, business customers also can benefit, Sun
    is moving Trusted Solaris features to the regular version of Solaris,
    she said.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 02:14:51 PDT