[ISN] A Gathering of Big Crypto Brains

From: InfoSec News (isnat_private)
Date: Thu Sep 19 2002 - 23:53:07 PDT

  • Next message: InfoSec News: "[ISN] Secrecy News -- 09/17/02"

    By Karlin Lillington 
    2:00 a.m. Sep. 19, 2002 PDT 
    NAAS, Ireland -- In a lush country hotel 20 miles south of Dublin, the
    barroom conversation turns to steganography and database
    vulnerabilities, encryption algorithms and biometric scanners, SWAP
    files and cookie poisoning.
    Not your average pub denizens, the speakers are some of the best-known
    names in cryptography and security, gathered for one of the industry's
    best-kept secrets: the annual COSAC conference, held every fall in
    For nine years, the low-profile, high-caliber event has drawn the
    cream of the crypto crowd, people like Sun engineer and public key
    cryptography inventor Whitfield Diffie and Michael Wiener, the man who
    broke the once widely used encryption algorithm known as Data
    Encryption Standard (DES).
    Attendance is limited to just over 100, sessions are small and
    participants consider it a COSAC virtue that many speakers never make
    it through their formal presentations because of enthusiastic audience
    COSAC organizer David Lynas said the conference was born out of a
    desire to gather all the security pros he most wanted to see in one
    room together.
    "You go to one of the big conferences and if you're lucky, maybe one
    person says something really interesting and makes the conference
    worthwhile," said Lynas, whose day job is director of global service
    development for British computer security firm QinetiQ. "I thought
    that I'd invite each of those 'one persons' that I'd seen."
    Now some of the sharpest minds in the computer security business come
    to COSAC to pick each other's brains. "It's the only environment in
    which they actually learn," Lynas said.
    Speakers also give hands-on demonstrations. In a conference highlight,
    Yokohama National University professor Tsutomu Matsumoto and some of
    his graduate students showed how easy it is to trick biometric
    fingerprint-scanning systems with fake fingers.
    Matsumoto recently got international attention when he proved that
    gelatin "gummy fingers" could unlock biometric scanners.
    With moisture content similar to that of live fingers, the gummy
    fingers fooled the scanners nearly every time. More devastatingly,
    Matsumoto also showed that a fingerprint could be lifted from a pane
    of glass and overlaid on a fake finger using an electron microscope,
    an inkjet printer and Photoshop software.
    At the conference, Matsumoto's students demonstrated that adding
    carbon black, a conductive material made from industrial carbon-based
    powder, enabled silicone fingers to fool the scanners too.
    The four-day event covered a smorgasbord of other relevant topics,
    including forensics, wireless security and the persistent
    head-in-the-sand mentality of business when it comes to security.
    Computer forensics expert and director of Inforenz, Andy Clark,
    explained how "evidence eliminator" software that is used to wipe
    files from computers doesn't do its purported job.
    Such programs don't pose a serious hurdle for forensic investigators,
    he said. "They get in the way, but they certainly do not remove all
    traces of activity. In fact, they can be more of a pain for the user."
    Instead, Clark advised, add encryption to your PC "if you really want
    to make our life hard."
    As the conference wound up over lunch last week, many delegates were
    already planning for next year. COSAC has a return rate of about 90
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 02:33:29 PDT