[ISN] Sun CSO: Endless Internet Growth Keeps Security on Back Burner

From: InfoSec News (alerts@private)
Date: Mon Mar 12 2007 - 22:29:17 PST


By Robert McMillan
March 12, 2007 

Whitfield Diffie has been credited with making privacy possible in the 
Digital Age. As a co-inventor of public- key cryptography, he is among 
the most respected contributors to the field of computer security. In an 
interview with the IDG News Service, Diffie, chief security officer at 
Sun Microsystems Inc., talked about the state of computer security, 
Microsoft Corp.s role in it and privacy issues.

When the PC went on the network, there were security implications that 
nobody thought about. How do you think Microsoft has responded over the 
past five years or so?

I think there are two issues. I think youll find that lots of [potential 
security problems] were foreseen. I think the critical thing [is] that 
Microsoft showed that its judgment was correct. If it had paid less 
attention to security, maybe it would have had less market share. The 
interesting thing to me is why its been so hard for them. I think it has 
to do with the problems of legacy code and the legacy interface 
expectations of their customers.

Do you believe that theres a sense among users that the Internet is not 

I think thats a well-placed misconfidence.

How do you see the state of security on the Internet today?

Phishing is the security problem, at that level, that I hear the most 
about right now. But I certainly dont worry about the security 
arrangements of going to AmericanExpress.com. Im not the least bit 
worried about that, partly because of the law and partly because the 
essential point of SSL is that the certificate costs enough money that 
the thieves arent putting up a front.

I conjecture that the expansion of networked communications and societys 
dependence on network communications is outrunning the security of that 
network and will continue to do so for quite some time.

What are your thoughts on Internet privacy?

I believe in privacy, but privacy is just one of a number of 
considerations. What bothers me is that information about people is so 
readily available in a way not auditable to them, to organizations like 
ChoicePoint, who broker it around and enable other people, who are not 
legally constrained in what they do with it, to make decisions based on 

McMillan is a reporter for the IDG News Service.

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Mon Mar 12 2007 - 22:42:27 PST