Gates not his cocky self at RSA conference

[R.A. Hettinga]

<http://software.itmanagersjournal.com/print.pl?sid=05/02/17/198257>

IT Manager's Journal
Tracking the Evolution of IT


Title
  
Gates not his cocky self at RSA conference

Date
  
2005.02.17 14:33

By
  
Roger Smith

Topic
  
Security

Story URL
  

SAN FRANCISCO -- Hardcore open source security advocates might be tempted
to compare Bill Gates' opening keynote at the 14th annual RSA Security
conference at the Moscone Center to notorious poisoner Lucretia Borgia
being invited to address a convention of master chefs, given Microsoft
Windows role in enabling a plethora of security concerns over the past few
decades.

 Microsoft's chairman and chief software architect announced plans for an
updated Internet Explorer 7.0 browser and a slew of other initiatives to
bolster security in Microsoft products. Reacting to increased phishing,
spyware, and malicious software (commonly known as malware) being directed
against the IE browser, Gates said that Microsoft now plans to release "a
new IE 7 with added levels of security" in mid-2005 rather than include the
new browser in the next version of Windows, code-named Longhorn, due in
2006.

Gates promised that the new IE would add protection from "Internet-enabled
social engineering" scams like phishing, a prevalent type of online attack
in which spammers send e-mail messages to dupe recipients into visiting
fraudulent Web pages that look like legitimate e-commerce sites to steal
sensitive personal information such as passwords and credit card details.

 Responding directly to a deluge over the past six months of spyware
software that gathers and reports information about a computer user without
the user's knowledge or consent, Gates also told the 10,000-plus attendees
that Microsoft has decided not to charge for the next release of its
anti-spyware product, which it acquired when it bought anti-spyware
software maker Giant Company Software in December.

 Microsoft Chairman Bill Gates at the 2005 RSA Conference.
The Microsoft founder reiterated his company's plans this year to buy
antivirus software maker Sybari Software and to add a Microsoft antivirus
engine to Sybari's server product that currently supports multiple
antivirus scanning engines. He also announced that a new version of the
Windows Update Service due in the first half of 2005 that will better
integrate the update process for Windows XP and 2000, Server 2003, Office
2003, and Exchange Server 2003.

 Having personally seen the Microsoft chairman at last year's RSA
Conference announce plans to end spam within a year -- a goal he
acknowledged was not met in this year's keynote -- it was refreshing to see
a more humble Gates game to tackle less ambitious but equally relevant
security concerns in the Microsoft product line.

 Symantec CEO John Thompson, who followed Gates on the RSA program, wasn't
quite as willing to let Microsoft off the hook for its security lapses,
saying that Microsoft's announced security initiatives were "insufficient
for large enterprises" and did not provide security for computer networks
that use different operating systems and technology platforms.

 "Microsoft is perhaps genetically unable to do cross-platform," Thompson
added, to applause from the audience. Unlike Microsoft, Thompson said that
Symantec is a company that wasn't distracted by "computer games and a lot
of other unrelated stuff." Thompson gave several strong arguments
justifying his company's recent merger with data backup company Veritas,
saying that Symantec and other security companies need to expand into areas
such as storage and systems management to better manage issues such as
system availability and network access. "We need to shift the game to
offense, and not just respond to threats," Thompson said.

 The cryptography session included Burt Kaliski, Whitfield Diffie, Paul
Kocher, Ron Rivest, and Adi Shamir.
Cryptographers' panel time capsule

One of the most popular sessions, the Cryptographers' Panel, followed
Thompson's keynote. The panel was moderated by Burt Kaliski, vice president
of research at RSA Security and chief scientist of RSA Laboratories,
included the following panelists: Dr. Whitfield Diffie, Sun Microsystems;
Paul Kocher, Cryptography Research; Professor Ronald Rivest, MIT Laboratory
for Computer Science; and Professor Adi Shamir of the Weizmann Institute.

 This year's panel took a time capsule approach, looking at videotaped past
panel predictions and how they turned out. One of the more the interesting
predictions that didn't turn out was one (from 1993) predicting the
widespread use of digital electronic signatures. Several panelists
qualified this prediction, saying personal digital signatures aren't
widespread but that the digital signature technology is included in SSL and
other security approaches.

 Several predictions about identity theft and the movement away from
passwords were seen as prescient by several of the panelists, although
Rivest said that he, for one, thought passwords would still be around for
several years to come. Other predictions about the growth of optical and
quantum computing were reckoned by most of the panelists to be overblown.

 Looking ahead at the future of cryptography and information security,
several of the panelists urged greater awareness of context on the part of
security professionals. Kocher noted that "people are using cryptography to
build Ferraris when they really want to drive Volvos," and that in many
cases 256-bit key encryption was overkill. Adi Shamir of the Weizmann
Institute predicted a future evolution to 3-dimensional structures on the
part of microprocessor manufacturers like Intel. He also cautioned that
many of the current generation of Intel processors that use multi-threading
and multi-core technology seem to be vulnerable to timing attacks that can
use unprivileged threads to find keys stored in their caches.

 Homeland security town hall meeting

Homeland security, national infrastructure protection, and cyber security
in the post-9/11 Era were topics addressed at Wednesday's Town Hall Meeting
moderated by Paul Kurtz Executive Director of the Cyber Security Industry
Alliance (CSIA) and featuring 9/11 Commissioner Jamie Gorelick and Richard
Clarke, the former U.S. cyber security czar who worked inside the White
House for George H.W. Bush, Bill Clinton, and George W. Bush until he
resigned in March 2003. Now an on-air consultant for ABC News, Clarke is
the author of the best-selling memoir "Against All Enemies: Inside
America's War on Terror." One of the less-classified tidbits of information
heard at the Town Hall Meeting is that Clarke's book is in the process of
being made into a major motion picture.

 RSA conference goes Hollywood

Every year, the RSA Conference is built around a different historical theme
that celebrates contributions in cryptography and mathematics. This year
RSA is focused on the "The Codes of Prohibition," with elaborate Art
Deco-styled artwork that draws parallels between Depression-era gangster
movie villains and modern "hacker-Capones."

 The conference concludes Friday with a presentation by Frank Abagnale,
security industry consultant and author of "Catch Me If You Can," which
details his teenage fraud spree where he impersonated an international
airline pilot, pediatrician, stockbroker, college professor, and an
assistant attorney general -- while cashing $2.5 million dollars in forged
checks. Leonardo DiCaprio played Abagnale in the popular film of the same
name and is currently a Best Actor Academy Award-nominee for playing the
reclusive billionaire Howard Hughes in the biopic "The Aviator."

 Given Gates' candor and determination to remove much of the security drama
from upcoming MS Windows releases, it seems unlikely that DiCaprio could
get nominated for any biopic depicting the life of the far more accessible
Redmond billionaire.

 Roger Smith is former technical editor of Software Development magazine
and a regular contributor to ITMJ.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com