It looks as if the NYT and the FBI NIPC swallowed some marketing
babble hype, slime and clinker.
> (U) (New York Times, 5 January) The NY Times reports that competition
> among members of the computer security industry often consists of trying
> to break the other guy's code-scrambling technology in order to sell a
> fix or alternative product, and the industry is girding for an
> especially nasty fight when the annual RSA conference is held early this
> month. In recent months, several widely used encryption technologies,
> including one used to scramble cell-phone conversations, have been
> cracked or at least seriously threatened - all by security experts in
> the name of protecting data. Those systems are under constant assault
> by security experts, competitors and hackers alike. Among the more
> interesting recent attacks is one created by nCipher, a small British
> company that makes special hardware it says can encrypt information
> faster and more securely than a typical computer can. It extracts the
> secret keys locked in a Web server used to process credit card
> transactions. It is one of the first practical demonstrations of a
> theoretical approach to code breaking. The attack is cause for concern
> because someone with a company's secret keys -- the digital codes that
> unscramble data -- can use the information to masquerade as that company
> and to steal credit card numbers and other financial data.
Reading the news flash at
http://www.ncipher.com/news/files/press/2000/vunerable.html
shows a decidedly unamazing discovery: if an intruder can run code on
your server and root around through all of memory, he can find its
private key.
Matt Crawford
