Curt Sampson wrote:
>
> On Thu, 15 May 2003, Nick May wrote:
>
> > This is a link from cnet. It is about an allleged security problem with
> > Java running in a sandbox, that has left me slightly agog... (An
> > increasingly common state, alas.)
> >
> > http://news.com.com/2100-1009_3-1001406.html?tag=fd_top
>
> This story is complete sensationalism, and it really annoys me that
> reporters can be such idiots as to write stuff like this.
>
I'm not sure I would chalk it up to sensationalism. Sure, it's
sensational, but it's not outright yellow. There are a lot of important
issue that are brought to the foreground with this experiment. We are,
after all, talking about the future of "money". I was asked a while
back if I thought smart cards were more secure that three track mag.
strip CR-90 form factor cards. My answer was no, I didn't think smart
cards were more inherently secure, all they do is raise the bar a little
bit. There are a couple of rules of thumb in the security industry that
you have to assume will be true:
1. you must assume that your device will fall into the wrong hands
2. you must assume that they will be able to reverse engineer and
modify any aspect of the device
3. you must assume that the device holders can be social engineered
to give up whatever "something you know" secrets they hold.
4. you must assume that your internal design details will eventually
be leaked.
6. you must assume that encryption systems will fall victim to
Moore's Law and/or extensive intelligent analysis (the Moore's law of
then human attention span)
7. [...] (the unknown)
n.
The list that details the reality of these assumptions go on and on:
inadvertent DVD encryption key disclosures
French smart card encryption vulnerabilities
legal disclosures of the vulnerability of bank card PIN numbers
belt sanders, XBoxes and surface mount IC taps
Satellite TV industrial espionage involving diamond knives used for
preparing electron microscopy samples
third party disclosures Direct TV technical documents
iButton @stake disclosure
[etc]
Now add to that the current limitations of nonvolatile semiconductor
material physics.
The current state of NV memory design is in it's infancy. Ask anybody
in the industry and the will tell you the semiconductor physics that
keeps bits from flipping or draining to a zero/one state are tenuous at
best (perceived reliable by the consumer only due to 98th percentile
engineering). While modern CPU design is the evolution of almost
miraculous reliability design advances, NV systems are probably 10 to 15
years behind the reliability curve.
A hot lamp and a little coding to breakout of Java sandbox clearly
illustrates that the there is still a lot of work to be done before
these devices can be trusted with anything beyond small, trivial sums of
money.
Received on Thu May 15 19:45:44 2003