Coding barrier lets hackers browse
Sunday 13 March 1994
In the United States, companies such as AT&T, Citibank and Lehman Brothers and governmental organisations such as the National Aeronautics and Space Administration have been moving quickly to install a 'user authentification' package called Cygnus Network Security (CNS).
But Internet users in the UK have been denied this opportunity by both the British and US governments. John Leach, an IT expert at Zergo, the computer security firm, says that the US regards encrypting software as unexportable military equipment while the British government views such software as 'a worrying means of avoiding government surveillance'.
Alarm bells rang last month when it was revealed that thousands of passwords had been stolen from Internet, a web that links some three million home and business computers round the world. Rob Whitcher, an expert in computer security at IBM in the UK, said that the Computer Emergency Response Team (CERT), the US agency responsible for Internet security, was warning that companies whose internal networks were linked to Internet could be powerless to prevent access by an outsider with the password.
CNS was developed by Cygnus Support, a Californian computer company, to prevent such security breaches. It hides users' passwords in encrypted messages, making hacking virtually impossible.
CNS is based on another security package, Kerberos, developed by the Massachusetts Institute of Technology, but is more popular commercially because it is easier to install and use. CNS uses a third party, known as the 'authorisation server', to verify the identity of any user who tries to gain access to external computers. It does this by issuing temporary encrypted tickets that the user then sends over the Internet system to the client computer. The client computer in turn asks the key distribution centre to authenticate identity.
'The response has been amazing,' said Simon Elphick, a sales manager at Cygnus Support. 'We have been swamped with calls from businesses, universities and government institutions concerned that their internal security is at risk.'
However, the US departments of commerce and defence, citing prohibitions in the Munitions Act, will not allow the export of such encrypting devices. 'Just as one can't sell weapons abroad, so one can't export encryption machines,' Mr Leach explained.
'Everyone, bar the government, thinks the law is wrong,' observed David Henkel-Wallace, co-founder of Cygnus Support. 'Our encoder is clearly not a munition. It should be available internationally, through Internet.'
MIT tried to overcome the problem by developing an exportable version of Kerberos called 'Bones', which has no encrypter. But without encryption, thieves can still find the password. Adding encryption to Bones after export is complicated, as the programme does not have the necessary 'hooks' - special gaps in the programming where one is prompted to insert the encrypting commands.
Mr Elphick said that it was possible that both CNS and Kerberos were being exported illegally. CNS is hidden on the Internet in a private directory that changes its name every day. Users can gain access to the file name only if they fax a request to Cygnus from within the US. 'Of course, there is nothing to stop these companies passing on the directory name to sister companies abroad, but at least we won't be liable,' Mr Elphick said.
It is even easier to export Kerberos illegally. To find its hidden directory, one has first to read its Read Me file, which explicitly states that firms cannot use Kerberos outside the US. However, no proof of US residence is then needed to enter the file.
- 2 Smartphones are making children borderline autistic, says psychiatrist
- 3 Why this father didn’t hide his daughter’s heroin overdose in her obituary
- 4 Company breaks open Apple Watch to discover what it says is 'planned obsolescence'
- 5 Teaching profession headed for crisis as numbers continue to drop and working lives become 'unbearable'
Smartphones are making children borderline autistic, says psychiatrist
Nepal earthquake: More than 1,100 killed across four countries and in Mount Everest avalanche
Nepal earthquake: The race is on to help thousands trapped under rubble around Kathmandu, while remote villages face a long wait for help
Royal baby: Live updates as superbug closes ward at St Mary's Hospital where Duchess of Cambridge is due to give birth
Teaching profession headed for crisis as numbers continue to drop and working lives become 'unbearable'
General Election 2015: Chuka Umunna on the benefits of immigration, humility – and his leader Ed Miliband
The sickening truth about food banks that the Tories don't want you to know
Migrant boat disaster: Ukip candidate mocks victims in sickening Twitter post
Nigel Farage wants the BBC to stop making programmes like Doctor Who, Strictly Come Dancing, and Top Gear
Global warming: Scientists say temperatures could rise by 6C by 2100 and call for action ahead of UN meeting in Paris
General Election 2015: Britain would become a 'communist dictatorship' under Ed Miliband and Nicola Sturgeon, claims wife of Michael Gove
iJobs Money & Business
£24000 - £26000 per annum + benefits : Ashdown Group: A highly successful, glo...
£50000 - £55000 per annum: Ashdown Group: Business Analyst - Financial Service...
£18000 - £23000 per annum + OTE £45K: SThree: At SThree, we like to be differe...
£20000 - £25000 per annum + competitive: SThree: Did you know? SThree is the o...