Many discussions of voting systems and their relative integrity have been primarily technical, focusing on the difficulty of attacks and defenses. This is only half of the equation: it’s not enough to know how much it might cost to rig an election by attacking voting systems; we also need to know how much it would […]
On March 22, 2001, Microsoft issued a security bulletin (MS01017) alerting the Internet community that two digital certificates were issued in Microsoft’s name by VeriSign (the largest digital certificate company) to an individual—an impostor—not associated with Microsoft. Instantaneously, VeriSign (a self-proclaimed "Internet trust company") and the entire concept of Public Key Infrastructure (PKI) and digital […]
Predicting the long-term effects of computers is both difficult and easy: we won’t get it right, but we won’t see ourselves proven wrong. Rather than try, we present some alternatives allowing readers to make their own predictions. Computers play an increasing role in enabling and mediating communication between people. They have great potential for improving […]
This month we consider some of the risks associated with insiders. An insider is someone who has been (explicitly or implicitly) granted privileges authorizing use of a particular system or facility. This concept is clearly relative to virtual space and real time, because at any given moment a user may be an insider with respect […]
The horrific events of September 11, 2001 have brought grief, anger, fear, and many other emotions. As we write these words a few weeks later, risks issues are now squarely on the world’s center stage, particularly technological risks relating to security and privacy. With the nightmare of recent events still in a haze of emotions, […]
Having now completed 10 years of "Inside Risks," we reflect here on what has happened in that time. In short, our basic conclusions have not changed much over the years—despite many advances in the technology. Indeed, this lack of change itself seems like a serious risk. Overall, the potential risks have monotonously if not monotonically […]
The Internet is expanding at an unprecedented rate. However, along with the enormous potential benefits, almost all of the risks discussed here in past columns are relevant, in many cases made worse by the Internet, due to widespread remote-access capabilities, ever-increasing communication speeds, the Net’s exponential growth, and weak infrastructure. This month we summarize some […]
Open any popular article on public-key infrastructure (PKI) and you’re likely to read that a PKI is desperately needed for e-commerce to flourish. Don’t believe it. E-commerce is flourishing, PKI or no PKI. Web sites are happy to take your order, even if you use a secure connection, or don’t have a certificate. Fortunately, you’re […]
Public-key infrastructure (PKI), usually meaning digital certificates from a commercial or corporate certificate authority (CA), is touted as the current cure-all for security problems. Certificates provide an attractive business model. They cost almost nothing to manufacture, and you can dream of selling one per year to everyone on the Internet. Given that much potential income […]
You get up to the turnstile at a sporting event and learn that you won’t be permitted inside unless you provide a blood sample for instant DNA analysis, so that you can be compared against a wanted-criminal database. Thinking of that long overdue library book, you slink away rather than risk exposure. Farfetched? Sure, today. […]
For evaluating the proposed U.S. missile-defense shield, President Clinton has outlined four criteria relating to strategic value, technological and operational feasibility, cost, and impact on international stability. Strategic value is difficult to assess without considering the feasibility; if the desired results are technologically infeasible, then the strategic value may be minimal. Feasibility remains an open […]
It is easy to create bogus email with someone else’s email name and address: SMTP servers don’t check sender authenticity. Secure/Multipurpose Internet Mail Extensions (S/MIME) can help, as can digital signatures and globally-known trustworthy certification authorities (CAs) that issue certificates. The recipient’s email software verifies the sender’s certificate to determine his or her public key, […]
Risks in computer-related voting have been discussed here by Peter Neumann in November 1990 and by Rebecca Mercuri in November 1992 and 1993. Recently we’ve seen the rise of a new class of likely risks in this area, directly related to the massive expansion of the Internet and Web. This is not a theoretical issue—the […]
Communications of the ACM (CACM) is now a fully Open Access publication.
By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.