Security Newsletter 20
Editorial
When I started my career many years ago, security was not in the scope of consumers’ interaction (except for Pay TV). Today, security is playing an increasing role in our daily life. This issue presents some of the most recent attacks that may affect our life.
People seem to take a fatalist stance to the uninterrupted stream of viruses, spam, and security updates of their computers. Will they keep this placid mood once their connected consumer devices, such as connected TV sets, will be under attack? This new generation of devices will become a target of choice for hackers for several reasons. Firstly, new consumer electronics devices are often not well protected (and sometimes not protected at all). Secondly, it is a new playground for hackers with devices using the hackers’ preferred operating system: Linux. Surely, some manufacturers will do a decent job of securing their devices, unfortunately, others will do a poor one.
Our daily life relies more and more on security protocols: e.g., SSL/TLS which secures every https transaction. What would happen if such a dominant protocol would be broken? A new attack, with nickname BEAST, challenges this question (see the news of Alain).
This prevalence of the need for security in our daily life raises many questions. Will consumers care about having a secure device and thus pay a premium for it? How will consumers be able to compare the respective quality of the proposed solutions? What will be the user-friendly mechanisms to update aging security? What will be the business models supporting such crucial updates?
When I started my career many years ago, I hired a young, unknown cryptographer: David Naccache. In those early years, he introduced me to serious security. Since then, he has become a worldwide-recognized expert. Thus, I am honored to have him as the guest of this issue.
E. DIEHL,
Technical Editor