The Inquirer-Home

Bruce Schneier says security firms need to improve anti-spam software

Schneier discusses encryption and anti-spam at the V3 Security Summit
Tue Sep 25 2012, 11:32

LEGENDARY CRYPTOGRAPHER Bruce Schneier has said that anti-spam is one area of security that can be vastly improved.

Speaking at the V3 Security Summit, Schneier said, "It would be really good if we could delete spam in the middle of the network in the backbone, but there really isn't enough financial incentive to do this.

"That's why it is deleted at the end point which really is the worst place to do it. But that's the place you can bill or charge somebody."

Advances in cryptography are also occurring slowly but this is because businesses and governments have little requirement for stronger encryption standards, Schneier continued.

"We have all the cryptography we need. The US [National Institute of Standards and Technology (NIST)] will soon be announcing a new hash function," said Schneier.

"Will this be better than the old standard? Marginally. Will it be faster? A little bit. You know it's not that exciting. Crytopgraphy plods on. The real hard work is embedding cryptography in the system and then the system around it."

There are currently five teams competing to have their algorithm chosen for the NIST standard.

Schneier is one of the world's most renowned cryptography experts, having published a best-selling book on the subject, Applied Cryptography. He is the chief security officer for BT.

"There are not a lot of advances in crypto, but there is stuff around the edges and there is stuff that we in the field are excited about. But in terms of actual products and business we have all the cryptography we need. Making it work is what's hard," Schneier added.

Schneier also restated his arguments against electronic voting machines.

"Voting people who are used to creating voting machines are quick to build electronic machines and move to internet voting. But as an internet security person, I don't know how to make that secure, and I find this very worrisome," he said.

"You see arguments like 'we can make ATM machines secure so why can't we make electronic voting booths secure?'. ATMs are secure through the audit process. If something happens weird in the machines, you can go through every transaction, look at the video cameras, and figure out what went wrong and exactly where."

Schneier explained that because the voting process is anonymous, it is impossible to run audits on voting machines.

Schneier, who published his most recent book, Liars and Outliers in February, said it will be another couple of years before his next book appears. µ

V3 Virtual Security Summit


The V3 Virtual Security Summit is taking place on 25 September. All the videos will be available to watch on-demand for a three month period following today's broadcast. Please click here to watch any of the sessions now.



Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015