Digital IDs matter

Jon Udell   Today’s Top Stories   or  Other Management Stories  

From Laggard to Leader: Transforming the Data Center Google's Universal Search for Business Achiving Compliance Through Good Governance How Much Will an Office 2007 and Vista Migration Hurt? Qualified Security Assessors are not created equal Surviving and Thriving in Tough Times SaaS Solutions for Remote Systems Management The Business Value of Tape Storage Computerworld Technology Briefing: An open-source path to optimal virtualization Sign up to receive Management Resource Alerts

May 22, 2000 (Computerworld) -- Here's a message I hope I'll never have to send: Hello. You're in my address book and therefore have probably been sent an e-mail "from me" containing a zipped attachment - which I supposedly received from (Sender), (Title) at (Prominent Company).
Do NOT open the zipped attachment - this is the worm virus in the news. Simply delete the e-mail.
Sorry, (Victim)
I received this pathetic missive in the wake of the so-called Love Bug's predecessor, ExploreZip.worm. These worms, while clever, are more socially than technically adept. A victim is attacked by a message that seems to come from an acquaintance. In reality, of course, the poisoned message comes from a trusted person's machine, not that trusted person.
After the Love Bug, experts made the same tired recommendations we always see:
• Disable macro languages.
• Ban attachments in corporate environments.
• Don't open any attachment you aren't sure about.
Will we ever learn? This isn't really about viruses and worms at all; it's about identity.
You probably do most of your business through e-mail, where you're represented by nothing more than an e-mail address. Everybody knows it's trivial to forge an e-mail address, and we now know it's also far too easy to hijack somebody's e-mail program. Sadly, a solution has been widely available - and almost universally ignored - for almost five years.
Since 1996, the e-mail clients bundled with both Microsoft's and Netscape's browsers have enabled us to digitally sign our messages and thus prove our identities to recipients. I sign all my e-mail messages, but I can count on the fingers of two hands the people who have ever sent me signed e-mail. Leave out cryptography experts, and I only need one hand.
To sign your e-mail, you need a client certificate, a.k.a. digital identification. These are like the server certificates that secure Web sites use to support Secure Sockets Layer (SSL) connections. But server certificates do more than just activate SSL. They also authenticate servers to clients - that is, they prove to your browser that it's really connected to Amazon.com and not to some rogue site.
The dirty little secret of e-commerce is that clients aren't authenticated to servers. You know that Amazon.com is Amazon.com, but it doesn't know who you are; it knows only that you're somebody's valid credit-card number. Why not use a client certificate? It takes effort to acquire and use one, and nobody wants to slow the e-commerce juggernaut by asking people to make that effort.
It's long past time to rethink this lazy approach. The same client certificates that could help stem the growing tide of online credit-card fraud

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Analysts: Google spreading itself too thin iPhone 3G owner sues Apple, AT&T over dropped calls, app crashes Mozilla: Firefox is faster than Chrome More top stories...

At 10, Google reiterates commitment to CIOs Microsoft explains Seinfeld-Windows TV ad: just a 'teaser' Continuing coverage: Google's Chrome browser

Microsoft warns of IE8 lock-in with XP SP3 Users of Windows XP SP3 who try out IE8 Beta 2 won't be able to uninstall either one under certain circumstances. Opinion: Why Google has lost its mojo -- and why you should care Google has gone from innovative upstart to fat-and-happy industry leader in what seems like record time. Preston Gralla explains. Review: Internet Explorer 8 Beta 2 offers some nifty new features Microsoft's latest beta of IE8 includes better tab management, new services such as Web Slices and Accelerators, and the new 'porn mode.' IT Schools to Watch 2008 These leading-edge graduate schools are moving at the pace of the IT workplace, delivering coursework that's relevant to today's IT professionals. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland Security Apple's iPhone Ask a Premier 100 IT Leader Bill Gates steps down BlackBerry Legal Battle Data Security Breaches Electronic Voting Firefox H-1B Visas HP's Boardroom Scandal Handheld Devices Hurricane Katrina Aftermath Microsoft Legal Issues Microsoft's Vista Open Source RFID Technology SCO's Linux Fight Sarbanes-Oxley Act Spam Voice Over IP Wi-Fi Windows Meta File Vulnerability Windows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class 2006 Computerworld Horizon Awards 2006 Premier 100 IT Leaders 2006 Salary Survey 2007 Best Places to Work in IT 2007 IT Forecast 2007 Premier 100 IT Leaders 40 Years of Computerworld ASPs, Take Two Best Places to Work in IT 2003 Best Places to Work in IT 2004 Best Places to Work in IT 2005 Best Places to Work in IT 2006 Business Intelligence Home Runs Business Intelligence: Smarter BI Business Intelligence: The Future of BI CRM Goes Vertical CRM: Sober CRM Career Planning Guide 2005 Careers: IT Profession 2010 Computerworld Horizon Awards 2005 Data Management: Mining for Gems Data Management: Taming Data Chaos Development: Hard-Workin' Web Sites Development: New Tools New Choices Development: The New World of Application Development Development: The Web Services Tsunami Development: Web Services Hurdles Disaster Recovery: Preparing for the Worst E-commerce Grows Up E-mail/Groupware: Big Decisions Faces of Mobile IT Forecast 2006 Global Mobile Hardware: Multiple Cores, Multiple Challenges Hardware: On-Demand Un-Hyped Hardware: The Shape of Things to Come Horizon Awards: 10 Cool Cutting Edge Technologies IT Management: Guide to Managing Vendors IT Management: Navigating Global IT IT Management: Recovery Ahead IT Management: The Future of IT IT Management: The Resourceful Project Manager Innovative Technology Awards 2004 Management: Reinventing IT Microsoft in Transition Mobile/Wireless Leaders and Laggards Mobile/Wireless: The Untethered Worker Mobile/Wireless: Tiny Gadgets, Huge Costs Network Management: Taking Control Networking: Turbulence Ahead! Networking: VoIP Goes Mainstream Operating Systems: In the Slow Lane Operating Systems: Linux Goes Global Operating Systems: Should You Nix Unix? Outsourcing: Offshore Buyer's Guide Outsourcing: Outsourcing Dangers Premier 100 IT Leaders 2004 Best in Class Premier 100 IT Leaders 2005 Best in Class ROI: Do the Math! Salary Survey 2003 Salary Survey 2004 Salary Survey 2005 Security Action Plan Security: Compliance Headaches Security: Proactive Security Security: Risk and Reward Security: Tips From Security Pros Souped-up Security Storage: Battling Complexity Storage: Cheap & Secure Data Stores Storage: Stretching Your Storage Dollars Storage: The Lean Storage Machine Storage: The New Rules of Storage Storage: The Ultimate Backup Guide Supply Chain: Missing Links Supply Chain: RFID Reality Check The Business of Security Web 2.0 Security Wireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone The File Data Management Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Business Intelligence and Analytics Zone Windows Protection Zone Identity & Security Management Zone See your link here

Google's Universal Search for Business Google's Universal Search for Business View this exclusive webcast, free, compliments of Google! Go to the webcast  Learn-Fast Guide: Software as a Service is Growing Up Download this Computerworld Executive Briefing, a $195 value, for free! Compliments of Akamai. (Source: Computerworld) SaaS is here to stay as an application delivery channel. You will be using it, but will you do so wisely? This Learn-Fast Guide will prepare you for software delivered over the Web. From security issues to contract negotiations, there's a lot to consider ... and a lot to gain. Download this executive briefing  The Importance of Application Management Get this white paper now! (Source: Dell) Efficient desktop application management is essential in normal day-to-day operations of any company. Whether you are introducing a new application or implementing an OS migration, the goal is the same: minimize disruptions and ensure user productivity throughout the process. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Death to PST: Hidden Cost of Email Mismanagement Extend, Replace, or Convert; which is the best way forward for COBOL Applications? The Trend from Unix to Linux in SAP Data Centers View more whitepapers

• Analysts: Google spreading itself too thin
• At 10, Google reiterates commitment to CIOs
• iPhone 3G owner sues Apple, AT&T over dropped calls, app crashes
• More top stories 

• Google scrubs search cache of Chrome download site

• Google's Chrome aims to kill Windows, make Web the OS of choice

• Google Chrome browser: Dethroning Microsoft or killing off Mozilla?

Read more news 

• Whoah the humanity!

• Try, try again

Read more Shark Bait 

Intercept Spam & Viruses With MessageLabs MessageLabs is offering a complimentary 30 day trial of its managed Anti-virus and Anti-spam security solutions. MessageLabs guarantees complete protection against all know and unknown email threats. By providing 24 hour support, your business can increase productivity and decrease risk. Register for a complimentary trial and receive a free datasheet. Download this white paper now!

Do you love where you work? Tell us about it! Nominate an organization today for Computerworld's 2009 Best Places to Work in IT list. Nominate a company here. See the 2008 Best Places to Work in IT report

SQL Anywhere Developer Edition Download SQL Anywhere is the industry-leading mobile and embedded database. Designed for database-powered applications that operate in frontline environments without onsite IT support, SQL Anywhere offers enterprise-caliber features in a database that is easily embedded and widely deployed in server, desktop, remote office and mobile applications. Download the free SQL Anywhere Developer Edition