New Risks you Cannot Control
“One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.”
Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors.
Historically, the risk has been demonstrated in incidents like the discovery of an obscure division bug in Intel’s Pentium microprocessor in 1994 and, more recently, in a multiplication bug in Microsoft’s Excel spreadsheet program, he wrote.
“A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography.”
Although it’s inappropriately complex for a discussion such as ours here, we do wish to point out that this is one of those “systemic breakdown” as opposed to the “personal behavioral breakdown” which we are studying and for which we are seeking solutions through highly targeted and systematic education and training.
The lesson for those of us working in the area of critical information protection is clearly that there needs to be a range of security assessment starting with hardware and software makers (including cell phone companies whose microwave transmissions are woefully insecure) to the personal behavior of employees handling sensate material and ultimately to ourselves in our daily behavior. (This is outlined in our first book “Who is You: The Coming epidemic of Identity theft”)