GeekSpeak: June 17, 2002

 
 
By Peter Coffee  |  Posted 2002-06-17 Email Print this article Print
 
 
 
 
 
 
 

Obscurity isn't security, as Xbox crack proves.If Microsoft's Xbox is going to be the digital home's gateway to the net, it might be a good idea if that gate could be locked—with a different key for every home.

If Microsofts Xbox is going to be the digital homes gateway to the net, it might be a good idea if that gate could be locked—with a different key for every home.

Ignoring a fundamental precept of security, Microsoft has been shipping the Xbox with a security key, identical in every unit, embedded in its hardware. Although obscured by obstacles and distractions, the key was readily exposed earlier this month (see how at www.eweek.com/links) by an MIT graduate student who had time on his hands after finishing his doctoral thesis on latency reduction in distributed parallel computing.

Enterprise IT buyers must shun any "security" offering that is based on obscuring implementation. The mechanism must be fully disclosed so it can be examined from all sides; the keys must be controlled by the user alone. Whether the aforementioned rule is invoked by its formal name of the Kerckhoff Principle (more information is at www.eweek.com/links) or more colloquially under the label of simple common sense, its like Newtons law of gravity. You can pretend to break it but not for long.

 
 
 
 
Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel