You Must Control Net Connections

 
 
By Peter Coffee  |  Posted 2002-12-16 Email Print this article Print
 
 
 
 
 
 
 

Absence of information is hard to prove unless you have complete control.

When CNN Headline News reporters asked me for comments on the Ptech incident, Ill bet they were anticipating a reassuring reality check. Id guess, based on the way they framed the questions, that they thought I would say the notion of software back doors being built in by devious developers was an exaggerated risk.

If so, they may have been surprised to hear me tell their Friday night audience on Dec. 6—Pearl Harbor eve, an ironic coincidence—that accidental data leakage is commonplace. It doesnt take a big imagination, I added, to foresee dire consequences from mixing Internet connections with a small amount of malice and a moderate amount of technical skill.

In yet another coincidence, that conversation took place the day after I finally got a DSL connection in my office near LAX, so the subject of vulnerable always-on connections was already on my mind when the Ptech story broke—and I wasnt enjoying my thoughts. According to the Norton Internet Security scanner on my office laptop system, there are roughly 80 applications on that machine that are potentially Internet-active. Thats many more than I have any desire to allow at-will Internet access.

Opera, because I use it, and Outlook, because I tolerate it, are the only two applications that Ill allow to talk to my connection whenever they like. But when I configure my firewall to complain about anything else trying to access the network, I find all sorts of things on my system attempting to chat with their unknown friends in unknown places.

Even if I knew exactly what they were sending, and to whom, I still could not be sure that there wasnt more information leaving my machine than met the eye. What if the time that data goes out is itself a signal? Or what if the number of bytes in each successive burst is encoding a password or other sensitive information?

In formal mathematics, you can prove that something is untrue or impossible in a universal sense. In the real world, absence of information is hard to prove unless you have complete control of what is sent, when and in what manner. Am I paranoid? No, just aware. And now, so are you.

Tell me what worries you at peter_coffee@ziffdavis.com.

 
 
 
 
Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel