11-04-96. "Web security threat grows" With a variety of new technologies like stronger encryption, smart cards and digital signatures and envelopes emerging to tighten Web security, experts working on various aspects of the problem agree the goal of end-to-end security on the Web will remain elusive as long as insecure operating systems dominate the commercial market. "You can't build security on top of insecurity," said Netscape's Jim Roskind, who spent much of a session on Webware fending off criticism of Java security flaws. "We have to assume that the [security] problems will be pervasive forever," warned Peter Neumann. "This is a holistic problem, and we have to deal with it in a global way." "Protection sought for U.S. systems" The initiative will be led by the Pentagon's Computer Emergency Response Team at Carnegie Mellon University and the Energy Department's Computer Incident Advisory Capability. "Motorola unveils chip for contactless smart card" One chip designing a contactless card that meets all frequencies of a proposed standard while the other adds cryptography to a single-chip solution. The other card incorporates a 1,024-bit modular encryption processor that is reportedly one of the fastest in the industry. "U.S.Joint Venture to Market Acoustic Smart Card Technology" NeTegrity also announced it has invested $1 million in Encotone, Ltd., for a 10% equity interest in the Israeli company. Other Encotone, Ltd. investors include ECI Telecom, a $500 million Israeli telecommunications firm, and Professor Michal Ben Or, Head of the Department of Computer Science at Hebrew University of Jerusalem and a worldwide authority on cryptology. "Microchip Technology launches highly secure smart card family with KEELOQ code hopping technology" The SCS152 provides a programmable 64-bit cryptographic key used to create a digital signature unique to each card, which reduces the possibility of unwanted access to card information and the "cloning" of these cards for unauthorized payments. Other features include programmable user memory and "anti-tearing," which prevents the information in the card from being corrupted if the supply voltage is interrupted. "EEMA Lobbies Over Limiting US Encryption Controls" EEMA recognizes that the principal reasons for this is the disparate European legislation that surrounds the use of encryption, and the fact that inter-working with dominant US-based computer software -- operating system and application software -- is subject to US legislation and restrictions. "Putting EDI to the test" Security continues to be the main sticking point for using the Net as a vehicle for EDI. Vendors that will demonstrate secure E-mail messages transporting EDI documents over the Web. The technology used is S/MIME, an encrypted version of the popular MIME protocol. "V-One Secures New Clients" NSA runs the nation's code-breaking operations, and DISA is supposed to keep the nation's networks secure, so there is not much chance of finding out what they do with the software they have bought from V-One. ----- http://jya.com/secure.txt (28 kb) SEC_ure