Dear Readers,
We have come a long way on Internet security, from the Wild West days of "catch me if you can" to the present day arms race and eternal vigilance over our digital assets. Some of the transition can be traced in the evolution of network security protocols over the past 15 or so years. Sven Dietrich reviews a book on that topic, the second edition of "Protocols for Authentication and Key Establishment" in this Cipher issue.
Last May at the IEEE Security and Privacy Symposium I asked a researcher what the next big thing in novel physical attacks on computer systems might be. We've seen disks used as microphones and light fluctuations from screens used to extract data, what more is in store? His reply was non-committal but indicated that more was to come. His exact words were, "Physics sucks." That came to mind when I saw the announcement of research that uses lasers to cause microphones to vibrate at speech frequencies. Will physical exploits never cease? Not until physics is dead.
At the end of this year the Technical Committee on Security and Privacy (the Computer Society organization that sponsors this newsletter) will have a new chairman. After two years of service to the organization, Sean Peisert is at the end of his term. He has guided the security conferences through thorny issues with contracts and publishing issues, and the TCSP is stronger for his leadership. Ulfar Erlingsson, a stalwart of program committee participation and leadership, will assume the position of chairman. Brian Parno, also an S&P veteran, will be the new vice chair.
The Story of Computer Security Day, A Modern Fable for Our Holiday:Happy American Thanksgiving,
The American colonists had trouble setting up wifi during their first winter, and their mobile devices were barely usable. The indigenous people took pity on them and invited them to a day of free data. They shared passwords for gaming sites and watched cat videos far into the night. Later the colonists stole all the indigenous data and took down the native networking system, replacing it with 3G and TCP/IP, but they never forgot the gaming day. That is why Computer Security Day is on November 30.