Cipher Issue 123, November 23, 2014, Editor's Letter

Dear Readers,

In some ways the Internet seems a safer place than in its tumultuous youth in the 1990s, but we have also seen massive erosions of privacy, and attacks against high value assets are increasing in number and sophistication. This issue of Cipher mentions several news articles about recent attacks, including a dire prediction from the head of the US CyberCommand warning that our power grid could be shut off by foreign actors. We are like a complex molecule whose internal bonds are shortening.

In this world of unnerving digital attacks, we need all the tools we can to understand what is transpiring in our computers. Richard Austin has chosen to review a new book that helps analysts find malware that hides in active memory. This is a particularly challenging task, and the book covers the subject in depth.

One of the events listed in our calendar is for the GREPSEC workshop for underrepresented groups in computer security research. This invitational, small event is crafted for early stage graduate students who want to know more about research areas related to security. Given the number computer security problems that we face, expanded participation in the field is essential. Applications will be accepted in January.

Recently the Internet Architecture Board (IAB) issued a statement recommending that almost all Internet traffic be encrypted in order to fight "pervasive surveillance". Certainly this would hamper some of the attacks against confidentiality that have been revealed in recent years, but I find it disappointing that the statement does not call for stronger measures, particularly for end-to-end encryption. The IAB has long tried to balance operational ease against security, and the result is a hodge-podge of weak recommendations on a protocol-by-protocol basis. The IAB now seeks to "restore the trust users must have in the Internet". This laudable goal requires fundamental changes to the design and deployment of protocols and end user software. We should all strive to participate in this change.

Oddly enough, Cipher is not encrypted,

      Hilarie Orman