Net Securit Is Fatally Flawed; EXPERT WARNS OF HIGH-TECH TIMEBOMB IN ONLINE BANKING

Article excerpt

Byline: SIMON FLUENDY

A STARK warning from a world expert on internet security is threatening to have a devastating effect on online banking and e-commerce.

Bruce Schneier, a cryptographer and chief technology officer at consultancy Counterpane Internet Security, says that there are fatal flaws in the way systems operate. And he believes that security breaches such as the recent Barclays bank blunder, where customers could see other accounts, are just the tip of the iceberg.

If true, his theories will be a body blow for companies specialising in ways to make e-commerce a safe and secure way to do business. These include stock market high-flyer Baltimore Technologies and American firms such as VeriSign and EnTrust.

Schneier and Carl Ellison, senior security architect for computer chip giant Intel, make their views known in a hard-hitting report that says that for security, the internet falls far short of conventional paper-based transactions.

The private document, seen by Financial Mail, is circulating among cryptographers and other specialists. But once it gains wider currency, it threatens to hamper the development of e-commerce by fuelling growing consumer fears about internet security.

Schneier is concerned about the security of 'digital signatures', the electronic equivalent of authorising a document with pen and ink. Schneier once believed that these signatures could be made tamperproof, but now argues that this is unworkable. In effect, he is saying that it is impossible to trust that a digital signature is genuine.

His change of heart is astonishing because, as the author of Applied Cryptography, the standard text book on the making and breaking of security codes, he is considered to be a key figure in the development of the technology. Schneier thinks some weak links in internet security may never be overcome.

One of his concerns is the protection of passwords from prying eyes. Most people use common passwords, such as the name of their spouse or favourite football team. …