• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K

Interview: Must-know security insights for 2007

By
Jon Fortt
Jon Fortt
Down Arrow Button Icon
By
Jon Fortt
Jon Fortt
Down Arrow Button Icon
January 15, 2007, 10:00 PM ET
Add Fortune on Google for similar content.

0701kocher_bw

Security has become something of a niche for this blog, since there are few things you can do that are of greater utility than protect your stuff. So for some insights into the trends that will matter in 2007, I chatted with Paul Kocher, president of Cryptography Research and one of the architects of the Secure Sockets Layer 3.0 protocol.

Kocher, who helped discover a strange and fascinating type of attack where hackers can discover weaknesses by analyzing the power consumption of a device, talked about today’s threats and how consumers and business can defend against them. Below is an edited IM transcript.


Fortt:
It seems that along with the digital lifestyle has come an unprecedented volume of threats from hackers. What are some of the most troubling strategies and tactics you’ve seen lately?


Kocher:
If I had to choose a single trend, it would be that the attackers are being driven by more rational motives. A few years ago, the main focus was on viruses written by the electronic equivalent of graffiti taggers, whose primary objective was attention and ego. Today, money is usually the motive.


Fortt:
I keep hearing that it’s more about profit now. But who are these people, and where are they finding the talent? I can’t imagine they’re posting on Monster.com.


Kocher:
There are a lot of smart people with poor employment prospects in countries with weak economies. For virtually all the attacks we run into, the technical work is effectively outsourced. Only portions of the attack process that require a physical presence, such as withdrawing money from ATM machines, are done locally. Most of the work gets done in countries where wages are low.


Fortt:
Interesting. We usually think of low-wage countries as places where people lack technical know-how. But I suppose that’s not the case. Is it a particular issue in Eastern European countries?


Kocher:
It’s not necessarily fair to single out any one place, though Eastern Europe has been a source of quite a bit of payment fraud.


Fortt:
Are there less than obvious things the average person should be doing to guard against security breaches? What would

be some of your top recommendations?


Kocher:
For ordinary consumers, some simple things can make a big difference. First, encrypt your laptop. You’ll lose it someday, and you don’t want your data to be exposed. Second, don’t reuse the same password everywhere. Attackers compromise minor websites then use the user data to attack others. Third, put a fraud alert on your credit history. It’ll make identity theft much more unlikely.


Fortt:
You say “encrypt your laptop.” Most people have no idea where to start. How should they go about it?


Kocher:
Windows Vista will ship with disk encryption. There are also third-party products, such as PGP Disk that can do this.


Fortt:
And you have suggestions for companies? Small businesses in particular, I would think, could use the advice.


Kocher:
The first challenge is user education. The bigger an organization gets, the more likely someone will run a virus, choose a bad password, or make some other security mistake. A close second is to use sure that basic network hygene – firewalls, virus scanners, etc. Finally, when critical data is involved, try to physically separate it. For example, at Cryptography Research, we have two networks, one for sensitive data and the other for email, web browsing, etc.


Fortt:
I had never heard the advice regarding physically separate networks. Makes a lot of sense. Any other trends or concerns you wanted to point out? Maybe you can touch on payments. There have been a lot of rumblings from the

banks lately that they want to leverage their online banking security systems to grab some of the online payments business away from the credit card folks. Do you get the sense that this is something we’re likely to see happen? Would it be good for security?


Kocher:
I don’t expect change in the payment space to come from the banks who issue credit cards. They get paid twice, first by the merchants then interest from the consumer. They don’t really have any motivation to change things. I think we will see innovation from merchants, particularly in the on-line space where they’re being charged high Interchange fees and

receive no fraud protection.

The ATM networks are also overdue for an overhaul. They protect cash (which is more desirable to thieves than merchandise) and they don’t have a large fee base to cover fraud. The security mechanisms are also antiquated and really aren’t designed

to handle large-scale compromises of card/PIN data.


Fortt:
So I was intrigued when I heard that you have been looking into some verynovel types of hacking threats. There’s one you protect against that involves power surges?


Kocher:
One of the major areas we’ve been studying is the how to protect cryptographic keys stored in semiconductor chips. We discovered that the amount of electrical power consumed by chips varies during computations, and that by measuring and analyzing these variations it’s possible to find secret keys. This is a big problem in any application where attackers can get physical possession of a device.


Fortt:
How did you figure that out? Do you know of any systems that have been compromised using that method?


Kocher:
We first discovered the problem in the mid 1990’s while studying low-cost, non-invasive ways that keys could be compromised. We then found statistical methods that could identify keys even if the measurement quality is very poor, which made the attack very powerful. Pirates attacking pay TV systems have used power analysis attacks. Companies

that make knock-off ink cartridges have also used the approach. Smart cards of all kinds also need to be protected, including those used for payment, mobile telephony, and identity applications.


Fortt:
So what’s the next phase in the cat-and-mouse game the world’s institutions are playing with criminal hackers? Weve been through the age of the amateur hacker, and we’re in the age of the professional criminal hacker now. What’s on the horizon?


Kocher:
The pros are here to stay. Although countermeasures to individual problems occasionally make one area of fraud less profitable, technical advances are constantly creating new business models for attackers and new vulnerabilities to

exploit. One area I’m concerned about that hasn’t received much attention yet is long-term privacy. For example, consider what dirty tricks political party could play 50 years from now if they made archives of material available today on sites such as MySpace and Match.com.


Fortt:
Oh believe me, I think about that all the time. What’s your advice about that? Just stay off all social network sites? Never post anything you don’t want the whole world to know?


Kocher:
It’s essentially impossible to grow up in today’s world without creating any embarassing digital records. It’s simply not realistic to expect that teenagers will never do an emabarssing search. The solution will have to come from the companies that receive data from users. For example, Google needs to stop storing queries. In the long run, the U.S. is going to end up with strict privacy legislation – it’s only a matter of time before there is an egregious violation which acts as a catalyist.


Fortt:
You say Google needs to stop storing queries: Do you really think there will be legislation to force that issue?


Kocher:
If companies like Google don’t establish dramatically better voluntary standards, the government will get involved eventually. It probably won’t be anything Google does that triggers legislation, but they’ll be affected by it.


Fortt:
I hate to keep you long, but I’d love to hear your closing thoughts on piracy and Hollywood and what the next challenges are.


Kocher:
To a large degree, Hollywood’s challenges are economic. Today the security of digital content is largely being decided by engineers whose employers have no direct economic incentive to do a good job. For example, if you ran a consumer electronics company, how much money would you spend solving Hollywood’s problem?

If studios lose

control of their product (which is a real possibility – it’s happening in the music space), content will become an poorly-profitable raw material used by high-margin businesses run by other companies. On the other hand, if the studios can figure out how to stay relevant when the content is distributed in digital form through intermediary services,

they’ll do great.


Fortt:
Well, we’ll see if Steve Jobs can convince them to let him help solve their problem (and make some money in the process). Thanks for taking the time to chat.


Kocher:
Thank you very much, Jon. I enjoyed the conversation.

About the Author
By Jon Fortt
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in

Best private student loans for medical school
Personal Financestudent loans and debt
Best private student loans for medical school
By Joseph HostetlerJuly 2, 2026
6 hours ago
Michael Burry just shorted Caterpillar’s 172% AI rally. One analyst says his bet won’t even matter
Investingstock prices
Michael Burry just shorted Caterpillar’s 172% AI rally. One analyst says his bet won’t even matter
By Marco Quiroz-GutierrezJuly 2, 2026
7 hours ago
Opti-Greens 50 Review (2026): Insights from Hands-On Testing
HealthDietary Supplements
Opti-Greens 50 Review (2026): Insights from Hands-On Testing
By Christina SnyderJuly 2, 2026
7 hours ago
U.S. Treasury Secretary Scott Bessent
EconomyDebt
AI’s $2.2 trillion deficit fix is already half fake, economists say
By Tristan BoveJuly 2, 2026
8 hours ago
s
Personal FinanceSports
The sports economy is unaffordable at the bar, let alone the stadium
By Catherina GioinoJuly 2, 2026
8 hours ago
m
Politicsfraud
Trump fights fraud by freezing funding for New York’s Medicaid Fraud Control Unit
By Ali Swenson, Geoff Mulvihill and The Associated PressJuly 2, 2026
8 hours ago

Most Popular

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
2 days ago
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
8 days ago
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
Success
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
By Orianna Rosa RoyleJuly 2, 2026
20 hours ago
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
Success
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
By Sasha RogelbergJuly 2, 2026
10 hours ago
Current price of oil as of July 1, 2026
Personal Finance
Current price of oil as of July 1, 2026
By Joseph HostetlerJuly 1, 2026
2 days ago
Americans are escaping the U.S. for New Zealand where house prices have hit a new low—but only wealthy Americans with $3 million spare can invest
Success
Americans are escaping the U.S. for New Zealand where house prices have hit a new low—but only wealthy Americans with $3 million spare can invest
By Emma BurleighJuly 2, 2026
12 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.