From: InfoSec News (isnC4I.ORG)
Date: Sun Apr 29 2001 - 21:16:28 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.theglobeandmail.com/servlet/RTGAMArticleHTMLTemplate/C,C/20010429/wmill?tf=RT/fullstory_Bus.html&cf=RT/config-neutral&vg=BigAdVariableGenerator&slug=wmill&date=20010429&archive=RTGAM&site=Business&ad_page_name=breakingnews-business

By SHOWWEI CHU
The Globe and Mail
Sunday, April 29

A Canadian startup is so convinced its network security device is
bulletproof from cyberattacks that it's willing to pay $1-million
(U.S.) to anyone who can break through.

Saafnet International Inc. of Burnaby, B.C., said that with the
adoption of high-speed Internet access, such as cable modems and
digital subscriber lines (DSL), home computer users are increasingly
vulnerable to cyberburglaries and cybervandalism if the connection is
always on.

So the one-year-old company has developed hardware called AlphaShield,
which fits between a computer and a modem. Users can surf the Web as
usual, but the device intermittently disconnects the computer.

That prevents virtual thieves from having enough time to enter and
tamper "The gate never opens unless the user actively clicks on the
[mouse] button or activates the command to go and get the
information," said Vikash Sami, Saafnet's 24-year-old founder and
chief executive officer.

"From a user's side, it's seamless. It doesn't affect your surfing at
all," spokesman David Henderson said. "From the outside, hackers are
basically locked out of your system because they effectively only have
seconds to try to hack into your system before the connection is cut."
The company is so confident that it plans to stage a contest over five
days in July or August, inviting people to try to break into a Saafnet
computer system that has had the device installed.

Participants will be invited to go to Saafnet's Web site and get an
Internet protocol address of the computer. Anyone who brings back a
piece of code or password that Saafnet preregistered will be the
winner of the grand prize.

Saafnet said it is still working out the legalities and contest
regulations and is negotiating with a U.S. broadcasting company to air
the contest on television.

When asked if it was just a marketing gimmick to get some media
exposure for Saafnet, Mr. Sami said: "No. We're in final negotiations
with a few of the big broadcasting companies that will be holding this
contest for us and also some security companies that will help us with
the technical side of it. So we're quite serious." Hacking contests
are not new. Last September, the Secure Digital Music Initiative
(SDMI), an industry group, invited hackers to crack into several
encryption methods that protect the copying of digital music files.

Several people claimed to have successfully hacked into four methods,
but the group disputes the claim. And earlier this month, security
firm Argus Systems Group called on people to try to penetrate software
that secures a Web server.

But industry observers say these contests don't necessarily mean that
a company's product is secure.

"Just because a technology survives a contest doesn't mean it's
secure," Bruce Schneier wrote in InternetWeek magazine. Mr. Schneier
is chief technology officer of Counterpane Internet Security Inc., a
managed-security monitoring firm in California. "There's no way of
knowing whether anyone really tried to compromise the security of
either a system or some form of content." The idea for Saafnet's
device came after a friend's computer was ransacked by cyberintruders
who stole personal files and left viruses that crashed his system, Mr.
Sami said. That friend asked him if there was any existing security
technology that was 100 per cent effective.

"There's lots of sophisticated software out there but nothing will
guarantee 100-per-cent protection," Mr. Sami recalled. "The only way
you can protect your self is by unplugging the data line from the
computer." Mr. Sami, who has a computer sciences degree and was a
freelance contractor specializing in networking, bought some parts
from a Radio Shack store and eventually invented a prototype. Since
then, he has worked with engineers to perfect the technology at
Saafnet, a company he founded in March, 2000.

The company, which employs 12 people and has raised $2-million from a
group of private investors, plans to make the device commercially
available in the summer for consumers and small businesses for $149.
It has also received a letter of intent from a Virginia-based venture
capital firm for $100-million, the company said.

Saafnet competes with other companies such as Whale Communications
Ltd. of New Jersey.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]