Glitch imperils swath of encrypted records

Data destruction easy, inventor warns

continued from page 2

The theft by hackers, or even disgruntled insiders, of SSH keys can create a crisis of trust for a company, Mr. Ylonen said.

“No company that we know of systematically changes or deletes these keys,” he said. Unless companies employ “a rigorous policy to manage the production and storage of keys, how can they know who has access to their secure systems, as required by federal audit standards?”

A company unable to be certain about who can access its secure systems would be in violation of federal regulations governing finances, information security and privacy, Mr. Ylonen said.

He said the problem does not lie in the SSH encryption method itself.

“It’s a problem with the implementation,” he said, adding that unaccounted-for keys are results of “sloppy” information technology management.

Nonetheless, he acknowledged that he feels “a moral responsibility,” which is why he came out of retirement to offer a solution to the problem that poor management of his invention has created.

Mr. Ylonen retired in 2005, and for seven years was not an employee of the company he founded, although he remained a director.

“I decided I had to come back to do this,” he said.

© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.

About the Author
Shaun Waterman

Shaun Waterman

Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...

Latest Stories

Latest Blog Entries

Comments
blog comments powered by Disqus
TWT Video Picks