Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/28/2008
05:40 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Interop Founder Dan Lynch Invests in Hot Security Startups

He was hacked by Kevin Mitnick in the '80s and recently had his identity stolen - but Lynch still has hope for making security strong and usable

When law enforcement officials had Kevin Mitnick in their sights for the second time in the early 1980s, Dan Lynch was awakened by a phone call at his home at 2:00 a.m. asking if he would press charges against Mitnick upon his arrest. Lynch, who was then a director at the University of Southern California’s Information Sciences Institute in Marina Del Ray, said yes.

“He was lurking on campus at SC and breaking into our system then,” Lynch recalls. “There were open computers laying around... Those were the systems he used to do his deeds.”

Lynch, 66, the renowned TCP/IP and Arpanet pioneer who founded Interop in the 1980s, says Mitnick’s capers back in the day were different than those of black-hat hackers today. “There was no money to be had in those days” for hacking, he says.

Lynch knows firsthand how all that has changed today: He’s a recent victim of identity theft and has spent the past few months dealing with the headaches and stress of ironing out fraudulent bank accounts and credit card charges that included everything from three consecutive days’ worth of Godiva chocolate and men’s clothing purchases at a Macy’s in Reno, Nev., to his new credit card account number being stolen before he had even received it himself.

“Before I got my new one [credit card] in the mail, there were fraudulent charges on it,” he says. “It turns out someone had opened up a bank account in my name and was getting notification of my new card. So I had to bring my Social Security card, a utility bill, and my driver’s license to Bank of America to prove I’m Dan Lynch.”

Lynch admits he hasn’t always been lucky in security. “I have co-founded a handful of security companies over the past 15 years, and none turned out to be barn burners. We either flubbed it up or the world didn’t want to pay much for security.”

Among his past security investments was the now-defunct Cybercash, whose technology today is being used by PayPal, which purchased the technology from VeriSign, which initially bought Cybercash’s assets and name when it went bankrupt in 2001. Cybercash was a case study in how even the most secure technology isn’t always marketable: “We built all this security into Cybercash to make is super-secure. Nobody cracked it. But no one could figure out how to use it."

Making security usable is the key strategy behind one of his latest investments -- startup Usable Security Systems, whose founder and CEO Rachna Dhamija is well known for her human factors research at Harvard University. Usable’s technology is still under development. “Her [Dhamija's] slant is that it’s not just the technology, but the usability,” Lynch says.

“The elevator pitch is you have one logon to get to all Websites and it’s super-secure."

Lynch also helped found Sana Security, which aims to detect malicious code that antivirus products don’t catch, including bots and unknown Trojans. He has also invested in a startup called Iterasi, which is beta-testing its product that “notarizes” live Web pages to preserve and save them as-is and securely stores them. “It’s for compliance stuff... and for proving you read and saw something,” Lynch says. “It’s a special kind of bookmark.”

Security isn’t easy to monetize, he says. “Everyone wants it but no one is willing to pay much for it. And even if you have a security solution, getting it adopted usually means a serious change to something someone’s doing.”

But you won't find Lynch at Interop this week in Las Vegas. He sold off the business in 1990 and it changed hands several times (Interop is now owned by TechWeb, a division of United Business Media, the parent company of Dark Reading), and Lynch hasn’t attended an Interop show since 2000 when he and Vint Cerf were invited to speak on a panel about the Internet’s evolution. He says he doesn’t typically follow the show anymore, but he does miss the days when Interop was “by nerds, for nerds."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20898
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
CVE-2019-20899
PUBLISHED: 2020-07-13
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.
CVE-2019-20900
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.
CVE-2019-20897
PUBLISHED: 2020-07-13
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...