Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/28/2008
05:40 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Interop Founder Dan Lynch Invests in Hot Security Startups

He was hacked by Kevin Mitnick in the '80s and recently had his identity stolen - but Lynch still has hope for making security strong and usable

When law enforcement officials had Kevin Mitnick in their sights for the second time in the early 1980s, Dan Lynch was awakened by a phone call at his home at 2:00 a.m. asking if he would press charges against Mitnick upon his arrest. Lynch, who was then a director at the University of Southern California’s Information Sciences Institute in Marina Del Ray, said yes.

“He was lurking on campus at SC and breaking into our system then,” Lynch recalls. “There were open computers laying around... Those were the systems he used to do his deeds.”

Lynch, 66, the renowned TCP/IP and Arpanet pioneer who founded Interop in the 1980s, says Mitnick’s capers back in the day were different than those of black-hat hackers today. “There was no money to be had in those days” for hacking, he says.

Lynch knows firsthand how all that has changed today: He’s a recent victim of identity theft and has spent the past few months dealing with the headaches and stress of ironing out fraudulent bank accounts and credit card charges that included everything from three consecutive days’ worth of Godiva chocolate and men’s clothing purchases at a Macy’s in Reno, Nev., to his new credit card account number being stolen before he had even received it himself.

“Before I got my new one [credit card] in the mail, there were fraudulent charges on it,” he says. “It turns out someone had opened up a bank account in my name and was getting notification of my new card. So I had to bring my Social Security card, a utility bill, and my driver’s license to Bank of America to prove I’m Dan Lynch.”

Lynch admits he hasn’t always been lucky in security. “I have co-founded a handful of security companies over the past 15 years, and none turned out to be barn burners. We either flubbed it up or the world didn’t want to pay much for security.”

Among his past security investments was the now-defunct Cybercash, whose technology today is being used by PayPal, which purchased the technology from VeriSign, which initially bought Cybercash’s assets and name when it went bankrupt in 2001. Cybercash was a case study in how even the most secure technology isn’t always marketable: “We built all this security into Cybercash to make is super-secure. Nobody cracked it. But no one could figure out how to use it."

Making security usable is the key strategy behind one of his latest investments -- startup Usable Security Systems, whose founder and CEO Rachna Dhamija is well known for her human factors research at Harvard University. Usable’s technology is still under development. “Her [Dhamija's] slant is that it’s not just the technology, but the usability,” Lynch says.

“The elevator pitch is you have one logon to get to all Websites and it’s super-secure."

Lynch also helped found Sana Security, which aims to detect malicious code that antivirus products don’t catch, including bots and unknown Trojans. He has also invested in a startup called Iterasi, which is beta-testing its product that “notarizes” live Web pages to preserve and save them as-is and securely stores them. “It’s for compliance stuff... and for proving you read and saw something,” Lynch says. “It’s a special kind of bookmark.”

Security isn’t easy to monetize, he says. “Everyone wants it but no one is willing to pay much for it. And even if you have a security solution, getting it adopted usually means a serious change to something someone’s doing.”

But you won't find Lynch at Interop this week in Las Vegas. He sold off the business in 1990 and it changed hands several times (Interop is now owned by TechWeb, a division of United Business Media, the parent company of Dark Reading), and Lynch hasn’t attended an Interop show since 2000 when he and Vint Cerf were invited to speak on a panel about the Internet’s evolution. He says he doesn’t typically follow the show anymore, but he does miss the days when Interop was “by nerds, for nerds."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19635
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.