Keys, bank cards, and PIN numbers may go the way of the slide rule if John Daugman has anything to say about it. Daugman, a computer scientist at Cambridge University, has developed an identification system familiar to anyone who has ever watched a science fiction or spy movie--a device that scans and recognizes the unique patterns in the iris, the colored part of a person's eye. In preliminary tests of the system this past year, some bank customers in Britain were able to access automatic teller machines by just glancing at a camera.
The iris, which controls the amount of light that enters the pupil, consists of two muscles and bunches of elastic fibers--"like a plate of sticky noodles," says Daugman. These fibers congeal into a random arrangement in the iris before a person is born.
Daugman's camera uses infrared light to image the iris and then creates a digital code based on the iris's fiber pattern. (The technique, says Daugman, is not to be confused with retinal scanning, which looks at blood vessel patterns in the back of the eye and requires a person to put his eye right up to a camera. With this device, the camera can be as much as three feet away.)
In 30 million comparisons, Daugman has never found any two irises that are the same or matched a person with the wrong iris. This is not surprising, he says, considering that irises are even more distinctly individual than a person's DNA. Your left and right eye, for example, have different iris patterns, as do the eyes of identical twins.
The camera can't be fooled by photos--a living pupil opens and closes a minute amount all the time, and Daugman's system looks for this. The device can search a database of 100,000 iris codes in a second.
E-maladies A computer virus that could hide in an innocent-looking e-mail message, slip past antivirus software, and erase the files on your hard drive would be a hacker's dream--and a nightmare for the rest of us. Fortunately, there is no such virus--yet.
But in July, computer engineer Marko Laakso and his colleagues at the University of Oulu in Finland found a worrisome security hole in three popular e-mail programs--Microsoft Outlook Express, Outlook 98, and Netscape Mail. A clever hacker, the Finnish researchers warned, could exploit this flaw and transform an ordinary bit of e-mail into a carrier for a data-destroying virus.
The flaw arose not from some fancy new software feature but from an old problem common to many e-mail programs. The programs' designers assumed that the name of an e-mail attachment (something linked to the message, such as another document or an image) would be fairly short, so they set a 200-character limit for the length of the name. If the name exceeds that limit, the extra data could cause your computer to crash or possibly even instruct it to run a rogue program hidden in the e-mail.
"It's a common flaw, but one that's easy to fix," says security specialist William Orvis of the Computer Incident Advisory Capability at the Lawrence Livermore National Laboratory in California. The almost embarrassingly simple solution is to rewrite the software so that the program shortens names longer than 200 characters.
Microsoft and Netscape quickly publicized the problem and offered free corrective software on their Web sites. A few days later, Qualcomm announced that its popular Eudora e-mail software contained a different flaw, which could allow a seemingly innocuous Web link contained in an e-mail message to trigger a virus program. The solution again was relatively simple. Despite the quick fixes, however, the media and the Internet buzzed with news of a frightening-sounding and pervasive vulnerability.
Those fears were largely groundless, says Orvis, who points out that there has never been a documented case of a virus infecting a computer as a result of someone reading e-mail. "I haven't heard of anyone bitten by this attack," he says. "Not that many people know how to exploit it. And if you did, the FBI would be on your case very quickly."
Much of the negative media coverage focused on everybody's favorite villain, Microsoft. The software giant was charged with skimping on security and offering an initial software fix that did not cover all the potential weak spots in its Outlook e-mail programs. But Laakso cautions that "most of the major vendors make the same kind of mistake." Moreover, other computer security problems are far more serious than the threat posed by e-mail viruses.
Shawn Hernan, who works at the Computer Emergency Response Team at Carnegie Mellon, points to the much greater danger of intruders who hack their way into Internet service providers--the companies that provide connections to the Internet. He notes that CERT has received reports of interlopers invading computer systems operated by hospitals, corporations, and software vendors. Hernan blames these broader security problems on sloppiness among the companies that develop and sell the susceptible software--and on the people who buy their products.
"They produce what the public demands: feature-rich, faster, easier-to-use products," he says. Security usually ranks very low on the list of consumer concerns.
People and companies that depend seriously on the sanctity of their communications will need to be more cautious, says Orvis. He gives this advice: Be careful and be prepared (in other words, don't ever take candy--or any free software--from strangers, and don't leave the only copy of your magnum opus on your hard drive). Keeping on top of software updates and paying close attention to security advisories will also help.
That may seem like an awful lot of effort to the casual computer user. But when it comes to computer security, the options are few. People could choose to disconnect from the Internet--an isolated computer is, after all, a completely secure one. Or they could just accept that sometimes things will go wrong.--Corey S. Powell
Tomorrow's Tubes Ever since they were discovered in 1991, carbon nanotubes--cylindrical molecules of graphite that look a bit like rolled-up chicken wire--have been touted as the material of the future. Pound for pound, carbon nanotubes are about a hundred times stronger than steel and transport heat better than any other known material. But while bridges suspended from whisker-thin nanotube cables are probably some decades away, a newly discovered realm of application for the strange molecules--electronics--may be at hand.
When a carbon atom links up with neighboring carbons to make a sheet of graphite, some of the atoms' electrons are left unbound, free to roam around and conduct electricity throughout the sheet. Because carbon nanotubes are simply graphite tubes, it was not very surprising that they could also conduct electricity.
But in June, Walter de Heer and his colleagues at Georgia Tech found that nanotubes can do something no ordinary wire can do--conduct electricity with almost no resistance at room temperature. While nanotubes are not superconductors (the current in a superconductor, unlike that in nanotubes, continues to flow even when the power source is shut off), their highly regular molecular structure allows electrons to flow freely without losing energy in collisions with stray atoms. Resistance-free nanotube wires could greatly reduce the size of electronic components.
Other research groups found equally surprising properties. In January, teams at Harvard and at Delft University of Technology in the Netherlands demonstrated that nanotubes made of a single layer of carbon could conduct electricity either like a metal or like a semiconductor, depending on the alignment of carbon atoms in the nanotube. By May, Cees Dekker of the Delft team had managed to rig up the world's first nanotube transistor; it was less than a tenth the size of a conventional semiconductor transistor.
Physicists are already talking about stringing together nanotubes to create carbon-based molecular electronic devices to replace the ubiquitous silicon-based computer chips. Says Walter de Heer: "There's a new era of electronics waiting for us." --Jeffrey Winters