Directory: Security

00-02-00-CACM-IdentityTheftSocialSecurityNumbersAndTheWeb.txt
00-04-00-CACM-IntrusionDetectionAndMultisensoryDataFusion.txt
00-04-00-CACM-SecuringUserPasswords.txt
00-05-00-CACM-InternetUseISRiddlesWithVulnerabilities.txt
00-06-00-ACMNetWorker-SecurityIsAnImperfectArt.txt
00-06-00-CACM-InformationSystemSecurityManagement.txt
00-09-00-ACMNetWorker-IsAnybodyDoingAnythingAboutInternetSecurity.txt
00-09-00-CACM-UsingVoiceToVerifyPersonalIdentity.txt
01-02-00-CACM-AnOperatingSystemApproachToSecuringEServices.txt
01-02-00-CACM-ConsideringTrustAssumptionsDuringSoftwareDevelopment.txt
01-02-00-CACM-IntroductionToSecuringSoftwareApplications.txt
01-02-00-CACM-SecurityAndPrivacyIssuesInMobileECommerce.txt
01-02-00-CACM-UsingAccessControlApproachesForSecureWebApplication.txt
01-03-00-CACM-FutureComputerSoftwareWillBeConstrainedByInsuranceConsiderations.txt
01-03-00-CACM-IsThereAFixInSightForComputerSecurity.txt
01-04-00-CACM-AnOrganizatonToRateComputerSecurityIsABadIdea.txt
01-05-00-ACMUbiquity-LowFacultySalariesAndShortageOfSecuritySpecialists.txt
01-08-00-CACM-AProcessControlApproachToCyberAttackDetection.txt
01-08-00-CACM-RisksInEmailSecurity.txt
01-09-00-CACM-SecurityIssuesForElectronicMedicalRecords.txt
01-10-00-ACMUbiquity-PeterNeumannOnSecurityVulnerabilities.txt
01-11-08-Reuters-Hack-Bank.txt
01-11-13-Wired-ICANN.txt
01-11-17-SFCron-Internet.txt
01-11-26-ZDNet-Google.txt
01-12-00-CACM-CodeRedWorm-MaliciousSoftwareKnowsNoBounds.txt
01-12-04-AP-SecuritySW.txt
01-12-04-Reuters-InfrastructureMap.txt
01-12-05-WashPost-MCI.txt
01-12-11-ComputerWorld-NIPC-DNS.txt
01-12-12-WashPost-NetSecBill.txt
01-12-14-WashPost-CyberCrimeBill.txt
01-12-17-SJMerc-802.11Crypto.txt
01-12-22-SJMerc-MSXPPnP.txt
02-01-02-BusWeek-Changes.txt
02-01-07-WiredDigital-VirusWriters.txt
02-01-08-MSNBC-WinUPnP.txt
02-01-08-SecurityFocus-NASRept.txt
02-01-14-eWeek-SWLiability.txt
02-01-14-InfoWeek-DrversLicenseID.txt
02-01-14-LATimes-MS-Security.txt
02-01-14-LATimes-MSWindows.txt
02-01-18-SJMerc-China.txt
02-01-19-SJMerc-DG-WebServices.txt
02-01-20-SJMerc-Internet.txt
02-01-23-WashPost-CrossSiteScriptAttacks.txt
02-01-29-DJMerc-MSPassport.txt
02-01-29-EPIC-MSPassport.txt
02-01-29-PCWorld-CybersecurityBills.txt
02-01-29-WashPost-MSPassportBug.txt
02-01-31-CSTB-InfrastructureSecurity.txt
02-02-04-IDG-NIPC.txt
02-02-07-SJMerc-CyberSecurityBill.txt
02-02-08-WashPost-HR3482-CybeSecEnhance.txt
02-02-08-WasPost-WhiteHouseAdvisertxt.txt
02-02-12-Wired-CyberSecEnhance-CSEA.txt
02-02-14-Reuters-ElecSignatures.txt
02-02-19-InfoWorld-CyberSecurityCzar.txt
02-02-23-SJMerc-BuiltInPCSecurity.txt
02-02-27-SJMerc-DisneyFundsGilian.txt
02-02-27-Wired-CyberSecEnhanceAct-CSEA.txt
02-03-00-ACMNetWorker-ExAndTrustedEmployeesMayBeGreatestThreatsToNetworkSecurity.txt
02-03-04-UnknownSource-FOIA-Exemption-CyberSecurity.txt
02-03-12-USAToday-MS-AirForceSecurity.txt
02-04-00-CACM-ManyPCSecurityProblemsRemainUnaddressed.txt
02-04-00-CACM-TechnicalAspectsUnderlyingInternetSecurityAndPrivacy.txt
02-04-08-EWeek-EGovTechChallenges.txt
02-04-17-Wired-ArgentineHackerLaw.txt
02-04-20-UPenn-Dyson.txt
02-04-22-EETimes-InternetSecurityIssues.txt
02-05-12-NYT-Markoff-SmartCardsCracked.txt
02-05-14-CNETNews-SuccessfulHackers.txt
02-05-17-NYT-ExperianCreditDataStolen.txt
02-06-03-CNETNews-MITStudentHacksXBox.txt
02-06-03-SJMerc-MITStudentHacksXBox.txt
02-06-04-TheRegister-MITStudentHacksXBox.txt
02-06-06-TheRegister-SecurityThruObsolescence.txt
02-06-07-NYT-Markoff-KaZaASecurityHole.txt
02-06-13-CanberraTimes-ThumbprintSystemProblems.txt
02-06-19-InfoWorld-FedsUrgePrivateAction.txt
02-06-24-InfoWorld-MS-Palladium-DRM.txt
02-06-24-TheRegister-2-MS-Palladium-DRM.txt
02-06-24-TheRegister-MS-Palladium-DRM.txt
02-06-25-TheRegister-Palladium-GPL.txt
02-06-26-ExtremeTech-MS-Palladium-AMD-MotherboardDesign.txt
02-06-26-NewsFactor-PurdueSelfHealingSoftware.txt
02-06-26-RossAnderson-TCPA-PalladiumFAQs.txt
02-06-27-WashPost-MS-Palladium.txt
02-07-01-Newsweek-MS-Palladium-DRM.txt
02-07-02-SJMerc-MS-EU-PalladiumAntitrust.txt
02-07-04-WashPost-CyberSecurityNeeded.txt
02-07-08-ActiveWin-PalladiumExplained-TCPA.txt
02-07-08-BostonGlobe-TCPA-Palladium.txt
02-07-08-PCWorld-MSPalladiumDiscussionOpen.txt
02-07-09-NetworkWorldFusion-CyberCatastrophePredicted.txt
02-07-09-RossAnderson-UpdatedTCPA-PalladiumFAQs.txt
02-07-10-SJMerc-OutlookPGPPluginBug.txt
02-07-15-LibertyAlliance-1.0Spec.txt
02-07-15-SJMerc-CybercrimeBill-HR3482.txt
02-07-19-CIOInsight-WirelessNetworkSecurityIssues.txt
02-07-20-SJMerc-DG-MSPalladium.txt
02-07-29-PCWorld-MSRevealsPalladiumDetails.txt
02-07-30-CNETNews-HPUsesDMCAforSecurityThreat.txt
02-07-31-AP-BushAdvisorEncouragesHackers.txt
02-07-31-CNETNews-SecurityCzarBlamesISPsAndSWMakers.txt
02-08-01-CNETNews-HP-BacksDown-DMCA.txt
02-08-01-HPPressRelease-HP-BacksDown-DMCA.txt
02-08-03-SJMerc-DG-HPComesToItsSenses-DMCA.txt
02-08-03-SJMerc-HackBackCounterattack.txt
02-08-05-SJMerc-JapanNationaID-GlitchesProtests.txt
02-08-22-WashPost-CyberwarfareRulesAndConsumerBroadband.txt
02-09-00-ACMNetWorker-SecuritRisksInWebServices.txt
02-09-00-ACM-USACMVoiceInSecurityAndPrivacy.txt
02-09-00-AtlanticMonthly-HomelandInsecurity.txt
02-09-08-SJMerc-DG-SecurityPoliciesNeeded-BroadbandDecentralization-EnergyIndependence.txt
02-09-09-ComputerWorld-WardriveFindsManyUnsecuredWirelessLANs.txt
02-09-17-SJMerc-DG-FederalSecurityPlanForControlFreaks.txt
02-09-17-SJMerc-VoluntaryFedPlanHasCritics.txt
02-09-18-SFChronicle-CybersecurotyChiefDefendsPlan.txt
02-09-24-Wired-BermanBillDebate.txt
02-10-00-CACM-QualityRatherThanQuantityForComputerSecurity.txt
02-10-00-CACM-ShouldInternetSecurityTechnologiesBeBlendedWithBiometrics.txt
02-10-07-Markle-TaskForce-ProtectingFreedomInInfoAge.txt
02-10-17-BostonGlobe-CyberCzarCommentsOnDMCAAndSecurityIssues.txt
02-10-17-CyberSecurity-CyberCzarCommentsOnDMCAAndSecurityIssues.txt
02-10-20-Cryptome-Reinhold-PalladiumPresentationAtUCB.txt
02-10-21-Cryptome-ReviewOfMSPalladiumMITTalk.txt
02-10-21-NewsForge-Stallman-TrustedComputingTakesControlFromUser.txt
02-10-21-NewsForge-Stallman-trustedComputing.txt
02-10-23-PCWorld-DNSRootServerAttackCouldBeFirstOfMany.txt
02-10-24-ComputerWorld-CrockerOnDNSServerAttack.txt
02-10-31-Reuters-WiFiSecurityUpgrade.txt
02-11-00-ACMUbiquity-AreECommerceSecurityMeasureWorthTheTrouble.txt
02-11-00-WashMonthly-CyberTerrorismNotLethal.txt
02-11-02-ACMUbiquity-TheFutureOfInternetSecurity.txt
02-11-03-AP-TrustedComputing-UsersCedeControl.txt
02-11-03-STMerc-CriticsSayTrustedComputingThreatensConsumerFreedom.txt
02-11-08-CNETNews-VoteNearOnCyberSecurityRandDAct.txt
02-11-11-NewScientist-TechChangesCouldStopAttacksOnP2P.txt
02-11-13-CNETNews-CyberSecurityEnhancementAct-CSEA.txt
02-11-13-Wired-HousePassesCyberSecurityRandDAct.txt
02-11-14-Wired-CriticsBashStudyShowingDecreaseInHackAttacks.txt
02-11-15-ACMUbiquity-AreECommerceSecurityMeasuresWorthIt.txt
02-11-20-ALA-HomelandSecurityAndTotalInfoAwareness.txt
02-11-20-CNETNews-TechAspectsOfHomelandsecurityLaw.txt
02-11-20-SJMerc-TotalInfoAwareness-Concerns.txt
02-11-20-UPI-InternetNeedsWorkAfter9-11.txt
02-11-22-EWeek-ITIndustryWarnsAgainstRegulation.txt
02-11-25-NewsFactor-NewApproachesToSecurityPatchesNeeded.txt
02-12-00-CACM-WhySecurityStandardsSometimesFail.txt
02-12-02-ZDNet-Schneier-NoSecurityMagicAvailable.txt
02-12-06-SJMerc-TelcomIndustryOutlinesSecurityPlans.txt
02-12-06-Wired-FedsSayWiFiSecurityThreat.txt
02-12-10-PCWorld-FinancialInstitutionsTackleCybersecurity.txt
02-12-11-MSNBC-SpamAndVirusesIncreasingProblem.txt
02-12-16-SJMerc-DMCA-TIA-P2PPiracyBill-UndermineCybersecurity.txt
02-12-19-SJMerc-WebActivistsWatchTIAsPoindexter.txt
02-12-20-DARPA-InfoAwarenessOffice-IAO.txt
02-12-20-MSNBC-AdminSaysCyberspaceProtectionPlanWontInvadePrivacy.txt
02-12-20-NYT-Markoff-BushAdminProposesInternetMonitoringSystem.txt
02-12-20-Reuters-WhiteHouseSaysWebSecurityPlanWontInvadePrivacy.txt
02-12-20-Wired-TerroristsUnlikelyToDamageNet.txt
02-12-30-NYT-TamingTheTaskOfCheckingTerroristsNames.txt
02-12-31-TechNews-TechPoliciesInThe107thCongress.txt
03-01-02-AOL-UnivResearchersTurnDownGrantsWithRestrictions.txt
03-01-03-ComputerWorld-Cyberthreats-WarnsClarke.txt
03-01-03-Wired-WhyRIAAKeepsGettingHacked.txt
03-01-07-WashPost-GovernmentParesBackSecurityInitiative.txt
03-01-08-PCWorld-RevisedCyberSecurityPlanPosesProblems.txt
03-01-08-ZDNet-RootServerDDoSAttacks.txt
03-01-09-InternetWeek-Doctorow-MaliciousWiFiInternetAccessIsNonsense.txt
03-01-09-ITManagement-CyberSecurityRDActGoodIfFunded.txt
03-01-11-TheRegister-RIAASiteDefacedAgain.txt
03-01-12-ESecurityPlanet-InternetThreatsWillGetWorse.txt
03-01-13-DCInternet-OpenWebAppSecurityProjIssuesTopWebVulnerabilities.txt
03-01-13-FedCompWeek-WiFiProtectedAccess-WPA-BetterThanWEP.txt
03-01-13-SecurityFocus-USSentencingCommAsksInputOnHackers.txt
03-01-15-CNETNews-OldHardDrivesStillContainData.txt
03-01-15-Yahoo-OldHardDrivesStillContainData.txt
03-01-24-CNETNews-MSDropsPalladiumName.txt
03-01-24-SJMerc-DG-MSDropsPalladiumName.txt
03-01-27-TheRegister-MSDropsPalladiumName.txt
03-01-29-CNETNews-BushProposesTerroristThreatIntegrationCenter.txt
03-01-30-ComputerWorld-I3P-ConsortiumPromotesCybersecurityResearch.txt
03-01-31-WashPost-FedsBulidingInternetMonitoringCenter-GEWIS.txt
03-01-31-ZDNet-MSFailsToProtectAgainstSQLSlammer.txt
03-02-00-BusCommRev-ExpertsCiteSeveralReasonsForPoorInternetSecurity.txt
03-02-03-PCWorld-VulnerabilitiesIncreaseButNetAttacksDown.txt
03-02-04-eWeek-LatestCybersecurityPlanCountsOnPrivateSector.txt
03-02-06-NewsFactor-ASUReserchersSayCascadingFailuresCouldCrashInternet.txt
03-02-07-WasPost-BushOrdersCyberWarfareGuidelines.txt
03-02-10-SJMerc-MakeCompaniesLiableForSoftwareSecurityProblems.txt
03-02-13-StarTrib-SomeExpertsSayCyberterrorismUnlikely.txt
03-02-15-WashPost-BushCybersecurityPlanLeavesItToIndustry.txt
03-02-17-FoxNews-108thCongressPreparesTechAgenda.txt
03-02-19-ChicagoTrib-HackerAccesses8MillionCreditCardRecords.txt
03-02-20-CNETNews-CriminalDefenseLawyersAndEFFSayHackersSentencesTooHarsh.txt
03-02-21-TheRegister-InsidersCouldEasilyGuessATM-PINs.txt
03-02-25-SJMerc-WiFiHotspotsCouldLeadToHacking.txt
03-02-26-SJMerc-CountyEVotingPlansAdvanceInSpiteOfConcerns.txt
03-02-27-CNETNews-AttorneySaysHackingAttackingComputersMayBeLegal.txt
03-03-00-CACM-FirewallsHaveManyHoles.txt
03-03-00-CACM-UsingInsuranceForCyberRiskManagement.txt
03-03-03-CalAggie-UCDResearchersTackleComputerSecurity.txt
03-03-03-Computerworld-MajorVulnerabilityInSendmailDiscovered.txt
03-03-03-SJMerc-GovtPublicationRestrcitionsStallScientificResearch.txt
03-03-03-SJMerc-SecurityRestrictingSciencePublicationAndTravel.txt
03-03-11-SecurityFocus-HomelandSecuritySybersecurityEffortsDoubted.txt
03-03-13-Yahoo-CMU-SCCWorkshopOnWirelessTrustAndDependability.txt
03-03-14-CeBITPanelSaysBombsMoreLikelyThanCyberterrorism.txt
03-03-15-Wired-NRICSaysBusinessesMustGetSeriousAboutNetworkSecurity.txt
03-03-18-WashPost-USHeightensCybersecurityMonitoring.txt
03-03-20-Fortune-WeAreVulnerableToCyberAttacks.txt
03-03-20-NewsFactor-InternetStillNotSecure.txt
03-03-20-PCWorld-CongressionalBriefing-Security-Privacy.txt
03-03-21-ChronHighEdu-Shibboleth-Internet2-Authentication.txt
03-03-21-Computerworld-DNSSec-AttemptsToStopSophisticatedDOSAttacks.txt
03-03-24-WaskTech-SomeSayBushAdminMovesDowngradeCyberSecurity.txt
03-03-25-NAS-NRDReport-IdentityVerificationAndPrivacy.txt
03-03-25-NewsFactor-WPAWillNotMakeWiFiSecure.txt
03-03-26-Felten-StatesIntroBillsToExtendDMCAToFirewalls.txt
03-03-26-WSJ-IraqWarCausesMoreWebSiteDefacementHacking.txt
03-03-31-Provos-WebPagesMovedOffshore-MichSuperDMCA.txt
03-04-00-ACMUbiquity-InsecureInformationSubmissionMethodsDisourageApplicants.txt
03-04-00-IEEESpectrum-UpdatingElectronicSurveillanceSystems.txt
03-04-01-EETimes-ConnectedRealTineSystemsHaveSecurityNeeds.txt
03-04-01-EETimes-DNSNeedsBetterSecurity.txt
03-04-01-PCWorld-CFP2003-SecurityVsPrivacy.txt
03-04-02-InternetWeek-MSNeedsToImproveAppsSecurity.txt
03-04-02-PCWorld-FedOfficialDefendsBushCybersecurityPlan.txt
03-04-04-NetMag-Honeypots-StrategiesAndIssues.txt
03-04-08-GovtCompNews-DebateOverCybersecurityResources.txt
03-04-08-TechDaily-DebateOverCybersecurityResources.txt
03-04-09-WashPost-DebateOverCybersecurityResources.txt
03-04-10-SFGate-CFP03FocussesonCivilLibertiesIssues.txt
03-04-11-CNETNews-HoneypotsGetBetter.txt
03-04-11-ComputerWorld-RSA2003Conf-IntrusionPrevention.txt
03-04-11-PCWorld-HomelandSecuritySeeksTechSolutions.txt
03-04-12-FreedomToTinker-MPAA-StateSuperDMCALaws.txt
03-04-14-EFF-MPAA-StateSuperDMCALawsOpposed.txt
03-04-14-NYT-DOSAttackUsingTheUSPS.txt
03-04-14-SJMerc-DG-DMCAUsedToStopIDCardPresentation.txt
03-04-14-Slashdot-DMCAUsedToStopIDCardPresentation.txt
03-04-14-TheRegister-StateDMCALawsPreventAnonymousCommunications.txt
03-04-15-Counterpane-DOSAttackUsingTheUSPS.txt
03-04-15-EETimes-MS-EnSCB-UsersDontGetControlOfKeys.txt
03-04-15-InternetWeek-Sun-SymantecUnveilIntrusionDetection.txt
03-04-15-TheRegister-Sun-SymantecUnveilIntrusionDetection.txt
03-04-16-CNETNews-HomelandSecurityAsksIndustryForData.txt
03-04-16-MplsStarTrib-GovtAndIndustryPartnerToFightCyberterrorism.txt
03-04-16-PCWorld-ExpertWarnsOfCyberthreats.txt
03-04-16-SJMerc-DG-HoneypotTrapsRaiseLegalAndEthicalIssues.txt
03-04-17-BusWeek-ShouldHackersBeHired.txt
03-04-17-SJMerc-DMCAUsedToStopIDCardPresentation.txt
03-04-17-SJMerc-InternetUsersHaveToolsToProtectThemselves.txt
03-04-17-TheRegister-EmployeesQuickToGivePasswords.txt
03-04-25-SmallTimes-PARC-NSF-SensorNetsIssues.txt
03-04-27-CNN-TooMuchBuggySoftware.txt
03-04-28-NYT-HoneynetProjectSetToCatchHackers.txt
03-04-29-WIred-NHBillWouldLegalizeAccessToOpenWirelessNets.txt
03-05-00-CACM-802DOT11bWirelessNetworkingSecurity-AccessPointMapping.txt
03-05-00-CACM-IntroductionToWirelessNetworkingSecurity.txt
03-05-00-CACM-WirelessSecurityFlawsIn802DOT11.txt
03-05-03-NetMag-CybersecurityEarlyWarningSystems.txt
03-05-06-SJMerc-Gates-FutureMSSecurityWillBeOptional.txt
03-05-07-PFIR-TripoliProj-NewEmailEnvironment.txt
03-05-08-CNETNews-MSPassportFacesPossibleFTCAction.txt
03-05-08-PFIR-TripoliProj-NewEmailEnvironment.txt
03-05-08-WashPost-PARC-TIA-PrivacyProject.txt
03-05-13-CNETNews-ProposalsToCurbDOSAttacks.txt
03-05-13-PCWorld-NewOrgToDevelopWirelessSecurityStandards.txt
03-05-13-SecFocus-ACM-UrgesDMCASecurityResearchExemption.txt
03-05-13-SecFocus-ResearchersWantDMCAExemption.txt
03-05-14-SJMerc-USVulnerableToCyberAttack.txt
03-05-14-Wired-MS-NGSCB-UsersCanOptOut.txt
03-05-16-CNETNews-IRCOperatorsStopVirus.txt
03-05-18-WashPost-RussianHackersTurnToCrime.txt
03-05-20-NewScientist-GPSDataCouldStopWirelessAttack.txt
03-05-20-NYT-SpammersUseUnprotectedComputersToRoute.txt
03-05-22-PCWorld-CyberDefense-MoreFundingNeeded.txt
03-05-28-PCWorld-StudySaysCIABehindInInfoTech.txt
03-05-29-NYT-TeensEnlistedHasWhiteHatHackers.txt
03-06-00-CACM-AnalyzingDirectAndIndirectSecurityCosts.txt
03-06-00-CACM-TaxonomyOfSecurityConsiderationsAndSoftwareQuality.txt
03-06-02-ZDNet-Farber-CybersecurityImprovementsNeeded.txt
03-06-16-WSJ-CalLawRequiresNotifactionOfIntrusions.txt
03-06-17-SenJudiciary-TheDarkSideOfP2P.txt
03-06-18-NCNewsObs-CybersecurityFundsAttractResearchers.txt
03-06-18-SecFocus-Bluetooth1.2RaisesSecurityIssues.txt
03-06-24-MSNBC-HijackersTakingOverInternetAddresses.txt
03-06-26-ZDNet-GatesSaysTechWillHelpPrivacyAndSecurity.txt
03-06-27-SJMerc-PaloAltoSchoolsWiFiNetworkOpen.txt
03-06-27-TheWhir-EUCyberSecurityPlan.txt
03-06-29-NYT-TrustedComputingIssues.txt
03-06-30-Wired-NewHomelandSecPrivacyOfficer.txt
03-07-00-CACM-PFIRES-APolicyFrameworkForInformationSecurity.txt
03-07-08-AusITNews-InternetAttacksJustStarting.txt
03-07-08-CompWeekly-ProblemsWithBiometrics.txt
03-07-08-NWFusion-IBM-MS-PublishWebServicesSpec.txt
03-07-09-CNETNews-IBM-MS-PublishWebServicesSpec.txt
03-07-09-PCWorld-USFarFromSecuringCyberspace.txt
03-07-11-NYT-HackersHijackPCsForSexSites.txt
03-07-11-PCWorld-CybersecurityLawsExpected.txt
03-07-15-InetWeek-USCybersecurityEffortsLacking.txt
03-07-15-MSNBC-HomeComputersHijackedToServePornography.txt
03-07-22-MissStateU-MSUComputerSecurityCapabilities.txt
03-07-23-TechNewsWorld-NewWindowsPasswordCracking.txt
03-07-24-NYT-ResearchersFindDieboldEVotingProblems.txt
03-07-25-KohoEtc-AnalysisOfAnElecVotingSystem.txt
03-07-26-SJMerc-DG-MDOfficialsIgnoreEVotingWoes.txt
03-07-26-WashPost-MDOfficials-EVotingOK.txt
03-07-28-CNETNews-CERTInvestigatesSecurityPlan.txt
03-07-28-NYT-DODPreparesTerroristFuturesMarket.txt
03-07-29-NYT-DODCancelsTerroristFuturesMarket.txt
03-07-30-CNETNews-TheStateOfSecurity.txt
03-07-30-CNN-FuturesContractsOnPoindexter.txt
03-07-30-US-DHS-PotentialForImpactFromMS-Windows.txt
03-07-31-CNETNews-HomelandSecurity-HSARPA.txt
03-07-31-ITMgmt-AlertForLargeScaleHackerAttacks.txt
03-08-00-CACM-MoreEffectiveSecurityByIdentifyingAndRankingSeverityOfThreats.txt
03-08-00-GovTech-FaifaxVAUsesWiFiEvotingMachines.txt
03-08-01-ALA-BillsToCurbUSAPatriotsActPowers.txt
03-08-01-CNETNews-CanSMTPStopSpam.txt
03-08-04-DenPost-BusinessUnderReportsHackAttacks.txt
03-08-04-InetWeek-SWVulnerabilitiesHaveHalfLife.txt
03-08-04-PCWorld-SachsInterview-DHSCyberExec.txt
03-08-04-Wired-EVotingMachineVulnerabilities.txt
03-08-05-Wired-EVotingLawsuitToFedAppealsCourt.txt
03-08-06-GovtCompNews-CyberSecurityResearch.txt
03-08-06-NewsFact-InternetSecurityIssues.txt
03-08-07-BaltoSun-MDToReviewE-votingPlans.txt
03-08-11-NewSci-BluetoothSecurityIssues.txt
03-08-11-WashPost-ProblemsWithE-Voting.txt
03-08-13-BusStd-DNSCanBeEnhanceSecurity.txt
03-08-15-InfoWorld-CybersecurityMandatesMayBeNeeded.txt
03-08-15-NewsFactor-NetworksSurvivePowerBlackout.txt
03-08-19-SJMerc-HomeUsersVulnerableToSobigVirus.txt
03-08-20-SJMerc-Sobig-BlasterVirusesSpreadFast.txt
03-08-20-SJMerc-VirusShutsDownCSXSignalSystem.txt
03-08-21-WashPost-PoorSoftwareSpeadsViruses.txt
03-08-21-Wired-SoftwarePatchesNotAnswerToSecurity.txt
03-08-22-WashPost-InfectionsSlowNetworks.txt
03-08-23-SJMerc-DG-IsThisTheEndOfEmail.txt
03-08-25-BaltoSun-ResearcherCriticalOfEVotingCode.txt
03-08-25-SeaTimes-ArrestDueInBlasterWormCase.txt
03-08-26-WSJ-VirusesAWakeUpCallForSWIndustry.txt
03-08-27-ABCNews-CanPCsAutomaticallyDefendAgainstThreats.txt
03-08-27-NYT-ResearchersTryToStayAheadOfWorms.txt
03-08-28-WashPost-VirusProtectionMayMoveToServers.txt
03-08-29-SJMerc-BlasterWormWriterToBeArrested.txt
03-08-30-BosGlobe-FBIArrestsBlasterWormSuspect.txt
03-09-00-CACM-SecurityAndPrivacyIssuesInHandheldAndWearableDevices.txt
03-09-00-NAP-Neuman-ComputerSecurityIssues.txt
03-09-01-InfoWeek-Viruses-AWorldwideProblem.txt
03-09-01-NYT-FedsCallForCybersecurityOversight.txt
03-09-01-VNUNet-FBIArrestsStupidBlasterWormSuspect.txt
03-09-02-MSNBC-InterviewWithBlasterWormSuspect.txt
03-09-03-NewSci-AntiVirusSoftwareInadequate.txt
03-09-04-CompWorld-CongressProposesCybersecurityReportingLaw.txt
03-09-04-SFChron-MoreWormsAndVirusesComing.txt
03-09-04-SJMerc-FTCWarns-IdentityTheftGrowing.txt
03-09-04-SJMerc-SecondBlasterWormArrest.txt
03-09-04-Wired-ReturningStudentComputersUnleashViruses.txt
03-09-06-NewSci-StudyIdentifiesImageAntiTamperingSteps.txt
03-09-08-BusWeek-VirusesReachEpidemicProportions.txt
03-09-08-InfoWeek-HackerForHireAtWork.txt
03-09-10-MSNBC-DieboldOpticalVotingResultsSentToWebsite.txt
03-09-11-PCWorld-HouseWitnessesSuggestSecurityApproaches.txt
03-09-11-TechNewsWorld-IssuesWithBiometrics.txt
03-09-11-Wired-HouseWitnessesSuggestSecurityApproaches.txt
03-09-12-MSNBC-WirelessWebCouldAidInEmergencies.txt
03-09-12-TorontoStar-CybersecurityThreats.txt
03-09-14-SeattleTimes-MSIssuesNewPatchForFlawExploitedByBlaster.txt
03-09-15-CompWorld-SoftwareQualityMeasuresWillImproveSecuity.txt
03-09-16-BusWeek-NewApproachesNeededForNetSecurity.txt
03-09-16-NewsFactor-InternetWorms-WorstIsYetToCome.txt
03-09-17-SJMerc-BlasterWormAccusedPleadsNotGuilty.txt
03-09-18-PCWorld-SwenWormPosesAsMSPatch.txt
03-09-18-SJMerc-MelissaVirusWriterCooperatedWithFBI.txt
03-09-18-Wired-MarylandSaysDieboldVotingSystemOK.txt
03-09-18-ZDNet-SwenWormPosesAsMSPatch.txt
03-09-23-ABCNews-SomeFearTerroristCyberAttacks.txt
03-09-23-RMSmith-IESupercookiesBypassP3PAndCookieControls.txt
03-09-23-Salon-DieboldVotingSystemAnInvitationToFraud.txt
03-09-24-CNETNews-ReportBlamesMSForSecurityProblems.txt
03-09-24-InfoWorld-USImmigrationSystemHitByWelchiaWorm.txt
03-09-24-WashPost-ReportBlamesMSForSecurityProblems.txt
03-09-25-Reuters-AntiSpamWebsitesShutDownByAttack.txt
03-09-25-TheReg-AntiSpamWebsitesShutDownByAttackLinedToSobig.txt
03-09-25-Wired-MarylandSaysDieboldVotingSystemOK.txt
03-09-25-Wired-MSDominanceThreatensCyberSecurity.txt
03-09-28-SJMerc-DG-InternetHasGoodGuysAndBadGuys.txt
03-10-00-CACM-RisksInTrustingSystemsThatMightNotBeTrustworthy.txt
03-10-00-FBI-RegionalComputerForensicLabs.txt
03-10-02-Baseline-CalifEVotingCertificationIssues.txt
03-10-03-EWeek-MSVulnerabilitiesBlamedForTheftOfSourceCode.txt
03-10-04-ECommTimes-BecomingSecurityExpertMightBreakLaws.txt
03-10-06-Wired-DieboldEVotingMachinesFlawed.txt
03-10-08-CompWorld-ConsensusIdentifiesTop20NetVulnerabilities.txt
03-10-08-FBI-RegionalComputerForensicLabs-PressRelease.txt
03-10-08-TechNewsWorld-SwenWormPosesAsMSPatch.txt
03-10-09-CNETNews-MSSaysSecurityImprovementsWillTakeTime.txt
03-10-09-MS-BlamerOnSecuityAndOtherIssues.txt
03-10-10-DCMil-DDenningDiscussesCybersecurity.txt
03-10-10-SJMerc-MSSaysSecurityImprovementsWillTakeTime.txt
03-10-10-TheReg-MSSaysSecurityImprovementsWillTakeTime.txt
03-10-13-Wired-WorkerSaysDieboldInstalledUnauditedSWPatch.txt
03-10-15-CBR-DNSRootServerSecurityImprovementNeeded.txt
03-10-15-UPI-InternetIsIndispensableAndVulnerable.txt
03-10-16-PCMag-SecurityExpertDiscussessIssues.txt
03-10-20-CNETNews-NewBillWOuldRequireDownloadWarnings.txt
03-10-20-INetWeek-MSBallmerDiscussesSecurityIssues.txt
03-10-21-CNETNews-MSBallmerDiscussesSecurityIssues.txt
03-10-21-CRN-MSBallmerDiscussesSecurityIssues.txt
03-10-22-CMU-NewCybersecurityCenterAnnounced.txt
03-10-22-GrokLaw-MSExecSaysCommercialSoftwareIsMoreSecure.txt
03-10-22-NewsFact-MSToutsNewWindowsSecurity.txt
03-10-23-NYT-PlanetLabServersWatchNetForAttacks.txt
03-10-27-NWFusion-DNSRootServersUseAnycastToStopDoSAttacks.txt
03-10-28-CalgaryHerald-GatesToutsNewWindowsSecurity.txt
03-10-29-ACMUbiquity-FirewallSoftwareWillNeedAddOns.txt
03-11-00-CACM-TheMythOfComputerSecurityByKeepingSoftwareSecret.txt
03-11-03-CalifHaltsAuditOfDieboldEVotingMachines.txt
03-11-03-MSNBC-EVotingIssues.txt
03-11-03-SFChron-UCN-USCResearchersToModelTheInternet.txt
03-11-04-CNETNews-MSOffersRewardsToStopViruses.txt
03-11-04-WashPost-DNSRootServersStillVulnerableToDDoSAttacks.txt
03-11-05-ITMgmt-ITManagersConcernedAboutWirelessSecurity.txt
03-11-05-PRNewsWire-MSOffersRewardsToStopViruses.txt
03-11-05-SJMerc-MSOffersRewardsToStopViruses.txt
03-11-06-PCWorld-LawmakerSuggestsRequiredAntivirusSoftware.txt
03-11-06-TechNewsWorld-FlawFoundInWPAWirelessSecurity.txt
03-11-07-PCWorld-MSOffersRewardsToStopViruses.txt
03-11-10-FCW-EVotingMachinesQuestioned.txt
03-11-10-NZZ-ETHOpensInfoSecurityCenter.txt
03-11-11-SJMerc-20YearsOfViruses.txt
03-11-11-Wired-DieboldForcedToPayForEVotingMachineAudit.txt
03-11-12-WashU-DeviceTrapsMalware.txt
03-11-13-INetWeek-NewDNSSecurityNearlyCompleteByIETF.txt
03-11-17-NWFusion-ISPsTakeOnDDoSAttacks.txt
03-11-19-OaklandTrib-SandiaLabOpensHoneynet.txt
03-11-20-CompWorld-EUApprovesCyberSecurityAgency.txt
03-11-20-NatlJour-ReviewOfACM-CRAPanelOnCybersecurity.txt
03-11-20-USACM-ACMAndCRASponsorCyberSecurityPanel.txt
03-11-21-ChronHigherEd-ReviewOfACM-CRAPanelOnCybersecurity.txt
03-11-21-TheStandard-NCVIFormedToPromoteVerifiedEVoting.txt
03-11-22-SJMerc-WellsFargoCustomerDataStolen.txt
03-11-22-Stanford-CybersecurityResearchConference.txt
03-11-24-CompWorld-DiversityNeededToFoilCyberAttacks.txt
03-11-25-CNETNews-After20YearsVirusesDefyCure.txt
03-11-25-CNETNews-BlackoutsHighlightNetVulnerabilities.txt
03-11-25-NewsWise-DiversityNeededToFoilCyberAttacks.txt
03-11-27-Economist-FightingSpamAndWorms.txt
03-11-28-LATimes-TechCompaniesTryToControlInfoAboutSecurityHoles.txt
03-11-28-NYT-WormsAndVirusesInCellPhoneInternetAccess.txt
03-11-30-ACMWashUpdate-ACM-CRASponsorCyberSecurityEvent.txt
03-11-30-USACM-ACMWashingtonUpdate-7-11.txt
03-12-00-CACM-KillersVirusesAffectMillionsOfInternetUsers.txt
03-12-00-CACM-StandardsCanHelpInComputerSecurity.txt
03-12-01-CNETNews-YoranNewTopUSCybersecurityDefender.txt
03-12-03-DCInternet-USCybersecurityStillStalled.txt
03-12-03-SJMerc-CybersecuritySummitToRefocusAttention.txt
03-12-03-SJMerc-RetailerHackerSentencedToPrison.txt
03-12-03-SJMerc-SecRidgeTellsTechFirmsToCooperateOnCyberSecurity.txt
03-12-03-USDHS-RemarksBySecRidge.txt
03-12-04-SJMerc-ChinaOrdersDomesticSecurityOnWirelessNets.txt
03-12-04-SJMerc-DebianDefendedInLinuxSecurityIssue.txt
03-12-04-SJMerc-SecRidgeTellsTechFirmsToCooperateOnCyberSecurity.txt
03-12-04-WashPost-USDHSTellsTechFirmsToCooperateOnCyberSecurity.txt
03-12-06-ZDNet-Farber-CybersecurityRequiresSoftwareEngrReform.txt
03-12-08-NYT-TrojanHorsePutsHijackedComputersOnP2PNet.txt
03-12-09-CompWorld-SeveralUSAgenciesFailInCybersecurity.txt
03-12-09-FCW-USAgenciesGetPoorCyberSecurityGrades.txt
03-12-09-GovExec-USAgenciesGetPoorCybersecurityGrades.txt
03-12-09-NWFusion-IEEESaysChinasWirelessSecurityUnderminesWiFi.txt
03-12-09-USHouse-CybersecurityGrades-2000-2003.txt
03-12-11-ESecurityWeb-VerifiableEmailProposals.txt
03-12-12-CompWorld-CriticismOfEvotingMachinesSecurityMounting.txt
03-12-14-SJMerc-DG-ChinaOrdersDomesticSecurityOnWirelessNets.txt
03-12-15-CompWorld-UsersPlanForCybersecurityAttacks.txt
03-12-17-EarthWeb-BlueprintForInternetSecurity.txt
03-12-17-TechResNews-DeviceScansInternetPacketsForViruses.txt
03-12-19-BBC-CybersecurityThreatsARiskToNetsFuture.txt
03-12-19-WebHostIndRev-CERT-RacingToSecureTheInternet.txt
03-12-22-CompWorld-NewAntiHackingToolsComing.txt
03-12-23-BadYearForVirusAttacks.txt
03-12-28-WashPost-SpamSpywareVirusesAndWorms.txt
03-12-29-CompWorld-SecurityPredictionsFor2004.txt
03-12-29-NYT-SmartCarsAreCauseForConcern.txt
03-12-29-SJMerc-VoteHere-EvotingFirmsWebsiteHacked.txt
03-12-29-Wired-WishListsFor2004.txt
03-12-30-BusWeek-TopTechTrendsFor2004.txt
04-01-04-ECommTimes-TheSecureEmailChallenge.txt
04-01-05-InfoWeek-CybersecurityThreatsWontLetUp.txt
04-01-07-TechRev-IPv6WillMakeNetSlowerAndLessSecure.txt
04-01-08-SJMerc-NYTimesHackerPleadsGuilty.txt
04-01-09-Wired-MuchOfKazaaCodeIsMalware.txt
04-01-11-SwissInfo-SwissExpertTalksAboutViruses.txt
04-01-11-WashPost-HoneypotsCatchEvilDoers.txt
04-01-12-ITMgmt-IncreasingDamageFromHackersSlowing.txt
04-01-12-WSJ-TeachingCybersecurity.txt
04-01-15-CNETNews-LackOfDiversityIncreasesNetViruses.txt
04-01-15-SJMerc-GAOSaysGovtSlowToMakeSecurityImprovements.txt
04-01-20-MSNBC-RootServerPhysicalSecurityLiesInObscurity.txt
04-01-20-ServeSec-JohsHopkinsReportCriticalOfDODOnlineEvoting.txt
04-01-20-WashPost-BagleBeagleWormSpreadsByEmail.txt
04-01-21-NYT-JohsHopkinsReportCriticalOfDODOnlineEvoting.txt
04-01-21-UCBerkeley-ExpertsSayDODInternetVotingProgramNotSecure.txt
04-01-22-CNETNews-SecurityProsQuestionFlawFind.txt
04-01-22-SJMerc-JohsHopkinsReportBlastsDODOnlineEvoting.txt
04-01-25-NewSci-MutatingSoftwareCouldPredictAttacks.txt
04-01-26-WSJ-SimpleCookieIDsPresentSecurityProblem.txt
04-01-28-CompWorld-MyDoomTargetsMSWebsite.txt
04-01-28-SJMerc-DG-MyDoomEmailWorm.txt
04-01-28-Wired-MyDoomWormStillDangerous.txt
04-01-29-MSNBC-NationalCyberAlertSystem.txt
04-01-29-PCWorld-FTCFinds1MServersOpenToSpammers.txt
04-01-29-SJMerc-MSOffersRewardForMyDoomVirusWriter.txt
04-01-29-SJMerc-MyDoomTargetsMSWebsite.txt
04-01-29-WashPost-DHSComputerToTrackCyberAttacks.txt
04-01-30-SecFocus-DODLinuxSecurityProjectsLacksParticipants.txt
04-01-30-SJMerc-MSPlansDefensesAgainstMyDoomVirus.txt
04-01-30-SJMerc-StudyFindsMarylandSystemVulnerableToHackers.txt
04-01-30-TechNewsWorld-TerroristsNotLikelyToUseWorms.txt
04-01-31-USACMWashUpdate-SenateExpectedToApproveLegislationTargetingPeer-to-PeerSecurityRisks.txt
04-02-00-ACMQueue-DesigningSensibleAuthentication.txt
04-02-00-ACMQueue-RequiringProofOfAuthentication.txt
04-02-00-BusCommRev-RethinkingNetworkSecurity.txt
04-02-00-CACM-SOAP-SimpleObjectAccessProtocolMayLooseAbilityToGetThruFirewalls.txt
04-02-01-CSOOnline-FourSecurityGrandChallenges.txt
04-02-02-CompWorld-ITMgrsBiggestProblems-VirusesAndSpam.txt
04-02-02-WSJ-HighProfileWebSecurityFlawsSurface.txt
04-02-03-NatJourTechDaily-GAOOfficialUrgesStrengtheningStrategies.txt
04-02-03-SFChron-MyDoomPropagatesAttacksAndSpam.txt
04-02-03-SJMerc-MyDoomPlaguesSCOAgain.txt
04-02-04-GoVCompNews-SenSchumerCallsForMandatoryVirusReporting.txt
04-02-04-NextGenss-RealReleasesSecurityUpdate.txt
04-02-04-RealNetworks-RealReleasesSecurityUpdate.txt
04-02-05-NYT-ExpertsBlameNaiveUsersForVirusesSpread.txt
04-02-05-SJMerc-FlawFoundInCheckPointFirewallSoftware.txt
04-02-08-NYTMag-TheVirusUnderground.txt
04-02-09-CNETNews-DoomjuiceVirusFeedsOnMyDoomInfections.txt
04-02-09-NetCraft-MyDoomDDoSAttacksBeseigeMSServers.txt
04-02-09-NewsFact-LinuxMayHaveSecurityVulnerabilities.txt
04-02-09-WSJ-InternetSafety.txt
04-02-09-ZDNet-NokiaAdmitsBluetoothSecurityHolesInCellPhones.txt
04-02-10-CNETNews-DoomjuiceVirusFeedsOnMyDoomInfections.txt
04-02-10-ElectricNews-ExpertDownplaysNokiaBluetoothSecurityProblems.txt
04-02-10-SJMerc-MSWarnsAboutCriticalWindowsSecurityFlaws.txt
04-02-10-TechWeb-DoomjuiceVirusFeedsOnMyDoomInfections.txt
04-02-11-PCWorld-DHSReleasesCybersecurityReportCard.txt
04-02-11-SJMerc-MSWarnsAboutCriticalWindowsSecurityFlaws.txt
04-02-11-TechWeb-DoomjuiceVirusToLaunchDDoSOnMSWebsite.txt
04-02-12-CompWorld-GAOWarnsCAPPSIIFacesDelays.txt
04-02-12-WashPost-CongressAndCybersecurity.txt
04-02-13-CNETNews-WindowsCodeUpForGrabs.txt
04-02-13-InfoWorld-IBMAndCiscoSeekBetterSecurity.txt
04-02-13-SJMerc-IBMAndCiscoSeekBetterSecurity.txt
04-02-13-TechNewsWorld-HackersForHire.txt
04-02-13-WashPost-WindowsSourceCodeIllegallyLeaked.txt
04-02-15-CIOMag-CIOsChooseIntegratedSecurityProducts.txt
04-02-16-BostonGLobe-ComputerMonocultureDebated.txt
04-02-16-EWeek-WindowsCodeLeakShowsIEVulnerability.txt
04-02-16-SJMerc-SpammersExploitHighSpeedInternetConnections.txt
04-02-16-StanfordU-PasswordsAreInsufficient.txt
04-02-17-ECommTimes-SecurityIsWirelessWeakestLink.txt
04-02-17-PCMag-CanEmailSurvive.txt
04-02-18-ITMgmt-SomeSmallWormsInCirculation.txt
04-02-19-EWeek-LinuxSercurityHolesFoundAndFixed.txt
04-02-20-MIT-NSAWorkingOnInternetSecurity.txt
04-02-21-SJMerc-MainsoftInTroubleOverLeakedWindowsSource.txt
04-02-22-NewSci-NewAMDProcessorsStopBufferOverflowHoles.txt
04-02-23-EWeek-CongressToReviewTechAgenda.txt
04-02-23-NWFusion-RSAShowHighlightsNewProducts.txt
04-02-23-WSJ-ComputerSecurityEffortsIntensify.txt
04-02-25-CompWorld-LatestMydoomVariantCanDeleteFiles.txt
04-02-25-LATimes-CyberSecurityWarningSounded.txt
04-02-25-SJMerc-MSUnveilsNewSecurityInitiatives.txt
04-02-25-ZDNet-SenBennettSaysInfoSharingKeyToCybersecurity.txt
04-02-26-USC-ISI-NSFGrantFundsSelfDefenseForGridComputingNets.txt
04-02-26-WashPost-AntiVirusFirmsRaceToNameViruses.txt
04-02-27-BBC-HackersReverseEngrMSPatchesToExploitHoles.txt
04-02-27-BBC-MSAdmitsW95HadNoSecurityFeatures.txt
04-02-27-FinTimes-InspirationFromNature.txt
04-02-28-SJMerc-HackersAndSpammersWorkTogether.txt
04-02-29-USACM-HomelandSecurityEfforts.txt
04-03-00-CACM-CreatingAnExperimentalInfrastructionForDevelopingSecurityTechnologies.txt
04-03-00-CACM-EmergingTechnologiesForCyberSecurity.txt
04-03-00-CACM-IncreasedComputerPerformanceIncreasesSecurityDemands.txt
04-03-00-SCMag-FBIProjectDevelopsInto10000MemberInfraGardOrganization.txt
04-03-00-TechRev-ICANNIssues.txt
04-03-00-Wired-SchneierOnAntiTerrorismSecurity.txt
04-03-01-CommSysDes-PacketInspectionSystemsAidSecurity.txt
04-03-01-NWFusion-AntiSpamAppliancesBetterThanSoftware.txt
04-03-03-NetMag-XMLsAVDLSchemaSimplifiesSecurityPatching.txt
04-03-03-SJMerc-NewSystemsAllowsOwnersToHoldCreditCards.txt
04-03-04-ChamNewsGaz-NCSADevelopsSecurityVizTool.txt
04-03-04-SJMerc-VirusWritersDisableOtherViruses.txt
04-03-04-WashPost-VirusWritersAttackOtherViruses.txt
04-03-05-TechNewsWorld-SelfInnoculatingComputers.txt
04-03-08-EWeek-IndustryReadiesCyberSecurityPlan.txt
04-03-08-PCWorld-ApproachesToSecureAndSpamlessEmail.txt
04-03-13-ECommTimes-ProblemsMayDoomPasswords.txt
04-03-14-Oregonian-UCBResearchersFundedForVirusLab.txt
04-03-14-SJMerc-PassMarkIconLetsUsersVerifySiteAuthenticity.txt
04-03-14-SJMerc-ReconnexHardwareHelpsTrackInfoLeaks.txt
04-03-14-SJMerc-Reconnex-PassMark-ServGate-NewInternetSecurityFirms.txt
04-03-14-SJMerc-ServGateHasMultiThreatSecurityServiceForFirms.txt
04-03-15-CompWorld-NewBookTellsHowToExploitSecurityHoles.txt
04-03-17-CompWorld-QualitySoftwareCanImproveSecurity.txt
04-03-17-UPI-WarringVirusWritersThreatenCybersecurity.txt
04-03-17-WashPost-PhatbotP2PTrojanHorseInfectsManyComputers.txt
04-03-18-Wired-AntiVirusSoftwareWontStopFastSpreadingViruses.txt
04-03-18-WSJ-VirusesPossibleThreatToSmartCellphones.txt
04-03-19-TriValHerald-ResearchersVieForDHSFunding.txt
04-03-22-NatJourTechDaily-MarkleForumCallsForGovtSecurityNetwork.txt
04-03-23-CNETNews-VirusCausesRIAASiteToGoDown.txt
04-03-25-NYT-InstantMessagingUsedToSendSpamAndViruses.txt
04-03-26-TechNewsWorld-SWConfigurationMgmtCouldImproveSecurity.txt
04-03-29-CNETNews-XMLSecurityIssues.txt
04-03-29-CompWorld-InsideSymantecSecurityOpsCenter.txt
04-03-29-EWeek-RAINSGroupDevelopsSpecForSharingSensitiveData.txt
04-03-29-NetWorld-InterviewWithMotorolaSecurityVPBoni.txt
04-03-29-NetWorld-PatchMgmtBestDefenseAgainstVulnerabilities.txt
04-03-31-BosGlobe-TechGroupUrgesFedSecurityStandards.txt
04-03-31-PennState-NewDigitalPostmarkingInvention.txt
04-04-00-ACMQueue-SecurityRisksOfInstantMessaging.txt
04-04-00-CACM-TheRisksOfPasswordReuse.txt
04-04-00-UCB-CITRIS-UnivResearchersDevelopTestbedForNetAttackStudy.txt
04-04-01-CSOOnline-ChallengesImplemetingCybersecurity.txt
04-04-01-EUOrders8NationsToAdoptSpamAndCookieLaws.txt
04-04-03-TechNewsWorld-TheMythOfTheSecureOperatingSystem.txt
04-04-05-FinTimes-ExistingEffortsCannotStopRisingTideOfThreats.txt
04-04-05-NetWorld-ShouldUsersOrSWSuppliersBeResponsibleForSecurity.txt
04-04-06-GovCompNews-WorkingGroupSuggest25WaysToImproveITSecurity.txt
04-04-06-NewSci-EmailAttackCouldKillEmailServers.txt
04-04-07-ECommTimes-Interview-AntiVirusExpertMikkoHypponen.txt
04-04-07-TechRev-PureSWActWouldMandateLabeling.txt
04-04-08-CNETNews-RealNetworksIssuesSecurityPatch.txt
04-04-08-MacCentral-IntegoIssuesMacOSXTrojanHorseWarning.txt
04-04-08-USCERT-VulnerabilityInInternetExplorerITSProtocolHandler.txt
04-04-09-FedReg-DHSDataIntegrityAndPrivacyAdvisoryCommitteeSeekingMembers.txt
04-04-09-Wired-SomeExpertsSayOSXTrojanHorseNotAPoroblem.txt
04-04-10-ECommTimes-OpenessOfTCP-IPPosesSecurityProblems.txt
04-04-12-CNETNews-RiskOfBrowserBasedMaliciousCodeAttacksOnRise.txt
04-04-12-GovExec-HomelandSecurityAndITIndustryDevelopSecurityFramework.txt
04-04-15-SJMerc-HackersAccessUnivResearchComputers.txt
04-04-16-InfoWorld-HackersAccessUnivResearchComputers.txt
04-04-19-EETimes-NoGeneralUseOSsIsSecure.txt
04-04-19-NetWorld-SecurityHolesForcesRethinkingProgrammingProcesses.txt
04-04-19-ZDNet-ProfilesOfFamousHackers.txt
04-04-20-CFP2004-WhoIsWatchingTheWatchers.txt
04-04-20-InetWeek-TCPFlawCouldAllowRemoteShutDown.txt
04-04-20-US-CERT-TCPFlawCouldAllowRemoteShutDown.txt
04-04-20-WashPost-TCPFlawCouldAllowRemoteShutDown.txt
04-04-21-CommutarianNet-GapingHolesInDriversLicenseSystems.txt
04-04-21-CRN-CiscoReportsRouterSecurityFlaws.txt
04-04-21-SJMerc-TCPFlawCouldAllowRemoteShutDown.txt
04-04-21-ZDNet-NewProductsCheckForSecurityProblemsFromTheInside.txt
04-04-21-ZDNet-TCPFlawThreatOverstatedSaysDiscoverer.txt
04-04-22-CNETNews-BluetoothStillHasSecurityIssues.txt
04-04-22-IntlHeraldTrib--CiscoReportsRouterSecurityFlaws.txt
04-04-22-SJMerc-ChinaDownplaysDelayInWirlessSecurityStandard.txt
04-04-22-WashPost-IndustryGroupReportSaysTechProvidersShouldMakeSaferProducts.txt
04-04-23-WSJ-ChinaShelvesWirlessSecurityStandard.txt
04-04-24-SJMerc-TCPFlawCouldAllowRemoteShutDown.txt
04-04-26-EWeek-RecentUnixAttacksBasedOn1986HanoverHackersMethodology.txt
04-04-29-SJMerc-BarnesAndNobleFixesLeakThatExposedPersonalInfo.txt
04-04-30-DetFreePress-CompanySecurityLapsesAllowedIllegalSpamToBeSent.txt
04-04-30-SJMerc-CompanySecurityLapsesAllowedIllegalSpamToBeSent.txt
04-05-00-CACM-FinancialOrganizationsMustMaintainSecurityAwareness.txt
04-05-00-Cisco-SelfDefendingNetwork.txt
04-05-00-SWDevMag-GuideToHomelandSecurity.txt
04-05-03-CNETNews-NetskyVirusAuthorsClaimAuthorshipOfSasserWorm.txt
04-05-03-InfoWeek-ExposingCustomerDataAConstantThreat.txt
04-05-03-ISTResults-OperatingComputerSecurityIncidentResponseTeams.txt
04-05-03-SJMerc-SasserWormSpreadsRapidly.txt
04-05-05-CompResNews-MSShelvesNextGenerationSecureComputingBase-NGSCB.txt
04-05-05-TechWeb-SecurityProblemsIncreaseTotalCostOfWindows.txt
04-05-07-TechNewsWorld-WirelessPDAsAndSmartphonesAreHackersHeaven.txt
04-05-08-SJMerc-InformersIdentifySasserWormCreatorForMSReward.txt
04-05-10-CompWorld-BluetoothSecurityConcerns.txt
04-05-10-EWeek-EUCybercrimeLawsTooRestrictive.txt
04-05-10-EWeek-TrustedComputingGroupsWorkingOnWirelessSecuritySpec.txt
04-05-10-Guardian-SasserWormAuthorClaimsHeWasHelpingHisMother.txt
04-05-10-IDG-InformersIdentifySasserWormCreatorForMSReward.txt
04-05-11-IOL-SasserWormAuthorClaimsHeWasHelpingHisMother.txt
04-05-15-ArsTechnica-BreakinCompromisesCiscoSourceCode.txt
04-05-15-SecurityLab-BreakinCompromisesCiscoSourceCode.txt
04-05-19-CNETNews-SecurityFlawsInOpenSourceRepositorySystems.txt
04-05-19-MacNewsWorld-MacOSXSecurityFlawPlaguesWebBrowsers.txt
04-05-19-NewsFact-NonProgrammersCanNowCreateViruses.txt
04-05-24-InfoWorld-AppleSecurityPatchStillLeavesUsersVulnerable.txt
04-05-25-InfoWorld-RussiaBecomingMajorSourceOfVirusWriters.txt
04-05-25-USAToday-CIAInfoTechInPoorState.txt
04-05-26-CNETNews-SourceCoderCheckingProgramsMightFindVulnerabilities.txt
04-05-27-EWeek-First64BitMalwareAppears.txt
04-05-30-SJMerc-ManyWiFiSystemsNotSecure.txt
04-06-00-ACMQueue-AnotherLookAtTheCostOfTheBlasterWorm.txt
04-06-00-ACMQueue-BuildingSecureVirtualMachineSystems.txt
04-06-00-ACMQueue-FewTechnologiesForGuardingAgainstInsiderSecurityRisks.txt
04-06-00-ACMQueue-IsSecurityAProblemThatCantBeSolved.txt
04-06-00-ACMQueue-WhyCantWeProduceHighQualitySecureSoftware.txt
04-06-00-ACMUbiquity-SoftwareBasedComputingSecurityAndFaultTolerance.txt
04-06-00-CACM-AlmostEveryComputerOnTheInternetIsConstantlyScreenedForVulnerabilities.txt
04-06-00-GovTech-BetterSolutionsNeededForCybersecurity.txt
04-06-00-IEEEComputer-RichardClarkeDiscussesCybersecurity.txt
04-06-01-SJMerc-TwoFactorAuthenticationSystemsNeeded-SuperPasswordSystems.txt
04-06-02-NationalJ-FedSecurityOfficialsFaceScrutiny.txt
04-06-03-CERT-MSIEDoesNotProperlyValidateSourceOfRedirectedFrame.txt
04-06-03-CNETNews-AppleNeedsToImproveCommunicationAboutSecurity.txt
04-06-04-INetWeek-WorstCaseWormCouldCost50BInUSDamages.txt
04-06-04-NewSci-PasswordsCanStayOnHardDrivesEvenIfUserDoesNotSaveThem.txt
04-06-07-PCWorld-PolicyVSMarketplaceSolutionsToCybersecurity.txt
04-06-09-ACMUbiquity-SWApproachToComputerSecurity.txt
04-06-09-PCWorld-ExpertsWarmOfVoIPSecurityProblems.txt
04-06-10-GovExec-DHSDecidesNotToUpdateCybersecurityStrategy.txt
04-06-15-NetCraft-AkamaiOutageCausedByDoSAttacks.txt
04-06-15-Reuters-MSPlanningAntiVirusSWSeparateFromWindows.txt
04-06-15-SJMerc-AkamaiServedSitesAttacked.txt
04-06-16-Bloomberg-MSPlanningAntiVirusSWSeparateFromWindows.txt
04-06-16-ZDNet-AkamaiOutageCausedByDoSAttacks.txt
04-06-18-SJMerc0SymbiotProductAttacksHackers.txt
04-06-24-EWeek-CompromisedWebsitesInfectVisitorsComputers.txt
04-06-25-SansInst-CompromisedWebsitesInfectVisitorsComputers.txt
04-06-25-SJMerc-ScobVirusSpreadsThroughInfectedWebsites.txt
04-06-30-SearchWebSvcs-McNealyFlamesMSandOthersOverSecurityAndJava.txt
04-06-30-USACMWashUpdate-EUCybercrimeTreatyMovesTowarSenateRatification.txt
04-06-30-USACMWashUpdate-USACMRecommendsChangesToDMCA.txt
04-07-00-ACMQueue-SecurityIsHarderThanYouThink.txt
04-07-00-CACM-HIPAACreatesNewSecurityRisksInHealthCareData.txt
04-07-00-CyberDefMag-ExpertsCommentOnCybersecurityStatus.txt
04-07-00-GovTech-Book-TheTransparentSociety-PrivacySecurityTradeoffs.txt
04-07-00-GovTech-SAMLToKeepTrackOfOnlineIdentities.txt
04-07-00-IST-SECRETSProjectEvaluatesCybesecurityProtocols.txt
04-07-06-EWeek-EnterprisesSlowToDumpInternetExplorer.txt
04-07-06-NewsFact-ExpertsDebateMSSecurityEfforts.txt
04-07-07-CNETNews-YetAnotherInternetExplorerSecurityFlawFound.txt
04-07-08-EWeek-PatchReleasedForShellProtocolSecurityProblem.txt
04-07-08-GovtCompNews-MoreFundingNeededForCybersecurityResearch.txt
04-07-08-PCWorld-NoFedResponseToCybercrimeTaskForceRecommendations.txt
04-07-09-Mozilla-PatchReleasedForShellProtocolSecurityProblem.txt
04-07-09-SJMerc-MSEmployeeArrestedForHackingIntoAltaVistaComputer.txt
04-07-12-NYT-WozniakDefendsHackersAtHOPEConference.txt
04-07-13-Secunia-MultipleIESecurityVulnerabilities.txt
04-07-13-TechNewsWorld-IEMarketShareDropsTo94Percent.txt
04-07-23-InfoWorld-SurveyShowsEnterpriseSecurityIsShaky.txt
04-07-27-SansOrg-NewMyDoomUsesSearchEnginesToFindRecipients.txt
04-07-27-SecResponse-NewMydoomVirusDiscovered.txt
04-07-27-SJMerc-MyDoomWormVersionDisruptsSearchEngines.txt
04-07-28-Sophos-RankingsOfVirusAndWormThreats.txt
04-07-29-CompWorld-SearchEnginesUsedToFindSourceCodeAndVulnerabilities.txt
04-07-30-CNETNews-GhettoHackersAnnounceGlobalHackingContest.txt
04-08-00-CACM-CertifiedEmailToGuaranteeDelivery.txt
04-08-00-CACM-HierarchicalAuthenticationStructuresMayNotBeSufficientlySecure.txt
04-08-02-NYT-HackersDiscoveringVoIP.txt
04-08-02-USAToday-ExpertsWarnCyberattackCouldBeHighlyDisruptive.txt
04-08-03-PCWorld-USCybersecurityUnitsRecruitingHackers.txt
04-08-03-ZDNet-OracleRefusesToConfirmSecurityFlaws.txt
04-08-03-ZDNet-UKFirmDiscoversManySecurityFlawsInOracleSoftware.txt
04-08-04-NetWorld-ExpertSaysVirusWritersAreWinning.txt
04-08-07-WIred-HackerGetsCopiesOfInternalDataFromDieboldComputer.txt
04-08-09-PhysOrg-StevensInstProfDiscoversWeaknessesInWiFiSecurity.txt
04-08-12-SeattlePI-BlasterWormVariantPerpetratorHeadedForPrison.txt
04-08-12-TheReg-BlasterWormVariantPerpetratorHeadedForPrison.txt
04-08-16-SJMerc-DG-ServicePack2MakesComputerSaferButNotSafe.txt
04-08-18-TechNewsWorld-SpamAndVirusesBeingCombined.txt
04-08-18-VNUNet-SymantecCTOTalksAboutFutureOfITSecurity.txt
04-08-23-CompWorld-802dot11iWirelessSecurity.txt
04-08-24-EWeek-ConcernsMountOverTerroristAttackOnInternet.txt
04-08-27-TheReg-USIndictsInstigatorOfDDoSAttackForHire.txt
04-08-27-Wired-ArtExhibitFeaturesComputerVisusesAsArt.txt
04-08-30-EETimes-TestRevealEPassportSecurityAndPrivacyFlaws.txt
04-09-00-ACMCrossroads-ComputerSecurityAndIntrusionDetection.txt
04-09-00-ACMCrossroads-DistributedSecurityForAdHocNetworks.txt
04-09-00-ACMNetWorker-TheStateOfSecurityAndSpywareOnTheInternet.txt
04-09-00-ACMQueue-VoIPSecurityShouldNotBeAnAfterthought.txt
04-09-00-CACM-ManagingP2PSecurity.txt
04-09-00-InfoSecMag-USCriticalInfrastructureRemainsVulnerable.txt
04-09-13-UToronto-ProfsResearchComputerHackingAndDataRecovery.txt
04-09-21-NSF-CyberTrustProgramFundsCMUandUCSDCenters.txt
04-09-24-ChronHigherEd-Spafford-NoSoftwareIsSecure.txt
04-09-28-GermanSecurityFirmHiresWriterOfNetskyAndSasserVirusVariants.txt
04-09-29-SJMerc-CyberGateKeeperKeepsOutOfDateComputersOffLocalNetwork.txt
04-09-30-EWeek-ApplicationDevelopersNeedToIncreaseSecurityEfforts.txt
04-09-30-HarvardU-ProfDevelopingSWToolsToCheckProgramsForSecurityProblems.txt
04-09-30-USACM-CouncilOfEuropeAcceleratesActionOnCybercrimeConvention.txt
04-09-30-WashPost-FlawsInMSAppsAllowVirusesPlantedInJPEGImages.txt
04-10-00-CACM-SecrecyDoesNotProvideSecurity.txt
04-10-00-NewSci-IMProgramCouldBreakIntoComputers.txt
04-10-01-SJMerc-DHSCybersecurityChiefCifesFrustrationInResigning.txt
04-10-04-InfoWorld-SuperConnectedIMUsersAidSpreadOfWorms.txt
04-10-05-SciTech-NSFCenterForInternetDefensesTargetsCyberPlagues.txt
04-10-05-SJMerc-HackersAttackDutchGovtWebSites.txt
04-10-05-SJMerc-T-MobileUpgradesSecurityAtWiFiLocations.txt
04-10-08-CNETNews-ApplicationsSecurityConsortiumDefinesFirewallBenchmark.txt
04-10-12-GlobeMail-TheQuestForSecureComputerPrograms.txt
04-10-13-InfoSocTech-VocalidCardsUseCryptoAcousticTechnologyForSecureTransactions.txt
04-10-13-SJMerc-USAndIndiaAgreeToCooperateOnTechSecurity.txt
04-10-15-InformIT-FightingVirusesWithGoodViruses.txt
04-10-18-CNETNews-ThrowingMoneyAtCyberSecurity.txt
04-10-18-SJMerc-CiscoAndMSToWorkTogetherToFightViruses.txt
04-10-19-SecFocus-UCBHackingAllowedAccessToDataOn600KPeople.txt
04-10-19-TechWeb-AntiVirusSoftwareCanBeFooledByHackers.txt
04-10-20-TheReg-RegisterSuffersDDOSAttack.txt
04-10-21-CNETNews-Lofgren-BillIntroducedToPromoteCybersecurity.txt
04-10-21-SJMerc-UCBHackingAllowedAccessToDataOn600KPeople.txt
04-10-25-EntSec-ResearchersStudyWiFiSecurityWeaknesses.txt
04-10-25-GovtCompNews-CybersecurityIsIndustryBurden.txt
04-10-25-SJMerc-SecurityForHomeInternetUsersWeak.txt
04-10-27-InfoSocTech-JavaSmartCardsPromiseSecurityAndReliability.txt
04-10-27-VNUNet-CybersecurityRequiresIndustryAndGovernmentToShareInfo.txt
04-10-28-CNETNews-HackersNowEarningMoneyFromTheirExploits.txt
04-10-31-USACM-InfoTechIndustrySeeksElevationOfCybersecurityAtDHS.txt
04-11-00-ACMQueue-BookReview-WiFoo-SecretsOfWirelessHacking.txt
04-11-00-GovtSecNews-DHSCreatesDETERCybersecurityTestbed.txt
04-11-04-Yahoo-USAndEuropeUnpreparedForCyberAttack.txt
04-11-05-ChronHigherEd-UniversitiesDealWithHackerAttacks.txt
04-11-10-WSJ-ComputerSecurityIsAGrowingBusiness.txt
04-11-11-WSJ-MydoomWormRenewsDebateOnNotification.txt
04-11-12-CNETNews-SupercomputerClustersNeedToAddressCybersecurity.txt
04-11-12-CornellSun-PanelDiscussesCyberterrorism.txt
04-11-12-PennStateU-QFilterProvidesIncreasedDatabaseSecurity.txt
04-11-13-NewSci-CheritonProposesRadicalExtensionAsAlternativeToIPv6.txt
04-11-15-CompWorld-SecurityProsBemoanLackOfStrategicFocus.txt
04-11-15-InfoWeek-RFIDSecurityAndPrivacyIssues.txt
04-11-15-SciAm-SomeBluetoothDevicesVulnerableToHacking.txt
04-11-17-CNETNews-ExUSCybersecurityCzarCitesProblems.txt
04-11-17-DenPost-HackersBreakIntoColoradoUComputerSystem.txt
04-11-18-CNETNews-CybersecurityNeedsLeadership.txt
04-11-18-UFlorida-UFResearcherDevelopsComputerIntruderDetectionSystem.txt
04-11-19-GovtCompNews-CommitteeSaysMoreFundingNeededForCybersecurityRandD.txt
04-11-22-CompWorld-CMUsCyLabToStudycomputerSecurity.txt
04-11-22-GovtCompNews-SomeProgressInCybersecurityAtUSFederalLevel.txt
04-11-29-USAToday-TestShowsUnprotectedPCsLikelyToBeCompromised.txt
04-11-30-AvantGarde-TestShowsUnprotectedPCsLikelyToBeCompromised.txt
04-11-30-SeattlePI-HPToIncludeAntiVirusSoftwareWithServers.txt
04-11-30-TchWeb-TestShowsUnprotectedPCsLikelyToBeCompromised.txt
04-12-00-ACMNetWorker-PackagedSolutionsToNetworkSecurity.txt
04-12-00-BusCommRev-TheEvolutionOfNetworkSecurity.txt
04-12-00-CACM-AssessingExtentOfSecurityRislsInWirelessNetworking.txt
04-12-00-CACM-ProtectionOfArtisticContentFromIllegalDistribution.txt
04-12-00-CACM-SecurityInDistributionOfDigitalMedia.txt
04-12-00-CommACM-ProtectingArtisticContentFromIllegalDistribution.txt
04-12-01-SJMerc-HPToIncludeAntiVirusSoftwareWithServers.txt
04-12-02-CompWorld-CodeCheckingToolsNeededToFindSecurityBugs.txt
04-12-03-SJMerc-MailingAboutUCBSecurityBreach.txt
04-12-05-SeattlePI-FormerCIAChiefWarnsOnCyberterror.txt
04-12-06-SJMerc-FormerCIAChiefWarnsOnCyberterror.txt
04-12-07-WSJ-ComputerSecurityIndustryRecommendations.txt
04-12-09-InvestBusDaily-TimeToExploitVulnerabilitiesDecreasing.txt
04-12-10-EWeek-USCyberSecurityOfficePlansToMoveAhead.txt
04-12-12-Wired-CellPhoneSecurityIssues.txt
04-12-13-CNETNews-CodeAnalysisProjectSuggestsLinuxHasFewerFlawsThanWindows.txt
04-12-13-EWeek-ApplicationsNeedToBeSecureToo.txt
04-12-14-ACMUbq-Burke-TheNeedForCybersecurityCivilDefense.txt
04-12-14-InfoWeek-CybersecuritySlipsAsHomelandSecurityPriority.txt
04-12-17-ChronHighEd-ColleagesFaceRisingCostsForComputerSecurity.txt
04-12-20-NetWorld-NetAppsConsortiumNearsReleaseOfSecurityArchitecture.txt
04-12-20-NYT-Markoff-SecurityFlawFoundInGoogleDesktopSearch.txt
04-12-20-NYT-TrackingTerroristInternetUseDifficult.txt
04-12-21-SJMerc-GoogleQuicklyFixesDesktopSearchFlaw.txt
04-12-27-PCWorld-2004WasGoodAndBadForSecurity.txt
04-12-27-TechRep-ITProfesionalsAnIntgralPartOfCybersecurity.txt
04-12-28-InfoWeek-BushUrgedToRampUpCybersecurityEfforts.txt
05-01-00-ACMUbiquity-UsersDislikeSlowingSoftwareForSecurity.txt
05-01-00-CACM-VirusesAndWormsGetLittleAttentionInCSEducation.txt
05-01-03-CNETNews-DoomsdayCyberAttackPossible.txt
05-01-03-InvestBusDaily-SecurityRemainsInternetTroubleSpot.txt
05-01-05-Waynesville-56PercentOfWirelessNetworksUnprotected.txt
05-01-06-MS-MSOffersFreeVirusAndAntiSpywarePrograms.txt
05-01-06-SJMerc-MSOffersFreeVirusAndAntiSpywarePrograms.txt
05-01-09-Clickz-DevastingCyberAttackLikelyWithin10Years.txt
05-01-11-NatJTechDaily-ExCybersecurityChiefToFocusOnInternationalEfforts.txt
05-01-11-SecFocus-HackerBreaksIntoT-MobileNetwork.txt
05-01-12-SJMerc-HackerBreaksIntoT-MobileNetwork.txt
05-01-12-WashPost-AnotherComputerSecurityOfficialQuitsDHS.txt
05-01-13-InetNews-TorvaldsCriticizesSecurityProblemNotification.txt
05-01-13-LATimes-HackerBreaksIntoT-MobileNetwork.txt
05-01-17-InfoWeek-CyberAttackIncreasinglyUseAutomatedTools.txt
05-01-24-InfoWeek-WhatIsUSFederalRoleInCybersecurity.txt
05-01-26-CNETNews-USBattleToSecureCyberspace.txt
05-01-26-SecPipe-FormerDHSCybersecurityChiefInterview.txt
05-01-27-BetaNews-BagleWormAnniversaryBringsNewVariants.txt
05-01-27-CompResNews-WindowsMySQLWormExploitsPoorPasswords.txt
05-01-27-InetNews-MoreFlawsDiscoveredInCiscoIOS.txt
05-01-27-NetWorld-MoreFlawsDiscoveredInCiscoIOS.txt
05-01-28-NewsFact-BagleWormAnniversaryBringsNewVariants.txt
05-01-28-NewsFact-WindowsMySQLWormExploitsPoorPasswords.txt
05-01-30-NYT-JohnsHokinsResearchersCrackTICarKeyCode.txt
05-01-31-USACM-PITACApprovesReportOnFederalCybersecurityRandD.txt
05-01-31-USACM-WhiteHouseNamesNewHomelandSecurityDirector.txt
05-02-00-TechRev-TerroristsCouldUseCyberAttacks.txt
05-02-01-EWeek-PHPConsortiumTacklesApplicationSecurity.txt
05-02-07-WashTimes-NewDHSChiefFacesDilemma.txt
05-02-07-Wired-SecurityRisksFoundInVoIPProtocols.txt
05-02-09-SecFocus-AntiVirusSoftwareDoesNotCheckAllFileTypes.txt
05-02-10-eWeek-VirusAttacksMSAntiSpywareSystem.txt
05-02-10-InfoWeek-MSSaysItsMakingProgressOnSecurity.txt
05-02-10-Newsweek-RadicalIslamicWebsiteCallForCyberTerror.txt
05-02-10-SJMerc-VirusAttacksMSAntiSpywareSystem.txt
05-02-11-CNETNews-SmartAppliancesCouldBecomeVirusVictums.txt
05-02-12-SJMerc-LookForAttacksFromOnlineValentines.txt
05-02-13-SJMerc-CEOsToDiscussSecurityAtRSAConference.txt
05-02-14-CNETNews-NewSecurityProductsToBeAnnouncedAtRSAConference.txt
05-02-14-CNETNews-TechniqueForSecureIdentificationOfIMUsers.txt
05-02-14-NetWorld-NewSecurityProductsToBeAnnouncedAtRSAConference.txt
05-02-14-RSA-RSAConference.txt
05-02-15-CNETNews-MSToReleaseNewVersionOfIEToFixSecurityProblems.txt
05-02-15-CNETNews-SymantecDefendsSWAgainstMSAntiVirusSW.txt
05-02-15-MS-BillGatesRSAKeynoteOnSecurity.txt
05-02-15-SJMerc-CiscoAnnouncesNewSecurityProducts.txt
05-02-16-CNETNews-SoftwareFirmsFaultCollegeSecurityEducation.txt
05-02-16-SJMerc-USAgenciesGetDPlusOnSecurity.txt
05-02-17-InfoWorld-MSResearchersWarnOfRootkitMonitoringPrograms.txt
05-02-17-NewsFact-NewMydoomMutantIsOut.txt
05-02-17-SeattlePI-ClarkeCriticizesMSOverSecurityIssues.txt
05-02-17-SJMerc-ClarkeSaysUSFailsToDealWithCybersecurity.txt
05-02-17-Wired-RSAPanel-IssuesOfCybersecurityOversight.txt
05-02-18-InfoWorld-CallForEndToInfoSharingAndAnalysisCenters.txt
05-02-18-ZDNet-FirefoxCommunityPredictsContinuedGrowth.txt
05-02-21-NewSci-CVSS-CommonVulnerabiltiyScoringSystemAnnounced.txt
05-02-22-SJMerc-MSDecidesToSellVirusProtectionSoftware.txt
05-02-23-CNETNews-AlternativesToPasswordsShownAtRSAConf.txt
05-02-24-SJMerc-JapaneseGovernmentComputersSufferDoSAttack.txt
05-02-24-SpoBusJ-EasternWashUnivProfTeachesCybersecurity.txt
05-03-00-GovtSecMag-NewUSCybersecurityChiefDiscussesAgenda.txt
05-03-00-TechRev-TheFutureOfHacking.txt
05-03-01-NewSci-IPodEnthusiastsFindWayToInstallLinux.txt
05-03-02-PCWorld-InformationTheftFromChoicePointRaisesQuestions.txt
05-03-03-SJMerc-HackerBreaksIntoBusinessSchoolsAdmissionsData.txt
05-03-07-CompWorld-ITTheats-SecurityAndProductQuality.txt
05-03-07-TorontoStar-QuatumCryptographyCouldProvideGreaterDecurity.txt
05-03-08-SJMerc-HarvardRejectsApplicantsWhoAccessedAdmissionsData.txt
05-03-09-SJMerc-HarvardRejectsApplicantsWhoAccessedAdmissionsData.txt
05-03-09-SJMerc-LexisNexisReportsPersonalRecordsAccessed.txt
05-03-09-WashPost-LexisNexisReportsPersonalRecordsAccessed.txt
05-03-11-CompWorld-Experts-TechnologyWillStopPhishing.txt
05-03-11-SJMerc-MSBetaPatchTestingRaisesSecurityConcerns.txt
05-03-11-WashPost-HackersTargerUSPowerGrid.txt
05-03-13-SJMerc-FutureVirusesMightInfectAutoElectronics.txt
05-03-14-CNETNews-CompromisedComputersThreatenInternet.txt
05-03-14-Forbes-ComputersCreateManyProblems.txt
05-03-15-CIOMag-SeveralApproachedToBetterInternetSecurity.txt
05-03-15-CompWorld-Schneier-TechnologyWillNotStopPhishing.txt
05-03-16-CircleID-Auerback-CertifyDevicesThatAttachComputersToInternet.txt
05-03-18-GlobeAndMail-RSAConference-TheFutureOfSecurity.txt
05-03-18-GlobeAndMail-TheFutureOfITSecurity.txt
05-03-18-PITAC-Report-CyberSecurity-ACrisisOfPrioritization.txt
05-03-19-NYT-PITACReport-CyberSecurity-ACrisisOfPrioritization.txt
05-03-19-NYT-WiFiAllowsCriminalsToCoverTheirTracks.txt
05-03-21-CompWorld-NewSecuritySystemsDetectBeforeDmageIsdone.txt
05-03-21-NetWorld-NewRandDApproachesToSecurity.txt
05-03-22-CompWorld-SHA-1FlawNotSeenAsRiskToOneTimePasswords.txt
05-03-22-Scotsman-UKSuspectsTerroristCyberAttack.txt
05-03-22-SJMerc-PersonalDataStolenFromCalStateChicoComputers.txt
05-03-23-CNETNews-InstantMessagingVulnerable.txt
05-03-23-NewSci-SymantecSaysFirefox-Linux-MacOSAreVulnerable.txt
05-03-23-SJMerc-Counterpane-BruceSchneier.txt
05-03-25-FedCompWeek-Report-CybersecurityRegulationsDifficultToDefine.txt
05-03-26-NewSci-GermanHoneypotFindsBotsThatTakeControlOfPCs.txt
05-03-28-CompWorld-CMULabSeeksToAdvanceITSecurityAndReliability.txt
05-03-29--CFChron-StolenUCBLaptopExposesPersonalData.txt
05-03-29-SJMerc-LaptopTheftExposesUCBPersonalData.txt
05-03-31-NewSci-ReportUrgesChangesToDNSToImproveSecurity.txt
05-04-00-CACM-ITRiskManagementAndIncarceration.txt
05-04-04-SJMerc-NYLegislatureTargetsModemHighjacking.txt
05-04-05-ACM-USACMQuestionsRealIDActSecurityStandards.txt
05-04-05-ACM-USACMQuestionsRealIDAct'sSecurityStandards.txt
05-04-05-ITWorldCanada-BCInternetSecurityConference.txt
05-04-05-VNUNet-NRCStudy-DNSNeedUpdates.txt
05-04-06-SJMerc-PharmingRedirectsUsersToFakeWebsites.txt
05-04-08-SJMerc-MedicalBroupPatientsDataOnStolenComputers.txt
05-04-09-SJMerc-BogusWindowsUpdateEmailSendsUsersBogusWebsite.txt
05-04-10-SJMerc-VerisignCeo-ProtectingCriticalAssets.txt
05-04-11-UCB-UCBToLeadNSFCybersecurityTechCenter.txt
05-04-11-USAToday-LawsAimedAtDigitalMisdeedsLackBite.txt
05-04-12-SearchSec-Diffie-CriticalInfrastructuer-DisasterInTheMaking.txt
05-04-12-SJMerc-CongressMustAdoptStrongDataTheftBill.txt
05-04-14-CNETNews-USCybercrimePolicyNeedsTeeth.txt
05-04-14-GovySecNews-ISACsHaveCriticsAndAdvocates.txt
05-04-14-SJMerc-DataTheftAtRalphLaurenCompromisesThousands.txt
05-04-14-Stanford-StanfordJoinsNSFCybersecurityTechCenter.txt
05-04-18-CompWorld-EUTaskForceToStudyCybersecurity.txt
05-04-18-NetWorld-SomeArgueMoreNeedsInCybersecurity.txt
05-04-18-SJMerc-LexisNexisBeginsNotifyingVictimsOfDataBreach.txt
05-04-18-Wired-USMilitaryHasEliteCyberWarfareGroup.txt
05-04-20-EWeek-ResearchersProposeEarlyWarningSysyemForWorms.txt
05-04-21-CompWorld-CIDDAC-NewCyberterrorismSecuityCenter.txt
05-04-21-ZDNet-SecurityExpertsAsksSoftwareDevelopersForAccessToBugDatabases.txt
05-04-22-PittsTribRev-ExpertsSayHackersCanPenetrateComputersAnywhere.txt
05-04-25-IndianaUniv-CenterForAppliedCybersecurityResearch.txt
05-04-25-SJMerc-MSLonghornOSToUseHardwareCryptographicKey.txt
05-04-26-CompWeekly-DataEncryptionCouldBeKeyToMoreSecureData.txt
05-04-29-Computer-DoesTrustedComputingSolveSecurityProblems.txt
05-04-29-CyberCzarLegislationTaksFirstStepInCongress.txt
05-04-29-USACM-USACMQuestionsRealIDActSecurityStandards.txt
05-05-00-CACM-TransparencyAndTrustInSecurityAssurances.txt
05-05-00-IEEESpectrum-IntrusionDetectionSystems.txt
05-05-00-PubicCIO-Spafford-PolicyMakersNotConcernedEnoughWithCybersecurity.txt
05-05-04-ChronHigherEd-NSFSetsStrategyToImproveUSCyberinfrastructure.txt
05-05-06-SJMerc-VeriSignStuntGetsPeopleToGivePasswordsForCoffeeCoupon.txt
05-05-10-NYT-ComputerBreachAtCiscoAffectsThousandsOfComputers.txt
05-05-10-SJMerc-ComputerBreachAtCiscoAffectsThousandsOfComputers.txt
05-05-13-SJMerc-WachoviaAndBofANotifyCustomersOfSecurityBreach.txt
05-05-14-NewScientist-SoberComputerWormHitsInstantMessagingService.txt
05-05-15-SDTimes-SecurityExpertsSuggestImprovements.txt
05-05-18-RedHerring-USPowerGridVulnerableToComputerHackers.txt
05-05-19-WashPost-ComputersSeizedInLexisNexisDataTheftCase.txt
05-05-23-AP-BanksNotifyCustomersOfDataTheft.txt
05-05-24-ECommTimes-SecurityExpert-WebSecurityIssuesBasedOnRepeatedMistakes.txt
05-05-25-SJMerc-StanfordComputerSystemHacked.txt
05-05-25-Wired-LexisNexisCrackersRevealTactics.txt
05-05-26-Computing-CybersecurityRequiresCollaboration.txt
05-05-26-CompWorld-DHSCyberSecurityPlansCritcized.txt
05-05-26-CompWorld-GAOCallsDHSCybersecurityUnacceptable.txt
05-05-26-SecFocus-ManyDeviceDrivesContainSecurityFlaws.txt
05-05-26-SJMerc-CIAConductingWarGameOnInternetAttack.txt
05-05-31-USACM-CybersecurityIssuesMoveForwardInUSHouse.txt
05-06-00-ACMQueue-BetterSecurityByAskingTheRightQuestions.txt
05-06-00-ACMQueue-BiologicalTermsWidelyUsedInComputerSecurity.txt
05-06-00-ACMQueue-ComputerAttackTrendsIn2004And2005.txt
05-06-00-ACMQueue-FeelingSecureInAnUnsafeWorld.txt
05-06-00-ACMQueue-SecurityAttackTrendsIn2004And2005.txt
05-06-00-ACMQueue-WhyAreWeStillSoVulnerableToSecurityProblems.txt
05-06-02-InfoSecCon-WorkshopOnTheEconomicsOfInformationSecurity.txt
05-06-03-InfoWeek-ExpertSaysCybersecurityGettingBetter.txt
05-06-03-NewSci-CryptographersCrackSecureBluetoothDevices.txt
05-06-05-ChronHigherEd-SpaffordWarnsFederalStudentDatabaseVulnerable.txt
05-06-06-InfoWorld-Pharming-HackedDNSServersRedirectUsers.txt
05-06-06-NetWorld-IowaStateBuildsModelInternet.txt
05-06-07-CompWorld-UniversitiesOpenToSecurityBreaches.txt
05-06-08-GovtExec-DHSCybersecurityInitiativesExpected.txt
05-06-09-NewSci-NewBreedOfVirusesReportSecurityProblemsToHackers.txt
05-06-09-NYT-CompaniesAndGovtToImprovePersonalDataProtection.txt
05-06-13-PCWorld-VoIPAndMobileVirusThreatsMayBeOverhyped.txt
05-06-14-PRNewswire-AOLIdentifiedAsNetworkWithMostHijackedComputers.txt
05-06-15-InfoWeek-AOLNotSurprisedItHasMostHijackedComputers.txt
05-06-16-WSJ-BluetoothWirelessVlnerableToBeingCracked.txt
05-06-17-BusWeek-ComputerSecuritySoftwareVulnerabilitiesIncrease.txt
05-06-17-CNETNews-DHSBehindOnCybersecurity.txt
05-06-17-Newsday-NYLegisalturePassesBillToRequireDataTheftNotification.txt
05-06-17-SJMerc-KeyUSLegisatorsAgreeDataTheftNotificationIsNeeded.txt
05-06-20-NYT-CardSystemsShouldNotHaveKeptTransactionData.txt
05-06-20-YankeeGroup-ComputerSecuritySoftwareVulnerabilitiesIncrease.txt
05-06-22-TechNewsWorld-BetterCybersecurityStillYearsAway.txt
05-06-23-Corante-FTCReleasesP2PWorkshopReport-NotConvincedP2PDangerous.txt
05-06-23-SJMerc-ConfidentialJapaneseNuclearPlantDataOnTheInteret.txt
05-06-23-ZDNet-Farber-WebIsHazardousAndPoliticiansAreWorriedAboutControl.txt
05-06-24-NYT-ComputerTakeoversBecomingMajorProblem-ZombieNetworks.txt
05-06-26-WashPost-SecurityIssuesUndermineInternet.txt
05-06-27-CompWorld-CybersecurityGroupLooksToEuropeForMembers.txt
05-06-29-SJMerc-SenatorsProposeSweepingDataSecurityBill.txt
05-06-30-SJMerc-InsidersMayPoseGreatestDataTheftRisk.txt
05-06-30-SJMerc-SecurityBreachAtCardSystemsLeavesFewLeads.txt
05-06-31-USACM-SenatorsIntroducePrivacyAndSecurityBill.txt
05-07-00-Computer-InstantMessagingBecomingSecurityTarget.txt
05-07-00-TodaysEngr-VotingMachineStandardsMoveForward.txt
05-07-01-SetworkMag-TrustedComputingArchitectures.txt
05-07-07-GovtExec-LegislationToElevateCybersecurityPostMayDieInSenate.txt
05-07-11-GovExec-GAO-DHSInformationSecurityPlansLacking.txt
05-07-13-CompWorld-DHSReorgCreatesNewCybersecurityPosition.txt
05-07-17-NYT-CorruptedPCsDiscardedInsteadOfCleaned.txt
05-07-18-CNETNews-MoreSecurityAttacksComingFromNonUSLocations.txt
05-07-19-PCWorld-GAOtellsSenateRecoveryPlanNeedForInternetAttack.txt
05-07-21-OnLamp-ColinPercivalDiscussesSecurityThreats.txt
05-07-25-eWeek-GridComputingGroupIssuesSecurityRequirements.txt
05-07-25-eWeek-USBDriberBufferOverflowsProvideSecurityBreach.txt
05-07-25-RedHerring-ITFirmsSeeLackOfLeadershipInCyberSecurityResearch.txt
05-07-26-TechDaily-ExpertsSayMoreMoneyNeededOnCyberSecurity.txt
05-07-27-CNETNews-ExpertsWarnAntiVirusSoftwareCouldBeSecurityRisk.txt
05-07-27-WashPost--ResearcherRevealsDetailsOfCiscoFlaw.txt
05-07-27-WashPost--ThreatsIssuedAsResearcherRevealsDetailsOfCiscoFlaw.txt
05-07-28-CNETNews--LawsuitsFiledAsResearcherRevealsDetailsOfCiscoFlaw.txt
05-07-28-CNETNews-SenateMovesTowardNewDataSecurityRules.txt
05-07-28-CompWorld-ResearcherAgreesToStopRevealingDetailsOfCiscoFlaw.txt
05-07-28-NetworkWorld--ResearcherRevealsDetailsOfCiscoFlaw.txt
05-07-29-Reuters-BluetoothMakesCarSystemsVulnerableToViruses.txt
05-07-29-SJMerc-ResearcherAgreesToStopRevealingDetailsOfCiscoFlaw.txt
05-07-29-SJSecFocus-ResearcherAgreesToStopRevealingDetailsOfCiscoFlaw.txt
05-07-31-NYT-SniffersLocateSecretsOnUnsecureSystems.txt
05-08-00-CACM-SpywarePosesMultipleThreatsToSecurity.txt
05-08-00-TodaysEngr-CongressToldUSFacingCybersecurityCrisis.txt
05-08-01-Wired-InterviewWithResearcherWhoRevealedDetailsOfCiscoFlaw.txt
05-08-02-NetWorld-GoogleCanBeUsedToFindSitesToIntrude.txt
05-08-03-CNETNews-ManyDNSServersVulnerableToDNSCachePoisoning.txt
05-08-03-eWeek-SpeakerVerificationCouldProvideComputerSecurity.txt
05-08-03-Slashdot-CiscoWebsiteMayRequireNewPassword.txt
05-08-04-CNETNews-ComputerWormsCouldDodgeTraps.txt
05-08-04-SecFocus-GameMeasuresHackingSkill.txt
05-08-04-Stanford-ResearchersExtendBrowserToHelpProtectPasswords.txt
05-08-04-WashPost-VeriSignUsesExtremeSecurityMeasures.txt
05-08-05-Reuters-WirelessNetworksAreEasyPickingsForHackers.txt
05-08-09-InvestBusdaily-CriticsSayComputerSecurityStillLags.txt
05-08-11-CompWorld-NewEnergyBillHasCybersecurityRepercussions.txt
05-08-11-CompWorld-USDHSHeadChertoff-BusinessNeedToFocusOnCybersecurity.txt
05-08-15-FedCompWeek-NISTCreatesOnLineCybersecurityDatabase.txt
05-08-17-Reuters-NewVirusesAttackABCNewsComputers.txt
05-08-18-ABCNews-WarOfWormsLaunchesLatestCyberAttack.txt
05-08-22-CSMonitor-HackerSoftwareFightsHackerSoftware.txt
05-08-22-InvestBusDaily-DataBreachesInspireCongressionalAction.txt
05-08-23-NewsFact-IncreasingInternetSecurityMightUndermineInfrastructure.txt
05-08-24-InfoWeek-CyberIncidentDetectionAndDataAnalysisCentersWarnsOnCybersecurity.txt
05-08-25-WashPost-AttacksOnUnclassifiedUSGovernmentSitesComingFromChina.txt
05-08-26-LosAlamosMon-LANLComputersWithstandDailyCyberAttacks.txt
05-08-27-GovtCompNews-DHSTakingCrossSectorApproachToCyberSecurity.txt
05-08-29-CompWorld-DistanceDetectionMayHelpSecureWiFi.txt
05-08-29-InfoWeek-CybersecurityThreatsGetNastierAndDoneForFinancialGain.txt
05-08-30-ITObserver-TheFutureOfComputerWorms.txt
05-09-00-CACM-DataSecurityAndGovernmentRegulations.txt
05-09-00-CardTech-ElectronicPassportsDebutAmidSecurityConcerns.txt
05-09-00-SoftDev-SecuritySoftwareASourceOfAttacks.txt
05-09-02-CompWorld-TrevorBarrBelievesChaosWillRuleInternetIn2010.txt
05-09-02-ZDNetAus-MSClaimsSecureDevelopmentSuccess.txt
05-09-05-NetWorld-UsingGoogleToFacilitateHacking.txt
05-09-05-Time-StoppingChineseCyberspies.txt
05-09-07-CNETNews-BugHuntersAndSoftwareFirmsInUneasyAlliance.txt
05-09-07-SecFocus-ResearcherIdentifiesICMPSecurityIssues.txt
05-09-09-ZDNet-MacUsersMustWakeUpToSecurity.txt
05-09-10-NewSci-BiometricsCarriesRisksAsWellAsRewards.txt
05-09-12-CompWorld-NewSoftwareCanDefendAgainstHighSpeedWorms.txt
05-09-12-OReilly-NextFiftyYearsOfCybersecurity-AlanCoxInterview.txt
05-09-13-WashPost-TeenPleadsGuiltyToHackingParisHiltonCellPhone.txt
05-09-14-SearchSec-DangerTheoryCouldAidIntrusionDetection.txt
05-09-15-CIOMag-GlobalStateOfInformationSecurity2005.txt
05-09-16-PCWorld-CongressWondersIfCrucialNetworksAreProtected.txt
05-09-16-SJMerc-AudioRecordingsOfKeystrokesYieldUsersInput.txt
05-09-18-LATimes-ManyTypesOfKeystrokeMonitoringSchemesAvailable.txt
05-09-23-ChronHigherEd-CollegeStudentsAttendCybersecurityBootCamp.txt
05-09-26-InfoWorld-TheEscalatingCybersecurityArmsRace.txt
05-09-27-CompWorld-RepLungrenWontRuleOutCybersecurityRegulation.txt
05-09-30-USACM-CyberCrimeOnRise.txt
05-09-30-USACM-SneateJudiciaryCommitteeHoldsHearings.txt
05-10-05-NYT-InnundatingSystemWithTextMesageSpamCouldDisableCellPhones.txt
05-10-07-NIST-ThreatAnalysisWorkshop.txt
05-10-10-CNETNews-WillUSCybersecurityBecomeNextFEMA-LikeDisaster.txt
05-10-13-InfoWorld-VoIPMayHaveSecurityVulnerabilities.txt
05-10-17-eWeek-CybersecurityThreatsGetMoreSophisticated.txt
05-10-19-WashTech-HurricanesPostponeDHSCyberStormExercise.txt
05-10-20-Wired-ShouldProgrammersBeHeldResponsibleForTheCodeTheyWrite.txt
05-10-27-NJTechDaily-CyberSecurityIndustryAllianceUrgesWhiteHousePriority.txt
05-10-28-CompWorld-IBMResearchersDevelopWhiteListApproachToUnknownPrograms.txt
05-10-28-SJMerc-WebBankingToGetSecurityUpgrades.txt
05-10-29-NewSci-AttacksOnQuantumComputersInevitable.txt
05-10-31-eWeek-MSProjectsShowSeriousAboutSecurity.txt
05-10-31-USACM-USACMChairWarnsAgainstUnderfundingResearch.txt
05-11-00-CACM-DetectionAndPreventionOfStackBufferOverflowAttacks.txt
05-11-00-EETimes-MetcalfOnTheInternet-SecurityAndSpam.txt
05-11-01-CNETNews-USConsidersNewDigitalSignatureStandard.txt
05-11-04-SJMerc-ArrestInZombieNetworkCase.txt
05-11-07-CNETNews-DHSCybersecurityPlanIsVague.txt
05-11-07-ISTResults-SecurityAndPrivacyIssuesInMobileCommunications.txt
05-11-10-SearchDec-TrojansTargetSonyRootkitDRMAndWindowsGraphics.txt
05-11-10-Sophos-TrojanHorseExploitsSonyDRMCopyProtection.txt
05-11-14-Felten-SonyRootkitUninstallerOpensBigSecurityHole.txt
05-11-14-InfoWeek-ITProsBeingTrainedToThinkLikeHackers.txt
05-11-15-SJMerc-ResearchersSayRemovalOfSonyRootkitCompromisesSecurity.txt
05-11-16-FinTimes-USRelyingOnPrivateCompaniesToCounterCyberterrorism.txt
05-11-16-InfoWeek-IowaStateHoldsAntiHackerCompetition.txt
05-11-24-SiliconCom-ExpertsRevealChineseHackersAtttackingUSComputers.txt
05-11-28-InfoWeek-ApplicationsAreNewTargetOfCyberAttacks.txt
05-11-28-ISTRes-SecurityExpertsInitiative-SeemlessSecurity.txt
05-11-29-BusWire-Study-PCUsersBelieveBiometricsWillMakeComputersMoreSecure.txt
05-11-29-PCWorld-ExpertSaysMoreSophisticatedInternetAttacksLikely.txt
05-12-00-ACMQueue-CrossSiteScriptingAttackHitsMySpace.txt
05-12-00-AusPCWorld-NewFormsOfAttacks.txt
05-12-00-CACM-BiometricsPromisingSecurityImprovement-MustOvercomeTechnicalAndSocialChallenges.txt
05-12-00-CACM-DirectionsForSecurityAndPrivacyForSemanticEBusinessApplications.txt
05-12-00-CACM-IdentifyingAndDefendingAgainstPortrelatedVulnerabilities.txt
05-12-00-CACM-SecureKnowledgeManagementAndTheSemanticWeb.txt
05-12-00-OptimizeMag-TeamingUpToTackleRiskMgmt.txt
05-12-01-CompBusRev-SecureDNSFacesResistance.txt
05-12-01-NewSci-NewSolutionsToVirusProblemOfferHope.txt
05-12-05-BusWeek-ComputersMightFixProblemsAutomatically.txt
05-12-05-InfoWeek-ITDepartmentsUnderfundedAndUnderstaffed.txt
05-12-06-CNETNews-9-11PanelsFaultsGovernmentOnCybersecurity.txt
05-12-06-CNETNews-IMWormRepliesToUsers.txt
05-12-06-Wired-ResearcherFindsCiscoRouterBugs.txt
05-12-07-CompWorld-IMWormRepliesToUsers.txt
05-12-07-CompWorld-PortScansNotAlwaysAttacksOnComputers.txt
05-12-07-Yahoo-IntelWorkingOnRootkitDetection.txt
05-12-09-ClarksonU-VulnerabititiesOfBiometricSystemsStudied.txt
05-12-12-CNETNews-SecureSocketLayerToGetHighAssuranceCertificates.txt
05-12-13-FinTimes-USOffiicalSaysTechLeadershipKeyToCybersecurity.txt
05-12-13-WashPost-TechIndustyGroupBlastsUSLeadershipOnCybersecurity.txt
05-12-19-TechRev-TheInternetIsBroken.txt
05-12-19-WashPost-SecurityFirmGuidanceCustomerDatabaseBrokenInto.txt
05-12-20-TechRev-TheInternetIsBroken.txt
05-12-26-USAToday-NewCyberattacksAimedAtCorporateEspionage.txt
05-12-29-SJMerc-OregonManPleadsGuityToCyberattcks.txt
05-12-31-TelecomWeb-HouseDemsReleaseCriticalReportOnDHSCybersecurity.txt
05-12-31-USACM-USACMChairCommentsOnDODCybersecurity.txt
05-USACM-DataSecurityLegislationMovingForwardInCongress.txt
06-01-00-ACMInteractions-PeopleGiveUpTheirPasswardsTooEasily.txt
06-01-00-ACMUbiquity-KeepingInformationSecure.txt
06-01-00-CACM-UsablePrivacyAndSecurityForPersonalInformationManagement.txt
06-01-00-CACM-UsingCostBenefitAnalysisInBudgetingForCyberSecurity.txt
06-01-00-IEEEInternetComp-DenialOfServiceAttackDetectionTechiques.txt
06-01-01-CampusTech-SetGoalsForVulnerabilityScanners.txt
06-01-03-CompWorld-RSACEOSeesLackOfUSCybersecurityLeadership.txt
06-01-05-RedHerring-MSToReleaseSecurityFixEarly.txt
06-01-05-SecFocus-SecurityFlawsOnTheRise.txt
06-01-10-CNETNews-USHomelandSecuritySupportsOpenSourceBugHunt.txt
06-01-10-Symantec-NortonProtectedRecycleBinHasHiddenFile.txt
06-01-10-Telephony-HomelandSecurityConferenceFocusesOnCollaboration.txt
06-01-11-eWeek-NortonProtectedRecycleBinHasHiddenFile.txt
06-01-11-SearchSec-FBISaysCyberAttacksSucceeding.txt
06-01-15-SFChron-USMoreVulnerableToTerroristCyberAttacks.txt
06-01-17-CyberIndia-USAndIndiaAgreeToWorkTogetherOnCybersecurity.txt
06-01-19-CNETNews-CyberCrimeCostsUSBusiness67BDollars.txt
06-01-22-KCStar-ManySayInternetNeedsRedoingForBetterSecurity.txt
06-01-23-SJMerc-HackerPleadsGuiltyToProvidingAttackNetwork.txt
06-01-24-USACM-LetterToCongressUrgingBroaderViewOfDataSecurity.txt
06-01-25-FedCompWeek-Panel-CybercrimeWillIncrease.txt
06-01-25-SJMerc-StopBadSWCoalitionToIdentifyCompanies.txt
06-01-25-WashPost-StopBadSWCoalitionToIdentifyCompanies.txt
06-01-27-CompReseller_AllchinDiscussesMSVistaSecurity.txt
06-01-28-MilInfoTech-DesigningARoadmapForCybersecurity.txt
06-01-30-FinTimes-CompputerVirusesAdvanceOver20YearsAgo.txt
06-01-31-ISNSecNews-GovtRegulationNotTheAnswerToNetSecurity.txt
06-01-31-SJMerc-CME-24WormSetToCorruptDocumentFiles.txt
06-01-31-TechWorld-BrowserCookieHandlingCouldLeadToAttacks.txt
06-02-00-CACM-InvestigatingSophisticatedCyberSecurityBreaches.txt
06-02-00-CACM-StateAndLocalLawEnforcementNotReadyForCyberSecurity.txt
06-02-02-BusWeek-MoreWorkNeededToStopCybercrime.txt
06-02-03-CNN-UsersPracticeSafeComputingToAvoidKamaSutraWormDamage.txt
06-02-03-SJMerc-KamaSutraWormCausesLittledamageSoFar.txt
06-02-03-TMCnet-BeneficialWormsToTrackDownAndEliminateMaliciousWorms.txt
06-02-07-AP-MSWillOfferNewPaidSecuritySubscriptionService.txt
06-02-07-SecFocus-SchmooCon-AppleTargetForHackers.txt
06-02-08-SecFocus-AppleComputerWithOS-XDisabledByAttack.txt
06-02-08-ZDNet-SecurityExpertsReportOnStateOfCybersecurityAtDemo2006.txt
06-02-09-AP-NewGoogleFeatureTransfersUsersHardDriveData.txt
06-02-09-AP-USAirPassengerScreeningPlanSuspended.txt
06-02-10-AP-USWrapsCyberStormExerciseTestingInternetDefenses.txt
06-02-13-SJMerc-VoIPCallsCanBeHackedSpammedAndSavedOnServers.txt
06-02-14-AP-GatesOutlinesStepsToImproveComputerSecurity.txt
06-02-14-EETimes-CryptoExpertsSaysRFIDTagsCanBeCrackedWithCellphone.txt
06-02-14-FinTimes-GatesDefendsVisionOnInternetSecurity.txt
06-02-14-SJMerc-GatesOutlinesStepsToImproveComputerSecurity.txt
06-02-15-PanelOfexpertsSeesProgressInCybersecurity.txt
06-02-15-SJMerc-AreComputerSecurityCompaniesSucceedingInProvidingProtection.txt
06-02-15-SJMerc-GatesUnveilsNewPCSecurity-SeesEndOfPasswords.txt
06-02-16-AP-AppleHackersEncounterPoeticWarning.txt
06-02-16-SJMerc-FBIChiefAsksTechForHelpOnCriminalHacking.txt
06-02-16-TechRev-SecurityExpertsReadyToFightBackWithCryptography.txt
06-02-19-WashPost-HackersHijackingThousandsOfPCs.txt
06-02-21-RedHerring-GartnerSuggestsDisablingGoogleSearchFeature.txt
06-02-21-UMass-OnlineShoppingHazards.txt
06-02-24-ScienceMag-ACareerInComputerSecurity.txt
06-02-24-SJMerc-McAfeeEmployeeDataLost-NotEncrypted.txt
06-03-00-InfoToday-GraphicalPasswordsPromiseEasierUse.txt
06-03-01-SCMag-DHSCyberSecurityExecDescribesMission.txt
06-03-05-NYT-NeighborsPiggybackOnOthersWiFi.txt
06-03-06-ElecWeekly-HackersAccessSmartcardInformation.txt
06-03-06-ZDNet-MacOSXHackedInUnderThirtyMinutes.txt
06-03-07-SearchSec-NSF-TRUSTProject-MultipleUniversities.txt
06-03-10-eWeel-VirtualMachineMonitorRootkits.txt
06-03-13-InfoWorld-SecurityHoleFoundInGnuPGCryptoProgram.txt
06-03-15-GovExec-CongressionalReportRatesUSGovtOrganizationsCybersecurityAsDismal.txt
06-03-15-NYT-Study-RFIDChipsVulnerableToHacking.txt
06-03-16-AP-ICANNToLookAtUsingDNSNameServersToAttackWebsites.txt
06-03-16-InfoWeek-Researcher-RFIDsVulnerableToViruses.txt
06-03-17-ITMgmt-CongressionalReportRatesUSGovtOrganizationsCybersecurityAsDismal.txt
06-03-23-SJMerc-FidelitySaysRecordsFor196KH-PEmployeesOnStolenLaptop.txt
06-03-24-AP-UsingDNSNameServersToAttackWebsites.txt
06-03-24-SJMerc-LossOfLaptopsAGrowingProblem.txt
06-03-27-WashTech-ITCoordinationCouncilDraftsCyberattackResponse.txt
06-04-00-ACMQueue-MonitoringOutboundNetworkConnections-ExtrusionDetection.txt
06-04-00-CACM-BiometricAppliancesOfferedForSale.txt
06-04-00-EnterNetsAndServers-TestbedsBoostCyberSecurityResearch.txt
06-04-00-NatlSciAndTechCouncil-FederalPlanForCyberSecurity.txt
06-04-03-CompBusRev-USGovtTakesInterestInDenialOfServiceAttacks.txt
06-04-04-NSF-NSFFundsStudiesOfVoIPSecurity.txt
06-04-04-USACM-DataSecurityLegislationInchesForward.txt
06-04-05-PCWorld-WillNewBillsProtectYourPersonalData.txt
06-04-07-ByteAndSwitch-ITManagersWarnedOfSmartViruses.txt
06-04-07-CompWorld-SecurityRisksInWebServicesIgnored.txt
06-04-07-UBuffalo-SpaffordToDiscussCybersecurityCrisis.txt
06-04-10-GovExec-RepDavisMayRevisitComputerSecurityLaw.txt
06-04-11-AP-OnlineVoteOnWashStateQuarterSuspended.txt
06-04-17-GovtCompNews-USDHSStillGearingUpResponseToCyberthreats.txt
06-04-18-GovtCompNews-DebateOverWhetherDevelopersOrUsersCauseSecurityProblems.txt
06-04-20-AP-WestchesterCtyToRequireWirelessNetworkSecurity.txt
06-04-21-CNETNews-AuthenticatingEmailCanBreakIt.txt
06-04-24-AP-MacUsersFaceGrowingSecurityRisk.txt
06-04-25-NatlJ-CouncilReleasesPlanForCybersecurityResearch.txt
06-04-26-CompWorld-BugsPutWidelyUsedDNSSoftwareAtRisk.txt
06-04-27-UIllinois-NewSoftwareAllowsPrivacyAndSecurityInSharingNetworkConnection.txt
06-04-28-BBC-DNSServersOpenToAttack.txt
06-05-00-ACMInteractions-EvaluatingSecurityAndPrivacyIndicators.txt
06-05-00-ACMInteractions-HumanComputerInteractionAndFeelingSecure.txt
06-05-00-ACMInteractions-HumanComputerInterfacesCanPromoteSecurity.txt
06-05-00-ACMInteractions-IntroductionToHumanComputerInterfacesAndSecurity.txt
06-05-00-ACMInteractions-IsUsableSecurityAnOxymoron-HumanComputerInteractionIssues.txt
06-05-00-ACMInteractions-MinimalFeedbackHintsForRememberingPasswords.txt
06-05-00-ACMInteractions-UserInterfaceDesign-EvaluatingSecurityAndPrivacyIndicators.txt
06-05-00-ACMInteractions-UsingHumanComputerInterfacesToPromoteSecurity.txt
06-05-00-ACMInterations-KeepingUsersAwayFromDangerousThigsOrPermittingDoingThingsSafely.txt
06-05-00-CACM-DecidingWhetherToDownloadOrNot.txt
06-05-00-CornellU-DNSNamingSystemIsNotSecure.txt
06-05-01-FedCompWeek-CybersecurityPlanIdentifiesResearchThreats.txt
06-05-01-GovtCompNews-ExpertSaysGovtNeedsBetterOrganizationAndFocus.txt
06-05-05-AP-CAManPleadsGuiltyToComputerAttacks.txt
06-05-05-BBC-NASAHackerSuspectFearedUFOCoverup.txt
06-05-05-NetWorld-USDataDataBreachNotificationLawUnlikelyThisYear.txt
06-05-08-CornellUniv-SurveyOfDNSSecurity-VulnerableAndBaluableAssets.txt
06-05-10-AP-BritishCourtOKsExtraditionOfHackerSuspectToUS.txt
06-05-11-eWeek-AJAX-AsyncJavaScriptAndXML-TacklesSecurity.txt
06-05-11-eWeek-MSResearchersDevelopingAutomatedMalwareClassification.txt
06-05-12-NewSci-MashupWebsitesAreHackersDreamComeTrue.txt
06-05-14-Reuters-CyberThreatsToUSBusinessGrowMoreDangerous.txt
06-05-16-ZDNetr-BadSecurity-EveryoneDoesIt.txt
06-05-19-InfoWorld-ResearchersSaySpendMoreToProtectSeriousAttacks.txt
06-05-19-ITNews-USDHSBashesRFIDToTrackPeople.txt
06-05-19-MasseyUniv-HackingUsingGoogleBigProblem.txt
06-05-22-NetWorld-SecurityExpertRecommendsNetDiversity.txt
06-05-22-USACM-VALaptopWithPersonalInformationStolen.txt
06-05-22-VetAffairs-VALaptopWithPersonalInformationStolen.txt
06-05-24-EEYE-RemotelyExploitableVulnerabilityExistsInSymantecAntivirusProgram.txt
06-05-25-AP-SymantecAntivirusSoftwareExposesCustomerComputers.txt
06-05-25-AP-VADiscoversTheftOfPersonalDataForMillionsOfVeterans.txt
06-05-25-AP-VAEmployeeImproperlyTookDataHome.txt
06-05-25-CNET-MPAAAccusedOfHiringHacker.txt
06-05-25-eWeek-SymantecAntiVirusWormHolePutsCustomersAtRisk.txt
06-05-26-AP-MPAAAccusedOfHiringHacker.txt
06-05-29-BusWeek-CybercrooksAreStealingBillions.txt
06-06-00-ACMCrossroads-TrustedP2PFileSharingApplications.txt
06-06-00-CACM-AcademicFreedomANdTheHackerEthic.txt
06-06-00-CACM-ComplexityAndFeedbackHighlightsNeedForBetterFailureModes.txt
06-06-00-CACM-ComputersAreVeryVulnerableInWirelessHotspots.txt
06-06-00-CACM-MeansSoughtToDetectAndPreventSecurityVulnerabilitiesFromBeingExploited.txt
06-06-00-CACM-ThinkLikeAnAttackerNotLegally.txt
06-06-00-CACM-WhiteHatHackingAcrossTheDomainNameSystem.txt
06-06-00-CACM-WirelessHotspotsCauseManySecurityProblems.txt
06-06-01-AP-PersonalDataOnOverOneMillionLostByStudentLoanCompany.txt
06-06-01-ConcordiaJ-SecurityResearchersToProduceNewTools.txt
06-06-01-NZHerald-ComputerNetworksVulnerableToTerroristAttacks.txt
06-06-01-Schneier-BadSecurity-EveryoneDoesIt.txt
06-06-02-AP-SwedishPoliceComputerShutDownByAttack.txt
06-06-06-FtWorthST-CompaniesSeenAsLaxOnProtectingData.txt
06-06-06-USACM-VALosesPersonalInfoOnVeterans.txt
06-06-07-NYT-ArrestMadeInHackingSchemeToResellnternetPhoneService.txt
06-06-08-MiamiHerald-ArrestMadeInVoIPHackingScheme.txt
06-06-10-AP-HackersGetSSNsFor1500OnDOEComputers.txt
06-06-12-AP-VirusTargetsWinnyFileSharingProgram.txt
06-06-12-CNET-MSSaysRootkitInfectedZombieComputersMostPrevalentThreat.txt
06-06-12-eWeek-MSSaysRootkitInfectedZombieComputersMostPrevalentThreat.txt
06-06-12-eWeek-SecurityOnusIsOnSoftwareDevelopers.txt
06-06-12-FedCompWeek-IsTheNationalStrategyToSecureCyberspaceStillRelevant.txt
06-06-13-AP-YahooSaysMaliciousEmailWormContained.txt
06-06-14-ACMCrossroads-ProblemsWithWiFiSecurity.txt
06-06-19-AP-MSConfirmsVulnerabilityInExcel.txt
06-06-19-AP-PettyThievesBiggerThreatToDataSecurityThanHackers.txt
06-06-19-ITWeek-DomainNameSystemDNSDefencesNeedStrengthening.txt
06-06-26-CNET-BusinessRoundtableWarmsOfInternetOutage.txt
06-06-26-GovtCompNews-ITExecutivesPushToGuardInternet.txt
06-06-29-FedCompWeek-BushAdminRandDMemoStressesCompetitivenesAndCybersecurity.txt
06-07-00-CACM-AnImprovedTrustModelGoesBeyondSecurity.txt
06-07-00-IEEESecAndPrivacy-IntrusionTolerantMiddleware.txt
06-07-05-CompWorld-ResearchersClaimWorkaroundForChinaFirewall.txt
06-07-05-NetWorld-DOEFederatedModelTriesToIdentifySecurityThreats.txt
06-07-06-USACM-SpaffordTestifiesAboutVADataBreach.txt
06-07-09-ISTResults-EULaunchesInformationSecurityAndReliabilityInitiative.txt
06-07-10-ISTResults-SecurityProvidersPlayingCatchupUnCyberattacks.txt
06-07-11-AP-USStateDeptInvestigatingAttacksOnItsComputers.txt
06-07-12-OMB-MemoToAgenciesOnReportingIncidentsInvolvingPersonallyIdentifyingInformation.txt
06-07-14-AP-FBIComputerConsultatntAvoidsJailForStealingPasswords.txt
06-07-14-AP-McAfeeUrgesCustomersToUpdateItsFlawedSoftware.txt
06-07-19-ZDNet-80PercentOfProgramsCanDefeatAntivirusSoftware.txt
06-07-24-Wired-HackersOnPlanetEarthConference.txt
06-07-27-GovtCompNews-DHSSetsUpResearchGroupToStudyWhatHappensInCyberAttack.txt
06-07-28-CNET-SecurityBecomesAfterthoughtInWeb20.txt
06-07-31-AP-McAfeeSecuritySoftwareMayExposeSensitiveInformation.txt
06-08-01-AP-HackersAndSecurityExpertsMingleAtConferences.txt
06-08-04-CSIA-CyberSecurityIndustryAllianceSupportsEUConventionOnCybercrime.txt
06-08-06-AP-HackersgatherAtDefComToExploitComputerSecurityFlaws.txt
06-08-07-ISTResults-SolvingTheSecurityChallengeOfDynamicNetworks.txt
06-08-07-NSF-ResearchProgramOnDataConfidentiality.txt
06-08-09-AP-GoogleWarnsUsersAboutMaliciousWebsites.txt
06-08-09-AP-HomelandSecurityUrgesUsersToGetWindowsPatch.txt
06-08-10-CircleID-ALookAtDNSSecurityExtensions.txt
06-08-11-GovtCompNews-OMBPushingGovtAgenciesTowardStricterITSecurityAccoutability.txt
06-08-28-SJMerc-WhatNewUsersNeedToKnowAboutWiFiSecurity.txt
06-08-29-AP-TMobileHackerSentencedToYearOnHomeDetention.txt
06-09-01-InfoWeek-ResearchersReportFingerprintMethodForSecuringWiFiNetworks.txt
06-09-01-SDTimes-DHSLackOfAttentionToCybersecurityIsProblem.txt
06-09-03-eWeek-TheHuntForInfrastructureSecurityHoles.txt
06-09-04-eWeek-ExperimentalMaliciousCodeZapperForBrowser.txt
06-09-06-DarkReading-ResearchersChallengeDenialOfServiceAttackData.txt
06-09-07-InfoWorld-CyberSecurityLagsPost9-11.txt
06-09-08-CNET-AReportCardOnPost9-11AntiTerrorRechnology.txt
06-09-08-RFIDJ-NSFAwardsConsortiumGrantToImproveRFIDSecurity.txt
06-09-11-AP-AOLOffersUsersInsuranceAgainstIDTheftAndComputerDamage.txt
06-09-12-Sandia-ResearchersSayFingerprintingTechniqueDemosWirelessDeviceDriverVulnerabilities.txt
06-09-13-AP-FakeCyberAttackersWinDHSWarGame.txt
06-09-13-CompWorld-HouseCommQuestionsDHSPrepardnessForCyberAttacks.txt
06-09-13-eWeek-SimulatedAttacksRevealCybersecurityResponseFlaws.txt
06-09-18-AP-WhiteHouseSelectsCyberSecurityChiefAfterOneYearDelay.txt
06-09-18-USHouse-CongBoehlertPraisesGarciaAppointmentToUSDHSSecurityPosition.txt
06-09-22-AP-ActingDHSCybersecurityChiefContractorQuits.txt
06-09-22-AP-MissingCensusBureauLaptopsCreateLossOfPublicConfidence.txt
06-09-22-USHouse-CongDavisSaysCommerceDeptLaptopLossesShocking.txt
06-09-22-WashPost-1100LaptopsMissingFromCommerceDept-250FromCensusBureau.txt
06-09-25-GovtCompNews-USDHSExecToRaiseAwarenessOfCybersecurity.txt
06-09-28-OhipStateU-StudyShowsInternetToBeResilientAgainstCyberAttack.txt
06-09-28-PennStateU-IBMLedConsortiumSelectedToWorkOnWirelessAndRFIDSecurity.txt
06-10-00-CACM-VirtualMachinesMayNotProvideSecurity.txt
06-10-00-PopSci-NewIdeasMayMakeInternetSafeFromHackers.txt
06-10-02-SJMerc-CrooksAttackingLessSecureHomeComputers.txt
06-10-04-CNET-DomainNameSystemNotSecure.txt
06-10-04-UTexas-UTSAAwardedUSDHSCybersecurityGrant.txt
06-10-06-AP-OnelaptopPerChildComputerHasRevolutionarySecurityMeasures.txt
06-10-06-NewSci-TactilePasswordsCouldProvideGreaterSecurityInPublicEnvironments.txt
06-10-06-WashPost-HackersUsingChineseServersAttackUSDOCComputers.txt
06-10-10-Newswise-NewTechniqueEnablesSendingSecretMessagesOverInternet.txt
06-10-11-PCWorld-RealIDActsProblemsWithCostsPrivacyAndSecurity.txt
06-10-11-WiscTechNet-ProfSaysSafeInternetRequiresTotalNetworkSecurity.txt
06-10-12-CompWorldAus-SecuritySoftwareNeedsBetterUsability.txt
06-10-16-AP-TodaysVirusesAreLongTermThreats.txt
06-10-17-BusWire-W3CLaunchesSecureBrowsingInitiative.txt
06-10-23-NYT-ResearchersSeeProblemsWithNewRFIDCreditCards.txt
06-10-26-eWeek-AntVirusSoftwareIsIneffective.txt
06-10-27-Science-TheEconomicsOfInformationSecurity.txt
06-10-30-InfoWorld-SmallTafgetedAttacksAreTheNextWaveOfITSecurityProblems.txt
06-10-31-GovtCompNews-GAOSaysBetterCoordinationOfCybersecurityRandDNeeded.txt
06-11-00-ACMQueue-FictionalAccountOfTransitionFromHackerToBigTimeCriminal.txt
06-11-00-ACMQueue-HowWeHandleTheSecurityProblemWillHaveLastingEffectOnCOmputing.txt
06-11-00-CACM-DevelopingAnEffectivePlatformForDeterringNetworkAttacks.txt
06-11-02-Heise-VirusAuthorsUseWkipediaInSeveralWaysToSpreadViruses.txt
06-11-02-NetworkWorld-IETFChairSpeaksOutOnVPNsAndP2PSIP.txt
06-11-03-Sophos-VirusAuthorsUseWkipediaInSeveralWaysToSpreadViruses.txt
06-11-06-AP-ChileChargesForWithHackingGovernmentSitesAroundTheWorld.txt
06-11-06-AP-McAfeeHasNewSoftwareThatTriesToBlockAccessToProblemSites.txt
06-11-06-USACM-DataSecurityProblemsContinueToPlagueTheUSGovernment.txt
06-11-14-Wired-Bots-AutonomousPrograms-ALosingBattle.txt
06-11-15-AP-FormerexecChargedWithHackingIntoSourceMediaComputers.txt
06-11-15-IndianaUnivScientistsWorkingOnToolsToMakeWiFiMoreSecure.txt
06-11-17-TheGuardian-ComputerExpertCracksBritishElectronicPassportSecurity.txt
06-11-20-NewSci-MicrochipEncryptionProcessingMayRevealKeys.txt
06-11-23-NYT-AsHouseholdsBecomeIntegratedIntoInternetPotentialForDamageIncreases.txt
06-12-01-AP-RomanianIndictedOnHackingIntoUSGovernmentComputers.txt
06-12-01-AP-USWarnsOfPossibleAttackOnFinancialWebsites.txt
06-12-05-AP-HackersAttackUSNavalWarCollegeComputerNetwork.txt
06-12-07-UnivOfDelaware-SpaffordAddressesCybersecurityThreats.txt
06-12-10-AP-WindowsSecurityImprovementsWontMakeOnlineLifeSaver.txt
06-12-12-LinuxDotCom-SystemsShouldBeSecurelyConfiguredFromTheBeginning.txt
06-12-14-AP-PersonalDataCompromisedAtUTDallas.txt
06-12-15-AP-WormAttacksComputersViaSymantecAntivirusProgram.txt
06-12-18-SecFocus-PHPSecurityApplicationsNeedBetterSecurity.txt
06-12-19-AP-DisgruntledEmployeePlantedElectronicBombInPrescriptionManagementCompanyComputers.txt
06-12-21-WSJ-BiometricSecurityDevicesAreFarFromFoolproof.txt
06-12-24-AP-WebSafeSecurityMarkFeaturesEludeSmallOnlineMerchants.txt
06-12-26-UnivOfMass-ResearcherSaysNotReusingMemoryWouldMakeComputersMoreSecure.txt
06-12-29-Wired-ComputersClockSkewCanBeUsedToIdentifySpecificComputers.txt
06-12-30-TechNewsWorld-PredictingTopSecurityThreatsFor2007.txt
07-01-00-CACM-OpenSourceSoftwareIsTheMostSecure.txt
07-01-03-ResearchersSayAdobeAcrobatReaderHasSecurityVulnerabilities.txt
07-01-03-SJMerc--2006SawMoreSophisticatedCriminalAcitvityOnComputers.txt
07-01-07-NatlJ-FederalDataSecurityStandardsAgainInDanger.txt
07-01-07-NYT-ZombieComputersAGrowingThreat.txt
07-01-08-CompWorld-IntelDevelopsWaysForSystemsToAdaptToSecurityChallenges.txt
07-01-16-Bus2-MustKnowSecurityInsightsFor2007.txt
07-01-16-GovtExec-AdvidsoryCouncilCallsForMoreCollaborationWithPrivateSector.txt
07-01-17-APRetailerMarshallsReportsCustomerDataTheft.txt
07-01-18-AP-eBayTightensSecurityPrecautions.txt
07-01-19-AP-VirusSpreadsDisguisedAsEuropeanStorms.txt
07-01-19-ZDNetUK-LinuxDeveloperArguesAgainstSecurityLiability.txt
07-01-20-ITBus-CodeObfuscationTechniquesBeingUsedByHackers.txt
07-01-21-AP-HackersAttackGorbachevWebsite.txt
07-01-21-AP-SpammersUseEuropeanStormInterestToSendVirus.txt
07-01-23-CNET-StormWormTrojanHorseProliferates.txt
07-01-25-BBCNews-CriminalsControllingMillionsOfComputersThreatenInternetFuture.txt
07-01-26-Fosters-ResearchersDevelopComputerModelForCyberSecurityThreats.txt
07-01-29-MedisNews-PotentialCyberAttacksWorriesExpert.txt
07-01-29-UMassCollegian-ScientistProgramCombatsHackers.txt
07-01-30-NYT-MSOffersBountyForFindingVistaBugs.txt
07-02-00-ACMQueue-UnderstandingHowRootkitsHideProcessesAndFilesFromDetection.txt
07-02-00-CACM-ApproachingITSecurityAsAnEngineeringAndManagementProblem.txt
07-02-01-DarkReading-SchneierToDiscussInteracrtionBetweenPsychologyAndSecurity.txt
07-02-03-MichStNews-SurveyFindsOnly10PercentOnInternetUsersConfidentOfTheirSecurity.txt
07-02-06-AP-HackersOverwhelmAtLeast3Of13InternetTrafficComputers.txt
07-02-06-AP-MSGatesSaysBiggestChallengeIsKeepingDataSecure.txt
07-02-06-PRNewswire-UmarylandStudySaysComputersAttackedEvery39Seconds.txt
07-02-07-AP-HackersOverwhelmAtLeast3Of13InternetTrafficComputers.txt
07-02-07-OpenID-UsersCanHaveUniversalIdentifierAndProtectPasswords.txt
07-02-07-SJMerc-MSDescribesNewSecurityTechnologoes.txt
07-02-08-NetWorld-USDODPreparedToRetaliateToCyberAttack.txt
07-02-09-InfoWorld-NewUSCybersecurityChiefProvidesGuidance.txt
07-02-12-CompWorld-WillSpamVirusesAndBotnetsDestryTheInternet.txt
07-02-12-InfoWorld-USDHSReadyingCybersecurityTest.txt
07-02-12-SJMerc-LaptopsAtRSASecurityConferenceFoundVulnerableToAttacks.txt
07-02-15-AP-TRUSTeCertifiesFirstDownloadableProgramsAsSafe.txt
07-02-20-CNET-USDHSCyberSecurityChiefWantsCongressToDeviseWaysToPromoteAdoptionOfSecurityTechnologies.txt
07-02-22-TechDaily-USDHSCybersecurityHeadSeesChallengesAhead.txt
07-03-00-CACM-PoorInformationSecurityDerivesFromRiskBasedApproach.txt
07-03-00-Symantec-InternetSecurityThreatReport.txt
07-03-01-eWeek-DemosShowPowerfulNewHackingTechniques.txt
07-03-01-NetWorld-PoorCodeInWebApplicationsLeavesThemVulnerable.txt
07-03-07-HoneyBlog-Puppetnets-MisusingWebBrowsersToAttackComputers.txt
07-03-12-AP-3FromIndiaIndictedForHackingBrokerageAccountsToPumpUpStockValues.txt
07-03-12-UWash-2BPersonalRecordsCompromised-HackersNotAlwaysToBlame.txt
07-03-14-USAToday-ChineseHackersLikelyBehindAttackOnUSMilitaryComputers.txt
07-03-19-StanfordCIS-2BPersonalRecordsCompromised-HackersNotAlwaysToBlame.txt
07-03-21-CNET-JavaScriptProgramJiktoWillMakePCsHuntForEntryIntoComputers.txt
07-03-23-QuennslandUnivOfTech-SearchEngineRankingsGiveMaliciousSitesHighRankings.txt
07-03-28-NetWorld-QandAWithIABChairOnDNSSecurityAndOtherIssues.txt
07-03-30-WashPost-HackersSteal46MCreditCardsDataFromTJX.txt
07-04-00-ACMQueue-TheEvolutionOfSecurity.txt
07-04-00-CACM-AnalysisOnIntrusionPreventionDataForPredictingHostileActivity.txt
07-04-04-InfoWorld-SecurityResearchesDiscoverFasterWayToCrackWiFiWEP.txt
07-04-05-TechDaily-BiggestThreatToInternetCouldBeMassiveVirtualBlackout.txt
07-04-10-VaTech-NewResearchToProtectPersonalInformationFromThjeftAndAbuse.txt
07-04-12-UPI-USGovtPlansToImplementANewInternetSecurityRegime.txt
07-04-13-Dartmouth-DartmouthCyberSecurityProjectGetsUSDHSResearchFunding.txt
07-04-13-SJMerc-StormWormEmailVirusReturns.txt
07-04-16-InfoWorld-P2PWormsAndBotnetsIncreasing.txt
07-04-17-eWeek-SecurityRemainsAChallengeForBrowserDevelopers.txt
07-04-19-WashPost-USGovernmentComputersTargetedAtUnprecidentedScale.txt
07-04-25-MSAndACM-BotnetBrownBagSession.txt
07-05-00-ACMQueue-HarwiredHomeNetworksAreBetterThanWireless.txt
07-05-01-CFP2007-ComputersFreedomAndPrivacyConference.txt
07-05-05-NewSci-FirewallsAndAntivirusProgramsDoNotExamineBrowserDownloadedMaterial.txt
07-05-07-TechDaily-USDHSAdvisoryPanelProposalsForRealIDActDocuments.txt
07-05-08-ACM-USACMProposesDelayInRealIDImplementationToAssurePrivacyAndSecurity.txt
07-05-08-AP-UnivOfMissouriStudentDataCompromised.txt
07-05-08-USACM-USACMBriefsLawmakersAboutBotnetThreats.txt
07-05-09-eWeek-JavaSecurityProblemsGettingWorse.txt
07-05-11-IdahoNatlLab-CriticalInfrastructureInSeriousJepardyFromHackerAttacks.txt
07-05-14-NetWorld-OffensiveTEchnologiesUsedToSecureComputerNetworks.txt
07-05-16-InternetWormAttackedVoterDatabaseInFloridaDuringEarlyVoting.txt
07-05-17-AP-EstonianOfficialSuggestsRussianRoleInCyberAttacks.txt
07-05-17-TimesOnline-GovernmentsPrepareForInternetBasedAttackOnInfrastructure.txt
07-05-18-SyracuseUniv-ResearchersPublishPlanToDecentralizeDNSWithDNSSecurityExtensions.txt
07-05-18-WashInternetDaily-DNSSecurityExtensionsCostlyInternetGovernanceProjectTold.txt
07-05-19-WashPost-EstoniaSubjectOfMassiveCyberAttacks.txt
07-05-21-FedCompWeek-USDHSSeeksCybersecurityResearchWhitePapers.txt
07-05-22-CompWorld-USDHAPublishesSectorSpecificPlanForSecureITInfrastructure.txt
07-05-22-KansasCityInfoZine-BetterSecurityWouldLeadToMoreInternetApplications.txt
07-05-22-PressDemo-SonomaStateProfessorDefendsTeachingVirusProgramming.txt
07-05-23-CompWorldAus-GlobalNatureOfSoftwareDevelopmentRaisesSecurityIssues.txt
07-05-23-SecSearch-SixSecurityResearchersWorkingBehindTheScenes.txt
07-05-24-CarnegieMellonUniv-CompScientistsUsesCAPTCHATechnologyToImproveSecurityAndScannedTextSearchability.txt
07-05-24-eGovMonitor-NovInternetGovernanceForumToAddressAccessAndSecurityIssues.txt
07-05-24-UWisc-ResearchersTryToStayOneStepAheadOfVirusCreators.txt
07-05-28-WashTech-RealIDCouldCreateSecurityAndPrivacyIssues.txt
07-05-29-NYT-EstonianDataSiegeLooksLikeCyberWarfare.txt
07-05-30-eWeek-ChineseMilitaryPreparesForCyberWarfareFirstStrike.txt
07-05-30-NewSci-P2PFileSharingNetworksBeingSubvertedForWebAttacks.txt
07-06-00-CACM-DevelopersAreResponsibleForSystemRisks.txt
07-06-00-CACM-DNSSEC-DNSSecurityExtensionsAndSecuringInternetInfrastructure.txt
07-06-00-FTC-HackersAndSpammersMayBeUsingYourComputer.txt
07-06-00-USGAO-ReportOnOnSocialSecurityNumberSecurity.txt
07-06-02-InfoWeek-NewDigitalIdentitySystemsAreMoreComprehensive.txt
07-06-04-AP-SearchTermsRelatedToMusicAndTechMostLikelyToReturnSitesWithMaliciousCode.txt
07-06-04-FedCompWeek-USDHSSeeksCyberSecurityResearchInNineAreas.txt
07-06-05-ArsTechnica-ExpertsSayGovernmentInvolvementNeededToCombatPhishing.txt
07-06-05-WSJ-ResearchersSayAttacksOnDNSRootServersThreatenGlobalEconomy.txt
07-06-07-ACM-ExpertUrgesIdentityVerificationSafeguardsForElmployeeElegibilitySystems.txt
07-06-07-AScribeNewswire-ExpertUrgesIdentityVerificationSafeguardsForEmployeeElicibilitySystems.txt
07-06-07-CSMonitor-CouldUSRepelCyberattack.txt
07-06-07-NetWorld-NewAntivirusTechnologyReliesOnSystemStateChanges.txt
07-06-07-USACM-ExpertUrgesIdentityVerificationSafeguardsForEmployeeElicibilitySystems.txt
07-06-08-DarkReading-AntiHackingLawsThreatenWebSecurityResearchers.txt
07-06-11-ChicTrib-ResearchersDevelopingHardwareToProtectComputerDataByUniqueSignature.txt
07-06-12-AP-MSFixesSecirityFlawsInWindowsIE.txt
07-06-12-Guardian-SafariForWindowsHasSecurityIssues.txt
07-06-12-Larholm-SafariForWindowsHasSecurityIssues.txt
07-06-13-AP-FBISyasMillionsOfComputersAreControlledByHackers.txt
07-06-13-PCWorld-SafariForWindowsHasSecurityIssues.txt
07-06-13-TheReg-FBIIdentifiesMillionthIpAddressOfCompromisedComputers.txt
07-06-14-FBI-HowToKeepYourComputerSafeWhileOnline.txt
07-06-16-NewSci-ConsutantSaysInternetSecurityCouldBeImprovedIfResearchersHadFinancialIncentives.txt
07-06-18-CongQuarterly-USShouldDrawWarningFromEstonianCyberAttacks.txt
07-06-18-USAToday-NATOConsidersSafetyAgainstCyberAttacks.txt
07-06-20-AP-FranceBansGovernmentOfficialsBlackBerryUseCitingSecurityIssues.txt
07-06-20-AP-USDHSAcknowledgesComputerBreakIns.txt
07-06-20-ArsTechnica-ReportWarnsAdvancedAuthenticationSystemsNotAsEffectiveAsClaimed.txt
07-06-20-BBC-FranceBansGovernmentOfficialsBlackBerryUseCitingSecurityIssues.txt
07-06-21-AP-OhioComputerTapeWithTaxpayerDataStolen.txt
07-06-21-Ascribe-ComputerExpertWarnsOfRisksToSocialSecurityNumbers.txt
07-06-21-USACM-TestimonyOnSocialSecurityNumberSecurity.txt
07-06-21-USGAO-TestimonyOnSocialSecurityNumberSecurity.txt
07-06-24-NYT-ExpertsWarnOfCyberWarfare.txt
07-06-25-ZDNetBlogs-SecurityRequiresProperUSeOfProgrammingLanguages.txt
07-06-28-CNET-WebPopularityAndSecuritySolutions.txt
07-06-28-CompResAssoc-NRCReleasesNewReportOnCyberSecurity.txt
07-06-28-TechRev-AnalysisOfHandwrittenPasswordsCouldMakeLoggingInMoreConvenient.txt
07-06-29-ChronHigherEd-CanInternetBeSavedFromConstantThreats.txt
07-07-00-CACM-AKnowledgeArchitectureForITSecurity.txt
07-07-01-SanDiegoTimes-SoftwareNeedsSecurityStandards.txt
07-07-01-Wired-ExpertSaysEPassportsAreVulnerable.txt
07-07-02-SJMerc-GoodAndBadGuysMingleAtBlackHatAndDefconConferences.txt
07-07-03-FedCompWeek-LawmakersTellUSDHSToSpendMoreOnCybersecurity.txt
07-07-03-NetWorld-SecurityResearchersDetailP2PThreatsVulnerabilityDisclosuresAndHackerProfiling.txt
07-07-03-USACM-ComputerExpertsTestifyOnEmploymentEligibilityVerificationSystems.txt
07-07-03-USACM-ComputerExpertsTestifyOnSocialSecurityNumberPrivacyAndSecurity.txt
07-07-04-DalhousieUniv-HowSafeAreWirelessNetworks.txt
07-07-05-AP-GAOReportSaysConnectingDataBreachesToIDTheftDifficult.txt
07-07-05-ArsTechnica-USGovernmentPreparesForCybersecurityWarGames.txt
07-07-07-BaseLineMag-SecurityAsAToolToProtectJobsAndBuildBusiness.txt
07-07-07-InfoWeek-CyberterrorismOnTheIncrease.txt
07-07-09-CompWorld-RiceUnivResearcherDanWallachExposesSecurityFlaws.txt
07-07-10-CompWorld-ResearcherDevelopsBootableLiveCDForEnhancedSecurity.txt
07-07-11-AP-BritishDataWatchdogOutlinesHorrifyingNumberOfSecurityBreaches.txt
07-07-11-AP-SensitveUSMilitaryDocumentsLeftUnprotectedOnline.txt
07-07-12-DarkReading-DNSPinningVulnerabilityCouldSpellTroubleForWeb2.txt
07-07-12-InfoWorld-GoogleBusinessApplicationsCauseIncreasedSecurityQuestions.txt
07-07-13-Science-25thAnniversaryOfFirstComputerVirusForAppleIIComputers.txt
07-07-14-NatonalJ-USDOJSaysCountriesWithWeakCybercrimeLawsHavenForHackers.txt
07-07-20-SJMerc-VirginAtlanticWebsiteFloodedByHackers.txt
07-07-22-ArsTechnica-HacksLetThirdPartyApplicationsRunOnIPhone.txt
07-07-23-NYT-IPhoneFlawLetsHackersTakeOver.txt
07-07-23-SJMerc-SecurityFlawFoundInIPhone.txt
07-07-24-InfoWeek-GAOReport-CybercrimePosesNationalRiskToUS.txt
07-07-24-SecurityEvaluators-ResearchDiscoverIPhoneVulnerability.txt
07-07-26-NetWorld-SecurityIsTopConcernforNewIETFChief.txt
07-07-30-SFChron-WorldwideCriminalsInfectingUnprotectedComputersWithMalware.txt
07-07-31-NetWorld-StanfordEthaneProjectProvidesStrongNetworkSecurity.txt
07-08-00-CACM-IsASingleOperatingSystemASecurityRisk.txt
07-08-00-CACM-RisksOfUnauthorizedUseOfWiFiAccessPoints.txt
07-08-00-CACM-SecurityForGeneralAudiences.txt
07-08-00-InfoTofay-IntlTelecomUnionAnnoucesGlobalCybersecurityAgenda.txt
07-08-01-GovtCompNews-FormerCounterterrorismChiefSaysUSLostItsWayInCybersecurity.txt
07-08-03-AP-ComputerMediaPlayersVulnerableToMaliciousAttack.txt
07-08-03-AP-StudyFindsLaxComputerSecurityByIRSEmployees.txt
07-08-03-WashPost-GAOStudySaysUSBorderControlComputersVulnerableToAttack.txt
07-08-04-SJMerc-HardToTellGoodHackersFromBadAtHackerConferences.txt
07-08-07-TheRegister-ProfsSayTeachingHackingHelpsStudentLearnAboutComputerSecurity.txt
07-08-09-CompWorld-CleversafeSlicesCorporateDataForSafeStorageOnOneOrManyServers.txt
07-08-09-InfoWorld-IsolatingApplicationsForTestingCouldImproveComputerSecurity.txt
07-08-13-SJMerc-BestOnlineSecurityIsUpToUsers.txt
07-08-15-SJMerc-ManyFacebookUsersExposeThemselvesToVulnerabilities.txt
07-08-16-UMich-AdvancesInQuantumComputersCouldElevateSecurityToNewLevels.txt




==========> 00-02-00-CACM-IdentityTheftSocialSecurityNumbersAndTheWeb.txt==========

Identity theft, social security numbers, and the Web
Hal Berghel
February 2000 	  	
Communications of the ACM,  Volume 43 Issue 2 

Privacy is lost in the proliferation of technology's omnipresent accessibility.

When one changes employers, as I have recently, the different institutional and 
cultural attitudes become obvious. For example, consider salary-benefit 
packages. From my perspective, as an academic for the past 20-plus years, 


==========> 00-04-00-CACM-IntrusionDetectionAndMultisensoryDataFusion.txt==========

Intrusion detection systems and multisensor data fusion
Tim Bass
April 2000 	  	
Communications of the ACM,  Volume 43 Issue 4 

Creating a cyberspace situational awareness environment will take more 
sophisticated tools and network sensors.

Next-generation cyberspace intrusion detection (ID) systems will require the 
fusion of data from myriad heterogeneous distributed network sensors to 


==========> 00-04-00-CACM-SecuringUserPasswords.txt==========

Securing user passwords
April 2000 	  	
Communications of the ACM,  Volume 43 Issue 4 

Anne Adams and Martina Angela Sasse say a lot of sensible things in their 
article about password selection, "Users Are Not the Enemy" (Dec. 1999, p. 41). 
They note correctly that users rarely know what is needed to construct a secure 
password and observe that "without feedback from security experts, users 
[create] their own rules on password design that [are] often anything but 
secure." They also note that within an organization, users may need several 


==========> 00-05-00-CACM-InternetUseISRiddlesWithVulnerabilities.txt==========

Inside risks: Internet risks
Lauren Weinstein, Peter G. Neumann
May 2000 	  	
Communications of the ACM,  Volume 43 Issue 5 

The Internet is expanding at an unprecedented rate. However, along with the 
enormous potential benefits, almost all of the risks discussed here in past 
columns are relevant, in many cases made worse by the Internet, due to 
widespread remote-access capabilities, ever-increasing communication speeds, 
the Net's exponential growth, and weak infrastructure. This month we summarize 


==========> 00-06-00-ACMNetWorker-SecurityIsAnImperfectArt.txt==========

Business: The 8th layer: Shoring up security—an imperfect art
Kate Gerwig
June 2000 	  	
netWorker,  Volume 4 Issue 2 

The build-up to Y2K and the dire predictions for its aftermath were nothing 
compared to last February's distributed denial of service (DDoS) hacker 
attacks, which managed to shut down several of the Internet's most heavily 
trafficked Web sites, including Yahoo!, E*TRADE, CNN.com and eBay. These sites 
had already spent heavily on security measures to protect their servers. 


==========> 00-06-00-CACM-InformationSystemSecurityManagement.txt==========

Technical opinion: Information system security management in the new millennium
Gurpreet Dhillon, James Backhouse
July 2000 	  	
Communications of the ACM,  Volume 43 Issue 7 

Future users of information systems must address organizational problems at a 
time when the organizational form is being revolutionized.

Rapid advances in electronic networks and computer-based information systems 
have given us enormous capabilities to process, store, and transmit digital 


==========> 00-09-00-ACMNetWorker-IsAnybodyDoingAnythingAboutInternetSecurity.txt==========

Putting it together: Living on the internet security plateau
Win Treese
September 2000 	  	
netWorker,  Volume 4 Issue 3 

Does the Internet have a security problem? If it does, is anyone really doing 
anything about it? In the past year, we've seen major incidents on the Internet 
and wide media coverage to go with them. Two widespread viruses—Melissa and the 
Love Bug—caused major disruptions of e-mail systems around the world. A series 
of distributed denial-of-service attacks interrupted service at many 


==========> 00-09-00-CACM-UsingVoiceToVerifyPersonalIdentity.txt==========

Voice biometrics
Judith A. Markowitz
September 2000 	  	
Communications of the ACM,  Volume 43 Issue 9 

Who are you? Your voice alone can be used to verify your personal 
identity—unobtrusively and invisibly.

"It's me!"



==========> 01-02-00-CACM-AnOperatingSystemApproachToSecuringEServices.txt==========

An operating system approach to securing e-services
Chris Dalton, Tse Huong Choo
February 2001 	  	
Communications of the ACM,  Volume 44 Issue 2 

Implementing Trusted Linux, an ideal platform for e-services application 
hosting.

As more and more services turn electronic and are exposed to the public world 
of the Internet, many will become attractive and lucrative targets to would-be 


==========> 01-02-00-CACM-ConsideringTrustAssumptionsDuringSoftwareDevelopment.txt==========

Trust (and mistrust) in secure applications
John Viega, Tadayoshi Kohno, Bruce Potter
February 2001 	  	
Communications of the ACM,  Volume 44 Issue 2 

Exploring and considering trust assumptions during every stage of software 
development.

Trust and trustworthiness are the foundations of security. Homeowners trust 
lock manufacturers to create quality locks to protect their homes. Some locks 


==========> 01-02-00-CACM-IntroductionToSecuringSoftwareApplications.txt==========

Securing network software applications: introduction
Imran Bashir, Enrico Serafini, Kevin Wall
February 2001 	  	
Communications of the ACM,  Volume 44 Issue 2 

Ask a school-age child about Melissa, and instead of hearing about the 
"red-haired girl in Mrs. Stiefel's class," the most likely answer would point 
to the Microsoft Word macro virus that wreaked havoc around the world in March 
1999. The impact of the ubiquitous World Wide Web, the fastest growing element 
of the Internet, is mind-boggling. The debate about its social and economic 


==========> 01-02-00-CACM-SecurityAndPrivacyIssuesInMobileECommerce.txt==========

Software security and privacy risks in mobile e-commerce
Anup K. Ghosh, Tara M. Swaminatha
February 2001 	  	
Communications of the ACM,  Volume 44 Issue 2 

Examining the risks in wireless computing that will likely influence the 
emerging m-commerce market.

Most current e-commerce transactions are conducted by users in fixed locations 
using workstations and personal computers. Soon, we expect a significant 


==========> 01-02-00-CACM-UsingAccessControlApproachesForSecureWebApplication.txt==========

Security models for web-based applications
James B. D. Joshi, Walid G. Aref, Arif Ghafoor, Eugene H. Spafford
February 2001 	  	
Communications of the ACM,  Volume 44 Issue 2 

Using traditional and emerging access control approaches to develop secure 
applications for the Web.

The rapid proliferation of the Internet and the cost-effective growth of its 
key enabling technologies are revolutionizing information technology and 


==========> 01-03-00-CACM-FutureComputerSoftwareWillBeConstrainedByInsuranceConsiderations.txt==========

Insurance and the computer industry
Bruce Schneier
March 2001 	  	
Communications of the ACM,  Volume 44 Issue 3 

In the future, the computer security industry will be run by the insurance 
industry. I don't mean insurance companies will start selling firewalls, but 
rather the kind of firewall you use—along with the kind of authentication 
scheme you use, the kind of operating system you use, and the kind of network 
monitoring scheme you use—will be strongly influenced by the constraints of 


==========> 01-03-00-CACM-IsThereAFixInSightForComputerSecurity.txt==========

Computer security—an end state?
Steven M. Bellovin
March 2001 	  	
Communications of the ACM,  Volume 44 Issue 3 

It seems that one cannot open a newspaper without reading about yet another 
computer security breach. Worse yet, even sites that should be well protected, 
such as the CIA's Web site, have been hacked. Is this inevitable? Will matters 
continue to get worse? Or is there some fix in sight for the computer security 
problem?


==========> 01-04-00-CACM-AnOrganizatonToRateComputerSecurityIsABadIdea.txt==========

Inside risks: cyber underwriters lab
Bruce Schneier
April 2001 	  	
Communications of the ACM,  Volume 44 Issue 4 

Underwriters Laboratories (UL) is an independent testing organization created 
in 1893, when William Henry Merrill was called in to find out why the Palace of 
Electricity at the Columbian Exposition in Chicago kept catching on fire (which 
is not the best way to tout the wonders of electricity). After making the 
exhibit safe, he realized he had a business model on his hands. Eventually, if 


==========> 01-05-00-ACMUbiquity-LowFacultySalariesAndShortageOfSecuritySpecialists.txt==========

Time for industry to support academic INFOSEC
M. E. Kabay
May 2001 	  	
Ubiquity,  Volume 2 Issue 15 

Low faculty salaries contribute to the shortage of trained security specialists.

In October 2000, Dr Eugene Spafford was given the NCSC (National Computer 
Security Center) Achievement Award for 2000 at the 23rd NISSC (National 
Information Systems Security Conference) in Baltimore. In his plenary address, 


==========> 01-08-00-CACM-AProcessControlApproachToCyberAttackDetection.txt==========

A process control approach to cyber attack detection
Nong Ye, Joseph Giordano, John Feldman
August 2001 	  	
Communications of the ACM,  Volume 44 Issue 8 

Using engineering process control to protect against attacks at various system 
levels.

A cyber attack is an attack on a computer and network system, consisting of 
computer actions such as remote or local connection, computer file access, or 


==========> 01-08-00-CACM-RisksInEmailSecurity.txt==========

Inside risks: Risks in email security
Albert Levi, Çetin Kaya Koç
August 2001 	  	
Communications of the ACM,  Volume 44 Issue 8 

It is easy to create bogus email with someone else's email name and address: 
SMTP servers don't check sender authenticity. Secure/Multipurpose Internet Mail 
Extensions (S/MIME) can help, as can digital signatures and globally-known 
trustworthy certification authorities (CAs) that issue certificates. The 
recipient's email software verifies the sender's certificate to determine his 


==========> 01-09-00-CACM-SecurityIssuesForElectronicMedicalRecords.txt==========

Security issues for implementation of e-medical records
Terry Huston
September 2001 	  	
Communications of the ACM,  Volume 44 Issue 9 

Effective administration of a medical database requires balancing technical and 
nontechnical managerial challenges.

As the electronic version of the patient medical record becomes more 
technologically advanced for the purposes of electronic billing, telemedicine, 


==========> 01-10-00-ACMUbiquity-PeterNeumannOnSecurityVulnerabilities.txt==========

Expect the unexpected
John Gehl
October 2001 	  	
Ubiquity,  Volume 2 Issue 34 

Peter G. Neumann talks about out-of-the-box thinking, the events of Sept. 11, 
and breakfast with Einstein.

Peter G. Neumann (Neumann@CSL.sri.com), who holds doctorates from Harvard and 
Darmstadt, is Principal Scientist in the Computer Science Laboratory at SRI 


==========> 01-11-08-Reuters-Hack-Bank.txt==========

Thursday November 8 9:00 PM ET 
Cambridge Students Find Way to Hack Into Banks
By Juliana Liu

LONDON (Reuters) - Two graduate students have found a way to hack into security 
systems that protect many banking and e-commerce transactions, Cambridge 
University said on Thursday.

Michael Bond and Richard Clayton, computer science Ph.D. students, developed 
programs allowing them to hack into an IBM security computer that was 


==========> 01-11-13-Wired-ICANN.txt==========

ICANN: To Serve and Protect 
By Declan McCullagh 
2:00 a.m. Nov. 13, 2001 PST 

WASHINGTON -- The deadly attacks of September 11 didn't just give us tighter 
airport checkpoints, new
wiretapping and surveillance laws, and countless metric tons of explosives 
air-lifted to Afghanistan. 

They also prompted the Internet Corporation for Assigned Names and Numbers 


==========> 01-11-17-SFCron-Internet.txt==========

http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2001/11/17/BU1
19119.DTL&type=tech 

ICANN forum warns of Web vulnerability 
     Verne Kopytoff, Chronicle Staff Writer
     Saturday, November 17, 2001 
     ©2001 San Francisco Chronicle 

The Internet is vulnerable to hacker and terrorist attacks across a broad 
front. 


==========> 01-11-26-ZDNet-Google.txt==========

Search engines find the forbidden
By Paul Festa
Special to ZDNet News 
UPDATED November 26, 2001 12:35 PM PT

Search-engine spiders crawling the Web are increasingly stumbling upon
passwords, credit card numbers, classified documents and even computer
vulnerabilities that can be exploited by hackers. 

The problem is not new, security analysts say: Ever since search robots began 


==========> 01-12-00-CACM-CodeRedWorm-MaliciousSoftwareKnowsNoBounds.txt==========

Digital Village: The Code Red Worm
Hal Berghel
December 2001 	  	
Communications of the ACM,  Volume 44 Issue 12 

Malicious software knows no bounds.

The concept of combining the "new soft drink flavor of the summer" with "worms" 
seems to suggest a non-alcoholic variation of tequila rather than an major 
Internet security breach. However, this past August, the Code Red worm took on 


==========> 01-12-04-AP-SecuritySW.txt==========

"Cyber-security adviser calls for free Internet security software"
ASSOCIATED PRESS

WASHINGTON, Dec. 4 —  The president's computer security adviser asked
technology executives Tuesday for a shopping list of changes, including
bundled security software for high-speed Internet users and a new way to
get software updates on personal computers. Richard Clarke told software
companies that their responsibility doesn't end when they fix a hole in
their products that could let hackers in.



==========> 01-12-04-Reuters-InfrastructureMap.txt==========

>Tuesday December 4 5:36 PM ET
>U.S. Cyber Chief to Map Infrastructure for Security
>By Andy Sullivan
>
>WASHINGTON (Reuters) - The U.S. government plans to develop a model of the
>nation's railroads, gas pipelines, telecommunications networks and other
>``critical infrastructures'' to better understand how they affect each
>other, the nation's top cybersecurity chief said on Tuesday.
>
>As part of its efforts to beef up homeland security, the federal


==========> 01-12-05-WashPost-MCI.txt==========

MCI Security Hole Put AOL, Others, In Hacker's Crosshairs 

By Brian Krebs, Newsbytes
WASHINGTON, D.C., U.S.A.,
05 Dec 2001, 2:10 PM CST

MCI WorldCom [NASDAQ:MCIT] recently moved to secure several vulnerable portions 
of their network that allowed a researcher to obtain the keys to private 
network routers for dozens of Fortune 500 companies. 



==========> 01-12-11-ComputerWorld-NIPC-DNS.txt==========

NIPC urges heightened attention to domain name servers
By Jaikumar Vijayan 

(Dec. 11, 2001) Corporations need to ensure that their domain name servers are 
fully redundant and geographically dispersed to avoid risking prolonged loss of 
connectivity to services such as Web browsing, remote log-in and e-mail, the 
National Infrastructure Protection Center (NIPC) has cautioned. 

In its monthly publication, "Highlights" (download PDF), posted on its Web site 
Friday, the Washington-based NIPC said the Domain Name System (DNS) can be an 


==========> 01-12-12-WashPost-NetSecBill.txt==========

Lawmaker: Net Security Bill Will Pass This Year 
By Robert MacMillan, Newsbytes
WASHINGTON, D.C., U.S.A.,
12 Dec 2001, 3:18 PM CST

A bill designed to strengthen U.S. defenses against online attacks appears 
likely to pass both the full House and Senate this year, according to House 
Science Committee Chairman Sherwood Boehlert, R-N.Y. 

Speaking at a conference hosted by the lobbying group Information Technology 


==========> 01-12-14-WashPost-CyberCrimeBill.txt==========

House Bill Would Toughen Cybercrime Penalties 
By Brian Krebs, Newsbytes
WASHINGTON, D.C., U.S.A.,
14 Dec 2001, 5:07 PM CST

House lawmakers introduced legislation on Thursday designed to give federal 
judges more flexibility in imposing sentences for a range of computer crimes. 
The bill also would grant a liability exemption to Internet service providers 
that cooperate with law enforcement agencies. 



==========> 01-12-17-SJMerc-802.11Crypto.txt==========

Posted at 4:47 a.m. PST Monday, Dec. 17, 2001 
RSA announces fix for wireless network security hole

SAN FRANCISCO (Reuters) - RSA Security Inc. Monday will announce
new technology designed to improve the security of wireless networks used
within buildings and protect them from so-called ``drive-by hacks.''

Bedford, Massachusetts-based RSA and Hifn of Los Gatos, California, have
developed a technology patch for the Wireless Equivalent Privacy (WEP)
protocol designed to encrypt communications transferred over standard


==========> 01-12-22-SJMerc-MSXPPnP.txt==========

Posted at 2:48 a.m. PST Saturday, Dec. 22, 2001 
FBI urges consumers, companies to take additional steps to safeguard Windows XP

WASHINGTON (AP) -- The FBI's top cyber-security unit warned
consumers and corporations Friday night to take new steps beyond those
recommended by Microsoft Corp. to protect against hackers who might try
to attack major flaws discovered in the newest version of Windows software.

The FBI's National Infrastructure Protection Center said that, in addition to
installing a free software fix offered by Microsoft on the company's Web site,


==========> 02-01-02-BusWeek-Changes.txt==========

JANUARY 2, 2002 
SECURITY NET 
By Alex Salkever 
Toward More Cybersecurity in 2002 

Here's a list of resolutions that, if put into action, would help make the Net 
a much safer place 

Call 2001 The Year of Living Dangerously.



==========> 02-01-07-WiredDigital-VirusWriters.txt==========

Virus Writers Here to 'Help' 
By Michelle Delio 
2:00 a.m. Jan. 7, 2002 PST 

Although it may seem trite to fret about computer virus attacks when compared 
with larger global security concerns, a seemingly endless onslaught of virtual 
vermin plagued computer users in 2001. 

"In 1999, we were catching one virus per hour," said Alex Shipp, chief 
technology officer at Messagelabs, a security firm. "In 2000, it was one every 


==========> 02-01-08-MSNBC-WinUPnP.txt==========

No fix in sight for software fixes
Windows XP saga illustrates how confusing patches are
By Bob Sullivan
MSNBC

Jan. 8 — It’s Dec. 20, and Microsoft Corp. issues an all-points bulletin to 
every Windows XP user. Your computer is vulnerable to hackers, it says  — but 
if you download a free patch, you’ll be safe. The next day, the FBI contradicts 
the Redmond giant, saying even the patch won’t make you safe. In the following 
days, a leading privacy expert complains that users of other Microsoft Windows 


==========> 02-01-08-SecurityFocus-NASRept.txt==========

Punish Security Lapses, NAS Urges
Report says new laws may be needed to deter companies from producing software 
with security holes. 
By Will Rodger
Jan 8 2002 2:21PM PT

Congress should make it easier to punish companies that produce insecure 
software that puts business and consumers at risk, a panel assembled by the 
prestigious National Academy of Sciences said Tuesday. 



==========> 02-01-14-eWeek-SWLiability.txt==========

  January 14, 2002
  Software Liability Gaining Attention
  By Dennis Fisher

  Hacker attacks that exploit flaws in commercial software have caused tens of 
billions of dollars in damage in the past year.  The Code Red worm alone is 
estimated to have cost enterprise users more than $2 billion. 

  Software companies have hidden behind user agreements that protect vendors 
from liability for such damages, and few  victims have taken their fight to 


==========> 02-01-14-InfoWeek-DrversLicenseID.txt==========

http://www.informationweek.com/story/IWK20020111S0048 

Security Vs. Privacy 
State motor-vehicle offices will propose that drivers' licenses incorporate 
biometrics. Is that the same as a national ID card?
By John Rendleman, InformationWeek
Jan 14, 2002 (12:00 AM)

Calls for creating a national ID card system, which advocates say would make it 
harder for terrorists to move undetected within U.S. borders, have drawn 


==========> 02-01-14-LATimes-MS-Security.txt==========

LA Times
Security Flaws May Be Pitfall for Microsoft
Software: As the company shifts toward interactive services, latest 
vulnerabilities raise concerns and do little to boost customer confidence.
By JOSEPH MENN
Times Staff Writer
January 14 2002

Competitors and federal regulators have failed to stop Microsoft Corp.'s march
toward dominance of new areas of the computing world, but there is an


==========> 02-01-14-LATimes-MSWindows.txt==========

http://www.latimes.com/business/la-000003463jan14.story?coll=la%2Dheadlines%2Dbu
siness 

Security Flaws May Be Pitfall for Microsoft
Software: As the company shifts toward interactive services, its latest
vulnerabilities do little to bolster customer confidence.
By JOSEPH MENN
TIMES STAFF WRITER
January 14 2002



==========> 02-01-18-SJMerc-China.txt==========

Posted at 5:39 p.m. PST Friday, Jan. 18, 2002 
China orders Internet providers to screen e-mail, use less foreign software

BEIJING (AP) -- China has issued its most intrusive Internet controls to date,
ordering service providers to screen private e-mail for political content and
holding them responsible for subversive postings on their Web sites.

The new rules, posted earlier this week on the Web site of the Ministry of
Information Industry, represent Beijing's latest efforts to tighten its grip on 
the


==========> 02-01-19-SJMerc-DG-WebServices.txt==========

Posted at 11:36 a.m. PST Saturday, Jan. 19, 2002 
Web services raise security, privacy concerns
BY DAN GILLMOR
Mercury News Technology Columnist 

Imagine, said General Motors' chief technology officer, an in-car electronic
system that would let the rescue squad medics, arriving after a crash, quickly
learn your relevant medical history. It might save your life.

But ``who's going to remember to update the medical information?'' asked


==========> 02-01-20-SJMerc-Internet.txt==========

Posted at 6:33 p.m. PST Sunday, Jan. 20, 2002 
Despite more security spending, Internet is even more vulnerable

NEW YORK (AP) -- Spending on Internet security continues to grow, yet
the worldwide supernetwork remains more vulnerable than ever to viruses,
break-ins and terrorism.

Simply put, hackers are getting smarter, and computer networks are getting
more complex and difficult to keep safe.



==========> 02-01-23-WashPost-CrossSiteScriptAttacks.txt==========

Net Users Warned To Beware Sites With Scripting Holes 
By Brian McWilliams, Newsbytes
PITTSBURGH, PENNSYLVANIA, U.S.A.,
23 Jan 2002, 12:59 PM CST

The failure of major Web sites to fix an old but serious security flaw has 
prompted the Computer Emergency Response Team to issue a new warning to 
Internet users: Self-defense may be your only protection against privacy- and 
security-stealing cross-site script attacks. 



==========> 02-01-29-DJMerc-MSPassport.txt==========

Posted at 7:47 p.m. PST Tuesday, Jan. 29, 2002 
Privacy group urges probe of Microsoft's Passport service
BY KRISTI HEIM
Mercury News 

A privacy group Tuesday called on the 50 state attorneys general to
investigate privacy and security risks in Microsoft's Passport service and
related Web services.

The Washington, D.C.-based Electronic Privacy Information Center urged


==========> 02-01-29-EPIC-MSPassport.txt==========

January 29, 2002

Dear State Attorney General,

The Electronic Privacy Information Center (EPIC) urges you to take action to 
protect consumers against unfair and deceptive trade practices raised by 
Microsoft Corporation's Passport service and related "Wallet," "Kids Passport," 
"Hailstorm," and ".Net Services."  These systems unfairly and deceptively 
gather personal information and expose consumers to the release, sale, and 
theft of their personal information.  Immediate state action is necessary to 


==========> 02-01-29-PCWorld-CybersecurityBills.txt==========

Senator Pushes for Stronger Cybersecurity
Two proposed bills would increase security on government computers and train 
more
security specialists.
Sam Costello, IDG News Service
Tuesday, January 29, 2002

Citing the Code Red worm and an attack on U.S. Department of Defense computers,
Senator John Edwards (D-North Carolina) Monday introduced two new cybersecurity
bills seeking to increase both government computer security and general 


==========> 02-01-29-WashPost-MSPassportBug.txt==========

Microsoft Passport Melts Down At The Zone 
By Brian McWilliams, Newsbytes
REDMOND, WASHINGTON, U.S.A.,
29 Jan 2002, 12:32 AM CST

A flawed implementation of Microsoft's .NET Passport technology at the MSN 
Gaming
Zone has caused mayhem for some users of the big software company's Hotmail
service. 



==========> 02-01-31-CSTB-InfrastructureSecurity.txt==========

National Academy of Sciences Report Makes Recommendation to Enhance 
Infrastructure Security

A report by the National Academy of Sciences Computer Science and
Telecommunications Board (CSTB) concludes that new laws may be needed to
deter
software makers from producing software with security holes. The report
suggests that Congress should make it easier to punish companies that
produce
insecure software that puts business and consumers at risk. The nation's


==========> 02-02-04-IDG-NIPC.txt==========

Predictions, Prevention Key to Cybersecurity
Federal government must work with the private sector to put an end to 
cyberthreats,
NIPC head says.
Sam Costello, IDG News Service
Monday, February 04, 2002

MASHANTUCKET, CONNECTICUT -- Though communication between the
government and private sector in the area of cybersecurity has been good, the 
U.S.


==========> 02-02-07-SJMerc-CyberSecurityBill.txt==========

Posted at 12:04 p.m. PST Thursday, Feb. 7, 2002 
House passes bill providing $800 million for computer security research

WASHINGTON (AP) -- The House voted Thursday to provide colleges
and research groups with $800 million over the next five years to figure out
new ways to protect computers against hackers.

The bill, fueled in part by the Sept. 11 terrorist attacks and a new focus on
weaknesses in business and government computer security, passed 400-12.



==========> 02-02-08-WashPost-HR3482-CybeSecEnhance.txt==========

House Panel To Examine Another Net Security Bill 
By Robert MacMillan, Newsbytes
WASHINGTON, D.C., U.S.A.,
08 Feb 2002, 12:55 PM CST

Following a vote in the House of Representatives this week on an $880 million 
bill to fund cybersecurity research, a House subcommittee said that next week 
it will hold a hearing on another Internet and network security bill. 

The House Judiciary Subcommittee on Crime said that it will hold a hearing 


==========> 02-02-08-WasPost-WhiteHouseAdvisertxt.txt==========

Cybersecurity a Top Priority
White House Adviser Presses Computer Industry to Do More 
By Ariana Eunjung Cha
Washington Post Staff Writer
Friday, February 8, 2002; Page E01 

The unusual announcements from three of the
technology industry's most powerful men came
just weeks apart.



==========> 02-02-12-Wired-CyberSecEnhance-CSEA.txt==========

Cybercrime Bill Ups the Ante 
By Declan McCullagh 
2:00 a.m. Feb. 12, 2002 PST 

WASHINGTON -- Some forms of illegal hacking would be punished by life 
imprisonment under a proposal that Congress will debate on Tuesday. 

A House Judiciary subcommittee will consider the Cyber Security Enhancement Act 
(CSEA), which ups the penalties for computer intrusions, funds surveillance 
research and encourages Internet providers to turn over more information to 


==========> 02-02-14-Reuters-ElecSignatures.txt==========

Thursday February 14, 8:20 pm Eastern Time
Internet industry pushes more flexible ID method

NEW YORK, Feb 14 (Reuters) - Leading Internet security companies and top 
industry standards-setting bodies have settled on a more flexible way to verify 
electronic signatures for documents sent over the Web, organizers said on 
Thursday.

The World Wide Web Consortium (W3C), the standards-setting body
founded by Web inventor Tim Berners-Lee, said that the agreement


==========> 02-02-19-InfoWorld-CyberSecurityCzar.txt==========

February 19, 2002 11:47 AM 
RSA: Cybersecurity czar urges cooperation, spending 
By Sam Costello 

SAN JOSE, CALIF. -- Cooperation between the public and private sectors,
increased awareness of cybersecurity issues and more spending by both companies
and the government are needed to help increase computer and network security, 
said
Richard Clarke, White House cybersecurity czar, in a keynote that kicked off 
the RSA


==========> 02-02-23-SJMerc-BuiltInPCSecurity.txt==========

Posted on Sat, Feb. 23, 2002
Firms announce hardware-based security technology

  SAN JOSE, Calif. (Reuters) - Technology providers are adopting methods of 
embedding security features into microprocessors and other hardware, with 
several announcements made at a computer security conference this week.

  Experts say hardware-based security systems are much harder to break than 
security software, from which hackers can extract passwords or steal other 
sensitive data. By using both existing security software and new hardware-based 


==========> 02-02-27-SJMerc-DisneyFundsGilian.txt==========

Posted on Wed, Feb. 27, 2002
Matt Marshall: Disney's Steamboat Ventures makes first VC investment by backing 
Gilian
By Matt Marshall
Mercury News

  Mickey Mouse has made his way into the small world of VC.

  In a characteristically clandestine manner, Walt Disney has set up a venture 
capital arm to invest in new technologies, called Steamboat Ventures. That's 


==========> 02-02-27-Wired-CyberSecEnhanceAct-CSEA.txt==========

Hack a PC, Get Life in Jail 
By Declan McCullagh and Robert Zarate 
8:50 a.m. Feb. 27, 2002 PST 

WASHINGTON -- A House panel voted unanimously late Tuesday to expand the types 
of hacking crimes that would be punished by life imprisonment. 

Citing the possibility of terrorists wreaking havoc electronically, the House 
Judiciary subcommittee on crime voted 8-0 to rewrite the Cyber Security 
Enhancement Act and forward a more Draconian version to the full committee. 


==========> 02-03-00-ACMNetWorker-ExAndTrustedEmployeesMayBeGreatestThreatsToNetworkSecurity.txt==========

Inside job
Ann Quigley
March 2002 	  	
netWorker,  Volume 6 Issue 1 

Ex-employees and trusted partners may pose the greatest threats to network 
security

When someone inserted a "code bomb" into palm pilot software that crashed the 
computers of 2,000 sales reps at snack food producer Lance, Inc., the 


==========> 02-03-04-UnknownSource-FOIA-Exemption-CyberSecurity.txt==========

Security 
Ashcroft Endorses FOIA Exemption Aimed At Cyber Security
by Teri Rucker 

Protecting the nation's critical infrastructure, including the physical
infrastructure and cyber systems of the telecommunications network, has become
an issue of paramount importance to the Justice Department, Attorney General
John Ashcroft told members of the U.S. Telecom Association (USTA) on Friday. 
"Given the opportunity, extremists would cripple American telecommunications,"
Ashcroft said, making the ability for companies to share information with the


==========> 02-03-12-USAToday-MS-AirForceSecurity.txt==========

Air Force seeks better security from Microsoft
By Byron Acohido, USA TODAY

SEATTLE  A top U.S. Air Force official has warned Microsoft to dramatically
improve the security of its software or risk losing the Air Force as a
customer. In an interview, Air Force chief information officer John Gilligan
revealed he has met with senior Microsoft executives to tell them the Air
Force is "raising the bar on our level of expectation" for secure software.

Since being named Air Force CIO in November, Gilligan, who controls a $6


==========> 02-04-00-CACM-ManyPCSecurityProblemsRemainUnaddressed.txt==========

Virtual extension: Securing PC applications: the relay race approach
Moshe Zviran
April 2002 	  	
Communications of the ACM,  Volume 45 Issue 4 

ABSTRACT

The widespread use of personal computers and the growth of end-user computing 
have introduced a myriad of security concerns. As PC-based information systems 
become readily available and more individuals become computer literate, the 


==========> 02-04-00-CACM-TechnicalAspectsUnderlyingInternetSecurityAndPrivacy.txt==========

Digital village: Hijacking the web
Hal Berghel
April 2002 	  	
Communications of the ACM,  Volume 45 Issue 4 

Cookies revisited: Continuing the dialogue on personal security and underlying 
privacy issues.

Based on the positive feedback I received regarding my column, "Caustic 
Cookies" (May 2001), I conclude there is a genuine interest in the technical 


==========> 02-04-08-EWeek-EGovTechChallenges.txt==========

http://www.eweek.com/article/0,3658,s%253D709%2526a%253D25089,00.asp

April 8, 2002
eGov Challenges Tech
By  John Taschek 

  The U.S. Government is going electronic but may be setting policy ahead of 
available technology. A series of initiatives, most of them passed during the 
Clinton administration, mandates that government agencies—and the hundreds of 
organizations that work with them—jump into the 21st century. However, many 


==========> 02-04-17-Wired-ArgentineHackerLaw.txt==========

http://www.wired.com/news/politics/0,1283,51860,00.html

Perplexing Argentine Hack Law 
By Michelle Delio 
2:00 a.m. April 17, 2002 PDT 

A recent legal ruling that defacing Web pages is not a crime isn't turning 
Argentina into a prosecution-free playground for script kiddies. 

Argentinean sources said they are upset over several stories on Argentine 


==========> 02-04-20-UPenn-Dyson.txt==========

http://knowledge.wharton.upenn.edu/articles.cfm?catid=9&articleid=542&homepage=y
es

Esther Dyson on Internet Privacy, Policing, ICANN and Investing 

Back in the heyday of the Internet in the late 1990s,
Esther Dyson was often referred to as the chief guru
of the tech world, a reputation enhanced by the
publication of her 1997 book, Release 2.0: A Design for
Living in the Digital Age. 


==========> 02-04-22-EETimes-InternetSecurityIssues.txt==========

http://www.eetimes.com/story/OEG20020419S0063

Security gap looms for Internet architects
By Bernard Cole, EE Times
Apr 22, 2002 (8:29 AM)
URL: http://www.eetimes.com/story/OEG20020419S0063 

In many respects the packet-switched, connectionless, Internet protocol-based 
information superhighway upon which the average consumer is becoming more 
dependent is very similar to the U.S. mail and is subject to the same threats 


==========> 02-05-12-NYT-Markoff-SmartCardsCracked.txt==========

New York Times
Vulnerability Is Discovered in Security for Smart Cards
By JOHN MARKOFF

SAN FRANCISCO, May 12  Two University of Cambridge computer security
researchers plan to describe on Monday an ingenious and inexpensive attack
that employs a $30 camera flashgun and a microscope to extract secret
information contained in widely used smart cards.

The newly discovered vulnerability is reason for alarm, the researchers


==========> 02-05-14-CNETNews-SuccessfulHackers.txt==========

http://news.com.com/2009-1017-912708.html

Why hackers are a step ahead of the law
By Greg Sandoval 
Staff Writer, CNET News.com
May 14, 2002, 4:00 AM PT
By Greg Sandoval
Staff Writer, CNET News.com
May 14, 2002, 4:00 a.m. PT 



==========> 02-05-17-NYT-ExperianCreditDataStolen.txt==========

http://www.nytimes.com/2002/05/17/technology/17IDEN.html

May 17, 2002
13,000 Credit Reports Stolen by Hackers
By JOHN SCHWARTZ

     Crackers posing as employees of the Ford Motor Credit Company have in 
recent months harvested a trove of 13,000 credit reports — a virtual one-stop 
shop for fraud and identity theft — with data on consumers in affluent 
neighborhoods across the country.


==========> 02-06-03-CNETNews-MITStudentHacksXBox.txt==========

http://news.com.com/2100-1040-931296.html?tag=fd_top

MIT student hacks into Xbox
By David Becker 
Staff Writer, CNET News.com
June 3, 2002, 5:35 PM PT

A computer sciences graduate student is claiming to have cracked the security 
systems that prevent Microsoft's Xbox game console from running unauthorized 
software. 


==========> 02-06-03-SJMerc-MITStudentHacksXBox.txt==========

http://www.siliconvalley.com/mld/siliconvalley/business/special_packages/securit
y/3392662.htm

Posted on Mon, Jun. 03, 2002
MIT grad student hacks into Xbox security system

  LOS ANGELES (Reuters) - A graduate student at the Massachusetts Institute of 
Technology has found a way to circumvent the security system for Microsoft 
Corp.'s Xbox video game console, opening the way for hackers to use it to run 
competing software, according to documents released over the weekend.


==========> 02-06-04-TheRegister-MITStudentHacksXBox.txt==========

http://www.theregister.co.uk/content/3/25568.html


MIT grad student shows how to read Xbox security key
By John Lettice
Posted: 04/06/2002 at 11:20 GMT

An MIT graduate student has successfully dismantled Xbox's security system
and published (after what appears to have been some discussion with
Microsoft and EFF lawyers) the results. Bottom line - Xbox security relies on


==========> 02-06-06-TheRegister-SecurityThruObsolescence.txt==========

http://www.theregister.co.uk/content/55/25608.html

Security through obsolescence
By Robin Miller, NewsForge.com
Posted: 06/06/2002 at 12:10 GMT

Here's an interesting way to secure an Internet-connected computer
against intruders: Make sure the operating system and software it runs are
so old that current hacking tools won't work on it. This was suggested by
Brian Aker, one of the programmers who works on Linux.com, NewsForge,


==========> 02-06-07-NYT-Markoff-KaZaASecurityHole.txt==========

http://www.nytimes.com/2002/06/07/technology/07PRIV.html

June 7, 2002
Security Hole Found in KaZaA File-Sharing Service
By JOHN MARKOFF and MATT RICHTEL

Users of KaZaA, a popular Internet service for sharing music files, frequently 
expose personal files on their computers by misconfiguring the program, 
according to a study by two researchers at HP Labs.



==========> 02-06-13-CanberraTimes-ThumbprintSystemProblems.txt==========

Security system gets thumbs down from honours student
Copyright 2002 The Federal Capital Press of Australia Pty Limited
The Canberra Times...06/13/2002
CATRIONA JACKSON,
Education Reporter

An ANU computer science student has fooled state-of-the-art thumbprint
security systems, and warned banks and business they aren't as secure as
they seem.



==========> 02-06-19-InfoWorld-FedsUrgePrivateAction.txt==========

http://www.infoworld.com/articles/hn/xml/02/06/19/020619hnbushinfra.xml

June 19, 2002 05:27 AM 
Bush urges private sector to shore up networks 
By Heather Harreld 

ATLANTA -- THE Bush administration has taken its efforts to bolster private 
sector
support for critical infrastructure protection on the road to encourage 
companies to


==========> 02-06-24-InfoWorld-MS-Palladium-DRM.txt==========

http://www.infoworld.com/articles/hn/xml/02/06/24/020624hnpalladium.xml

June 24, 2002 11:32 AM 
Microsoft plans new security system in future Windows 
By Sam Costello and Peter Sayer 

MICROSOFT WANTS TO change the fundamental architecture of the PC,
adding security hardware to a future release of its Windows operating system, 
the
company acknowledged Monday, after a media report and an analyst briefed by the


==========> 02-06-24-TheRegister-2-MS-Palladium-DRM.txt==========

http://www.theregister.co.uk/content/4/25843.html

The register
MS to micro-manage your computer
By Richard Forno
Posted: 24/06/2002 at 05:04 GMT

A recent MSNBC article by techno-pundit Steven Levy discusses
Microsoft's plans for a new computer operating environment
(code-named "Palladium") that links hardware, software, and data into a neat


==========> 02-06-24-TheRegister-MS-Palladium-DRM.txt==========

http://www.theregister.co.uk/content/4/25852.html

The Register
MS DRM OS, retagged 'secure OS' to ship with Longhorn?
By John Lettice
Posted: 24/06/2002 at 08:59 GMT

The Microsoft Secure PC project is rolling out, and could be with us as early
as the next major version of Windows, Longhorn. The whole idea of a
computer that just plain won't let you steal other people's stuff is of course a


==========> 02-06-25-TheRegister-Palladium-GPL.txt==========

http://www.theregister.co.uk/content/4/25891.html

The Register
MS to eradicate GPL, hence Linux
By Thomas C Greene in Washington
Posted: 25/06/2002 at 22:30 GMT

Yesterday, as we all know, Microsoft fed an 'exclusive' story about its new
'Palladium' DRM/PKI Trust Machine to Newsweek hack Steven Levy (a guy
who writes without irony of "high-level encryption"), presumably because they


==========> 02-06-26-ExtremeTech-MS-Palladium-AMD-MotherboardDesign.txt==========

http://www.extremetech.com/article2/0,3973,282114,00.asp

June 26, 2002 
Palladium Clues May Lie In AMD Motherboard Design 
By  Mark Hachman 

  A two-year-old white paper authored by AMD and encryption firm Wave Systems
  may offer additional clues to the design of PCs incorporating Palladium,
  Microsoft's new security initiative. 



==========> 02-06-26-NewsFactor-PurdueSelfHealingSoftware.txt==========

http://www.newsfactor.com/perl/story/18400.html

Researchers Say Software Innovation Thwarts Piracy
By Jay Lyman
NewsFactor Sci::Tech, 
Part of the NewsFactor Network
June 26, 2002

A new method that uses a network of small programs to protect software from 
being cracked and distributed illegally over the Internet is under development 


==========> 02-06-26-RossAnderson-TCPA-PalladiumFAQs.txt==========

http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html

TCPA / Palladium Frequently Asked Questions 

Version 0.1 26 June 2002 

1. What are TCPA and Palladium? 

TCPA stands for the Trusted Computing Platform Alliance (TCPA), an initiative 
led by Intel. Their website is here. Their stated goal is `a new computing 


==========> 02-06-27-WashPost-MS-Palladium.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A51780-2002Jun26.html

Microsoft Wants Security Hard-Wired in Your Computer 
By Leslie Walker
Thursday, June 27, 2002; Page E01 

It's tough to plug holes in a ship's hull once it is at sea, or to reattach an 
airplane's wing in flight. Yet that's akin to what the computer industry has 
been trying to do with security: append layer after layer of protection onto 
the world's increasingly connected computer networks, all as one big 


==========> 02-07-01-Newsweek-MS-Palladium-DRM.txt==========

http://www.msnbc.com/news/770511.asp?cp1=1

The Big Secret
An exclusive first look at Microsoft’s ambitious-and risky-plan to remake the 
personal computer to ensure security, privacy and intellectual property rights. 
Will you buy it? 
By Steven Levy
NEWSWEEK

July 1 issue —  In ancient Troy stood the Palladium, a


==========> 02-07-02-SJMerc-MS-EU-PalladiumAntitrust.txt==========

http://www.siliconvalley.com/mld/siliconvalley/3582259.htm

  Posted on Tue, Jul. 02, 2002

  New Microsoft security plan shouldn't shut out competitors, European 
antitrust official says

  WASHINGTON (AP) - Microsoft should take care that its recently announced 
software security plan doesn't shut out competitors, the European Union's new 
antitrust enforcer said Monday.


==========> 02-07-04-WashPost-CyberSecurityNeeded.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A21939-2002Jul3.html

Cyber-Security Is Underplayed, Industry Says 
By Ariana Eunjung Cha
Washington Post Staff Writer
Thursday, July 4, 2002; Page E01 

Among the more contentious questions to arise from President Bush's proposal 
last month for a Department of Homeland Security is one it did not explicitly 
address: How should the government deal with threats in cyberspace?


==========> 02-07-08-ActiveWin-PalladiumExplained-TCPA.txt==========

http://www.activewin.com/articles/2002/pd.shtml

Palladium Details
Written By: Seth Schoen
Date: July 8th, 2002

Peter Biddle at Microsoft began thinking around 1997 about how to
protect his bits when they were on someone else's computer. (He was
Microsoft's representative at CPTWG and in the DVD-CCA, and was
somewhat skeptical of the technical efficacy of software-based DRM.) 


==========> 02-07-08-BostonGlobe-TCPA-Palladium.txt==========

http://digitalmass.boston.com/news/globe_tech/upgrade/2002/0708.html

Beware the gotcha in new Intel feature
By Hiawatha Bray, 07/08/02    

Remember the heartwarming spectacle of a few months ago, when mighty Intel
Corp. stood tall against a plan by the big media companies to seize control of
our personal computers? Well, it turns out that Intel, Microsoft Corp., and a
host of other technology companies are hard at work on next-generation
computers that may give the media moguls pretty much what they want. 


==========> 02-07-08-PCWorld-MSPalladiumDiscussionOpen.txt==========

http://www.pcworld.com/news/article/0,aid,102473,00.asp

Microsoft Security Chip Open to Discussion
Software giant says info about Palladium was released too soon, and that the 
plan is subject to change.
Gillian Law, IDG News Service
Monday, July 08, 2002

BARCELONA -- Microsoft would be prepared to license the intellectual property 
for its proposed Palladium security chip to any software manufacturer, but 


==========> 02-07-09-NetworkWorldFusion-CyberCatastrophePredicted.txt==========

http://www.pcworld.com/news/article/0,aid,102567,00.asp

Expect Cyber-Catastrophe, Says Bush Advisor
Network flaws must be mended, or IP address overload could cause system 
collapse within decade.
Ellen Messmer, Network World Fusion
Tuesday, July 09, 2002

NEW YORK -- In his keynote address at an information technology auditing 
conference here, Howard Schmidt, President Bush's advisor on cyber-security, 


==========> 02-07-09-RossAnderson-UpdatedTCPA-PalladiumFAQs.txt==========

http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html

TCPA / Palladium Frequently Asked Questions
Version 1.0 - 9 July 2002
Ross Anderson 

TCPA stands for the Trusted Computing Platform Alliance, an initiative led by 
Intel. Their stated goal is `a new computing platform for the next century that 
will provide for improved trust in the PC platform.' Palladium is software that 
Microsoft says it plans to incorporate in future versions of Windows; it will 


==========> 02-07-10-SJMerc-OutlookPGPPluginBug.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3638319.htm

  Posted on Wed, Jul. 10, 2002
  Security flaw afflicts popular technology for encrypting e-mail

  WASHINGTON (AP) - The world's most popular software for scrambling sensitive 
e-mails suffers from a programming flaw that could allow hackers to attack a 
user's computer and, in some circumstances, unscramble messages.

  The software, called Pretty Good Privacy, or PGP, is the de facto standard 


==========> 02-07-15-LibertyAlliance-1.0Spec.txt==========

http://www.projectliberty.org/press/releases/2002-07-15-1.html

LIBERTY ALLIANCE LAUNCHES FIRST SPECIFICATIONS GIVING USERS  SIMPLIFIED SIGN-ON 
FOR ANY PLATFORM AND DEVICE 

 Alliance's Version 1.0 Specifications and Member Implementations Create 
Foundation  for Federated Network Identification and Authorization

 San Francisco, Calif. (Burton Group Catalyst Conference) - July 15, 2002 - The 
Liberty Alliance Project today announced the public availability of its version 


==========> 02-07-15-SJMerc-CybercrimeBill-HR3482.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3668922.htm

  Posted on Mon, Jul. 15, 2002
  House moves to increase penalties for cybercrime

  WASHINGTON (AP) - Preparing the nation for future cyberattacks, the House 
voted Monday to increase penalties for computer crimes and make it easier for 
Internet service providers to disclose dangerous material to government 
agencies.



==========> 02-07-19-CIOInsight-WirelessNetworkSecurityIssues.txt==========

http://www.cioinsight.com/article2/0,3959,394659,00.asp

July 19, 2002
Wireless (In)security: Are Your Networks Snoop-Proof?
By Gary A. Bolles 

  Now, someone can steal your company's most sensitive data by snatching it out 
of thin air—right from the company parking lot.

  Sound more like scare talk than reality? Guess again. On May 1, an anonymous 


==========> 02-07-20-SJMerc-DG-MSPalladium.txt==========

http://www.siliconvalley.com/mld/siliconvalley/business/columnists/dan_gillmor/3
703596.htm

Posted on Sat, Jul. 20, 2002
Hollywood, tech make suspicious pairing
By Dan Gillmor
Mercury News Technology Columnist

  Last week, some of America's most influential technology executives wrote a 
let's-be-pals letter to the heads of the entertainment industry. Surely, said 


==========> 02-07-29-PCWorld-MSRevealsPalladiumDetails.txt==========

http://www.pcworld.com/news/article/0,aid,103440,00.asp

Microsoft Reveals Palladium Details
Hardware-software security strategy will require trust of customer, partners.
Sam Costello, IDG News Service
Monday, July 29, 2002

During the month since Microsoft announced Palladium, its plan to marry 
hardware and software security inside every Windows PC has been hailed as 
either a potential savior or a scourge for computer security and user freedom.


==========> 02-07-30-CNETNews-HPUsesDMCAforSecurityThreat.txt==========

http://news.com.com/2100-1023-947325.html

Security warning draws DMCA threat
By Declan McCullagh 
Staff Writer, CNET News.com
July 30, 2002, 4:48 PM PT

WASHINGTON--Hewlett Packard has found a new club to use to pound researchers 
who unearth flaws in the company's software: the Digital Millennium Copyright 
Act. 


==========> 02-07-31-AP-BushAdvisorEncouragesHackers.txt==========

http://story.news.yahoo.com/news?tmpl=story&u=/ap/20020731/ap_on_hi_te/computer_
security_2

Bush Adviser Encourages Hacking 
Wed Jul 31, 1:37 PM ET
By D. IAN HOPPER, AP Technology Writer 

LAS VEGAS (AP) - A presidential advisor encouraged the nation's top computer 
security professionals and hackers Wednesday to try to break computer programs, 
but said they might need protection from the legal wrath of software makers.


==========> 02-07-31-CNETNews-SecurityCzarBlamesISPsAndSWMakers.txt==========

http://news.com.com/2100-1001-947409.html

Security czar points finger of blame
By Robert Lemos 
Staff Writer, CNET News.com
July 31, 2002, 2:42 PM PT

LAS VEGAS--Software makers and Internet service providers must share the blame 
for the nation's vulnerable networks, President Bush's special adviser on 
cyberspace security said Wednesday. 


==========> 02-08-01-CNETNews-HP-BacksDown-DMCA.txt==========

http://news.com.com/2100-1023-947745.html?tag=fd_top

HP backs down on copyright warning
By Declan McCullagh 
Staff Writer, CNET News.com
August 1, 2002, 5:58 PM PT

WASHINGTON--Hewlett-Packard has backed away from legal threats it made against 
security analysts who publicized flaws in the company's software. 



==========> 02-08-01-HPPressRelease-HP-BacksDown-DMCA.txt==========

http://www.politechbot.com/docs/hp.recants.dmca.080102.html

HP Statement 
August 1, 2002 

1) HP is committed to protecting our customer's security environments. 

2) We have verified that there is a security vulnerability with Tru64 UNIX, the 
details of which were brought to our attention July 18. The problem has now 
been isolated and HP has been preparing a fix, which will be available within 


==========> 02-08-03-SJMerc-DG-HPComesToItsSenses-DMCA.txt==========

http://www.siliconvalley.com/mld/siliconvalley/3792640.htm

Posted on Sat, Aug. 03, 2002
HP backs off threat, but why did they even make it?
By Dan Gillmor
Mercury News Technology Columnist

HP COMES TO ITS SENSES: Hewlett-Packard has sensibly backed off a threat it 
made early this week against people who'd exposed a security hole in an HP 
product. The question is what possessed the company to make the threat in the 


==========> 02-08-03-SJMerc-HackBackCounterattack.txt==========

http://www.siliconvalley.com/mld/siliconvalley/3795332.htm

Posted on Sat, Aug. 03, 2002
Computers under attack can hack back, expert says
LAS VEGAS (Reuters) - Can vigilantism save computers from the next big virus 
threat?

  Striking back against a computer that is attacking you may be illegal under 
U.S. law, but a security researcher says people should be allowed to neutralize 
one that is unwittingly spreading destructive Internet worms like Nimda.


==========> 02-08-05-SJMerc-JapanNationaID-GlitchesProtests.txt==========

http://www.siliconvalley.com/mld/siliconvalley/3803539.htm

  Posted on Mon, Aug. 05, 2002
  Glitches and protests mar launch of Japanese national ID system

  TOKYO (AP) - Technical glitches and grass-roots resistance atypical of Japan 
accompanied Monday's debut of the country's first national identification 
system, a registry designed to battle bureaucracy by centralizing personal data.

  The system will assign an 11-digit identification number to each of Japan's 


==========> 02-08-22-WashPost-CyberwarfareRulesAndConsumerBroadband.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A46967-2002Aug21.html

White House Officials Debating Rules for Cyberwarfare 
By Ariana Eunjung Cha and Jonathan Krim
Washington Post Staff Writers
Thursday, August 22, 2002; Page A02 

The Bush administration is stepping up an internal debate on the rules of 
engagement for cyberwarfare as evidence mounts that foreign governments are 
surreptitiously exploring our digital infrastructure, a top official said 


==========> 02-09-00-ACMNetWorker-SecuritRisksInWebServices.txt==========

Putting it together: XML, web services, and XML
Win Treese
September 2002 	  	
netWorker,  Volume 6 Issue 3 

Ever since the concept of "Web services" was defined, there have been questions 
about their security. Early specifications for Web services paid little 
attention to security, other than to note that security was going to be an 
issue someday. Depending on whom you talk to, Web services have either forged 
ahead without much security or limped along over security worries. In the past 


==========> 02-09-00-ACM-USACMVoiceInSecurityAndPrivacy.txt==========

http://www.acm.org/membernet/stories/usacm_09-02.html

After 9/11, USACM Strengthens Voice in Cyber Security, Privacy Issues
By Jeff Grove
Director, ACM Office of Public Policy
Washington, D.C.

Since September 11, ACM members and the computing community need
to have a stronger voice in cyber security and privacy legislation than ever
before. With increased attention to new laws granting law enforcement


==========> 02-09-00-AtlanticMonthly-HomelandInsecurity.txt==========

http://www.theatlantic.com/issues/2002/09/mann.htm

The Atlantic Monthly | September 2002 
Homeland Insecurity 
A top expert says America's approach to protecting itself will only make 
matters worse. Forget "foolproof" technology—we need systems designed to fail 
smartly
    
                  by Charles C. Mann 
        


==========> 02-09-08-SJMerc-DG-SecurityPoliciesNeeded-BroadbandDecentralization-EnergyIndependence.txt==========

http://www.siliconvalley.com/mld/siliconvalley/4033335.htm

Posted on Sun, Sep. 08, 2002
Dan Gillmor: New priorities could improve U.S. security
By Dan Gillmor
Mercury News Technology Columnist

  National security is not just arms and surveillance. It's also about economic 
strength and social stability.



==========> 02-09-09-ComputerWorld-WardriveFindsManyUnsecuredWirelessLANs.txt==========

http://www.computerworld.com/mobiletopics/mobile/story/0,10801,74103,00.html

Worldwide 'war drive' exposes insecure wireless LANs
By BOB BREWIN 
SEPTEMBER 09, 2002

Amateur wireless LAN sniffers detected hundreds and potentially thousands of 
insecure business and home industry-standard wireless LANs in North America and 
Europe during the past week in a loosely organized electronic scavenger hunt 
dubbed the "Worldwide Wardrive." 


==========> 02-09-17-SJMerc-DG-FederalSecurityPlanForControlFreaks.txt==========

http://www.siliconvalley.com/mld/siliconvalley/4097316.htm

Posted on Tue, Sep. 17, 2002
Dan Gillmor: Feds' cyberspace plan should appeal to control freaks
By Dan Gillmor
Mercury News Technology Columnist

  Security in the online world has never been much more than an afterthought. A 
useful new federal document, to be officially unveiled today, aims to change 
that mindset.


==========> 02-09-17-SJMerc-VoluntaryFedPlanHasCritics.txt==========

http://www.siliconvalley.com/mld/siliconvalley/4097314.htm

Posted on Tue, Sep. 17, 2002
Critics question national computer security plan's voluntary approach
By Mary Anne Ostrom
Mercury News

  The White House released its strategy for strengthening security of the 
nation's computer networks Tuesday, hoping to quell criticism of the blueprint 
in advance of its formal presentation today at Stanford University.


==========> 02-09-18-SFChronicle-CybersecurotyChiefDefendsPlan.txt==========

http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/09/18/BU1
84387.DTL

Cybersecurity chief defends his plan 
Tech firms' cooperation is crucial, he says 
Carrie Kirby, Chronicle Staff Writer
Wednesday, September 18, 2002 
©2002 San Francisco Chronicle. 

The nation's top cybersecurity official defended his plan to safeguard the 


==========> 02-09-24-Wired-BermanBillDebate.txt==========

http://www.wired.com/news/politics/0,1283,55294,00.html

P2P Pugilists Put Up Their Dukes 
By Michael Grebb 
2:00 a.m. Sep. 24, 2002 PDT 

WASHINGTON -- In a panel discussion steeped in dogma, adherents on both sides 
of the Internet peer-to-peer (P2P) debate accused each other of everything from 
aiding thieves to destroying the Internet. 



==========> 02-10-00-CACM-QualityRatherThanQuantityForComputerSecurity.txt==========

Security watch: Computer security: quality rather than quantity
Rebecca T. Mercuri
October 2002 	  	
Communications of the ACM,  Volume 45 Issue 10 

The challenge of applying protection to systems, software, and networks with 
intrinsic vulnerabilities is a lofty, but ultimately realizable, one.

Programming (and also secure system design), as Donald Knuth so wisely pointed 
out decades ago, is an art, as much, and perhaps even more, than it is a 


==========> 02-10-00-CACM-ShouldInternetSecurityTechnologiesBeBlendedWithBiometrics.txt==========

The future of internet security
Charles Adetokunbo Shoniregun
October 2002 	  	
Ubiquity,  Volume 3 Issue 37 

Should common security technologies be blended with biometrics for accuracy and 
reliability?

For centuries, security was synonymous with secrecy. The shared secret between 
two parties conducting business was a worldwide approach. But secret passwords 


==========> 02-10-07-Markle-TaskForce-ProtectingFreedomInInfoAge.txt==========

  
http://www.markletaskforce.org/

October 7, 2002
Task Force Releases New Report,
"Protecting America's Freedom in the Information Age" 
Part I - The Task Force Report
Part II - Working Group - Analyses
Part III - Selected Background - Research



==========> 02-10-17-BostonGlobe-CyberCzarCommentsOnDMCAAndSecurityIssues.txt==========

Cyber chief speaks on Data network security
By Hiawatha Bray, Boston Globe Staff, 10/17/2002

President Bush's point man on computer security says that the nation has a
long way to go in securing its data networks but that new federal
regulations would be a step in the wrong direction.

Richard Clarke, head of the White House Office of Cyber Security, also said
the government should modify a controversial law designed to prevent
exploitation of software security flaws because it can be used to stifle


==========> 02-10-17-CyberSecurity-CyberCzarCommentsOnDMCAAndSecurityIssues.txt==========

From TechDaily 10/17/02:

Cyber Security
Clarke Seeks Copyright Changes For Security's Sake

The White House's cyber-security adviser on Wednesday called for
changes to a federal law that he said is stifling research to improve
computer security, The Boston Globe reports. Richard Clarke, head of
the White House Office of Cyberspace Security, told attendees at a town
meeting on the White House cyber-security plan that the government


==========> 02-10-20-Cryptome-Reinhold-PalladiumPresentationAtUCB.txt==========

http://cryptome.org/palladium-mit.htm

21 October 2002
Date: Sun, 20 Oct 2002 22:38:35 -0400
To: Cypherpunks <cypherpunks@minder.net>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Subject: Re: palladium presentation - anyone going?

At 7:15 PM +0100 10/17/02, Adam Back wrote:
>-------- Original Message --------


==========> 02-10-21-Cryptome-ReviewOfMSPalladiumMITTalk.txt==========

http://cryptome.org/palladium-mit.htm

21 October 2002 
Date:     Friday, Oct 18, 2002
Time:     10:30 a.m.- 12:00 noon
Place:    NOTE: NE43-518, 200 Tech Square
Title:    Palladium
Speaker:  Brian LaMacchia, Microsoft Corp.
Hosts:    Ron Rivest and Hal Abelson



==========> 02-10-21-NewsForge-Stallman-TrustedComputingTakesControlFromUser.txt==========

http://www.newsforge.com/business/02/10/21/1449250.shtml?tid=19

NewsForge
The Online Newspaper for Linux and Open Source
Can you trust your computer?
2002.10.21 12:14
-By Richard Stallman -

Who should your computer take its orders from? Most people think their 
computers should obey them, not obey someone else. With a plan they call 


==========> 02-10-21-NewsForge-Stallman-trustedComputing.txt==========

http://newsforge.com/article.pl?sid=02/10/21/1449250

Linux.Com
The Online Newspaper of Record for Linux and Open Source
Can you trust your computer?
2002.10.21 11:14
By Richard Stallman

Who should your computer take its orders from? Most people think their 
computers should obey them, not obey someone else. With a plan they call 


==========> 02-10-23-PCWorld-DNSRootServerAttackCouldBeFirstOfMany.txt==========

http://www.pcworld.com/news/article/0,aid,106266,00.asp

Net Attack Could Be First of Many, Experts Warn
Future attacks could succeed in bringing down the Internet and are surprisingly 
simple to launch, security insiders say.
Paul Roberts, IDG News Service
Wednesday, October 23, 2002

The distributed denial-of-service attack launched Monday against all 13 of the 
Internet domain name system root servers failed to bring down the Internet, but 


==========> 02-10-24-ComputerWorld-CrockerOnDNSServerAttack.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,75350,00.html

Q&A: Internet pioneer Stephen Crocker on this week's DDOS attack
By PATRICK THIBODEAU 
OCTOBER 24, 2002

This week's distributed denial-of-service (DDOS) attack on the Domain Name 
System (DNS) root server system (see story) got the attention of the Internet 
Corporation for Assigned Names and Numbers (ICANN), the U.S.-created private 
group that is charged with ensuring the stability and security of the DNS. 


==========> 02-10-31-Reuters-WiFiSecurityUpgrade.txt==========

http://www.reuters.com/news_article.jhtml?type=search&StoryID=1659689#

Wireless Network Industry Eyes Tighter Security
October 31, 2002 01:07 AM ET
By Sinead Carew and Eric Auchard 

NEW YORK (Reuters) - Short-range wireless
computer networks whose endemic vulnerabilities
to hackers have become an industry joke will
receive a much needed security boost from new


==========> 02-11-00-ACMUbiquity-AreECommerceSecurityMeasureWorthTheTrouble.txt==========

E-commerce security measures: are they worth it?
Avi Rushinek, Sara Rushinek
November 2002 	  	
Ubiquity,  Volume 3 Issue 39 

Cost benefits of the security and systems management of electronic publishing 
Internet Web server subscription services and e-commerce.

This study deals with a perceived cost benefit theory of the security and 
systems management of electronic publishing Internet Web servers and 


==========> 02-11-00-WashMonthly-CyberTerrorismNotLethal.txt==========

http://www.washingtonmonthly.com/features/2001/0211.green.html

The Myth of Cyberterrorism
There are many ways terrorists can kill you--computers aren't one of them. 
Nov. 2002
By Joshua Green 

Again and again since September 11, President Bush, Vice President Cheney, and
senior administration officials have alerted the public not only to the dangers 
of chemical,


==========> 02-11-02-ACMUbiquity-TheFutureOfInternetSecurity.txt==========

The Future of Internet Security
By Charles Adetokunbo Shoniregun
Should common security technologies be blended with biometrics for accuracy and 
reliability?

For centuries, security was synonymous with secrecy. The shared
secret between two parties conducting business was a worldwide
approach. But secret passwords require a great deal of trust
between parties sharing the secret. Can we always trust the
administrator or other users of the Internet network service


==========> 02-11-03-AP-TrustedComputing-UsersCedeControl.txt==========

http://story.news.yahoo.com/news?tmpl=story2&cid=528&ncid=528&e=2&u=/ap/20021103
/ap_on_hi_te/controlled_computing

 New PCs Likely to Cede Some Control 
 Sun Nov 3, 1:58 PM ET
 By MATTHEW FORDAHL, AP Technology Writer 

 SAN JOSE, Calif. (AP) - To thwart hackers and foster online commerce, the next 
generation of computers will almost certainly cede some control to software 
firms, Hollywood and other outsiders. 


==========> 02-11-03-STMerc-CriticsSayTrustedComputingThreatensConsumerFreedom.txt==========

http://www.siliconvalley.com/mld/siliconvalley/4437666.htm

Posted on Sun, Nov. 03, 2002
Critics: 'Trusted computing' threatens consumer freedom

  SAN JOSE, Calif. (AP) - To thwart hackers and foster online commerce, the 
next generation of computers will almost certainly cede some control to 
software firms, Hollywood and other outsiders.

  That could break a long-standing tenet of computing: that PC owners 


==========> 02-11-08-CNETNews-VoteNearOnCyberSecurityRandDAct.txt==========

http://news.com.com/2100-1023-965164.html

Cybersecurity bill nears House vote
By Declan McCullagh
Staff Writer, CNET News.com
November 8, 2002, 4:31 PM PT

American universities may receive a nearly $1 billion windfall next week, 
when Congress is expected to approve a massive new spending program for 
computer security.


==========> 02-11-11-NewScientist-TechChangesCouldStopAttacksOnP2P.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99993037

'Rewiring' file-sharing networks may stop attacks 
10:51 11 November 02
Will Knight
 
A proposed US law permitting attacks on peer-to-peer file sharing networks to 
disrupt illegal copying could be undermined by research from two US computer 
researchers.



==========> 02-11-13-CNETNews-CyberSecurityEnhancementAct-CSEA.txt==========

http://news.com.com/2100-1001-965750.html 

House considers jailing hackers for life
By Declan McCullagh 
Staff Writer, CNET News.com
November 13, 2002, 5:57 PM PT

WASHINGTON--A last-minute addition to a proposal for a Department of Homeland 
Security would punish malicious computer hackers with life in prison. 



==========> 02-11-13-Wired-HousePassesCyberSecurityRandDAct.txt==========

http://www.wired.com/news/politics/0,1283,56351,00.html

House OKs Computer Security Bill  
By Michael 12:00 AM Nov. 13, 2002 PT

WASHINGTON -- The U.S. House of Representatives on Tuesday approved the $903 
million Cyber Security Research and Development Act. 

Over the next five years, the act will fund new cybersecurity initiatives and 
train computer security experts in hopes of thwarting a future terrorist attack 


==========> 02-11-14-Wired-CriticsBashStudyShowingDecreaseInHackAttacks.txt==========

http://www.wired.com/news/politics/0,1283,56382,00.html

Study Makes Less of Hack Threat  
By Noah Shachtman 
02:00 AM Nov. 14, 2002 PT

Despite the panting about "cyberterrorists," and despite the scare mongering 
about venomous hackers preying on fragile federal networks, attacks on 
government computer systems are declining worldwide, according to a recently 
released report. 


==========> 02-11-15-ACMUbiquity-AreECommerceSecurityMeasuresWorthIt.txt==========

http://www.acm.org/ubiquity/views/a_rushinek_1.html

E-Commerce Security Measures: Are
They Worth It?
By Avi Rushinek and Sara Rushinek

Cost benefits of the security and systems management of electronic publishing 
Internet Web server subscription services and e-commerce.

This study deals with a perceived cost benefit theory of the security


==========> 02-11-20-ALA-HomelandSecurityAndTotalInfoAwareness.txt==========

ALAWON: American Library Association Washington Office Newsline
Volume 11, Number 93
November 20, 2002

In This Issue:
[1] Homeland Security Act Passes Senate
[2] TOTAL INFORMATION AWARENESS PROGRAM - T.I.A.

[1] Homeland Security Act Passes Senate



==========> 02-11-20-CNETNews-TechAspectsOfHomelandsecurityLaw.txt==========

http://news.com.com/2100-1023-966552.html

Homeland Security's tech effects
By Declan McCullagh 
Staff Writer, CNET News.com
November 20, 2002, 9:58 AM PT

The overwhelming vote by the Senate late Tuesday approving a Homeland Security 
Department clears the way for massive reorganization of the federal government 
that will have a dramatic impact on computer and network security. 


==========> 02-11-20-SJMerc-TotalInfoAwareness-Concerns.txt==========

http://www.siliconvalley.com/mld/siliconvalley/4569587.htm

Posted on Wed, Nov. 20, 2002
Massive database dragnet explored
ANTI-TERRORISM PROJECT ALARMS PRIVACY ADVOCATES
By Jim Puzzanghera
Mercury News Washington Bureau

  WASHINGTON - Its name is Orwellian, its head has a notorious past, and its 
goal has civil libertarians and computer-privacy advocates in a frenzy: Let the 


==========> 02-11-20-UPI-InternetNeedsWorkAfter9-11.txt==========

http://www.upi.com/view.cfm?StoryID=20021120-052609-3816r

Sept. 11 showed work needed on Internet 
By Scott R. Burnell
UPI Science News
From the Science & Technology Desk
Published 11/20/2002 6:44 PM

WASHINGTON, Nov. 20 (UPI) -- The Sept. 11 terrorist attacks on New York's World 
Trade Center had a minor physical effect on the Internet, but the experience 


==========> 02-11-22-EWeek-ITIndustryWarnsAgainstRegulation.txt==========

http://www.eweek.com/article2/0,3959,719819,00.asp

  November 22, 2002
  IT Warns Against Slippery Slope to Regulation
  By  Caron Carlson 

  The IT industry last week answered the Bush administration's call for 
comments on its draft strategy for securing the country's computer networks. 
Software and hardware vendors are looking for stronger recommendations to guide 
them in selling their wares to the government, but at the same time they want 


==========> 02-11-25-NewsFactor-NewApproachesToSecurityPatchesNeeded.txt==========

http://www.newsfactor.com/perl/story/20084.html

Winning the Cybersecurity War
By Tim Howes
November 25, 2002

Cybersecurity is on everyone's mind. Threats run the gamut, from domestic to 
foreign, internal to external, from teenage hackers to sophisticated rings with 
malicious intentions. So, how should corporations protect themselves? And how 
do they implement security measures without breaking the bank? 


==========> 02-12-00-CACM-WhySecurityStandardsSometimesFail.txt==========

Inside risks: Why security standards sometimes fail
Avishai Wool
December 2002 	  	
Communications of the ACM,  Volume 45 Issue 12 

Security experts have long been saying that secure systems, and especially 
security standards, need to be designed through an open process, allowing 
review by anyone. Unfortunately, even openly designed standards sometimes 
result in flawed cryptographic systems. A recent example is the IEEE 802.11 
wireless LAN standard, in which several serious cryptographic failures were 


==========> 02-12-02-ZDNet-Schneier-NoSecurityMagicAvailable.txt==========

http://zdnet.com.com/2100-1105-975690.html

Schneier: No "magic security dust"
By Alorie Gilbert 
Special to ZDNet
December 2, 2002, 7:14 AM PT

Tech entrepreneur Bruce Schneier is one of America's best-known computer 
security
experts. His testimony before Congress helped defeat legal restrictions on 


==========> 02-12-06-SJMerc-TelcomIndustryOutlinesSecurityPlans.txt==========

http://www.siliconvalley.com/mld/siliconvalley/4683291.htm

Posted on Fri, Dec. 06, 2002
Communications industry outlines security plans

WASHINGTON (AP) - Communications industry officials endorsed
a 300-item list Friday of what they say telephone, cable, satellite and
Internet operators should do to protect against terrorist attack.

The recommendations -- from simply shutting down computers to


==========> 02-12-06-Wired-FedsSayWiFiSecurityThreat.txt==========

http://www.wired.com/news/wireless/0,1382,56742,00.html

Feds Label Wi-Fi a Terrorist Tool  
02:00 AM Dec. 06, 2002 PT

SANTA CLARA, California -- Attention, Wi-Fi users: The Department of Homeland 
Security sees wireless networking technology as a terrorist threat. 

That was the message from experts who participated in working groups under 
federal cybersecurity czar Richard Clarke and shared what they learned at this 


==========> 02-12-10-PCWorld-FinancialInstitutionsTackleCybersecurity.txt==========

http://www.pcworld.com/news/article/0,aid,107889,00.asp

Protecting Cyberspace Takes Teamwork
Financial institutions tackle cybersecurity measures together with industry, 
government.
Michael Hardy, IDG News Service
Tuesday, December 10, 2002

WASHINGTON -- Protecting financial institutions from cyberattacks will take 
closer


==========> 02-12-11-MSNBC-SpamAndVirusesIncreasingProblem.txt==========

http://www.msnbc.com/news/846241.asp?0si=&cp1=1

Antivirus firm annual report paints bleak picture
By Bob Sullivan
MSNBC

Dec. 11 — Some time next year, there will be more
spam than real e-mail floating around the
Internet. That’s the conclusion drawn from
annual statistics gathered by British e-mail


==========> 02-12-16-SJMerc-DMCA-TIA-P2PPiracyBill-UndermineCybersecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/4750224.htm

Posted on Mon, Dec. 16, 2002
Jonathan Band: Congress unknowingly undermines cyber-security
By Jonathan Band

Since 9/11, much public attention has focused on the trade-off
between security on the one hand and civil liberties and privacy on the
other. We see this conflict every day when we read about the
detainment of foreign nationals or the latest homeland security initiative


==========> 02-12-19-SJMerc-WebActivistsWatchTIAsPoindexter.txt==========

http://www.siliconvalley.com/mld/siliconvalley/4774016.htm

Posted on Thu, Dec. 19, 2002
Web activists keep constant eye on Pentagon's data-mining point man
By Jim Puzzanghera
Mercury News Washington Bureau

WASHINGTON - Internet activists have a message for John
Poindexter, the head of a controversial Pentagon research project to
find terrorists by searching the everyday transactions of Americans:


==========> 02-12-20-DARPA-InfoAwarenessOffice-IAO.txt==========

http://www.darpa.mil/iao/

IAO Mission 

The DARPA Information Awareness Office (IAO) will imagine, develop,
apply, integrate, demonstrate and transition information technologies,
components and prototype, closed-loop, information systems that will
counter asymmetric threats by achieving total information awareness
useful for preemption; national security warning; and national security
decision making. 


==========> 02-12-20-MSNBC-AdminSaysCyberspaceProtectionPlanWontInvadePrivacy.txt==========

http://www.msnbc.com/news/850160.asp?0si=-&cp1=1

Administration official disputes New York Times report
By Bob Sullivan
MSNBC

Dec. 20 — The White House wants Internet service
providers to help create a system to monitor
Internet use, the New York Times reported on
Friday. But a high-ranking government official


==========> 02-12-20-NYT-Markoff-BushAdminProposesInternetMonitoringSystem.txt==========

http://www.nytimes.com/2002/12/20/technology/20MONI.html

December 20, 2002

Bush Administration to Propose System for Monitoring Internet

By JOHN MARKOFF and JOHN SCHWARTZ

The Bush administration is planning to propose requiring Internet 
service providers to help build a centralized system to enable 


==========> 02-12-20-Reuters-WhiteHouseSaysWebSecurityPlanWontInvadePrivacy.txt==========

http://story.news.yahoo.com/news?tmpl=story2&cid=569&ncid=738&e=3&u=/nm/20021221
/tc_nm/
tech_surveillance_dc

Technology - Reuters
White House: Web Security Plan Won't Invade Privacy
Fri Dec 20, 7:06 PM ET
By Andy Sullivan 

WASHINGTON (Reuters) - Efforts to bolster Internet security will not


==========> 02-12-20-Wired-TerroristsUnlikelyToDamageNet.txt==========

http://www.wired.com/news/infostructure/0,1377,56935,00.html

Terrorists on the Net? Who Cares?  
By Noah Shachtman 
02:00 AM Dec. 20, 2002 PT

To all those Chicken Littles clucking frantically about the imminent 
threat of a terrorist attack on U.S. computer networks, a
new report says: Knock it off. 



==========> 02-12-30-NYT-TamingTheTaskOfCheckingTerroristsNames.txt==========

December 30, 2002
Taming the Task of Checking for Terrorists' Names
By SARAH MILSTEIN
New York Times

When presented with a document like a passport or credit card, certain
federal agencies and some private-sector companies, like airlines and
insurance companies, are required by law to check whether the name on the
document is also on watch lists of suspected terrorists and their
supporters.


==========> 02-12-31-TechNews-TechPoliciesInThe107thCongress.txt==========

Tech Policy Priorities Changed in Wake of Terrorist Attacks
War on Terrorism Shifted Attention Away From Telecom, Copyright Issues
By TechNews.com Staff
Tuesday, December 31, 2002; 12:00 AM

In the two years of the 107th Congress, the technology industry started out
with a presence on Capitol Hill that was as strong as its high-flying stock
performance. Broadband Internet access regulations, corporate tax breaks
and fast-track trade authority for the president dominated the tech
business agenda, while consumer concerns abounded -- from what constitutes


==========> 03-01-02-AOL-UnivResearchersTurnDownGrantsWithRestrictions.txt==========

http://my.aol.com/news/news_story.psp?type=1&cat=0100&id=030102170713579573

Researchers Worry About Terrorism Fear
The Associated Press
Jan 2 2003 5:07PM

WASHINGTON (AP) - The Massachusetts Institute of Technology walked away from
a $404,000 study because the government wanted to restrict participation by
foreign students. Other universities are balking at demands that the
government check research in the name of national security before scientists


==========> 03-01-03-ComputerWorld-Cyberthreats-WarnsClarke.txt==========

http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,77
238,00.html

Cyberthreats not to be dismissed, warns Clarke
By DAN VERTON 
JANUARY 03, 2003

The U.S. has ignored warning signs before: two attempts by
al-Qaeda in 1994 to use airplanes as weapons, as well as
public statements in 2000 about terrorists being trained as


==========> 03-01-03-Wired-WhyRIAAKeepsGettingHacked.txt==========

http://www.wired.com/news/technology/0,1282,57048,00.html?tw=wn_ascii

Why RIAA Keeps Getting Hacked  
By Michelle Delio 
02:00 AM Jan. 03, 2003 PT

The Recording Industry Association of America may not want people to share 
digital files, but the organization certainly
seems to be in favor of open access to its website. 



==========> 03-01-07-WashPost-GovernmentParesBackSecurityInitiative.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A18662-2003Jan6.html

A Pared-Back Security Initiative
Revised Plan Focuses on Agencies 
By Ted Bridis
Associated Press
Tuesday, January 7, 2003; Page E03 

The Bush administration has reduced by nearly half its
initiatives to tighten security for vital computer networks,


==========> 03-01-08-PCWorld-RevisedCyberSecurityPlanPosesProblems.txt==========

http://www.pcworld.com/news/article/0,aid,108560,00.asp

Cybersecurity Plan May Pose Privacy Problems
Published reports say the President's security plan has been pared down, 
leaving many
wondering what's been left out.
Grant Gross, IDG News Service
Wednesday, January 08, 2003

WASHINGTON -- Amid published reports that a pared-down Bush administration


==========> 03-01-08-ZDNet-RootServerDDoSAttacks.txt==========

http://zdnet.com.com/2100-1107-979650.html

Keeping ahead of DNS attacks
By Paul Mockapetris 
Special to ZDNet
January 8, 2003, 9:12 AM PT

COMMENTARY--The domain name system--the global directory that maps names to
Internet protocol addresses--was designed to distribute authority, making 
organizations


==========> 03-01-09-InternetWeek-Doctorow-MaliciousWiFiInternetAccessIsNonsense.txt==========

http://www.internetwk.com/breakingNews/INW20030109S0001

Expert: Alleged Wi-Fi Risks Are Nonsense
By Mitch Wagner

A popular technology Weblogger says warnings
about the supposed security risks of Wi-Fi
networking are nonsense. 

Law-enforcement officials and telecommunications


==========> 03-01-09-ITManagement-CyberSecurityRDActGoodIfFunded.txt==========

http://itmanagement.earthweb.com/columns/secugud/article.php/1567191

Dollars, Sense and the Cyber Security Act 
January 9, 2003
By Paul Desmond

With some amount of fanfare, Congress late last year passed and
President Bush signed the Cyber Security Research and Development
Act (CSRDA), which provides nearly $1 billion for various forms
of security research and scholarships.  Soon we'll find out whether


==========> 03-01-11-TheRegister-RIAASiteDefacedAgain.txt==========

http://www.theregister.co.uk/content/55/28817.html

RIAA defaced -again!
By Drew Cullen
Posted: 11/01/2003 at 22:06 GMT

Reader reports are flooding in that the RIAA.org has been defaced - again. At
time of writing, the site appears to be down, And several readers have been
kind enough to include screen grabs, showing that the front page today carried
the following message. 


==========> 03-01-12-ESecurityPlanet-InternetThreatsWillGetWorse.txt==========

http://itmanagement.earthweb.com/columns/secugud/article.php/1567191

Dollars, Sense and the Cyber Security Act 
January 9, 2003
By Paul Desmond

With some amount of fanfare, Congress late last year passed and
President Bush signed the Cyber Security Research and Development
Act (CSRDA), which provides nearly $1 billion for various forms
of security research and scholarships.  Soon we'll find out whether


==========> 03-01-13-DCInternet-OpenWebAppSecurityProjIssuesTopWebVulnerabilities.txt==========

http://dc.internet.com/news/article.php/1568761

January 13, 2003
Open Source Group Issues Top Ten Web Vulnerabilities
By Roy Mark 

The 10
most critical Web application security problems for
government and the private sector were unveiled Monday
by the Open Web Application Security Project (OWASP),


==========> 03-01-13-FedCompWeek-WiFiProtectedAccess-WPA-BetterThanWEP.txt==========

Federal Computer Week
Gearing up for wireless security
By Brian Robinson
Jan. 13, 2003

If wireless users can endure one more round of debates about security
standards, they may soon be able to buy actual products.

It's no secret that built-in security functions lack current wireless
local-area network products, a situation due largely to the inadequacy of


==========> 03-01-13-SecurityFocus-USSentencingCommAsksInputOnHackers.txt==========

http://online.securityfocus.com/news/2028

Feds seek public input on hacker sentencing
By Kevin Poulsen, SecurityFocus Jan 13 2003 12:13AM

Sick and tired of a revolving door justice system that lets hackers skate with 
just a few measly
years in prison? Or do you think that the courts are already too hard on online 
miscreants who
sometimes go up the creek for longer than many killers? 


==========> 03-01-15-CNETNews-OldHardDrivesStillContainData.txt==========

http://news.com.com/2100-1040-980824.html?tag=fd_top

Old hard drives yield data bonanza 
By Sandeep Junnarkar 
Staff Writer, CNET News.com
January 15, 2003, 12:35 PM PT

Two Massachusetts Institute of Technology graduate students have uncovered a
treasure trove of personal and corporate information on used disk drives. 



==========> 03-01-15-Yahoo-OldHardDrivesStillContainData.txt==========

http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030115/ap_wo_en_po/na_gen_us
_unerased_hard_drives_2

Discarded computer hard drives prove a trove of personal info 
Wed Jan 15, 4:25 PM ET
By JUSTIN POPE, AP Business Writer 

CAMBRIDGE, Massachusetts - So, you think you cleaned all your
personal files from that old computer you got rid of? 



==========> 03-01-24-CNETNews-MSDropsPalladiumName.txt==========

http://news.com.com/2100-1001-982127.html?tag=fd_top

Microsoft flames Palladium name 
By Robert Lemos 
Staff Writer, CNET News.com
January 24, 2003, 5:47 PM PT

Microsoft has dropped the code name of its controversial security technology,
Palladium, in favor of this buzzword-bloated tongue twister: "next-generation
secure computing base." 


==========> 03-01-24-SJMerc-DG-MSDropsPalladiumName.txt==========

http://weblog.siliconvalley.com/column/dangillmor/archives/000755.shtml#000755

January 24, 2003 
Palladium Name Change; Mission Still Same
posted by Dan Gillmor 04:52 PM
permanent link to this item 

This just in from Microsoft's PR folks:

     "Microsoft is adopting a new name to replace the code name Palladium. 


==========> 03-01-27-TheRegister-MSDropsPalladiumName.txt==========

http://www.theregister.co.uk/content/4/29039.html

Bad publicity, clashes trigger MS Palladium name change
By John Lettice
Posted: 27/01/2003 at 11:27 GMT

Microsoft has abandoned the Palladium name, in favour of the (no doubt
deliberately) snooze-provoking "Next Generation Secure Computing Base."
The ostensible reasons are twofold. The Palladium name is already used by
another company for a product in a similar area, and since its announcement


==========> 03-01-29-CNETNews-BushProposesTerroristThreatIntegrationCenter.txt==========

http://news.com.com/2100-1001-982640.html

Bush proposes antiterror database plan 

By Declan McCullagh 
Staff Writer, CNET News.com
January 29, 2003, 1:06 PM PT

A forthcoming government database will compile information from all federal
agencies and the private sector on people deemed possible terrorist threats,


==========> 03-01-30-ComputerWorld-I3P-ConsortiumPromotesCybersecurityResearch.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,78024,00.html

Consortium pushes for cybersecurity R&D
By Grant Gross, IDG News Service
JANUARY 30, 2003

A consortium of 23 security research institutions is calling on the
government and private companies to put more research and
development muscle into cybersecurity. Among other things, the group
would like to see more effort put into the development of code


==========> 03-01-31-WashPost-FedsBulidingInternetMonitoringCenter-GEWIS.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A3409-2003Jan30.html

Feds Building Internet Monitoring Center 
By Brian Krebs
washingtonpost.com Staff Writer
Friday, January 31, 2003; 12:00 AM 

The Bush administration is quietly assembling an
Internet-wide monitoring center to detect and respond to
attacks on vital information systems and key e-commerce


==========> 03-01-31-ZDNet-MSFailsToProtectAgainstSQLSlammer.txt==========

http://news.zdnet.co.uk/story/0,,t269-s2129682,00.html

Microsoft security effort 'failing'
11:44 Friday 31st January 2003
Reuters  

The Trustworthy Computing initiative has not succeeded in making Microsoft
systems more secure, says expert 

Computer security experts said on Thursday the recent "SQL Slammer" worm, the


==========> 03-02-00-BusCommRev-ExpertsCiteSeveralReasonsForPoorInternetSecurity.txt==========

http://www.bcr.com/bcrmag/2003/02/p49.asp

The Sad And Increasingly Deplorable State Of Internet Security
from the February 2003 issue of Business Communications Review, pp. 49–53

by David Piscitello, president of Core Competence, Inc., an
internationally recognized expert in security technology and founder
of the Internet Security Conference; and Dr. Stephen Kent, chief
scientist, Internet Security at BBN Technologies, who has been
involved with network security R&D for more than 20 years.


==========> 03-02-03-PCWorld-VulnerabilitiesIncreaseButNetAttacksDown.txt==========

http://www.pcworld.com/news/article/0,aid,109187,00.asp

The Net Is Dangerous, Research Says
Attack rates decline, but worms and software flaws keep cyberspace hazardous, 
Symantec reports.
Paul Roberts, IDG News Service
Monday, February 03, 2003

Attacks on company networks decreased over the past six months, but the number 
of


==========> 03-02-04-eWeek-LatestCybersecurityPlanCountsOnPrivateSector.txt==========

http://www.eweek.com/article2/0,3959,861870,00.asp

Cyber-Security Plan Counts on Private Sector's Input
February 4, 2003 
By Dennis Fisher

The forthcoming final version of the National Strategy to Secure Cyberspace
will call for a comprehensive cybersecurity response system that will depend 
heavily on
contributions from the private sector. The system, as described in the most 


==========> 03-02-06-NewsFactor-ASUReserchersSayCascadingFailuresCouldCrashInternet.txt==========

http://www.newsfactor.com/perl/story/20686.html

Cascading Failures Could Crash the Global Internet
 By Mike Martin
 NewsFactor Sci::Tech, 
 Part of the NewsFactor Network 
 February 6, 2003 

 Eliminating central nodes -- for instance, backbone routers in the Internet -- 
"is likely to cause


==========> 03-02-07-WasPost-BushOrdersCyberWarfareGuidelines.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A38110-2003Feb6.html

Bush Orders Guidelines for Cyber-Warfare
Rules for Attacking Enemy Computers Prepared as U.S. Weighs Iraq Options 
By Bradley Graham
Washington Post Staff Writer
Friday, February 7, 2003; Page A01 

President Bush has signed a secret directive ordering the
government to develop, for the first time, national-level


==========> 03-02-10-SJMerc-MakeCompaniesLiableForSoftwareSecurityProblems.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5147205.htm

Posted on Mon, Feb. 10, 2003
Miguel Helft: If tech companies were liable for security holes, cyberspace
would become safer
By Miguel Helft

Just two weeks ago, a nasty little piece of software known to security
experts as an Internet ``worm,'' wreaked havoc in parts of cyberspace.



==========> 03-02-13-StarTrib-SomeExpertsSayCyberterrorismUnlikely.txt==========

http://www.startribune.com/stories/1576/3650296.html

Some experts say cyberterrorism is very unlikely
Steve Alexander
Star Tribune
Published Feb. 13, 2003

For years, government Internet experts have warned a "cyberterrorism"
attack could steal national secrets, interrupt electric power, disrupt flight
control systems, or worse, amounting to "an electronic Pearl Harbor."


==========> 03-02-15-WashPost-BushCybersecurityPlanLeavesItToIndustry.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A10274-2003Feb14.html

Cyber-Security Strategy Depends on Power of Suggestion 
By Jonathan Krim
Washington Post Staff Writer
Saturday, February 15, 2003; Page E01 

The Bush administration yesterday announced its strategy
for protecting computer systems from attacks by hackers or
terrorists, but it backed away from proposals by several


==========> 03-02-17-FoxNews-108thCongressPreparesTechAgenda.txt==========

http://www.foxnews.com/story/0,2933,78729,00.html

Congress Preps Tech Agenda
  Monday, February 17, 2003
  By Liza Porteus

  WASHINGTON — U.S. lawmakers continue to pursue their high-tech
  agendas, having introduced about 20 tech-related bills in the first week of
  the new Congress alone and seeking dozens of new rules on piracy,
  privacy and security, among other issues.


==========> 03-02-19-ChicagoTrib-HackerAccesses8MillionCreditCardRecords.txt==========

http://www.chicagotribune.com/technology/chi-0302190273feb19,0,1882983.story?col
l=chi-business-hed

Credit card data accessed by hacker
4 issuers, more than 5.4 million numbers affected
From Tribune news services
Published February 19, 2003

NEW YORK -- Visa USA Inc., MasterCard
International Inc., American Express Co. and


==========> 03-02-20-CNETNews-CriminalDefenseLawyersAndEFFSayHackersSentencesTooHarsh.txt==========

http://news.com.com/2100-1001-985407.html

Lawyers: Hackers sentenced too harshly 
By Robert Lemos 
Staff Writer, CNET News.com
February 20, 2003, 3:47 PM PT

The nation's largest group of defense lawyers on Wednesday published a position
paper arguing that people convicted of computer-related crimes tend to get 
stiffer


==========> 03-02-21-TheRegister-InsidersCouldEasilyGuessATM-PINs.txt==========

http://www.theregister.co.uk/content/55/29425.html

How to get an ATM PIN number in 15 guesses
By John Leyden
Posted: 21/02/2003 at 13:34 GMT

Cambridge researchers have documented a worrying PIN cracking technique
against the hardware security modules commonly used by bank ATMs. 

Mike Bond and Piotr Zielinski have published a paper detailing how a


==========> 03-02-25-SJMerc-WiFiHotspotsCouldLeadToHacking.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5258369.htm

Posted on Tue, Feb. 25, 2003
Warchalking hype raises wireless-security consciousness
By Chris Cobbs
Orlando Sentinel

During the Great Depression, hobos drew symbols on sidewalks and
buildings to let one another know where to find free food.



==========> 03-02-26-SJMerc-CountyEVotingPlansAdvanceInSpiteOfConcerns.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5266490.htm

Posted on Wed, Feb. 26, 2003
County lets e-voting plan advance without paper backup
By Karen de Sá
Mercury News

Santa Clara County supervisors rejected pleas from computer scientists
Tuesday that they require new electronic voting machines to produce a
paper trail after each touch-screen vote is cast, leaving that decision to the


==========> 03-02-27-CNETNews-AttorneySaysHackingAttackingComputersMayBeLegal.txt==========

http://news.com.com/2100-1002-990469.html

Is vigilante hacking legal? 
By Robert Lemos 
Staff Writer, CNET News.com
February 27, 2003, 2:53 PM PT

SEATTLE--Striking back at computers that are attacking a company or home
network could be legal under federal nuisance laws, a technology-law expert said
Thursday. 


==========> 03-03-00-CACM-FirewallsHaveManyHoles.txt==========

Departments: Opinion: Securing the Edge
Avi Freedman
March 2003 	  	
Queue,  Volume 1 Issue 1 

Common wisdom has it that enterprises need firewalls to secure their networks. 
In fact, as enterprise network practitioners can attest, the 
"must-buy-firewall" mentality has pervaded the field.

Maybe you’re a believer too. But if you have any geeks working for you, do you 


==========> 03-03-00-CACM-UsingInsuranceForCyberRiskManagement.txt==========

A framework for using insurance for cyber-risk management
Lawrence A. Gordon, Martin P. Loeb, Tashfeen Sohail
March 2003 	  	
Communications of the ACM,  Volume 46 Issue 3 

Seeking to protect an organization against a new form of business losses.

The use of the Internet has significantly increased the vulnerability of 
organizations to information theft, vandalism, and denial-of-service attacks, 
thereby bringing information security issues to the forefront of the agenda for 


==========> 03-03-03-CalAggie-UCDResearchersTackleComputerSecurity.txt==========

http://www.californiaaggie.com/_articles/5761.taf

March 03, 2003
Securing a digital lock
UCD researchers look for solutions in safeguarding vulnerable computers
Graciela Guardado / Aggie Graphic Matt Jojola / Aggie
By Matt Moffitt
Aggie Science Writer

February 27, 2003 - Everyone seeks to feel secure in life. Since 


==========> 03-03-03-Computerworld-MajorVulnerabilityInSendmailDiscovered.txt==========

http://www.computerworld.com/securitytopics/security/holes/story/0,10801,78991,0
0.html

Major Internet vulnerability discovered in e-mail protocol
By DAN VERTON 
MARCH 03, 2003

The Department of Homeland Security (DHS) has been working in
secret for more than two weeks with the private sector to fix a major
Internet vulnerability that could have had disastrous consequences


==========> 03-03-03-SJMerc-GovtPublicationRestrcitionsStallScientificResearch.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5304602.htm

Posted on Mon, Mar. 03, 2003
Demand for government review stalls research project
By Glennda Chui
Mercury News

Neuroscientist Bruno Olshausen has been waiting nearly a year to launch
a study of how the brain recognizes objects against a cluttered
background -- one with potential applications for baggage screening at


==========> 03-03-03-SJMerc-SecurityRestrictingSciencePublicationAndTravel.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5304603.htm

Posted on Mon, Mar. 03, 2003
Security concerns may be shackling science
By Glennda Chui
Mercury News

Russian scientists are invited to the United States for meetings aimed at
stopping the spread of nuclear weapons, only to find they can't get past
the border. Foreign researchers are yanked from some federal labs.


==========> 03-03-11-SecurityFocus-HomelandSecuritySybersecurityEffortsDoubted.txt==========

http://www.securityfocus.com/news/3043

Homeland Cybersecurity Efforts Doubted

As the new Department of Homeland Security swallows nearly every cybersecurity 
office in the
U.S. government, high-profile leaders are jumping ship, and analysts worry that 
only meager
funding and muddled goals remain. 
By Michael Fitzgerald, SecurityFocus Mar 11 2003 1:24PM


==========> 03-03-13-Yahoo-CMU-SCCWorkshopOnWirelessTrustAndDependability.txt==========

http://biz.yahoo.com/prnews/030313/nyth102_1.html

Press Release
Source: Sustainable Computing Consortium
Sustainable Computing Consortium Hosts Workshop On Trust and Dependability in 
Wireless
Environments
Thursday March 13, 10:45 am ET 

PITTSBURGH, March 13 /PRNewswire/ -- A workshop hosted by the Sustainable 


==========> 03-03-14-CeBITPanelSaysBombsMoreLikelyThanCyberterrorism.txt==========

http://www.pcworld.com/news/article/0,aid,109819,tk,dn031403X,00.asp

Does Cyberterrorism Pose a True Threat?
Experts say terrorists are more likely to strike with bombs than worms.
Joris Evers, IDG News Service
Friday, March 14, 2003

HANOVER, GERMANY -- The cyberterrorism threat is overstated: Terrorists won't 
strike
the Internet because bombs are more effective, an expert panel agreed Friday.


==========> 03-03-15-Wired-NRICSaysBusinessesMustGetSeriousAboutNetworkSecurity.txt==========

http://www.wired.com/news/infostructure/0,1377,58067,00.html

Network Guardians Face Thorny Job  
By Michael 
02:00 AM Mar. 15, 2003 PT

WASHINGTON -- The task of protecting America's communications 
and information networks isn't getting any easier. 

And federal agencies and private companies face a steeper 


==========> 03-03-18-WashPost-USHeightensCybersecurityMonitoring.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A46583-2003Mar18.html

U.S. Heightens Cybersecurity Monitoring 
By Robert MacMillan
washingtonpost.com Staff Writer
Tuesday, March 18, 2003; 1:19 PM 

The Department of Homeland Security is boosting efforts to
monitor the Internet for cyberterrorist and hacking incidents
as the nation readies for war against Iraq. 


==========> 03-03-20-Fortune-WeAreVulnerableToCyberAttacks.txt==========

http://www.fortune.com/fortune/fastforward/0,15704,434993,00.html

FAST FORWARD 
Are We Vulnerable to Cyber-Attacks? 
Most organizations say they're getting more serious about security, 
but the risks are still growing. 
FORTUNE
Thursday, March 20, 2003 
By David Kirkpatrick 



==========> 03-03-20-NewsFactor-InternetStillNotSecure.txt==========

http://www.newsfactor.com/perl/story/21056.html

Cyberspace an Invisible Front in War on Terrorism
 By Bob Keefe 
 March 20, 2003 

 Businesses and government agencies have spent billions in recent years on 
computer security
 software and equipment, only to see the number and ferocity of computer 
attacks increase. 


==========> 03-03-20-PCWorld-CongressionalBriefing-Security-Privacy.txt==========

http://www.pcworld.com/news/article/0,aid,109934,00.asp

Will War Swap Privacy for Security?
Tech execs, lawmakers ponder role of surveillance.
Grant Gross, IDG News Service
Thursday, March 20, 2003

WASHINGTON, D.C. -- The challenge of balancing security and privacy is taking a 
new
turn with battles in progress in Iraq. 


==========> 03-03-21-ChronHighEdu-Shibboleth-Internet2-Authentication.txt==========

http://chronicle.com/free/2003/03/2003032101t.htm

INTERNET2 CONNECTIONS
Seeking Additional Security After a Big
Theft, JSTOR Tests Internet2's Shibboleth
By FLORENCE OLSEN

Last fall, someone taking advantage of a common
method for gaining access to online databases
attempted to download the vast collection of


==========> 03-03-21-Computerworld-DNSSec-AttemptsToStopSophisticatedDOSAttacks.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,79576,00.html

DNS expert: More sophisticated Internet attacks coming
By JAIKUMAR VIJAYAN 
MARCH 21, 2003

Last October's denial-of-service attacks against the
Domain Name System (DNS) were only the opening salvo
in what will inevitably be far more sophisticated attacks
against the Internet's core addressing system, according


==========> 03-03-24-WaskTech-SomeSayBushAdminMovesDowngradeCyberSecurity.txt==========

http://www.washingtontechnology.com/news/17_24/federal/20349-1.html

03/24/03; Vol. 17 No. 24
Cybersecurity downgraded?
By PATIENCE WAIT
Demise of critical infrastructure board makes industry 'nervous' 

The decision by the White House to eliminate the
President's Critical Infrastructure Protection Board and
fold its responsibilities into the new Department of


==========> 03-03-25-NAS-NRDReport-IdentityVerificationAndPrivacy.txt==========

http://www4.nationalacademies.org/news.nsf/isbn/0309088968?OpenDocument

Date: March 25, 2003
Contacts: Barbara J. Rice, Deputy Director
Andrea Durham, Media Relations Assistant
Office of News and Public Information
(202) 334-2138; e-mail <news@nas.edu>

FOR IMMEDIATE RELEASE



==========> 03-03-25-NewsFactor-WPAWillNotMakeWiFiSecure.txt==========

http://www.newsfactor.com/perl/story/21081.html

NEWSFACTOR SPECIAL REPORT:
Are Wireless Networks Secure Yet?

By Vincent Ryan
NewsFactor Network 
March 25, 2003 

 Once vendors and standard-setters solve the encryption and authentication 


==========> 03-03-26-Felten-StatesIntroBillsToExtendDMCAToFirewalls.txt==========

http://www.freedom-to-tinker.com/archives/000336.html

Freedom to Tinker (Ed Felten)
... is your freedom to understand, discuss, repair, and modify 
the technological devices you own. 
« Finkelstein Replies on ARDG and the Press | Main | MPAA 
Lobbying for State Super-DMCA Bills » 
March 26, 2003 
Use a Firewall, Go to Jail 



==========> 03-03-26-WSJ-IraqWarCausesMoreWebSiteDefacementHacking.txt==========

http://sg.biz.yahoo.com/030326/72/39e6t.html

Wednesday March 26, 9:07 AM 
Web Hacking Is Up As Tensions Rise
(From The Wall Street Journal) 
By Riva Richmond 
Dow Jones Newswires 

NEW YORK -- Amid heightened emotions over the war in
Iraq, hacker groups have stepped up defacements of Web


==========> 03-03-31-Provos-WebPagesMovedOffshore-MichSuperDMCA.txt==========

http://niels.xtdnet.nl/honeyd/

Due to a new Michigan law, the legality of my research or these web pages is
currently unclear. Felton provides additional information about the resulting
restrictions on technology and research. 

The web pages will be reinstated once the situation has been resolved. Please,
support the EFF. 




==========> 03-04-00-ACMUbiquity-InsecureInformationSubmissionMethodsDisourageApplicants.txt==========

Job applications and network security, or, how to not limit the online 
applicant pool
Trevis J. Rothwell
April 2003 	  	
Ubiquity,  Volume 4 Issue 10 

Employers discourage potential applicants by not offering secure methods for 
submitting personal information.

Browsing through online job postings, you can see that different companies list 


==========> 03-04-00-IEEESpectrum-UpdatingElectronicSurveillanceSystems.txt==========

http://www.spectrum.ieee.org/WEBONLY/publicfeature/apr03/code.html

Listening In 
Are the glory days of electronic spying over—or just beginning? 
By Stephen Cass 

Submarines prowl the ocean floor, while ships above
carefully skirt the limits of international waters. On
dry land, guards patrol high fences surrounding acres
of huge golf ball-shaped radar domes. In the skies,


==========> 03-04-01-EETimes-ConnectedRealTineSystemsHaveSecurityNeeds.txt==========

"Internet Connected Real-Time Systems Vulnerable to Attack?"
       Electronic Engineering Times--Asia (04/01/03); Jones, Richard 

       Connected real-time systems offer many advantages to users, including a
       richer interface, resource and information sharing, and easier 
upgradeability,
       but the trade-off is vulnerability to a variety of assaults; the trick 
is to adequately
       protect real-time systems without imperiling performance. Hackers can
       overload connected real-time systems using denial of service (DoS) 


==========> 03-04-01-EETimes-DNSNeedsBetterSecurity.txt==========

http://www.commsdesign.com/story/OEG20030401S0048

DNS pioneer warns of Internet security
By Margaret Quan
EE Times
April 1, 2003 (6:01 p.m. EST) 

MANHASSET, NY — The Internet community can ill
afford to rest on its laurels as far as DNS security is
concerned. When it comes to the Domain Name System,


==========> 03-04-01-PCWorld-CFP2003-SecurityVsPrivacy.txt==========

http://www.pcworld.com/news/article/0,aid,110088,00.asp

Does Security Mean Sacrificing Privacy?
Conference examines possibility of expanded government powers.
Scarlet Pruitt, IDG News Service
Tuesday, April 01, 2003

Given the backdrop of war, tightened national security, and new legislation 
aimed at expanding
government powers, the discussions and debates due to take place at the 13th 


==========> 03-04-02-InternetWeek-MSNeedsToImproveAppsSecurity.txt==========

http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=8100183

Securing Microsoft Apps -- A Simple How-To 
By Mitch Wagner 

Security is the top concern for more than
three-quarters of IT managers deploying Microsoft
applications, Forrester Research said in a study
released Monday. 



==========> 03-04-02-PCWorld-FedOfficialDefendsBushCybersecurityPlan.txt==========

http://www.pcworld.com/news/article/0,aid,110117,00.asp

Feds Defend Plan to Secure Cyberspace
All companies and Internet users need to protect their own piece of cyberturf, 
experts say.
Grant Gross, IDG News Service
Wednesday, April 02, 2003

WASHINGTON -- U.S. President George W. Bush's top cybersecurity advisor 
defended his


==========> 03-04-04-NetMag-Honeypots-StrategiesAndIssues.txt==========

http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=870353
3

Strategies & Issues: Honeypots - Sticking It to Hackers 
Deterring security breaches may be sticky business, but honeypots can spell 
sweet success. 
By Lance Spitzner
Network Magazine
04/04/2003, 4:19 PM ET



==========> 03-04-08-GovtCompNews-DebateOverCybersecurityResources.txt==========

http://www.gcn.com/vol1_no1/daily-updates/21652-1.html

04/08/03 
Administration faulted for lack of IT security leadership 
By William Jackson 
Government Computer News
GCN Staff

Two former government IT security officials
today criticized the administration before a


==========> 03-04-08-TechDaily-DebateOverCybersecurityResources.txt==========

http://www.govexec.com/dailyfed/0403/040803td1.htm

April 8, 2003 
Former, current Bush officials battle on cybersecurity 
By William New, National Journal's Technology Daily 

The Bush administration's top information technology official and
its former cybersecurity czar locked horns Tuesday over the need
for dedicated senior officials for cybersecurity.



==========> 03-04-09-WashPost-DebateOverCybersecurityResources.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A59970-2003Apr8.html

Ex-Officials Urge U.S. To Boost Cybersecurity
Resources Are Lacking, Congress Told 
By Brian Krebs
washingtonpost.com
Wednesday, April 9, 2003; Page E05 

The new Department of Homeland Security lacks the
resources and expertise to execute the core elements of the


==========> 03-04-10-SFGate-CFP03FocussesonCivilLibertiesIssues.txt==========

http://www.sfgate.com/cgi-bin/article.cgi?file=/gate/archive/2003/04/10/cfp.DTL

War on Electronic Privacy 
Attendees of Computers, Freedom and Privacy conference fight for high tech 
civil liberties 
Annalee Newitz, Special to SF Gate 
Thursday, April 10, 2003 

The giant silver coffee dispensers positioned at the
center of the meeting rooms in the New Yorker Hotel


==========> 03-04-11-CNETNews-HoneypotsGetBetter.txt==========

http://news.com.com/2100-1009-996574.html

Honeypots get stickier for hackers 
By Robert Lemos 
Staff Writer, CNET News.com
April 11, 2003, 1:04 PM PT

VANCOUVER, British Columbia--If Lance Spitzner has his way, network
defenders will get sweeter on the "honeypot"--a traditional method of detecting
online intruders. 


==========> 03-04-11-ComputerWorld-RSA2003Conf-IntrusionPrevention.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,80260,00.html

Intrusion prevention touted over detection
By JAIKUMAR VIJAYAN 
APRIL 11, 2003
Source: Computerworld 

Next week's RSA Conference 2003 in San Francisco will
feature a range of security technologies meant to let
corporations more proactively defend themselves against a


==========> 03-04-11-PCWorld-HomelandSecuritySeeksTechSolutions.txt==========

http://www.pcworld.com/news/article/0,aid,110241,00.asp

Homeland Security Seeks More Tech Funds
 Cyber, biometric security efforts top new agency's plans.
Grant Gross, IDG News Service
Friday, April 11, 2003

WASHINGTON -- The head of the science and technology office of the Department of
Homeland Security promises to work with other federal agencies and private 
vendors to


==========> 03-04-12-FreedomToTinker-MPAA-StateSuperDMCALaws.txt==========

http://www.freFreedom to Tinker
... is your freedom to understand, discuss, repair, and modify 
the technological devices you own. 
FREEDOM TO TINKER > Topic: Super-DMCA 
April 12, 2003 
Carve-Outs 

This week, the MPAA reportedly has narrowed its Super-DMCA 
legislation yet again, this time to add special carve-outs to
protect ISPs and telephone companies. This is supposed to improve the bill.


==========> 03-04-14-EFF-MPAA-StateSuperDMCALawsOpposed.txt==========

http://www.eff.org/IP/DMCA/states/20030414_eff_sdmca_pr.php

For Immediate Release: Monday, April 14, 2003
Electronic Frontier Foundation Opposes Digital Lockdown
Some States Pass, Others Consider Copyright Legislation

Electronic Frontier Foundation Media Release

San Francisco, CA - The Electronic Frontier Foundation (EFF) today 
released a detailed analysis of the dangers posed by


==========> 03-04-14-NYT-DOSAttackUsingTheUSPS.txt==========

"Cyberattacks With Offline Damage"
       New York Times (04/14/03) P. C4; Schwartz, John 

       Aviel D. Rubin of Johns Hopkins University's Information Security 
Institute
       recently presented a paper suggesting that a cyberspace-based attack can
       have real-world ramifications, and is relatively simple to carry out. 
All that is
       needed are tools published by certain search engines--Google, for
       instance--that can automate large-scale searches and enable malicious


==========> 03-04-14-SJMerc-DG-DMCAUsedToStopIDCardPresentation.txt==========

http://weblog.siliconvalley.com/column/dangillmor/archives/000942.shtml#000942

April 14, 2003 
DMCA Misused Again, Stifling Speech
• posted by Dan Gillmor 05:10 PM

     Slashdot: Blackboard Campus IDs: Security Thru Cease & Desist. On Saturday 
night,
     Virgil and Acidus, two young security researchers, were scheduled to give 
a talk at


==========> 03-04-14-Slashdot-DMCAUsedToStopIDCardPresentation.txt==========

http://features.slashdot.org/features/03/04/14/1846250.shtml

Blackboard Campus IDs: Security Thru Cease & Desist
Posted by jamie on Monday April 14,
@03:14PM
from the cease-and-desist dept.

On Saturday night, Virgil and Acidus, two young
security researchers, were scheduled to give a
talk at Interz0ne II on security flaws they'd found


==========> 03-04-14-TheRegister-StateDMCALawsPreventAnonymousCommunications.txt==========

http://www.theregister.co.uk/content/55/30231.html

Super-DMCA' fears suppress security research
By Kevin Poulsen, SecurityFocus
Posted: 14/04/2003 at 10:16 GMT

Steganography and honeypot expert Niels Provos may risk four years in
prison by completing his Ph.D., writes Kevin Poulsen, of SecurityFocus. 

A University of Michigan graduate student noted for his research into


==========> 03-04-15-Counterpane-DOSAttackUsingTheUSPS.txt==========

http://www.counterpane.com/crypto-gram-0304.html

April 15, 2003 
by Bruce Schneier 
Founder and CTO  Counterpane Internet Security, Inc. 
schneier@counterpane.com 
<http://www.counterpane.com> 
Copyright (c) 2003 by Counterpane Internet Security, Inc. 

Automated Denial-of-Service Attack Using the U.S. Post Office 


==========> 03-04-15-EETimes-MS-EnSCB-UsersDontGetControlOfKeys.txt==========

http://www.eetimes.com/sys/news/OEG20030415S0013

Cryptographers sound warnings on Microsoft security plan
By Rick Merritt
EE Times
April 15, 2003 (9:32 a.m. EST) 

SAN FRANCISCO — Just three weeks before Microsoft Corp. publicly details plans 
to
create a secure operating mode for Windows PCs, two top cryptographers have 


==========> 03-04-15-InternetWeek-Sun-SymantecUnveilIntrusionDetection.txt==========

http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=8800106

Sun, Symantec Join Forces On Intrusion Detection 
By TechWeb News 

Sun Microsystems and antivirus maker Symantec
jointly announced on Monday that they would
release a new intrusion-detection appliance later
this month for enterprises and service providers. 



==========> 03-04-15-TheRegister-Sun-SymantecUnveilIntrusionDetection.txt==========

http://www.theregister.co.uk/content/53/30266.html

Sun preps intrusion detection appliance
By Ashlee Vance in San Francisco
Posted: 15/04/2003 at 18:27 GMT

Sun Microsystems and Symantec held hands at this week's RSA security
conference with the introduction of a new intrusion detection server appliance. 

The system aptly named the iForce Intrusion Detection Appliance is based on 


==========> 03-04-16-CNETNews-HomelandSecurityAsksIndustryForData.txt==========

http://news.com.com/2100-1028-997218.html

Uncle Sam: Share your system's secrets 
By Declan McCullagh 
Staff Writer, CNET News.com
April 16, 2003, 4:08 PM PT

WASHINGTON--The Department of Homeland Security is hoping to convince
technology and telecommunications companies that it's safe to share information
about infrastructure vulnerabilities with the federal government. 


==========> 03-04-16-MplsStarTrib-GovtAndIndustryPartnerToFightCyberterrorism.txt==========

http://24hour.startribune.com/24hour/technology/story/856743p-5999101c.html

Feds, tech industry partner to fight cyberterrorism
Minneapolis Star-Tribune
By RACHEL KONRAD, AP Business Writer

SAN FRANCISCO (April 16, 5:36 p.m. CDT) - Instead of pursuing strict
regulations to guard against cyberterrorism, the federal government and
technology industry have decided to jointly develop voluntary standards.



==========> 03-04-16-PCWorld-ExpertWarnsOfCyberthreats.txt==========

http://www.pcworld.com/news/article/0,aid,110287,00.asp

Expert Warns of Cyberthreats
 We shouldn't be complacent about cybersecurity, he says.
Paul Roberts, IDG News Service
Wednesday, April 16, 2003

SAN FRANCISCO -- The United States is in danger of becoming complacent about the
threats posed by international terrorism and should step up its funding of 
antiterrorism


==========> 03-04-16-SJMerc-DG-HoneypotTrapsRaiseLegalAndEthicalIssues.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5646059.htm

Posted on Wed, Apr. 16, 2003
Dan Gillmor: Honeypot snares raise ethical and legal issues
By Dan Gillmor
Mercury News Technology Columnist

News and views, culled and edited from my online eJournal
(www.dangillmor.com):



==========> 03-04-17-BusWeek-ShouldHackersBeHired.txt==========

http://www.businessweek.com/technology/content/apr2003/tc20030416_7638_tc029.htm

APRIL 17, 2003 
SECURITY FOCUS 
Debate: Should You Hire a Hacker?
Kevin Mitnick squares off with his former prosecutor: can reformed hackers
be trusted to guard the corporate henhouse? 

Should corporations hire known hackers
with criminal records to test and secure their


==========> 03-04-17-SJMerc-DMCAUsedToStopIDCardPresentation.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5656656.htm

Posted on Thu, Apr. 17, 2003
Student barred from discussing flaws in campus technology

ATLANTA (AP) - Fifteen minutes before he was to lecture on security flaws in
a debit card system used on 223 college campuses, 22-year-old Billy Hoffman
found out a judge had banned him from talking.

Hoffman had used a screwdriver to break into a laundry room swipe


==========> 03-04-17-SJMerc-InternetUsersHaveToolsToProtectThemselves.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5653230.htm

Posted on Thu, Apr. 17, 2003
Privacy protection
INTERNET USERS HAVE MANY TOOLS AVAILABLE TO HOLD INVADERS AT BAY
By Michael Bazeley
Mercury News

These are sobering times for Internet users who value their privacy.



==========> 03-04-17-TheRegister-EmployeesQuickToGivePasswords.txt==========

http://www.theregister.co.uk/content/55/30324.html

Office workers give away passwords for a cheap pen
By John Leyden
Posted: 17/04/2003 at 17:01 GMT

Workers are prepared to give away their passwords for a cheap pen,
according to a somewhat unscientific - but still illuminating - survey published
today. 



==========> 03-04-25-SmallTimes-PARC-NSF-SensorNetsIssues.txt==========

http://www.smalltimes.com/document_display.cfm?document_id=5904

AS PRIVACY VS. SECURITY DEBATE HEATS UP, NSF PRIMES SENSOR PUMP 
By Michael Fitzgerald 
Small Times Correspondent 

PALO ALTO, Calif., April 25, 2003 – When the Palo Alto Research Center (PARC)
celebrates its 30th anniversary this May, Ethernet networking and the 
personal computer will be its
stars. For its 35th anniversary, wireless sensor networks may join the cast.


==========> 03-04-27-CNN-TooMuchBuggySoftware.txt==========

http://www.cnn.com/2003/TECH/ptech/04/27/buggy.software.ap/index.html

Spread of buggy software raises new questions
Sunday, April 27, 2003 Posted: 2:17 PM EDT (1817 GMT)

NEW YORK (AP) -- When his dishwasher acts up and won't stop beeping, Jeff
Seigle turns it off and then on, just as he does when his computer crashes.
Same with the exercise machines at his gym and his CD player.

"Now I think of resetting appliances, not just computers," says Seigle, a


==========> 03-04-28-NYT-HoneynetProjectSetToCatchHackers.txt==========

http://www.nytimes.com/2003/04/28/technology/28NECO.html 

"A New Way to Catch a Hacker"
       New York Times (04/28/03) P. C4; Thompson, Nicholas 

       The nonprofit Honeynet Project, the brainchild of computer security 
expert
       Lance Spitzner, has spent the last four years studying hackers and the
       intrusion methods they use by allowing them to break into 
honeypots--systems


==========> 03-04-29-WIred-NHBillWouldLegalizeAccessToOpenWirelessNets.txt==========

http://www.wired.com/news/wireless/0,1382,58651,00.html

Licensed to War Drive in N.H.  
By Brian McWilliams
02:00 AM Apr. 29, 2003 PT

DURHAM, New Hampshire -- A land where white pines easily 
outnumber wireless computer users, New Hampshire may seem
an unlikely haven for the free networking movement. 



==========> 03-05-00-CACM-802DOT11bWirelessNetworkingSecurity-AccessPointMapping.txt==========

Wireless networking security: 802.11b access point mapping
Simon Byers, Dave Kormann
May 2003 	  	
Communications of the ACM,  Volume 46 Issue 5 

Considering some of the practical issues encountered when finding and mapping 
wireless network access points.

Scanning the electromagnetic spectrum for interesting non-natural signals has 
long been a pastime of curious hobbyists and professionals. In generic radio 


==========> 03-05-00-CACM-IntroductionToWirelessNetworkingSecurity.txt==========

Wireless networking security: Introduction
Aviel D. Rubin
May 2003 	  	
Communications of the ACM,  Volume 46 Issue 5 

In the time span of just a few years, wireless local area networking went from 
being a novelty to revolutionizing the way many organizations connect their 
computers. Visit any major department store, hospital, or office building, and 
you will encounter 802.11 cards in all of the PCs and access points hanging 
from the ceiling. The speed with which wireless networking has caught on is not 


==========> 03-05-00-CACM-WirelessSecurityFlawsIn802DOT11.txt==========

Wireless networking security: Security flaws in 802.11 data link protocols
Nancy Cam-Winget, Russ Housley, David Wagner, Jesse Walker
May 2003 	  	
Communications of the ACM,  Volume 46 Issue 5 

Understanding the difficulties in security protocol design and attempting to 
relocate the struggle between hacker and defender to a different protocol layer.

It is evident that anyone with a radio receiver can eavesdrop on a wireless 
local area network (WLAN), and therefore widely acknowledged that a WLAN needs 


==========> 03-05-03-NetMag-CybersecurityEarlyWarningSystems.txt==========

http://www.networkmagazine.com/article/NMG20030205S0006

Computer Security's Early Warning Systems 
From honeypots to threat radars, early warning systems give advanced
notice of the next big attack. 
by Andrew Conry-Murray
Network Magazine
02/05/03, 3:08 p.m. ET

It's ironic that the Internet, which traces its origins to a command


==========> 03-05-06-SJMerc-Gates-FutureMSSecurityWillBeOptional.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5798718.htm

Posted on Tue, May. 06, 2003
Gates says next-generation security technology to benefit, not stifle users

NEW ORLEANS (AP) - Consumers shouldn't be worried that Microsoft
Corp.'s new security technology will wrest control of their PCs
and give it to media companies, Bill Gates said Tuesday. They can always 
choose not to use it, he said.



==========> 03-05-07-PFIR-TripoliProj-NewEmailEnvironment.txt==========

http://www.pfir.org/tripoli-overview

"TRIPOLI"
An Empowered E-Mail Environment
Putting E-Mail Users in Control
While Enhancing Security and Controlling Spam
Overview
May 7, 2003
Updated August 22, 2003



==========> 03-05-08-CNETNews-MSPassportFacesPossibleFTCAction.txt==========

http://news.com.com/2100-1009-1000655.html?tag=nl

Passport problems could cost Microsoft 
By Robert Lemos 
Staff Writer, CNET News.com
May 8, 2003, 4:10 PM PT

Microsoft faces a possible investigation and significant fines for a security 
lapse
that could have exposed the personal information of millions of consumers. 


==========> 03-05-08-PFIR-TripoliProj-NewEmailEnvironment.txt==========

http://www.pfir.org/tripoli-announce

PFIR - People For Internet Responsibility
TRIPOLI Project Press Release
May 8, 2003

PFIR Announces the "TRIPOLI" Project

A Call to Arms to the Internet and Open-Source Communities!
It's Time to Secure E-Mail, Control Spam, and Empower E-Mail Users!


==========> 03-05-08-WashPost-PARC-TIA-PrivacyProject.txt==========

washingtonpost.com
Balancing Data Needs And Privacy
By Leslie Walker

Thursday, May 8, 2003; Page E01
PALO ALTO, Calif.

It's hard to believe much good will come of the Bush administration's plan 
for a grandiose surveillance network that would scour trillions of data 
snippets worldwide hunting for signs of terrorism. I think civil 


==========> 03-05-13-CNETNews-ProposalsToCurbDOSAttacks.txt==========

http://news.com.com/2100-1009_3-1001200.html

Taking aim at denial-of-service attacks 
By Robert Lemos 
Staff Writer, CNET News.com
May 13, 2003, 6:01 AM PT

BERKELEY, Calif.--Graduate students from Carnegie Mellon University on
Monday proposed two methods aimed at greatly reducing the effects of Internet
attacks. 


==========> 03-05-13-PCWorld-NewOrgToDevelopWirelessSecurityStandards.txt==========

http://www.pcworld.com/news/article/0,aid,110714,00.asp

Setting a Standard for Wireless Security
Two industry groups team up to make going mobile more secure.
Grant Gross, IDG News Service
Tuesday, May 13, 2003

Two groups that already have worked closely together on developing wireless 
security
standards have decided to formally join forces. By mid-June, the PAM Forum, a 


==========> 03-05-13-SecFocus-ACM-UrgesDMCASecurityResearchExemption.txt==========

http://www.securityfocus.com/news/4729

   Security research exemption to DMCA considered
   By Kevin Poulsen, SecurityFocus May 13 2003 4:47PM

   Computer security researchers would be allowed to hack through copy 
protection schemes in order
   to look for security holes in the software being protected, under a proposed 
exception to the Digital
   Millennium Copyright Act (DMCA) being debated in official hearings this 


==========> 03-05-13-SecFocus-ResearchersWantDMCAExemption.txt==========

http://www.securityfocus.com/news/4729

Security research exemption to DMCA considered
By Kevin Poulsen, SecurityFocus May 13 2003 4:47PM

Computer security researchers would be allowed to hack through copy protection 
schemes in order
to look for security holes in the software being protected, under a proposed 
exception to the Digital
Millennium Copyright Act (DMCA) being debated in official hearings this week. 


==========> 03-05-14-SJMerc-USVulnerableToCyberAttack.txt==========

http://www.siliconvalley.com/mld/siliconvalley/5864653.htm

Posted on Wed, May. 14, 2003
U.S. still vulnerable to cyber attack
4 SECURITY AGENCIES URGED BY CONGRESS TO SPEED EFFORTS
By Jim Puzzanghera
Mercury News Washington Bureau

WASHINGTON - More than 20 months after the Sept. 11 terrorist
attacks, the United States remains ill-prepared to defend


==========> 03-05-14-Wired-MS-NGSCB-UsersCanOptOut.txt==========

http://www.wired.com/news/print/0,1294,58822,00.html

Is Palladium Getting a Bad Rap?  
By Michelle Delio 
02:00 AM May. 14, 2003 PT

According to Microsoft, a flood of FUD -- spooky rumors 
intended to cause fear, uncertainty and doubt -- are swirling around
its Next Generation Secure Computing Base.



==========> 03-05-16-CNETNews-IRCOperatorsStopVirus.txt==========

http://news.com.com/2100-1002_3-1003894.html

IRC operators may out-hack Fizzer 
By Robert Lemos 
Staff Writer, CNET News.com
May 16, 2003, 3:01 PM PT

Administrators of Internet relay chat networks believe they might be able to
eradicate the Fizzer virus, but the methods may run them afoul of cybercrime 
laws,


==========> 03-05-18-WashPost-RussianHackersTurnToCrime.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A2619-2003May17.html

HACKERS: 'They Can't Get Us in Russia' 
Internet Dreams Turn To Crime
Russian Start-Up Firm Targeted U.S. Companies 
By Ariana Eunjung Cha
Washington Post Staff Writer
Sunday, May 18, 2003; Page A01 

First of three articles 


==========> 03-05-20-NewScientist-GPSDataCouldStopWirelessAttack.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99993747 

"GPS Data Could Stop Wireless Network Attacks"
       New Scientist (05/20/03); Knight, Will 

       Carnegie Mellon University's Yi-Chin Hu and Adrian Perrig, along with 
Rice
       University's David Johnson, furnished a report presented at the 12th 
World
       Wide Web conference detailing a new wireless network security threat and 


==========> 03-05-20-NYT-SpammersUseUnprotectedComputersToRoute.txt==========

http://www.nytimes.com/2003/05/20/technology/20SPAM.html 

"Email's Backdoor Open to Spammers"
       New York Times (05/20/03) P. A1; Hansell, Saul 

       Routing junk email through unwitting third parties, usually home and 
office
       Internet users, is the No. 1 distribution method spammers use, and ISPs 
such
       as America Online estimate that over 200,000 computers around the world


==========> 03-05-22-PCWorld-CyberDefense-MoreFundingNeeded.txt==========

http://www.pcworld.com/news/article/0,aid,110851,00.asp

Take Tech Threats Seriously, Feds Say
Homeland Security wants more funds for cyberdefense efforts.
Elsa Wenzel, Medill News Service
Thursday, May 22, 2003

Keeping emergency services' communications lines working or alerting Americans 
about
terrorist attacks by mass-messaging their cell phones are possible tech 


==========> 03-05-28-PCWorld-StudySaysCIABehindInInfoTech.txt==========

http://www.pcworld.com/news/article/0,aid,110905,00.asp

Study: CIA Behind the Times in IT 
Report says agency's technology systems are inefficient and out of date.
Paul Roberts, IDG News Service
Wednesday, May 28, 2003

While television viewers marvel at the sophisticated technology and analysis 
tools used by
U.S. Central Intelligence Agency agents on the popular U.S. television show The 


==========> 03-05-29-NYT-TeensEnlistedHasWhiteHatHackers.txt==========

"Enlisting the Young as White-Hat Hackers"
       New York Times (05/29/03) P. E5; Flaherty, Julie 

       Tiger Team, a free after-school class that teaches ethical hacking to
       teenagers, is the pilot program of Andrew Robinson's nonprofit Internet
       Security Foundation. Tiger Team students are arranged into opposing 
groups
       that attempt to hack into each other's networks while simultaneously 
fortifying
       them. Participants also follow an honor code that keeps them from hacking


==========> 03-06-00-CACM-AnalyzingDirectAndIndirectSecurityCosts.txt==========

Security watch: Analyzing security costs
Rebecca T. Mercuri
June 2003 	  	
Communications of the ACM,  Volume 46 Issue 6 

Quantification tools, if applied prudently, can assist in the anticipation, 
budgeting, and control of direct and indirect computer security costs.

Costs related to computer security are often difficult to assess, in part 
because accurate metrics have been inherently unrealistic. Of those costs that 


==========> 03-06-00-CACM-TaxonomyOfSecurityConsiderationsAndSoftwareQuality.txt==========

Taxonomy of security considerations and software quality
Huaiqing Wang, Chen Wang
June 2003 	  	
Communications of the ACM,  Volume 46 Issue 6 

Addressing security threats and risks through software quality design factors.

Today's software often has countless intricate interdependencies on modern 
operating systems, other enterprise applications (including databases and 
legacy systems), and the high-speed networking infrastructure. It is within 


==========> 03-06-02-ZDNet-Farber-CybersecurityImprovementsNeeded.txt==========

http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2913868,00.html

Cybersecurity report card--serious improvements needed
By Dan Farber 
June 2, 2003 

IT security is under siege. At this juncture, the intruders have the upper 
hand, and
they are taking advantage of increasingly sophisticated tools and 
unsophisticated


==========> 03-06-16-WSJ-CalLawRequiresNotifactionOfIntrusions.txt==========

"Hacker Alert" Wall Street Journal (06/16/03) P. R9; Richmond, Riva 

       July 1, 2003 will mark the enactment of a precedent-setting California 
law
       requiring companies to immediately notify California residents of online
       intrusions that may have compromised their personal information and made
       them vulnerable to identity theft; organizations that fall under the 
law's
       jurisdiction will include those located in California as well as those 
who do


==========> 03-06-17-SenJudiciary-TheDarkSideOfP2P.txt==========

http://www.senate.gov/~hatch/index.cfm?FuseAction=Statements.Detail&PressRelease
_id=205148&Month=6&Year=2003

June 17th, 2003
Contact: Margarita Tapia, 202.224.5225

JUDICIARY STATEMENT: "THE DARK SIDE OF A BRIGHT IDEA" 
Will Persional and National Security Risks of P2P Networks Compromise the 
Promise of P2P
Networks?


==========> 03-06-18-NCNewsObs-CybersecurityFundsAttractResearchers.txt==========

http://www.newsobserver.com/business/technology/story/2626567p-2436758c.html

Wednesday, June 18, 2003 12:00AM EDT
An opening in cyberspace 
As network security worries grow, universities see
opportunities to attract both research money and
interested students 
By CHRISTINA DYRNESS, Staff Writer

An Iraqi attack on U.S. computer systems leaves


==========> 03-06-18-SecFocus-Bluetooth1.2RaisesSecurityIssues.txt==========

http://www.securityfocus.org/news/5896

Security Researchers Nibble at Bluetooth
By Kevin Poulsen, SecurityFocus Jun 18 2003 8:59AM

On Tuesday the organization responsible for the Bluetooth 
wireless standard unveiled version 1.2 of its
official spec at the Bluetooth World Congress in Amsterdam. 
But for real evidence that that the technology
is finally gaining acceptance turn to the conference 


==========> 03-06-24-MSNBC-HijackersTakingOverInternetAddresses.txt==========

http://www.msnbc.com/news/930843.asp?cp1=1

Hackers move on to hijacking
  ‘Cyberjackers’ take over Web addresses for porn, spam
  
Hackers are taking over abandoned or little-used Internet addresses for all
sorts of unauthorized activity.
By Jerry Cobb, CNBC

LOS ANGELES, June 24 —  Some call it


==========> 03-06-26-ZDNet-GatesSaysTechWillHelpPrivacyAndSecurity.txt==========

http://news.zdnet.co.uk/story/0,,t269-s2136612,00.html

Gates: Orwell was wrong about Big Brother
09:10 Thursday 26th June 2003
Declan McCullagh, CNET News.com  

The Microsoft chairman says his technology will make the US more secure
without infringing on personal privacy 

On the 100th anniversary of George Orwell's birth, Microsoft chairman Bill 


==========> 03-06-27-SJMerc-PaloAltoSchoolsWiFiNetworkOpen.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6184495.htm

Posted on Fri, Jun. 27, 2003
Reporter accesses student info through district's open wireless network

PALO ALTO, Calif. (AP) - School administrators in the heart of Silicon Valley 
learned a recent lesson about the insecurity of wireless Internet networks.

Armed only with a laptop and a wireless connection card, a reporter for the 
Palo Alto Weekly succeeded last week in accessing the Palo Alto Unified School 


==========> 03-06-27-TheWhir-EUCyberSecurityPlan.txt==========

http://thewhir.com/features/euro-security.cfm

New Agency to Ensure Internet Security in Europe
Adam Eisner, theWHIR.com
From Web Hosting Monthly, June 2003 edition

June 27, 2003 -- (WEB HOST INDUSTRY REVIEW) -- The European Commission has 
introduced the first European cyber-security agency.

When the European Commission implemented its ambitious eEurope action plans, 


==========> 03-06-29-NYT-TrustedComputingIssues.txt==========

http://www.nytimes.com/2003/06/30/technology/30SECU.html

A Safer System for Home PC's Feels Like Jail to Some Critics
John Marshall Mantel for The New York Times
A sample of the code for a more secure version of Microsoft Windows.
John Marshall Mantel for The New York Times

Mario Juarez, left, the group product manager for Microsoft's security business 
unit, discussing with Aaron Verstraete their work on the "trusted computing" 
software within the Windows program.


==========> 03-06-30-Wired-NewHomelandSecPrivacyOfficer.txt==========

http://www.wired.com/news/privacy/0,1848,59336,00.html

Nuala: Tech Not a Complete Fix 
By Michelle Delio
02:00 AM Jun. 30, 2003 PT

Two months into her job as chief privacy officer for the Department of Homeland 
Security Department, Nuala O'Connor Kelly spoke by phone and e-mail with Wired 
News about her personal experiences with both terrorism and government 
surveillance, what she really did at Internet advertising firm DoubleClick, and 


==========> 03-07-00-CACM-PFIRES-APolicyFrameworkForInformationSecurity.txt==========

PFIRES: a policy framework for information security
Jackie Rees, Subhajyoti Bandyopadhyay, Eugene H. Spafford
July 2003 	  	
Communications of the ACM,  Volume 46 Issue 7 

Creating and maintaining effective security strategy and policy for software 
applications.

As organizations increasingly rely on information systems as the primary way to 
conduct operations, keeping such systems (and the associated data) secure 


==========> 03-07-08-AusITNews-InternetAttacksJustStarting.txt==========

http://australianit.news.com.au/articles/0,7204,6715755%5E15318%5E%5Enbv%5E15306
,00.html

Net hacks just starting
Chris Jenkins
JULY 08, 2003 

RECENT attacks, including an international hacking competition last weekend, 
are only the thin end of the security wedge, according to a leading internet 
firm's chief scientist.


==========> 03-07-08-CompWeekly-ProblemsWithBiometrics.txt==========

http://www.computerweekly.com/articles/article.asp?liArticleID=123178&liArticleT
ypeID=20&liCategoryID=1&liChannelID=13&liFlavourID=1&sSearch=&nPage=1

by Karl Cushing
Tuesday 8 July 2003
Researchers keep an eye on the future of security

The idea of checking physical characteristics to authenticate a person's 
identity has a long and distinguished history.



==========> 03-07-08-NWFusion-IBM-MS-PublishWebServicesSpec.txt==========

http://www.nwfusion.com/news/2003/0708ibmmsspec.html

IBM, Microsoft publish Web services identity spec
By John Fontana
Network World Fusion, 07/08/03

IBM and Microsoft on Tuesday published the fifth of an eventual seven 
specifications that will work in unison to help corporations deploy secure and 
interoperable Web services.



==========> 03-07-09-CNETNews-IBM-MS-PublishWebServicesSpec.txt==========

http://news.com.com/2100-1009_3-1024013.html?tag=fd_top

Web services spec invites controversy
By Stephen Shankland and Matt Hines
Staff Writer, CNET News.com
July 9, 2003, 6:14 AM PT

A Web services security specification, introduced this week by IBM and 
Microsoft, could emerge as a rival to the existing Sun Microsystems-backed 
Liberty Alliance Project.


==========> 03-07-09-PCWorld-USFarFromSecuringCyberspace.txt==========

http://www.pcworld.com/news/article/0,aid,111497,00.asp

Feds Far From Securing Cyberspace
Expert says companies must take responsibility for their own protection.
PC World
Paul Roberts, IDG News Service
Wednesday, July 09, 2003

If you're waiting for the government to secure cyberspace, it's going to be a 
while.


==========> 03-07-11-NYT-HackersHijackPCsForSexSites.txt==========

http://www.nytimes.com/2003/07/11/technology/11HACK.html

"Hacker Plot Hijacks PCs for Sex Sites"
New York Times (07/11/03) P. C1; Schwartz, John

Security experts recently indicated that a ring of hackers are hijacking home 
computers with high-speed Internet access, and equipping them with software 
that sends them pornographic material and offers to sign up for explicit Web 
pages as customers. The software downloaded onto the computers does not appear 
to have any adverse effects on the functions of the devices, but the hackers 


==========> 03-07-11-PCWorld-CybersecurityLawsExpected.txt==========

http://www.pcworld.com/news/article/0,aid,111535,00.asp

PC World.com
Cybersecurity Laws Expected
Congress considers imposing security standards on businesses.
Grant Gross, IDG News Service
Friday, July 11, 2003

WASHINGTON -- Businesses will get legal guidelines this year on how to secure 
their pieces of cyberspace, but lawmakers aren't giving details yet.


==========> 03-07-15-InetWeek-USCybersecurityEffortsLacking.txt==========

http://www.internetweek.com/security02/showArticle.jhtml?articleID=12800622

Updated Tuesday, July 15, 2003, 5:00 PM EDT
U.S. Cybersecurity Efforts Lacking, Says Former Presidential Cybersecurity 
Advisor Clarke
By Marcia Savage, CRN

The federal government has failed to implement its cybersecurity strategy and 
is less capable of helping protect the nation's critical infrastructure than it 
was a year ago, said Richard Clarke, former special advisor to the president on 


==========> 03-07-15-MSNBC-HomeComputersHijackedToServePornography.txt==========

http://msnbc.com/news/939227.asp?0sl=-41&cp1=1

Could your computer be a criminal?
PCs hijacked to send spam, serve porn, steal credit cards
By Bob Sullivan
MSNBC

July 15 — One thousand home computers hijacked and used to serve up 
pornography. Perhaps tens of thousands co-opted by the “SoBig” virus, many of 
them turned into spam machines. Hundreds of other home computers loaded with 


==========> 03-07-22-MissStateU-MSUComputerSecurityCapabilities.txt==========

http://www.newswise.com/articles/view/?id=500213

Program to Create Next-Generation Computer Security Experts

Mississippi State University's emergence as a leader in the field of computer 
security research promises to strengthen national defense and improve law 
enforcement while creating a new generation of experts skilled in the methods 
of detecting, dissecting and deflecting the growing menace of cybercrime.

Mississippi State’s emergence as a leader in the field of computer security 


==========> 03-07-23-TechNewsWorld-NewWindowsPasswordCracking.txt==========

http://www.technewsworld.com/perl/story/31178.html

Cracking Technique Highlights Password Concerns
By Jay Lyman
TechNewsWorld
July 23, 2003

While the new cracking technique illustrates some weakness in the Windows 
password-protection scheme, there are several less technical and often more 
effective means of gaining access to passwords.


==========> 03-07-24-NYT-ResearchersFindDieboldEVotingProblems.txt==========

http://www.nytimes.com/2003/07/24/technology/24VOTE.html

    * "Computer Voting Is Open to Easy Fraud, Experts Say"
      New York Times (07/24/03) P. A12; Schwartz, John

      Researchers at Johns Hopkins University say software in Diebold Election 
Systems' voting machines could allow multiple fraudulent votes or let election 
workers rig the systems. Johns Hopkins Information Security Institute technical 
director Aviel D. Rubin has published the software's long list of security 
shortfalls on the Web. Experts have previously called for an open review of 


==========> 03-07-25-KohoEtc-AnalysisOfAnElecVotingSystem.txt==========

http://avirubin.com/vote.pdf

A paper entitled "Analysis of an Electronic Voting System," by Tadayoshi Kohno, 
Adam Stubblefield, Aviel D. Rubin and Dan Wallach, was released tonight.  (The 
first three authors are at Johns Hopkins University; Wallach is at Rice).  An 
article about the paper will be appearing in tomorrow's (Thursday's) New York 
Times.

You can find the article at http://avirubin.com/vote.pdf.



==========> 03-07-26-SJMerc-DG-MDOfficialsIgnoreEVotingWoes.txt==========

http://weblog.siliconvalley.com/column/dangillmor/archives/001233.shtml#001233

July 26, 2003
State Officials Scoff at Voting Machine Security Woes
posted by Dan Gillmor 12:29 PM

# Washington Post: Voting Machine Study Divides Md. Officials, Experts. In 
2001, four out of the five members of the technical group that was asked to 
recommend to the state which electronic voting system to buy instead 
recommended against buying any at all. The state ignored the advice. "They 


==========> 03-07-26-WashPost-MDOfficials-EVotingOK.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A48092-2003Jul25.html

Voting Machine Study Divides Md. Officials, Experts
Margaret A. Jurgensen, director of Montgomery County elections, says recent 
voters loved the new machines. (Tom Allen -- The Washington Post)
By Brigid Schulte
Washington Post Staff Writer
Saturday, July 26, 2003; Page B01

For some in Maryland, the report yesterday by Johns Hopkins University computer 


==========> 03-07-28-CNETNews-CERTInvestigatesSecurityPlan.txt==========

http://www.cbronline.com/cbr_archive/0f399f5f5474301180256d710018c7f6

DATE: 28/07/2003
CERT Project Takes Cue from National Security Plan
By Kevin Murphy

The CERT Coordination Center, which acts as a high-profile advisor on security 
issues, is investigating information sharing best practices and standards, with 
a view to helping the US private sector work together to help prevent internet 
attacks.


==========> 03-07-28-NYT-DODPreparesTerroristFuturesMarket.txt==========

http://www.nytimes.com/2003/07/29/politics/29TERR.html?ex=1060494444&ei=1&en=313
c18e8160af136

Pentagon Prepares a Futures Market on Terror Attacks
July 29, 2003
By CARL HULSE

WASHINGTON, July 28 - The Pentagon office that proposed
spying electronically on Americans to monitor potential
terrorists has a new experiment. It is an online futures


==========> 03-07-29-NYT-DODCancelsTerroristFuturesMarket.txt==========

http://www.nytimes.com/2003/07/29/politics/29WIRE-PENT.html?ex=1060496625&ei=1&e
n=21cf05f8f4cdfeee

Pentagon Abandons Plan for Futures Market on Terror
July 29, 2003
By CARL HULSE

WASHINGTON, July 29 - The Pentagon office that proposed
spying electronically on Americans to monitor potential
terrorists has quickly abandoned an idea in which anonymous


==========> 03-07-30-CNETNews-TheStateOfSecurity.txt==========

http://news.com.com/2100-1009_3-5057566.html

Security pros talk, but can they walk?
By Robert Lemos
Staff Writer, CNET News.com
July 30, 2003, 4:00 AM PT

LAS VEGAS--The past two weeks have been typical of the current state of 
Internet security: Industry and government leaders say they're focused on 
improving security while flaws continue to be found and exploited.


==========> 03-07-30-CNN-FuturesContractsOnPoindexter.txt==========

http://money.cnn.com/2003/07/30/markets/poindextercontract/

No future for Poindexter?
Irony of ironies -- traders can now speculate on John Poindexter's chances of 
keeping his job.
July 30, 2003: 1:47 PM EDT
By Justin Lahart, CNN/Money Senior Writer

NEW YORK (CNN/Money) - The uproar over the Defense Department's plan to launch 
a futures exchange, where traders would speculate on the potential for such 


==========> 03-07-30-US-DHS-PotentialForImpactFromMS-Windows.txt==========

http://www.nipc.gov/warnings/advisories/2003/Potential7302003.htm

Department of Homeland Security
(UPDATED) ADVISORY
Potential For Significant Impact On Internet Operations
Due To Vulnerability In Microsoft Operating Systems
July 30, 2003

SYSTEMS AFFECTED: Computers using the following operating systems:



==========> 03-07-31-CNETNews-HomelandSecurity-HSARPA.txt==========

http://news.com.com/2100-1020_3-5058618.html

Homeland Security courts Silicon Valley
By Alorie Gilbert
Staff Writer, CNET News.com
July 31, 2003, 5:11 PM PT

MOUNTAIN VIEW, Calif.--The government has about $1 billion to spend next year 
on the development of new homeland security technologies and is looking toward 
Silicon Valley for ideas on how to spend it.


==========> 03-07-31-ITMgmt-AlertForLargeScaleHackerAttacks.txt==========

http://www.itmanagement.earthweb.com/secu/article.php/2242891

Security Experts On Alert for Large-Scale Hacker Assault
July 31, 2003
By Sharon Gaudin

The security industry is on alert that an upswing in hacker activity could be 
signaling the coming of a broad-scale attack that could potentially affect 
millions of networks.



==========> 03-08-00-CACM-MoreEffectiveSecurityByIdentifyingAndRankingSeverityOfThreats.txt==========

Enemy at the gate: threats to information security
Michael E. Whitman
August 2003 	  	
Communications of the ACM,  Volume 46 Issue 8 

A firm can build more effective security strategies by identifying and ranking 
the severity of potential threats to its IS efforts.

* "Know the enemy, and know yourself, and in a hundred battles you will never 
be in peril" [5].


==========> 03-08-00-GovTech-FaifaxVAUsesWiFiEvotingMachines.txt==========

http://www.govtech.net/magazine/story.php?id=61857

A Vote for the Future
Wi-Fi voting goes off without a hitch in Fairfax, Va.
By Blake Harris
August 2003

Following the 2000 election debacle in Florida, the condition of America's 
election machinery received considerable public scrutiny, prompting a drive to 
replace aging voting systems with newer technology.


==========> 03-08-01-ALA-BillsToCurbUSAPatriotsActPowers.txt==========

ALAWON: American Library Association Washington Office Newsline
Volume 12, Number 71
August 1, 2003

ALERT:   [1] Senators Murkowski and Wyden introduce new bill:
Protecting the Rights of Individuals Act; [2] Library Supporters Asked
to Push for Senate Cosponsors for Murkowski-Wyden bill as well as
Senator Feingold's S. 1507.

Last night, July 31, Senators Lisa Murkowski (R-AK) and Ron Wyden


==========> 03-08-01-CNETNews-CanSMTPStopSpam.txt==========

http://news.com.com/2100-1038-5058610.html

End of the road for SMTP?
By Paul Festa
Staff Writer, CNET News.com
August 1, 2003, 4:00 AM PT

The protocol that has defined e-mail for more than two decades may have a fatal 
flaw: It trusts you.



==========> 03-08-04-DenPost-BusinessUnderReportsHackAttacks.txt==========

http://www.denverpost.com/Stories/0,1413,36%7E33%7E1550174,00.html

Monday, August 04, 2003 - 12:00:00 AM MST      
Survey: Firms mum on hacker attacks
FBI seeks to ease fears on reporting
By Jennifer Beauprez, Denver Post Business Writer

As many as half of all businesses suffered break-ins from hackers last year, 
but most didn't say a peep about it to law enforcement, a recent government 
report shows.


==========> 03-08-04-InetWeek-SWVulnerabilitiesHaveHalfLife.txt==========

http://www.internetweek.com/story/showArticle.jhtml?articleID=12807962

Software Vulnerabilities Fade But Never Disappear
spacer
By Gregg Keizer, TechWeb News

Security flaws have a half-life, just like radioactive materials, according to 
new research unveiled Wednesday at the Black Hat security meetings being held 
in Las Vegas.



==========> 03-08-04-PCWorld-SachsInterview-DHSCyberExec.txt==========

http://www.pcworld.com/news/article/0,aid,111883,00.asp

Three Minutes With Marcus Sachs
Homeland security exec describes his goals for truly trustworthy software and 
defending the Internet.
Andrew Brandt, PCWorld.com
Monday, August 04, 2003

Marcus Sachs is helping develop the Department of Homeland Security's Cyber 
Program. The nascent division will eventually be the central government's point 


==========> 03-08-04-Wired-EVotingMachineVulnerabilities.txt==========

http://www.wired.com/news/politics/0,1283,59874,00.html

More Calls to Vet Voting Machines 
By Louise Witt
02:00 AM Aug. 04, 2003 PT

A recent report that showed touch-screen voting machines could be vulnerable to 
hackers spurred the National Association of Secretaries of State, a majority of 
whose members are in charge of their states' elections, to consider whether the 
standards for the machines should be beefed up to prevent tampering.


==========> 03-08-05-Wired-EVotingLawsuitToFedAppealsCourt.txt==========

http://www.wired.com/news/business/0,1367,59898,00.html

Voting Suit Gains Momentum 
By Joanna Glasner
02:00 AM Aug. 05, 2003 PT

A lawsuit challenging the constitutionality of computerized touch-screen voting 
systems has moved to a higher-profile venue in federal appeals court.

According to Susan Marie Weber, a Palm Desert, California woman who is suing 


==========> 03-08-06-GovtCompNews-CyberSecurityResearch.txt==========

http://www.gcn.com/vol1_no1/daily-updates/23053-1.html

08/06/03
Wireless network attacks get a public airing
By William Jackson
GCN Staff

Federal grants are funding research by some very bright investigators in the 
computer science departments of our nation’s universities to probe the 
vulnerabilities of wired and wireless networks.


==========> 03-08-06-NewsFact-InternetSecurityIssues.txt==========

http://www.newsfactor.com/perl/story/22035.html

The Internet Security Demon That Won't Die
By Vincent Ryan
NewsFactor Network
August 6, 2003

"A traditional regulatory model applied to the Internet is doomed to failure. 
By the time it was regulated, you'd be dealing with an Internet that was two 
years older," says Larry Clinton, chief operating officer at the Internet 


==========> 03-08-07-BaltoSun-MDToReviewE-votingPlans.txt==========

http://www.sunspot.net/news/local/bal-md.voting07aug07,0,1419965.story

Voting machine review ordered
Hopkins study of flaws in security prods action; Purchase no longer 'a 
certainty'; California firm to analyze touch-screen system By David Nitkin
Sun Staff
Originally published August 7, 2003

In the wake of a study revealing security flaws in the costly touch-screen 
voting machines Maryland has agreed to buy, Gov. Robert L. Ehrlich Jr. ordered 


==========> 03-08-11-NewSci-BluetoothSecurityIssues.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99994041

Many Bluetooth gadgets open to wireless snooping
13:09 11 August 03   NewScientist.com news service  

A new software tool could allow sensitive data could be pilfered through the 
air from laptops, mobile phones and handheld computers.

An eavesdropper can use the program to identify nearby devices that use the 
Bluetooth wireless protocol. If the gadget's default security settings mean the 


==========> 03-08-11-WashPost-ProblemsWithE-Voting.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A42085-2003Aug10.html

Jolted Over Electronic Voting
Report's Security Warning Shakes Some States' Trust
By Brigid Schulte
Washington Post Staff Writer
Monday, August 11, 2003; Page A01

The Virginia State Board of Elections had a seemingly simple task before it: 
Certify an upgrade to the state's electronic voting machines. But with a recent 


==========> 03-08-13-BusStd-DNSCanBeEnhanceSecurity.txt==========

http://www.business-standard.com/ice/story.asp?Menu=119&story=20692

DNS inventor says cure to net identity problems is right under our nose
Published : August 13, 2003

Meet Paul Mockapetris. He may not be an industry celebrity like Bill Gates, 
Michael Dell, Richard Stallman, Eric Raymond, or Linus Torvalds, but he should 
be.

Mockapetris was a key figure in the development of the Domain Name System, the 


==========> 03-08-15-InfoWorld-CybersecurityMandatesMayBeNeeded.txt==========

http://www.infoworld.com/article/03/08/15/HNcybersecurity_1.html

Cybersecurity chairman: Infosec mandates may be needed
Private industry might be required to protect its slice of cyberspace from 
attack
By Grant Gross, IDG News Service August 15, 2003  

WASHINGTON -- A top Republican congressman with jurisdiction over cybersecurity 
says it may be time to require private industry to protect its slice of 
cyberspace from attack.


==========> 03-08-15-NewsFactor-NetworksSurvivePowerBlackout.txt==========

http://www.newsfactor.com/perl/story/22100.html

Internet, Communications Networks Survive Massive Blackout
By Jay Wrolstad
NewsFactor Network
August 15, 2003

Most problems associated with the blackout were facility-related, not 
communications-related, says Zeus Kerravala, an enterprise-infrastructure 
analyst at Yankee Group. "It's important to consider that factor ... when 


==========> 03-08-19-SJMerc-HomeUsersVulnerableToSobigVirus.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6573111.htm

Posted on Tue, Aug. 19, 2003 story:PUB_DESC
Virus strikes e-mail systems; home users most at risk
By Sam Diaz
Mercury News

A computer virus bombarded e-mail systems around the globe Tuesday, hijacking 
addresses and making security staffs scramble to fight the second major attack 
in less than a week. Home computer users will be the most vulnerable in days to 


==========> 03-08-20-SJMerc-Sobig-BlasterVirusesSpreadFast.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6578730.htm

Posted on Wed, Aug. 20, 2003 story:PUB_DESC
Newest Sobig variant called fastest spreading virus ever

NEW YORK (Dow Jones/AP) -- A virus that debuted this week has been declared the 
fastest spreading e-mail plague of all time, while another malicious program 
that hit last week continued to disrupt computers worldwide.

MessageLabs Inc., a company that filters e-mail for corporate clients around 


==========> 03-08-20-SJMerc-VirusShutsDownCSXSignalSystem.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6578790.htm

Posted on Wed, Aug. 20, 2003 story:PUB_DESC
Computer virus brings down train signals in East

NEW YORK (AP) - A computer virus was blamed for bringing down train signaling 
systems throughout the East on Wednesday.

The virus infected the computer system at CSX Corp.'s Jacksonville, Fla., 
headquarters, shutting down signaling, dispatching and other systems at about 


==========> 03-08-21-WashPost-PoorSoftwareSpeadsViruses.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A23036-2003Aug20.html

Strong Attackers, Weak Software
Recent Outbreaks Show Virus Writers' Growing Power
• CSX Blames Virus for Delays (The Washington Post, Aug 21, 2003)
By Charles Duhigg
Washington Post Staff Writer
Thursday, August 21, 2003; Page E01

When Mark Sunner, chief technology officer at e-mail security company 


==========> 03-08-21-Wired-SoftwarePatchesNotAnswerToSecurity.txt==========

http://www.wired.com/news/infostructure/0,1377,60109,00.html

Geeks Grapple With Virus Invasion 
By Michelle Delio
12:35 AM Aug. 21, 2003 PT

Summer vacation, peer pressure, Swiss-cheese programming code and 
too-quick-to-click Internet users have combined to make the last two weeks a 
true adventure in computing.



==========> 03-08-22-WashPost-InfectionsSlowNetworks.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A28770-2003Aug21.html

Record Computer Infections Slow U.S., Private Work
By Charles Duhigg
Washington Post Staff Writer
Friday, August 22, 2003; Page E01

Federal agencies reported sluggish or stalled computer systems yesterday and 
record levels of e-mail interceptions as the spread of viruses that have 
tangled Internet traffic in the past 10 days slowed somewhat but remained at 


==========> 03-08-23-SJMerc-DG-IsThisTheEndOfEmail.txt==========

http://weblog.siliconvalley.com/column/dangillmor/archives/001297.shtml#001297

August 23, 2003
The End of E-Mail?
posted by Dan Gillmor 11:42 AM

This has been a hellish week for users of e-mail, thanks to an ugly combination 
consisting of a conscience-less worm-writer, users' gullability and yet another 
demonstration of Microsoft's preference for profits over user security. To say 
that it could have been worse, however true that is, doesn't make what happened 


==========> 03-08-25-BaltoSun-ResearcherCriticalOfEVotingCode.txt==========

http://www.sunspot.net/features/lifestyle/bal-to.vote25aug25.story

A vote of no confidence
When a Hopkins computer scientist declared a new breed of electronic voting 
machinery to be junk, he cracked open a wide and costly debate. By Michael 
Ollove
Sun Staff
Originally published August 25, 2003

In neither appearance nor demeanor does Avi Rubin suggest the aura of a 


==========> 03-08-25-SeaTimes-ArrestDueInBlasterWormCase.txt==========

http://seattletimes.nwsource.com/html/businesstechnology/2001659113_blaster290.h
tml

Arrest due in 'Blaster' computer worm case
By Mike Carter and Steve Miletich
Seattle Times staff reporters

The FBI has identified an 18-year-old suspect in the "Blaster" worm attacks, 
one of the most destructive computer viruses ever to target the Internet and 
computers worldwide, according to two U.S. Justice Department sources.


==========> 03-08-26-WSJ-VirusesAWakeUpCallForSWIndustry.txt==========

# "Welter of Viruses Is a Wake-Up Call for Software Industry"
Wall Street Journal (08/26/03) P. B1; Guth, Robert A.

The rapid spread of computer viruses such as SoBig and Blaster in recent weeks 
sends a clear message that commercial software makers must design more secure 
products. Although the damage caused by such viruses has been minor so far, 
Watts Humphrey of Carnegie Mellon University's Software Engineering Institute 
theorizes that a bug could conceivably result in a loss of life, given the 
ubiquity of software in today's world. He says software makers "need to focus 
on the practices of the individual engineers, and by and large nobody does 


==========> 03-08-27-ABCNews-CanPCsAutomaticallyDefendAgainstThreats.txt==========

http://abcnews.go.com/sections/scitech/FutureTech/saferPCs030827.html

Software Self-Defense
Can PCs Automatically Defend Themselves From Virus, Security Threats?
By Paul Eng
ABCNEWS.com

Aug. 27— Who's responsible for big computer virus outbreaks such as the recent 
SoBig attack? Experts say the answer is — you.



==========> 03-08-27-NYT-ResearchersTryToStayAheadOfWorms.txt==========

http://www.nytimes.com/2003/08/27/technology/27VIRU.html

# "Sleuths Try to Stay Ahead of Online Worms"
New York Times (08/27/03) P. C2; Flynn, Laurie J.

The extent of the damage caused by the SoBig.F computer worm was limited 
somewhat thanks to the efforts of security researchers such as F-Secure's Mikko 
Hypponen, who helped dissect the worm and warned authorities about network 
weaknesses that could aid its spread. Such experts notified the FBI about these 
vulnerabilities, and the bureau moved quickly to isolate them. Ilkka Starck of 


==========> 03-08-28-WashPost-VirusProtectionMayMoveToServers.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A56103-2003Aug27.html

Fight Against Viruses May Move to Servers
By Charles Duhigg
Washington Post Staff Writer
Thursday, August 28, 2003; Page E01

Computer viruses are becoming so aggressive and sophisticated that they may 
soon be able to elude anti-virus programs installed on individual computers, 
according to many in the security industry.


==========> 03-08-29-SJMerc-BlasterWormWriterToBeArrested.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6647981.htm

Posted on Fri, Aug. 29, 2003 story:PUB_DESC
Authorities to arrest teen in Internet attack

WASHINGTON (AP) - U.S. cyber investigators have identified a teenager as one 
author of a damaging virus-like infection unleashed weeks ago on the Internet 
and plan to arrest him early Friday, a U.S. official confirmed.

The 18-year-old was accused of writing a version of the damaging ``Blaster'' 


==========> 03-08-30-BosGlobe-FBIArrestsBlasterWormSuspect.txt==========

http://www.boston.com/business/technology/articles/2003/08/30/man_18_arrested_in
_blaster_probe/

Man, 18, arrested in Blaster probe
But worm's creator remains a mystery
By Hiawatha Bray, Globe Staff, 8/30/2003

An 18-year-old Minnesota man was arrested yesterday for allegedly creating a 
variant of the devastating Blaster computer worm that infected thousands of 
computers this month.


==========> 03-09-00-CACM-SecurityAndPrivacyIssuesInHandheldAndWearableDevices.txt==========

Security and privacy issues of handheld and wearable wireless devices
Roberto Di Pietro, Luigi V. Mancini
September 2003 	  	
Communications of the ACM,  Volume 46 Issue 9 

The distinguished capabilities of these devices are also the very reasons they 
require security and privacy protections of an unprecedented scale.

We are surrounded by a variety of appliances important for our daily lives and 
that require our constant attention, such as a wearable heart rate monitor, a 


==========> 03-09-00-NAP-Neuman-ComputerSecurityIssues.txt==========

http://www.nap.edu/issues/19.4/neumann.html

PETER G. NEUMANN
U.S. Computer Insecurity Redux

The United States continues to face serious challenges in protecting computer 
systems and communications from unauthorized use and manipulation. In terms of 
computer security, the situation is worse than ever, because of the nation's 
dramatically increased dependence on computers, the widespread growth of the 
Internet, the steady creation of pervasively popular applications, and the 


==========> 03-09-01-InfoWeek-Viruses-AWorldwideProblem.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=14200065

Big Bad World   Sept. 1, 2003
Actually, when it comes to computer security, it's a small--and 
threatening--world. A global reach calls for global security measures.
By George V. Hulme

No computer connected to a network is completely safe. Any computer that 
communicates with another, even occasionally, can fall victim to the threats 
that race around our interconnected world. Hackers live in any country. And the 


==========> 03-09-01-NYT-FedsCallForCybersecurityOversight.txt==========

# As Digital Vandals Disrupt the Internet, a Call for Oversight"
New York Times (09/01/03) P. A1; Harmon, Amy

The growing sophistication and frequency of computer virus attacks, such as 
those that afflicted systems in recent weeks, is making government oversight of 
cybersecurity a more palatable concept for many people. Michael A. Vatis, 
former head of the FBI's National Infrastructure Protection Center, says that 
voluntary, private-sector initiatives to produce more secure software and more 
robust systems are inadequate. An Aug. 31 survey from the Pew Internet and 
American Life Project estimates that almost 60% of Internet users want the 


==========> 03-09-01-VNUNet-FBIArrestsStupidBlasterWormSuspect.txt==========

http://www.vnunet.com/News/1143304

FBI arrests 'stupid' Blaster.B suspect
By Iain Thomson [01-09-2003]
Modification of Chinese code could mean 10 years in chokey for US hacker

A US teenager has been arrested under suspicion of creating the Blaster or 
LoveSan.B virus, and court papers reveal intriguing details about the origin of 
the Blaster worm.



==========> 03-09-02-MSNBC-InterviewWithBlasterWormSuspect.txt==========

http://www.msnbc.com/news/960377.asp?cp1=1

‘I’m not the one they need to get’
Transcript of ‘Today’ show exclusive interview with worm suspect   Image: Parson
Jeffrey Lee Parson, 18, left, holds papers in front of his face to shield 
himself from the media as he and an unidentified person walk into his Hopkins, 
Minn., home on Friday.
NBC NEWS

Sept. 2 —  Three weeks ago, a flurry of computer viruses caused headaches for 


==========> 03-09-03-NewSci-AntiVirusSoftwareInadequate.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99994119

Computer antivirus strategies in crisis
19:00 03 September 03
Special Report from New Scientist Print Edition. Subscribe and get 4 free 
issues.

The speed with which US law enforcers last week tracked down Jeffrey Lee 
Parson, one of the alleged culprits behind the destructive computer virus 
MSBlaster, was heralded as a great victory in the battle against computer 


==========> 03-09-04-CompWorld-CongressProposesCybersecurityReportingLaw.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,84586,00.html

Cybersecurity legislation may go to Congress
One proposal would require public companies to report their cybersecurity 
efforts
Story by Grant Gross

SEPTEMBER 04, 2003 ( IDG NEWS SERVICE ) - WASHINGTON -- As the U.S. Congress 
reconvenes this week after a monthlong break, legislation imposing 
cybersecurity requirements on private industry, including a proposal that would 


==========> 03-09-04-SFChron-MoreWormsAndVirusesComing.txt==========

http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2003/09/04/BU3
07857.DTL&type=business

Many more worms will wriggle into our future
Security expert foresees no end to bugs hitting computer networks
Carrie Kirby, Chronicle Staff Writer Thursday, September 4, 2003

Now that most businesses have recovered from the Blaster and SoBig worms, and 
the FBI has arrested one of the alleged virus writers, the computer world is 
settling back to normalcy.


==========> 03-09-04-SJMerc-FTCWarns-IdentityTheftGrowing.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6688751.htm

Posted on Thu, Sep. 04, 2003 story:PUB_DESC
Identity-theft problem growing, FTC warns
CRIME COSTS VICTIMS BILLIONS OF DOLLARS
By Michael Bazeley
Mercury News

Identity theft has affected more than 27 million Americans in the past five 
years and is getting worse, the Federal Trade Commission reported Wednesday in 


==========> 03-09-04-SJMerc-SecondBlasterWormArrest.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6690273.htm

Posted on Thu, Sep. 04, 2003
Second Suspect Arrested in Web Worm Case
JIM KRANE
Associated Press

Police in Romania on Wednesday arrested a 24-year-old former student in 
connection with a computer-crippling Internet worm, according to a computer 
security company that aided police.


==========> 03-09-04-Wired-ReturningStudentComputersUnleashViruses.txt==========

http://www.wired.com/news/technology/0,1282,60299,00.html

Colleges Crack Down on Viruses 
Associated Press
02:06 PM Sep. 04, 2003 PT

WASHINGTON -- Still recovering from a summer of Internet infections, colleges 
are taking unusually aggressive steps to protect campus computer networks from 
virus outbreaks.



==========> 03-09-06-NewSci-StudyIdentifiesImageAntiTamperingSteps.txt==========

# A Picture Tells a Thousand Lies"
New Scientist (09/06/03) Vol. 179, No. 2411, P. 38; Farid, Hany

The alteration of digital images has become a common practice, which is why a 
method to determine the authenticity of images is critical. Hany Farid, 
assistant professor in computer science at Dartmouth College, believes digital 
watermarking, which some people tout as a solution, is ultimately ineffective; 
watermarking requires a specialized camera, while the watermarks must be 
impossible to remove. Farid and colleagues have come up with a holistic method 
to detect digitally tampered images using a technique employed by compression 


==========> 03-09-08-BusWeek-VirusesReachEpidemicProportions.txt==========

http://www.businessweek.com/magazine/content/03_36/b3848001_mz001.htm

SEPTEMBER 8, 2003
How Do Virus Hunters Track Their Prey?
Commentary: From Open Doors to Gated Communities
Commentary: Technology: Just Make It Simpler

Epidemic

Crippling computer viruses and spam attacks threaten the information economy. 


==========> 03-09-08-InfoWeek-HackerForHireAtWork.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=14400070

Hack in Progress   Sept. 8, 2003
Just how easy is it to break into your company's networks? Hire a hacker, then 
sit tight.
By George V. Hulme

The SetUp

Ryan Breed is a hacker. He's honed his skills since his undergraduate days at 


==========> 03-09-10-MSNBC-DieboldOpticalVotingResultsSentToWebsite.txt==========

http://www.msnbc.com/news/964736.asp?cp1=1

E-voting critics point to security hole
California primary results appeared online before polls closed
By Rachel Konrad
ASSOCIATED PRESS

SAN JOSE, Calif., Sept. 10 — The strange case of an election tally that appears 
to have popped up on the Internet hours before polls closed is casting new 
doubts about the trustworthiness of electronic voting machines. During San Luis 


==========> 03-09-11-PCWorld-HouseWitnessesSuggestSecurityApproaches.txt==========

http://www.pcworld.com/news/article/0,aid,112419,00.asp

Feds Search for Cybersecurity Solutions
More money, not new laws, are the key to security, most experts agree.
Grant Gross, IDG News Service
Thursday, September 11, 2003

WASHINGTON -- When it comes to improving cybersecurity, new laws are not 
necessarily the answer. That was the message on Wednesday at a House 
subcommittee hearing, as IT vendors recommended a variety of ways for the U.S. 


==========> 03-09-11-TechNewsWorld-IssuesWithBiometrics.txt==========

http://www.technewsworld.com/perl/story/31547.html

Beyond Biometrics: New Strategies for Security
By Jack M. Germain
TechNewsWorld
September 11, 2003

Biometrics technology, despite its sluggish acceptance, might be on the edge of 
newfound popularity. Consumer fears for online identity theft and Internet 
merchants' demands for customer verification are starting to create a comfort 


==========> 03-09-11-Wired-HouseWitnessesSuggestSecurityApproaches.txt==========

http://www.wired.com/news/infostructure/0,1377,60391,00.html

Just Say No to Viruses and Worms 
By Kim Zetter
02:00 AM Sep. 11, 2003 PT

Members of the computing industry and law enforcement testified before the 
technology subcommittee of the House Committee on Government Reform Wednesday 
about how to protect the nation's computing systems from viruses and worms.



==========> 03-09-12-MSNBC-WirelessWebCouldAidInEmergencies.txt==========

http://www.msnbc.com/news/965670.asp?cp1=1

Wireless webs to cope with a crisis
Center develops tools to address emergencies in post-9/11 era
Paul Kolodzy, director of the Wireless Network Security Center at the Stevens 
Institute of Technology, talks about the Canobeam optical transmission camera 
mounted atop the physics building on the campus.
By Brian Bergstein
ASSOCIATED PRESS



==========> 03-09-12-TorontoStar-CybersecurityThreats.txt==========

http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_T
ype1&c=Article&cid=1063318210756&call_pageid=970599109774

Hackers threaten power grid: Expert
Utility computers called vulnerable
`Fame is a driving factor' for attacks
RACHEL ROSS
TECHNOLOGY REPORTER

Hackers didn't cause last month's blackout. But that doesn't mean they couldn't 


==========> 03-09-14-SeattleTimes-MSIssuesNewPatchForFlawExploitedByBlaster.txt==========

http://seattletimes.nwsource.com/html/businesstechnology/2001724145_microsoft11.
html

Microsoft issues patch for new Windows flaw
By Dina Bass
Bloomberg News

Microsoft, whose software was hit by the Blaster computer virus last month, has 
found new security flaws in the same area of the Windows operating system that 
was exploited by Blaster.


==========> 03-09-15-CompWorld-SoftwareQualityMeasuresWillImproveSecuity.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,84731,00.html

Software quality is still a work in progress, offshore and in the U.S.
 Story by Mark Willoughby

SEPTEMBER 15, 2003 ( COMPUTERWORLD ) - The link between software quality and 
security could boost businesses' use of software developed offshore as they 
battle against the worms and viruses that exploit software defects and cause 
billions of dollars in damage.



==========> 03-09-16-BusWeek-NewApproachesNeededForNetSecurity.txt==========

http://www.businessweek.com/technology/content/sep2003/tc20030916_6815_tc129.htm

SEPTEMBER 16, 2003
SPECIAL REPORT: NETWORK SECURITY

Needed: A Security Blanket for the Net
Worms, viruses, bugs, spam, and hackers have spurred many experts to start 
pushing concrete reforms, some quite radical

David Farber, a computer science professor at Carnegie Mellon University in 


==========> 03-09-16-NewsFactor-InternetWorms-WorstIsYetToCome.txt==========

http://www.newsfactor.com/perl/story/22298.html

Internet Worms: Worst Is Yet To Come?
By Vincent Ryan
NewsFactor Network
September 16, 2003

"We, as a people, have valued productivity and access over security," says Fred 
Felman, vice president of marketing for Zone Labs. Users have demanded greater 
access, collaboration, and ease of use from vendors, and "those things don't 


==========> 03-09-17-SJMerc-BlasterWormAccusedPleadsNotGuilty.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6796336.htm

Posted on Wed, Sep. 17, 2003 story:PUB_DESC
Teen charged in Internet worm attack pleads innocent

SEATTLE (AP) - A high school senior pleaded innocent Wednesday to a federal 
charge alleging he crippled more than 7,000 computers by modifying a version of 
the ``Blaster'' worm.

Jeffrey Parson, 18, of Hopkins, Minn., was arrested Aug. 29 and faces one count 


==========> 03-09-18-PCWorld-SwenWormPosesAsMSPatch.txt==========

http://www.pcworld.com/news/article/0,aid,112552,00.asp

New Worm Targets File-Sharing Nets
Antivirus vendors post updates to stop W32.Swen, which masquerades as a 
Microsoft update.
Paul Roberts, IDG News Service
Thursday, September 18, 2003

Antivirus companies are warning Internet users about W32.Swen, a new worm that 
spreads using e-mail messages, vulnerable network connections, Internet Relay 


==========> 03-09-18-SJMerc-MelissaVirusWriterCooperatedWithFBI.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6802074.htm

Posted on Thu, Sep. 18, 2003 story:PUB_DESC
Virus sender helped FBI bust hackers, court records say
Associated Press

Federal prosecutors credited the man responsible for transmitting the Melissa 
virus -- a computer bug that did more than $80 million in damage in 1999 -- 
with helping the FBI bring down several major international hackers.



==========> 03-09-18-Wired-MarylandSaysDieboldVotingSystemOK.txt==========

http://www.wired.com/news/technology/0,1282,60486,00.html

E-Voting Audit Ready for Public 
By Kim Zetter
02:00 AM Sep. 18, 2003 PT

A security audit ordered by Maryland Gov. Robert Ehrlich on Diebold Election 
Systems' touch-screen voting machines is complete, and a version of it is ready 
for public consumption.



==========> 03-09-18-ZDNet-SwenWormPosesAsMSPatch.txt==========

http://insight.zdnet.co.uk/0,39020415,39116512,00.htm

Swen prevention and cure
Robert Vamosi
ZDNet.com
September 19, 2003, 12:45 BST

The Swen virus masquerades as a new Microsoft patch - find out how to avoid it, 
and what to do in the case of infection



==========> 03-09-23-ABCNews-SomeFearTerroristCyberAttacks.txt==========

http://www.abcnews.go.com/sections/scitech/US/cyberattack030923.html

Cyber Threat
Some Fear Computer Attacks Could Cause or Intensify Physical Terror
By Michael S. James
ABCNEWS.com

Sept. 23 — Evildoers commandeer thousands of home computers, creating a virtual 
army that knocks down chunks of the Internet. Computer infections hit a nuclear 
plant, crash a 911 system, snarl train service and shut down ATMs. A 


==========> 03-09-23-RMSmith-IESupercookiesBypassP3PAndCookieControls.txt==========

http://www.computerbytesman.com/privacy/supercookie.htm

Internet Explorer SuperCookies bypass P3P and cookie controls
Richard M. Smith (rms@computerbytesman.com)
January 16, 2002 (Updated Sept. 23, 2003)

Introduction
There is a significant privacy problem with Internet Explorer because of a 
design flaw in the Windows Media Player (WMP). Using simple Javascript code on 
a Web page, a Web site can grab the unique ID number of the Windows Media 


==========> 03-09-23-Salon-DieboldVotingSystemAnInvitationToFraud.txt==========

http://www.salon.com/tech/feature/2003/09/23/bev_harris/index_np.html

An open invitation to election fraud
Not only is the country's leading touch-screen voting system so badly designed 
that votes can be easily changed, but its manufacturer is run by a die-hard GOP 
donor who vowed to deliver his state for Bush next year.
By Farhad Manjoo

Sept. 23, 2003  |  As if the public image of punch-card voting machines had not 
already been bruised and battered enough, on Sept. 15, the 9th Circuit Court of 


==========> 03-09-24-CNETNews-ReportBlamesMSForSecurityProblems.txt==========

http://news.com.com/2100-1029_3-5081214.html

Report: Microsoft dominance poses security risk
Last modified: September 24, 2003, 4:36 AM PDT
By Robert Lemos
Staff Writer, CNET News.com

A computer industry group critical of Microsoft plans to release a report 
Wednesday asserting that the software giant's dominance in key technologies 
threatens the national infrastructure.


==========> 03-09-24-InfoWorld-USImmigrationSystemHitByWelchiaWorm.txt==========

http://www.infoworld.com/article/03/09/24/HNimmigration_1.html

U.S. immigration system hit by virus
Network links suspended between Washington, foreign embassies, and consular 
offices for nine hours
By Paul Roberts, IDG News Service September 24, 2003 

The U.S. Department of State struggled Tuesday to quell an outbreak of the 
W32.Welchia Internet worm on the department's computer systems.



==========> 03-09-24-WashPost-ReportBlamesMSForSecurityProblems.txt==========

http://www.washingtonpost.com/ac2/wp-dyn?pagename=article&node=&contentId=A54872
-2003Sep23&notFound=true

Security Report Puts Blame On Microsoft
By Jonathan Krim
Washington Post Staff Writer
Wednesday, September 24, 2003; Page E01

Viruses, worms and other cyber-attacks that are crippling computers with 
increasing frequency cannot be stopped as long as the software of one company 


==========> 03-09-25-Reuters-AntiSpamWebsitesShutDownByAttack.txt==========

http://www.reuters.com/newsArticle.jhtml;jsessionid=20LSJQRTR5QLECRBAEZSFFA?type
=technologyNews&storyID=3510971

Anti-Spam Web Pages Shut Down by Attacks
Thu September 25, 2003 08:44 PM ET
By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - Three Web sites that provide spam blocking lists have 
shut down as a result of crippling Internet attacks in what experts on Thursday 
said is an escalation in the war between spammers and opponents of unsolicited 


==========> 03-09-25-TheReg-AntiSpamWebsitesShutDownByAttackLinedToSobig.txt==========

http://www.theregister.co.uk/content/56/33059.html

Sobig linked to DDoS attacks on anti-spam sites
By John Leyden
Posted: 25/09/2003 at 19:22 GMT

A senior anti-spam activist is calling on law enforcement authorities to track 
down the perpetrators behind a widespread and sustained attack on anti-spam 
sites. The call, from Steve Linford of Spamhaus, comes along with fresh 
evidence that the assaults have been enabled by the infamous Sobig worm.


==========> 03-09-25-Wired-MarylandSaysDieboldVotingSystemOK.txt==========

http://www.wired.com/news/business/0,1367,60583,00.html

Maryland: E-Voting Passes Muster 
By Kim Zetter
02:00 AM Sep. 25, 2003 PT

Maryland election officials released a highly anticipated report Wednesday that 
examines the security of Diebold Election Systems' touch-screen voting machines.

Despite a summary in the report that states the Diebold system used in several 


==========> 03-09-25-Wired-MSDominanceThreatensCyberSecurity.txt==========

http://www.wired.com/news/infostructure/0,1377,60579,00.html

Want PC Security? Diversify 
By Joanna Glasner
02:00 AM Sep. 25, 2003 PT

Taking a page from agricultural history, a group of computer security experts 
this week blamed Microsoft for exacerbating network instability by fostering a 
monoculture in the PC world.



==========> 03-09-28-SJMerc-DG-InternetHasGoodGuysAndBadGuys.txt==========

http://www.siliconvalley.com/mld/siliconvalley/business/columnists/6881523.htm

Posted on Sun, Sep. 28, 2003 story:PUB_DESC
In the Wild West of the Internet, there are good guys and bad guys
By Dan Gillmor
Mercury News Technology Columnist

Several weeks ago, a friend, David Weinberger, and I launched a small, 
non-commercial Web site. We called it ``WordPirates'' (www.wordpirates.com), 
the purpose of which was to remind people how some good words in our language 


==========> 03-10-00-CACM-RisksInTrustingSystemsThatMightNotBeTrustworthy.txt==========

Inside risks: Information system security redux
Peter G. Neumann
October 2003 	  	
Communications of the ACM,  Volume 46 Issue 10 

Last month we discussed risks in trusting entities that might not actually be 
trustworthy. And yet, people use flawed systems that may cause more security 
and reliability problems than they solve. There are various reasons why 
untrustworthy mass-market software might be used so extensively, even if the 
source code is proprietary and the vendor can arbitrarily download questionable 


==========> 03-10-00-FBI-RegionalComputerForensicLabs.txt==========

http://www.nationalrcfl.org/

A Message from the RCFL Director

Welcome to the National RCFL Program's web page. This site serves as a gateway 
to the growing number of RCFLs throughout the country. Our mission is to aid in 
the establishment and continued operations of RCFLs and to serve as a national 
clearinghouse for information about computer forensics - a field that has grown 
exponentially with no signs of abating. Because computers are involved in so 
many types of crimes, ranging from the mundane to the complex, the need for 


==========> 03-10-02-Baseline-CalifEVotingCertificationIssues.txt==========

http://www.baselinemag.com/article2/0,3959,1306643,00.asp

October 2, 2003
Vote, with No Confidence
By Edward Cone

The absence of serious security for voting systems means the controversy 
surrounding California's recall election and other contests is far from over.

The voting machines that almost derailed the Oct. 7 California recall election 


==========> 03-10-03-EWeek-MSVulnerabilitiesBlamedForTheftOfSourceCode.txt==========

http://www.eweek.com/article2/0,4149,1307532,00.asp

IE Gets Blame for Theft of Half Life 2 Code
By Chris Gonsalves
October 3, 2003

Security experts are blaming known but unpatched vulnerabilities in Microsoft 
Corp.'s Internet Explorer for the theft and distribution of the source code for 
a much anticipated new video game.



==========> 03-10-04-ECommTimes-BecomingSecurityExpertMightBreakLaws.txt==========

http://www.ecommercetimes.com/perl/story/31757.html

Becoming a Security Guru Without Breaking the Law
By Alison Diana
E-Commerce Times
October 4, 2003

Some universities require students to sign a contract stating they will not use 
anything learned in class for negative or disruptive functions -- but such 
precautions are not failsafe.


==========> 03-10-06-Wired-DieboldEVotingMachinesFlawed.txt==========

http://www.wired.com/news/evote/0,2645,60713,00.html

Time to Recall E-Vote Machines? 
By Kim Zetter
08:39 AM Oct. 06, 2003 PT

As Californians head to the polls on Tuesday, voters in at least one county 
will cast their ballots electronically on machines that have been shown to be 
flawed.



==========> 03-10-08-CompWorld-ConsensusIdentifiesTop20NetVulnerabilities.txt==========

http://www.computerworld.com/securitytopics/security/holes/story/0,10801,85848,0
0.html

Multinational consensus pegs top 20 net vulnerabilities
Experts from the U.S., Canada, the U.K., Singapore and Brazil name the top 
Windows, Unix and Linux flaws.
Story by Dan Verton

OCTOBER 08, 2003 ( COMPUTERWORLD ) - WASHINGTON -- The U.S. Department of 
Homeland Security, along with its Canadian and British counterparts and the 


==========> 03-10-08-FBI-RegionalComputerForensicLabs-PressRelease.txt==========

http://www.fbi.gov/pressrel/pressrel03/lab100803.htm

For Immediate Release
October 08, 2003
Washington D.C.
FBI National Press Office

        FBI Director Mueller Announces Five New Computer Forensic Laboratories

        Washington D.C. -- FBI Director Robert S. Mueller III today announced 


==========> 03-10-08-TechNewsWorld-SwenWormPosesAsMSPatch.txt==========

http://www.technewsworld.com/perl/story/31627.html

Oct. 8 2003
SECURITY SECTION
New Swen Worm Poses as MS Patch, Spreads
By Jay Lyman
TechNewsWorld
September 19, 2003

Swen, a "highly complex" worm, communicates with a remote Web site to track its 


==========> 03-10-09-CNETNews-MSSaysSecurityImprovementsWillTakeTime.txt==========

http://news.com.com/2100-7355-5088595.html

Microsoft expects security effort to take time
Last modified: October 9, 2003, 8:28 AM PDT
By Ina Fried
Staff Writer, CNET News.com

update Microsoft announced Thursday a detailed plan to combat a recent wave of 
security threats, but one executive told CNET News.com that things won't change 
overnight.


==========> 03-10-09-MS-BlamerOnSecuityAndOtherIssues.txt==========

http://www.microsoft.com/presspass/exec/steve/2003/10-09wwpc.asp

Remarks by Steve Ballmer, CEO, Microsoft Corporation
"Partnership, Innovation and Customer Focus"
Microsoft Worldwide Partner Conference
New Orleans, Louisiana
October 9, 2003

STEVE BALLMER:  It's a real privilege and pleasure for me to have the chance to 
be here with you. Last year when I spoke at the Fusion conference, I think I 


==========> 03-10-10-DCMil-DDenningDiscussesCybersecurity.txt==========

http://www.dcmilitary.com/navy/trident/8_36/features/25735-1.html

October 10, 2003
Securing the portals of cyber space
by Martha Thorn
Trident Feature Editor

Dr. Dorothy Denning, a professor in the department of defense analysis at the 
Naval Postgraduate School in Monterey, Calif., faced a diverse audience when 
she spoke at the academy Sept. 30.


==========> 03-10-10-SJMerc-MSSaysSecurityImprovementsWillTakeTime.txt==========

http://www.siliconvalley.com/mld/siliconvalley/6980382.htm

Posted on Fri, Oct. 10, 2003 story:PUB_DESC
Microsoft promises security changes
TECHNOLOGY TO SHIELD WINDOWS, BALLMER SAYS
By Kristi Heim
Mercury News Seattle Bureau

SEATTLE - Faced with a mounting crisis over security flaws in Microsoft's 
software, Chief Executive Steve Ballmer acknowledged Thursday that the 


==========> 03-10-10-TheReg-MSSaysSecurityImprovementsWillTakeTime.txt==========

http://www.theregister.co.uk/content/4/33319.html

Ballmer's new MS security fix - same patches, but 'nicer'
By John Lettice
Posted: 09/10/2003 at 17:16 GMT
 
A few weeks ago Microsoft appeared to be tacitly conceding that, in the face of 
repeated and damaging attacks, the 'patch and patch again' approach to security 
was a busted flush, and that 'securing the perimeter' was the way to go. But 
how do you get there from here? It's hard, so it's not exactly surprising that 


==========> 03-10-13-Wired-WorkerSaysDieboldInstalledUnauditedSWPatch.txt==========

http://www.wired.com/news/evote/0,2645,60563,00.html

Did E-Vote Firm Patch Election? 
By Kim Zetter
02:00 AM Oct. 13, 2003 PT

Diebold Election Systems has had a tumultuous year, and it doesn't look like 
it's getting any better.

Last January the electronic voting machine maker faced public embarrassment 


==========> 03-10-15-CBR-DNSRootServerSecurityImprovementNeeded.txt==========

http://www.cbronline.com/latestnews/165c8acb5f79bb5780256dc50018bddd

Trouble Grows at the Internet's Root
By Kevin Murphy

There's a conflict brewing at the root of the internet, between those who are 
trying to make the network more resilient, and VeriSign Inc, which says this 
can best be achieved if we get rid of the non-profits and commercialize the 
infrastructure.



==========> 03-10-15-UPI-InternetIsIndispensableAndVulnerable.txt==========

http://www.upi.com/view.cfm?StoryID=20031014-111239-5894r

The Web: Indispensable but not impervious
By Gene J. Koprowski
UPI Technology News
Published 10/15/2003 8:11 AM

This is the first in a series of UPI articles examining the current state and 
future prospects of the global communications and data network known as the 
Internet.


==========> 03-10-16-PCMag-SecurityExpertDiscussessIssues.txt==========

http://www.pcmag.com/article2/0,4149,1354271,00.asp

A Tech Veteran's Security Warning
By Sebastian Rupley
October 16, 2003

Critical-infrastructure security was the main topic at the recent annual 
meeting of the International Information Systems Security Certification 
Consortium, known as (ISC)². The consortium is a nonprofit agency dedicated to 
training and certifying security professionals. At this year's meeting, Rep. 


==========> 03-10-20-CNETNews-NewBillWOuldRequireDownloadWarnings.txt==========

http://news.com.com/2010-1032-5093409.html

A new tech battle brews in D.C.
October 20, 2003, 4:00 AM PT
By Declan McCullagh
Print story    E-mail story   
 
Even casual observers of the moral swamp called Washington, D.C., may remember 
the notorious Hollings bill, a mandatory copy protection proposal last year, 
which Hollywood's lobbyists loved and Silicon Valley hated. Because Sen. Ernest 


==========> 03-10-20-INetWeek-MSBallmerDiscussesSecurityIssues.txt==========

http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=15500449

Microsoft's Ballmer Sounds Off On Security
spacer
By Timothy Long, CRN

Microsoft CEO Steve Ballmer is finding himself talking about security a lot 
these days. At the Gartner ITXpo in Orlando, Fla., on Tuesday, Ballmer again 
found himself fielding numerous questions from industry analysts and IT 
professionals about what his company is doing to address an issue that's 


==========> 03-10-21-CNETNews-MSBallmerDiscussesSecurityIssues.txt==========

http://zdnet.com.com/2100-1105_2-5094279.html

Ballmer: Raising Microsoft's security game
By Mike Ricciuti
CNET News.com
October 21, 2003, 9:56 AM PT

ORLANDO, Fla.--Microsoft CEO Steve Ballmer on Tuesday defended his company's 
efforts to secure its software and fend off open-source rivals.



==========> 03-10-21-CRN-MSBallmerDiscussesSecurityIssues.txt==========

http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=45366

Ballmer Sounds Off On Security
Microsoft CEO says vendor is tackling industry concerns about its technology
By Timothy Long, CRN
1:23 PM EST Tues., Oct. 21, 2003

Microsoft CEO Steve Ballmer is finding himself talking about security a lot 
these days. At the Gartner ITXpo in Orlando, Fla., on Tuesday, Ballmer again 
found himself fielding numerous questions from industry analysts and IT 


==========> 03-10-22-CMU-NewCybersecurityCenterAnnounced.txt==========

http://www.eurekalert.org/pub_releases/2003-10/cmu-cmt102203.php

Public release date: 22-Oct-2003
Contact: Chriss Swaney
swaney@andrew.cmu.edu
412-268-5776
Carnegie Mellon University

Carnegie Mellon to launch new initiative to ensure cybersecurity
Will aid domestic and commercial sectors


==========> 03-10-22-GrokLaw-MSExecSaysCommercialSoftwareIsMoreSecure.txt==========

http://www.groklaw.net/article.php?story=20031022014413296

GROKLAW
SCO Scoop.
Ballmer Says Commercial Software is Better Because Someone's Rear End is on the 
Line
Wednesday, October 22 2003 @ 06:44 AM EDT

You know I couldn't resist covering this story. Microsoft's Steve Ballmer 
picked up his glove and slapped Linux across the face in a speech given at an 


==========> 03-10-22-NewsFact-MSToutsNewWindowsSecurity.txt==========

http://www.newsfactor.com/perl/story/22542.html

Does Microsoft's Longhorn Mean Security Salvation?
By Erika Morphy
Enterprise Windows IT
October 22, 2003

"Microsoft doesn't need more security -- it needs fewer security 
vulnerabilities," says Gartner's John Pescatore. "For Longhorn to be more 
secure than Windows XP, it needs to be a simpler operating system, and by 


==========> 03-10-23-NYT-PlanetLabServersWatchNetForAttacks.txt==========

Smart Servers as Watchdogs for Trouble on the Web"
New York Times (10/23/03) P. E8; Eisenberg, Anne

An upgraded Internet that can detect worms, traffic bottlenecks, and other 
network problems before they become serious may one day be within reach thanks 
to the efforts of PlanetLab, an academic-industrial consortium that has created 
a virtual testbed network built atop the Internet. PlanetLab employs PCs as 
smart routers at each network node, and these machines can run applications 
designed to detect whether data packets are benign or malign. "We are putting 
all the functionality and smarts into the PC at each node, without disturbing 


==========> 03-10-27-NWFusion-DNSRootServersUseAnycastToStopDoSAttacks.txt==========

http://www.nwfusion.com/news/2003/1027ddos.html

Net security gets root-level boost
By Carolyn Duffy Marsan and Cara Garretson
Network World, 10/27/03

A year after surviving a massive distributed denial-of-service attack, the 
Internet's root servers are better fortified against hacker activity, thanks to 
behind-the-scenes deployment of a routing technique known as Anycast, experts 
say.


==========> 03-10-28-CalgaryHerald-GatesToutsNewWindowsSecurity.txt==========

http://www.canada.com/calgary/calgaryherald/info/business/story.html?id=D4D179E8
-602A-4EDF-A03C-BB44691F829E

Bill Gates touts Longhorn security
Helen Jung
The Associated Press
Tuesday, October 28, 2003
CREDIT: Ric Francis, Associated Press
 
Microsoft Corp. chairman Bill Gates addresses the Professional Developers 


==========> 03-10-29-ACMUbiquity-FirewallSoftwareWillNeedAddOns.txt==========

http://www.acm.org/ubiquity/views/v4i35_fiefer.html

Port Wars
In the not-too-distant-future, firewalls spark a battle over port regulation 
and ownership
By William Paul Fiefer

As operating system evolved, a large market emerged in add-ons. Little programs 
such as word processors, defragmenters, image viewers, and so forth appeared. 
You bought the OS, then you needed to keep on buying.


==========> 03-11-00-CACM-TheMythOfComputerSecurityByKeepingSoftwareSecret.txt==========

Inside risks: Security by obscurity
Rebecca T. Mercuri, Peter G. Neumann
November 2003 	  	
Communications of the ACM,  Volume 46 Issue 11 

The belief that code secrecy can make a system more secure is commonly known as 
security by obscurity. Certainly, vendors have the right to use trade secret 
protection for their products in order to extend ownership beyond the terms 
afforded under copyright and patent law. But some software systems must satisfy 
critical requirements under intensive challenges, and thus must be trustworthy. 


==========> 03-11-03-CalifHaltsAuditOfDieboldEVotingMachines.txt==========

http://www.wired.com/news/evote/0,2645,61068,00.html

Calif. Halts E-Vote Certification 
By Kim Zetter
05:49 PM Nov. 03, 2003 PT

SACRAMENTO, California -- Uncertified software may have been installed on 
electronic voting machines used in one California county, according to the 
secretary of state's office.



==========> 03-11-03-MSNBC-EVotingIssues.txt==========

http://www.msnbc.com/news/985033.asp?cp1=1

Black Box Voting Blues  
Electronic ballot technology makes things easy. But some computer-security 
experts warn of the possibility of stolen elections  
By Steven Levy
NEWSWEEK
 
    Nov. 3 issue —  After the traumas of butterfly ballots and hanging chad, 
election officials are embracing a brave new ballot: sleek, touch-screen 


==========> 03-11-03-SFChron-UCN-USCResearchersToModelTheInternet.txt==========

http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2003/11/03/BUG
D42O8E41.DTL

Building a crash-test Internet
Researchers will assess vulnerability
Carrie Kirby, Chronicle Staff Writer Monday, November 3, 2003

A team of UC Berkeley and University of Southern California professors has 
received a $5.46 million grant to build one of the most realistic models of the 
Internet ever created -- and then wreck it with debilitating hacker attacks.


==========> 03-11-04-CNETNews-MSOffersRewardsToStopViruses.txt==========

http://news.com.com/2100-7355_3-5102110.html?tag=nefd_top

Microsoft to offer bounty on hackers
Last modified: November 4, 2003, 3:04 PM PST
By Robert Lemos
Staff Writer, CNET News.com

Microsoft will announce on Wednesday that it will offer two $250,000 bounties 
for information that leads to the arrest of the people who released the MSBlast 
worm and the SoBig virus, CNET News.com has learned.


==========> 03-11-04-WashPost-DNSRootServersStillVulnerableToDDoSAttacks.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A61714-2003Nov4.html

'DDoS' Attacks Still Pose Threat to Internet
By David McGuire
washingtonpost.com Staff Writer
Tuesday, November 4, 2003; 8:49 AM

On October 21, 2002, people around the world cruised through cyberspace the way 
they do every day -- bidding on auctions, booking airline reservations, sending 
e-mail -- all the while unaware that someone was working overtime to try to 


==========> 03-11-05-ITMgmt-ITManagersConcernedAboutWirelessSecurity.txt==========

http://itmanagement.earthweb.com/secu/article.php/3104691

War Driving No Game to IT Managers
November 5, 2003
By Sharon Gaudin

A couple of buddies get in their car on a Saturday morning. They've got 
steaming coffees and a laptop. As the passenger boots up the computer, the 
driver pulls out and banks a left onto a busy downtown Boston street. But in 
this scenario, it doesn't have to be Boston. It could be Chicago, New York, 


==========> 03-11-05-PRNewsWire-MSOffersRewardsToStopViruses.txt==========

http://www.prnewswire.co.uk/cgi/news/release?id=111277

News Release
Wednesday 5 November 2003, 15:00 GMT

Microsoft Announces Anti-Virus Reward Program

WASHINGTON, November 5 /PRNewswire/ -- Microsoft Teams with Worldwide Law 
Enforcement to Root Out Malicious Code Distributors with US$5 Million Reward 
Fund as a Part of Broader Security Initiative


==========> 03-11-05-SJMerc-MSOffersRewardsToStopViruses.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7189068.htm

Posted on Wed, Nov. 05, 2003
Microsoft Offers Reward to Stop Viruses
TED BRIDIS
Associated Press

WASHINGTON - Microsoft Corp. announced Wednesday it is creating a $5 million 
reward program to help law enforcement identify and convict those who illegally 
release worms, viruses and other types of malicious programs on the Internet.


==========> 03-11-06-PCWorld-LawmakerSuggestsRequiredAntivirusSoftware.txt==========

http://www.pcworld.com/news/article/0,aid,113322,00.asp

Could Antivirus Apps Become Law?
Congress considers ways to make computers more secure.
Grant Gross, IDG News Service
Thursday, November 06, 2003

One lawmaker has a possible solution to the increasing problem of computer 
viruses: requiring all computer users in the United States to install antivirus 
software on their PCs.


==========> 03-11-06-TechNewsWorld-FlawFoundInWPAWirelessSecurity.txt==========

http://www.technewsworld.com/perl/story/32070.html

Passphrase Flaw Exposed in WPA Wireless Security
By Jay Lyman
TechNewsWorld
November 6, 2003

Users of the WPA protocol might have a false sense of security because the 
wireless security standard is perceived as the latest proven defense. But the 
use of weak passphrases renders the protection inadequate.


==========> 03-11-07-PCWorld-MSOffersRewardsToStopViruses.txt==========

http://www.pcworld.com/news/article/0,aid,113331,00.asp

Virus Writers Dismiss Microsoft's Bounty
$5 million reward fund is a marketing ploy, critics claim.
Joris Evers, IDG News Service
Friday, November 07, 2003

Cyberspace outlaws may look over their shoulder one extra time before launching 
a computer virus or worm, but they won't be deterred by the $5 million bounty 
fund established by Microsoft to help capture and convict them, two virus 


==========> 03-11-10-FCW-EVotingMachinesQuestioned.txt==========

http://www.fcw.com/fcw/articles/2003/1110/pol-evote-11-10-03.asp

Jury still out on e-voting
Touted as an antidote to the hanging chad, e-voting solution not proven, 
experts say
BY MICHAEL HARDY
Nov. 10, 2003

Risk assessment report from SAIC



==========> 03-11-10-NZZ-ETHOpensInfoSecurityCenter.txt==========

http://nzz.ch/2003/11/10/english/page-synd4328710.html

November 10, 2003, 23:45

Scientists seek to plug gaps in computer security

Researchers at the Federal Institute of Technology in Zurich have declared war 
on computer viruses and their consorts.

The new Zurich Information Security Centre (ZISC) aims to be a world leader in 


==========> 03-11-11-SJMerc-20YearsOfViruses.txt==========

http://www.silicon.com/software/security/0,39024655,39116851,00.htm

The virus at 20: Two decades of malware
November 11 2003
by Will Sturgeon
Birthday 'best wishes' will be few and far between at this party...

This week marks the 20th anniversary of the very first computer virus. To mark 
the occasion, Will Sturgeon spoke to some of the industry's leading crusaders 
in the battle against malware...


==========> 03-11-11-Wired-DieboldForcedToPayForEVotingMachineAudit.txt==========

http://www.wired.com/news/print/0,1294,61172,00.html

E-Vote Firm's Bill Comes Due 
By Kim Zetter
02:00 AM Nov. 11, 2003 PT

SACRAMENTO -- Citing concerns that Diebold Election Systems installed 
uncertified software on some electronic voting systems in a California county 
without the state's knowledge, officials are forcing the company to pay for an 
audit of all the company's voting machines used in the state in order to win 


==========> 03-11-12-WashU-DeviceTrapsMalware.txt==========

http://www.innovations-report.com/html/reports/information_technology/report-232
76.html

Washington University in St. Louis 12.11.2003 
System halts computer viruses, worms, before end-user stage

Scanning all of Shakespeare in 1/60th of a second

A computer scientist at Washington University in St. Louis has developed 
technology to stop malicious software - malware - such as viruses and worms 


==========> 03-11-13-INetWeek-NewDNSSecurityNearlyCompleteByIETF.txt==========

http://www.internetweek.com/security02/showArticle.jhtml?articleID=16100056

Standard For Securing Domain Name System Nears Finalization
By Antone Gonsalves

An international standards body is close to releasing a security mechanism for 
authenticating data moving across the Internet, making it more difficult for 
people dispensing spam, viruses and worms to remain anonymous.

DNS-Sec, which stands for domain name system-security, is under development by 


==========> 03-11-17-NWFusion-ISPsTakeOnDDoSAttacks.txt==========

http://www.nwfusion.com/news/2003/1117specialfocus.html

ISPs take on DDoS attacks
By Denise Pappalardo
Network World, 11/17/03

Although the number and intensity of distributed denial-of-service attacks are 
on the rise, users are hard-pressed to find tangible new services to help 
thwart or defend against such assaults.



==========> 03-11-19-OaklandTrib-SandiaLabOpensHoneynet.txt==========

http://www.oaklandtribune.com/Stories/0,1413,82~1865~1776530,00.html

Wednesday, November 19, 2003 - 3:07:52 AM PST
Sandia Labs studies phony computer network for hackers
By Ian Hoffman, STAFF WRITER

Instead of merely fending off thousands of daily computer attacks, federal 
researchers are trying a new tack: Create a meaningless digital universe to bog 
down hackers and study their tactics.



==========> 03-11-20-CompWorld-EUApprovesCyberSecurityAgency.txt==========

http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,87
394,00.html

EU cybercrime agency gets the go-ahead
The European Network and Information Security Agency begins work in January
Story by Paul Meller

NOVEMBER 20, 2003 ( IDG NEWS SERVICE ) - European telecommunications and 
communications ministers gave final approval to the creation of a European 
Network and Information Security Agency today.


==========> 03-11-20-NatlJour-ReviewOfACM-CRAPanelOnCybersecurity.txt==========

Specialists See Need For New Ideas In Computer Protection
by Ted Leventhal
11/20/03
National Journal's Tech Daily

Without new concepts and applications for computer security, networking will 
fail to reach its full potential, and it may collapse under the strain of 
unsolicited commercial e-mail and computer viruses and worms, experts warned on 
Thursday.  Computer scientists identified cyber-security problems and proposed 
solutions at an Association for Computing Machinery event this week and shared 


==========> 03-11-20-USACM-ACMAndCRASponsorCyberSecurityPanel.txt==========

PANEL TO PURSUE INNOVATIVE APPROACHES TO CYBER SECURITY
WHAT    Preeminent industry and academic leaders in computing confront=20
=93out-of-the-box=94 ideas from recent =93Grand Research Challenges=
 Conference=94=20
on cyber security

WHEN    Thursday, November 20, 8:30 am to 10:30 am (breakfast included)

WHERE   National Press Club (Holeman Lounge)
529 14th Street, NW, Washington, DC 20045


==========> 03-11-21-ChronHigherEd-ReviewOfACM-CRAPanelOnCybersecurity.txt==========

# "Computer-Security Experts Challenge Researchers to Focus on Long-Term 
Solutions"
Chronicle of Higher Education (11/21/03); Carnevale, Dan

Purdue University's Eugene Spafford was one of five speakers at a recent 
Virginia conference who suggested strategies computer scientists could follow 
to implement long-term cybersecurity solutions. Spafford declared at a news 
conference that computer networks should be rethought to include embedded, 
effective, and easy-to-use security. However, he remarked that "Near-term needs 
are so pressing that they have soaked up most of the resources and most of the 


==========> 03-11-21-TheStandard-NCVIFormedToPromoteVerifiedEVoting.txt==========

http://www.thestandard.com/article.php?story=20031121012728281

Group pushing e-voting security to launch
Friday, November 21 2003 @ 01:27 AM GMT
By Elizabeth Heichler, IDG News Service

A new group that draws heavily from the ranks of computer scientists and 
technology policy specialists who are concerned about inattention to IT 
security issues in voting systems will announce its debut on Friday in 
Washington, D.C.


==========> 03-11-22-SJMerc-WellsFargoCustomerDataStolen.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7326113.htm

Posted on Sat, Nov. 22, 2003		
Theft puts Wells Fargo customer IDs at risk
By Sue McAllister
Mercury News

A computer holding the names, addresses, Social Security numbers and account 
numbers of thousands of Wells Fargo customers was stolen from a consultant's 
office in Concord earlier this month, bank officials said Friday.


==========> 03-11-22-Stanford-CybersecurityResearchConference.txt==========

http://cyberlaw.stanford.edu/security/

Cybersecurity, Research & Disclosure
November 22, 2003
Stanford Law School

EARLY REGISTRATION DISCOUNT ENDS NOVEMBER 1, 2003

Almost daily, newly discovered vulnerabilities are released on 
mailing lists like BugTraq and Full Disclosure.  Harried security 


==========> 03-11-24-CompWorld-DiversityNeededToFoilCyberAttacks.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,87470,00.html

Improved Security Through IT Diversity
By JAIKUMAR VIJAYAN
NOVEMBER 24, 2003

  		In his recently released book, Beyond Fear: Thinking Sensibly 
About Security in an Uncertain World (Copernicus Books, 2003), security guru 
Bruce Schneier argues for a more common-sense and less technology-centric 
approach to both IT security and physical security. In this interview with 


==========> 03-11-25-CNETNews-After20YearsVirusesDefyCure.txt==========

http://news.com.com/2009-7349-5111410.html

Decades after creation, viruses defy cure
By Robert Lemos
Staff Writer, CNET News.com
November 25, 2003, 4:00AM PT

Of all the accomplishments in the annals of technology, Fred Cohen's 
contribution is undeniably unique: He introduced the term "virus" to the 
lexicon of computers.


==========> 03-11-25-CNETNews-BlackoutsHighlightNetVulnerabilities.txt==========

http://news.com.com/2100-7355_3-5111816.html

Blackouts highlight network vulnerabilities
Last modified: November 25, 2003, 11:48 AM PST
By Robert Lemos and Matt Loney
Staff Writer, CNET News.com
       
The summer's blackouts weren't caused by a worm or virus, but the failures 
highlight infrastructure weak spots, a report concluded this week.



==========> 03-11-25-NewsWise-DiversityNeededToFoilCyberAttacks.txt==========

http://www.newswise.com/articles/view/502136/

Taking Cues from Mother Nature to Foil Cyber Attacks
Libraries
Science News
INTERNET COMPUTER SCIENCE SYSTEM SECURITY HACKERS

Description
Taking their cues from Mother Nature and biodiversity, computer scientists are 
collaborating on a project to study “cyber-diversity” for computer systems as a 


==========> 03-11-27-Economist-FightingSpamAndWorms.txt==========

http://www.economist.com/science/displayStory.cfm?story_id=2246018

Fighting the worms of mass destruction
Nov 27th 2003 | SAN FRANCISCO
From The Economist print edition

Hooligans are trashing our online space. How can they be stopped?

WHEN Microsoft released its latest monthly batch of software patches on 
November 11th, it included one designed to repair a previously unknown flaw in 


==========> 03-11-28-LATimes-TechCompaniesTryToControlInfoAboutSecurityHoles.txt==========

http://www.latimes.com/technology/la-fi-hackers28nov28,1,1845462.story

Rules to Address Holes in Software
Major tech companies work to formalize guidelines for steps to take when 
security flaws are detected.
By Joseph Menn
Times Staff Writer
November 28, 2003

As the cost of securing data against malicious attacks continues to escalate, 


==========> 03-11-28-NYT-WormsAndVirusesInCellPhoneInternetAccess.txt==========

http://www.nytimes.com/2003/11/28/technology/28cell.html

Beware the Worm in Your Handset
By KEN BELSON
Published: November 28, 2003

OKYO, Nov. 27 - As more consumers begin surfing the Web and sending e-mail 
messages on cellphone and hand-held devices, along comes a new worry: worms and 
viruses spread via Internet-enabled handsets.



==========> 03-11-30-ACMWashUpdate-ACM-CRASponsorCyberSecurityEvent.txt==========

ACM Washington Update Vol 7.11 November 30, 2003

ACM and CRA Sponsor Cyber Security Policy Event
Congress to Approve Funding for Computing Research and Education
OMB Issues New Privacy Guidelines
FBI Plans to Open Five New Computer Crime Labs
NIST Seeks Comment on New Security Controls and Secure Hash Standard
New Congressional Research Services Report on E-Voting
Nanotechnology R&D Authorization Enacted into Law
*******************************


==========> 03-11-30-USACM-ACMWashingtonUpdate-7-11.txt==========

ACM Washington Update Vol 7.11 November 30, 2003

ACM and CRA Sponsor Cyber Security Policy Event
Congress to Approve Funding for Computing Research and Education
OMB Issues New Privacy Guidelines
FBI Plans to Open Five New Computer Crime Labs
NIST Seeks Comment on New Security Controls and Secure Hash Standard
New Congressional Research Services Report on E-Voting
Nanotechnology R&D Authorization Enacted into Law
*******************************


==========> 03-12-00-CACM-KillersVirusesAffectMillionsOfInternetUsers.txt==========

Attack of the killer virus!
Dennis Fowler
December 2003 	  	
netWorker,  Volume 7 Issue 4 

Though more than 600 million people worldwide use the Internet, it takes only 
one virus writer to make just about all of us miserable. Like a single stray 
neutron in a critical mass of plutonium, a lone virus can trigger a chain 
reaction that spews thousands of copies from desktop to desktop. Last summer's 
aptly named SoBig virus was an all-too-real example of this danger. "At 


==========> 03-12-00-CACM-StandardsCanHelpInComputerSecurity.txt==========

Security watch: Standards insecurity
Rebecca T. Mercuri
December 2003 	  	
Communications of the ACM,  Volume 46 Issue 12 

Standards can provide an important component in the computer security 
environment but they should not be relied on blindly.

In the computer industry, standards play an important role by enforcing 
security baselines and enabling compatibilities among products. In the early 


==========> 03-12-01-CNETNews-YoranNewTopUSCybersecurityDefender.txt==========

http://news.com.com/2008-7355_3-5112350.html

A two-pronged approach to cybersecurity
Last modified:December 1, 2003, 1:30 PM PST
By Robert Lemos
Staff Writer, CNET News.com
       
In September, Amit Yoran became the United States' top cybersecurity defender.

Against a backdrop of new challenges from increasingly sophisticated hackers, 


==========> 03-12-03-DCInternet-USCybersecurityStillStalled.txt==========

http://dc.internet.com/news/article.php/3116061

December 3, 2003
National Cyber Security Initiative Still Stalling
By Michael Singer

SANTA CLARA, Calif. -- Eight months after forging a plan to secure cyberspace, 
a coalition of government and private corporations says it is close to 
unveiling real products and practices to bolster the nation's vulnerable 
networks.


==========> 03-12-03-SJMerc-CybersecuritySummitToRefocusAttention.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7402121.htm

Posted on Wed, Dec. 03, 2003		
Computer security in focus
CYBERSUMMIT SET HERE TODAY
By Elise Ackerman
Mercury News

As George Bush makes national security the watchword of his presidency, some 
Silicon Valley leaders worry cybersecurity seems to have slipped off the 


==========> 03-12-03-SJMerc-RetailerHackerSentencedToPrison.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7405298.htm

Posted on Wed, Dec. 03, 2003		
Retail hacker sentenced to 1 1/2 years in prison

PITTSBURGH (AP) - A former employee of American Eagle Outfitters has been 
sentenced to 1 1/2 years in federal prison for using the Internet to encourage 
break-ins at the retailer's Web site and launching an attack against it.

Kenneth Patterson, 38, of Greensburg, was also ordered Tuesday to pay more than 


==========> 03-12-03-SJMerc-SecRidgeTellsTechFirmsToCooperateOnCyberSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7405011.htm

Posted on Wed, Dec. 03, 2003		
Cooperate on security or face new rules, Ridge tells tech firms

SANTA CLARA, Calif. (AP) - Technology companies must cooperate in the battle 
against cyberterrorism -- or submit to government-imposed security regulations 
-- Homeland Security Secretary Tom Ridge and other senior officials said 
Tuesday.



==========> 03-12-03-USDHS-RemarksBySecRidge.txt==========

http://www.dhs.gov/dhspublic/display?content=2487

Remarks by Secretary Tom Ridge at the National Cyber Security Summit

For Immediate Release
Office of the Press Secretary
December 3, 2003

Thank you for that introduction.  It's an honor for me to be here this morning. 
 I want to thank all of you for your willingness to be a part of this summit, 


==========> 03-12-04-SJMerc-ChinaOrdersDomesticSecurityOnWirelessNets.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7412296.htm

Posted on Thu, Dec. 04, 2003		
China orders wireless local area networks to use domestic encryption standards

SHANGHAI, China (AP) - China has ordered computer makers, both at home and 
overseas, to use its own encryption standard for wireless local area networks, 
ensuring stronger government control and giving domestic manufacturers a slight 
respite from some foreign competition.



==========> 03-12-04-SJMerc-DebianDefendedInLinuxSecurityIssue.txt==========

http://siliconvalley.internet.com/news/article.php/3116231

December 4, 2003
Linux Security Expert Defends Debian
By Jim Wagner

A Linux expert is defending the way Debian Project leaders handled a recent 
security breach that took down the servers of the 10-year-old open source 
effort.



==========> 03-12-04-SJMerc-SecRidgeTellsTechFirmsToCooperateOnCyberSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7410944.htm

Posted on Thu, Dec. 04, 2003		
Tech firms urged: Secure cyberspace
DO IT OR FACE REGULATIONS, SUMMIT TOLD
By Elise Ackerman
Mercury News

As Homeland Security Secretary Tom Ridge warned Wednesday that terrorists 
``know a few lines of code can wreak as much havoc as a handful of bombs,'' a 


==========> 03-12-04-WashPost-USDHSTellsTechFirmsToCooperateOnCyberSecurity.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A33245-2003Dec3.html

Help Fix Cyber-Security Or Else, U.S. Tells Industry
'We Want to See Results,' Official Says at Summit
By Jonathan Krim
Washington Post Staff Writer
Thursday, December 4, 2003; Page E02

SANTA CLARA, Calif., Dec. 3 -- Top homeland security officials Wednesday 
challenged the technology industry to help improve the nation's ability to 


==========> 03-12-06-ZDNet-Farber-CybersecurityRequiresSoftwareEngrReform.txt==========

http://techupdate.zdnet.com/techupdate/stories/main/Massive_software_engineering
_reform_is_a_must.html

Massive software engineering reform is a must
By Dan Farber, Tech Update
December 6, 2003

The National Cyber Security Summit last week that brought the Department of 
Homeland Security to the table with the Business Software Alliance, the 
Information Technology Association of America, TechNet and the U.S. Chamber of 


==========> 03-12-08-NYT-TrojanHorsePutsHijackedComputersOnP2PNet.txt==========

http://www.nytimes.com/2003/12/08/technology/08trojan.html

Hackers Steal From Pirates, to No Good End
By JOHN SCHWARTZ
Published: December 8, 2003

The people who design rogue programs that take over computers from afar are now 
applying the tactic that made music pirating programs so effective - and the 
Internet may never be the same.



==========> 03-12-09-CompWorld-SeveralUSAgenciesFailInCybersecurity.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,88030,00.html

U.S. agencies earn overall grade of D for computer security
By LINDA ROSENCRANCE
DECEMBER 09, 2003
			
  		For the fourth year in a row, most federal agencies have 
received low grades for failing to protect their computer networks from hackers 
and other cyberterrorists, according to a computer security report card issued 
today by the House Government Reform Subcommittee on Technology. The 


==========> 03-12-09-FCW-USAgenciesGetPoorCyberSecurityGrades.txt==========

http://www.fcw.com/fcw/articles/2003/1208/web-grades-12-09-03.asp

Government gets 'D' on security
BY Diane Frank
Dec. 9, 2003	
"Agencies to get security scores" [FCW.com, Dec. 2, 2003]
2003 security report card

Federal agencies are still far behind where they need to be on information 
security, scoring a governmentwide grade of D for 2003 based on grades released 


==========> 03-12-09-GovExec-USAgenciesGetPoorCybersecurityGrades.txt==========

http://www.govexec.com/dailyfed/1203/120903c1.htm

December 9, 2003
Agencies get failing grades on cybersecurity

#  	National 'cyber summit' planned to aid federal outreach   (09/16/03)
# Executive at Internet security firm likely nominee for cyber chief   
(09/11/03)
# Democrats give administration 'D' on security efforts   (07/23/03)
# Former officials assess security needs on cyber front   (06/11/03)


==========> 03-12-09-NWFusion-IEEESaysChinasWirelessSecurityUnderminesWiFi.txt==========

http://www.nwfusion.com/news/2003/1209ieeechine.html

IEEE: Chinese security standard could fracture Wi-Fi
Breaking news
Today's top news.
By Sumner Lemon
IDG News Service, 12/09/03

The implementation of a Chinese security standard for wireless networking could 
undermine efforts to develop a global standard for wireless LANs and drive up 


==========> 03-12-09-USHouse-CybersecurityGrades-2000-2003.txt==========

http://reform.house.gov/TIPRC/Hearings/EventSingle.aspx?EventID=652

Contact: 202-225-6751
2003 Federal Computer Security Report Card
Tuesday, December 09, 2003 10:00 AM

Opening Statement
Hon. Putnam Federal Computer Report Card Press Statement Reports
Computer Security Report Card 2003
Overall Federal Computer Grade and Bar Graph


==========> 03-12-11-ESecurityWeb-VerifiableEmailProposals.txt==========

http://www.esecurityplanet.com/trends/article.php/3288271

Renovating E-Mail With Identity in Mind
By Pamela Parker
December 11, 2003
EarthWeb

That e-mail message may appear to be from PayPal or EarthLink, but is it 
really? To know for sure, e-mail needs an identity verification system, and 
there's a growing consensus among e-mail senders and recipients that one should 


==========> 03-12-12-CompWorld-CriticismOfEvotingMachinesSecurityMounting.txt==========

http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,88
178,00.html

Criticism of electronic voting machines’ security is mounting
By Elizabeth Heichler
DECEMBER 12, 2003

  		As presidential primary season approaches, a debate is raging 
about electronic voting -- and IT professionals and computer scientists are 
among the loudest critics.


==========> 03-12-14-SJMerc-DG-ChinaOrdersDomesticSecurityOnWirelessNets.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7489042.htm

Posted on Sun, Dec. 14, 2003		
China tries to establish homegrown tech rules
By Dan Gillmor
Mercury News Technology Columnist

HONG KONG - Early this month, China's government mandated an encryption 
standard for wireless data communications. It may force U.S. and other Western 
companies into unwanted joint ventures with Chinese companies if they want to 


==========> 03-12-15-CompWorld-UsersPlanForCybersecurityAttacks.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,88201,00.html

Users Worry About 'Zero-Day' Attacks, Try to Secure Systems
System configuration rules, incident-response plans may reduce threat
Story by Jaikumar Vijayan

DECEMBER 15, 2003 ( COMPUTERWORLD ) - NEW YORK -- So-called zero-day attacks 
that take advantage of software vulnerabilities for which there are no 
available fixes are starting to be viewed as a major threat to data security, 
said IT managers at the InfoSec 2003 conference here last week.


==========> 03-12-17-EarthWeb-BlueprintForInternetSecurity.txt==========

http://networking.earthweb.com/netsecur/article.php/3290411

Building a Blueprint for Network Security
December 17, 2003
By Paul Rubens

Ever gone out and then spent the evening wondering whether you remembered to 
lock all the doors back at home?

If you’re responsible for a corporate network, you’ve probably had a similar 


==========> 03-12-17-TechResNews-DeviceScansInternetPacketsForViruses.txt==========

http://www.trnmag.com/Stories/2003/121703/Device_guards_Net_against_viruses_1217
03.html

Device guards Net against viruses
December 17/24, 2003
By Kimberly Patch, Technology Research News

Keeping a computer safe from viruses usually means installing virus-catching 
software and keeping it running and updated. Not everyone takes the trouble to 
do this, and viruses spread because there are enough unprotected machines to 


==========> 03-12-19-BBC-CybersecurityThreatsARiskToNetsFuture.txt==========

http://news.bbc.co.uk/2/hi/technology/3322449.stm

Cyber threats risk net's future
By Clark Boyd
Technology correspondent in Geneva

The hunger in poor nations for going online is not without danger. With 
improved access, comes the threat of ever more internet security violations.

Security was one of the many issues discussed in Geneva


==========> 03-12-19-WebHostIndRev-CERT-RacingToSecureTheInternet.txt==========

http://www.thewhir.com/features/cert.cfm

CERT/CC: Racing to Secure the Internet
By Wayne Epperson
From Web Hosting Monthly, December 2003 edition
Web Host Industry Review

December 19, 2003 -- (WEB HOST INDUSTRY REVIEW) -- Effective Internet security 
often comes down to a race between the bad guys and the good guys; those who 
try to exploit software vulnerabilities and those who work to keep systems and 


==========> 03-12-22-CompWorld-NewAntiHackingToolsComing.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,88359,00.html

Tools Coming for Digital Immunity
Coming for information security: tools for adaptive and resilient computing.
Future Watch by Gary H. Anthes

DECEMBER 22, 2003 ( COMPUTERWORLD ) - The battle against computer viruses and 
system intruders is often described as an arms race, in which increasingly 
powerful weapons are countered by ever stronger defenses. But this particular 
arms race isn't in a dead heat; the mavens of malware are winning it.


==========> 03-12-23-BadYearForVirusAttacks.txt==========

http://www.wired.com/news/infostructure/0,1377,61710,00.html

The Internet Is a Very Sick Place 
By Michelle Delio
02:00 AM Dec. 23, 2003 PT

The year 2003 has been deemed the worst in computer-virus history by security 
experts, despite the fact that worm and virus writers displayed no significant 
technological progress in the code of their newest nasty little creations.



==========> 03-12-28-WashPost-SpamSpywareVirusesAndWorms.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A33688-2003Dec27.html

Big Intrusions, Tiny Pictures and Patented Problems
By Rob Pegoraro
Sunday, December 28, 2003; Page F07

This is the year the Internet officially stopped being fun. The festering 
problems of spam, spyware, viruses, worms and pop-ups boiled over, making the 
online experience merely annoying at best, financially and emotionally 
destructive at worst.


==========> 03-12-29-CompWorld-SecurityPredictionsFor2004.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,88113,00.html

Security predictions for 2004
By Peter H. Gregory
DECEMBER 29, 2003
	
In 2004, information security professionals will experience more of the darker 
side of human behavior, but organizations will also take more control over 
their network and computing infrastructures, particularly end-user systems.



==========> 03-12-29-NYT-SmartCarsAreCauseForConcern.txt==========

http://www.nytimes.com/2003/12/29/technology/29car.html

This Car Can Talk. What It Says May Cause Concern.
By JOHN SCHWARTZ
Published: December 29, 2003

Last year, Curt Dunnam bought a Chevrolet Blazer with one of the most popular 
new features in high-end cars: the OnStar personal security system.

The heavily advertised communications and tracking feature is used nationwide 


==========> 03-12-29-SJMerc-VoteHere-EvotingFirmsWebsiteHacked.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7592802.htm

Posted on Mon, Dec. 29, 2003		
Electronic Voting Firm Has Site Hacked
TED BRIDIS
Associated Press

WASHINGTON - A company developing security technology for electronic voting 
suffered an embarrassing hacker break-in that executives think was tied to the 
rancorous debate over the safety of casting ballots online.


==========> 03-12-29-Wired-WishListsFor2004.txt==========

http://www.wired.com/news/culture/0,1284,61726,00.html

The Fantasy and Reality of 2004 
By Michelle Delio
02:00 AM Dec. 29, 2003 PT

Fling dishes or flaming furniture out the window, fire off celebratory gunfire, 
jump off chairs, ring bells, beat drums, clutch silver as the clock strikes 
midnight or sweep bad juju out of the house with a kitchen broom -- these are 
some of the ways people welcome in the New Year.


==========> 03-12-30-BusWeek-TopTechTrendsFor2004.txt==========

http://www.businessweek.com/technology/content/dec2003/tc20031230_9935.htm

DECEMBER 30, 2003    •  Editions: Edition Preference
NEW YEAR OUTLOOK
Tech's Top Trends for 2004
Yes, it will be a better year, especially for consumers, overseas telecoms, and 
China -- which will become ever-more important


In 2003, the tech industry hit bottom and bumped through yet another bad year. 


==========> 04-01-04-ECommTimes-TheSecureEmailChallenge.txt==========

http://www.ecommercetimes.com/perl/story/32756.html

Tackling the Secure Web Mail Challenge
By Keith Pasley
E-Commerce Times
February 4, 2004

There is a trend in the secure Web mail technology sector toward use of 
appliances that not only provide Web mail protection, but also serve other 
e-mail infrastructure security objectives. This approach simplifies management 


==========> 04-01-05-InfoWeek-CybersecurityThreatsWontLetUp.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=17100340

Security Threats Won't Let Up
Attacks on business networks are expected to grow As use of spyware increases. 
The good news? As risk increases, companies are paying attention.
By George V. Hulme,  InformationWeek
Jan. 5, 2004

Last year was a bad one for information-security professionals. This year is 
likely to be even worse.


==========> 04-01-07-TechRev-IPv6WillMakeNetSlowerAndLessSecure.txt==========

http://www.technologyreview.com/articles/wo_garfinkel010704.asp

Internet 6.0
The next version of the Internet Protocol, IPv6, will supply the world with 
addresses by the trillions. Too bad it will also make the Net slower and less 
secure.
By Simson Garfinkel
The Net Effect
January 7, 2004



==========> 04-01-08-SJMerc-NYTimesHackerPleadsGuilty.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7664210.htm

Posted on Thu, Jan. 08, 2004		
Hacker pleads guilty to entering N.Y. Times computers

NEW YORK (AP) - A hacker admitted Thursday that he broke into The New York 
Times' computer system to illegally access contributors' personal details and 
LexisNexis information services.

Adrian Lamo, 22, of Carmichael, Calif., pleaded guilty to a single count of 


==========> 04-01-09-Wired-MuchOfKazaaCodeIsMalware.txt==========

http://www.wired.com/news/business/0,1367,61852,00.html

Kazaa Delivers More Than Tunes 
By Kim Zetter
07:00 AM Jan. 09, 2004 PT

Forty-five percent of the executable files downloaded through Kazaa, the most 
popular file-sharing program, contain malicious code like viruses and Trojan 
horses, according to a new study.



==========> 04-01-11-SwissInfo-SwissExpertTalksAboutViruses.txt==========

http://www.swissinfo.org/sen/swissinfo.html?siteSect=511&sid=4607572

Saturday 17.01.2004, CET 17:49
Swiss expert leads fights against computer viruses
swissinfo  
January 11, 2004 12:02 PM
	
 
Urs Gattiker has written a number of books on information security (swissinfo)
		


==========> 04-01-11-WashPost-HoneypotsCatchEvilDoers.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A5056-2004Jan9.html

We Can Trap More Crooks With a Net Full of Honey
By Michael Schrage
Sunday, January 11, 2004; Page B01

The site looks temptingly authentic. Its pictures are graphic, the kind that 
would immediately appeal to a pedophile. A customer cruising the Net for kiddie 
porn would want to double-click to see more. But wait. Before he touches the 
mouse, he's compelled to ask himself: Is this online offer for real? Or is this 


==========> 04-01-12-ITMgmt-IncreasingDamageFromHackersSlowing.txt==========

http://itmanagement.earthweb.com/secu/article.php/3298191

Is the Tide Turning in Battle Against Hackers?
January 12, 2004
By Drew Robb

It's a quagmire.

No, not Iraq. The Internet. The war against hackers has been going on for 
decades and we are no closer to pulling out than we were when Kevin Mitnick was 


==========> 04-01-12-WSJ-TeachingCybersecurity.txt==========

# "It Takes a Thief"
Wall Street Journal (01/12/04) P. R5; Fong, Mei

There has been an increase in the number of schools offering courses in hacking 
and network penetration techniques, so that companies can bolster their 
defenses against such intrusions. "If we want to improve computer security, we 
have to teach how attacks work, how viruses work," contends Counterpane 
Internet Security founder Bruce Schneier. Some courses cover hacking 
fundamentals, such as cracking passwords and spying on data as it passes 
through the Internet; others emphasize the exploitation of human weakness, such 


==========> 04-01-15-CNETNews-LackOfDiversityIncreasesNetViruses.txt==========

http://news.com.com/2009-7349-5140971.html

Agriculture epidemics may hold clues to Net viruses
By Robert Lemos
Staff Writer, CNET News.com
January 15, 4:00AM PT

In studying the effects of last summer's MSBlast worm, some security experts 
turned to an unlikely source in search of clues to the prevention of computer 
epidemics: plants.


==========> 04-01-15-SJMerc-GAOSaysGovtSlowToMakeSecurityImprovements.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7719472.htm

Posted on Thu, Jan. 15, 2004		
Government slow to make Internet security improvements, GAO says

WASHINGTON (AP) - The government must still develop policies, secure funding 
and train its employees before agencies can use a security system designed to 
protect online transactions, congressional investigators said Thursday.

The General Accounting Office said the security system goes beyond simply 


==========> 04-01-20-MSNBC-RootServerPhysicalSecurityLiesInObscurity.txt==========

http://www.msnbc.msn.com/id/4009568/

Fort N.O.C.'s
The heart of Internet security lies in obscurity
Technicians monitor Internet traffic in a Verisign network operating center. A 
new center has recently gone operational and will replace the one seen here.
By Brock N. Meeks
Reporter
MSNBC
Updated: 8:52 p.m. ET Jan. 20, 2004


==========> 04-01-20-ServeSec-JohsHopkinsReportCriticalOfDODOnlineEvoting.txt==========

http://www.servesecurityreport.org/

A Security Analysis of the Secure Electronic
Registration and Voting Experiment (SERVE)
January 20, 2004

Authors
    Dr. David Jefferson 
    Dr. Aviel D. Rubin
    Dr. Barbara Simons


==========> 04-01-20-WashPost-BagleBeagleWormSpreadsByEmail.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A30791-2004Jan20.html

Internet Worm Lurks In E-Mail In-Boxes
By Brian Krebs
Special to The Washington Post
Tuesday, January 20, 2004; Page E05

A new Internet worm that spread by e-mail through Asia, Australia and Europe 
began appearing in U.S. in-boxes yesterday, and experts warned it could spread 
as people go back to work after the Martin Luther King Jr. holiday.


==========> 04-01-21-NYT-JohsHopkinsReportCriticalOfDODOnlineEvoting.txt==========

http://www.nytimes.com/2004/01/21/technology/23CND-INTE.html?ei=5062&en=2acd464e
defb3c30&ex=1075352400&partner=GOOGLE&pagewanted=print&position=

January 21, 2004
Report Says Internet Voting System Is Too Insecure to Use
By JOHN SCHWARTZ

new $22 million system to allow soldiers and other Americans overseas to vote 
via the Internet is inherently insecure and should be abandoned, according to 
members of a panel of computer security experts asked by the government to 


==========> 04-01-21-UCBerkeley-ExpertsSayDODInternetVotingProgramNotSecure.txt==========

http://www.berkeley.edu/news/media/releases/2004/01/21_vote.shtml

Internet voting system set for upcoming elections not secure, computer experts 
say
Jan. 21, 2004
By Sarah Yang, Media Relations, and Phil Sneiderman, The Johns Hopkins 
University | 21 January 2004

BERKELEY – A federally funded online absentee voting system scheduled to debut 
in less than two weeks has security vulnerabilities that could jeopardize voter 


==========> 04-01-22-CNETNews-SecurityProsQuestionFlawFind.txt==========

http://news.com.com/2100-7355_3-5145863.html

Security pros question flaw find
Last modified: January 22, 2004, 3:53 PM PST
By Robert Lemos
Staff Writer, CNET News.com
       
Two Internet software developers who said they have uncovered a way to cause 
entire networks of computers to freeze or shut down may have simply 
rediscovered an old network issue.


==========> 04-01-22-SJMerc-JohsHopkinsReportBlastsDODOnlineEvoting.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7769017.htm

Posted on Thu, Jan. 22, 2004		
Pentagon online voting blasted
SCIENTISTS SAY SYSTEM HAS SECURITY FLAWS AND SHOULD BE SHUT DOWN BEFORE DEBUT
By Elise Ackerman
Mercury News

The Pentagon's new Internet-based voting system is vulnerable to tampering and 
should be shut down, computer scientists reviewing the program said Wednesday.


==========> 04-01-25-NewSci-MutatingSoftwareCouldPredictAttacks.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99994588

Mutating software could predict hacker attacks
10:00 25 January 04
Exclusive from New Scientist Print Edition

Novel computer viruses and worms can sweep the world within hours, leaving a 
trail of devastation, because firewalls and antiviral software work by 
identifying the telltale signatures of known attacks. They are useless against 
anything completely new.


==========> 04-01-26-WSJ-SimpleCookieIDsPresentSecurityProblem.txt==========

# "Biggest Web Problem Isn't About Privacy, It's Sloppy Security"
Wall Street Journal (01/26/04) P. B1; Gomes, Lee

Web security leaves a lot to be desired, as evidenced by embarrassing incidents 
at companies such as the online restaurant reservation service OpenTable.com; 
Web designers need constant reminding of the security issues they should be 
aware of as they create Web sites, a situation that MIT doctoral student and 
security consultant Kevin Fu calls "depressing." Upon signing up at OpenTable, 
new customers are given personal cookies that store specific customer numbers 
so that the site recognizes returning customers and sends their personal data 


==========> 04-01-28-CompWorld-MyDoomTargetsMSWebsite.txt==========

http://www.computerworld.com/securitytopics/security/virus/story/0,10801,89494,0
0.html?SKC=news89494

Update: New Mydoom worm discovered
By LINDA ROSENCRANCE
JANUARY 28, 2004
			
A new variant of the Mydoom.A (Novarg.A) worm, which has been spreading swiftly 
across the Internet since Monday, emerged today, according to London-based 
security vendor Mi2g Ltd.


==========> 04-01-28-SJMerc-DG-MyDoomEmailWorm.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7814718.htm

Posted on Wed, Jan. 28, 2004		
An e-mail worm's greatest ally is us
By Dan Gillmor
Mercury News Technology Columnist

News and views, culled and edited from my online eJournal 
(www.dangillmor.com/blog):



==========> 04-01-28-Wired-MyDoomWormStillDangerous.txt==========

http://www.wired.com/news/technology/0,1282,62073,00.html

Worm Slowing, but Still Dangerous 
By Michelle Delio
02:00 AM Jan. 28, 2004 PT

Now proclaimed the most virulent e-mail virus ever, MyDoom has slowed its pace 
since beginning its race across the Internet on Monday.

But experts warn the worm most likely will cause trouble for a long time to 


==========> 04-01-29-MSNBC-NationalCyberAlertSystem.txt==========

http://www.msnbc.msn.com/id/4100822/

'We’re Making Rapid Progress'
Can the new National Cyber Alert System help stop the spread of future viruses? 
National Cyber Security Division director Amit Yoran explains the alert system 
and other efforts with the private sector that the government hopes will soon 
make cyberspace safer
Paivi Vayrynen / AFP-Getty Images
An employee at the Finnish security firm F-Secure studies a new variation of 
the fast-spreading MyDoom virus


==========> 04-01-29-PCWorld-FTCFinds1MServersOpenToSpammers.txt==========

http://www.pcworld.com/news/article/0,aid,114528,00.asp

Vulnerable Servers Warned
FTC seeks to secure more than a million servers that can be spoofed by spammers.
Grant Gross, IDG News Service
Thursday, January 29, 2004

WASHINGTON, D.C. -- The Federal Trade Commission has identified more than 1 
million IP addresses that provide open proxies or open relays, which spammers 
can tap to hide their identities, and is alerting server owners that they might 


==========> 04-01-29-SJMerc-MSOffersRewardForMyDoomVirusWriter.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7828346.htm

Posted on Thu, Jan. 29, 2004		
Microsoft offers $250,000 reward for help catching virus author

WASHINGTON (AP) - Microsoft Corp. promised Thursday to pay $250,000 to anyone 
who helps authorities find and prosecute the author of a fast-spreading 
computer virus.

The cash reward is the third so far under a $5 million program Microsoft 


==========> 04-01-29-SJMerc-MyDoomTargetsMSWebsite.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7825088.htm

Posted on Thu, Jan. 29, 2004		
Worm variant has new mark
`MYDOOM' STRAIN SAID TO AIM FOR MICROSOFT SITE
By Dan Lee
Mercury News

``Mydoom'' is back -- with a new target.



==========> 04-01-29-WashPost-DHSComputerToTrackCyberAttacks.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A58255-2004Jan28.html

U.S. Takes Anti-Virus Role
Web Site to Track Cyber-Attacks, Advise Consumers
Amit Yoran, the federal cybersecurity director, announced a Web site with 
information on computer viruses.
By Jonathan Krim and Mike Musgrove
Washington Post Staff Writers
Thursday, January 29, 2004; Page E05



==========> 04-01-30-SecFocus-DODLinuxSecurityProjectsLacksParticipants.txt==========

http://www.securityfocus.com/news/7947

DARPA-funded Linux security hub withers
By Kevin Poulsen, SecurityFocus Jan 30 2004 5:19PM

Two years after its hopeful launch, a U.S.-backed research project aimed at 
drawing skilled eyeballs to the thankless task of open-source security auditing 
is prepared to throw in the towel.

Initially funded by a research grant from the Pentagon's Defense Advanced 


==========> 04-01-30-SJMerc-MSPlansDefensesAgainstMyDoomVirus.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7838408.htm

Posted on Fri, Jan. 30, 2004		
Microsoft prepares defenses against virus-generated attack

SEATTLE (AP) - Microsoft Corp. said Friday it was working to ward off an 
Internet virus that was set to attack the software company's Web site on 
Tuesday.

``We're definitely doing everything we can to make sure that our customers who 


==========> 04-01-30-SJMerc-StudyFindsMarylandSystemVulnerableToHackers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7836994.htm

Posted on Fri, Jan. 30, 2004		
Maryland's e-voting system vulnerable to hackers, report finds

ANNAPOLIS, Md. (AP) - Computers that Maryland voters will use in the March 
primary contain ``vulnerabilities that could be exploited by malicious 
individuals,'' according to programmers who tested the equipment.

Hackers could easily compromise 16,000 touch-screen computers in precincts 


==========> 04-01-30-TechNewsWorld-TerroristsNotLikelyToUseWorms.txt==========

http://www.technewsworld.com/perl/story/32721.html

Is the Superworm a Mere Myth?
By Jack M. Germain
TechNewsWorld
January 30, 2004

"Terrorists are not using superworms and other network attacks because they 
don't reach their target that way," Mikko Hyppönen, director of antivirus 
research at Finland-based F-Secure, told TechNewsWorld. "Terrorists want to 


==========> 04-01-31-USACMWashUpdate-SenateExpectedToApproveLegislationTargetingPeer-to-PeerSecurityRisks.txt==========

Subject:
ACM Washington Update Vol. 8.1 January 31, 2004
From:
Lillie Coney <lillie.coney@ACM.ORG>
Date:
Fri, 30 Jan 2004 16:06:59 -0500
To:
WASHINGTON-UPDATE@ACM.ORG

ACM Washington Update Vol. 8.1 January 31, 2004


==========> 04-02-00-ACMQueue-DesigningSensibleAuthentication.txt==========

Features: Sensible Authentication
Bruce Schneier
February 2004 	  	
Queue,  Volume 1 Issue 10 

According to the author of Beyond Fear, it’s not enough to know who you are; 
you’ve got to prove it.

The problem with securing assets and their functionality is that, by 
definition, you don’t want to protect them from everybody. It makes no sense to 


==========> 04-02-00-ACMQueue-RequiringProofOfAuthentication.txt==========

Features: Sensible Authentication
Bruce Schneier
February 2004 	  	
Queue,  Volume 1 Issue 10 

According to the author of Beyond Fear, it’s not enough to know who you are; 
you’ve got to prove it.

The problem with securing assets and their functionality is that, by 
definition, you don’t want to protect them from everybody. It makes no sense to 


==========> 04-02-00-BusCommRev-RethinkingNetworkSecurity.txt==========

# "Rethinking Network Security"
Business Communications Review (02/04) Vol. 34, No. 2, P. 16; Phifer, Lisa

Overcoming the problems of network security and lowering the dangers presented 
by worms, trojans, and other kinds of malware that so plagued Internet users 
last year will require a coordinated multi-pronged approach that involves 
everyone. "Perimeter defense as the sole or primary means of protecting an 
organization is collapsing, especially as more and more organizations allow 
partners and customers to connect to them," notes Ian Poynter of Bit 9. 
Organizations stand a much better chance of recovering from network disruptions 


==========> 04-02-00-CACM-SOAP-SimpleObjectAccessProtocolMayLooseAbilityToGetThruFirewalls.txt==========

How clean is the future of SOAP?
Conan C. Albrecht
February 2004 	  	
Communications of the ACM,  Volume 47 Issue 2 

If developers are not wise with its application, SOAP may lose the ability to 
tunnel through firewalls—an ability that represents one of its primary 
advantages.

Simple Object Access Protocol (SOAP) is the primary transport mechanism for the 


==========> 04-02-01-CSOOnline-FourSecurityGrandChallenges.txt==========

http://www.csoonline.com/read/020104/shop.html

Unlocking Our Future
A look at the challenges ahead for computer security
BY SIMSON GARFINKEL

Forty-two years ago, John F. Kennedy's commitment to landing a man on the moon 
and returning him safely to the Earth was the epitome of a "Grand 
Challenge"—the attempt to tackle a problem in science or engineering that is 
easy to describe but monumentally difficult to solve. More recently, the field 


==========> 04-02-02-CompWorld-ITMgrsBiggestProblems-VirusesAndSpam.txt==========

http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,896
37,00.html

Dual Curses: Viruses and Spam
By Jeff Ubois and Mitch Betts
FEBRUARY 02, 2004
			
Slammer. Bugbear.B. Blaster. Sobig.F. 2003 was the worst year for virus 
outbreaks in the 20-year history of computer viruses, declares a report by 
F-Secure Corp. in San Jose. It was a growth year for spam, too, and by 


==========> 04-02-02-WSJ-HighProfileWebSecurityFlawsSurface.txt==========

# "More Scary Tales Involving Big Holes in Web-Site Security"
Wall Street Journal (02/02/04) P. B1; Gomes, Lee

The market for Web application security is heating up due to several 
high-profile security flaws that have been discovered in corporate Web sites. 
These flaws open the door to incidents of industrial espionage and identity 
theft, as hackers can use the flaws to gain access to customer databases and 
information about a company's daily operations. Now that most of the Internet's 
basic infrastructure has been secured, Web security specialists are trying to 
improve the security of the software programs that run many corporate Web 


==========> 04-02-03-NatJourTechDaily-GAOOfficialUrgesStrengtheningStrategies.txt==========

http://www.govexec.com/dailyfed/0204/020304tdpm1.htm

February 3, 2004
Official urges strengthening of anti-terrorism strategies
By Greta Wodele, National Journal's Technology Daily

As the Bush administration implements strategies to fight terrorism, it must 
strengthen plans that address cybersecurity, data collection and other fields, 
a government official told lawmakers on Tuesday.



==========> 04-02-03-SFChron-MyDoomPropagatesAttacksAndSpam.txt==========

http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2004/02/03/BUG
OL4ND9D1.DTL&type=tech

Why this one is scarier
Mydoom brings computer viruses to new level of sophistication, damage
Carrie Kirby, Chronicle Staff Writer
Tuesday, February 3, 2004

After "zombie" computers infected with the Mydoom worm knocked a small Utah 
company's Web site off the Internet on Sunday, Microsoft Corp. is bracing for a 


==========> 04-02-03-SJMerc-MyDoomPlaguesSCOAgain.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7863286.htm

Posted on Tue, Feb. 03, 2004		
Mydoom plagues SCO in 2nd day
ANOTHER STRAIN PROGRAMMED TO HIT MICROSOFT SITE TODAY
By Dan Lee
Mercury News

``Mydoom,'' the fastest-spreading Internet virus ever, shut down software maker 
SCO Group's Web site for a second day Monday with a massive denial-of-service 


==========> 04-02-04-GoVCompNews-SenSchumerCallsForMandatoryVirusReporting.txt==========

http://www.gcn.com/vol1_no1/daily-updates/24843-1.html

Senator calls for mandatory reporting of viruses
02/04/04
By William Jackson,
GCN Staff

Sen. Charles Schumer (D-N.Y.) said the Homeland Security Department’s virus 
alert system is flawed and called for a centralized plan for government 
response to cyberthreats.


==========> 04-02-04-NextGenss-RealReleasesSecurityUpdate.txt==========

http://www.nextgenss.com/advisories/realone.txt

NGSSoftware Insight Security Research Advisory

Name: RealPlayer & RealOne Player Buffer Overruns
Systems Affected: RealOne Player, RealOne Player v2, RealOne Enterprise
Desktop / RealPlayer Enterprise (all language versions, all platforms)
Severity: High Risk
Vendor URL: http://www.real.com/
Author: Mark Litchfield [ mark@ngssoftware.com ]


==========> 04-02-04-RealNetworks-RealReleasesSecurityUpdate.txt==========

http://www.service.real.com/help/faq/security/040123_player/EN/

RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.
Updated February 4, 2004

RealNetworks, Inc. has recently been made aware of security vulnerabilities 
that could potentially allow an attacker to run arbitrary code on a user's 
machine.

The specific exploits were:


==========> 04-02-05-NYT-ExpertsBlameNaiveUsersForVirusesSpread.txt==========

http://www.nytimes.com/2004/02/05/technology/05VIRU.html

February 5, 2004
Geeks Put the Unsavvy on Alert: Learn or Log Off
By AMY HARMON

When Scott Granneman, a technology instructor, heard that one of his former 
students had clicked on a strange e-mail attachment and infected her computer 
with the MyDoom Internet virus last week, empathy did not figure anywhere in 
his immediate response.


==========> 04-02-05-SJMerc-FlawFoundInCheckPointFirewallSoftware.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7884681.htm

Posted on Thu, Feb. 05, 2004		
Security flaw found in common firewall software

NEW YORK (Dow Jones/AP) -- Two dangerous software flaws that could become 
attractive targets for hackers have been discovered in widely used 
computer-security software made by Check Point Software Technologies Ltd.

If hackers create programs to exploit the flaws, which security experts found 


==========> 04-02-08-NYTMag-TheVirusUnderground.txt==========

http://www.nytimes.com/2004/02/08/magazine/08WORMS.html?ex=1076821200&en=f03e835
0a90218d0&ei=5062&partner=GOOGLE

February 8, 2004
The Virus Underground
By CLIVE THOMPSON

This is how easy it has become.

Mario stubs out his cigarette and sits down at the desk in his bedroom. He pops 


==========> 04-02-09-CNETNews-DoomjuiceVirusFeedsOnMyDoomInfections.txt==========

http://news.com.com/2100-7349_3-5156105.html?tag=nefd_top

New viruses feed on MyDoom infections
By Robert Lemos
Staff Writer, CNET News.com
Story last modified February 9, 2004, 4:45 PM PST

Two worms that take advantage of computers whose security has already been 
compromised started spreading on Monday, antivirus software companies warned.



==========> 04-02-09-NetCraft-MyDoomDDoSAttacksBeseigeMSServers.txt==========

http://news.netcraft.com/archives/2004/02/09/wwwmicrosoftcom_probably_under_sieg
e_from_ddos.html

Posted by richm at February 9, 2004 05:20 PM
www.microsoft.com probably under siege from DDoS 	Performance
Microsoft's main web site at www.microsoft.com experienced performance problems 
this morning, probably due to a DDoS attack launched by a new version of the 
MyDoom virus.

A dynamically updating graph is available here, with performance data for all 


==========> 04-02-09-NewsFact-LinuxMayHaveSecurityVulnerabilities.txt==========

http://www.newsfactor.com/story.xhtml?story_title=Linux_Security_on_the_Ropes&st
ory_id=23156

Linux Security on the Ropes
By James Maguire
Enterprise Security Today
February 9, 2004 7:58PM

Veteran programmers have brought lifetimes of experience to Linux's 
development, including an awareness of the "gotchas" of OS security, says Paula 


==========> 04-02-09-WSJ-InternetSafety.txt==========

# "The Net: Safety, Blogs and Protocols"
Wall Street Journal (02/09/04) P. R3; Wingfield, Nick; Mangalindan, Mylene; 
Swisher, Kara

Uncertainty abounds when the topic is the immediate future of the Internet, and 
while the subject is debated regularly on email lists, Web sites, and 
discussion groups, corporations and individuals will have a hand in shaping the 
technology. Hackers have stepped up their attacks, prompting concerns from 
security experts that a major attack is on the horizon, but terrorism concerns 
have given government agencies and companies more of an incentive to shore up 


==========> 04-02-09-ZDNet-NokiaAdmitsBluetoothSecurityHolesInCellPhones.txt==========

http://news.zdnet.co.uk/0,39020330,39145886,00.htm

Nokia admits multiple Bluetooth security holes
Munir Kotadia
ZDNet UK
February 09, 2004, 17:50 GMT
	
Nokia has admitted that a number of its Bluetooth handsets are vulnerable to 
bluesnarfing - in which data can be stolen from a phone without the owner's 
knowledge


==========> 04-02-10-CNETNews-DoomjuiceVirusFeedsOnMyDoomInfections.txt==========

http://news.com.com/2100-7349_3-5156836.html

MyDoom author may be covering tracks
By Robert Lemos
Staff Writer, CNET News.com
Story last modified February 10, 2004, 4:05 PM PST

A worm that started spreading on Sunday places the source code for the original 
MyDoom virus on victims' hard drives, an action equivalent to planting 
evidence, antivirus experts said Tuesday.


==========> 04-02-10-ElectricNews-ExpertDownplaysNokiaBluetoothSecurityProblems.txt==========

http://www.electricnews.net/news.html?code=9390452

Expert plays down 'bluesnarfing' threat
Tuesday, February 10 2004
by Matthew Clark
	
Nokia has apparently admitted that certain Bluetooth-enabled devices are 
susceptible to 'bluesnarfing' attacks, but not everyone is convinced the threat 
is severe.



==========> 04-02-10-SJMerc-MSWarnsAboutCriticalWindowsSecurityFlaws.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7920476.htm

Posted on Tue, Feb. 10, 2004		
Microsoft warns consumers about major Windows security flaws

WASHINGTON (AP) - Microsoft Corp. warned customers Tuesday about unusually 
serious security problems with its Windows software that could let hackers 
quietly break into their computers to steal files, delete data or eavesdrop on 
sensitive information.



==========> 04-02-10-TechWeb-DoomjuiceVirusFeedsOnMyDoomInfections.txt==========

http://www.techweb.com/wire/story/TWB20040210S0015

Why Is MyDoom Author Spreading Source Code?
February 10, 2004 (3:58 p.m. EST)
By Gregg Keizer, TechWeb News

The author of the MyDoom.c worm is a sneaky hacker who is spreading the 
original MyDoom's source code in an effort to throw authorities off his track, 
a security analyst said Tuesday.



==========> 04-02-11-PCWorld-DHSReleasesCybersecurityReportCard.txt==========

http://www.pcworld.com/news/article/0,aid,114749,00.asp

Is Cyberspace Getting Safer?
Federal agency issues one-year cybersecurity report card and describes goals 
for security efforts.
Adrienne Newell, Medill News Service
Wednesday, February 11, 2004

WASHINGTON -- The cybersecurity branch of the federal Homeland Security 
Department is taking stock not quite a year after its inception, pointing to 


==========> 04-02-11-SJMerc-MSWarnsAboutCriticalWindowsSecurityFlaws.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7926529.htm

Posted on Wed, Feb. 11, 2004		
`Critical' flaw in Windows found
MICROSOFT OFFERS PATCH TO FIX ERROR
By Dan Lee
Mercury News

Microsoft warned computer users Tuesday about a ``critical'' flaw in its 
Windows operating system that could give hackers control of computers.


==========> 04-02-11-TechWeb-DoomjuiceVirusToLaunchDDoSOnMSWebsite.txt==========

http://news.netcraft.com/archives/2004/02/11/doomjuiceb_refines_ddos_attack_agai
nst_microsoft.html

Posted by richm at February 11, 2004 03:11 PM
DoomJuice.B Refines DDoS Attack Against Microsoft 	Performance
A new version of the DoomJuice worm seeks to launch a more effective denial of 
service attack on Microsoft's web site tomorrow, according to F-Secure.

The new worm, DoomJuice.B, sets random HTTP headers to make it more difficult 
to filter the attack traffic, seeking to work around a defensive measure used 


==========> 04-02-12-CompWorld-GAOWarnsCAPPSIIFacesDelays.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,90157,00.html

Airline passenger screening system faces delays
By DAN VERTON
FEBRUARY 12, 2004
			
WASHINGTON -- The General Accounting Office warned today that the 
Transportation Security Administration's high-tech system to screen airline 
passengers for terrorist connections faces significant testing and deployment 
delays, which could affect the program's ultimate success.


==========> 04-02-12-WashPost-CongressAndCybersecurity.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A26684-2004Feb9.html

Transcript
Congress and Cybersecurity
Government's Pressing Cybersecurity Issues

Rep. Adam Putnam (R-Fla.)
House Subcommittee
Thursday, February 12, 2004; 10:30 AM



==========> 04-02-13-CNETNews-WindowsCodeUpForGrabs.txt==========

http://news.com.com/2100-7349_3-5158905.html?tag=nefd_top

Windows code up for grabs
By Robert Lemos
Staff Writer, CNET News.com
Story last modified February 13, 2004, 9:15 AM PST

Microsoft is investigating how a file containing some protected source code to 
Windows 2000 was posted to several underground sites and chat rooms.



==========> 04-02-13-InfoWorld-IBMAndCiscoSeekBetterSecurity.txt==========

http://www.infoworld.com/article/04/02/13/HNibmciscosecurity_1.html

IBM, Cisco team on network security
Companies will integrate a number of products to address network security 
threats
 Tech giants IBM Corp. and Cisco Systems Inc. are collaborating to address 
network security threats such as hackers, worms, and viruses, the companies 
said on Friday.

Under a new agreement, they are integrating a number of products, allowing 


==========> 04-02-13-SJMerc-IBMAndCiscoSeekBetterSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/7946744.htm

Posted on Fri, Feb. 13, 2004
IBM, Cisco jointly seek better security
By Dan Lee
Mercury News

Technology giants IBM and Cisco Systems today are announcing plans to link 
their products in an effort to better protect customers' computer networks from 
worms, viruses and other attacks.


==========> 04-02-13-TechNewsWorld-HackersForHire.txt==========

http://www.technewsworld.com/perl/story/32847.html

Hackers for Hire
By Jack M. Germain
TechNewsWorld
February 13, 2004

Some security experts suggest the trend toward using hackers to test the 
security of computer systems is changing. Thomas Patterson, the former regional 
partner for Deloitte & Touche Security Services Group, likened the practice of 


==========> 04-02-13-WashPost-WindowsSourceCodeIllegallyLeaked.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A38314-2004Feb12.html

Windows Source Code Segments Were Leaked
By Brian Krebs
Special to The Washington Post
Friday, February 13, 2004; Page E01

Microsoft Corp. last night confirmed that portions of the source code for two 
versions of its Windows operating system have leaked onto the Internet, a 
security breach that could give hackers important intelligence about how to 


==========> 04-02-15-CIOMag-CIOsChooseIntegratedSecurityProducts.txt==========

http://www.cio.com/archive/021504/et_article.html

Feb. 15, 2004 Issue of CIO Magazine
Thinking Inside the Box
Buying one security product containing an arsenal of capabilities is 
convenient, cheap and potentially dangerous
BY JOHN EDWARDS


SECURITY | Like the mosquitoes that relentlessly swarm across the 49th state 


==========> 04-02-16-BostonGLobe-ComputerMonocultureDebated.txt==========

http://www.boston.com/business/technology/articles/2004/02/16/biology_stirs_soft
ware_monoculture_debate/

Biology stirs software 'monoculture' debate
By Justin Pope, Associated Press, 2/16/2004

CAMBRIDGE -- Dan Geer lost his job but gained his audience. The very idea that 
got the computer security specialist fired has sparked serious debate in 
information technology. The idea, borrowed from biology, is that Microsoft 
Corp. has nurtured a software "monoculture" that threatens global computer 


==========> 04-02-16-EWeek-WindowsCodeLeakShowsIEVulnerability.txt==========

http://www.eweek.com/article2/0,4149,1528040,00.asp

First Fallout from Code Leak Hits the Web
By David Morgenstern
February 16, 2004

Updated: A security company on Monday alerted clients of a new vulnerability to 
Internet Explorer 5, one attributed to the recent leak of Microsoft Corp. 
Windows source code. Microsoft confirmed the problem late in the day.



==========> 04-02-16-SJMerc-SpammersExploitHighSpeedInternetConnections.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7966797.htm

Posted on Mon, Feb. 16, 2004
Spammers exploit high-speed connections
ANICK JESDANUN
Associated Press

NEW YORK - Next time you're looking for a culprit for all that junk mail 
flooding your inbox, have a glance in the mirror. Spammers are increasingly 
exploiting home computers with high-speed Internet connections into which 


==========> 04-02-16-StanfordU-PasswordsAreInsufficient.txt==========

http://www.sciencedaily.com/releases/2004/02/040216084152.htm

Source:  	Stanford University  	
Date: 	2004-02-16
Passwords To Guard Entry Aren't Enough To Protect Complex Data

Passwords to guard entry aren't enough to protect complex data - security 
mechanisms also must protect what goes out.

"Data can easily find itself in danger of being accessed by 'bad guys,'" says 


==========> 04-02-17-ECommTimes-SecurityIsWirelessWeakestLink.txt==========

http://www.ecommercetimes.com/perl/story/32874.html

Security Still Reigns as Wireless 'Weakest Link'
By Helen Gallagher
E-Commerce Times
February 17, 2004

The flexibility of being virtually anywhere is the draw of wireless networks, 
but the back end of that benefit is the need for security.



==========> 04-02-17-PCMag-CanEmailSurvive.txt==========

http://www.pcmag.com/article2/0,4149,1464011,00.asp

Can E-Mail Survive?
February 17, 2004
By  Cade Metz

Last year was not a good year for e-mail. In spring 2003, the steady flow of 
unsolicited and unwanted messages reached a tipping point. According to 
Postini, a California company whose e-mail– filtering service processes 150 to 
200 million messages a day, spam finally accounted for more than half of all 


==========> 04-02-18-ITMgmt-SomeSmallWormsInCirculation.txt==========

http://itmanagement.earthweb.com/secu/article.php/3314551

Flurry of Worms Hits Companies Already on Guard
February 18, 2004
By Sharon Gaudin

A handful of smaller worms are loose in the wild, and though they're not as 
wide-spread or as destructive as some of their malicious counterparts, they're 
causing a flurry of problems around the globe.



==========> 04-02-19-EWeek-LinuxSercurityHolesFoundAndFixed.txt==========

http://www.eweek.com/article2/0,4149,1530811,00.asp

Serious Linux Security Holes Uncovered and Patched
February 19, 2004
By Steven J. Vaughan-Nichols

Several security vulnerabilities in the Linux kernel were uncovered on 
Wednesday by a Polish security group. The problems were verified by Linux 
kernel developers and then fixed with a set of updates.



==========> 04-02-20-MIT-NSAWorkingOnInternetSecurity.txt==========

http://www.mit-kmi.com/articles.cfm?DocID=384

Converging on Network Security
NSA is taking on a host of new security challenges as wired, wireless and 
IP-based networks grow more interoperable.
By Cheryl Gerber

The National Security Agency (NSA) has spearheaded a number of initiatives to 
tackle the toughest network security problems ever, from Internet 
interoperability and network convergence to wireless vulnerabilities.


==========> 04-02-21-SJMerc-MainsoftInTroubleOverLeakedWindowsSource.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8008074.htm

Posted on Sat, Feb. 21, 2004
Mainsoft put in spotlight over leaked source code
By Dan Lee
Mercury News

Mainsoft used to be one of hundreds of small, private technology companies 
working in relative anonymity across Silicon Valley.



==========> 04-02-22-NewSci-NewAMDProcessorsStopBufferOverflowHoles.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99994696

Chips to ease Microsoft's big security nightmare
10:00 22 February 04
Exclusive from New Scientist Print Edition. Subscribe and get 4 free issues.

Chip makers are planning a new generation of microprocessors that should plug 
the gaps that led Microsoft to issue a "critical security alert" last week.

The alert was sparked by the discovery that a raft of Microsoft programs were 


==========> 04-02-23-EWeek-CongressToReviewTechAgenda.txt==========

http://www.eweek.com/article2/0,4149,1539542,00.asp

Congress to Review Tech Agenda
February 23, 2004
By  Caron Carlson

Congress faces a relatively brief session this year, with the autumn election 
portending a timely adjournment, but several IT issues will demand lawmakers' 
attention. The top contenders will be cyber-security, Internet taxes and 
spyware.


==========> 04-02-23-NWFusion-RSAShowHighlightsNewProducts.txt==========

http://www.nwfusion.com/news/2004/0223rsashow.html

RSA show to highlight new security approaches
By Ellen Messmer
Network World, 02/23/04

The 10,000 people expected to attend the RSA Conference 2004 this week in San 
Francisco will be treated to new approaches to the age-old security problems of 
fixing vulnerabilities and verifying user identities.



==========> 04-02-23-WSJ-ComputerSecurityEffortsIntensify.txt==========

# "Computer-Security Efforts Intensify"
Wall Street Journal (02/23/04) P. B4; Clark, Don; Wingfield, Nick; Hanrahan, Tim

An annual conference hosted by RSA Security will be held this week, with email 
fraud, spam, and new ways to hinder such practices through the authentication 
of company and user IDs being major topics of discussion. Bolstering 
information has increased in importance because corporations may now be liable 
for lost or compromised data thanks to new legislation. One proposed solution 
is Sender Permitted From (SPF), in which senders' servers post their IP 
addresses so that email recipients can verify that incoming messages are from 


==========> 04-02-25-CompWorld-LatestMydoomVariantCanDeleteFiles.txt==========

http://www.computerworld.com/securitytopics/security/virus/story/0,10801,90468,0
0.html

Latest Mydoom variant can delete files
By Scarlet Pruitt
FEBRUARY 25, 2004

The latest variant of the Mydoom virus, discovered Friday, is still spreading 
and actively deleting files from victims' computers, security researchers 
warned today.


==========> 04-02-25-LATimes-CyberSecurityWarningSounded.txt==========

http://www.latimes.com/news/nationworld/nation/la-na-cyber24feb25,1,1813415.stor
y?coll=la-headlines-nation

Cyber-Terrorism Warning Sounded
The U.S. is vulnerable to a one-two punch of violence and hacking, senators are 
told.
By Jon Marino
Times Staff Writer
February 25, 2004



==========> 04-02-25-SJMerc-MSUnveilsNewSecurityInitiatives.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8036835.htm

Posted on Wed, Feb. 25, 2004
Microsoft unveils new security initiatives
By Dan Lee
Mercury News

With his company under mounting criticism for security flaws and lapses, 
Microsoft Chairman Bill Gates on Tuesday showed off its latest steps to protect 
computer users from viruses, worms, spam and other Internet threats.


==========> 04-02-25-ZDNet-SenBennettSaysInfoSharingKeyToCybersecurity.txt==========

http://techupdate.zdnet.com/techupdate/stories/main/Information_sharing_is_key_t
o_thwarting_cyber_attacks.html

Tech Update
Senator: Information sharing is key to thwarting cyber attacks
By Dan Farber
February 25, 2004

At the RSA Conference this week, Senator Bob Bennett (R-Utah) was awarded the 
RSA Award for Excellence in the Field of Public Policy. Bennett, Chief Deputy 


==========> 04-02-26-USC-ISI-NSFGrantFundsSelfDefenseForGridComputingNets.txt==========

http://www.isi.edu/stories/79.html

$2 Million NSF Grant Funds Grid Security Research and Builds Self-Defense 
Toolkits at USC
February 23, 2004 	Last Modified: February 26, 2004
Eric Mankin
mankin@usc.edu
(310) 448-9112
4676 Admiralty Way,
Suite 1001


==========> 04-02-26-WashPost-AntiVirusFirmsRaceToNameViruses.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A6924-2004Feb25.html

Survival Of the Catchiest
In Naming Computer Viruses, Speed and Confusion Rule
By Mike Musgrove
Washington Post Staff Writer
Thursday, February 26, 2004; Page E01

Early one Monday afternoon, Craig Schmugar, virus research manager at computer 
security firm Network Associates Inc., was at his desk taking a quick look at 


==========> 04-02-27-BBC-HackersReverseEngrMSPatchesToExploitHoles.txt==========

http://news.bbc.co.uk/1/hi/technology/3485972.stm

Hackers exploit Windows patches
By Mark Ward
BBC News Online technology correspondent
Feb. 27, 2004

Malicious hackers and vandals are lazy and wait for Microsoft to issue patches 
before they produce tools to work out how to exploit loopholes in Windows, say 
experts.


==========> 04-02-27-BBC-MSAdmitsW95HadNoSecurityFeatures.txt==========

http://news.bbc.co.uk/1/hi/technology/3492922.stm

Trusting Microsoft over security
Security is at the centre of what they do now, says Microsoft. But how can we 
be sure, asks technology analyst Bill Thompson.
Feb. 27, 2004

David Aucsmith is Microsoft's security architect, and he came to London this 
week to ask forgiveness for his company's former sins.



==========> 04-02-27-FinTimes-InspirationFromNature.txt==========

http://search.ft.com/search/article.html?id=040227001025

FEATURES: Inspiration from nature's grand designs
By Fiona Harvey
Financial Times; Feb 27, 2004

Once out of nature I shall never take
My bodily form from any natural thing

So wroteW.B. Yeats, imagining instead his future as a creature of pure 


==========> 04-02-28-SJMerc-HackersAndSpammersWorkTogether.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8066749.htm

Posted on Sat, Feb. 28, 2004
AFP/File/Joel Saget
Hackers have developed a new version of powerful Mydoom Internet worm that 
attempts to use infected computers to launch attacks aimed at shutting down 
Microsoft's main website, experts said.
On guard against hackers
SECURITY CONFERENCE FOCUSES ON MISCREANTS AND THEIR MOTIVES
By Dan Lee


==========> 04-02-29-USACM-HomelandSecurityEfforts.txt==========

ACM Washington Update Vol 8.2
February 29, 2004

*******************************
[1] USACM Identifies Digital Rights Management Policy Issues
[2] USACM Urges Federal Funding to Ensure Secure Elections
[3] European Officials Working on Standards for Electronic Voting
[4] California Appeals Court Rules in Support of Reverse Engineering
[5] House Democrats Release Report on Homeland Security Efforts
[6] New Free Trade Agreement Includes Provisions of the US DMCA


==========> 04-03-00-CACM-CreatingAnExperimentalInfrastructionForDevelopingSecurityTechnologies.txt==========

Emerging technologies for homeland security: Cyber defense technology 
networking and evaluation
R. Bajcsy, T. Benzel, M. Bishop, B. Braden, C. Brodley, S. Fahmy, S. Floyd, W. 
Hardaker, A. Joseph, G. Kesidis, K. Levitt, B. Lindell, P. Liu, D. Miller, R. 
Mundy, C. Neuman, R. Ostrenga, V. Paxson, P. Porras, C. Rosenberg, J. D. Tygar, 
S. Sastry, D. Sterne, S. F. Wu
March 2004 	  	
Communications of the ACM,  Volume 47 Issue 3 

Creating an experimental infrastructure for developing next-generation 


==========> 04-03-00-CACM-EmergingTechnologiesForCyberSecurity.txt==========

Emerging technologies for homeland security: Cyber defense: art to science
O. Sami Saydjari
March 2004 	  	
Communications of the ACM,  Volume 47 Issue 3 

Seeking the knowledge and means to more methodically detect, defend against, 
and better understand attacks on networked computer resources.

Imagine that you lead an organization under cyber attack on your critical 
information systems. What questions are you likely to ask?


==========> 04-03-00-CACM-IncreasedComputerPerformanceIncreasesSecurityDemands.txt==========

Security watch: Superscaled security
Rebecca T. Mercuri
March 2004 	  	
Communications of the ACM,  Volume 47 Issue 3 

Exponential increases in computational speed, memory capacity, and bandwidth 
impose futuristic security demands and challenges.

Advances in high-performance computing have found their counterpart in new 
security threats. Yet there is an interesting twist in that computational 


==========> 04-03-00-SCMag-FBIProjectDevelopsInto10000MemberInfraGardOrganization.txt==========

http://www.scmagazine.com/features/index.cfm?fuseaction=FeatureDetails&newsUID=2
3048cda-cc74-47ec-a13a-335d3a05f629&newsType=Features

Defender of U.S. cyberspace
by Marcia Savage
SC Magazine
March 2004

Marcia Savage asks Phyllis Schneck, InfraGard's national chair, how an FBI 
pilot project developed into a collaborative group of more than 10,000 


==========> 04-03-00-TechRev-ICANNIssues.txt==========

# "Domain Master"
Technology Review (03/04) Vol. 107, No. 2, P. 74; Frauenfelder, Mark

Internet Corporation for Assigned Names and Numbers (ICANN) CEO Paul Twomey 
says that his organization must remained focused on maintaining a single 
interoperable Internet while meeting the needs of international constituents. 
ICANN is responsible to governments, businesses, academics, and Internet users 
for the maintenance and upgrade of core Internet identifiers such as IP 
addresses, protocol parameters, domain names, and the Internet root server 
system. Controversy about ICANN erupted at the United Nations' World Summit on 


==========> 04-03-00-Wired-SchneierOnAntiTerrorismSecurity.txt==========

http://www.wired.com/wired/archive/12.03/view.html?pg=2

America's Flimsy Fortress
All the money spent on security since 9/11 has done little to make us safer.
By Bruce Schneier

Every day, some 82,000 foreign visitors set foot in the US with a visa, and 
since early this year, most of them have been fingerprinted and photographed in 
the name of security. But despite the money spent, the inconveniences suffered, 
and the international ill will caused, these new measures, like most instituted 


==========> 04-03-01-CommSysDes-PacketInspectionSystemsAidSecurity.txt==========

http://www.commsdesign.com/news/showArticle.jhtml?articleID=18201203

Comm Sys Design
Passing packets under ever more scrutiny
By Ron wilson and Loring Wirbel
EE Times
Mar 01, 2004 	

One of the design goals of the Internet Protocol was easy routing. The router 
only had to look at address information in the packet header to determine what 


==========> 04-03-01-NWFusion-AntiSpamAppliancesBetterThanSoftware.txt==========

http://www.nwfusion.com/columnists/2004/0301faceoffyes.html

Anti-spam appliances are better than software
By Tim Chiu
Network World, 03/01/04

Appliances are a much better choice than software for spam protection because 
they address the broad range of security threats facing large companies, small 
businesses, service providers, and educational and government institutions. 
Deployed at the edge of a customer's network, gateway appliances provide the 


==========> 04-03-03-NetMag-XMLsAVDLSchemaSimplifiesSecurityPatching.txt==========

URL: 
http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=182018
11

Security Patching: Easy As 1-2-3
By David Greenfield
03/03/2004 2:00 PM EST

A new Extensible Markup Language (XML)-based specification released last week 
stands to revolutionize the way security devices communicate with one another, 


==========> 04-03-03-SJMerc-NewSystemsAllowsOwnersToHoldCreditCards.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8093523.htm

Posted on Wed, Mar. 03, 2004
Holding your credit cards close
By Elise Ackerman
Mercury News

Police blotters do not usually inspire high-tech product pitches. But a report 
last month that the San Jose Police Department had busted two fraud rings for 
skimming credit card numbers seemed the perfect opportunity to highlight a new 


==========> 04-03-04-ChamNewsGaz-NCSADevelopsSecurityVizTool.txt==========

http://www.news-gazette.com/story.cfm?Number=15562

Tools let network operators see their way to security
By GREG KLINE
© 2004 THE CHAMPAIGN NEWS-GAZETTE
Published Online March 4, 2004

   Had it not taken place in East Central Illinois, it might have seemed like 
an odd conversation for two computer networking guys to be having.
   More than a year ago, Jim Barlow, chief security engineer at the National 


==========> 04-03-04-SJMerc-VirusWritersDisableOtherViruses.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8104415.htm

Posted on Thu, Mar. 04, 2004
Virus writers launch competing attacks
CODES BEING TWEAKED TO DISABLE OTHER WORMS
By Dan Lee
Mercury News

The already unsavory community of Internet virus writers is getting nastier.



==========> 04-03-04-WashPost-VirusWritersAttackOtherViruses.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A28548-2004Mar3.html

Dueling Viruses Are Latest Computer Pest
Consumers and Businesses Caught in the Crossfire as Hackers Take Aim at Each 
Other
By Mike Musgrove
Washington Post Staff Writer
Thursday, March 4, 2004; Page E01

The programmers behind the ongoing wave of computer worms and viruses hitting 


==========> 04-03-05-TechNewsWorld-SelfInnoculatingComputers.txt==========

http://www.technewsworld.com/perl/story/33045.html

What's Good About Computer Viruses
By Diane Stresing
TechNewsWorld
March 5, 2004

"The Internet is a totally connected infrastructure," said Steve Trilling, 
senior director of research at Symantec. "That means we're only as strong as 
the weakest link." If every computer user simply protected his or her own 


==========> 04-03-08-EWeek-IndustryReadiesCyberSecurityPlan.txt==========

http://www.eweek.com/article2/0,1759,1542843,00.asp

The Path to Safety?
By Caron Carlson
March 8, 2004
EWeek

Industry readies plan for pre-emptive network defense.

Later this month some of the largest companies in the United States, led by the 


==========> 04-03-08-PCWorld-ApproachesToSecureAndSpamlessEmail.txt==========

http://www.pcworld.com/news/article/0,aid,115100,00.asp

Competing Technologies Shake Up E-Mail
How will rival authentication schemes change the way we communicate online?
Paul Roberts, IDG News Service
Monday, March 08, 2004

Microsoft's recent announcement of a host of initiatives to stop unsolicited 
commercial e-mail, or spam, highlighted some tectonic shifts taking place in 
the once staid world of Internet messaging. The company's announcement was made 


==========> 04-03-13-ECommTimes-ProblemsMayDoomPasswords.txt==========

http://www.ecommercetimes.com/perl/story/33103.html

The End of Passwords
By Elizabeth Millard
E-Commerce Times
March 13, 2004

"The way passwords are used is dangerous right now," said Michael Wood, vice 
president of sales at Lavasoft, a firm that produces anti-spyware software. He 
told the E-Commerce Times that he often hears stories about individuals gaining 


==========> 04-03-14-Oregonian-UCBResearchersFundedForVirusLab.txt==========

http://www.oregonlive.com/search/index.ssf?/base/business/1079182548140830.xml

California researchers' new center will study, test computer viruses
Scientists will use a $5.5 million federal grant for a facility to combat 
serious threats in a systematic way
03/14/04
BOB KEEFE
Oregonian

BERKELEY, Calif. -- For every virus or disease known to humankind, legions of 


==========> 04-03-14-SJMerc-PassMarkIconLetsUsersVerifySiteAuthenticity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8184224.htm

Posted on Sun, Mar. 14, 2004
INTERNET SECURITY: THREE START-UPS
San Jose Mercury-News

PassMark's icon lets users verify site's authenticity

Start-up PassMark Security seeks to foil Internet ``phishing'' scams by using 
something as simple as a photo of a butterfly or the Eiffel Tower to let users 


==========> 04-03-14-SJMerc-ReconnexHardwareHelpsTrackInfoLeaks.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8184219.htm

Posted on Sun, Mar. 14, 2004
Reconnex hardware helps track info leaks

Mountain View start-up Reconnex aims to build a better system for snooping -- 
or at least for helping companies track employees online.

The company has created hardware that it says large corporations can use to 
stop employees who -- intentionally or accidentally -- leak confidential 


==========> 04-03-14-SJMerc-Reconnex-PassMark-ServGate-NewInternetSecurityFirms.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8184225.htm

Posted on Sun, Mar. 14, 2004
INTERNET SECURITY: THREE START-UPS
Protect or perish
FIRMS COMPETE IN MARKET TO SHORE UP WEB'S SAFETY
By Dan Lee
Mercury News

Start-ups rushing to develop Internet security seem to be popping up almost as 


==========> 04-03-14-SJMerc-ServGateHasMultiThreatSecurityServiceForFirms.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8184221.htm

Posted on Sun, Mar. 14, 2004
ServGate has `multi-threat' security service for firms

ServGate Technologies, a Milpitas start-up, has a broad approach to computer 
security but is going after a narrow set of customers.

The company sells a ``blended, multi-threat device'' for small businesses and 
branch offices of large companies that want protection from Internet risks.


==========> 04-03-15-CompWorld-NewBookTellsHowToExploitSecurityHoles.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,91265,00.html

Experts publish 'how to' book for software exploits
It includes 'zero day' techniques for exploiting vulnerable computer systems
News Story by Paul Roberts

MARCH 15, 2004 (IDG NEWS SERVICE) - A new book by leading security researchers 
on writing code to exploit security flaws in software, including Microsoft 
Corp.'s Windows operating system, has raised some eyebrows in the technical 
community for its publishing of "zero day," or previously unknown, techniques 


==========> 04-03-17-CompWorld-QualitySoftwareCanImproveSecurity.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,91316,00.html

Q&A: Quality software means more secure software
Author Gary McGraw discusses hacker exploits, the state of software quality
Q&A by Mark Willoughby
			
MARCH 17, 2004 (COMPUTERWORLD) - Gary McGraw, chief technology officer at 
Cigital Inc. in Dulles, Va., has become a leading voice in software quality and 
information security. His latest book, published in February, is Exploiting 
Software: How to Break Code, co-authored with Greg Hoglund. He has a bachelor's 


==========> 04-03-17-UPI-WarringVirusWritersThreatenCybersecurity.txt==========

http://www.upi.com/view.cfm?StoryID=20040316-074543-4996r

The Web: Hacker turf war raging online
By Gene J. Koprowski
UPI Technology News
Published 3/17/2004 9:16 AM

CHICAGO, march 17 (UPI) -- A battle for the control of cyberspace by computer 
criminals -- similar in intensity to a turf war between rival mob families -- 
is underway on the Internet.


==========> 04-03-17-WashPost-PhatbotP2PTrojanHorseInfectsManyComputers.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A444-2004Mar17.html

Hackers Embrace P2P Concept
Experts Fear 'Phatbot' Trojan Could Lead to New Wave of Spam or 
Denial-of-Service Attacks
By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, March 17, 2004; 6:23 AM

Computer security experts in the private sector and U.S. government are 


==========> 04-03-18-Wired-AntiVirusSoftwareWontStopFastSpreadingViruses.txt==========

http://www.wired.com/news/infostructure/0,1377,62558,00.html?tw=newsletter_topst
ories_html

Cashing In on Virus Infections 
By Michelle Delio
02:00 AM Mar. 18, 2004 PT

After a recent epidemic of computer viruses that seemed much worse than usual, 
security experts are questioning whether the antivirus software industry is 
working hard enough -- or has enough incentive -- to develop new and better 


==========> 04-03-18-WSJ-VirusesPossibleThreatToSmartCellphones.txt==========

"Viruses Lurk as a Threat to 'Smart' Cellphones"
Wall Street Journal (03/18/04) P. B4; Nasaw, David

The growing power of "smart phones" is increasing their susceptibility to 
malware, which Network Associates predicts could cost North American wireless 
carriers as much as $2.5 billion in two years. As a result, the wireless 
industry is preparing itself for a major virus assault that targets intelligent 
cellular phones. Less advanced "dumb" phones may not be vulnerable to a virus 
infection, but an attack on smart phones could have an impact on voice traffic 
for all phones in a cell network, because voice and some data are piped along 


==========> 04-03-19-TriValHerald-ResearchersVieForDHSFunding.txt==========

http://www.trivalleyherald.com/Stories/0,1413,86%257E10669%257E2027912,00.html

Article Last Updated: Friday, March 19, 2004 - 7:13:19 AM PST
Scientists vying for special funds
Berkeley researchers
By Ian Hoffman, STAFF WRITER

For his pitch at the fastest-growing research fund in the nation, David Culler 
upended a box of circuitry on his desk.



==========> 04-03-22-NatJourTechDaily-MarkleForumCallsForGovtSecurityNetwork.txt==========

http://www.govexec.com/dailyfed/0304/032204tdpm2.htm

March 22, 2004
Foundation showcases data-sharing network, urges action
By Mathew Honan for National Journal's Technology Daily

STANFORD, Calif. -- Panelists at a Stanford University law school forum on 
Friday called for the creation of a homeland security information network and 
demonstrated a prototype of how such a system would work.



==========> 04-03-23-CNETNews-VirusCausesRIAASiteToGoDown.txt==========

http://news.com.com/2100-1025_3-5177914.html?tag=nefd_top

Real's Glaser exhorts Apple to open iPod
By Michael Kanellos
Staff Writer, CNET News.com
Story last modified March 23, 2004, 10:47 AM PST

SCOTTSDALE, Ariz.--RealNetworks CEO Rob Glaser has a message for Apple Computer 
chief Steve Jobs: Open iPod or shrivel.



==========> 04-03-25-NYT-InstantMessagingUsedToSendSpamAndViruses.txt==========

http://www.nytimes.com/2004/03/25/technology/circuits/25mess.html

March 25, 2004
When Instant Messages Come Bearing Malice
By SANDEEP JUNNARKAR
New York Times

ICK GROLEAU, a 40-year-old technical manager from Mountain View, Calif., 
received a message last month from a friend on his AOL Instant Messenger buddy 
list alerting him that Osama bin Laden had been captured. When he clicked on a 


==========> 04-03-26-TechNewsWorld-SWConfigurationMgmtCouldImproveSecurity.txt==========

http://www.technewsworld.com/perl/story/33203.html

TECHNOLOGY SPECIAL REPORT:
IT Security and Software Development
By David Halperin
TechNewsWorld
March 26, 2004

"Configuration management is particularly important," D.K. Matai, executive 
chairman of mi2g, a UK-based security analyst and digital risk management 


==========> 04-03-29-CNETNews-XMLSecurityIssues.txt==========

http://news.com.com/2100-7345_3-5180510.html

Extra headaches of securing XML
By Martin LaMonica
Staff Writer, CNET News.com
Story last modified March 29, 2004, 4:00 AM PST

Creating a popular new computing approach always seems to bring with it a 
familiar catch-22: security issues. And Web services is no exception.



==========> 04-03-29-CompWorld-InsideSymantecSecurityOpsCenter.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,91629,00.html
?SKC=home91629

Frontline Defenders
An inside look at how one of Symantec's security operations centers protects 
clients from cyberattacks.
News Story by Dan Verton
			
MARCH 29, 2004 (COMPUTERWORLD) - It's three o'clock on a Friday afternoon, and 
Tim Hillyard is monitoring an ongoing cyberintrusion into the network of a 


==========> 04-03-29-EWeek-RAINSGroupDevelopsSpecForSharingSensitiveData.txt==========

http://www.eweek.com/article2/0,1759,1556003,00.asp

National Security Spec Advances
March 29, 2004
By  Dennis Fisher
EWeek

A group of technology companies and government agencies this week will unveil 
an open specification for securely sharing sensitive information across 
heterogeneous networks in times of crisis.


==========> 04-03-29-NetWorld-InterviewWithMotorolaSecurityVPBoni.txt==========

http://www.nwfusion.com/news/2004/0329yourtakeboni.html

Talking security with Motorola's William Boni
By Ellen Messmer
Network World, 03/29/04

Being in IT security is more than a full-time job for William Boni. As 
Motorola's vice president and chief information security officer, Boni oversees 
security for a global network supporting some 100,000 end users. He also 
recently helped form an IT security consortium with counterparts from other 


==========> 04-03-29-NetWorld-PatchMgmtBestDefenseAgainstVulnerabilities.txt==========

# "Face-Off: Is Patch Management the Best Defense Against Vulnerabilities?"
Network World (03/29/04) Vol. 21, No. 13, P. 44; Schultze, Eric; Hofmeyr, Steven

Shavlik Technologies chief security architect Eric Schultze contends that 
intrusion-prevention systems (IPSes), anti-virus software, and firewalls alone 
cannot shield computers against known software flaws, and that patch management 
is the key ingredient for ensuring network security. Schultze likens a software 
patch to medicine in that it attacks the disease--the flaw itself--rather than 
the symptoms. He explains that it is not always known that a patch for one bug 
could also remedy another error elsewhere in the operating system, which is why 


==========> 04-03-31-BosGlobe-TechGroupUrgesFedSecurityStandards.txt==========

http://www.boston.com/business/technology/articles/2004/03/31/industry_urges_tec
h_security_upgrades/

Industry urges tech security upgrades
By Ted Bridis, AP Technology Writer, 3/31/2004

WASHINGTON -- In a surprise shift, leading software companies acknowledge in a 
report to the Bush administration that government might need to force the U.S. 
technology industry to improve the security of America's computer networks.



==========> 04-03-31-PennState-NewDigitalPostmarkingInvention.txt==========

http://www.eurekalert.org/pub_releases/2004-03/ps-nmp033104.php

Public release date: 31-Mar-2004
Contact: Barbara Hale
bah@psu.edu
814-865-9481
Penn State
New marking process traces spammers, pirates and hackers

Penn State researchers have proposed a new marking process for Internet 


==========> 04-04-00-ACMQueue-SecurityRisksOfInstantMessaging.txt==========

Features: Instant Messaging or Instant Headache?
John Stone, Sarah Merrion
April 2004 	  	
Queue,  Volume 2 Issue 2 

IM has found a home within the enterprise, but it’s far from secure.

It’s a reality. You have IM (instant messaging) clients in your environment. 
You have already recognized that it is eating up more and more of your network 
bandwidth—and with Microsoft building IM capability into its XP operating 


==========> 04-04-00-CACM-TheRisksOfPasswordReuse.txt==========

The domino effect of password reuse
Blake Ives, Kenneth R. Walsh, Helmut Schneider
April 2004 	  	
Communications of the ACM,  Volume 47 Issue 4 

One weak spot is all it takes to open secured digital doors and online accounts 
causing untold damage and consequences.

Password security is an essential form of user authentication both on the 
Internet and for internal organizational computing systems. Password protection 


==========> 04-04-00-UCB-CITRIS-UnivResearchersDevelopTestbedForNetAttackStudy.txt==========

http://citris.berkeley.edu/newsletter/2004_newsletters/april_04/feature.htm

In Defense of Cyberspace
April 2004, Vol. 3, No. 2

Karl Levitt is preparing to unleash some of the most dastardly worms and 
viruses ever encountered on the Internet. Fortunately, the UC Davis professor 
of computer science is initiating the cyber-attacks in an effort to develop new 
defenses against the malicious computer code. Levitt is the co-principal 
investigator on a new CITRIS project called Evaluation Methods in Internet 


==========> 04-04-01-CSOOnline-ChallengesImplemetingCybersecurity.txt==========

http://www.csoonline.com/read/040104/nightmare.html

The Interactive Nightmare
The best thing about the modern computer network is also its chief liability: 
Everything's connected, with on-ramps conveniently located everywhere.
BY TODD DATZ

CONSIDER THE following scenario. Members of a terrorist organization announce 
one morning that they will shut down the Pacific Northwest electric power grid 
for six hours starting at 4 p.m.; they then do so. The same group then 


==========> 04-04-01-EUOrders8NationsToAdoptSpamAndCookieLaws.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8330290.htm

Posted on Thu, Apr. 01, 2004
EU orders eight nations to adopt laws on spam, cookies

BRUSSELS, Belgium (AP) - The European Union ordered eight countries Thursday to 
enact privacy legislation governing ``spam'' e-mail and Internet ``cookies.''

It was the second warning sent to the countries, which have two months to 
comply or face lawsuits before the European Court of Justice.


==========> 04-04-03-TechNewsWorld-TheMythOfTheSecureOperatingSystem.txt==========

http://www.technewsworld.com/perl/story/33293.html

The Myth of the Secure Operating System
By David Halperin
TechNewsWorld
April 3, 2004

"Forget about the OS," Laura DiDio, senior analyst at the Yankee Group, told 
TechNewsWorld. "Don't even argue those merits. Every piece of software that is 
connected is potentially vulnerable and at risk."


==========> 04-04-05-FinTimes-ExistingEffortsCannotStopRisingTideOfThreats.txt==========

# "Poised to Strike: The Battle Waged by Computer Outlaws Enters a New and 
Deadly Phase of Sophistication"
Financial Times (04/05/04) P. 13; Morrison, Scott; Waters, Richard

Existing computer security efforts are not sufficient to stop the rising tide 
of threats, including the synergistic activities of hackers, virus writers, and 
spammers. The computer security industry is currently on par with medical 
practice in 1820s, according to Cryptography Research President Paul Kocher. 
Last year's Blaster and Slammer worms were able to spread worldwide in a matter 
of minutes thanks to a growing interconnectedness among systems, more 


==========> 04-04-05-NetWorld-ShouldUsersOrSWSuppliersBeResponsibleForSecurity.txt==========

http://www.nwfusion.com/news/2004/0405cybersecurity.html

Who's responsible for cybersecurity?
By Carolyn Duffy Marsan
Network World, 04/05/04

WASHINGTON, D.C. - The debate over whether corporate network executives or 
their software suppliers should shoulder the burden for improving the nation's 
cybersecurity is shifting direction as pressure mounts for vendors to ship 
safer products.


==========> 04-04-06-GovCompNews-WorkingGroupSuggest25WaysToImproveITSecurity.txt==========

http://gcn.com/vol1_no1/security/25514-1.html

Group suggests 25 ways to improve IT security
04/06/04
By Jason Miller,
Covernment Computer News Staff
Working group offers 25 ways to improve IT security
A combination of new legislation, public outreach and insurance changes would 
enhance government and corporate cybersecurity, according to an industry and 
academic workgroup.


==========> 04-04-06-NewSci-EmailAttackCouldKillEmailServers.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99994858

Email attack could kill servers
14:29 06 April 04
NewScientist.com news service

A crafty way of knocking out any email server using a few carefully constructed 
emails has been identified by a team of computer security experts.

The trick involves sending forged emails that contain thousands of incorrect 


==========> 04-04-07-ECommTimes-Interview-AntiVirusExpertMikkoHypponen.txt==========

http://www.ecommercetimes.com/perl/story/33338.html

In the Trenches with Antivirus Guru Mikko Hypponen
By Elizabeth Millard
E-Commerce Times
April 7, 2004

"All reverse engineers and virus crackers are here in my team, which works from 
our headquarters in Helsinki," F-Secure's Mikko Hypponen told the E-Commerce 
Times. "Right now we have people from Finland, Hungary, Spain, Bulgaria and 


==========> 04-04-07-TechRev-PureSWActWouldMandateLabeling.txt==========

http://www.technologyreview.com/articles/wo_garfinkel040704.asp

The Pure Software Act of 2006
100 years ago, Congress passed a law requiring honest labeling of food and 
drugs. Now the time has come to do the same for software.
By Simson Garfinkel
The Net Effect
April 7, 2004

Spyware is the scourge of desktop computing. Yes, computer worms and viruses 


==========> 04-04-08-CNETNews-RealNetworksIssuesSecurityPatch.txt==========

http://news.com.com/2100-1002_3-5187769.html?tag=nefd.top

Plug-in flaw leaves RealPlayer users open to attack
By Michael Kanellos
Staff Writer, CNET News.com
Story last modified April 8, 2004, 4:31 PM PDT

RealNetworks has issued a patch for a security flaw in one of its plug-ins that 
could let an attacker gain control of computers running any of several versions 
of the company's popular media player software.


==========> 04-04-08-MacCentral-IntegoIssuesMacOSXTrojanHorseWarning.txt==========

http://maccentral.macworld.com/news/2004/04/08/trojan/?lsrc=mcrss-0404

MacCentral
Macworld's News Source
Intego issues Mac OS X Trojan Horse warning
By Jim Dalrymple jdalrymple@maccentral.com
April 08, 2004 3:10 pm ET

Macintosh security specialists, Intego on Thursday issued a security warning to 
its customers for the first Trojan horse to affect Mac OS X. Dubbed MP3Concept 


==========> 04-04-08-USCERT-VulnerabilityInInternetExplorerITSProtocolHandler.txt==========

http://www.us-cert.gov/cas/techalerts/TA04-099A.html

National Cyber Alert System
Technical Cyber Security Alert TA04-099A	
Vulnerability in Internet Explorer ITS Protocol Handler
Original release date: April 8, 2004
Last revised: --
Source: US-CERT

Systems Affected


==========> 04-04-09-FedReg-DHSDataIntegrityAndPrivacyAdvisoryCommitteeSeekingMembers.txt==========


[Federal Register: April 9, 2004 (Volume 69, Number 69)]
[Notices]
[Page 18923]
>From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr09ap04-72]

============================================================------------
-----------------------------------------------------------



==========> 04-04-09-Wired-SomeExpertsSayOSXTrojanHorseNotAPoroblem.txt==========

http://www.wired.com/news/mac/0,2125,63000,00.html?tw=rss.TOP

OS X Trojan Horse Is a Nag 
By Leander Kahney
12:44 PM Apr. 09, 2004 PT

(Editor's note: This story corrects an earlier report that stated that the 
Macintosh operating system had become a target of a malicious Trojan Horse.)

Security experts on Friday slammed security firm Intego for exaggerating the 


==========> 04-04-10-ECommTimes-OpenessOfTCP-IPPosesSecurityProblems.txt==========

http://www.ecommercetimes.com/perl/story/security/33344.html

The Porous Internet and How To Defend It
By Elizabeth Millard
E-Commerce Times
04/10/04 1:30 AM PT

"Because of the way TCP/IP works, it's an open network," Columbia University 
assistant professor Angelos Keromytis told the E-Commerce Times. "Other network 
technologies don't have that problem. They have other issues, but only IP is 


==========> 04-04-12-CNETNews-RiskOfBrowserBasedMaliciousCodeAttacksOnRise.txt==========

http://news.com.com/2100-7355_3-5190037.html

Concern grows over browser security
By Marguerite Reardon
Staff Writer, CNET News.com
Story last modified April 12, 2004, 11:14 AM PDT

Browser-based security threats are on the rise and may pose the next 
significant risk to information technology operations, according to a 
technology trade association.


==========> 04-04-12-GovExec-HomelandSecurityAndITIndustryDevelopSecurityFramework.txt==========

http://www.govexec.com/dailyfed/0404/041204tdpm2.htm

April 12, 2004
Government, firms unveil cybersecurity framework
By Ted Leventhal, National Journal's Technology Daily

A partnership between the Homeland Security Department and the information 
technology industry unveiled a framework for security governance on Monday, 
calling computer and information security a new fiduciary responsibility of 
chief executives.


==========> 04-04-15-SJMerc-HackersAccessUnivResearchComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8436302.htm

Posted on Thu, Apr. 15, 2004
Hackers target college sites
STANFORD COMPUTERS ARE AMONG THEM
By Dan Lee
Mercury News

In an apparent coordinated attack, hackers recently broke into powerful 
computers at universities and research organizations, including Stanford 


==========> 04-04-16-InfoWorld-HackersAccessUnivResearchComputers.txt==========

http://www.infoworld.com/article/04/04/16/HNsuper_1.html

Supercomputer hacks highlight ed security challenge
Openness vs. protection issues arise
By Paul Roberts, IDG News Service 	April 16, 2004 

BOSTON - The recent intrusions on supercomputers at leading U.S. research 
universities highlight a growing problem: college campuses struggling to 
maintain academic openness while protecting staff and students from 
Internet-borne viruses and malicious hackers.


==========> 04-04-19-EETimes-NoGeneralUseOSsIsSecure.txt==========

http://www.eetimes.com/sys/news/showArticle.jhtml?articleID=18901858

Linux: unfit for national security?
By Charles J. Murray
EE Times
April 19, 2004 (11:29 AM EDT) 	
 
CHICAGO — Days after an embedded-industry CEO stirred up a firestorm by 
charging that Linux poses a threat to U.S. security, two prominent 
computing-security experts said last week that some developers are already 


==========> 04-04-19-NetWorld-SecurityHolesForcesRethinkingProgrammingProcesses.txt==========

http://www.nwfusion.com/news/2004/0419codereview.html

Security holes force firms to rethink coding processes
By Ellen Messmer
Network World, 04/19/04

Microsoft's issuance last week of 14 security patches raised fears that 
worm-based attacks would follow and sparked discussion on how to better build 
code.



==========> 04-04-19-ZDNet-ProfilesOfFamousHackers.txt==========

http://www.zdnet.com.au/insight/0,39023731,39116620,00.htm

Hackers: Under the hood
Patrick Gray and Fran Foo, ZDNet Australia
April 19, 2004

Adrenalin pumping through their veins as lines of code are crunched to 
perfection. Well, that's how it is in the movies anyway. Welcome to the real 
world of hackers.



==========> 04-04-20-CFP2004-WhoIsWatchingTheWatchers.txt==========

http://campus.acm.org/public/membernet/storypage.March.2004.cfm?story=6

"Who's Watching the Watchers" Focus of 14th Computers, Freedom and Privacy 
Conference
April 20-23, 2004
"The program lineup, with topics virtually grabbed from the headlines, is clear 
evidence that these security and privacy issues are central to the way we live 
and work."
-- Deirdre Mulligan, Chair, CFP2004



==========> 04-04-20-InetWeek-TCPFlawCouldAllowRemoteShutDown.txt==========

http://internetweek.com/security02/showArticle.jhtml?articleID=18902471

TCP Vulnerable, But Net Won't Go Down
By Gregg Keizer, TechWeb News, InternetWeek
Apr 20, 2004 (9:00 PM)

A flaw in the basic TCP protocol used to transmit data across the Internet 
quickly seized the attention of security professionals Tuesday as various 
government agencies and security firms posted alerts warning that an exploit 
could let attackers to shut down connections between servers and routers.


==========> 04-04-20-US-CERT-TCPFlawCouldAllowRemoteShutDown.txt==========

http://www.us-cert.gov/cas/techalerts/TA04-111A.html

National Cyber Alert System
Technical Cyber Security Alert TA04-111A	
Vulnerabilities in TCP
Original release date: April 20, 2004
Last revised: --
Source: US-CERT

Systems Affected


==========> 04-04-20-WashPost-TCPFlawCouldAllowRemoteShutDown.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A27890-2004Apr20.html

Experts Race to Fix Serious Internet Flaw
By Brian Krebs
washingtonpost.com Staff Writer
Tuesday, April 20, 2004; 4:40 PM

Computer security experts in the United States and Britain today confirmed that 
a new method has been identified that could make it easy for hackers to disrupt 
Internet communications worldwide, prompting a months-long, quiet effort to 


==========> 04-04-21-CommutarianNet-GapingHolesInDriversLicenseSystems.txt==========

Press Release -- NEW REPORT REVEALS GAPING SECURITY HOLES IN
STATE DRIVER’S LICENCE SYSTEMS

A "community briefing" entitled "Do We Need a National Identification Card?" 
will be held today in the Zenger Room of the National Press Club at 1:30 pm 
(529 14th St. NW, 13th Floor). The briefing will include the release of a new 
report on the holes in state licensing practices and their implications for 
national security(available at www.communitariannetwork.org). A panel of 
distinguished scholars will then discuss this controversial topic and answer 
questions from the audience.


==========> 04-04-21-CRN-CiscoReportsRouterSecurityFlaws.txt==========

http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=49560

Cisco Reports Security Flaw In Routers, Switches
By Jennifer Hagendorf Follett
CRN
1:14 PM EST Wed., Apr. 21, 2004

Cisco Systems Tuesday warned of a new vulnerability that leaves its routers and 
switches open to denial-of-service (DoS) attacks.



==========> 04-04-21-SJMerc-TCPFlawCouldAllowRemoteShutDown.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8477867.htm

Posted on Wed, Apr. 21, 2004
Internet Technology Vulnerable to Hackers
TED BRIDIS
Associated Press

WASHINGTON - Researchers uncovered a serious flaw in the underlying technology 
for nearly all Internet traffic, a discovery that led to an urgent and 
secretive international effort to prevent global disruptions of Web surfing, 


==========> 04-04-21-ZDNet-NewProductsCheckForSecurityProblemsFromTheInside.txt==========

http://techupdate.zdnet.com/techupdate/stories/main/Security_from_the_inside_out
.html

Security from the inside out
By Dan Farber, Tech Update
April 21, 2004

Thousands of researchers and product developers are looking for silver bullets 
that will secure enterprises from malicious cyberattacks. Most security 
specialists agree that finding a cure for security ills is like trying to find 


==========> 04-04-21-ZDNet-TCPFlawThreatOverstatedSaysDiscoverer.txt==========

http://zdnet.com.com/2100-1105-5197184.html

Net threat overstated, says security researcher
By Robert Lemos
CNET News.com
April 21, 2004, 3:08 PM PT

VANCOUVER, British Columbia--Widespread reports about a flawed communications 
protocol making the Internet vulnerable to collapse were overblown, according 
to the researcher credited with uncovering the security problem.


==========> 04-04-22-CNETNews-BluetoothStillHasSecurityIssues.txt==========

http://news.com.com/2100-1009-5197200.html

Expert: Gaps still pain Bluetooth security
By Robert Lemos
Staff Writer, CNET News.com
Story last modified April 22, 2004, 4:34 PM PDT

VANCOUVER, British Columbia--The latest specification of Bluetooth, a popular 
short-range wireless technology, has left serious security issues unfixed, 
according to a wireless researcher.


==========> 04-04-22-IntlHeraldTrib--CiscoReportsRouterSecurityFlaws.txt==========

http://www.iht.com/articles/516357.html

Copyright © 2003 The International Herald Tribune | www.iht.com
Flaw leaves Cisco machines vulnerable
Reuters Reuters
Thursday, April 22, 2004
 
WASHINGTON A flaw in traffic-routing computers made by Cisco Systems could 
allow hackers to knock Web sites offline, snarl e-mail and disrupt other 
Internet activity, U.S. computer security officials warned Wednesday.


==========> 04-04-22-SJMerc-ChinaDownplaysDelayInWirlessSecurityStandard.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8495074.htm

Posted on Thu, Apr. 22, 2004
China Downplays Wireless Security Delay
ELAINE KURTENBACH
Associated Press

SHANGHAI, China - The Chinese government downplayed Thursday a decision to 
delay adoption of new security standards for wireless communications as part of 
a key trade deal.


==========> 04-04-22-WashPost-IndustryGroupReportSaysTechProvidersShouldMakeSaferProducts.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A32480-2004Apr21.html

Who Should Keep Out The Hackers?
By Jonathan Krim
Washington Post
Thursday, April 22, 2004; Page E01

The calm of a few months without a major attack of a computer worm, virus or 
other form of cyber-harassment was rattled hard this week.



==========> 04-04-23-WSJ-ChinaShelvesWirlessSecurityStandard.txt==========

# "China Will Keep Pursuing Digital Standards"
Wall Street Journal (04/23/04) P. B1; Chen, Kathy

Despite its decision to shelve a wireless-encryption standard in response to 
international pressure, China is going ahead with other initiatives to set 
standards for global technologies such as radio-frequency identification (RFID) 
and digital compression. Not only would this approach better position China to 
negotiate royalties or technology transfers, but would give Chinese industries 
an edge over competitors by claiming early ownership of nascent technologies. 
U.S. companies have been rattled by China's standardization efforts, which, if 


==========> 04-04-24-SJMerc-TCPFlawCouldAllowRemoteShutDown.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8510250.htm

Posted on Sat, Apr. 24, 2004
Tech sleuth tracked down Net flaw just for the `thrill'
By Dan Lee
Mercury News

Paul Watson is still digesting his flash of Internet fame this week, when he 
became the talk of the cybersecurity world.



==========> 04-04-26-EWeek-RecentUnixAttacksBasedOn1986HanoverHackersMethodology.txt==========

http://www.eweek.com/article2/0%2C1759%2C1573024%2C00.asp

Crackers Redux: New Attacks Ape Hannover Hackers' Tactics
By Dennis Fisher
April 26, 2004 	

If the recent compromises of Unix and Linux machines at supercomputing centers 
and research universities around the country do nothing else, they should prove 
once and for all that there is nothing new under the sun.



==========> 04-04-29-SJMerc-BarnesAndNobleFixesLeakThatExposedPersonalInfo.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8551804.htm

Posted on Thu, Apr. 29, 2004
Barnes & Noble.com Fixes Security Breach
Associated Press

NEW YORK - Barnes & Noble.com has reached an agreement with New York state 
authorities concerning an Internet security breach that exposed the personal 
information of some of the online book seller's customers.



==========> 04-04-30-DetFreePress-CompanySecurityLapsesAllowedIllegalSpamToBeSent.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8556729.htm

Posted on Fri, Apr. 30, 2004
Spam charges just raise more security questions
BY MIKE WENDLAND
FREE PRESS COLUMNIST

Federal officials were jubilant Thursday about the criminal and civil charges 
they filed this week against four alleged spammers from Oakland County, Mich. 
But the spam war has only just begun.


==========> 04-04-30-SJMerc-CompanySecurityLapsesAllowedIllegalSpamToBeSent.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8556729.htm

Posted on Fri, Apr. 30, 2004
Spam charges just raise more security questions
BY MIKE WENDLAND
FREE PRESS COLUMNIST

Federal officials were jubilant Thursday about the criminal and civil charges 
they filed this week against four alleged spammers from Oakland County, Mich. 
But the spam war has only just begun.


==========> 04-05-00-CACM-FinancialOrganizationsMustMaintainSecurityAwareness.txt==========

New architectures for financial services: Who will rob you on the digital 
highway?
Ton Slewe, Mark Hoogenboom
May 2004 	  	
Communications of the ACM,  Volume 47 Issue 5 

Traditionally at the forefront of security awareness, financial organizations 
must maintain this status as they move further into the Internet realm.

In the not-so-distant past, bandits and highwaymen frequently roamed the major 


==========> 04-05-00-Cisco-SelfDefendingNetwork.txt==========

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns413/networking_solutions_p
ackage.html

CISCO SELF-DEFENDING NETWORK
	
	Introduction	

The Cisco Self-Defending Network strategy describes the Cisco vision for 
security systems. In the past, threats from both internal and external sources 
were relatively slow moving and easy to defend against. In today’s environment, 


==========> 04-05-00-SWDevMag-GuideToHomelandSecurity.txt==========

http://www.sdmagazine.com/documents/s=9145/sdm0405a/sdm0405a.html

Software Development
May 2004
Special Guide to Homeland Security
Connecting the Dots

In November 2002, Congress passed legislation to create the Department of 
Homeland Security, unifying 22 agencies under one umbrella in the largest 
government reorganization since the 1947 creation of the Department of Defense. 


==========> 04-05-03-CNETNews-NetskyVirusAuthorsClaimAuthorshipOfSasserWorm.txt==========

http://news.com.com/2100-7355_3-5204930.html?tag=nl

Netsky authors possibly penned Sasser
By Robert Lemos
Staff Writer, CNET News.com
Story last modified May 3, 2004, 3:25 PM PDT

The unknown team of programmers who created the latest variant of the Netsky 
virus claim to be the authors of the Sasser worm--and researchers have found 
evidence that supports that assertion.


==========> 04-05-03-InfoWeek-ExposingCustomerDataAConstantThreat.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=19400012

Breach Of Trust
Data breaches are a constant threat and put companies in danger of losing their 
most valuable asset: customer trust
By George V. Hulme,  InformationWeek
May 3, 2004

When Christina Guilbert got a call from her bank in March about an attempt to 
steal money from her account, she was alarmed--and suspicious. How could 


==========> 04-05-03-ISTResults-OperatingComputerSecurityIncidentResponseTeams.txt==========

http://istresults.cordis.lu/index.cfm?section=news&tpl=article&BrowsingType=Feat
ures&ID=64880

Building a secure network to secure networks
IST Results
May 3, 2004

Computer security - or the apparent lack of it - is increasingly a worry for 
network administrators. But viruses and other such vulnerabilities are no 
mystery for Europe's Computer Security Incident Response Teams, now also 


==========> 04-05-03-SJMerc-SasserWormSpreadsRapidly.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8579000.htm

Posted on Mon, May. 03, 2004
New worm races around the world

NEW YORK (AP) - A pesky computer worm snarled hundreds of thousands of machines 
worldwide Monday in the latest virus-like outbreak to take advantage of a known 
flaw with the Windows operating system.

Because the new worm, dubbed ``Sasser,'' does not require users to click on an 


==========> 04-05-05-CompResNews-MSShelvesNextGenerationSecureComputingBase-NGSCB.txt==========

http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=49936

Microsoft Shelves NGSCB Project As NX Moves To Center Stage
Windows XP SP2 hooks into No Execute technology in newer AMD, Intel processors
By Paula Rooney
CRN
9:32 AM EST Wed., May 05, 2004

After a year of tackling the Windows security nightmare, Microsoft has killed 
its Next-Generation Secure Computing Base (NGSCB) project and later this year 


==========> 04-05-05-TechWeb-SecurityProblemsIncreaseTotalCostOfWindows.txt==========

http://www.techweb.com/wire/story/TWB20040505S0008

Gartner: Worms Jack Up the Total Cost of Windows
May 5, 2004 (2:58 p.m. EST)
By Gregg Keizer, TechWeb News

Dealing with widespread worms like Sasser raises the cost of using Windows, a 
research analyst said Wednesday.

Mark Nicolett, research director at Gartner, recommended that enterprises boost 


==========> 04-05-07-TechNewsWorld-WirelessPDAsAndSmartphonesAreHackersHeaven.txt==========

http://www.technewsworld.com/story/33681.html

TECHNOLOGY SPECIAL REPORT:
Wireless PDAs and Smartphones: A Hacker's Heaven
By Jack M. Germain
TechNewsWorld
05/07/04 5:30 AM PT

"On the enterprise level, PDAs and smartphones are used for mission-critical 
applications and data storage. We can address those security concerns with 


==========> 04-05-08-SJMerc-InformersIdentifySasserWormCreatorForMSReward.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8620097.htm

Posted on Sat, May. 08, 2004
Teen Confesses to Creating 'Sasser' Worm
CLAUS-PETER TIEMANN
Associated Press

HANOVER, Germany - A German high-school student has confessed to creating the 
"Sasser" worm that generated chaos across the globe by infecting hundreds of 
thousands of computers, authorities said Saturday.


==========> 04-05-10-CompWorld-BluetoothSecurityConcerns.txt==========

http://www.computerworld.com/mobiletopics/mobile/story/0,10801,93031,00.html

Security threats raise concerns about Bluetooth
Some IT managers take steps to limit wireless use; vendors claim risks aren't 
widespread
News Story by Bob Brewin

MAY 10, 2004 (COMPUTERWORLD) - Potential security risks posed by the Bluetooth 
wireless technology are prompting some IT managers to rein in use of 
Bluetooth-equipped mobile phones and PCs on their networks.


==========> 04-05-10-EWeek-EUCybercrimeLawsTooRestrictive.txt==========

http://www.eweek.com/article2/0,1759,1584278,00.asp

Cyber-Crime Laws Hurt More Than They Help
May 10, 2004
The Council of Europe's Convention on Cybercrime is too far-reaching.

A developer arrested for writing software to read electronic books; third-party 
product vendors hauled into court for providing product interoperability; a 
popular and highly effective security product for stopping worms pulled from 
the Internet due to fear that the developer is breaking a state law; users 


==========> 04-05-10-EWeek-TrustedComputingGroupsWorkingOnWirelessSecuritySpec.txt==========

http://www.eweek.com/article2/0,1759,1590243,00.asp

Spec in Works to Secure Wireless Networks
By Mark Hachman
May 10, 2004 	

The Trusted Computing Group said Monday that it is working on a specification 
to ensure that wireless clients connecting to a network won't serve as a back 
door to worms and crackers.



==========> 04-05-10-Guardian-SasserWormAuthorClaimsHeWasHelpingHisMother.txt==========

http://www.guardian.co.uk/germany/article/0%2c2763%2c1213053%2c00.html

Sasser boy wonder was helping mum
Ben Aris in Berlin
Monday May 10, 2004
The Guardian

To those who knew him in the sleepy German village, he was a nice, shy young 
fellow who spent too long on his computer in his bedroom at home.



==========> 04-05-10-IDG-InformersIdentifySasserWormCreatorForMSReward.txt==========

http://www.idg.com.sg/idgwww.nsf/0/CBE0B78C8E655AA448256E90000D29A7?OpenDocument

Microsoft virus bounty leads to Sasser arrest
By Martyn Williams
IDG News Service, Tokyo Bureau
10-05-2004

A multi-million dollar Microsoft Corp. reward program to encourage people to 
identify computer virus writers has led to the arrest of a teenager in Germany 
on suspicion of writing the Sasser computer worm.


==========> 04-05-11-IOL-SasserWormAuthorClaimsHeWasHelpingHisMother.txt==========

http://www.iol.co.za/index.php?click_id=115&art_id=vn20040511083801234C753822&se
t_id=1

'Papa, I've put out a computer worm'
May 11 2004 at 08:38AM

Berlin - A German whiz kid who has confessed to writing a crippling computer 
worm that has caused chaos around the world may have been trying to help his 
mother's small "PC Help" business, state prosecutors have said.



==========> 04-05-15-ArsTechnica-BreakinCompromisesCiscoSourceCode.txt==========

http://arstechnica.com/news/posts/1084683212.html

Cisco Source Code Stolen
Posted 05/15/2004 @ 11:53 PM
by Eric Bangeman

A Russian security site is reporting that the source code for the Cisco IOS 
12.3 Operating System was stolen. According to the report, some hackers 
compromised Cisco's corporate network and stole at least 800MB of source code. 
One of those who allegedly gained access boasted about the break-in and made a 


==========> 04-05-15-SecurityLab-BreakinCompromisesCiscoSourceCode.txt==========

http://www.merit.edu/mail.archives/nanog/msg04266.html

North American Network Operators Group
Re: CiSCO IOS 12.* source code stolen

    * From: Alexei Roudnev
    * Date: Sun May 16 00:58:43 2004 

Cisco source codes never were a top secret, many people around the world had
access to them (and I believe, it explains Cisco's stability and success).


==========> 04-05-19-CNETNews-SecurityFlawsInOpenSourceRepositorySystems.txt==========

http://news.com.com/Flaws+drill+holes+in+open-source+repository/2100-1002_3-5216
353.html

Flaws drill holes in open-source repository
By Robert Lemos
Staff Writer, CNET News.com
Story last modified May 19, 2004, 1:42 PM PDT

Flaws in two popular source code repository applications could allow attackers 
to access and corrupt open-source software projects, a security researcher said 


==========> 04-05-19-MacNewsWorld-MacOSXSecurityFlawPlaguesWebBrowsers.txt==========

http://www.macnewsworld.com/story/33887.html

OS X Security Flaw Plagues Web Browsers
By Blane Warrene
MacNewsWorld
05/19/04 2:24 PM PT

In an exclusive interview Wednesday, "lixlpixel," the person who discovered the 
flaw, told MacNewsWorld that, after waiting on Apple's reply, he finally posted 
the advisory to a Swiss Macintosh Web site. "This is how Secunia picked up on 


==========> 04-05-19-NewsFact-NonProgrammersCanNowCreateViruses.txt==========

http://www.newsfactor.com/story.xhtml?story_title=How-Are-Script-Kiddies-Outwitt
ing-I-T--Security-Experts-&story_id=24111&category=netsecurity

How Are Script Kiddies Outwitting I.T. Security Experts?
By Lisa Valentine
Enterprise Security Today
May 19, 2004 1:33PM

"Ten years ago, you needed good programming skills to write a virus, but today 
there are ready made virus-writing programs on the market so you can write a 


==========> 04-05-24-InfoWorld-AppleSecurityPatchStillLeavesUsersVulnerable.txt==========

http://www.infoworld.com/article/04/05/24/HNappledismay_1.html

Apple fig-leaf security patch causes dismay
Security experts say fix leaves Mac users vulnerable
By Matthew  Broersma, Techworld 	May 24, 2004 

A critical patch for Mac OS X issued on Friday leaves Mac users as vulnerable 
to attacks as they were before the fix, according to a security company.

Last week researchers warned of two serious vulnerabilities in Apple Computer 


==========> 04-05-25-InfoWorld-RussiaBecomingMajorSourceOfVirusWriters.txt==========

http://www.infoworld.com/article/04/05/25/HNrussianviruses_1.html

Viruses nip Russia after the Cold War
Situation likely to worsen as virus writing becomes a lucrative occupation in 
former Soviet Union
By John Blau, IDG News Service 	May 25, 2004 

For all its disadvantages, the former Soviet Union had one hugely overlooked 
advantage: it kept hackers, crackers and virus writers confined inside the 
country by restricting their access to the Internet.


==========> 04-05-25-USAToday-CIAInfoTechInPoorState.txt==========

http://www.usatoday.com/tech/columnist/kevinmaney/2004-05-25-smart_x.htm

Posted 5/25/2004 10:13 PM     Updated 5/26/2004 4:13 AM
CIA's spy tools make Maxwell Smart's look like toys
The CIA these days seems about as technologically adept as Maxwell Smart.
USA Today

Scene from one Get Smart show. Max and the Chief are in a lab. A phone 
disguised as a test tube rings.



==========> 04-05-26-CNETNews-SourceCoderCheckingProgramsMightFindVulnerabilities.txt==========

http://news.com.com/2100-1002_3-5220488.html

Will code check tools yield worm-proof software?
By Robert Lemos
Staff Writer, CNET News.com
Story last modified May 26, 2004, 4:00 AM PDT


When Microsoft needed help in taming the large number of flaws that had crept 
into its Windows operating system, it looked to technology known as "static 


==========> 04-05-27-EWeek-First64BitMalwareAppears.txt==========

http://www.eweek.com/article2/0,1759,1602191,00.asp

First 64-Bit Malware for Windows Appears
May 27, 2004
By  Larry Seltzer

Symantec Security Response has revealed that it has analyzed the first 64-bit 
Windows attack code.

The attack is a proof of concept with no payload. Named W64.Rugrat.3344 by 


==========> 04-05-30-SJMerc-ManyWiFiSystemsNotSecure.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8800147.htm

Posted on Sun, May. 30, 2004
Many Wireless Networks Lack Security
MATTHEW FORDAHL
Associated Press

SAN JOSE, Calif. - With a laptop perched in the passenger seat of his Toyota 
4Runner and a special antenna on the roof, Mike Outmesguine ventured off to 
sniff out wireless networks between Los Angeles and San Francisco. He got a big 


==========> 04-06-00-ACMQueue-AnotherLookAtTheCostOfTheBlasterWorm.txt==========

Queue Focus: Blaster Revisited
Jim Morrison
June 2004 	  	
Queue,  Volume 2 Issue 4 

A second look at the cost of Blaster sheds new light on today's blended threats.

The following tale is based upon actual circumstances from corporate 
enterprises that were faced with confronting and eradicating the Blaster worm, 
which hit in August 2003. The story provides views from many perspectives, 


==========> 04-06-00-ACMQueue-BuildingSecureVirtualMachineSystems.txt==========

Queue Focus: Building Systems to Be Shared, Securely
Poul-Henning Kamp, Robert Watson
July 2004 	  	
Queue,  Volume 2 Issue 5 

Want to securely partition VMs? One option is to put 'em in Jail.

The history of computing has been characterized by continuous transformation 
resulting from the dramatic increases in performance and drops in price 
described by Moore’s law. Computing “power” has migrated from centralized 


==========> 04-06-00-ACMQueue-FewTechnologiesForGuardingAgainstInsiderSecurityRisks.txt==========

Queue Focus: Perfect Storm: The Insider, Naivety, and Hostility
Herbert H Thompson, Richard Ford
June 2004 	  	
Queue,  Volume 2 Issue 4 

Keeping nasties out if only half the battle.

Every year corporations and government installations spend millions of dollars 
fortifying their network infrastructures. Firewalls, intrusion detection 
systems, and antivirus products stand guard at network boundaries, and 


==========> 04-06-00-ACMQueue-IsSecurityAProblemThatCantBeSolved.txt==========

Departments: From the Editors: The New Screen of Death
Edward Grossman
June 2004 	  	
Queue,  Volume 2 Issue 4 

Is securitya problem that just can’t be solved?

In the olden days (say, all the way back in 1995), the popular complaint about 
computers was that they crashed too often. And while stability remains a 
problem in which perhaps there’s still progress to be made, the blue screen of 


==========> 04-06-00-ACMQueue-WhyCantWeProduceHighQualitySecureSoftware.txt==========

Queue Focus: Security: The root of the Problem
Marcus J Ranum
June 2004 	  	
Queue,  Volume 2 Issue 4 

Why is it we can't seem to produce secure, high-quality code?

It doesn’t seem that a day goes by without someone announcing a critical flaw 
in some crucial piece of software or other. Is software that bad? Are 
programmers so inept? What the heck is going on, and why is the problem getting 


==========> 04-06-00-ACMUbiquity-SoftwareBasedComputingSecurityAndFaultTolerance.txt==========

Software-based computing security and fault tolerance
Goutam Kumar Saha
June 2004 	  	
Ubiquity,  Volume 5 Issue 15 

This article delineates a software approach to establish computing security and 
fault tolerance in various computing systems. This low-cost approach is useful 
to tolerate malicious code modifications and transient faults without 
additional costs for hardware and extra software versions.



==========> 04-06-00-CACM-AlmostEveryComputerOnTheInternetIsConstantlyScreenedForVulnerabilities.txt==========

Viewpoint: The Spinning Cube of Potential Doom
Stephen Lau
June 2004 	  	
Communications of the ACM,  Volume 47 Issue 6 

Practically every computer linked to the Internet is constantly being scanned 
for security vulnerabilities and targeted for attack by viruses, worms, and 
worse.

Code Red, Nimda, Blaster, Slammer, Netsky, Bagle. Who hasn't heard these names? 


==========> 04-06-00-GovTech-BetterSolutionsNeededForCybersecurity.txt==========

http://www.govtech.net/magazine/story.php?id=90471

Government Technology
Internet Takedown
The Web has increased efficiency and convenience, but its openness leaves us 
vulnerable.
By Jim McKay
June 2004

As the nation relies more on the Internet to conduct vital business and 


==========> 04-06-00-IEEEComputer-RichardClarkeDiscussesCybersecurity.txt==========

http://www.computer.org/security/v2n3/clarke.htm

Richard Clarke Talks Cybersecurity and JELL-O
Greg Goth

When former White House counterterrorism and cybersecurity czar Richard Clarke 
testified before the independent commission investigating the 9/11 attacks that 
the US government could and should have done a better job preventing the 
attacks, he became a lightning rod for both praise and criticism. In the days 
following his testimony, Clarke's book Against All Enemies, quickly jumped to 


==========> 04-06-01-SJMerc-TwoFactorAuthenticationSystemsNeeded-SuperPasswordSystems.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8809153.htm

Posted on Tue, Jun. 01, 2004
Hacking Sparks Need for Complex Passwords
ANICK JESDANUN
Associated Press

As more Web sites demand passwords, scammers are getting more clever about 
stealing them. Hence the need for such "passwords-plus" systems.



==========> 04-06-02-NationalJ-FedSecurityOfficialsFaceScrutiny.txt==========

http://www.govexec.com/dailyfed/0604/060204tdpm1.htm

DAILY BRIEFING June 2, 2004
Top administration cybersecurity officials face scrutiny
By William New, National Journal's Technology Daily

The Bush administration's top cybersecurity officials on Wednesday faced 
scrutiny from a House subcommittee on the continued lag in protecting the 
federal computer networks.



==========> 04-06-03-CERT-MSIEDoesNotProperlyValidateSourceOfRedirectedFrame.txt==========

http://www.kb.cert.org/vuls/id/713878

Vulnerability Note VU#713878
Microsoft Internet Explorer does not properly validate source of redirected 
frame

Overview
Microsoft Internet Explorer (IE) does not adequately validate the security 
context of a frame that has been redirected by a web server. An attacker could 
exploit this vulnerability to evaluate script in different security domains. By 


==========> 04-06-03-CNETNews-AppleNeedsToImproveCommunicationAboutSecurity.txt==========

http://news.com.com/2100-1002_3-5225115.html

For Mac security, communication is key
By Ina Fried and Robert Lemos
Staff Writer, CNET News.com
Story last modified June 3, 2004, 4:00 AM PDT

When it comes to security, Apple Computer's report card reads like that of a 
gifted child: high marks for achievement, but needs to communicate better with 
others.


==========> 04-06-04-INetWeek-WorstCaseWormCouldCost50BInUSDamages.txt==========

http://internetweek.com/security02/showArticle.jhtml?articleID=21401723

Updated Friday, June 4, 2004, 7:00 PM EDT
Worst-Case Worm Could Rack Up $50 Billion In U.S. Damages
By Gregg Keizer, TechWeb News

A worst-case worm attack on the U.S. could easily cost the country $50 billion 
in direct damages, a pair of security experts said Friday.

Nicholas Weaver and Vern Paxson, two security researchers who work with the 


==========> 04-06-04-NewSci-PasswordsCanStayOnHardDrivesEvenIfUserDoesNotSaveThem.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99995064

Passwords can sit on hard disks for years
10:15 05 June 04
Exclusive from New Scientist Print Edition. Subscribe and get 4 free issues.

Typing your password or credit card number into a computer is a moment's work. 
But if you think your personal details disappear as soon as you hit the Return 
key, think again: they can sit on the computer's hard disk for years waiting 
for a hacker to rip them off.


==========> 04-06-07-PCWorld-PolicyVSMarketplaceSolutionsToCybersecurity.txt==========

http://pcworld.com/news/article/0,aid,116416,00.asp

Cybersecurity: A Job for the Feds?
Cyberterror threats are too critical for the industry to handle on its own 
schedule, experts argue.
Grant Gross, IDG News Service
Monday, June 07, 2004

WASHINGTON -- The nation's cybersecurity is too important to leave to the free 
market, gambling that competition and demand will produce secure software, both 


==========> 04-06-09-ACMUbiquity-SWApproachToComputerSecurity.txt==========

http://www.acm.org/ubiquity/views/v5i15_saha.html

Software-Based Computing Security and Fault Tolerance
This article delineates a software approach to establish computing security and 
fault tolerance in various computing systems. This low-cost approach is useful 
to tolerate malicious code modifications and transient faults without 
additional costs for hardware and extra software versions.
By Goutam Kumar Saha

Any computer based system has both real and theoretical weaknesses. Computing 


==========> 04-06-09-PCWorld-ExpertsWarmOfVoIPSecurityProblems.txt==========

http://www.pcworld.com/news/article/0,aid,116453,00.asp

Experts Warn of VOIP Security Flaws
Internet phones may be susceptible to worms, viruses, and spam, some say.
Matthew Broersma, Techworld.com
Wednesday, June 09, 2004

Internet Protocol-based voice networks may be the wave of the future, but they 
will require a whole new approach to security, warned telecoms experts at the 
VON Europe Voice over IP conference in London this week.


==========> 04-06-10-GovExec-DHSDecidesNotToUpdateCybersecurityStrategy.txt==========

http://www.govexec.com/dailyfed/0604/061004tdpm1.htm

June 10, 2004
Homeland Security has no plans to update cybersecurity strategy
By William New, National Journal's Technology Daily

The time for reviewing the federal cybersecurity strategy has not come yet 
despite flaws that need to be addressed, a top official said Thursday.

"There is no effort to update" the strategy issued by the White House early in 


==========> 04-06-15-NetCraft-AkamaiOutageCausedByDoSAttacks.txt==========

http://news.netcraft.com/archives/2004/06/15/ddos_attack_cited_in_akamai_outage.
html

DDoS Attack Cited in Akamai Outage 	Performance
Akamai is confirming that network outages this morning were caused by a 
distributed denial of service (DDoS) attack that affected its DNS management 
system.

The performance problems affected Microsoft, Google, Yahoo and antivirus update 
services from Symantec and TrendMicro, which are among Akamai's 1,100 


==========> 04-06-15-Reuters-MSPlanningAntiVirusSWSeparateFromWindows.txt==========

http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=5429089

Microsoft on Track to Offer Anti-Virus Software
Tue Jun 15, 2004 01:46 PM ET

SEATTLE (Reuters) - Microsoft Corp. (MSFT.O: Quote, Profile, Research) is still 
on track to offer an anti-virus product that will compete against similar 
software offered by Symantec Corp. (SYMC.O: Quote, Profile, Research) and 
Network Associates Inc. (NET.N: Quote, Profile, Research) , the world's largest 
software maker said late on Monday.


==========> 04-06-15-SJMerc-AkamaiServedSitesAttacked.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8928839.htm

Posted on Tue, Jun. 15, 2004
Akamai blames Web slowdown on attack

SAN JOSE, Calif. (AP) - Several major Web sites -- including Yahoo!, Microsoft 
and Google -- were inaccessible at times early Tuesday due to what the company 
that distributes them online called an attack.

The problem began about 9 a.m. EDT and lasted less than two hours, said Jeff 


==========> 04-06-16-Bloomberg-MSPlanningAntiVirusSWSeparateFromWindows.txt==========

http://www.pittsburghlive.com/x/tribune-review/business/s_199000.html

Microsoft worming its way into anti-virus market
By Bloomberg News
Wednesday, June 16, 2004

Microsoft Corp., whose desktop software was hobbled by the "Blaster" and 
"Beagle" computer worms, will sell its own anti-virus software, putting it in 
competition with Symantec Corp. in a $2.8 billion market.



==========> 04-06-16-ZDNet-AkamaiOutageCausedByDoSAttacks.txt==========

http://news.zdnet.co.uk/business/0,39020645,39157748,00.htm

This story was printed from ZDNet UK, located at http://news.zdnet.co.uk/
Attack downs Yahoo, Google and Microsoft
Jim Hu
CNET News.com
June 16, 2004, 08:35 BST

A domain name outage on Tuesday morning that left many popular Web sites, 
including those of Yahoo, Google, Microsoft and Apple, temporarily inaccessible 


==========> 04-06-18-SJMerc0SymbiotProductAttacksHackers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/8957335.htm

Posted on Fri, Jun. 18, 2004
The network strikes back: Experts worry about tech retaliation
MATTHEW FORDAHL
Associated Press

SAN JOSE, Calif. - In war, politics and sports, it's often said that the best 
defense is a strong offense. But the foot soldiers of computer security work 
differently: They scramble to build virtual walls that can blunt the impact of 


==========> 04-06-24-EWeek-CompromisedWebsitesInfectVisitorsComputers.txt==========

http://www.eweek.com/article2/0,1759,1617046,00.asp

DoS Attack May Tap Web Graphics Flaw
By Dennis Fisher
June 24, 2004 	
eWeek

Security experts are tracking a new piece of malware that appears to be 
compromising large numbers of Windows PCs and may be laying the groundwork for 
the creation of a large spamming network or a major attack in the future.


==========> 04-06-25-SansInst-CompromisedWebsitesInfectVisitorsComputers.txt==========

http://isc.sans.org/diary.php?date=2004-06-25&isc=f1d0986c128fa2b5e046d8ef8fb666
cd

Handler's Diary June 25th 2004
Updated June 25th 2004 19:19 UTC
Compromised Web Sites Infect Web Surfers

    (for more details, also see yesterday's diary: 
http://isc.sans.org/diary.php?date=2004-06-24 )
    Updates will be posted here.


==========> 04-06-25-SJMerc-ScobVirusSpreadsThroughInfectedWebsites.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9012987.htm

Posted on Fri, Jun. 25, 2004
Web infection may be aimed at stealing financial data
San Jose Mercury News

NEW YORK (AP) - A computer virus designed to steal valuable information like 
passwords spread Friday through a new technique that converted popular Web 
sites into virus transmitters.



==========> 04-06-30-SearchWebSvcs-McNealyFlamesMSandOthersOverSecurityAndJava.txt==========

http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci990993
,00.html

Sun CEO lashes out at Microsoft, IBM, Red Hat
By Benjamin Vigil, Technical Editor
30 Jun 2004

SAN FRANCISCO -- During an otherwise sedate keynote address Tuesday at Sun 
Microsystems Inc.'s JavaOne conference, Sun chairman and CEO Scott McNealy 
openly criticized the security of Microsoft's products, IBM's insistence that 


==========> 04-06-30-USACMWashUpdate-EUCybercrimeTreatyMovesTowarSenateRatification.txt==========

================================================
ACM Washington Update Vol. 8.6 (June 30, 2004)
================================================

[7] CYBERCRIME TREATY MOVES TOWARD RATIFICATION

On June 17th, the Senate Foreign Relations Committee heard testimony
regarding the Council of Europe Cybercrime Treaty, which continues to
make progress toward ratification in the U.S. Senate.  Among other
things, the treaty obliges participants to include computer crimes


==========> 04-06-30-USACMWashUpdate-USACMRecommendsChangesToDMCA.txt==========

================================================
ACM Washington Update Vol. 8.6 (June 30, 2004)
================================================

[1] USACM RECOMMENDS CHANGES TO THE DMCA TO PERMIT RESEARCH AND DISCUSSION

In a submission to the Congressional Internet Caucus, USACM raised
concerns about the chilling effect the DMCA is having on cybersecurity
research and the ability of technologists to discover and fix
dangerous bugs in code, to analyze and stop malicious code and


==========> 04-07-00-ACMQueue-SecurityIsHarderThanYouThink.txt==========

Features: Security is Harder than You Think
John Viega, Matt Messier
July 2004 	  	
Queue,  Volume 2 Issue 5 

It's not just about the buffer overflow.

Many developers see buffer overflows as the biggest security threat to software 
and believe that there is a simple two-step process to secure software: switch 
from C or C++ to Java, then start using SSL (Secure Sockets Layer) to protect 


==========> 04-07-00-CACM-HIPAACreatesNewSecurityRisksInHealthCareData.txt==========

Security watch: The HIPAA-potamus in health care data security
Rebecca T. Mercuri
July 2004 	  	
Communications of the ACM,  Volume 47 Issue 7 

Regulations intended to improve health care data access have created new 
security risks along with headaches for patients and practitioners.

Deadlines for compliance with the Health Insurance Portability and 
Accountability Act (HIPAA) have caused a major crunch for the computer security 


==========> 04-07-00-CyberDefMag-ExpertsCommentOnCybersecurityStatus.txt==========

http://cyberdefensemag.com/july2004/cicover.php

Talking Computer Security
With Howard Schmidt, Sean Moshir and Stuart McClure

CyberDefense Magazine (CDM) gathered the brightest minds in the computer 
security industry to talk about the latest issues affecting network and IT 
professionals.

Howard Schmidt joined eBay as Vice President and Chief Information Security 


==========> 04-07-00-GovTech-Book-TheTransparentSociety-PrivacySecurityTradeoffs.txt==========

http://www.govtech.net/magazine/story.php?id=90772

Transparent Privacy
Who should be watching the watchers?
By Shane Peterson
July 2004

Futurist, scientist and author David Brin has long studied what tomorrow could 
hold for humanity. Several of his novels have been New York Times best sellers, 
winning multiple Hugo, Nebula and other awards. A 1989 ecological thriller, 


==========> 04-07-00-GovTech-SAMLToKeepTrackOfOnlineIdentities.txt==========

http://www.govtech.net/magazine/story.php?id=90776

Government Technology
Electronic Government
Show Us Your ID
By Tod Newcombe
July 2004

The proliferation of distributed Web-based applications complicates the task of 
identifying online users. SAML might be the answer.


==========> 04-07-00-IST-SECRETSProjectEvaluatesCybesecurityProtocols.txt==========

http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Feat
ures/ID/69166

An eye opener on open source Internet security

Opening the eyes of the private and public sectors to the pros and cons of 
using open source software for Internet security is the SECRETS project, which 
evaluated two protocols in a series of trials covering e-commerce, mobile 
communications, network monitoring and intelligent networks.



==========> 04-07-06-EWeek-EnterprisesSlowToDumpInternetExplorer.txt==========

http://www.eweek.com/article2/0,1759,1620426,00.asp

Enterprises Slow to Dump IE
July 6, 2004
By  Matt Hicks
EWeek

The calls to dump Internet Explorer may be getting louder, but they are falling 
largely on deaf ears among enterprise users.



==========> 04-07-06-NewsFact-ExpertsDebateMSSecurityEfforts.txt==========

http://www.newsfactor.com/perl/story/25734.html

Microsoft Security Efforts Blasted
By Erika Morphy
Enterprise Security Today
July 6, 2004 12:56PM

Security experts are debating Microsoft's efforts to patch vulnerabilities in 
Internet Explorer that have allowed recent worm attacks. Some say the tech 
giant is unfairly criticized, since the ubiquity of its software makes it the 


==========> 04-07-07-CNETNews-YetAnotherInternetExplorerSecurityFlawFound.txt==========

http://news.com.com/Another+Internet+Explorer+flaw+found/2100-7349_3-5259374.htm
l?tag=nefd.top

Another Internet Explorer flaw found
By Robert Lemos
Staff Writer, CNET News.com
Story last modified July 7, 2004, 5:32 AM PDT

A computer science researcher has highlighted the shortcomings of Microsoft's 
latest patch for its Internet Explorer browser by identifying another way that 


==========> 04-07-08-EWeek-PatchReleasedForShellProtocolSecurityProblem.txt==========

http://www.eweek.com/article2/0,1759,1621463,00.asp

Mozilla Flaw Lets Links Run Arbitrary Programs
July 8, 2004
By  Larry Seltzer

Security researchers are reporting another security issue in Web browsing under 
Windows, but this time Internet Explorer is not the culprit. The Mozilla 
Foundation's Mozilla and Firefox are reported as vulnerable.



==========> 04-07-08-GovtCompNews-MoreFundingNeededForCybersecurityResearch.txt==========

http://www.gcn.com/vol1_no1/daily-updates/26526-1.html

Cybsecurity research underfunded, executives say
07/08/04
By Joab Jackson,
GCN Staff

The National Science Foundation can only fund a subset of the research 
proposals it receives on ways to better IT system security, an NSF official 
said at a House technology subcommittee hearing.


==========> 04-07-08-PCWorld-NoFedResponseToCybercrimeTaskForceRecommendations.txt==========

http://www.pcworld.com/news/article/0,aid,116818,00.asp

Feds Drag Feet on Cybersecurity
Task force ideas on implementing cybersecurity strategy go without a response.
Mark S. Sullivan, Medill News Service
Thursday, July 08, 2004

WASHINGTON -- Business and government representatives teamed up in March to 
recommend steps to reduce the nation's vulnerability to cyberattacks. But they 
say they have yet to receive a response from the Department of Homeland 


==========> 04-07-09-Mozilla-PatchReleasedForShellProtocolSecurityProblem.txt==========

http://www.mozilla.org/security/shell.html

What Mozilla users should know about the shell: protocol security issue
Last modified July 9, 2004

On July 7 a security vulnerability affecting browsers for the Windows operating 
system was reported to mozilla.org by Keith McCanless, and was subsequently 
posted to Full Disclosure, a public security mailing list. On the same day, the 
Mozilla security team confirmed the report of this security issue affecting the 
Mozilla Application Suite, Firefox, and Thunderbird and discussed and developed 


==========> 04-07-09-SJMerc-MSEmployeeArrestedForHackingIntoAltaVistaComputer.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9119225.htm

Posted on Fri, Jul. 09, 2004
Alleged hacker is Microsoft employee
ALLISON LINN
Associated Press

SEATTLE - A man accused of hacking into search engine company Alta Vista's 
computer systems about two years ago now works at Microsoft Corp., the company 
said Friday.


==========> 04-07-12-NYT-WozniakDefendsHackersAtHOPEConference.txt==========

http://www.nytimes.com/2004/07/12/technology/12hack.html

July 12, 2004
For Hackers, Shop Talk, a Warning and Advice
By NICHOLAS THOMPSON

Stephen Wozniak, a founder of Apple Computer, was speaking to the choir 
Saturday at a conference in Midtown Manhattan, recalling an era when the word 
"hackers" referred to technological wizards, not rogue computer users.



==========> 04-07-13-Secunia-MultipleIESecurityVulnerabilities.txt==========

http://secunia.com/advisories/12048/

Microsoft Internet Explorer Multiple Vulnerabilities

Secunia Advisory:	SA12048	  
Release Date:	2004-07-13

Critical:	
Extremely critical
Impact:	Security Bypass


==========> 04-07-13-TechNewsWorld-IEMarketShareDropsTo94Percent.txt==========

http://www.technewsworld.com/story/35079.html

IE Market Share Tumbles for First Time in Six Years
By John P. Mello Jr.
TechNewsWorld
07/13/04 7:40 AM PT

While the one percent drop of Internet Explorer's Web share might not appear 
like much of a loss when you still have 94 percent of the market, it was a 
major boost for the small players such as Opera and Mozilla, who saw their 


==========> 04-07-23-InfoWorld-SurveyShowsEnterpriseSecurityIsShaky.txt==========

http://www.infoworld.com/article/04/07/23/30FEsecurityreportmain_1.html

The shaky state of enterprise security
The 2004 InfoWorld Security Survey shows IT managers are worried about the 
effectiveness of their security systems, with good reason
By  Paul F. Roberts, IDG News Service 	July 23, 2004 
InfoWorld

Faced with a seemingly endless onslaught of virulent Internet worms, spam, and 
e-mail scams, less than half of IT professionals report strong confidence in 


==========> 04-07-27-SansOrg-NewMyDoomUsesSearchEnginesToFindRecipients.txt==========

http://isc.sans.org/diary.php?isc=d46940064182f61f40ca333bc3c2f439

Handler's Diary July 26th 2004
Updated July 27th 2004 15:11 UTC
MyDoom-O hits search engines hard.

    MyDoom-O hits search engines hard

    Update (July 27th 2004)



==========> 04-07-27-SecResponse-NewMydoomVirusDiscovered.txt==========

http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html

W32.Mydoom.M@mm
Discovered on: July 26, 2004
Last Updated on: July 27, 2004 10:40:41 AM

W32.Mydoom.M@mm is a mass-mailing worm that drops and executes a backdoor, 
detected as Backdoor.Zincite.A, that listens on TCP port 1034. The worm uses 
its own SMTP engine to send itself to email addresses it finds on the infected 
computer.


==========> 04-07-27-SJMerc-MyDoomWormVersionDisruptsSearchEngines.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9252165.htm

Posted on Tue, Jul. 27, 2004
Worm disrupts search engines
MYDOOM SLOWS MUCH TRAFFIC
By Chris O'Brien
Mercury News

The latest version of a troublesome computer worm emerged Monday with a new 
twist that played havoc with several major search engines.


==========> 04-07-28-Sophos-RankingsOfVirusAndWormThreats.txt==========

http://www.sophos.com/pressoffice/pressrel/uk/20040728topten.html

28 July 2004
Virus writing on the increase - Sasser worm the major irritant of 2004, but 
Netsky worms dominate reports
Sophos charts virus activity for first six months of 2004

A report published by Sophos, a world leader in protecting businesses against 
viruses and spam, reveals that the number of new viruses being written is 
increasing. In total, Sophos has detected and protected against 4,677 new 


==========> 04-07-29-CompWorld-SearchEnginesUsedToFindSourceCodeAndVulnerabilities.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,94880,00.html

Search engines expose vulnerabilities
Malicious hackers use search engines to parse through a Web site's source code
News Story by Mark Willoughby

JULY 29, 2004 (COMPUTERWORLD) - Internet search engines have long been used in 
uncovering vulnerabilities for launching attacks, and security experts expect 
malicious hackers to increase their use of the technology to find exploitable 
information.


==========> 04-07-30-CNETNews-GhettoHackersAnnounceGlobalHackingContest.txt==========

http://news.com.com/2100-7349_3-5291107.html

Hackers plan global game of 'capture the flag'
By Robert Lemos
Staff Writer, CNET News.com
Story last modified July 30, 2004, 2:03 PM PDT

LAS VEGAS--If everything goes as planned, for 72 hours next February hackers 
from all over the United States will hit targets across the Internet in the 
largest mass attack to date.


==========> 04-08-00-CACM-CertifiedEmailToGuaranteeDelivery.txt==========

Certified mail: the next challenge for secure messaging
Rolf Oppliger
August 2004 	  	
Communications of the ACM,  Volume 47 Issue 8 

The lack of evidence for message receipt is a missing piece of the 
infrastructure required for the more professional use of email.

The term "secure messaging" refers to the ability to provide data 
confidentiality, data integrity, data origin authentication, and 


==========> 04-08-00-CACM-HierarchicalAuthenticationStructuresMayNotBeSufficientlySecure.txt==========

Is hierarchical public-key certification the next target for hackers?
Mike Burmester, Yvo G. Desmedt
August 2004 	  	
Communications of the ACM,  Volume 47 Issue 8 

Considering alternatives to hierarchical authentication structures that are not 
sufficiently secure for communication on open networks such as the Internet.

The past few years have seen a remarkable growth of computer networks, with 
many new groundbreaking applications such as e-commerce, e-government, and 


==========> 04-08-02-NYT-HackersDiscoveringVoIP.txt==========

http://www.nytimes.com/2004/08/02/technology/02virus.html

August 2, 2004
Hackers Are Discovering a New Frontier: Internet Telephone Service
By KEN BELSON
The New York Times

Most new technology comes with risks, no matter how great the advantages. 
Computers, for instance, can store huge amounts of information, but they can 
also freeze, crash and melt down.


==========> 04-08-02-USAToday-ExpertsWarnCyberattackCouldBeHighlyDisruptive.txt==========

http://www.usatoday.com/tech/news/2004-08-02-cyber-terror_x.htm

Posted 8/2/2004 10:18 PM     Updated 8/3/2004 5:15 AM
Cyberterror impact, defense under scrutiny
By Jon Swartz, USA TODAY

SAN FRANCISCO — A terrorist threat is out there — and not just against physical 
structures.

A coordinated cyberattack against the USA could topple parts of the Internet, 


==========> 04-08-03-PCWorld-USCybersecurityUnitsRecruitingHackers.txt==========

http://www.pcworld.com/news/article/0,aid,117226,00.asp

Feds Seek a Few Good Hackers
War on terrorism distracts cybercops from routine hacking, and even encourages 
alliances.
Andrew Brandt, PC World
Tuesday, August 03, 2004

Attention, hackers: Uncle Sam wants you.
	


==========> 04-08-03-ZDNet-OracleRefusesToConfirmSecurityFlaws.txt==========

http://news.zdnet.co.uk/internet/security/0,39020375,39162536,00.htm

Oracle database flaws affect virtually all financial transactions
Munir Kotadia
ZDNet UK
August 03, 2004, 17:25 BST

Oracle is keeping quiet about allegations that its ubiquitous database has at 
least 30 security vulnerabilities that could allow hackers to compromise the 
confidentiality of virtually all financial transactions.


==========> 04-08-03-ZDNet-UKFirmDiscoversManySecurityFlawsInOracleSoftware.txt==========

http://news.zdnet.co.uk/software/applications/0,39020384,39162426,00.htm

Oracle software 'riddled with security holes'
Graeme Wearden
ZDNet UK
August 03, 2004, 11:35 BST

A UK company has reportedly discovered over 30 vulnerabilities in current and 
previous versions of Oracle's database applications.



==========> 04-08-04-NetWorld-ExpertSaysVirusWritersAreWinning.txt==========

http://nwfusion.com/news/2004/0804fsecure.html

Security expert Q&A: The virus writers are winning
By Bob Brown and Neal Weinberg
Network World Fusion, 08/04/04

Mikko Hyppönen has made a name for himself as a computer security expert in 
directing anti-virus research at Finland's F-Secure, a $45 million company that 
regularly issues alerts warning of network threats. He spoke recently with 
Network World News Editor Bob Brown and Features Editor Neal Weinberg about the 


==========> 04-08-07-WIred-HackerGetsCopiesOfInternalDataFromDieboldComputer.txt==========

http://www.wired.com/news/privacy/0,1848,59925,00.html

New Security Woes for E-Vote Firm 
By Brian McWilliams
02:00 AM Aug. 07, 2003 PT

Following an embarrassing leak of its proprietary software over a file transfer 
protocol site last January, the inner workings of Diebold Election Systems have 
again been laid bare.



==========> 04-08-09-PhysOrg-StevensInstProfDiscoversWeaknessesInWiFiSecurity.txt==========

http://www.physorg.com/news739.html

CompSci expert Wetzel spots weaknesses in Wi-Fi security
August 09, 2004
Researcher and colleagues warn of battery-draining, node-killing strategies

A research team led by Dr. Susanne Wetzel, an Assistant Professor of Computer 
Science at Stevens Institute of Technology, has produced a study of the 
weaknesses of Wi-Fi networks. Specifically, Wetzel’s team has discovered 
"stealth attack" methods of disrupting and draining power from individual nodes 


==========> 04-08-12-SeattlePI-BlasterWormVariantPerpetratorHeadedForPrison.txt==========

http://seattlepi.nwsource.com/business/185885_blaster12.html

Thursday, August 12, 2004
Blaster worm sender bound for prison
After plea deal, man can't explain why he did it
By JOHN COOK
SEATTLE POST-INTELLIGENCER REPORTER

The Minnesota man who unleashed a malicious variant of the MS Blaster computer 
worm last summer will likely spend 18 to 37 months in prison as part of a plea 


==========> 04-08-12-TheReg-BlasterWormVariantPerpetratorHeadedForPrison.txt==========

http://www.theregister.co.uk/2004/08/12/blaster_kiddie_pleads_guilty/

Blaster teen pleads guilty
By John Leyden (john.leyden at theregister.co.uk)
Published Thursday 12th August 2004 09:38 GMT

A Minnesota teenager pleaded guilty yesterday to unleashing a variant of the 
Blaster worm last August.

Jeffrey Lee Parson, 19, of Hopkins, Minnesota, admitted "intentionally causing 


==========> 04-08-16-SJMerc-DG-ServicePack2MakesComputerSaferButNotSafe.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9415518.htm

Posted on Mon, Aug. 16, 2004
Windows update makes data safer, but not safe
By Dan Gillmor
Mercury News Technology Columnist

In the insular world of technology, the release of a new Microsoft operating 
system or major update is always a big event. But the arrival of Windows XP 
``Service Pack 2'' has more meaning than usual.


==========> 04-08-18-TechNewsWorld-SpamAndVirusesBeingCombined.txt==========

http://www.technewsworld.com/story/35925.html

Convergence Quagmire: Viruses with Spam
By Jay Lyman
TechNewsWorld
08/18/04 10:52 AM PT

MessageLabs said that while the motivations of virus writers and spammers have 
historically been very different, the two have come together with one purpose: 
profit. "Virus writers and spammers are combining their skill sets to produce a 


==========> 04-08-18-VNUNet-SymantecCTOTalksAboutFutureOfITSecurity.txt==========

http://www.vnunet.com/analysis/1157431

A proactive approach to security
Symantec chief technical officer Robert Clyde talks to vnunet.com about the 
future of IT security
Iain Thomson, vnunet.com 18 Aug 2004

With over 25 years' experience in the security business, almost exclusively in 
Fortune 500 companies, Symantec's chief technology officer Robert Clyde 
currently serves as treasurer on the executive committee of the IT industry's 


==========> 04-08-23-CompWorld-802dot11iWirelessSecurity.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,95411,00.html

Wi-Fi Plays Defense
The new 802.11i wireless LAN security standard is a step forward, but Wi-Fi 
LANs still aren't impervious to attacks.
	
AUGUST 23, 2004 (COMPUTERWORLD) - Unbounded by the physical constraints of 
cabling and walls, wireless LANs have proved tricky to secure. Now that the 
long-awaited 802.11i standard for enhanced WLAN security has been ratified, can 
IT assume that WLANs have grown as secure as their cabled counterparts?


==========> 04-08-24-EWeek-ConcernsMountOverTerroristAttackOnInternet.txt==========

http://www.eweek.com/article2/0,1759,1639246,00.asp

Concerns Mount over Major Web Strike
August 24, 2004
By  David Morgenstern

A coordinated online strike against Internet servers by terrorists, dubbed 
"electronic jihad," may or may not strike this week, security experts said. One 
security researcher in Moscow warned that Thursday would be the day in question.



==========> 04-08-27-TheReg-USIndictsInstigatorOfDDoSAttackForHire.txt==========

http://www.theregister.co.uk/2004/08/27/ddos_mafia_busted/

Feds bust DDoS 'Mafia'
By Kevin Poulsen, SecurityFocus
Published Friday 27th August 2004 11:02 GMT

A Massachusetts businessman allegedly paid members of the computer underground 
to launch organized, crippling distributed denial of service (DDoS) attacks 
against three of his competitors, in what federal officials are calling the 
first criminal case to arise from a DDoS-for-hire scheme.


==========> 04-08-27-Wired-ArtExhibitFeaturesComputerVisusesAsArt.txt==========

http://www.wired.com/news/culture/0,1284,64724,00.html

Exhibit Features Viruses as Art 
By Michelle Delio
02:00 AM Aug. 27, 2004 PT

A major art exhibit exploring the beauty of programming code and the ugly ways 
in which some people use it will begin its world tour in September.

Curator Franziska Nori says the primary focus of the show, which features the 


==========> 04-08-30-EETimes-TestRevealEPassportSecurityAndPrivacyFlaws.txt==========

http://www.eetimes.com/sys/news/showArticle.jhtml?articleID=45400010

Tests reveal e-passport security flaw
By Junko Yoshida
EE Times
August 30, 2004 (9:00 AM EDT) 	
 

PARIS — The Department of Homeland Security's first tests of 
electronic-passport interoperability exposed technology flaws, including myopic 


==========> 04-09-00-ACMCrossroads-ComputerSecurityAndIntrusionDetection.txt==========

Computer security and intrusion detection
Khaled Labib
September 2004 	  	
Crossroads,  Volume 11 Issue 1 

Introduction

Computer attacks are now commonplace. By connecting your computer to the 
Internet, you increase the risk of having someone break in, install malicious 
programs and tools on it, and possibly use it to attack other machines on the 


==========> 04-09-00-ACMCrossroads-DistributedSecurityForAdHocNetworks.txt==========

A distributed security scheme for ad hoc networks
Dhaval Gada, Rajat Gogri, Punit Rathod, Zalak Dedhia, Nirali Mody, Sugata 
Sanyal, Ajith Abraham
September 2004 	  	
Crossroads,  Volume 11 Issue 1 

Introduction

In an ad hoc wireless network where wired infrastructures are not feasible, 
energy and bandwidth conservation are the two key elements presenting 


==========> 04-09-00-ACMNetWorker-TheStateOfSecurityAndSpywareOnTheInternet.txt==========

Putting it together: The state of security on the internet
Win Treese
September 2004 	  	
netWorker,  Volume 8 Issue 3 

How bad is security on the Internet? It seems that almost every day we see 
reports about new malicious software, and that's just in the popular media. In 
the specialized news of the computer security world, it's nearly impossible to 
keep up with the flood of detail about new viruses, worms, spam, spyware, or 
other attacks against computers on the network.


==========> 04-09-00-ACMQueue-VoIPSecurityShouldNotBeAnAfterthought.txt==========

Queue Focus: Voice Over IP: VoIP Security: Not an Afterthought
Douglas C. Sicker, Tom Lookabaugh
September 2004 	  	
Queue,  Volume 2 Issue 6 

Voice over IP (VoIP) promises to up-end a century-old model of voice telephony 
by breaking the traditional monolithic service model of the public switched 
telephone network (PSTN) and changing the point of control and provision from 
the central office switch to the end user’s device. Placing intelligence at the 
edge, in the Internet tradition, has a number of consequences: a wider 


==========> 04-09-00-CACM-ManagingP2PSecurity.txt==========

Technical opinion: Managing P2P security
Jason E. Bailes, Gary F. Templeton
September 2004 	  	
Communications of the ACM,  Volume 47 Issue 9 

Considering the potential benefits and trade-offs of file-sharing systems.

Since its inception, the Internet has thrived on a myriad of innovative 
concepts and technologies [4]. Recently, the peer-to-peer (P2P) architecture 
has evolved to empower masses of users to share a variety of file types, 


==========> 04-09-00-InfoSecMag-USCriticalInfrastructureRemainsVulnerable.txt==========

http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss467_art974,00.html

September 2004
Mission: Critical
Despite heightened post-9/11 security awareness, the U.S. critical 
infrastructure remains vulnerable to attack.
BY STEPHEN BARLAS, ALAN EARLS, MICHAEL FITZGERALD, JERRI LEDFORD AND DENNIS 
MCCAFFERTY
Info Security Magazine



==========> 04-09-13-UToronto-ProfsResearchComputerHackingAndDataRecovery.txt==========

http://www.news.utoronto.ca/bin6/040913-452.asp

Profs patrol cyberspace
Electrical and computer engineering professors research computer hacking and 
data recovery
September 13, 2004
by Karen Kelly (about)

Somewhere between crime fighter and computer techie, you’ll find electrical and 
computer engineering professors David Lie and Ashvin Goel. But these two aren’t 


==========> 04-09-21-NSF-CyberTrustProgramFundsCMUandUCSDCenters.txt==========

http://www.nsf.gov/od/lpa/newsroom/pr.cfm?ni=15000000000118

NSF Press Release
NSF PR 04-124 - September 21, 2004
Media contact: 	David Hart, NSF 	 (703) 292-7737 	dhart@nsf.gov
Program contact: 	Carl Landwehr, NSF 	 (703) 292-8950 	
clandweh@nsf.gov

NSF Announces Two Cybersecurity Centers to Study Internet Epidemiology and 
"Ecology"


==========> 04-09-24-ChronHigherEd-Spafford-NoSoftwareIsSecure.txt==========

# "Whether Linux or Windows, No Software Is Secure"
Chronicle of Higher Education (09/24/04) Vol. 51, No. 5, P. B21; Spafford, 
Eugene H.; Wilson, David L.

The debate about whether the Windows or Linux operating system is more secure 
obscures the more important issue of generally shoddy software development, 
argue Purdue University researchers Eugene Spafford and David Wilson: Although 
different arguments and figures can be used to support either open-source or 
proprietary software, the fact is that software of both types can either be 
secure or insecure. The OpenBSD operating system is a good example of a secure 


==========> 04-09-28-GermanSecurityFirmHiresWriterOfNetskyAndSasserVirusVariants.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9780350.htm

Posted on Tue, Sep. 28, 2004
Security firm hires writer of worms
TEENAGER LANDS JOB WITH GERMAN SOFTWARE MAKER
By Dan Lee
San Jose Mercury News

Here's one way for a company to get noticed in the crowded world of Internet 
security: Hire someone whose résumé is topped off with a job title ``virus 


==========> 04-09-29-SJMerc-CyberGateKeeperKeepsOutOfDateComputersOffLocalNetwork.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9787870.htm

Posted on Wed, Sep. 29, 2004
Keeping out the bugs
SYSTEM ACTS AS `SCREENER' FOR REMOTE COMPUTER USERS
By Michael Bazeley
San Jose Mercury News

Want to make life miserable for your company's network support staff? Just plug 
your virus-infected laptop into the corporate network and let the digital bug 


==========> 04-09-30-EWeek-ApplicationDevelopersNeedToIncreaseSecurityEfforts.txt==========

http://www.eweek.com/article2/0,1759,1663671,00.asp

App Developers Need to Redouble Security Efforts
September 30, 2004
By Esther Schindler
EWeek

PHOENIX—Most enterprise developers can recite various software architecture 
layers as though it's the easy question on the computer science final exam: 
operating system, application server, Web server, database server, application, 


==========> 04-09-30-HarvardU-ProfDevelopingSWToolsToCheckProgramsForSecurityProblems.txt==========

http://www.news.harvard.edu/gazette/2004/09.30/03-morrisett.html

The search for computer security
Morrisett says safety these days is (unfortunately) a matter of trust
By Alvin Powell
Harvard News Office
September 30, 2004

It's a computerized jungle out there, with viruses, worms, Trojan horses, and 
other electronic predators waiting to wreak havoc on an unprotected computer.


==========> 04-09-30-USACM-CouncilOfEuropeAcceleratesActionOnCybercrimeConvention.txt==========

===================================================
ACM Washington Update Vol. 8.9 (September 30, 2004)
===================================================

The Council of Europe held a meeting in Strasbourg, France, recently to
get governments worldwide to accelerate ratification of the 2001
Cybercrime Convention, the first international treaty to combat Internet
crimes.  For more information about the conference, see
<http://www.coe.int/T/E/Com/Files/Events/2004-09-cybercrime/>.  In June,
the U.S. Senate Foreign Relations Committee heard testimony regarding


==========> 04-09-30-WashPost-FlawsInMSAppsAllowVirusesPlantedInJPEGImages.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A45126-2004Sep23.html

Danger of Image-Borne Viruses Looms
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, September 30, 2004; 2:36 PM

Hackers are close to finding a way to spread harmful computer viruses just by 
getting people to open an e-mail message or visiting an infected Web site, 
computer security experts warned yesterday.


==========> 04-10-00-CACM-SecrecyDoesNotProvideSecurity.txt==========

Inside risks: The nonsecurity of secrecy
Bruce Schneier
October 2004 	  	
Communications of the ACM,  Volume 47 Issue 10 

Considerable confusion exists between the different concepts of secrecy and 
security, which often causes bad security and surprising political arguments. 
Secrecy usually contributes only to a false sense of security.

In June 2004, the U.S. Department of Homeland Security urged regulators to keep 


==========> 04-10-00-NewSci-IMProgramCouldBreakIntoComputers.txt==========

http://www.newscientist.com/news/news.jsp?id=ns99996529

Instant messenger could control hacked computers
17:16 13 October 04
NewScientist.com news service

A US computer programmer has created a software robot that uses instant 
messenger – a program that allows people to exchange messages over the internet 
in real time - to control a computer remotely.



==========> 04-10-01-SJMerc-DHSCybersecurityChiefCifesFrustrationInResigning.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9811404.htm

Posted on Fri, Oct. 01, 2004
U.S. cybersecurity chief abruptly resigns, cites frustration
San Jose Mercury News

WASHINGTON (AP) - The government's cybersecurity chief has abruptly resigned 
from the Homeland Security Department amid a concerted campaign by the 
technology industry and some lawmakers to persuade the Bush administration to 
give him more authority and money for protection programs.


==========> 04-10-04-InfoWorld-SuperConnectedIMUsersAidSpreadOfWorms.txt==========

http://www.infoworld.com/article/04/10/04/HNimworms_1.html

Super-connected users could aid IM worms
Traditional antivirus technology too slow against worms spread by highly 
connected users
Info World
By Paul Roberts, IDG News Service 	October 04, 2004 

Just a few users connected to popular instant messaging (IM) networks can cause 
the spread of worms, while choking off communications from "highly connected" 


==========> 04-10-05-SciTech-NSFCenterForInternetDefensesTargetsCyberPlagues.txt==========

http://www.sci-tech-today.com/story.xhtml?story_title=Cyber-Center-Targets-Inter
net-Plagues&story_id=27387&category=innv

Cyber Center Targets Internet Plagues
By Mike Martin
Sci-Tech Today
October 5, 2004 7:30PM

The new Center for Internet Epidemiology and Defenses (CIED) will tackle "a 
grand-challenge problem for computer security researchers: defending against 


==========> 04-10-05-SJMerc-HackersAttackDutchGovtWebSites.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9842193.htm

Posted on Tue, Oct. 05, 2004
Hackers Attack Dutch Government Web Sites
Associated Press

AMSTERDAM, Netherlands - Several Dutch government Web sites remained offline 
Tuesday after an attack by hackers protesting unpopular policies of the 
right-wing Cabinet, the government said.



==========> 04-10-05-SJMerc-T-MobileUpgradesSecurityAtWiFiLocations.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9839257.htm

Posted on Tue, Oct. 05, 2004
Security upgrade at WiFi locations
NEW SYSTEM ADDS LEVEL OF PRIVACY
By Sam Diaz
Mercury News

Starting today, users of wireless broadband should find it safer to surf the 
Web from a T-Mobile HotSpot.


==========> 04-10-08-CNETNews-ApplicationsSecurityConsortiumDefinesFirewallBenchmark.txt==========

http://news.com.com/Group+aims+to+create+hallmark+of+security/2100-1029_3-544315
4.html

Group aims to create hallmark of security
By Dawn Kawamoto and Matt Hines
CNET News
Story last modified November 8, 2004, 4:54 PM PST

A small group of security companies has set a baseline standard for application 
firewalls and has challenged the industry's biggest players to put their goods 


==========> 04-10-12-GlobeMail-TheQuestForSecureComputerPrograms.txt==========

http://www.globetechnology.com/servlet/story/RTGAM.20041001.gtkirwanoct1/BNStory
/Technology/

The quest for secure code
By Mary Kirwan
Special to Globe and Mail Update
Tuesday, Oct 12, 2004

Mary Kirwan is a lawyer on three continents, a writer and IT security expert. 
She is currently completing a book on IT security for industry, for broad 


==========> 04-10-13-InfoSocTech-VocalidCardsUseCryptoAcousticTechnologyForSecureTransactions.txt==========

http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Feat
ures/ID/70301

Secure online transactions worth talking about
13 Oct 2004
Info Societies Tech

Trials of European IST Prize-winning Vocalid® technology, based on 
crypto-acoustic smart cards that ensure secure, online transactions over any 
phone or computer, have shown strong support.


==========> 04-10-13-SJMerc-USAndIndiaAgreeToCooperateOnTechSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9909428.htm

Posted on Wed, Oct. 13, 2004
U.S., India to cooperate on tech security
San Jose Mercury News

NEW DELHI (AP) - India and the United States agreed Wednesday to develop new 
ways of securing data and to expand cooperation to protect networks from 
destructive viruses and computer hackers.



==========> 04-10-15-InformIT-FightingVirusesWithGoodViruses.txt==========

http://www.informit.com/articles/article.asp?p=337309

Fighting Fire with Fire: Designing a "Good" Computer Virus
Date: Oct 15, 2004 By Cyrus Peikari.
Cyrus Peikari demonstrates methods to design and test a live, attenuated 
computer virus vaccine using real-world simulation.
InformIT

Introduction



==========> 04-10-18-CNETNews-ThrowingMoneyAtCyberSecurity.txt==========

http://news.com.com/2009-1009_3-5395361.html

Throwing money at technology
By Robert Lemos and Mike Yamamoto
Staff Writers, CNET News.com
October 18, 2004, 4:00 AM PDT

As part of California's effort in the war on terror, state legislators this 
year proposed that trucks hauling hazardous materials be fitted with 
technologies that would allow authorities to seize control of hijacked 


==========> 04-10-18-SJMerc-CiscoAndMSToWorkTogetherToFightViruses.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9948262.htm

Posted on Mon, Oct. 18, 2004
Cisco, Microsoft join forces in fighting viruses
San Jose Mercury News

Cisco Systems and Microsoft today will announce they are cooperating to help 
customers ward off Internet viruses and worms.

The agreement marks the first time the two tech titans have worked together to 


==========> 04-10-19-SecFocus-UCBHackingAllowedAccessToDataOn600KPeople.txt==========

http://www.securityfocus.com/news/9758

California reports massive data breach
By Kevin Poulsen
SecurityFocus Oct 19 2004 5:02PM

The FBI is investigating the penetration of a university research system that 
housed sensitive personal data on a staggering 1.4 million Californians who 
participated in a state social program, officials said Tuesday.



==========> 04-10-19-TechWeb-AntiVirusSoftwareCanBeFooledByHackers.txt==========

http://www.techweb.com/wire/networking/50500804

Anti-Virus Can Be Tricked By Hackers
By TechWeb.com
October 19, 2004 (1:52 PM EDT)

The anti-virus detection engines of several big-name vendors, including McAfee 
and Computer Associates, can be fooled by hackers, a U.S.-based security 
intelligence firm warned Tuesday.



==========> 04-10-20-TheReg-RegisterSuffersDDOSAttack.txt==========

http://www.theregister.co.uk/2004/10/20/register_ddos/

Register suffers DDOS attack
By Drew Cullen (drew.cullen at theregister.co.uk)
Published Wednesday 20th October 2004 12:21 GMT

Update Around 7am BST this morning, The Register came under DDOS attack. The 
attack continues — and is increasing in severity — but our hosting provider is 
doing what it can to mitigate its effects. ®
Update 14:30 BST


==========> 04-10-21-CNETNews-Lofgren-BillIntroducedToPromoteCybersecurity.txt==========

http://news.com.com/Thumb+twiddling+on+cybersecurity/2010-7348_3-5420059.html

Thumb twiddling on cybersecurity
By Zoe Lofgren
Story last modified October 21, 2004, 4:00 AM PDT
CNET News

Threats and vulnerabilities to our global computer networks and systems are 
growing faster than we can address them.



==========> 04-10-21-SJMerc-UCBHackingAllowedAccessToDataOn600KPeople.txt==========

http://www.siliconvalley.com/mld/siliconvalley/9975199.htm

Posted on Thu, Oct. 21, 2004
UC hacking may have gotten data on 600,000
SECURITY BREACH NOT REPORTED FOR WEEKS
By Dan Lee and Andrew LaMar
Mercury News

A hacker who broke into the computer system of the University of 
California-Berkeley may have gained access to names, Social Security numbers 


==========> 04-10-25-EntSec-ResearchersStudyWiFiSecurityWeaknesses.txt==========

http://enterprise-security-today.newsfactor.com/story.xhtml?story_id=27842

Mobile Security 	
Researchers Study Wi-Fi Weaknesses
By Mike Martin
Enterprise Security Today
October 25, 2004 1:30PM

"Most of today's communication infrastructure is based on trustworthy 
collaboration among information routers," says Professor Suzanne Wetzel. 


==========> 04-10-25-GovtCompNews-CybersecurityIsIndustryBurden.txt==========

http://gcn.com/23_31/interview/27654-1.html

10/25/04; Vol. 23 No. 31
IT security is the industry’s burden
By William Jackson
GCN Staff

Paul Kurtz heads the Cyber Security Industry Alliance of Washington. But he 
spent most of his career at the State Department, where he began as an intern 
in 1986.


==========> 04-10-25-SJMerc-SecurityForHomeInternetUsersWeak.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10007411.htm

Posted on Mon, Oct. 25, 2004
Security for Internet Users Deemed Weak
TED BRIDIS
Associated Press

WASHINGTON - Internet users at home are not nearly as safe online as they 
believe, according to a nationwide inspection by researchers. They found most 
consumers have no firewall protection, outdated antivirus software and dozens 


==========> 04-10-27-InfoSocTech-JavaSmartCardsPromiseSecurityAndReliability.txt==========

http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Feat
ures/ID/70511

Adding reliability and trust to smartcards
Information Society Technologies
27 Oct 2004

Enabling the widespread adoption of the latest generation of Java Card 
smartcards is VerifiCard, an IST project that developed models and tools to 
verify the cards, helping to guarantee reliability and trust in the technology.


==========> 04-10-27-VNUNet-CybersecurityRequiresIndustryAndGovernmentToShareInfo.txt==========

http://www.vnunet.com/news/1159016

Information sharing crucial for IT security
Cabinet Office issues review looking at UK public and private sector initiatives
Daniel Thomas, Computing 27 Oct 2004

Government departments and businesses must share information and provide better 
staff training if IT security is to improve in the UK, says the government's 
chief security and intelligence co-ordinator, Sir David Omand.



==========> 04-10-28-CNETNews-HackersNowEarningMoneyFromTheirExploits.txt==========

http://news.com.com/Hacking--do+the+pros+now+rule/2008-1082_3-5429687.html

Hacking--do the pros now rule?
By Ong Boon Kiat
Story last modified October 28, 2004, 4:00 AM PDT
CNET News

The chief scientist of security company Internet Security Systems believes 2004 
could prove to be a watershed year for hacking.



==========> 04-10-31-USACM-InfoTechIndustrySeeksElevationOfCybersecurityAtDHS.txt==========

===================================================
ACM Washington Update Vol. 8.9 (October 31, 2004)
===================================================

[2] IT INDUSTRY SEEKS ELEVATION OF CYBERSECURITY AT DHS

The Director of the Department of Homeland Security's (DHS's) National
Cyber Security Division, Amit Yoran, submitted his resignation in
October.  The abrupt move followed recent calls to incorporate the
director's position and the Cyber Security Division into the White


==========> 04-11-00-ACMQueue-BookReview-WiFoo-SecretsOfWirelessHacking.txt==========

REVIEWS: Review of "Wi-Foo: The Secrets of Wireless Hacking by Andrew 
Vladimirov, Konstantin V. Gravrilenko, and Andrei A. Mikhailovsky". Pearson 
Education, 2004, ISBN 0-321-20217-1.
Rita Puzmanova
November 2004 	  	
Queue,  Volume 2 Issue 8 

Anyone who is interested and involved in wireless networking will be nicely 
surprised by a book that explains and supports WLAN (wireless local area 
network) security implementers, security managers, and (last but not least) 


==========> 04-11-00-GovtSecNews-DHSCreatesDETERCybersecurityTestbed.txt==========

http://www.gsnmagazine.com/nov_04/deter_program.html

"DETER" fills IT security testing void
Government Security News
November 2004
By Barbara DePompa

One of the biggest challenges to creating security technologies that 
effectively protect against worms, viruses and other malicious code attacks is 
inadequate independent testing and evaluation, a shortcoming which prompted the 


==========> 04-11-04-Yahoo-USAndEuropeUnpreparedForCyberAttack.txt==========

http://uk.news.yahoo.com/041104/80/f5z2i.html

Thursday November 4, 03:05 PM
U.S. and Europe unprepared for cyber attack
By Bernhard Warner, European Internet Correspondent

BARCELONA, Spain (Reuters) - Future widescale terror attacks will be executed 
by a person sitting behind a computer, not necessarily by a suicide truck 
bomber or plane hijacker, a United States lawmaker predicted on Thursday.



==========> 04-11-05-ChronHigherEd-UniversitiesDealWithHackerAttacks.txt==========

# "When Hackers Attack"
Chronicle of Higher Education (11/05/04) Vol. 51, No. 11, P. A29; Read, Brock

College and university IT administrators are learning to deal with hacker 
intrusions aggressively, implementing tough password-change policies and 
stepping up efforts to educate users. When Purdue University IT officials 
discovered their network had been hacked by someone using about 100 stolen 
passwords, they sent email messages about the attack to 60,000 users at the 
school's main campus; within 24 hours, about 15,000 students, faculty, and 
employees had changed their passwords at a Web site especially created for that 


==========> 04-11-10-WSJ-ComputerSecurityIsAGrowingBusiness.txt==========

# "Battling Hackers Is a Growth Industry"
Wall Street Journal (11/10/04) P. B3B; Richmond, Riva

Job opportunities and salaries for technology professionals have lessened in 
recent years, due to competition and lower technology spending, but a new study 
from IDC reports that security specialists are operating in an expanding market 
thanks to an increase in malicious attacks on computer systems, new 
regulations, and the risks posed by new communications technologies. IDC 
analyst Allan Carey says organizations are looking particularly for security 
specialists with business expertise, and forecasts that the number of full-time 


==========> 04-11-11-WSJ-MydoomWormRenewsDebateOnNotification.txt==========

"Mydoom Worm Renews Debate on Cyber-Ethics"
Wall Street Journal (11/11/04) P. B1; Bank, David

The new Mydoom worm variant takes advantage of a security vulnerability that 
does not yet have a patch. Many programmers hunt for bugs in software, with 
most of them trying to help users by disclosing the flaws so they can be fixed. 
But the disclosures can help malicious hackers as well and cyberethics experts 
say the issue needs to be addressed. The new Mydoom variant arrives in an email 
message that seems to come from PayPal, and clicking on the link within 
releases the worm into the computer. The worm then sends out more email and 


==========> 04-11-12-CNETNews-SupercomputerClustersNeedToAddressCybersecurity.txt==========

http://news.com.com/Study+Supercomputer+clusters+shortchange+security/2100-7337_
3-5449344.html

Study: Supercomputer clusters shortchange security
By Stephen Shankland
CNET News
Story last modified November 12, 2004, 8:58 AM PST

The popular "clustering" approach to supercomputing is indeed useful, but U.S. 
researchers need to explore different directions in the field to ensure the 


==========> 04-11-12-CornellSun-PanelDiscussesCyberterrorism.txt==========

http://www.cornellsun.com/vnews/display.v/ART/2004/11/12/419446620aff2

Panel Discusses Threat of Cyberterrorism at Workshop
November 12, 2004
by Casey Holmes
Cornell Daily Sun Staff Writer
Discussing cyberterrorism. Seymour Goodman, professor at the Sam Nunn School of 
International Affairs, speaks about cyberterrorism yesterday.
Michael Belkin / Sun Staff



==========> 04-11-12-PennStateU-QFilterProvidesIncreasedDatabaseSecurity.txt==========

http://live.psu.edu/story/8954

New software developed by Penn State improves database security
Friday, November 12, 2004
Penn State Univ.

University Park, Pa.-- Penn State researchers have developed software that more 
quickly and efficiently ensures that databases don't release unauthorized 
information.



==========> 04-11-13-NewSci-CheritonProposesRadicalExtensionAsAlternativeToIPv6.txt==========

# "How to Mend a Broken Internet"
New Scientist (11/13/04) Vol. 184, No. 2473, P. 46; O'Brien, Danny

Stanford University computer science professor David Cheriton warns that the 
Internet will soon play a crucial role in the operation of virtually every 
critical communication network, and give enemies the opportunity to inflict 
potentially catastrophic economic damage through cyberattacks. In addition to 
inadequate security, the Internet is suffering from a shortage of IP address 
space, a problem that the Internet Engineering Task Force (IETF) has been 
trying to rectify with the development and deployment of IP version 6 (IPv6); 


==========> 04-11-15-CompWorld-SecurityProsBemoanLackOfStrategicFocus.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,97494,00.html

Security Pros Bemoan Need for Tactical Focus
More proactive initiatives fall by the wayside, conference attendees say
News Story by Jaikumar Vijayan
	
NOVEMBER 15, 2004 (COMPUTERWORLD) - WASHINGTON -- Operational and tactical 
considerations continue to dominate the IT security agenda, despite a growing 
need for more strategic approaches to data protection, said attendees at the 
Computer Security Institute's annual conference here last week.


==========> 04-11-15-InfoWeek-RFIDSecurityAndPrivacyIssues.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=52601030

RFID's Security Challenge
Security -- and its high cost -- appears to be the next hurdle in the 
widespread adoption of RFID.
By Thomas Claburn,  George V. Hulme,  InformationWeek
Nov. 15, 2004

No one has complained of a security breach related to an RFID deployment--yet. 
Businesses and vendors alike acknowledge that security remains a question mark 


==========> 04-11-15-SciAm-SomeBluetoothDevicesVulnerableToHacking.txt==========

http://www.sciam.com/article.cfm?chanID=sa004&articleID=0003B6DC-3503-1179-B5038
3414B7FFE9F

November 15, 2004
Connection Blues
A hole for external control of Bluetooth devices
By Wendy M. Grossman
Scientific American
		
My mobile phone, lying on the table in front of me, flashes "Connecting" a 


==========> 04-11-17-CNETNews-ExUSCybersecurityCzarCitesProblems.txt==========

http://news.com.com/Straight+talking+on+terrorism/2008-1082-5455084.html

Straight talking on terrorism
By Dan Ilett
Story last modified November 17, 2004, 4:00 AM PST
CNET News

When the second plane hit the World Trade Center on Sept. 11, 2001, Richard 
Clarke didn't wait around for President Bush to react.



==========> 04-11-17-DenPost-HackersBreakIntoColoradoUComputerSystem.txt==========

http://www.denverpost.com/Stories/0,1413,36~53~2539839,00.html

Article Published: Wednesday, November 17, 2004
Colleges easy prey to hackers
Online security targeted
By George Merritt
Denver Post Staff Writer

Post / Helen H. Richardson
Dennis Maloney is executive director of Information Technology Services at the 


==========> 04-11-18-CNETNews-CybersecurityNeedsLeadership.txt==========

http://news.com.com/Cybersecurity+and+the+question+of+leadership/2010-7348_3-545
8093.html

Cybersecurity and the question of leadership
By Roger Cochetti
Story last modified Thu Nov 18 10:13:00 PST 2004
CNET News

The word "czar" sounds so anachronistic. It conjures up images of leaders in 
some long-ago hinterland, living behind moats and writing decrees on parchment.


==========> 04-11-18-UFlorida-UFResearcherDevelopsComputerIntruderDetectionSystem.txt==========

http://www.newswise.com/articles/view/508343/

Intruder Alert: Method Provides Double Computer Crime-Solving Evidence
Univ of Florida
Nov. 18 2004

Description
Like an episode of "CSI: Computers," a UF researcher has developed a technique 
that gives digital detectives twice the forensic evidence they now have to 
catch all kinds of hackers, from curious teenagers to disgruntled employees to 


==========> 04-11-19-GovtCompNews-CommitteeSaysMoreFundingNeededForCybersecurityRandD.txt==========

http://www.gcn.com/vol1_no1/daily-updates/27979-1.html

11/19/04
More funding needed for security R&D, IT committee says
By William Jackson
Government Computer News Staff

The government has shortchanged basic research into cybersecurity and should at 
least quadruple the money available for civilian research, the President’s IT 
Advisory Committee says.


==========> 04-11-22-CompWorld-CMUsCyLabToStudycomputerSecurity.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,97629,00.html

Pointillist Protection
A Georges Seurat approach to vulnerabilities.
Future Watch by Matt Hamblen
	
NOVEMBER 22, 2004 (COMPUTERWORLD) - Carnegie Mellon University is researching 
some of the biggest challenges in computer security, data availability and 
systems reliability through a year-old interdisciplinary program known as CyLab.



==========> 04-11-22-GovtCompNews-SomeProgressInCybersecurityAtUSFederalLevel.txt==========

http://gcn.com/23_33/security/27966-1.html

11/22/04; Vol. 23 No. 33
A few steps forward, a few back
By William Jackson
GCN Staff

Former cyberczar sees progress in securing cyberspace, but says government 
‘really doesn’t know what its IT assets are’



==========> 04-11-29-USAToday-TestShowsUnprotectedPCsLikelyToBeCompromised.txt==========

http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm

Posted 11/29/2004 11:21 PM     Updated 11/30/2004 4:02 AM
Unprotected PCs can be hijacked in minutes
By Byron Acohido and Jon Swartz, USA TODAY
SAN FRANCISCO — Surfing the Web has never been more risky.

Simply connecting to the Internet — and doing nothing else — exposes your PC to 
non-stop, automated break-in attempts by intruders looking to take control of 
your machine surreptitiously.


==========> 04-11-30-AvantGarde-TestShowsUnprotectedPCsLikelyToBeCompromised.txt==========

http://www.avantgarde.com/ttln113004.html

Automated “Bots” Overtake PCs Without Firewalls Within 4 Minutes
AvantGarde
Experiment Reveals How Different Platforms Protect Against Internet Attacks

SAN FRANCISCO, Calif., November 30, 2004 – Avantgarde today released a study 
that showed that automated “bots,” worms and other threats pummeled six 
computer platforms over a two-week period with 305,955 total attacks. Results 
also revealed that an inadequately protected computer fell victim to an actual 


==========> 04-11-30-SeattlePI-HPToIncludeAntiVirusSoftwareWithServers.txt==========

http://seattlepi.nwsource.com/business/aptech_story.asp?category=1700&slug=Virus
%20Throttling%20Software

Tuesday, November 30, 2004 · Last updated 6:48 p.m. PT
HP touts software to slow computer worms
Seattle Post-Intelligencer
By RACHEL KONRAD
AP TECHNOLOGY WRITER

SAN FRANCISCO -- Engineers at Hewlett-Packard Co. are working on 


==========> 04-11-30-TchWeb-TestShowsUnprotectedPCsLikelyToBeCompromised.txt==========

http://www.techweb.com/wire/security/54201306

Unprotected PCs Fall To Hacker Bots In Just Four Minutes
By Gregg Keizer, TechWeb.com
November 30, 2004 (2:40 PM EST
TechWeb

The lifespan of a poorly protected PC connected to the Internet is a mere four 
minutes, research released Tuesday claimed. After that, it's owned by a hacker.



==========> 04-12-00-ACMNetWorker-PackagedSolutionsToNetworkSecurity.txt==========

The last word: Network security, off the racks
Aaron Weiss
December 2004 	  	
netWorker,  Volume 8 Issue 4 

Quite a few years ago I wrote a book about protecting yourself on the Internet. 
The book was aimed at the first wave of mainstream users to hit the global 
network, as traffic spread beyond the scientific and academic communities. In 
it, I argued a "reasonable precautions" thesis of home—in essence, the Internet 
was like a house, and so long as you locked your windows and doors, you'd 


==========> 04-12-00-BusCommRev-TheEvolutionOfNetworkSecurity.txt==========

http://www.bcr.com/bcrmag/2004/12/p14.php

Enemy At The Gates: The Evolution Of Network Security
from the December 2004 issue of Business Communications Review, pp. 14–18
by Jeff Wilson, principal analyst, VPNs and security, with Infonetics Research, 
specializing in firewalls, IDS/IPS, VPNs, integrated security appliances, and 
application security.

In the beginning there were good guys and bad guys. The bad guys, the Hackers, 
hid out in a secret fortress called “the cloud,” launching attacks on the good 


==========> 04-12-00-CACM-AssessingExtentOfSecurityRislsInWirelessNetworking.txt==========

Digital village: Wireless infidelity II: airjacking
Hal Berghel, Jacob Uecker
December 2004 	  	
Communications of the ACM,  Volume 47 Issue 12 

Assessing the extent of the security risks involved in wireless networking 
technology by considering three possible scenarios demonstrating 
vulnerabilities.

In the previous column (September 2004), I discussed the history and practice 


==========> 04-12-00-CACM-ProtectionOfArtisticContentFromIllegalDistribution.txt==========

Security watch: The many colors of multimedia security
Rebecca T. Mercuri
December 2004 	  	
Communications of the ACM,  Volume 47 Issue 12 

Protection of artistic content from illegal distribution involves significant 
gray areas in terms of methods and laws.

Digital multimedia (whether it be audio, video, or still photography and art) 
is exposed to a broad spectrum of security problems. From the standpoint of the 


==========> 04-12-00-CACM-SecurityInDistributionOfDigitalMedia.txt==========

The many colors of multimedia security
Communications of the ACM archive
Volume 47 ,  Issue 12  (December 2004) table of contents
Rebecca T. Mercuri 	 Harvard University

ABSTRACT

Protection of artistic content from illegal distribution involves significant 
gray areas in terms of methods and laws.



==========> 04-12-00-CommACM-ProtectingArtisticContentFromIllegalDistribution.txt==========

Security watch: The many colors of multimedia security
Rebecca T. Mercuri
December 2004 	  	
Communications of the ACM,  Volume 47 Issue 12 

Protection of artistic content from illegal distribution involves significant 
gray areas in terms of methods and laws.

Digital multimedia (whether it be audio, video, or still photography and art) 
is exposed to a broad spectrum of security problems. From the standpoint of the 


==========> 04-12-01-SJMerc-HPToIncludeAntiVirusSoftwareWithServers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10312217.htm

Posted on Wed, Dec. 01, 2004
HP to include anti-virus software with servers
`THROTTLER' CHOKES OFF ABNORMAL PROGRAMS
By Therese Poletti
Mercury News

Hewlett-Packard said Tuesday that it will begin selling corporate computers 
installed with ``Virus Throttler'' software next year to stop the spread of 


==========> 04-12-02-CompWorld-CodeCheckingToolsNeededToFindSecurityBugs.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,97988,00.html

Former cybersecurity czar: Code-checking tools needed
Computer World
News Story by Grant Gross
	
DECEMBER 02, 2004 (IDG NEWS SERVICE) - WASHINGTON -- Software vendors need 
automated tools that look for bugs in their code, but it may be a decade before 
many of those tools are mature and widely used, said the former director of 
cybersecurity for the U.S. Department of Homeland Security.


==========> 04-12-03-SJMerc-MailingAboutUCBSecurityBreach.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10333652.htm

Posted on Fri, Dec. 03, 2004
California to notify 1.4 million of hacking risk
MAILING ABOUT UC-BERKELEY SECURITY BREACH WILL COST $691,000
By Andrew LaMar
Knight Ridder Sacramento Bureau

SACRAMENTO - The state will spend $691,000 to mail notices to 1.4 million 
Californians next week alerting them that their personal information might have 


==========> 04-12-05-SeattlePI-FormerCIAChiefWarnsOnCyberterror.txt==========

http://seattlepi.nwsource.com/business/aptech_story.asp?category=1700&slug=Gates
%20Terrorism

Sunday, December 5, 2004 · Last updated 9:54 a.m. PT
Seattle Post-Intelligencer
Ex-CIA chief Gates warns on cyberterror
By PAM EASTON
ASSOCIATED PRESS WRITER

HOUSTON -- Cyberterrorism could be the most devastating weapon of mass 


==========> 04-12-06-SJMerc-FormerCIAChiefWarnsOnCyberterror.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10346318.htm

Ex-CIA Chief Gates Warns on Cyberterror
PAM EASTON
Associated Press
San Jose Mercury

HOUSTON - Cyberterrorism could be the most devastating weapon of mass 
destruction yet and could cripple the U.S. economy, former CIA Director Robert 
Gates said at a terrorism conference Saturday.


==========> 04-12-07-WSJ-ComputerSecurityIndustryRecommendations.txt==========

# "Tighter Cyber Protection Is Urged by Computer-Security Industry"
Wall Street Journal (12/07/04) P. A3; Bank, David

Computer-security industry executives today intend to release a series of 
recommendations to the Bush administration for addressing cybersecurity issues, 
which many feel the White House has given short shrift to. "We believed 
[cybersecurity] would be an agenda item visible at the highest levels of 
government," notes Symantec CEO John Thompson. "That has certainly not been the 
case." Actions that the Cyber Security Industry Alliance wants the White House 
to take include pressuring the Senate to sanction Europe's cybercrime treaty, 


==========> 04-12-09-InvestBusDaily-TimeToExploitVulnerabilitiesDecreasing.txt==========

# "In Network Security, 'To Beat the Clock' Is No Longer a Game"
Investor's Business Daily (12/09/04) P. A4; Howell, Donna

The window between the discovery of software vulnerabilities and their 
exploitation by hackers is shrinking, so companies have less time to come up 
with patches. Gartner predicts that 30 percent of all online exploits in 2006 
will occur within a month of patch availability, and Gartner analyst John 
Pescatore says such developments are forcing companies to explore and implement 
different security measures, such as intrusion prevention and network access 
control. Examples of host-based intrusion prevention include software from MIT 


==========> 04-12-10-EWeek-USCyberSecurityOfficePlansToMoveAhead.txt==========

http://www.eweek.com/article2/0,1759,1739061,00.asp

Cyber-Security Office Calls for More Clout
By Wayne Rash
December 10, 2004 	
EWeek

The office in charge of cyber-security in the Department of Homeland Security 
is planning to continue moving ahead on the agenda the agency has already set.



==========> 04-12-12-Wired-CellPhoneSecurityIssues.txt==========

http://www.wired.com/wired/archive/12.12/phreakers.html

They've Got Your Number … 
… your text messages and address book, and a way to bug your calls. Why spam, 
scams, and viruses are coming soon to a phone near you.
By Annalee Newitz

It's a beautiful afternoon in Shepherd's Bush, a bustling neighborhood on the 
outskirts of London, and Adam Laurie is feeling peckish. Heading out of the 
office, he's about to pick up more than a sandwich. As he walks, he'll be 


==========> 04-12-13-CNETNews-CodeAnalysisProjectSuggestsLinuxHasFewerFlawsThanWindows.txt==========

# "Looking to Wireless for Growth, Tech Giants Seek More Spectrum"
Wall Street Journal (12/15/04) P. A1; Squeo, Anne Marie

Technology firms have stepped up lobbying efforts aimed at freeing more 
wireless spectrum, and the Bush administration and Congress are responding. 
Wireless technology is seen as a foundation for a new round of technology 
growth and innovation, but the old way of allocating spectrum has left much of 
that valuable commodity unused; broadcasters are unwilling to give up their 
spectrum rights as they move to digital transmissions, which would require less 
radio space than old analog technology. The Dec. 31, 2006 date for spectrum 


==========> 04-12-13-EWeek-ApplicationsNeedToBeSecureToo.txt==========

http://www.eweek.com/article2/0,1759,1738991,00.asp

An Applications View on Security
December 13, 2004
By  Peter Coffee
E Week

When information warfare experts want to set the proper base line for what's 
"secure," they point out that the only completely protected machine is one 
that's disconnected from the network and preferably turned off. Application 


==========> 04-12-14-ACMUbq-Burke-TheNeedForCybersecurityCivilDefense.txt==========

http://www.acm.org/ubiquity/interviews/v5i40_burke.html

Pete Burke on Cybersecurity and the Law
Source: Ubiquity, Volume 5, Issue 40, December 14 - December 23, 2004
Why the People Need WWII-Type Cybersecurity Drills

Edmund B. (Pete) Burke is an attorney whose special experience is in the areas 
of software and technology law and e-commerce.

UBIQUITY: How did you first get interested in cybersecurity?


==========> 04-12-14-InfoWeek-CybersecuritySlipsAsHomelandSecurityPriority.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=55301866

Cybersecurity Slips As A Homeland Security Priority
The Bush administration has been slow to act on cybersecurity measures at a 
time when the need is increasing, an industry exec says.
By Larry Greenemeier,  InformationWeek
Dec. 14, 2004

Attention to cybersecurity is threatening to slip even further down the Bush 
administration's priorities list as the White House resumes its search for a 


==========> 04-12-17-ChronHighEd-ColleagesFaceRisingCostsForComputerSecurity.txt==========

# "Colleges Face Rising Costs for Computer Security"
Chronicle of Higher Education (12/17/04) Vol. 51, No. 17, P. A1; Foster, Andrea 
L.

A Chronicle of Higher Education survey indicates an increase in information 
security spending levels over the last two years for more than 50 percent of 
U.S. colleges and universities that responded to the poll. Almost all 
respondents reported that their institutions were targeted by worms and viruses 
in the past year: 73 percent reported an acceleration in cyberattacks; 53 
percent said attempts were made in the past year to cripple their campus 


==========> 04-12-20-NetWorld-NetAppsConsortiumNearsReleaseOfSecurityArchitecture.txt==========

http://www.nwfusion.com/news/2004/122004-nac-security.html

User group to reveal model for IS security future
By John Fontana
Network World, 12/20/04

An influential user group is nearing release of a blueprint for a policy-based 
security architecture it hopes will become an industry model for securing 
corporate information systems.



==========> 04-12-20-NYT-Markoff-SecurityFlawFoundInGoogleDesktopSearch.txt==========

http://www.nytimes.com/2004/12/20/technology/20flaw.html

December 20, 2004
Rice University Computer Scientists Find a Flaw in Google's New Desktop Search 
Program
By JOHN MARKOFF
NT Times

SAN FRANCISCO, Dec. 19 - A Rice University computer scientist and two of his 
students have discovered a potentially serious security flaw in the desktop 


==========> 04-12-20-NYT-TrackingTerroristInternetUseDifficult.txt==========

http://www.nytimes.com/2004/12/20/technology/20covert.html?oref=login

December 20, 2004
On the Open Internet, a Web of Dark Alleys
By TOM ZELLER Jr.
NY Times

The indictment early this month of Mark Robert Walker by a federal grand jury 
in Texas might have seemed a coup for the government in its efforts to police 
terrorist communications online. Mr. Walker, a 19-year-old student, is accused, 


==========> 04-12-21-SJMerc-GoogleQuicklyFixesDesktopSearchFlaw.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10466038.htm

Posted on Tue, Dec. 21, 2004
Google quickly fixes desktop-search flaw
BUG COULD'VE ALLOWED HACKERS ACCESS TO FILES ON A USER'S PC
By Dan Lee
Mercury News

Google said Monday that it has fixed a security flaw in its new desktop 
computer search tool that could have allowed attackers to read parts of files 


==========> 04-12-27-PCWorld-2004WasGoodAndBadForSecurity.txt==========

http://www.pcworld.com/news/article/0,aid,119031,00.asp

2004: Good and Bad for Security
From a sharp increase in phishing scams to high-profile arrests, here's what 
made news this year.
Paul Roberts, IDG News Service
Monday, December 27, 2004
PC World

Experts agree: 2004 was the best of times and the worst of times for those 


==========> 04-12-27-TechRep-ITProfesionalsAnIntgralPartOfCybersecurity.txt==========

http://techrepublic.com.com/5100-22_11-5494201.html

IT professionals are an integral part of the national security strategy
Tech Republic
December 27, 2004
Mark Kaelin

Takeaway:
IT professionals are first responders when it comes to potential cyberattacks. 
This chapter from Implementing Homeland Security for Enterprise IT, by Michael 


==========> 04-12-28-InfoWeek-BushUrgedToRampUpCybersecurityEfforts.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=56200702

Bush Urged To Ramp Up Cybersecurity In New Year
Top E-government official envisions IT security as part of every project, but 
critics still want a top cybersecurity official.
By Larry Greenemeier,  InformationWeek
Dec. 28, 2004

The Bush administration plans to address the demands to advance its 
cybersecurity policies in the new year, but some critics question whether the 


==========> 05-01-00-ACMUbiquity-UsersDislikeSlowingSoftwareForSecurity.txt==========

What makes users unhappy: share-point team services web server security
Avi Rushinek, Sara Rushinek
January 2005 	  	
Ubiquity,  Volume 6 Issue 2 

Computer & Internet Security is very important but sometimes it is so confusing 
and frustrating that it makes users very unhappy— to a point where the system 
is so secure that it cannot be used by its most legitimate users, like system 
administrators



==========> 05-01-00-CACM-VirusesAndWormsGetLittleAttentionInCSEducation.txt==========

Inside risks: Not teaching viruses and worms is harmful
George Ledin Jr.
January 2005 	  	
Communications of the ACM,  Volume 48 Issue 1 

Computer security courses are typically of two kinds. Most are of the first 
kind: guided tours to concepts and terminology, descriptive courses that inform 
and acquaint. These courses have few or no prerequisites and little technical 
content. The second kind of computer security courses is taken primarily by 
computer science majors. Usually elective courses, they offer a technical menu, 


==========> 05-01-03-CNETNews-DoomsdayCyberAttackPossible.txt==========

http://news.com.com/Preparing+for+a+doomsday+attack/2008-7348_3-5503100.html

Preparing for a doomsday attack
By Charles Cooper
CNET News
Story last modified Mon Jan 03 04:00:00 PST 2005

The Internet has withstood major assaults to bring the system crashing down, 
but each new cyberattack raises the specter of a doomsday scenario.



==========> 05-01-03-InvestBusDaily-SecurityRemainsInternetTroubleSpot.txt==========

# "Security Issues Linger as Net's Trouble Spot"
Investor's Business Daily (01/03/05) P. A9; Howell, Donna

IT security teams employ stronger defenses against threats, but viruses, spam, 
phishing schemes, and other Internet-borne attacks are growing more dangerous. 
Spam now makes up nine out of 10 email messages compared to just seven out of 
10 messages one year ago, according to FrontBridge Technologies. Firms have 
begun using spam-filtering services instead of spam-filtering software hosted 
on their own servers because such services are updated to new threats faster; 
outsourced spam filtering providers are able to view all their customers' email 


==========> 05-01-05-Waynesville-56PercentOfWirelessNetworksUnprotected.txt==========

http://waynesvilledailyguide.com/articles/2005/01/05/news/local_news/news05.txt

Is your wireless network secure?
Waynesville Daily Guide
Jan. 5, 2005
UMR security interest group says most are not

ROLLA--Wireless networks are spreading into many homes in America; however, 
many of these networks are insecure. A group of students from the University of 
Missouri-Rolla recently conducted an audit of the area's wireless networks to 


==========> 05-01-06-MS-MSOffersFreeVirusAndAntiSpywarePrograms.txt==========

http://www.microsoft.com/athome/security/spyware/software/default.mspx

Microsoft Windows AntiSpyware (Beta): Overview
Published: January 6, 2005
	
Microsoft Windows AntiSpyware (Beta) is a security technology that helps 
protect Windows users from spyware and other potentially unwanted software. 
Known spyware on your PC can be detected and removed. This helps reduce 
negative effects caused by spyware, including slow PC performance, annoying 
pop-up ads, unwanted changes to Internet settings, and unauthorized use of your 


==========> 05-01-06-SJMerc-MSOffersFreeVirusAndAntiSpywarePrograms.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10580406.htm

Posted on Thu, Jan. 06, 2005
Microsoft offers free virus-removal, anti-spyware programs

WASHINGTON (AP) - Microsoft Corp., whose popular Windows software is a frequent 
target for Internet viruses, is offering a free security program to remove the 
most dangerous infections from computers.

The program, with monthly updates, is a step toward plans by Microsoft to sell 


==========> 05-01-09-Clickz-DevastingCyberAttackLikelyWithin10Years.txt==========

http://www.clickz.com/stats/sectors/security/article.php/3456471

Experts: Devastating U.S. Cyber-Attack Within 10 Years
By Rob McGann
January 9, 2005
Clickz

The U.S. will suffer at least one devastating attack to its national 
information network or power grid in the next 10 years. That's what two-thirds 
of expert respondents to a survey conducted by Pew Internet & American Life and 


==========> 05-01-11-NatJTechDaily-ExCybersecurityChiefToFocusOnInternationalEfforts.txt==========

http://www.govexec.com/dailyfed/0105/011105tdpm1.htm

January 11, 2005
Ex-cybersecurity czar focuses on global coordination
By William New, National Journal's Technology Daily

A former White House cybersecurity adviser is working to build an international 
cybersecurity partnership program under contract to the Homeland Security 
Department.



==========> 05-01-11-SecFocus-HackerBreaksIntoT-MobileNetwork.txt==========

http://www.securityfocus.com/news/10271

Hacker penetrates T-Mobile systems
By Kevin Poulsen, SecurityFocus Jan 11 2005 7:43PM

A sophisticated computer hacker had access to servers at wireless giant 
T-Mobile for at least a year, which he used to monitor U.S. Secret Service 
e-mail, obtain customers' passwords and Social Security numbers, and download 
candid photos taken by Sidekick users, including Hollywood celebrities, 
SecurityFocus has learned.


==========> 05-01-12-SJMerc-HackerBreaksIntoT-MobileNetwork.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10633193.htm

Posted on Wed, Jan. 12, 2005
Hacker breaks into T-Mobile network

WASHINGTON (AP) - A hacker broke into a wireless carrier's network over at 
least seven months and read e-mails and personal computer files of hundreds of 
customers, including the Secret Service agent investigating the hacker, the 
government said Wednesday.



==========> 05-01-12-WashPost-AnotherComputerSecurityOfficialQuitsDHS.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A2265-2005Jan11.html

Another Computer Security Official Quits
Critics Say Division Lacks Aggressiveness
By Brian Krebs and Jonathan Krim
Washington Post Staff Writers
Wednesday, January 12, 2005; Page E01

The Homeland Security Department official in charge of protecting the nation's 
physical and computer infrastructure is stepping down at the end of the month 


==========> 05-01-13-InetNews-TorvaldsCriticizesSecurityProblemNotification.txt==========

http://www.internetnews.com/dev-news/article.php/3458961

January 13, 2005
Torvalds Criticizes Security Approaches
By Sean Michael Kerner
Internet News

Linux creator Linus Torvalds had a few things to say this week about the way 
potential security issues are disclosed to fellow open sourcers. And it wasn't 
all good.


==========> 05-01-13-LATimes-HackerBreaksIntoT-MobileNetwork.txt==========

http://www.latimes.com/business/la-fi-hacker13jan13,0,2281077.story?coll=la-home
-headlines

Hacker May Have Infiltrated Cellphone Data
T-Mobile says hundreds of users had voice mail and other personal information 
exposed.
By Joseph Menn
Los Angeles Times Staff Writer
January 13, 2005



==========> 05-01-17-InfoWeek-CyberAttackIncreasinglyUseAutomatedTools.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=57701362

Machine Wars
The battle between good and evil in cyberspace is increasingly fought with 
automated tools
By Thomas Claburn,  InformationWeek
Jan. 17, 2005

Last year, a computer worm that conducts automated reconnaissance appeared; it 
uses the Google Inc. search engine to automatically find Web sites running 


==========> 05-01-24-InfoWeek-WhatIsUSFederalRoleInCybersecurity.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=57702607&tid=13
692

Federal Role In Ensuring Cybersecurity Isn't Clear
By Larry Greenemeier,  InformationWeek
Jan. 24, 2005

Over the next four years, much work needs to be done to shore up cybersecurity 
for the nation's energy utilities, manufacturing and transportation facilities, 
telecommunication and data networks, and financial-services firms. Together, 


==========> 05-01-26-CNETNews-USBattleToSecureCyberspace.txt==========

http://news.com.com/The+United+States+battle+to+secure+cyberspace/2008-1082_3-55
50064.html

The United States' battle to secure cyberspace
By Robert Lemos
CNET News
Story last modified Wed Jan 26 04:00:00 PST 2005

Robert Liscouski doesn't hesitate to explain why he's leaving the Department of 
Homeland Security: He pledged two years, and time's up.


==========> 05-01-26-SecPipe-FormerDHSCybersecurityChiefInterview.txt==========

http://www.securitypipeline.com/57702552

 January 26, 2005
Q&A with Amit Yoran
A Secure Enterprise Interview
By David Joachim 	Secure Enterprise

SE: Why did you leave the Department of Homeland Security?

AY: The agreement I had was to come on board at this early stage to create the 


==========> 05-01-27-BetaNews-BagleWormAnniversaryBringsNewVariants.txt==========

http://www.betanews.com/article/Bagle_Worm_Returns_for_Anniversary/1106865364

Bagle Worm Returns for Anniversary
By David Worthington, BetaNews
January 27, 2005, 5:36 PM

Virus writers have marked the one-year anniversary of the Bagle mass-mailing 
worm with an unwelcome surprise: new variants. Bagle's return has prompted 
leading antivirus vendors to issue advisories warning of the worm's spread 
classifying the worm as a "medium" risk.


==========> 05-01-27-CompResNews-WindowsMySQLWormExploitsPoorPasswords.txt==========

http://www.crn.com/sections/breakingnews/dailyarchives.jhtml?articleId=59100379

MySQL Malware Just Wants To Chat
By Linux Pipeline Staff
4:40 PM EST Thu. Jan. 27, 2005

Security experts are tracking a new malware variant, targeting the MySQL 
open-source database, which has likely infected thousands of Windows systems.

According to a report posted on the SANS Institute's Internet Storm Center site 


==========> 05-01-27-InetNews-MoreFlawsDiscoveredInCiscoIOS.txt==========

http://www.internetnews.com/security/article.php/3465131

January 27, 2005
Multiple Flaws Hound Cisco
By Sean Michael Kerner
Internet News

A week after Cisco reported a vulnerability in its Internetwork Operating 
System (IOS) Software Embedded Call Processing Solutions, the company has, 
thrice again, been hit.


==========> 05-01-27-NetWorld-MoreFlawsDiscoveredInCiscoIOS.txt==========

http://www.nwfusion.com/news/2005/0127ios.html?fsrc=netflash-rss

Three more flaws discovered in Cisco IOS
By Phil Hochmuth
Network World Fusion, 01/27/05

Cisco this week warned of several vulnerabilities in its IOS software that 
could be used by attackers to bring down routers in enterprise and service 
provider networks.



==========> 05-01-28-NewsFact-BagleWormAnniversaryBringsNewVariants.txt==========

http://www.newsfactor.com/perl/story/30066.html

New Bagle Worms Reported
By Elizabeth Millard
NewsFactor Network
January 28, 2005 10:55AM

Two new variants of the Bagle worm are spreading through e-mail and 
peer-to-peer networks, according to security experts. Bagle.AX and Bagle.AY are 
the 50th and 51st variants of the worm that first appeared just one year ago.


==========> 05-01-28-NewsFact-WindowsMySQLWormExploitsPoorPasswords.txt==========

http://www.newsfactor.com/entsec/story.xhtml?story_title=Poor-Passwords-Exploite
d-by-MySQL-Bot&story_id=30078&category=entsec

Poor Passwords Exploited by MySQL Bot
By Erika Morphy
Enterprise Security Today
January 28, 2005 1:01PM

Poorly chosen, weak passwords leave systems vulnerable to a new worm called 
"MySQL bot." The malware targets Windows systems running the MySQL open-source 


==========> 05-01-30-NYT-JohnsHokinsResearchersCrackTICarKeyCode.txt==========

http://www.nytimes.com/aponline/science/AP-Car-Security-Cracked.html?oref=login

January 30, 2005
Researchers Claim to Crack Car Key Code
By THE ASSOCIATED PRESS
New York Times
Filed at 7:28 p.m. ET

BALTIMORE (AP) -- Researchers said they have found a way to crack the code used 
in millions of car keys, a development they said could allow thieves to bypass 


==========> 05-01-31-USACM-PITACApprovesReportOnFederalCybersecurityRandD.txt==========

===================================================
ACM Washington Update, Vol. 9.1 (January 31, 2005)
===================================================

[4] PITAC APPROVES REPORT ON FEDERAL CYBERSECURITY R&D

The President's Information Technology Advisory Committee (PITAC) --
whose membership includes USACM Chair Eugene Spafford and ACM President
David Patterson -- held a meeting in January during which committee
members approved a report by their Subcommittee on Cyber Security.


==========> 05-01-31-USACM-WhiteHouseNamesNewHomelandSecurityDirector.txt==========

===================================================
ACM Washington Update, Vol. 9.1 (January 31, 2005)
===================================================

[5] WHITE HOUSE NAMES NEW HOMELAND SECURITY DIRECTOR

The White House has chosen Michael Chertoff, a Federal appeals court
judge, to be secretary of the Department of Homeland Security.  Chertoff
was a key figure in the United States' legal response to the terrorist
attacks of September 11, 2001, in the Justice Department's criminal


==========> 05-02-00-TechRev-TerroristsCouldUseCyberAttacks.txt==========

http://www.technologyreview.com/articles/05/02/issue/feature_terror.asp

Terror’s Server
By David Talbot Febuary 2005
Technology Review

Richard A. Clarke spent 11 years in senior policymaking positions at the White 
House, advising presidents on matters of counterterrorism and cyber security. 
When the Sept. 11 attacks took place he was the counterterrorism adviser to the 
National Security Council. He now heads Good Harbor Consulting. Clarke recently 


==========> 05-02-01-EWeek-PHPConsortiumTacklesApplicationSecurity.txt==========

http://www.eweek.com/article2/0,1759,1758408,00.asp

PHP Consortium Tackles Third-Party Application Security
February 1, 2005
By  Ryan Naraine
eWeek

Worried that the credibility of the PHP scripting language is being hurt by 
high-profile security flaws in third-party applications, an international group 
of coding experts is taking matters into their own hands.


==========> 05-02-07-WashTimes-NewDHSChiefFacesDilemma.txt==========

http://www.washtimes.com/upi-breaking/20050206-080323-6669r.htm

Analysis: New DHS pick faces cyber dilemma
By Shaun Waterman
Washington Times
UPI Homeland and National Security Editor

Washington, DC, Feb. 7 (UPI) -- It looks almost certain that former federal 
prosecutor Michael Chertoff will be confirmed as Homeland Security secretary, 
and one of the first items in his in-tray will be how to deal with the question 


==========> 05-02-07-Wired-SecurityRisksFoundInVoIPProtocols.txt==========

http://wired.com/news/technology/0,1282,66512,00.html

Hold the Phone, VOIP Isn't Safe 
By Elizabeth Biddlecombe
Wired
02:00 AM Feb. 07, 2005 PT

In recognition of the fact that new technologies are just as valuable to 
wrongdoers as to those in the right, a new industry group has formed to look at 
the security threats inherent in voice over internet protocol.


==========> 05-02-09-SecFocus-AntiVirusSoftwareDoesNotCheckAllFileTypes.txt==========

http://www.securityfocus.com/columnists/298

Unexpected Attack Vectors
Security Focus
By Scott Granneman Feb 09 2005 02:33PM PT

Back in 1882, Los Angeles was a rough, dry town of 12,000 people that had been 
an incorporated municipality for a little over 3 decades. 1882 also saw the 
introduction of telephone service and electric streetlights. At the time there 
were several newspapers in town, including the Los Angeles Tribune and the Los 


==========> 05-02-10-eWeek-VirusAttacksMSAntiSpywareSystem.txt==========

http://www.eweek.com/article2/0,1759,1763560,00.asp

Trojan Targets Microsoft's AntiSpyware Beta
By Matthew Broersma
February 10, 2005 	
eWeek

Malicious programmers are already sharpening their claws on Microsoft Corp.'s 
anti-spyware software, even before the application's official release. 
ADVERTISEMENT


==========> 05-02-10-InfoWeek-MSSaysItsMakingProgressOnSecurity.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=60300220

Microsoft's Security Chief Says Windows Safer Than Linux
Microsoft's top security honcho insists that Microsoft "is making progress on 
security using any reasonable metric."
By Gregg Keizer,  TechWeb News
Feb. 10, 2005

Microsoft's top security honcho insisted Thursday that Microsoft "is making 
progress on security using any reasonable metric."


==========> 05-02-10-Newsweek-RadicalIslamicWebsiteCallForCyberTerror.txt==========

http://www.msnbc.msn.com/id/6940849/site/newsweek/

Virtual Jihad
Radical Islamic Web sites are encouraging their supporters to wage holy war 
online. Their exhortations underscore U.S. vulnerability to cyberterror
WEB EXCLUSIVE
By Michael Isikoff  and  Mark Hosenball
Newsweek
Updated: 12:40 p.m. ET Feb. 10, 2005



==========> 05-02-10-SJMerc-VirusAttacksMSAntiSpywareSystem.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10869199.htm

Posted on Thu, Feb. 10, 2005
Microsoft investigating attack on anti-spyware system
San Jose Mercury News

REDMOND, Wash. (AP) - Microsoft Corp. is investigating a malicious program that 
attempts to turn off the company's newly released anti-spyware software for 
Windows computers.



==========> 05-02-11-CNETNews-SmartAppliancesCouldBecomeVirusVictums.txt==========

http://news.com.com/Is+your+TV+virus-proof/2100-7349_3-5571752.html

Is your TV virus-proof?
By Robert Lemos
Story last modified Fri Feb 11 04:00:00 PST 2005

The kitchen has long been considered a breeding ground for germs, but you 
probably don't expect your toaster to infect your cell phone.

A variety of consumer products--from smart phones to digital theater boxes, and 


==========> 05-02-12-SJMerc-LookForAttacksFromOnlineValentines.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10884203.htm

Posted on Sat, Feb. 12, 2005
BUT BE CAREFUL
By Dan Lee
Mercury News

Looking for love in unexpected places?

Watch out for online valentines. Instead of a sweet deal, your computer could 


==========> 05-02-13-SJMerc-CEOsToDiscussSecurityAtRSAConference.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10893359.htm

Posted on Sun, Feb. 13, 2005
Gates, CEOs to stress computer security at S.F. conference
By Dan Lee
Mercury News

Microsoft Chairman Bill Gates is coming to San Francisco to take on hackers and 
spammers -- and skeptics of his company's ability to defend its software 
against an onslaught of Internet attacks.


==========> 05-02-14-CNETNews-NewSecurityProductsToBeAnnouncedAtRSAConference.txt==========

http://news.com.com/Security+show+tackles+online+threats/2100-7355_3-5574790.htm
l?tag=nefd.top

Security show tackles online threats
By Dawn Kawamoto
CNET News
Story last modified Mon Feb 14 04:00:00 PST 2005

The security industry, which is in the business of paranoia, will be looking 
over its shoulders more frequently at the annual RSA Security Conference this 


==========> 05-02-14-CNETNews-TechniqueForSecureIdentificationOfIMUsers.txt==========

http://news.com.com/Making+your+IM+secure--and+deniable/2100-7355_3-5576246.html

Making your IM secure--and deniable
By Robert Lemos
Story last modified Mon Feb 14 17:05:00 PST 2005

SAN FRANCISCO--When you hit the Send button on an instant message, do you 
really know who is on the other end?

Two researchers at the University of California at Berkeley have created an 


==========> 05-02-14-NetWorld-NewSecurityProductsToBeAnnouncedAtRSAConference.txt==========

http://www.nwfusion.com/news/2005/0214rsasecprod.html?fsrc=netflash-rss

Drumbeat of security products to roll across RSA Conference
By Ellen Messmer
Network World Fusion, 02/14/05

The RSA Conference 2005 this week will be a showcase for product rollouts from 
established vendors and start-ups, with RSA Security, the show’s organizer, 
grabbing the spotlight to announce its authentication server will be offered in 
appliance form for the first time.


==========> 05-02-14-RSA-RSAConference.txt==========

http://2005.rsaconference.com/us/

Feb. 14, 2005
The RSA® Conference, the most prestigious information security event of the 
year, is also the most authoritative source for uncovering new ways to thwart 
cyber-criminals trying to smuggle themselves into today's businesses. As such, 
it is a "must attend" event for organizations that deploy, develop or 
investigate data security or cryptography products.




==========> 05-02-15-CNETNews-MSToReleaseNewVersionOfIEToFixSecurityProblems.txt==========

http://news.com.com/Reversal+Next+IE+divorced+from+new+Windows/2100-1032_3-55772
63.html?tag=nefd.top

Reversal: Next IE update divorced from Windows
By Paul Festa
Story last modified Tue Feb 15 12:46:00 PST 2005

SAN FRANCISCO--Reversing a longstanding Microsoft policy, Bill Gates said 
Tuesday that the company will ship an update to its browser separately from the 
next major version of Windows.


==========> 05-02-15-CNETNews-SymantecDefendsSWAgainstMSAntiVirusSW.txt==========

http://news.com.com/Symantec+Whos+afraid+of+Microsoft/2100-7355_3-5577989.html?t
ag=nefd.top

Symantec: Who's afraid of Microsoft?
By Dawn Kawamoto
CNET News
Story last modified Tue Feb 15 17:03:00 PST 2005

SAN FRANCISCO--Symantec outlined plans on Tuesday to defend its large consumer 
security business, as Microsoft detailed its push to enter the anti-spyware and 


==========> 05-02-15-MS-BillGatesRSAKeynoteOnSecurity.txt==========

http://channels.microsoft.com/billgates/speeches/2005/02-15RSA05.asp

Remarks by Bill Gates, Chairman and Chief Software Architect, Microsoft 
Corporation
RSA Conference 2005: "Security: Raising the Bar"
San Francisco, California
February15, 2005

View Bill Gates' Keynote



==========> 05-02-15-SJMerc-CiscoAnnouncesNewSecurityProducts.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10904927.htm

Posted on Tue, Feb. 15, 2005
Cisco unveils security offerings
SAN JOSE COMPANY 'PLUGGING KEY TECHNOLOGY HOLES,' ANALYST SAYS
By Dan Lee
Mercury News

Cisco Systems today is unveiling nine new software and hardware products, and 
upgrades to protect corporate computer networks from hackers and other Internet 


==========> 05-02-16-CNETNews-SoftwareFirmsFaultCollegeSecurityEducation.txt==========

http://news.com.com/Software+firms+fault+colleges+security+education/2100-1002_3
-5579014.html

Software firms fault colleges' security education
CNET News
By Robert Lemos
Story last modified Wed Feb 16 08:57:00 PST 2005

SAN FRANCISCO--Software companies are taking colleges to task for not producing 
computer science graduates who know how to create secure programs.


==========> 05-02-16-SJMerc-USAgenciesGetDPlusOnSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10915463.htm

Posted on Wed, Feb. 16, 2005
U.S. agencies earn D-plus on computer security
Mercury News

WASHINGTON (AP) - The overall security of computer systems inside the largest 
U.S. government agencies improved marginally since last year but still merits 
only a D-plus on the latest progress report from Congress.



==========> 05-02-17-InfoWorld-MSResearchersWarnOfRootkitMonitoringPrograms.txt==========

http://www.infoworld.com/article/05/02/17/HNrootkits_1.html

Microsoft on 'rootkits': Be afraid. Be very afraid.
New generation of system monitoring programs are almost impossible to detect
By  Paul  Roberts, IDG News Service
February 17, 2005

Microsoft (Profile, Products, Articles) security researchers are warning about 
a new generation of powerful system monitoring programs, or "rootkits," that 
are almost impossible to detect using current security products and that could 


==========> 05-02-17-NewsFact-NewMydoomMutantIsOut.txt==========

http://www.newsfactor.com/perl/story/30538.html

NewsFactor Top Tech News 	
Latest Mydoom Mutant in the Wild
February 17, 2005 10:57AM

Mydoom.bb is similar to previous variants with a mass-mailing worm constructing 
messages using its own SMTP engine. It contains a peer-to-peer propagation 
routine and may be an .EXE file. In common with other mutants, it also 
downloads the BackDoor-CEB.f Trojan and spoofs the "from" address.


==========> 05-02-17-SeattlePI-ClarkeCriticizesMSOverSecurityIssues.txt==========

http://seattlepi.nwsource.com/business/212437_rsaclarke17.html

Thursday, February 17, 2005
Clarke rips Microsoft over security
Former White House adviser alludes to its vulnerabilities
By TODD BISHOP
SEATTLE POST-INTELLIGENCER REPORTER

SAN FRANCISCO -- Don't expect Richard Clarke to rely on Microsoft Corp.'s 
anti-virus or anti-spyware programs to protect his own computer.


==========> 05-02-17-SJMerc-ClarkeSaysUSFailsToDealWithCybersecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10924235.htm

Posted on Thu, Feb. 17, 2005
U.S. fails to deal with threat of cyberattack, expert says
IT'S NOT PRIORITY, CONFERENCE TOLD
By Dan Lee
Mercury News

The U.S. government should heed warning signs of a large-scale electronic 
attack against the nation's computer systems, said Richard Clarke, the former 


==========> 05-02-17-Wired-RSAPanel-IssuesOfCybersecurityOversight.txt==========

http://www.wired.com/news/privacy/0,1848,66632,00.html?tw=wn_tophead_1

The Fight Over Cyber Oversight 
By Kim Zetter
Wired
02:00 AM Feb. 17, 2005 PT

SAN FRANCISCO -- A recent security breach at data aggregator ChoicePoint was 
the topic of conversation Wednesday during a discussion about government 
regulation and corporate liability at the RSA Conference on security in San 


==========> 05-02-18-InfoWorld-CallForEndToInfoSharingAndAnalysisCenters.txt==========

http://www.infoworld.com/article/05/02/18/HNsecurity911_1.html?SECURITY%2520MANA
GEMENT

9-11 commissioner calls for end to ISACs
Centers lack funding and organization to be effective, Jamie Gorelick says
By Paul Roberts, IDG News Service
February 18, 2005
InfoWorld

SAN FRANCISCO - The U.S. government’s policy of relying on voluntary, 


==========> 05-02-18-ZDNet-FirefoxCommunityPredictsContinuedGrowth.txt==========

http://news.zdnet.co.uk/internet/0,39020369,39188074,00.htm

Firefox community weighs up IE 7 threat
Ingrid Marson
ZDNet UK
February 16, 2005, 16:15 GMT
	
One Firefox contributor thinks the browser could grab a 25 percent market share 
before IE 7 even launches



==========> 05-02-21-NewSci-CVSS-CommonVulnerabiltiyScoringSystemAnnounced.txt==========

http://www.newscientist.com/article.ns?id=dn7040

Computer vulnerabilities given unified rating system
    * 14:42 21 February 2005
    * NewScientist.com news service
    * Celeste Biever

A consortium of software and security companies has come up with the first 
unified language for rating the vulnerabilities that plague computer operating 
systems, opening them to attack from viruses and hackers. The system will 


==========> 05-02-22-SJMerc-MSDecidesToSellVirusProtectionSoftware.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10961452.htm

Posted on Tue, Feb. 22, 2005
Microsoft in quandary over virus security
ALLISON LINN
Associated Press

SEATTLE - If Microsoft Corp. doesn't do more to stem Internet attacks, the 
company risks further alienating customers unhappy with the multitude of 
threats already facing its ubiquitous software. Sell its own security products, 


==========> 05-02-23-CNETNews-AlternativesToPasswordsShownAtRSAConf.txt==========

http://news.com.com/Finding+a+replacement+for+passwords/2100-1029_3-5586249.html

Finding a replacement for passwords
By Ina Fried
Story last modified Wed Feb 23 04:00:00 PST 2005
CNET News

As online scams get more sophisticated, passwords are becoming hopelessly 
outmoded--as passe as floppy disks.



==========> 05-02-24-SJMerc-JapaneseGovernmentComputersSufferDoSAttack.txt==========

http://www.siliconvalley.com/mld/siliconvalley/10980656.htm

Posted on Thu, Feb. 24, 2005
Japanese government computers hit by denial-of-service attacks
Mercury News

TOKYO (AP) - A series of cyber attacks disrupted Japanese government computer 
networks this week, although no damage was reported, Japan's top government 
spokesman said Thursday.



==========> 05-02-24-SpoBusJ-EasternWashUnivProfTeachesCybersecurity.txt==========

http://www.spokanejournal.com/spokane_id=article&sub=2275

The issue dated February 24, 2005 
Thwarting ‘evil geniuses’
Spokane Journal of Business
Entrepreneur-professor teaches students to stop hackers, viruses, has lessons 
for all
By  Paul Read

Access the Internet using an unprotected personal computer and a hacker will be 


==========> 05-03-00-GovtSecMag-NewUSCybersecurityChiefDiscussesAgenda.txt==========

http://www.gsnmagazine.com/mar_05/1_on_1.html

1 on 1 with Andy Purdy, Acting Director of the National Cyber Security Division 
of DHS
Government Security News, March 2005

INTRO:
 
The sudden departure last September of Amit Yoran, as the Bush Administration’s 
“cyber czar,” brought a new face to the top post at the National Cyber Security 


==========> 05-03-00-TechRev-TheFutureOfHacking.txt==========

http://www.technologyreview.com/articles/05/03/issue/review_hack.asp

Hack License
Simson Garfinkel March 2005
Tech Review

As cultural critic and New School University professor McKenzie Wark sees 
things, todays battles over copyrights, trademarks, and patents are simply the 
next phase in the age-old battle between the productive classes and the ruling 
classes that strive to turn those producers into subjects. But whereas Marx and 


==========> 05-03-01-NewSci-IPodEnthusiastsFindWayToInstallLinux.txt==========

http://www.newscientist.com/article.ns?id=dn7085

 iPod 'squeaks' betray software secrets
    * 16:51 01 March 2005
    * NewScientist.com news service
    * Will Knight

Computer enthusiasts have worked out how to reprogram Apple's iPod music player 
with their own code using an ingenious acoustic trick.



==========> 05-03-02-PCWorld-InformationTheftFromChoicePointRaisesQuestions.txt==========

http://www.pcworld.com/news/article/0,aid,119840,00.asp

Policing the Information Brokers
The high-profile theft of personal information from ChoicePoint raises 
questions about how information brokers do their business.
Anush Yegyazarian, PC World
Wednesday, March 02, 2005

If knowledge is power, and money is power, then knowledge is also money. Though 
that particular bit of associative logic might not hold up to rigorous 


==========> 05-03-03-SJMerc-HackerBreaksIntoBusinessSchoolsAdmissionsData.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11044063.htm

Posted on Thu, Mar. 03, 2005
Hacker helps business school applicants get early decision
Mercury News

BOSTON (AP) - A computer hacker gained access to internal admissions records at 
Harvard, Stanford and other top business schools, then helped applicants log on 
and learn their fate weeks ahead of schedule, officials said Thursday.



==========> 05-03-07-CompWorld-ITTheats-SecurityAndProductQuality.txt==========

http://www.computerworld.com/managementtopics/management/story/0,10801,100176,00
.html

The Dark Side — Looming Threats for the Future of IT
The future may hold bad software, ever-more-dangerous security threats and a 
host of other causes for concern, say our panelists.
News Story by Gary H. Anthes
	
MARCH 07, 2005 (COMPUTERWORLD) - Our panel finds plenty to worry about, from 
the sometimes deplorable quality of commercial software to cybercrimes and an 


==========> 05-03-07-TorontoStar-QuatumCryptographyCouldProvideGreaterDecurity.txt==========

http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_T
ype1&call_pageid=971358637177&c=Article&cid=1110150624491

Mar. 7, 2005. 01:00 AM
A quantum leap for computer security
Powerful chips perversely make hacking easier 
Here's a system that, for now, is said to make it impossible
Toronto Star
M. COREY GOLDMAN



==========> 05-03-08-SJMerc-HarvardRejectsApplicantsWhoAccessedAdmissionsData.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11082291.htm

Posted on Tue, Mar. 08, 2005
Harvard rejects applicants who peeked into admissions computer
Mercury News

BOSTON (AP) - Harvard Business School will reject 119 applicants who followed a 
hacker's instructions and peeked into the school's admission site to see if 
they had been accepted, the school's dean said.



==========> 05-03-09-SJMerc-HarvardRejectsApplicantsWhoAccessedAdmissionsData.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11087686.htm

Posted on Wed, Mar. 09, 2005
Curious business school applicants get costly lesson
Mercury News

BOSTON (AP) - His decision came late at night, with his laptop propped in front 
of him in bed. Instructions on a Web site promised business school applicants 
like him an early online peek at whether they'd been accepted. Intrigued, he 
began typing.


==========> 05-03-09-SJMerc-LexisNexisReportsPersonalRecordsAccessed.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11090522.htm

Posted on Wed, Mar. 09, 2005
Data broker reports breach; 32,000 personal records vulnerable
Mercury News

LONDON (AP) - Information on 32,000 U.S. citizens may have been accessed from 
one of its databases, publisher and data broker Reed Elsevier Group PLC said on 
Wednesday.



==========> 05-03-09-WashPost-LexisNexisReportsPersonalRecordsAccessed.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A19982-2005Mar9.html

LexisNexis Reports Theft of Personal Data
By Jonathan Krim and Robert O'Harrow, Jr.
Washington Post Staff Writers
Wednesday, March 9, 2005; 11:08 AM

Identity thieves have compromised another company that collects and sells 
personal information on millions of U.S. consumers, the latest in a series of 
breaches that is throwing a spotlight on the practices and safeguards of a 


==========> 05-03-11-CompWorld-Experts-TechnologyWillStopPhishing.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,100341,00.htm
l

Experts look to digital IDs to boost Net security
Identity theft is eroding trust in the Internet, security experts say
Computer World
News Story by Scarlet Pruitt
	
MARCH 11, 2005 (IDG NEWS SERVICE) - Rampant identity theft is eroding users' 
trust in the Internet and could threaten to erase some of the progress 


==========> 05-03-11-SJMerc-MSBetaPatchTestingRaisesSecurityConcerns.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11114948.htm

Posted on Fri, Mar. 11, 2005
Microsoft use of patch beta testers raises concerns
Mercury News

WASHINGTON (AP) - Microsoft Corp. is giving early versions of its software 
security patches to the U.S. Air Force and other organizations, a practice some 
experts fear could give rogue hackers important details about how to break into 
unprotected computers on a massive scale.


==========> 05-03-11-WashPost-HackersTargerUSPowerGrid.txt==========

http://www.washingtonpost.com/wp-dyn/articles/A25738-2005Mar10.html

Hackers Target U.S. Power Grid
Government Quietly Warns Utilities To Beef Up Their Computer Security
By Justin Blum
Washington Post Staff Writer
Friday, March 11, 2005; Page E01

Hundreds of times a day, hackers try to slip past cyber-security into the 
computer network of Constellation Energy Group Inc., a Baltimore power company 


==========> 05-03-13-SJMerc-FutureVirusesMightInfectAutoElectronics.txt==========

http://www.nytimes.com/2005/03/13/automobiles/13AUTO.html?

March 13, 2005
Can a Virus Hitch a Ride in Your Car?
By TOM ZELLER Jr. and NORMAN MAYERSOHN
New York Times

A VIRUS can wreak havoc on computer files, hard drives and networks, but its 
malicious effects tend to be measured in wasted time, lost sales and the 
occasional unfinished novel that evaporates into the digital ozone. But what if 


==========> 05-03-14-CNETNews-CompromisedComputersThreatenInternet.txt==========

http://news.com.com/Zombie+PCs+being+sent+to+steal+IDs/2100-7349_3-5616202.htmlZ
ombie PCs being sent to steal IDs

Zombie PCs being sent to steal IDs
By Robert Lemosl
CNET News
Story last modified Mon Mar 14 13:31:00 PST 2005

Bot nets, collections of compromised computers controlled by a single person or 
group, have become more pervasive and increasingly focused on identity theft 


==========> 05-03-14-Forbes-ComputersCreateManyProblems.txt==========

http://www.forbes.com/business/global/2005/0314/042.html

Our Frankenputer
Forbes
Philip E. Ross, 03.14.05

Hostile programs bend our computers to their own purposes because we designed 
them that way. Time for some new ideas.
You know it's bad when a virus starts talking to you with a Turkish accent.



==========> 05-03-15-CIOMag-SeveralApproachedToBetterInternetSecurity.txt==========

http://www.cio.com/archive/031505/security.html

How To Save The Internet
Computing on the Net is heading for a fall because security is a joke. So we 
summoned the best minds to see if we could put Humpty back together again.
BY SCOTT BERINATO
CIO Magazine
March 15, 2005

Professor Hannu H. Kari of the Helsinki University of Technology is a smart 


==========> 05-03-15-CompWorld-Schneier-TechnologyWillNotStopPhishing.txt==========

http://www.computerworld.com.au/index.php/id;982907241;fp;16;fpid;0

Schneier: secure tokens won't stop phishing
Computer World
Paul Roberts, IDG News Service
15/03/2005 09:13:06

Technology isn't going to protect e-commerce customers -- stronger government 
regulation is what will get the attention of online banks and merchants, 
forcing them to stop being casual about security, said Bruce Schneier, founder 


==========> 05-03-16-CircleID-Auerback-CertifyDevicesThatAttachComputersToInternet.txt==========

http://www.circleid.com/article/975_0_1_0_C/

Protecting the Internet: Certified Attachments and Reverse Firewalls?
By: Karl Auerbach
From CircleID Security
March 16, 2005

In many respects the internet is going to hell in a hand basket.

Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make 


==========> 05-03-18-GlobeAndMail-RSAConference-TheFutureOfSecurity.txt==========

http://www.theglobeandmail.com/servlet/story/RTGAM.20050311.gtkirwanmar11/BNStor
y/einsider/

Decrypting the future of security
By MARY KIRWAN
Friday, March 18, 2005 Updated at 8:46 AM EST
Special to Globe and Mail Update

Mary Kirwan is a lawyer on three continents, a writer and IT security expert. 
She is currently completing a book on IT security for industry, for broad 


==========> 05-03-18-GlobeAndMail-TheFutureOfITSecurity.txt==========

http://www.theglobeandmail.com/servlet/story/RTGAM.20050311.gtkirwanmar11/BNStor
y/einsider/

Decrypting the future of security
By MARY KIRWAN
Friday, March 18, 2005 Updated at 8:46 AM EST
Special to Globe and Mail Update

Mary Kirwan is a lawyer on three continents, a writer and IT security expert. 
She is currently completing a book on IT security for industry, for broad 


==========> 05-03-18-PITAC-Report-CyberSecurity-ACrisisOfPrioritization.txt==========


For Immediate Release                       
Contact:  Alan S. Inouye
March 18, 2005
inouye@nitrd.gov
MEDIA ADVISORY
(703) 292-4540

PRESIDENT'S INFORMATION TECHNOLOGY ADVISORY COMMITTEE
RELEASES NEW REPORT


==========> 05-03-19-NYT-PITACReport-CyberSecurity-ACrisisOfPrioritization.txt==========

http://www.nytimes.com/2005/03/19/technology/19computer.html?

March 19, 2005
Study Criticizes Government on Cybersecurity Research
By JOHN MARKOFF
NY Times

SAN FRANCISCO, March 18 - A report released Friday by a panel of computer 
experts criticizes the federal government, saying that its financing of 
research on computer network security is inadequate and that it is making a 


==========> 05-03-19-NYT-WiFiAllowsCriminalsToCoverTheirTracks.txt==========

http://www.nytimes.com/2005/03/19/technology/19wifi.html

March 19, 2005
Growth of Wireless Internet Opens New Path for Thieves
By SETH SCHIESEL
NY Times

The spread of the wireless data technology known as Wi-Fi has reshaped the way 
millions of Americans go online, letting them tap into high-speed Internet 
connections effortlessly at home and in many public places.


==========> 05-03-21-CompWorld-NewSecuritySystemsDetectBeforeDmageIsdone.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,100475,00.htm
l

Supersmart Security
Fresh from the lab, these intelligent security systems are designed to 
recognize new threats and limit damage.
News Story by Gary H. Anthes
	
MARCH 21, 2005 (COMPUTERWORLD) - For some time, we have been losing the battle 
against those who would damage our computer systems. That's because computers 


==========> 05-03-21-NetWorld-NewRandDApproachesToSecurity.txt==========

http://www.nwfusion.com/supp/2005/ndc2/032105labs.html

Security counterattack
Four experts share the latest research-and-development news.
By Sandra Gittlen
Network World, 03/21/05
	
If you think re-architecting your IT infrastructure with new data center 
technologies will help protect your company over the next decade - think again. 
Experts at academic and vendor research labs around the country agree the move 


==========> 05-03-22-CompWorld-SHA-1FlawNotSeenAsRiskToOneTimePasswords.txt==========

http://www.computerworld.com/softwaretopics/software/story/0,10801,100554,00.htm
l

SHA-1 flaw seen as no risk to one-time password proposal
The vulnerability in the SHA-1 one-way hash function rocked the cryptographic 
world
News Story by Mark Willoughby

MARCH 22, 2005 (COMPUTERWORLD) - The vulnerability in the SHA-1 one-way hash 
function, which recently rocked the cryptographic world, is not seen as a 


==========> 05-03-22-Scotsman-UKSuspectsTerroristCyberAttack.txt==========

http://news.scotsman.com/uk.cfm?id=305582005

Tue 22 Mar 2005
Sensitive intelligence and military systems are closed to the outside world, 
but the authorities fear electronic attacks on the more exposed networks of the 
‘critical national infrastructure’. Air traffic control centres, like the one 
pictured, could be targeted by cyber-terrorists.
JAMES KIRKUP
POLITICAL CORRESPONDENT
The Scotsman


==========> 05-03-22-SJMerc-PersonalDataStolenFromCalStateChicoComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11201604.htm

Posted on Tue, Mar. 22, 2005
Hackers gain personal data on 59,000 from university system
Mercury News

CHICO, Calif. (AP) - Hackers gained personal information of 59,000 people 
affiliated with a California university -- the latest in a string of 
high-profile cases of identity theft.



==========> 05-03-23-CNETNews-InstantMessagingVulnerable.txt==========

http://news.com.com/Does+IM+stand+for+insecure+messaging/2100-7349_3-5629037.htm
l

Does IM stand for insecure messaging?
By Matt Hines
Story last modified Wed Mar 23 11:51:00 PST 2005
CNET News

When Jimmy Kuo gave his 13-year-old daughter permission to begin using America 
Online's AIM Express, he warned her that if she managed to download any 


==========> 05-03-23-NewSci-SymantecSaysFirefox-Linux-MacOSAreVulnerable.txt==========

http://www.newscientist.com/article.ns?id=dn7192

War of words over operating systems' safety
19:00 23 March 2005
NewScientist.com news service
Celeste Biever

Doubts were cast this week over the security of three major software systems 
formerly regarded as safe havens from hacker attacks and viruses.



==========> 05-03-23-SJMerc-Counterpane-BruceSchneier.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11209523.htm

Posted on Wed, Mar. 23, 2005
The cryptography guru
FOUNDER OF INTERNET SECURITY FIRM INSPIRES REACTION: `WE TRUST BRUCE'
By Dan Lee
Mercury News

Bruce Schneier, founder and chief technical officer of Counterpane Internet 
Security, might be as close as the computer security industry gets to its own 


==========> 05-03-25-FedCompWeek-Report-CybersecurityRegulationsDifficultToDefine.txt==========

http://www.fcw.com/article88407-03-25-05-Web

Report: Cybersecurity regs would be tricky
"Group sees security weaknesses" [FCW.com, March 21, 2005]
BY Florence Olsen
Published on Mar. 25, 2005
Federal Computer Week

More Related Links



==========> 05-03-26-NewSci-GermanHoneypotFindsBotsThatTakeControlOfPCs.txt==========

# "On the Trail of the Zombie PCs"
New Scientist (03/26/05); Biever, Celeste

Programmers participating in The German Honeynet Project are detailing their 
attempts to track down and monitor malicious "bots" used to turn vulnerable PCs 
into "zombie" computers that hackers use to coordinate exploits ranging from 
identity theft to spamming to disruption of online businesses. The German 
computer experts last week published their first paper describing their efforts 
to counter the menace using an army of bogus zombie computers to infiltrate 
chat rooms and networks habited by zombie machines and their controllers. A 


==========> 05-03-28-CompWorld-CMULabSeeksToAdvanceITSecurityAndReliability.txt==========

http://www.computerworld.com/softwaretopics/software/story/0,10801,100626,00.htm
l

Carnegie Mellon unit looks to advance IT security, reliability
CyLab exec says more-resilient systems are a goal
Q&A by Patrick Thibodeau
	
MARCH 28, 2005 (COMPUTERWORLD) - Three years ago, Carnegie Mellon University 
and a group of 18 IT vendors and users, including FedEx Corp., Microsoft Corp., 
NASA, Oracle Corp. and Pfizer Inc., formed the Sustainable Computing Consortium 


==========> 05-03-29--CFChron-StolenUCBLaptopExposesPersonalData.txt==========

http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2005/03/29/COMPUTER.TMP

Cal issues alert about stolen laptop computer
It contains 98,000 Social Security numbers -- notifications to warn of 
identity-theft risk
Charles Burress, Chronicle Staff Writer
Tuesday, March 29, 2005
San Francisco Chronicle 

    A laptop computer containing Social Security numbers of more than 98,000 


==========> 05-03-29-SJMerc-LaptopTheftExposesUCBPersonalData.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11258389.htm

Posted on Tue, Mar. 29, 2005
Laptop theft exposes UC-Berkeley data
SOCIAL SECURITY NUMBERS OF GRAD SCHOOL APPLICANTS, STUDENTS STORED ON MACHINE
By Becky Bartindale
Mercury News

The names and Social Security numbers of 98,000 students and prospective 
students were compromised when an unidentified woman walked off with a 


==========> 05-03-31-NewSci-ReportUrgesChangesToDNSToImproveSecurity.txt==========

http://www.newscientist.com/article.ns?id=dn7218

Revamp for web navigation system urged
18:02 31 March 2005
NewScientist
Celeste Biever

The system the internet relies on to direct web traffic needs to be revamped to 
thwart spammers and identity thieves, concludes a report released on Thursday.



==========> 05-04-00-CACM-ITRiskManagementAndIncarceration.txt==========

Digital village: The two sides of ROI: return on investment vs. risk of 
incarceration
Hal Berghel
April 2005 	  	
Communications of the ACM,  Volume 48 Issue 4 

Legislative mandates potentially replace CIO's primary concerns of technology 
risk management with the possibility of serving jail time.

It wasn't that long ago that IT security was viewed by CEOs and CFOs as an 


==========> 05-04-04-SJMerc-NYLegislatureTargetsModemHighjacking.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11310169.htm

Posted on Mon, Apr. 04, 2005
N.Y. lawmakers target modem hijacking
San Jose Mercury News

ALBANY, N.Y (AP) - State lawmakers unveiled a bill Monday that is believed to 
be the first in the nation to target modem hijacking, a practice in which 
thieves tap into people's computer modems to make international phone calls.



==========> 05-04-05-ACM-USACMQuestionsRealIDActSecurityStandards.txt==========

http://www.acm.org/usacm/weblog/index.php?p=240

April 5, 2005
USACM Questions Real ID Act’s Security Standards

Citing the increased risk of identity theft the proposed Real ID Act would 
create, today USACM sent a letter 
(http://www.acm.org/usacm/Letters/real_id_letter.pdf) to Senator Lamar 
Alexander (R-TN) expressing its concerns about the legislation. Last week, 
Senator Alexander penned an op-ed stating that while he wasn’t necessarily 


==========> 05-04-05-ACM-USACMQuestionsRealIDAct'sSecurityStandards.txt==========

http://www.acm.org/usacm/weblog/index.php?p=240

April 5, 2005
USACM Questions Real ID Act’s Security Standards

Citing the increased risk of identity theft the proposed Real ID Act would 
create, today USACM sent a letter 
(http://www.acm.org/usacm/Letters/real_id_letter.pdf) to Senator Lamar 
Alexander (R-TN) expressing its concerns about the legislation. Last week, 
Senator Alexander penned an op-ed stating that while he wasn’t necessarily 


==========> 05-04-05-ITWorldCanada-BCInternetSecurityConference.txt==========

http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?ID=idgml-37fd1607-7e
00-4c61-b345-76d5ca5366e0&title=Lessons%20in%20cybersafety

Lessons in cybersafety
We may be looking at Internet II
By: Robert Parkins(05 Apr 2005)

British Columbia’s Ministry of Management Services recently produced its sixth 
annual conference on privacy and security issues, this time focusing on 
Synergies in an E-Society. The sessions attracted several hundred specialists, 


==========> 05-04-05-VNUNet-NRCStudy-DNSNeedUpdates.txt==========

http://www.vnunet.com/news/1162310

DNS system in need of upgrade
Technical and political challenges loom
Tom Sanders in California, vnunet.com 05 Apr 2005
VNUNet

The internet Domain Name System (DNS) requires both a technical and political 
update if it is to meet future challenges from hackers and accommodate further 
growth, says a new report from The National Academies Research Council.


==========> 05-04-06-SJMerc-PharmingRedirectsUsersToFakeWebsites.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11324938.htm

Posted on Wed, Apr. 06, 2005
Identity thieves' new ploy: `pharming'
WEB USERS COULD BE SENT TO FAKE SITES UNKNOWINGLY
By Dan Lee
Mercury News

First online crooks went ``phishing,'' and now they're getting into 
``pharming'' to reap their harvest of potential identity-theft victims.


==========> 05-04-08-SJMerc-MedicalBroupPatientsDataOnStolenComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11345727.htm

Posted on Fri, Apr. 08, 2005
185,000 medical group patients warned of security breach
NOTIFICATION SENT AFTER THEFT OF COMPUTERS
By Julie Sevrens Lyons
Mercury News

In one of the largest cases of stolen medical and financial information 
nationwide, San Jose Medical Group is alerting 185,000 current and former 


==========> 05-04-09-SJMerc-BogusWindowsUpdateEmailSendsUsersBogusWebsite.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11353144.htm

Posted on Sat, Apr. 09, 2005
E-mail scam directs users to bogus Windows update
By Dan Lee
Mercury News

An e-mail scam making its way around the Internet purports to be a message from 
Microsoft warning users of the Windows operating system that they need to 
download a security update -- only to leave their PC infected.


==========> 05-04-10-SJMerc-VerisignCeo-ProtectingCriticalAssets.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11359284.htm

Posted on Sun, Apr. 10, 2005
Protecting critical assets in Internet age
San Jose Mercury News

Stratton Sclavos, chairman and chief executive of VeriSign, recently spoke with 
Mercury News Staff Writer Dan Lee about his company's role in running the 
Internet, cybersecurity threats and balancing work and family. Here are edited 
excerpts:


==========> 05-04-11-UCB-UCBToLeadNSFCybersecurityTechCenter.txt==========

http://www.berkeley.edu/news/media/releases/2005/04/11_trust.shtml

UC Berkeley to lead $19 million NSF center on cybersecurity research
By Sarah Yang, Media Relations | 11 April 2005

BERKELEY – The National Science Foundation (NSF) announced today (Monday, April 
11) that the University of California, Berkeley, will lead an ambitious 
multi-institution center to protect the nation's computer infrastructure from 
cyberattacks while improving its reliability.



==========> 05-04-11-USAToday-LawsAimedAtDigitalMisdeedsLackBite.txt==========

http://www.usatoday.com/money/industries/technology/2005-04-11-net-law-cover_x.h
tm

Rules aimed at digital misdeeds lack bite
By Jon Swartz, USA TODAY
4/11/05

SAN FRANCISCO — Federal and state lawmakers, compelled by headlines of a 
computer-crime wave, are scrambling to introduce bills that would tighten 
cybersecurity and make it easier for prosecutors to file charges and impose 


==========> 05-04-12-SearchSec-Diffie-CriticalInfrastructuer-DisasterInTheMaking.txt==========

http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1077609,00.html

Diffie: Infrastructure a disaster in the making
By Bill Brenner, News Writer
12 Apr 2005 | SearchSecurity.com

In the 1970s, Martin Hellman and Whitfield Diffie wrote the recipe for one of 
today's most widely used security algorithms in a paper called "New Directions 
in Cryptography. The paper mapped out the Diffie-Hellman key exchange, a major 
advancement in Public Key Infrastructure (PKI) technology that allows for 


==========> 05-04-12-SJMerc-CongressMustAdoptStrongDataTheftBill.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11374264.htm

Posted on Tue, Apr. 12, 2005
Congress must adopt strong data-theft bill
Mercury News Editorial

This time it's 185,000 current and former San Jose Medical Group patients who 
are scrambling to protect themselves from identity theft. Before that, it was 
100,000 students and others affiliated with UC-Berkeley. Before that, 32,000 
unsuspecting individuals whose personal data was held by data broker LexisNexis 


==========> 05-04-14-CNETNews-USCybercrimePolicyNeedsTeeth.txt==========

http://news.com.com/Putting+teeth+into+U.S.+cybercrime+policy/2008-7348_3-567001
9.html

Putting teeth into U.S. cybercrime policy
By Matt Hines
CNET News
Story last modified Thu Apr 14 04:00:00 PDT 2005

It wasn't so long ago that interest in the topic of online crime was limited to 
a small circle of technologists. Nowadays, senior government officials talk 


==========> 05-04-14-GovySecNews-ISACsHaveCriticsAndAdvocates.txt==========

"Sector-wide ISACs Have Both Critics and Advocates"
Government Security News (04/04/05) Vol. 3, No. 7, P. 1; Anderson, Martin Edwin

Information Sharing and Analysis Centers (ISACs), formed to share information 
between government and industry sectors, lack support from government agencies 
and private-sector members, according to some business executives. The groups 
were created in the late 1990s to coordinate critical infrastructure 
information-sharing, and took on a protection role after the Sept. 1, 2001, 
terrorist attacks. Former deputy attorney general and 9/11 Commission member 
Jamie Gorelick brought debate over the ISACs to the forefront when she said the 


==========> 05-04-14-SJMerc-DataTheftAtRalphLaurenCompromisesThousands.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11393838.htm

Posted on Thu, Apr. 14, 2005
Data theft at Polo Ralph Lauren leaves thousands vulnerable
San Jose Mercury News

NEW YORK (AP) - Data apparently stolen from the popular clothing retailer Polo 
Ralph Lauren Inc. is forcing banks and credit card issuers to notify thousands 
of consumers that their credit-card information may have been exposed.



==========> 05-04-14-Stanford-StanfordJoinsNSFCybersecurityTechCenter.txt==========

http://news-service.stanford.edu/news/2005/april20/mitchell-041405.html

Stanford Report, April 14, 2005
Stanford joins multi-institution center on research in cybersecurity and 
computer trustworthiness
BY SARAH YANG AND DAWN LEVY

The National Science Foundation (NSF) announced on April 11 that the University 
of California-Berkeley will lead a multi-institution center to protect the 
nation’s computer infrastructure from cyberattacks while improving its 


==========> 05-04-18-CompWorld-EUTaskForceToStudyCybersecurity.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,101160,00.htm
l

EU task force to study IT critical infrastructure
One issue is a reluctance to share information
Computer World - 4/18/05
News Story by John Blau
	
APRIL 18, 2005 (IDG NEWS SERVICE) - The European Union has set up a task force 
to explore what its 25 member states are doing to combat cyberthreats against 


==========> 05-04-18-NetWorld-SomeArgueMoreNeedsInCybersecurity.txt==========

http://www.nwfusion.com/news/2005/041805-internet-security.html?ts

How vulnerable is the 'Net?
Security upgrades ongoing, but some argue more needs to be done.
By Jim Duffy
Network World, 04/18/05

The unusual activity began two weeks before the attack. Officials from the 
Cooperative Association for Internet Data Analysis, which had begun monitoring 
Internet nameserver behavior at the start of 2002, noticed varying levels of 


==========> 05-04-18-SJMerc-LexisNexisBeginsNotifyingVictimsOfDataBreach.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11426519.htm

Posted on Mon, Apr. 18, 2005
LexisNexis begins notifying possible victims of data breach
San Jose Merciry News

DAYTON, Ohio (AP) - LexisNexis said on Monday that it has begun notifying about 
280,000 people whose personal information may have been accessed by 
unauthorized individuals using stolen passwords and IDs.



==========> 05-04-18-Wired-USMilitaryHasEliteCyberWarfareGroup.txt==========

http://www.wired.com/news/privacy/0,1848,67223,00.html

U.S. Military's Elite Hacker Crew 
By John Lasker
Wired
02:00 AM Apr. 18, 2005 PT

The U.S. military has assembled the world's most formidable hacker posse: a 
super-secret, multimillion-dollar weapons program that may be ready to launch 
bloodless cyberwar against enemy networks -- from electric grids to telephone 


==========> 05-04-20-EWeek-ResearchersProposeEarlyWarningSysyemForWorms.txt==========

http://www.eweek.com/article2/0,1759,1788294,00.asp

Researchers Propose Early Warning System for Worms
April 20, 2005
By  Ryan Naraine
eWeek

Researchers at the University of Florida have designed an Internet-worm early 
warning system that offers a new approach to pinpointing the first sign of a 
malicious network attack.


==========> 05-04-21-CompWorld-CIDDAC-NewCyberterrorismSecuityCenter.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,101251,00.htm
l

U.S. gets new cyberterrorism security center
Its goal is to better protect critical private industries
News Story by Todd R. Weiss

APRIL 21, 2005 (COMPUTERWORLD) - PHILADELPHIA -- A new private-sector 
cyberterrorism security center that aims to watch over much of the nation's 
critical business infrastructure with its own real-time cyberthreat-detection 


==========> 05-04-21-ZDNet-SecurityExpertsAsksSoftwareDevelopersForAccessToBugDatabases.txt==========

http://news.zdnet.co.uk/software/applications/0,39020384,39195801,00.htm

Security guru wants access to bug databases
Ingrid Marson
ZDNet UK
April 21, 2005, 14:05 BST

Security expert Ross Anderson has called for empirical research to be conducted 
into whether open source or closed source software is more secure, and into the 
impact that development practices such as extreme programming (XP) have on code 


==========> 05-04-22-PittsTribRev-ExpertsSayHackersCanPenetrateComputersAnywhere.txt==========

http://pittsburghlive.com/x/tribune-review/trib/regional/s_326822.htmlCyber 
security has its limits
  			
Cyber Security Has Its Limits
By Jennifer Bails
PITTSBURGH TRIBUNE-REVIEW
Friday, April 22, 2005

If hackers can invade computers at Carnegie Mellon University, an 
internationally renowned leader in the field of cybersecurity, they can 


==========> 05-04-25-IndianaUniv-CenterForAppliedCybersecurityResearch.txt==========

http://newsinfo.iu.edu/news/page/normal/2108.html

Center aims to improve cybersecurity in higher education
Former U.S. cyber chief Amit Yoran will deliver the keynote address to the 
Indiana Higher Education Cybersecurity Summit on Thursday (April 28).
Iniana Univesity
FOR IMMEDIATE RELEASE
MONDAY, APRIL 25, 2005

BLOOMINGTON, Ind. -- When it comes to protecting themselves from computer 


==========> 05-04-25-SJMerc-MSLonghornOSToUseHardwareCryptographicKey.txt==========

Posted on Mon, Apr. 25, 2005
Microsoft unveils more Longhorn details
San Jose Mercury News

SAN JOSE, Calif. (AP) - Microsoft Corp.'s plan to hardwire computer security 
into a silicon chip rather than relying on software alone will make its debut 
in the next release of the Windows PC operating system that will ship late next 
year.

The technology, to be described by Microsoft Chairman Bill Gates during a 


==========> 05-04-26-CompWeekly-DataEncryptionCouldBeKeyToMoreSecureData.txt==========

# "Encryption: The Key to Secure Data?"
Computer Weekly (04/26/05); Bradbury, Danny

Data encryption technology is now a mature market with infrequent updates, but 
the failure of public key infrastructure (PKI) to take off in the commercial 
sector has left a gaping hole in the encryption framework. Encryption comes in 
two flavors: Traditional symmetric encryption and asymmetric encryption that 
uses public and private keys. Asymmetric encryption popularized by RSA Security 
protects traditional symmetric encryption by adding another encrypted piece of 
data, which dramatically increases the difficulty of code-breaking; elliptic 


==========> 05-04-29-Computer-DoesTrustedComputingSolveSecurityProblems.txt==========

http://www.computer.org/portal/site/security/menuitem.6f7b2414551cb84651286b108b
cd45f3/index.jsp?&pName=security_level1_article&TheCat=1015&path=security/freebi
es&file=oppliger.xml&

Does Trusted Computing Remedy Computer Security Problems?
Rolf Oppliger and Ruedi Rytz
Swiss Federal Strategy Unit for Information Technology
[Accessed April 29,2005]

In the past few years, increasing volumes of malicious software, or malware 


==========> 05-04-29-CyberCzarLegislationTaksFirstStepInCongress.txt==========

=============================================================
                    ACM Washington Update
                          Vol. 9.4
                       29 April 2005
=============================================================

[6] CYBER CZAR LEGISLATION TAKES FIRST STEP IN CONGRESS

The House Homeland Security Committee recently approved the  Department of 
Homeland Security's first overhaul legislation since  its creation in 2002.  


==========> 05-04-29-USACM-USACMQuestionsRealIDActSecurityStandards.txt==========

=============================================================
                    ACM Washington Update
                          Vol. 9.4
                       29 April 2005
=============================================================

[3] USACM QUESTIONS REAL ID ACT'S SECURITY STANDARDS

Citing the increased risk of identity theft the proposed Real ID Act  would 
create, USACM sent a letter earlier this month to Senator Lamar  Alexander 


==========> 05-05-00-CACM-TransparencyAndTrustInSecurityAssurances.txt==========

Security watch: Trusting in transparency
Rebecca T. Mercuri
May 2005 	  	
Communications of the ACM,  Volume 48 Issue 5 

In providing security assurances, transparency and trust are inherently 
intertwined concepts, but their relationship is not well understood.

The slightly tarnished image of the computer industry, in terms of its ability 
to maintain security and privacy for business and private users, has played a 


==========> 05-05-00-IEEESpectrum-IntrusionDetectionSystems.txt==========

http://www.spectrum.ieee.org/WEBONLY/publicfeature/may05/0505worm.html

How to Hook Worms
Because a computer network cannot ward off every last Internet worm, it must 
sound an alarm the minute one slithers inside
By James Riordan, Andreas Wespi & Diego Zamboni
IEEE Spectrum
May 2005

0505worm01.jpg THEY WERE 376 BYTES THAT SHOOK THE WORLD. At 5:30 a.m. Greenwich 


==========> 05-05-00-PubicCIO-Spafford-PolicyMakersNotConcernedEnoughWithCybersecurity.txt==========

http://www.public-cio.com/story.php?id=2005.04.28-93832

Guarding Information
Though cyber-security seems to get a lot of headlines, cyber-security expert 
and professor Eugene Spafford argues it's not getting enough attention from 
policy-makers.
By Shane Peterson
May 2005
Public CIO



==========> 05-05-04-ChronHigherEd-NSFSetsStrategyToImproveUSCyberinfrastructure.txt==========

# "NSF Sets New Strategy to Improve Nation's 'Cyberinfrastructure,' But Details 
Are Lacking"
Chronicle of Higher Education (05/04/05); Kiernan, Vincent

The National Science Foundation (NSF) has formulated a strategy to bolster the 
U.S.'s cyberinfrastructure, said NSF director Arden Bement Jr., speaking to the 
Internet2 consortium spring meeting on Tuesday. The national 
cyberinfrastructure is as critical as the interstate highway system or 
electricity grid, and one of the most important investments for the 21st 
century, he said. The cyberinfrastructure includes network technology, computer 


==========> 05-05-06-SJMerc-VeriSignStuntGetsPeopleToGivePasswordsForCoffeeCoupon.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11580658.htm

Posted on Fri, May. 06, 2005
Protect passwords? Not if latte is free
By Mary Anne Ostrom
Mercury News

Would you give up your computer passwords for a Starbucks latte? ``imasexyguy'' 
did. So did ``raiderfan.'' The football fanatic even gave it to a radio 
reporter -- to put on the air. And then he told the interviewer he still wasn't 


==========> 05-05-10-NYT-ComputerBreachAtCiscoAffectsThousandsOfComputers.txt==========

http://www.nytimes.com/2005/05/10/technology/10cisco.html?

May 10, 2005
Internet Attack Called Broad and Long Lasting by Investigators
By JOHN MARKOFF and LOWELL BERGMAN
NY Times
Correction Appended

SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a Cisco 
Systems network in which an intruder seized programming instructions for many 


==========> 05-05-10-SJMerc-ComputerBreachAtCiscoAffectsThousandsOfComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11611030.htm

Posted on Tue, May. 10, 2005
Cisco breach described as part of bigger operation
BREAK-INS AFFECTED THOUSANDS OF COMPUTERS, SAY INVESTIGATORS IN UNITED STATES, 
EUROPE
By John Markoff and Lowell Bergman
New York Times

The incident seemed alarming enough: a breach of a Cisco Systems network in 


==========> 05-05-13-SJMerc-WachoviaAndBofANotifyCustomersOfSecurityBreach.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11642196.htm

Posted on Fri, May. 13, 2005
North Carolina banks notifying customers of security breach
San Jose Mercury News

CHARLOTTE, N.C. (AP) - Wachovia Corp. and Bank of America Corp. are notifying 
thousands of customers that their accounts may have been breached in a theft of 
financial records from four banks.



==========> 05-05-14-NewScientist-SoberComputerWormHitsInstantMessagingService.txt==========

http://www.newscientist.com/article.ns?id=mg18624997.300

Instant messaging falls prey to worms
14 May 2005
Celeste Biever
New Scientist

A COMPUTER worm called Sober hit the headlines last week, reigniting people's 
fears about viruses. But while many may fret about infected emails, hackers are 
increasingly turning to stealthier ways to spread malicious software. Their 


==========> 05-05-15-SDTimes-SecurityExpertsSuggestImprovements.txt==========

http://68.236.189.240/printArticle/story-20050515-04.html

Security: More Than Good Programming
By Alan Zeichick
SD Times

May 15, 2005 — Why are there so many vulnerabilities in software applications? 
Poor programming practices—that’s the most common response given in a new BZ 
Research survey. In that study, conducted in mid-April, 55.9 percent of 
respondents blamed poor programming practices, 55.6 percent cited poor design 


==========> 05-05-18-RedHerring-USPowerGridVulnerableToComputerHackers.txt==========

http://www.redherring.com/Article.aspx?a=12117&hed=Hacking+the+Grid%2c+Part+1

Hacking the Grid
Security experts warn it wouldn’t be hard for a cyberpunk or terrorist to turn 
off the lights in a large portion of the U.S. (First of three parts.)
May 18, 2005
Red Herring

The U.S. power grid, with its billions of dollars worth of electrical lines, 
switching stations, and electrical generators, is like a big shiny toy for 


==========> 05-05-19-WashPost-ComputersSeizedInLexisNexisDataTheftCase.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2005/05/19/AR2005051900704.
html

Computers Seized in Data-Theft Probe
Federal Investigators Remove PCs, Discs From Several Locations; LexisNexis 
Break-In Linked to Paris Hilton Phone Hacking
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, May 19, 2005; 6:16 PM



==========> 05-05-23-AP-BanksNotifyCustomersOfDataTheft.txt==========

http://story.news.yahoo.com/news?tmpl=story&cid=528&e=3&u=/ap/20050523/ap_on
_bi_ge/data_theft

Banks Notify Customers of Data Theft
By PAUL NOWELL, AP Business Writer 16 minutes ago
May 23, 2005

More than 100,000 customers of Wachovia Corp. and Bank of America Corp. have
been notified that their financial records may have been stolen by bank
employees and sold to collection agencies.


==========> 05-05-24-ECommTimes-SecurityExpert-WebSecurityIssuesBasedOnRepeatedMistakes.txt==========

http://www.ecommercetimes.com/story/RPdAECrXvajwEv/Scientist-Blames-Web-Security
-Issues-on-Repeated-Mistakes.xhtml

Scientist Blames Web Security Issues on Repeated Mistakes
By Jack M. Germain
E-Commerce Times
05/24/05 5:00 AM PT

Clearly, the Internet is heading for a catastrophic failure. However, that 
doesn't have to happen, Zatko believes. To prevent an Internet catastrophe, 


==========> 05-05-25-SJMerc-StanfordComputerSystemHacked.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11735115.htm

Posted on Wed, May. 25, 2005
Computer system hacked at Stanford
NO EVIDENCE OF STOLEN DATA, UNIVERSITY SAYS
By Chuck Carroll
Mercury News

The FBI and Stanford University are investigating how someone hacked into a 
computer system containing information about people looking for work through 


==========> 05-05-25-Wired-LexisNexisCrackersRevealTactics.txt==========

http://www.wired.com/news/business/0,1367,67629,00.html

Database Hackers Reveal Tactics 
By Kim Zetter
02:00 AM May. 25, 2005 PT
Wired

Three young hackers under investigation for unlawfully accessing personal 
information on thousands of people in a LexisNexis database have characterized 
their act as a cyberjoyride that got out of hand.


==========> 05-05-26-Computing-CybersecurityRequiresCollaboration.txt==========

http://www.computing.co.uk/computing/news/2135648/collaboration-necessity-secure
-infrastructure

Collaboration is a necessity for a secure infrastructure
Computing
talks to Oracle chief security officer Mary Ann Davidson about the need for 
companies to work together
Emma Nash, Computing 26 May 2005

In recent years companies have become increasingly accustomed to the notion 


==========> 05-05-26-CompWorld-DHSCyberSecurityPlansCritcized.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,102049,00.htm
l

GAO: DHS cybersecurity plans need more work
One congressman called the department's efforts so far 'unacceptable'

MAY 26, 2005 (COMPUTERWORLD) - The U.S. Department of Homeland Security must do 
more to protect the nation's critical information infrastructure, according to 
a report released today by the Government Accountability Office (download PDF).



==========> 05-05-26-CompWorld-GAOCallsDHSCybersecurityUnacceptable.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,102049,00.htm
l

GAO: DHS cybersecurity plans need more work
One congressman called the department's efforts so far 'unacceptable'
News Story by Linda Rosencrance

MAY 26, 2005 (COMPUTERWORLD) - The U.S. Department of Homeland Security must do 
more to protect the nation's critical information infrastructure, according to 
a report released today by the Government Accountability Office (download PDF).


==========> 05-05-26-SecFocus-ManyDeviceDrivesContainSecurityFlaws.txt==========

# "Device Drivers Filled With Flaws, Threaten Security"
Security Focus (05/26/05); Lemos, Robert

Although operating system code has improved in recent years, device drivers 
still have numerous flaws that threaten operating system security. The 
responsibility of securing device driver code lies primarily with the 
third-party hardware vendors that create the drivers, but also with Microsoft 
and the Linux development community. Automated code-checking firm Coverity said 
an audit of the Linux 2.6.9 kernel code revealed that over 50 percent of the 
discovered flaws existed in device drivers. Though those flaws may not have 


==========> 05-05-26-SJMerc-CIAConductingWarGameOnInternetAttack.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11741739.htm

Posted on Thu, May. 26, 2005
CIA overseeing three-day war game to mimic response to crippling Internet attack
San Jose Mercury News

WASHINGTON (AP) - The CIA is conducting a secretive war game, dubbed ``Silent 
Horizon,'' this week to practice defending against an electronic assault on the 
same scale as the Sept. 11 terrorism attacks.



==========> 05-05-31-USACM-CybersecurityIssuesMoveForwardInUSHouse.txt==========

=============================================================
                    ACM Washington Update
                          Vol. 9.5
                        31 May 2005
=============================================================

[9] CYBERSECURITY ISSUES MOVE FORWARD IN THE HOUSE

The House of Representatives has passed the first Department of  Homeland 
Security reauthorization since this department was created  in 2002.  Included 


==========> 05-06-00-ACMQueue-BetterSecurityByAskingTheRightQuestions.txt==========

Q focus: security: The answer is 42 of course
Thomas Wadlow
June 2005 	  	
Queue,  Volume 3 Issue 5 

If we want our networks to be sufficiently difficult to penetrate, we’ve got to 
ask the right questions.

Why is security so hard? As a security consultant, I’m glad that people feel 
that way, because that perception pays my mortgage. But is it really so 


==========> 05-06-00-ACMQueue-BiologicalTermsWidelyUsedInComputerSecurity.txt==========

Interview: A conversation with Peter Tippett and Steven Hofmeyr
Jim Maurer
June 2005 	  	
Queue,  Volume 3 Issue 5 

There have always been similarities and overlap between the worlds of biology 
and computer science. Nowhere is this more evident than in computer security, 
where the basic terminology of viruses and infection is borrowed from 
biomedicine.



==========> 05-06-00-ACMQueue-ComputerAttackTrendsIn2004And2005.txt==========

Q focus: security: Attack trends: 2004 and 2005
Bruce Schneier
June 2005 	  	
Queue,  Volume 3 Issue 5 

Counterpane Internet Security Inc. monitors more than 450 networks in 35 
countries, in every time zone. In 2004 we saw 523 billion network events, and 
our analysts investigated 648,000 security “tickets.” What follows is an 
overview of what’s happening on the Internet right now, and what we expect to 
happen in the coming months.


==========> 05-06-00-ACMQueue-FeelingSecureInAnUnsafeWorld.txt==========

From the editors: On feeling secure in an unsafe world
Randy Harr
June 2005 	  	
Queue,  Volume 3 Issue 5 

Security has always been a loaded word—all the more so since 9/11. Webster’s 
defines it as “freedom from fear, anxiety, danger, and doubt.” Within Maslow’s 
famous hierarchy of needs, meanwhile, we can find it just above our most basic 
physiological needs, such as food, water, and shelter. So it seems, no matter 
how you slice it, security comes down to some fundamental sense of well-being 


==========> 05-06-00-ACMQueue-SecurityAttackTrendsIn2004And2005.txt==========

Q focus: security: Attack trends: 2004 and 2005
Bruce Schneier
June 2005 	  	
Queue,  Volume 3 Issue 5 

Counterpane Internet Security Inc. monitors more than 450 networks in 35 
countries, in every time zone. In 2004 we saw 523 billion network events, and 
our analysts investigated 648,000 security “tickets.” What follows is an 
overview of what’s happening on the Internet right now, and what we expect to 
happen in the coming months.


==========> 05-06-00-ACMQueue-WhyAreWeStillSoVulnerableToSecurityProblems.txt==========

Q focus: security: Security---problem solved?
John Viega
June 2005 	  	
Queue,  Volume 3 Issue 5 
Solutions to many of our security problems already exist, so why are we still 
so vulnerable?

There are plenty of security problems that have solutions. Yet, our security 
problems don’t seem to be going away. What’s wrong here? Are consumers being 
offered snake oil and rejecting it? Are they not adopting solutions they should 


==========> 05-06-02-InfoSecCon-WorkshopOnTheEconomicsOfInformationSecurity.txt==========

Fourth Workshop on the Economics of Information Security
http://www.infosecon.net/workshop/

June 2-3, 2005
Reception June 1, 2005

Harvard University
Cambridge, MA 02138

Full Schedule at:


==========> 05-06-03-InfoWeek-ExpertSaysCybersecurityGettingBetter.txt==========

http://www.informationweek.com/showArticle.jhtml?articleID=164300338

Q&A: Ex-eBay Security Chief Sees A Safer Internet In The Future
June 3, 2005  	 	
Howard Schmidt thinks there's been great progress, and better identity 
management will help make the Internet safer. Though it's not for a lack of 
trying by the crooks.
By Thomas Claburn
InformationWeek
	  	


==========> 05-06-03-NewSci-CryptographersCrackSecureBluetoothDevices.txt==========

http://www.newscientist.com/article.ns?id=dn7461

New hack cracks 'secure' Bluetooth devices
2:07 03 June 2005
NewScientist.com news service
Celeste Biever

Cryptographers have discovered a way to hack Bluetooth-enabled devices even 
when security features are switched on. The discovery may make it even easier 
for hackers to eavesdrop on conversations and charge their own calls to someone 


==========> 05-06-05-ChronHigherEd-SpaffordWarnsFederalStudentDatabaseVulnerable.txt==========

# "Computing Officials Worry That Proposed Federal Database Could Be Hacked"
Chronicle of Higher Education (05/06/05) Vol. 51, No. 35, P. A37; Carnevale, Dan

The U.S. Department of Education is considering a "unit record" database 
listing information on individual students, but technology experts are worried 
about the database's vulnerability to hacking, a pressing concern in light of 
recent intrusions into college and company servers. Purdue University computer 
sciences professor and USACM chair Eugene Spafford warns that a large database, 
constructed ostensibly to keep tabs on student retention and graduation rates, 
is an irresistible target, and susceptible to an attack from any point in the 


==========> 05-06-06-InfoWorld-Pharming-HackedDNSServersRedirectUsers.txt==========

http://weblog.infoworld.com/article/05/06/06/23FEpharm_1.html

The looming threat of pharming
It's harder to pharm than to phish, but recent incidents prove that some 
hackers don’t mind the extra work
By  Mark Leon
June 06, 2005
Info World

Security experts call it the soft underbelly of the Internet, and hackers, 


==========> 05-06-06-NetWorld-IowaStateBuildsModelInternet.txt==========

http://www.networkworld.com/news/2005/060605widernet.html

Internet security . . . writ very small
Miniature version of the 'Net used to assess security schemes.
By Ellen Messmer, Network World, 06/06/05

Like a ship in a bottle, the Internet-Simulation Event and Attack Generation 
Environment is a miniature version of the real thing: It's the vast Internet 
shrunk to fit onto a high-speed LAN on the floor of a building in a research 
park adjacent to the Iowa State University campus in Ames.


==========> 05-06-07-CompWorld-UniversitiesOpenToSecurityBreaches.txt==========

http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,10229
8,00.html

Security breaches challenge academia's 'open society'
Opinion by Jay Cline
	
JUNE 07, 2005 (COMPUTERWORLD) - While all the attention lately has been focused 
on security breaches at our nation's data consolidators, U.S. universities have 
also been notifying thousands of employees, students and alumni to monitor 
their personal accounts for unusual activity. The University of Iowa recently 


==========> 05-06-08-GovtExec-DHSCybersecurityInitiativesExpected.txt==========

http://www.govexec.com/dailyfed/0605/060805tdpm1.htm

Report on DHS cybersecurity initiatives expected next month
By Chloe Albanesius, National Journal's Technology Daily
June 8, 2005
Government Exec

ROCKVILLE, Md. -- The Homeland Security Department is crafting a cyber-security 
response plan and next month will provide an update to the National Cyber 
Response Coordination Group about how it is leveraging capabilities, a 


==========> 05-06-09-NewSci-NewBreedOfVirusesReportSecurityProblemsToHackers.txt==========

http://www.newscientist.com/article.ns?id=dn7500

Computer viruses become hacker informants
15:07 09 June 2005
NewScientist.com news service
Paul Marks

An emerging breed of computer virus that keeps hackers informed about the 
latest weaknesses in computer networks has been discovered by security experts.



==========> 05-06-09-NYT-CompaniesAndGovtToImprovePersonalDataProtection.txt==========

http://www.nytimes.com/2005/06/09/business/09data.html?

June 9, 2005
The Scramble to Protect Personal Information
By TOM ZELLER Jr.
NY Times

Perhaps more than most corporations, Citigroup knows the perils of moving 
personal data.



==========> 05-06-13-PCWorld-VoIPAndMobileVirusThreatsMayBeOverhyped.txt==========

http://www.pcworld.com/news/article/0,aid,121364,tk,dn061305X,00.asp

Are Security Threats Really Overhyped?
Some experts say VoIP security and mobile viruses already are serious problems.
PC World
Grant Gross, IDG News Service
Monday, June 13, 2005

Two Gartner analysts released their list of the five most overhyped IT security 
threats, with IP (Internet Protocol) telephony and malware for mobile devices 


==========> 05-06-14-PRNewswire-AOLIdentifiedAsNetworkWithMostHijackedComputers.txt==========

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/06-14-200
5/0003870952&EDATE=

AOL Identified as Most Infected Network by Prolexic Zombie Report
http://www.prolexic.com http://www.prolexic.com/zr
Report Highlights Failure of DDoS Mitigation Devices

    HOLLYWOOD, Fla., June 14 /PRNewswire/ -- Prolexic, the world's leading
provider of Distributed Denial of Service (DDoS) solutions and security
consulting products, recently issued a zombie analysis report


==========> 05-06-15-InfoWeek-AOLNotSurprisedItHasMostHijackedComputers.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=164303641

AOL: We're Not Zombie Haven   June 15, 2005  	 	
America Online hosts more denial-of-service (DoS) spewing zombie PCs than any 
other ISP in the world, a report released Tuesday claimed. AOL thinks that's 
just fine.
By Gregg Keizer
TechWeb News

America Online hosts more denial-of-service (DoS) spewing zombie PCs than any 


==========> 05-06-16-WSJ-BluetoothWirelessVlnerableToBeingCracked.txt==========

# "Bluetooth Gear May Be Open to Snooping"
Wall Street Journal (06/16/05) P. B1; Winstein, Keith J.

The Bluetooth wireless communication standard is vulnerable to being cracked by 
eavesdropping devices, according to a presentation unveiled by two researchers 
at Mobisys2005, ACM's International Conference on Mobile Systems, Applications 
and Services. Counterpane Internet Security CTO Bruce Schneier, calling the 
researchers' presentation "really impressive," said that Bluetooth was designed 
sloppily with little regard for security. Bluetooth-enabled devices link 
together through identification of a special security code and set of randomly 


==========> 05-06-17-BusWeek-ComputerSecuritySoftwareVulnerabilitiesIncrease.txt==========

http://www.businessweek.com/technology/content/jun2005/tc20050617_1613_tc024.htm

JUNE 17, 2005
By Sarah Lacy
Computers' Insecure Security
Software meant to protect PCs are now attack targets, revealing a rising number 
of flaws -- even more than those of Microsoft products
Business Week

Think you're safe because your computer has the latest antivirus program, 


==========> 05-06-17-CNETNews-DHSBehindOnCybersecurity.txt==========

http://news.com.com/Snoozing+about+security/2010-1071_3-5750359.html

Snoozing about security
By Charles Cooper
Story last modified Fri Jun 17 04:00:00 PDT 2005
CNET News

No doubt these are tough times for the folks charged with securing the nation's 
cyber front lines.



==========> 05-06-17-Newsday-NYLegisalturePassesBillToRequireDataTheftNotification.txt==========

http://www.newsday.com/news/local/state/ny-stid174307759jun17,0,7796499.story?co
ll=ny-statenews-headlines

Bid to halt identity theft
Lawmakers agree to require agencies, companies to notify customers of any 
breach of personal info
BY ERROL A. COCKFIELD JR.ALBANY BUREAU CHIEF, Albany researcher Melissa 
Mansfield contributed to this story.
June 17, 2005



==========> 05-06-17-SJMerc-KeyUSLegisatorsAgreeDataTheftNotificationIsNeeded.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11915580.htm

Posted on Fri, Jun. 17, 2005
Public may be warned of security breaches
Momentum is building for a federal law requiring that consumers be notified if 
their financial information is lost or stolen.
BY REBECCA CARR
Cox News Service

WASHINGTON - There is a growing consensus among key lawmakers for federal 


==========> 05-06-20-NYT-CardSystemsShouldNotHaveKeptTransactionData.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11937169.htm

Posted on Mon, Jun. 20, 2005
Firm erred in retaining credit card data
Company's leader acknowledges mistake
The New York Times

The chief of the credit card processing company whose computer system was 
penetrated by data thieves acknowledged Sunday that the company should not have 
been retaining the consumer records.


==========> 05-06-20-YankeeGroup-ComputerSecuritySoftwareVulnerabilitiesIncrease.txt==========

http://www.yankeegroup.com/public/news_releases/news_release_detail.jsp?ID=Press
Releases/news_06202005_FearandLoathing_PR.htm

Yankee Group Uncovers New Frontier for Security Vulnerabilities
NEWS RELEASE - 20 JUN 2005
Customers should prepare for increased patching of security products

Boston, MA, June 20, 2005 — Yankee Group today shed light on an emerging and 
disturbing enterprise network security trend. A recent analysis of industry 
vulnerability data revealed an increased focus on security products from 


==========> 05-06-22-TechNewsWorld-BetterCybersecurityStillYearsAway.txt==========

http://technewsworld.com/story/qlKfJ7yM5uVcXK/Better-PC-Security-Years-Away.xhtm
l

Better PC Security Years Away
By John P. Mello Jr.
TechNewsWorld
06/22/05 5:00 AM PT

John Pescatore, research director for Internet security for the Gartner Group, 
said future secure desktops will act more like mainframes than PCs. "You would 


==========> 05-06-23-Corante-FTCReleasesP2PWorkshopReport-NotConvincedP2PDangerous.txt==========

http://www.corante.com/importance/archives/2005/06/23/ftc_report_on_p2p_workshop
.php

June 23, 2005
FTC Report on P2P WorkshopEmail This EntryPrint This Entry
Posted by Ernest Miller

The FTC has finally released a report on a p2p workshop held back in December, 
2004. Read the 51-page report (FTC Staff Workshop Report: Peer-to-Peer 
File-Sharing Technology: Consumer Protection and Competition Issues [PDF]). 


==========> 05-06-23-SJMerc-ConfidentialJapaneseNuclearPlantDataOnTheInteret.txt==========

http://www.siliconvalley.com/mld/siliconvalley/11968239.htm

Posted on Thu, Jun. 23, 2005
San Jose Mercury News
Confidential data from Japanese nuclear plants ends up on Internet

TOKYO (AP) - Confidential data from Japanese nuclear plants was posted on the 
Internet when a worker's computer software was attacked by a virus, a company 
said Thursday.



==========> 05-06-23-ZDNet-Farber-WebIsHazardousAndPoliticiansAreWorriedAboutControl.txt==========

http://www.zdnetasia.com/news/business/0,39044229,39238289,00.htm

Net guru predicts another 10 'wild' years
By Eileen Yu, ZDNet Asia
23/6/2005

SINGAPORE--The Web is turning into a hazardous environment, and there should be 
more tech-savvy politicians in government today so that better legislation can 
be established, says an industry-renowned Internet guru.



==========> 05-06-24-NYT-ComputerTakeoversBecomingMajorProblem-ZombieNetworks.txt==========

http://www.nytimes.com/2005/06/24/technology/24zombie.html?

June 24, 2005
An Army of Soulless 1's and 0's
By STEPHEN LABATON
NY Times

WASHINGTON, June 23 - For thousands of Internet users, the offer seemed all too 
alluring: revealing pictures of Jennifer Lopez, available at a mere click of 
the mouse.


==========> 05-06-26-WashPost-SecurityIssuesUndermineInternet.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2005/06/25/AR2005062501284.
html

Viruses, Security Issues Undermine Internet
Experts Contemplate New Version
By Ariana Eunjung Cha
Washington Post Staff Writer
Sunday, June 26, 2005; A01

DENVER -- E-mails were flooding in from all over the country. Something strange 


==========> 05-06-27-CompWorld-CybersecurityGroupLooksToEuropeForMembers.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,102825,00.htm
l

Cybersecurity group looks to Europe for help
'The private sector is going to get attacked,' says a CSIA exec
News Story by Scarlet Pruitt
	
JUNE 27, 2005 (IDG NEWS SERVICE) - There isn't a colored alert system 
indicating the threat level faced by global information systems. But if there 
were, former White House security director Paul Kurtz figures it would be 


==========> 05-06-29-SJMerc-SenatorsProposeSweepingDataSecurityBill.txt==========

http://news.com.com/Senators+propose+sweeping+data-security+bill/2100-7348_3-576
9156.html?part=rss&tag=5769156&subj=news

Senators propose sweeping data-security bill
By Declan McCullagh
Story last modified Wed Jun 29 21:00:00 PDT 2005
CNET News

An avalanche of new rules for corporate data security and stiff penalties for 
information burglars are included in a far-reaching bill introduced Wednesday 


==========> 05-06-30-SJMerc-InsidersMayPoseGreatestDataTheftRisk.txt==========

http://www.siliconvalley.com/mld/siliconvalley/12026307.htm

Posted on Thu, Jun. 30, 2005
Insiders may pose biggest data theft risk
San Jose Mercury News

CHARLOTTE, N.C. (AP) - When two of the nation's largest banks were forced to 
notify thousands of customers that their financial records may have been 
stolen, there wasn't a hacker, a missing laptop or a lost box of backup 
computer tapes to blame.


==========> 05-06-30-SJMerc-SecurityBreachAtCardSystemsLeavesFewLeads.txt==========

http://www.siliconvalley.com/mld/siliconvalley/12026241.htm

Posted on Thu, Jun. 30, 2005
Data thieves give cops little to go on
By Tony Pugh
Knight Ridder

WASHINGTON - Federal agents are in a familiar position as they probe the 
computer-security breach at an Arizona firm that left credit-card data for some 
40 million people open to theft: Once again, they're playing catch-up.


==========> 05-06-31-USACM-SenatorsIntroducePrivacyAndSecurityBill.txt==========

=============================================================
                    ACM Washington Update
                          Vol. 9.6
                        30 June 2005
=============================================================

[4] POWERFUL SENATORS INTRODUCE PRIVACY AND SECURITY BILL

Reacting to the current troubling situation regarding data security and privacy 
in the U.S., two influential senators introduced legislation this week designed 


==========> 05-07-00-Computer-InstantMessagingBecomingSecurityTarget.txt==========

# "Instant Messaging: A New Target For Hackers"
Computer (07/05) Vol. 38, No. 7, P. 20; Leavitt, Neal

The growing popularity of instant messaging (IM), especially among businesses, 
has made it an increasingly attractive target to phishers, malware authors, and 
other attackers. IMlogic CTO Jon Sakoda says IM attacks can propagate rapidly 
thanks to IM's real-time capabilities. Other factors encouraging IM attackers 
include a lack of safe computing practice among users; the false sense of 
security users feel due to IM's immediacy and informality; growing 
functionality and complexity of IM systems; and an absence of corporate IM-use 


==========> 05-07-00-TodaysEngr-VotingMachineStandardsMoveForward.txt==========

http://www.todaysengineer.org/2005/Jul/e-voting.asp

July 2005
Today's Enginieer
Voting Machine Standards Move Forward
by Terry Costlow

In contrast to Florida’s problems in 2000, voting in the 2004 election focused 
mainly on winners and losers, not on the process of casting and counting 
ballots. Today, engineers around the country are working together to develop 


==========> 05-07-01-SetworkMag-TrustedComputingArchitectures.txt==========

http://www.networkmagazine.com/shared/article/showArticle.jhtml;jsessionid=IQDNE
2T5P0K5UQSNDBCSKHSCJUMEKJVN?articleId=164901613&classroom=

Trusted Computing Architectures
By Andy Dornan
07/01/2005 12:00 AM EST
Network Magazine

Promise: Hardware security modules will help protect computers against 
malicious software. Users can check that their PCs haven't been compromised, 


==========> 05-07-07-GovtExec-LegislationToElevateCybersecurityPostMayDieInSenate.txt==========

http://www.govexec.com/story_page.cfm?articleid=31680&printerfriendlyVers=1&

DAILY BRIEFING July 7, 2005
Legislation to elevate cybersecurity post may die in Senate
Government Exec

By Greta Wodele and Randy Barrett, National Journal's Technology Daily
Legislation that would promote cybersecurity efforts within the Homeland 
Security Department could wither on the vine again this year, despite agreement 
among lawmakers, the private sector and government officials that the 


==========> 05-07-11-GovExec-GAO-DHSInformationSecurityPlansLacking.txt==========

http://www.govexec.com/dailyfed/0705/0701105p1.htm

July 11, 2005
DHS information security plans lacking, GAO says
By Daniel Pulliam
dpulliam@govexec.com
Government Executive

The Homeland Security Department has yet to establish an adequate information 
security program, congressional auditors found after spending nearly a year 


==========> 05-07-13-CompWorld-DHSReorgCreatesNewCybersecurityPosition.txt==========

http://www.computerworld.com/governmenttopics/government/story/0,10801,103174,00
.html

DHS reorganization creates new cybersecurity position
The move could mean more focus on cybersecurity issues
News Story by Grant Gross
ComputerWorld  		
	
JULY 13, 2005 (IDG NEWS SERVICE) - Cybersecurity will get a high-level champion 
at the U.S. Department of Homeland Security as part of a broad reorganization 


==========> 05-07-17-NYT-CorruptedPCsDiscardedInsteadOfCleaned.txt==========

http://www.nytimes.com/2005/07/17/technology/17spy.html

July 17, 2005
Corrupted PC's Find New Home in the Dumpster
By MATT RICHTEL and JOHN MARKOFF
NY Times

SAN FRANCISCO, July 15 - Add personal computers to the list of throwaways in 
the disposable society.



==========> 05-07-18-CNETNews-MoreSecurityAttacksComingFromNonUSLocations.txt==========

http://news.com.com/Between+phishers+and+the+deep+blue+sea/2100-7355_3-5790349.h
tml

Between phishers and the deep blue sea
By Dawn Kawamoto
CNET Networks
Story last modified Mon Jul 18 04:00:00 PDT 2005

Gavin Reid, trying to shut down a phishing Web site, found one thing was making 
the job that much harder: The attack was coming from India.


==========> 05-07-19-PCWorld-GAOtellsSenateRecoveryPlanNeedForInternetAttack.txt==========

http://www.pcworld.com/news/article/0,aid,121871,00.asp

Call for Homeland Security Cybersecurity Improvements
Recovery plan needed for widespread attack on the Internet, Senate committee 
told.
Grant Gross, IDG News Service
Tuesday, July 19, 2005
PC World

WASHINGTON -- The U.S. Department of Homeland Security needs to develop a 


==========> 05-07-21-OnLamp-ColinPercivalDiscussesSecurityThreats.txt==========

http://www.onlamp.com/pub/a/bsd/2005/07/21/Big_Scary_Daemons.html

Published on ONLamp.com (http://www.onlamp.com/)
Information Security with Colin Percival
by Michael W. Lucas
07/21/2005

Michael W. Lucas: Who is Colin Percival, and why should we listen to him?

Colin Percival: To the first question: I'm a visiting researcher at Simon 


==========> 05-07-25-eWeek-GridComputingGroupIssuesSecurityRequirements.txt==========

http://www.todaysengineer.org/2005/Jul/e-voting.asp

July 2005
Today's Enginieer
Voting Machine Standards Move Forward
by Terry Costlow

In contrast to Florida’s problems in 2000, voting in the 2004 election focused 
mainly on winners and losers, not on the process of casting and counting 
ballots. Today, engineers around the country are working together to develop 


==========> 05-07-25-eWeek-USBDriberBufferOverflowsProvideSecurityBreach.txt==========

# "USB Devices Can Crack Windows"
eWeek (07/25/05) Vol. 22, No. 29, P. 18; Roberts, Paul F.

By exploiting buffer-overflow vulnerabilities in USB drivers, hackers are 
gaining administrative access to 32-bit computers by programming a USB device 
to use the machine's vulnerable drive; although SPI Dynamics researchers tested 
Microsoft Windows environments, the vulnerability is most likely in all 
computers with USB access. The process allows a circumvention of application 
security measures. SPI has yet to inform Microsoft of the vulnerability and 
plans to submit its data at the upcoming Black Hat Briefings hacker conference. 


==========> 05-07-25-RedHerring-ITFirmsSeeLackOfLeadershipInCyberSecurityResearch.txt==========

http://www.redherring.com/Article.aspx?a=12901&hed=Companies+See+'Crisis'+in+R%2
6amp%3bD

Companies See 'Crisis' in R&D
IT firms sees a lack of leadership in cyber-security research.
July 25, 2005
Technology Daily

Information technology companies on Monday called on the U.S. government to 
boost funding and resources for cyber-security research and development.


==========> 05-07-26-TechDaily-ExpertsSayMoreMoneyNeededOnCyberSecurity.txt==========

http://www.redherring.com/Article.aspx?a=12919&hed=Experts+Warn+on+Cyber-Securit
y

Experts Warn on Cyber-Security
Experts say the U.S. needs to spend more money to protect itself from 
cyber-attacks.
July 26, 2005
Technology Daily

The United States remains frustratingly vulnerable to cyber-attack, and few 


==========> 05-07-27-CNETNews-ExpertsWarnAntiVirusSoftwareCouldBeSecurityRisk.txt==========

http://news.com.com/Insecurity+at+Black+Hat/2100-7355_3-5805750.html

Antivirus insecurity at Black Hat confab
By Joris Evers
CNET Networks
Story last modified Wed Jul 27 04:00:00 PDT 2005

Experts are warning that the popularity of antivirus software could turn the 
defensive measure into a security risk.



==========> 05-07-27-WashPost--ResearcherRevealsDetailsOfCiscoFlaw.txt==========

http://blogs.washingtonpost.com/securityfix/2005/07/black_hat_day_1.html

Brian Krebs on Computer Security
Black Hat Day 1: Update on Cisco-gate
Washington Post, July 27, 2005

LAS VEGAS, July 27 -- I promised earlier that I would follow up on this 
morning's pre-dawn post about one of the most eagerly awaited presentations 
here at Black Hat -- a talk to be given by Michael Lynn of Internet Security 
Systems about a previously undisclosed flaw purportedly present in nearly all 


==========> 05-07-27-WashPost--ThreatsIssuedAsResearcherRevealsDetailsOfCiscoFlaw.txt==========

http://blogs.washingtonpost.com/securityfix/2005/07/update_to_cisco.html

Black Hat Day 2: Peace Breaks Out
Brian Krebs on Computer Security
Black Hat: The Latest on Lynn and Cisco
Washington Post, July 27,2005

LAS VEGAS, July 27 -- The Michael Lynn story keeps getting more interesting. 
The computer security researcher lost his job at Internet Security Systems 
today after he briefed Black Hat conference attendees about a flaw in the 


==========> 05-07-28-CNETNews--LawsuitsFiledAsResearcherRevealsDetailsOfCiscoFlaw.txt==========

http://news.zdnet.co.uk/internet/security/0,39020375,39211011,00.htm

Cisco tries to silence researcher
Joris Evers
CNET News.com
July 28, 2005, 08:40 BST

Cisco and ISS have jointly filed for a restraining order to stop a researcher 
publishing more details on a flaw in the networking firm's kit that 'could 
bring the Internet to its knees'


==========> 05-07-28-CNETNews-SenateMovesTowardNewDataSecurityRules.txt==========

http://news.com.com/Senate+moves+toward+new+data+security+rules/2100-7348_3-5808
894.html

Senate moves toward new data security rules
By Declan McCullagh
CNET Networks
Story last modified Thu Jul 28 12:11:00 PDT 2005

WASHINGTON--U.S. politicians signaled Thursday that they were eager to enact 
security breach and data safeguard laws, a move that indicates new federal 


==========> 05-07-28-CompWorld-ResearcherAgreesToStopRevealingDetailsOfCiscoFlaw.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,103561,00.htm
l

Update: ISS researcher agrees to silence on Cisco flaws
Cisco plans to issue a security advisory 'within the next day'
News Story by Stephen Lawson and Robert McMillan
ComputerWorld 		
	
JULY 28, 2005 (IDG NEWS SERVICE) - A security researcher who gave a 
presentation on vulnerabilities in Cisco Systems Inc. routers at this week's 


==========> 05-07-28-NetworkWorld--ResearcherRevealsDetailsOfCiscoFlaw.txt==========

http://www.networkworld.com/news/2005/072805-cisco-black-hat.html?net&story=0728
05-cisco-black-hat

Furor over Cisco IOS router exploit erupts at Black Hat
By Ellen Messmer, Network World, 07/28/05

Although Cisco and Internet Security Systems had abruptly cancelled a planned 
technical talk and demo at the Black Hat Conference to reveal how unpatched 
Cisco routers can be remotely compromised, the researcher who had originally 
uncovered the problem went ahead with the talk anyway, igniting a spate of 


==========> 05-07-29-Reuters-BluetoothMakesCarSystemsVulnerableToViruses.txt==========

http://today.reuters.com/news/newsArticleSearch.aspx?storyID=222704+29-Jul-2005+
RTRS

Car computer systems at risk as viruses go mobile
Fri Jul 29, 2005 7:02 AM ET
By Tarmo Virki

HELSINKI, July 29 (Reuters) - Here's a new excuse for not getting to work on 
time on a Monday morning: My car caught a virus.



==========> 05-07-29-SJMerc-ResearcherAgreesToStopRevealingDetailsOfCiscoFlaw.txt==========

http://www.siliconvalley.com/mld/siliconvalley/12255870.htm

Posted on Fri, Jul. 29, 2005
Researcher, Cisco reach agreement
FLAW IN SOFTWARE A BONE OF CONTENTION
By Dan Lee
San Jose Mercury News

Cisco Systems reached an agreement Thursday with a defiant computer security 
researcher who said he would stop revealing the details of a serious flaw in 


==========> 05-07-29-SJSecFocus-ResearcherAgreesToStopRevealingDetailsOfCiscoFlaw.txt==========

http://www.securityfocus.com/news/11260

Settlement reached in Cisco flaw dispute
Robert Lemos, SecurityFocus 2005-07-29

LAS VEGAS -- A researcher who showed off a way to remotely compromise Cisco 
routers has to turn over all materials and agree not to further disseminate 
information on the flaws or the technique he used to run code on the popular 
network hardware.



==========> 05-07-31-NYT-SniffersLocateSecretsOnUnsecureSystems.txt==========

http://www.nytimes.com/2005/07/31/business/yourmoney/31hack.html

July 31, 2005
The Sniffer vs. the Cybercrooks
By GARY RIVLIN
NY Times

THE investment bank, despite billions in annual revenue and the small squadron 
of former police, military and security officers on its payroll, was no match 
for Mark Seiden.


==========> 05-08-00-CACM-SpywarePosesMultipleThreatsToSecurity.txt==========

Spyware: Why spyware poses multiple threats to security
Roger Thompson
August 2005 	  	
Communications of the ACM,  Volume 48 Issue 8 

Spyware is becoming a relentless onslaught from those seeking to capture and 
use private information for their own ends. Spyware is annoying and negatively 
impacts the computing experience. Even worse, there are real and significant 
threats to corporate and even national security from those who use and abuse 
spyware.


==========> 05-08-00-TodaysEngr-CongressToldUSFacingCybersecurityCrisis.txt==========

http://www.todaysengineer.org/2005/Aug/cybersecurity.asp

United States Facing Cyber Security Crisis, Experts Tell Capitol Hill Briefing, 
As IEEE-USA Prepares New Position Statement
Today's Engineer, August 2005
by Barton Reppert

The nation’s information technology (IT) infrastructure is “highly vulnerable 
to terrorist and criminal attacks,” and a White House-appointed expert panel 
has concluded that “the federal government needs to fundamentally improve its 


==========> 05-08-01-Wired-InterviewWithResearcherWhoRevealedDetailsOfCiscoFlaw.txt==========

http://www.wired.com/news/print/0,1294,68365,00.html

Router Flaw Is a Ticking Bomb 
By Kim Zetter
Wired
02:00 AM Aug. 01, 2005 PT

LAS VEGAS -- Security researcher Mike Lynn roiled the Black Hat conference 
Wednesday when he resigned from his job at Internet Security Systems to deliver 
a talk about a serious vulnerability in Cisco IOS, the operating system 


==========> 05-08-02-NetWorld-GoogleCanBeUsedToFindSitesToIntrude.txt==========

http://www.networkworld.com/news/2005/080205-black-hat-google.html

Google now a hacker's tool
By Robert McMillan, IDG News Service, 08/02/05
Network World

Somewhere out on the Internet, an Electric Bong may be in danger. The threat: a 
well-crafted Google query that could allow a hacker to use Google's massive 
database as a resource for intrusion.



==========> 05-08-03-CNETNews-ManyDNSServersVulnerableToDNSCachePoisoning.txt==========

http://news.com.com/DNS+servers--an+Internet+Achilles+heel/2100-7349_3-5816061.h
tml

DNS servers--an Internet Achilles' heel
By Joris Evers
Story last modified Wed Aug 03 04:00:00 PDT 2005
CNET News

Hundreds of thousands of Internet servers are at risk of an attack that would 
redirect unknowing Web surfers from legitimate sites to malicious ones.


==========> 05-08-03-eWeek-SpeakerVerificationCouldProvideComputerSecurity.txt==========

http://www.eweek.com/article2/0,1759,1843562,00.asp

Speech Verification Secures More Enterprise Apps
By Bill Dyszel
August 3, 2005 	
eWeek

NEW YORK—Speech recognition is becoming widely adopted by business with wildly 
variable results, but one productive use of the technology is speaker 
verification—the use of a voice print to replace typed passwords and PIN 


==========> 05-08-03-Slashdot-CiscoWebsiteMayRequireNewPassword.txt==========

http://it.slashdot.org/comments.pl?sid=158017&cid=13236875

Slashdot
by daveschroeder (516195) * <das@@@doit...wisc...edu> on Wednesday August 03, 
@09:52PM (#13236875)
(http://das.doit.wisc.edu/)
From: Kim Christensen (kichrist) [mailto:kichrist@cisco.com%5D [mailto]
Sent: Wednesday, August 03, 2005 11:58 AM
Subject: CISCO - CCO Passwords



==========> 05-08-04-CNETNews-ComputerWormsCouldDodgeTraps.txt==========

http://news.com.com/Worms+could+dodge+Net+traps/2100-7349_3-5819293.html

Worms could dodge Net traps
By Anne Broache
Story last modified Thu Aug 04 16:24:00 PDT 2005
CNET News

BALTIMORE--Future worms could evade a network of early-warning sensors hidden 
across the Internet unless countermeasures are taken, according to new research.



==========> 05-08-04-SecFocus-GameMeasuresHackingSkill.txt==========

http://www.securityfocus.com/news/11269

Annual hacking game teaches security lessons
Robert Lemos, SecurityFocus 2005-08-04

LAS VEGAS -- The weekend-long Capture the Flag tournament stressed code 
auditing as a measure of hacking skill this year, a move that emphasized more 
real-world skills, but not without controversy.

“ The game required skills that are also required by both security researchers 


==========> 05-08-04-Stanford-ResearchersExtendBrowserToHelpProtectPasswords.txt==========

http://www.stanforddaily.com/tempo?page=content&id=17704&repository=0001_article

Students work to protect passwords
Computer science researchers hope to stump hackers
Stanford Daily
By Rose Jenkins, Contributing Writer
Thursday, August 4, 2005, last updated August 4, 2005 1:35 AM

Aware of the rampant growth of high-profile online information thefts, a team 
of Stanford computer science researchers said they feel that there is clearly a 


==========> 05-08-04-WashPost-VeriSignUsesExtremeSecurityMeasures.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2005/08/04/AR2005080400429.
html

Under Siege in Dulles By New-Generation Hackers
By Leslie Walker
Thursday, August 4, 2005; D01
Washington Post

Sometime last year, the cat and mouse switched places on the Internet.



==========> 05-08-05-Reuters-WirelessNetworksAreEasyPickingsForHackers.txt==========

http://today.reuters.com/news/newsArticleSearch.aspx?storyID=203654+05-Aug-2005+
RTRS

PluggedIn: Wireless networks -- easy pickings for hackers
Fri Aug 5, 2005 2:21 PM ET
By Andy Sullivan

LAS VEGAS, Aug 5 (Reuters) - Wireless Internet users may not know that it's 
easy for outsiders to read their email or scoop up passwords or other sensitive 
information.


==========> 05-08-09-InvestBusdaily-CriticsSayComputerSecurityStillLags.txt==========

# "Critics Say Security Still Lags"
Investor's Business Daily (08/09/05) P. A4; Howell, Donna

Internet and computer security continues to face heavy criticism four years 
after Sept. 11, with industry organizations and the Government Accountability 
Office (GAO) urging the allocation of more federal resources to tech security. 
A CSO magazine poll of 389 security professionals finds that roughly 59 percent 
of respondents doubt the government can secure the U.S. information 
infrastructure, while 45 percent expect hackers or terrorists to launch the 
digital equivalent of a Pearl Harbor-style attack against the nation's critical 


==========> 05-08-11-CompWorld-NewEnergyBillHasCybersecurityRepercussions.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,103834,00.htm
l

New energy bill has cybersecurity repercussions
Power companies will need to meet a host of new standards
News Story by Thomas Hoffman

AUGUST 11, 2005 (COMPUTERWORLD) - The new energy bill signed into law by 
President Bush this week is expected to have the greatest impact on IT 
departments at power companies because it allows federal enforcement of 


==========> 05-08-11-CompWorld-USDHSHeadChertoff-BusinessNeedToFocusOnCybersecurity.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,103827,00.htm
l

DHS head: Businesses need to focus on cybersecurity
Chertoff also calls for incentives to private sector
News Story by Grant Gross

AUGUST 11, 2005 (IDG NEWS SERVICE) - WASHINGTON -- The U.S. Department of 
Homeland Security will focus significant efforts on cybersecurity and on 
working with private vendors to develop technologies designed to provide 


==========> 05-08-15-FedCompWeek-NISTCreatesOnLineCybersecurityDatabase.txt==========

http://www.fcw.com/article89911-08-15-05

NIST creates online treasure trove of security woes
BY Rutrell Yasin
Published on Aug. 15, 2005
Federal Computer Week

The National Institute of Standards and Technology has launched a comprehensive 
cybersecurity database that is updated daily with the latest information on 
vulnerabilities in popular products.


==========> 05-08-17-Reuters-NewVirusesAttackABCNewsComputers.txt==========

http://today.reuters.com/news/newsArticle.aspx?type=technologyNews&storyID=2005-
08-17T200311Z_01_HO683966_RTRIDST_0_TECH-VIRUS-DC.XML

Computer virus writers moving faster with attacks
Wed Aug 17, 2005 4:03 PM ET11
By Spencer Swartz

SAN FRANCISCO (Reuters) - U.S. media companies and other corporations hit by a 
wave of computer viruses this week said business was back to normal on 
Wednesday, but analysts warned the attacks showed hackers have gained a 


==========> 05-08-18-ABCNews-WarOfWormsLaunchesLatestCyberAttack.txt==========

http://abcnews.go.com/Technology/story?id=1046002&page=1

ABC News
'War of the Worms' Spurs Latest Cyber-Attack
Security Experts Say Criminal Gangs Battling for Robotic Control of the Net
By MICHAEL S. JAMES

Aug. 18, 2005 - The computers that crashed at ABC News and other media outlets 
may have been caught in the crossfire of a virtual "war of the worms" between 
rival criminal gangs waging a cyberspace turf war.


==========> 05-08-22-CSMonitor-HackerSoftwareFightsHackerSoftware.txt==========

http://search.csmonitor.com/search_content/0822/p01s01-stct.html

from the August 22, 2005 edition
Hacker underground erupts in virtual turf wars
A chain of warring virus attacks last week fits an emerging trend.
By Peter N. Spotts | Staff writer of The Christian Science Monitor

In the early days of computer attacks, when bright teens could bring down 
corporate systems, the point was often to trumpet a hacker's success. No longer.



==========> 05-08-22-InvestBusDaily-DataBreachesInspireCongressionalAction.txt==========

# "High-Profile Online Data Thefts Irk Pols"
Investor's Business Daily (08/22/05) P. A4; Deagon, Brian

The recent spate of highly publicized data breaches compromising the personal 
and financial information of millions of Americans has incited the third piece 
of congressional legislation addressing the issues of data protection and 
disclosure since April. The Personal Data Privacy and Security Act of 2005 
specifically targets data brokers, which often serve as intermediaries to banks 
when processing credit card transactions. Following two other legislative 
proposals regarding data security, the new bill also takes a cue from the many 


==========> 05-08-23-NewsFact-IncreasingInternetSecurityMightUndermineInfrastructure.txt==========

http://www.newsfactor.com/story.xhtml?story_id=12000002P47C

What Price Homeland Security?
What Price Homeland Security? By Jack M. Germain
August 23, 2005 10:00AM

The problem with making the Internet more secure is that the process requires 
that computer engineers bolt on yet more layers of new functions. The act of 
strengthening the infrastructure, then, might actually further stress what 
holds it together.


==========> 05-08-24-InfoWeek-CyberIncidentDetectionAndDataAnalysisCentersWarnsOnCybersecurity.txt==========

http://www.informationweek.com/story/showArticle.jhtml;jsessionid=V11A5XLCSW0NUQ
SNDBOCKHSCJUMEKJVN?articleID=170000319

New Cybersecurity Center To Warn Law Enforcement Of Critical Infrastructure 
Attacks
Several businesses and organizations are testing a new process for anonymously 
sharing cyberthreat and attack data with their peers and government agencies 
without being subject to law-enforcement audits.
By Larry Greenemeier,  InformationWeek
Aug. 24, 2005


==========> 05-08-25-WashPost-AttacksOnUnclassifiedUSGovernmentSitesComingFromChina.txt==========

"Hackers Attack Via Chinese Web Sites"
Washington Post (08/25/05) P. A1; Graham, Bradley; Eggen, Dan

Hackers have been focusing attacks on hundreds of unclassified U.S. government 
systems through Chinese Web sites for several years, reported anonymous 
government officials. Analysts are split on whether these intrusions are the 
work of a coordinated Chinese government initiative to breach U.S. networks and 
monitor government databanks, or other hackers using Chinese networks to mask 
the attacks' point of origin. "This is an ongoing, organized attempt to siphon 
off information from our unclassified systems," said one official, who noted 


==========> 05-08-26-LosAlamosMon-LANLComputersWithstandDailyCyberAttacks.txt==========

# "LANL Computers Weather Daily Cyber Assaults"
Los Alamos Monitor (NM) (08/26/05); Snodgrass, Roger

Los Alamos National Laboratory (LANL) runs 25,000 computers that process 850GB 
of data in 20 million legitimate sessions per day. Up to 15 million malicious 
sessions occurred during peak traffic between May and mid-August with more than 
90% of weekend activity coming from malicious sources, according to LANL 
statistics. Security consists of firewall networks for public areas and 
compartmentalization for its classified network with passwords 
cryptographically generated and used one time. Other key security is user 


==========> 05-08-27-GovtCompNews-DHSTakingCrossSectorApproachToCyberSecurity.txt==========

http://www.gcn.com/vol1_no1/daily-updates/36739-1.html

DHS looks at bigger picture for infrastructure protection R&D
By Alice Lipowicz, Contributing Staff Writer
Gov't Computer News
Saturday August 27, 2005

The Homeland Security Department is taking a cross-sector approach to 
protecting the nation’s critical infrastructure in a new national R&D plan 
released this week.


==========> 05-08-29-CompWorld-DistanceDetectionMayHelpSecureWiFi.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,104242,00.htm
l

Distance detection may help secure Wi-Fi
News Story by Stephen Lawson
ComputerWorld

AUGUST 29, 2005 (IDG NEWS SERVICE) - Intel Corp. is developing a way to locate 
a Wi-Fi user by timing how long it takes for packets to travel to and from a 
wireless access point, which could prevent users outside a house or office from 


==========> 05-08-29-InfoWeek-CybersecurityThreatsGetNastierAndDoneForFinancialGain.txt==========

# "The Threats Get Nastier"
InformationWeek (08/29/05) No. 1053, P. 34; Claburn, Thomas; Garvey, Martin J.

Business technology and security professionals are confident their IT systems 
are adequately protected against cyberthreats, according to InformationWeek 
Research's U.S. Information Security Survey 2005, but this attitude belies the 
fact that worms, viruses, and other forms of malware are more insidious and 
dangerous than ever. The recent Zotob worm epidemic shows that such threats 
have not gone away, while the motivation behind such attacks has shifted from 
bragging rights to financial gain. The most common types of security threats 


==========> 05-08-30-ITObserver-TheFutureOfComputerWorms.txt==========

http://www.ebcvg.com/articles.php?id=863

The Future of Computer Worms
Author: David Sancho, Senior AV Research Engineer, Trend Micro
Tuesday, 30 August 2005, 11:58 GMT
IT Observer

The current trend in worms seems to go the bot route. Bots-programs that 
operate as an agent for a user or another program-are most often seen as 
malware and keep attacking unsuspected users in surprisingly high numbers. This 


==========> 05-09-00-CACM-DataSecurityAndGovernmentRegulations.txt==========

Data security in the age of compliance
Teri Robinson
September 2005 	  	
netWorker,  Volume 9 Issue 3 

In the post-Enron era, IT departments are under intense pressure not only to 
keep data safe, but to satisfy a host of new government-imposed security 
regulations

It is often said that the technology industry loves an acronym—give an industry 


==========> 05-09-00-CardTech-ElectronicPassportsDebutAmidSecurityConcerns.txt==========

# "E-Passports Debut, and Not Everyone Is Cheering"
Card Technology (09/05) Vol. 10, No. 9, P. 14; Davis, Donald

The global deployment of electronic passports that use contactless smart card 
technology to carry biometric identifiers has provoked concern about security, 
interoperability, and cost. The ACLU pointed out e-passports' vulnerability to 
data skimming, which prompted the U.S. government to re-assess its position on 
basic access control that would require a passport's data page to be opened and 
scanned before the contactless chip can be read, thus creating a unique 
cryptographic key that prevents the reading of a traveler's passport without 


==========> 05-09-00-SoftDev-SecuritySoftwareASourceOfAttacks.txt==========

http://www.sdmagazine.com/documents/s=9863/sdm0509a/0509a.html

Software Development
September 2005
False Protection
We count on firewalls and antivirus tools to keep our industry afloat. What if 
the cure is worse than the disease?
By Laurie O'Connell

Don't worry about defending your operating system—first, check your security 


==========> 05-09-02-CompWorld-TrevorBarrBelievesChaosWillRuleInternetIn2010.txt==========

http://www.computerworld.com.au/index.php?id=949860093

Chaos to rule Internet in 2010
Michael Crawford
ComputerWorld
02/09/2005 08:10:34

Chaos will rule the Internet in 2010 as spam, viruses and fraudulent e-mails 
continue to cause havoc, according to Professor Trevor Barr, user environments 
program manager at Swinburne University of Technology.


==========> 05-09-02-ZDNetAus-MSClaimsSecureDevelopmentSuccess.txt==========

# "Microsoft Claims Secure Development Success"
ZDNet Australia (09/02/05); LeMay, Renai

Microsoft says its Security Development Lifecycle (SDL), created to ensure that 
developers are writing secure code, is showing early indications of success. 
The program was developed in the wake of a series of publicized 
vulnerabilities, and Microsoft's Rick Samona notes that each of the company's 
server and commercial products must meet SDL requirements before it can be 
released; he cites Internet Information Services 6 and the SQL database server 
as principal SDL success stories. The implementation of SDL was not easy, as it 


==========> 05-09-05-NetWorld-UsingGoogleToFacilitateHacking.txt==========

http://www.networkworld.com/news/2005/090505-google-hacking.html?t5&story=home1

Google hacking
What started as a joke builds into a movement.
By Robert McMillan, Network World, 09/05/05

Google hacking illustrationJohnny Long says he has never met a Google employee. 
And yet he is at the center of a community of security experts and search 
engine enthusiasts that might be developing some of the most interesting uses 
of Google technology today.


==========> 05-09-05-Time-StoppingChineseCyberspies.txt==========

http://www.time.com/time/magazine/article/0,9171,1098961,00.html

D.A. PETERSON FOR TIME
WHO'LL STOP THE RAIN: Shawn Carpenter at his Maryland home
The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them)
An exclusive look at how the hackers called TITAN RAIN are stealing U.S. secrets
By NATHAN THORNBURGH
From the Sep. 05, 2005 issue of TIME magazine

Posted Monday, Aug. 29, 2005


==========> 05-09-07-CNETNews-BugHuntersAndSoftwareFirmsInUneasyAlliance.txt==========

http://news.com.com/Bug+hunters%2C+software+firms+in+uneasy+alliance/2100-1002_3
-5846019.html

Bug hunters, software firms in uneasy alliance
By Marguerite Reardon
CNET News
[Accessed Sept. 7, 2005]

Tom Ferris is walking a fine line. He could be Microsoft's friend or foe.



==========> 05-09-07-SecFocus-ResearcherIdentifiesICMPSecurityIssues.txt==========

http://online.securityfocus.com/news/11306

Big debate over small packets
Robert Lemos, SecurityFocus 2005-09-07
Fernando Gont is nothing if not tenacious.

“ Some people say 'this is old stuff.'But they miss a very important point: 
While these attacks have been know to many people for many years, there have 
never been proposals on how to deal with them. ”



==========> 05-09-09-ZDNet-MacUsersMustWakeUpToSecurity.txt==========

http://www.zdnet.com.au/news/security/soa/Mac_community_must_wake_up_to_security
/0,2000061744,39210762,00.htm

Mac community must wake up to security
Munir Kotadia, ZDNet Australia
September 09, 2005

Apple Macintosh users believe they are immune from security problems and need 
to wake up to the potential of attack -- before they are rudely awoken by a 
destructive piece of malware.


==========> 05-09-10-NewSci-BiometricsCarriesRisksAsWellAsRewards.txt==========

# "ID Revolution--Prepare to Meet the New You"
New Scientist (09/10/05) Vol. 187, No. 2516, P. 26; Biever, Celeste

Biometrics technologies are soon expected to become the primary form of 
personal identification, but this revolutionary development carries risks as 
well as rewards. For example, fingerprint scanners can eliminate PC users' need 
to memorize passwords and enable people without social security numbers to bank 
safely, but they can be fooled by duplicated or "spoofed" fingerprints and may 
not record a clear print from fingers that are dirty, bruised, cut, callused, 
or sweaty. Even more problematic is comparing prints to existing scans to 


==========> 05-09-12-CompWorld-NewSoftwareCanDefendAgainstHighSpeedWorms.txt==========

http://www.computerworld.com/softwaretopics/software/story/0,10801,104480,00.htm
l

Fleet-Footed Worm Blocker
Software can detect and defend against worms in network traffic at lightning 
speed.
News Story by Gary H. Anthes

SEPTEMBER 12, 2005 (COMPUTERWORLD) - Horizon AwardsJust before 5:30 GMT on 
Saturday, Jan. 25, 2003, the Slammer worm crawled into the Internet. The 


==========> 05-09-12-OReilly-NextFiftyYearsOfCybersecurity-AlanCoxInterview.txt==========

http://www.oreillynet.com/pub/a/network/2005/09/12/alan-cox.html

The Next 50 Years of Computer Security: An Interview with Alan Cox
by Edd Dumbill
09/12/2005
O'Reilly Media

Author's note: Alan Cox needs little introduction--most will know him for his 
long-standing work on the Linux kernel (not to mention his appreciation and 
promulgation of the Welsh language among hackers). Cox is one of the keynote 


==========> 05-09-13-WashPost-TeenPleadsGuiltyToHackingParisHiltonCellPhone.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2005/09/13/AR2005091301423_
pf.html

Teen Pleads Guilty to Hacking Paris Hilton's Phone
By Brian Krebs
washingtonpost.com Staff Writer
Tuesday, September 13, 2005; 5:56 PM

A Massachusetts teenager has pleaded guilty to hacking into the cell-phone 
account of hotel heiress and Hollywood celebrity Paris Hilton, a high-profile 


==========> 05-09-14-SearchSec-DangerTheoryCouldAidIntrusionDetection.txt==========

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1124452,0
0.html

A human connection to intrusion detection
By Niall McKay, Contributor
14 Sep 2005 | SearchSecurity.com

Increasingly, security experts are looking to the human body for inspiration on 
how to deal with computer viruses. Why not? After all, the body has developed 
complex security systems to keep it safe from disease over millions of years.


==========> 05-09-15-CIOMag-GlobalStateOfInformationSecurity2005.txt==========

http://www.cio.com/archive/091505/global.html

GLOBAL SECURITY
The Global State of Information Security 2005
A worldwide study by CIO and PricewaterhouseCoopers reveals a digital landscape 
ablaze, with thousands of security leaders fighting the flames. But amid the 
uncertainty and crisis management, there’s an oasis of strategic thinking.
BY SCOTT BERINATO WITH RESEARCH EDITOR LORRAINE COSGROVE WARE
CIO Magazine, Sept. 15, 2005



==========> 05-09-16-PCWorld-CongressWondersIfCrucialNetworksAreProtected.txt==========

http://www.pcworld.com/news/article/0,aid,122574,00.asp

Is the U.S. Protecting Crucial Networks?
Businesses say power grids, communications are secure--but Congress wonders if 
we're really safe.
Grant Gross, IDG News Service
Friday, September 16, 2005

WASHINGTON -- While lawmakers decried a lack of concern in the U.S. about 
cybersecurity issues at a hearing Thursday, representatives of power, 


==========> 05-09-16-SJMerc-AudioRecordingsOfKeystrokesYieldUsersInput.txt==========

http://www.siliconvalley.com/mld/siliconvalley/12662937.htm

Posted on Fri, Sep. 16, 2005
Tuning in to passwords
AUDIO RECORDINGS OF KEYSTROKES YIELD TRANSCRIPT OF USER'S INPUT
By Karl Schoenberger
Mercury News

Many people have heard of keyboard sniffing, in which someone sneaks software 
into your computer and monitors e-mail or documents. Now researchers warn of 


==========> 05-09-18-LATimes-ManyTypesOfKeystrokeMonitoringSchemesAvailable.txt==========

http://www.latimes.com/business/la-fi-keyloggers18sep18,0,4753197.story

Now, Every Keystroke Can Betray You
By Joseph Menn
Times Staff Writer
September 18, 2005

Bank customers know to shield their ATM passwords from prying eyes. But with 
the rise of online banking, computer users may not realize electronic snoops 
might be peeking over their shoulder every time they type.


==========> 05-09-23-ChronHigherEd-CollegeStudentsAttendCybersecurityBootCamp.txt==========

"Basic Training for Anti-Hackers"
Chronicle of Higher Education (09/23/05) Vol. 52, No. 5, P. A41; Carnevale, Dan

The threat of terrorists penetrating computer networks and wreaking havoc 
prompted the creation of the Cyber Security Boot Camp, an intense 10-week 
summer program hosted by the U.S. Air Force and Syracuse University in which 
participating college students study and practice hacking so that they may 
learn how to defend against cyberattacks. Air Force Research Laboratory 
computer engineer Kamal Jabbour says the goal of the program goes far beyond 
making these cyber-defenders technically proficient: He wants them to become 


==========> 05-09-26-InfoWorld-TheEscalatingCybersecurityArmsRace.txt==========

http://www.infoworld.com/article/05/09/26/39FEattack_1.html

IT under siege: The security arms race
The enterprise's security defense must get more sophisticated to stop 
criminal-minded attackers who are out for high stakes -- money and identities
By  Roger A. Grimes
InfoWorld, September 26, 2005

The security arms race is escalating to unprecedented levels and has security 
professionals more nervous -- and more vigilant -- than ever.


==========> 05-09-27-CompWorld-RepLungrenWontRuleOutCybersecurityRegulation.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,104984,00.htm
l

Lawmaker doesn't rule out cybersecurity regulation
News Story by Grant Gross
ComputerWorld  		
	
SEPTEMBER 27, 2005 (IDG NEWS SERVICE) - WASHINGTON -- A key U.S. lawmaker 
focused on cybersecurity said today that he prefers to stay away from new 
government regulations to ensure Internet safety, but he didn't rule them out, 


==========> 05-09-30-USACM-CyberCrimeOnRise.txt==========

=============================================================
                     ACM Washington Update
                           Vol. 9.9
                       30 September 2005
=============================================================

[5] CYBERCRIME ON THE RISE

A recent Internet security report revealed significant increases in Internet 
related crime, or cybercrime.  The report, released by Symantec Corp., examined 


==========> 05-09-30-USACM-SneateJudiciaryCommitteeHoldsHearings.txt==========

=============================================================
                     ACM Washington Update
                           Vol. 9.9
                       30 September 2005
=============================================================

[3] SENATE JUDICIARY COMMITTEE:  BUSY AND IN THE SPOTLIGHT

Chairman Arlen Specter's (R-Pa.) Judiciary Committee has been a major focus of 
attention in recent weeks.  Besides managing one Supreme Court nomination so 


==========> 05-10-05-NYT-InnundatingSystemWithTextMesageSpamCouldDisableCellPhones.txt==========

http://www.nytimes.com/2005/10/05/technology/05phone.html

October 5, 2005
Text Hackers Could Jam Cellphones, a Paper Says
By JOHN SCHWARTZ
The New York Times

Malicious hackers could take down cellular networks in large cities by 
inundating their popular text-messaging services with the equivalent of spam, 
said computer security researchers, who will announce the findings of their 


==========> 05-10-07-NIST-ThreatAnalysisWorkshop.txt==========

Subject: NIST Threat Analysis Workshop

August 22, 2005
Dear Members of the Election, Voting System, and Risk Assessment
Communities,

The National Institute of Standards and Technology (NIST) will host a
full-day workshop in Gaithersburg, Maryland, on 07 Oct 2005 entitled
"Developing an Analysis of Threats to Voting Systems."



==========> 05-10-10-CNETNews-WillUSCybersecurityBecomeNextFEMA-LikeDisaster.txt==========

http://news.zdnet.com/2100-1009_22-5891219.html?tag=nl.e589

U.S. cybersecurity due for FEMA-like calamity?
By Declan McCullagh, and Anne Broache, CNET News.com
Published on ZDNet News: October 10, 2005, 4:00 AM P

In the wake of Hurricane Katrina, the Federal Emergency Management Agency has 
been fending off charges of responding sluggishly to a disaster.

Is the cybersecurity division next?


==========> 05-10-13-InfoWorld-VoIPMayHaveSecurityVulnerabilities.txt==========

http://www.infoworld.com/article/05/10/13/42FEvoipsec_1.html

VoIP may be vulnerable to barrage of threats
Separating voice from data traffic on the LAN ranks high among precautions
By  Leon Erlanger
Info World, October 13, 2005

Is enterprise VoIP (voice over IP) due for a security wakeup call or are the 
threats mostly exaggerated? It depends on who’s talking.



==========> 05-10-17-eWeek-CybersecurityThreatsGetMoreSophisticated.txt==========

http://www.eweek.com/article2/0,1759,1871414,00.asp

As Threats Evolve, Defenses Must Adapt
October 17, 2005
By Paul F. Roberts
eWeek

It's Monday: time to pay your monthly credit card bill. A tech-savvy consumer, 
you log on, open your Web browser and surf to MBNA. com, a site run by the bank 
that issued your card. Once there, you enter your user name and password, 


==========> 05-10-19-WashTech-HurricanesPostponeDHSCyberStormExercise.txt==========

http://www.washingtontechnology.com/news/1_1/daily_news/27222-1.html

10/19/05
Mother Nature’s storms postpone DHS' Cyber Storm
By Wilson P. Dizard III
Contributing Staff Writer
Washington Technology

The Homeland Security Department’s Cyber Storm exercise, consisting of a 
virtual attack on the nation, has been pushed back from November to February 


==========> 05-10-20-Wired-ShouldProgrammersBeHeldResponsibleForTheCodeTheyWrite.txt==========

http://www.wired.com/news/privacy/0,1848,69247,00.html?tw=wn_tophead_3

Sue Companies, Not Coders 
By Bruce Schneier
Wired
02:00 AM Oct. 20, 2005 PT

At a security conference last week, Howard Schmidt, the former White House 
cybersecurity adviser, took the bold step of arguing that software developers 
should be held personally accountable for the security of the code they write.


==========> 05-10-27-NJTechDaily-CyberSecurityIndustryAllianceUrgesWhiteHousePriority.txt==========

http://www.govexec.com/story_page.cfm?articleid=32680&dcn=e_gvet

October 27, 2005
White House urged to make cybersecurity a priority
By Danielle Belopotosky, National Journal's Technology Daily

Cybersecurity should be a White House priority and the military ought to better 
coordinate with the private sector to protect the nation's infrastructure, 
experts Thursday told a House Armed Services subcommittee.



==========> 05-10-28-CompWorld-IBMResearchersDevelopWhiteListApproachToUnknownPrograms.txt==========

http://www.computerworld.com/softwaretopics/software/story/0,10801,105776,00.htm
l

IBM researchers take Axe to computer security
The Assured Execution Environment strictly controls what runs on a computer
News Story by Robert McMillan
ComputerWorld 		
	
OCTOBER 28, 2005 (IDG NEWS SERVICE) - Researchers at IBM's Almaden Lab have 
developed a way to keep those nasty worms and viruses from running on 


==========> 05-10-28-SJMerc-WebBankingToGetSecurityUpgrades.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13023326.htm

Posted on Fri, Oct. 28, 2005
Web banking to get significant security upgrade
Mercury News

BOSTON (AP) - If you do banking over the Internet, generally the drill is 
pretty simple: You enter your user name and password, and away you go.

But behind the scenes, the bank can do a lot to check you out: Are you at your 


==========> 05-10-29-NewSci-AttacksOnQuantumComputersInevitable.txt==========

# "Attack of the Quantum Worms"
New Scientist (10/29/05) Vol. 188, No. 2523, P. 30; Anderson, Mark

Researchers say the emergence of quantum malware is an inevitability, but only 
recently has serious debate about protecting computers from such programs 
started, compared to the decades of research and billions of dollars already 
committed to quantum computer development. Quantum computers have yet to be 
fully realized, but a "quantum Internet" comprised of optical fiber and free 
space point-to-point networks dedicated to channeling quantum information 
already exists. This prompted University of Toronto researchers Lian-Ao Wu and 


==========> 05-10-31-eWeek-MSProjectsShowSeriousAboutSecurity.txt==========

http://www.eweek.com/article2/0,1895,1879502,00.asp

Microsoft's Blue Hat Shows It's Serious About Security
October 31, 2005
By Paul F. Roberts
eWeek

For critics of Microsoft Corp.'s software, 2003 was a very good year. The 
appearance of the Slammer and Blaster worms was evidence—if any were 
necessary—that things had gone badly awry at the Redmond, Wash., software giant.


==========> 05-10-31-USACM-USACMChairWarnsAgainstUnderfundingResearch.txt==========

=============================================================
                    ACM Washington Update
                         Vol. 9.10
                      31 October 2005
=============================================================

[2] USACM CHAIR WARNS AGAINST UNDERFUNDING CYBERSECURITY RESEARCH

Last week the House Armed Services Committee convened a hearing entitled "The 
Asymmetric and Unconventional Threats" to discuss issues related to 


==========> 05-11-00-CACM-DetectionAndPreventionOfStackBufferOverflowAttacks.txt==========

Detection and prevention of stack buffer overflow attacks
Benjamin A. Kuperman, Carla E. Brodley, Hilmi Ozdoganoglu, T. N. Vijaykumar, 
Ankit Jalote
November 2005 	  	
Communications of the ACM,  Volume 48 Issue 11 

How to mitigate remote attacks that exploit buffer overflow vulnerabilities on 
the stack and enable attackers to take control of the program.

The July 2005 announcement by computer security researcher Michael Lynn at the 


==========> 05-11-00-EETimes-MetcalfOnTheInternet-SecurityAndSpam.txt==========

http://www.eetasia.com/ARTICLES/2005NOV/C/2005NOV_INT_WK4.HTM

Ethernet's inventor sounds off
By Patrick Mannion
EE Times
Nov. 2005

So, what about Bob? Engineer-scientist, early Internet developer, Ethernet 
inventor, entrepreneur, pundit, a man who eats his own words-and, now, a 
venture capitalist: Bob Metcalfe has seen it all in 40 years on the front lines 


==========> 05-11-01-CNETNews-USConsidersNewDigitalSignatureStandard.txt==========

http://news.com.com/U.S.+mulls+new+digital+signature+standard/2100-1029_3-592498
2.html?tag=nefd.lede

U.S. mulls new digital-signature standard
By Declan McCullagh Staff Writer, CNET News.com
Published: November 1, 2005, 4:00 AM PST 
Story last modified Tue Nov 01 04:00:00 PST 2005

GAITHERSBURG, Md.--A team of Chinese scientists shocked the data security world 
this year by announcing a flaw in a widely used technique used to create and 


==========> 05-11-04-SJMerc-ArrestInZombieNetworkCase.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13082458.htm

Posted on Fri, Nov. 04, 2005
Man charged with creating powerful zombie network
Marcury News

LOS ANGELES (AP) - A 20-year-old man was arrested on charges of spreading 
viruses to almost 400,000 military and other computers, letting him put 
``armies'' of electronics under his control.



==========> 05-11-07-CNETNews-DHSCybersecurityPlanIsVague.txt==========

http://news.com.com/Homeland+Securitys+vague+cyber+plan/2100-7348_3-5937715.html

Homeland Security's vague cyber plan
By Anne Broache
Staff Writer, CNET News.com
Published: November 7, 2005, 11:00 AM PST

A preliminary report released by the Department of Homeland Security seems to 
scatter cybersecurity responsibilities across the government and the private 
sector while sticking to generalities about future plans.


==========> 05-11-07-ISTResults-SecurityAndPrivacyIssuesInMobileCommunications.txt==========

http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Feat
ures/ID/79247

Enhancing mobile security
Nov. 7, 2005
IST Results

Security and privacy, increasingly issues for mobile communications’ users 
Security and privacy are increasingly an issue for mobile communications’ 
users. Two European projects assessed ways of improving security and their 


==========> 05-11-10-SearchDec-TrojansTargetSonyRootkitDRMAndWindowsGraphics.txt==========

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1144441,0
0.html

Trojans target Sony DRM and Windows
By Bill Brenner, News Writer
10 Nov 2005 | SearchSecurity.com

There's double trouble in cyberspace for those affected by Sony's rootkit-laced 
digital rights management (DRM) system and the Graphics Rendering Engine flaw 
in Windows. Security researchers are tracking two Trojan horse programs that 


==========> 05-11-10-Sophos-TrojanHorseExploitsSonyDRMCopyProtection.txt==========

http://www.sophos.com/pressoffice/news/articles/2005/11/stinxe.html

10 November 2005
Sophos
Trojan horse exploits Sony DRM copy protection vulnerability
Sophos issues tool to detect and disable "cloaking" flaw exploited by Trojans
Music CD
The Trojan horse exploits a vulnerability introduced by Sony's CD copy 
protection software.



==========> 05-11-14-Felten-SonyRootkitUninstallerOpensBigSecurityHole.txt==========

http://www.freedom-to-tinker.com/?p=926

Freedom to Tinker
… is your freedom to understand, discuss, repair, and modify the technological 
devices you own.
« Sony Shipping Spyware from SunnComm, Too
Sony’s Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs »
Don’t Use Sony’s Web-based XCP Uninstaller
Monday November 14, 2005 by Ed Felten



==========> 05-11-14-InfoWeek-ITProsBeingTrainedToThinkLikeHackers.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=173602121&tid=6
004

It Takes A Hacker To Catch One
As malicious hacking grows, the industry fights back, training future security 
pros to think like their adversaries
By Larry Greenemeier,  InformationWeek
Nov. 14, 2005

Information technology professionals have been conditioned to think 


==========> 05-11-15-SJMerc-ResearchersSayRemovalOfSonyRootkitCompromisesSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13173768.htm

Posted on Tue, Nov. 15, 2005
Researchers: Sony's software removal scheme aggravates security hole
Mercury News

BOSTON (AP) - The fallout from a hidden copy-protection program that Sony BMG 
Music Entertainment put on some CDs is only getting worse. Sony's suggested 
method for removing the program actually widens the security hole the original 
software created, researchers say.


==========> 05-11-16-FinTimes-USRelyingOnPrivateCompaniesToCounterCyberterrorism.txt==========

http://news.ft.com/cms/s/04544eae-5646-11da-b04f-00000e25118c.html

US 'relying on private companies to counter cyber-terrorism'
By Scott Morrison and Chris Nuttall
Published: November 16 2005 02:00 | Last updated: November 16 2005 02:00
Financial Times

Big Brother is failing to keep a close eye on the threat of cyber-terrorism, 
according to security experts. They say the burden of watching and preparing 
for a computer-driven attack on critical US infrastructures is falling on the 


==========> 05-11-16-InfoWeek-IowaStateHoldsAntiHackerCompetition.txt==========

http://informationweek.com/story/showArticle.jhtml?articleID=173603268

Iowa State IT Students To Try Their Luck Against Hackers   Nov. 16, 2005  	
 	
Competition is designed to give future IT professionals a taste of the real 
world of network security
By Tony Kontzer
InformationWeek
	  	
Iowa State University will be victimized by hackers this weekend, and school 


==========> 05-11-24-SiliconCom-ExpertsRevealChineseHackersAtttackingUSComputers.txt==========

http://software.silicon.com/security/0,39024655,39154524,00.htm

Chinese hackers breach US military defences
Uncle Sam hacks back in counter attack...
Silicon.com
By Tom Espiner
Published: Thursday 24 November 2005

Security experts have revealed tantalising details about a group of Chinese 
hackers who are suspected of launching intelligence gathering attacks against 


==========> 05-11-28-InfoWeek-ApplicationsAreNewTargetOfCyberAttacks.txt==========

http://www.informationweek.com/showArticle.jhtml?articleID=174401665

New Path Of Attack   Nov. 28, 2005  	 	
Just when patching showed progress against the worst security threats, 
cybercriminals shift their focus.
By Thomas Claburn
InformationWeek
	  	
Cybercriminals have had it with the limelight. With the law onto them, they've 
mostly abandoned self-aggrandizing vandalism to concentrate on more clandestine 


==========> 05-11-28-ISTRes-SecurityExpertsInitiative-SeemlessSecurity.txt==========

http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Feat
ures/ID/79441

Security gets framed
SEINIT offers the promise of seamless security Despite millions of dollars 
spent by IT companies, digital security still contains more holes than a Swiss 
cheese. One European project plans to plug those holes by creating a virtual 
security framework independent of both devices and the networks they are trying 
to access.
IST Results


==========> 05-11-29-BusWire-Study-PCUsersBelieveBiometricsWillMakeComputersMoreSecure.txt==========

http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&ne
wsId=20051129005770&newsLang=en

November 29, 2005 12:45 PM US Eastern Timezone
Business Wire
Stolen Passwords and Lost Laptops Among Top PC Concerns; 78 Percent Prefer 
Fingerprint Biometrics Over Passwords to Protect Computers, AuthenTec Survey 
Reveals; Company Becomes Official Sponsor of National Computer Security Day

MELBOURNE, Fla.--(BUSINESS WIRE)--Nov. 29, 2005--Stolen passwords and lost 


==========> 05-11-29-PCWorld-ExpertSaysMoreSophisticatedInternetAttacksLikely.txt==========

http://www.pcworld.com/news/article/0,aid,123718,00.asp

Security Expert: More Sophisticated Net Attacks Likely
Coordinated cyberattacks could be nationally damaging, says one cybersecurity 
expert.
Grant Gross, IDG News Service
Tuesday, November 29, 2005

WASHINGTON -- The cyberattacks of recent years have been relatively 
unsophisticated and inexpensive compared to the potential of organized attacks, 


==========> 05-12-00-ACMQueue-CrossSiteScriptingAttackHitsMySpace.txt==========

http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=357

Vicious XSS
From Systems of Scale
ACM Queue, Vol. 3, No. 10 - December 2005 / January 2006
by Kode Vicious

For readers who doubt the relevance of KV’s advice, witness the XSS (cross-site 
scripting) attack that befell the social networking site MySpace.com in October 
(http://www.betanews.com/article/CrossSite Scripting Worm Hits 


==========> 05-12-00-AusPCWorld-NewFormsOfAttacks.txt==========

"CSI: The Net"
Australian PC World (12/05) P. 65; Sterling, Bruce

In a clear sign that cyber attacks are no longer the province of bespectacled 
geeks trying to make a name for themselves, every type of Internet-based 
criminal activity has increased in both frequency and severity over the last 
decade, writes author Bruce Sterling. New types of attacks are forming faster 
than the business models to support them, though ambitious criminal syndicates 
are hot on the heels of the latest threats. Even encryption has become a tool 
for hackers, as some PC users have found that the contents of their computers 


==========> 05-12-00-CACM-BiometricsPromisingSecurityImprovement-MustOvercomeTechnicalAndSocialChallenges.txt==========

Challenges and constraints to the diffusion of biometrics in information systems
Akhilesh Chandra, Thomas Calderon
December 2005 	  	
Communications of the ACM,  Volume 48 Issue 12 

Biometrics are a promising technology for improving security, if they can 
overcome technical and social challenges.

Computer security incidents have grown exponentially since 1997, and about 90% 
of all major organizations are affected by them each year [3]. Such incidents 


==========> 05-12-00-CACM-DirectionsForSecurityAndPrivacyForSemanticEBusinessApplications.txt==========

The semantic e-business vision: Directions for security and privacy for 
semantic e-business applications
Bhavani Thuraisingham
December 2005 	  	
Communications of the ACM,  Volume 48 Issue 12 

Developing secure semantic e-business applications requires focusing first on 
securing the Semantic Web, knowledge management, and e-business processes.

The Semantic Web is essentially about machine understandable Web pages [3]. One 


==========> 05-12-00-CACM-IdentifyingAndDefendingAgainstPortrelatedVulnerabilities.txt==========

Digital village: Pernicious ports
Hal Berghel, David Hoelzer
December 2005 	  	
Communications of the ACM,  Volume 48 Issue 12 

Identifying and defending against port-related vulnerabilities.

It is now well documented that some of the greatest security vulnerabilities to 
computer software are a result of inattention to current service packs, hot 
fixes, and patches. Our experience with big-ticket malware such as W32/Blaster 


==========> 05-12-00-CACM-SecureKnowledgeManagementAndTheSemanticWeb.txt==========

The semantic e-business vision: Secure knowledge management and the semantic web
JinKyu Lee, Shambhu J. Upadhyaya, H. Raghav Rao, Raj Sharman
December 2005 	  	
Communications of the ACM,  Volume 48 Issue 12 

A number of different protocols currently available offer an array of benefits 
and limitations.

Knowledge has long been recognized as an essential prerequisite for quality 
decision making [9]. An individual's knowledge can be transferred to others 


==========> 05-12-00-OptimizeMag-TeamingUpToTackleRiskMgmt.txt==========

http://www.optimizemag.com/article/showArticle.jhtml?articleId=174402475

Teaming Up To Tackle Risk
by Howard A. Schmidt
December 2005, Issue 22
Optimize Magazine

For many organizations, the term risk management can serve as a sort of 
institutional Rorschach test. Executives challenged to define and describe it 
tend to perceive what they want to see, and in articulating their thoughts on 


==========> 05-12-01-CompBusRev-SecureDNSFacesResistance.txt==========

http://www.cbronline.com/article_news.asp?guid=5CB02292-1149-4657-BA91-3F67AA4C9
1B5

Secure DNS faces resistance
1st December 2005
By CBR Staff Writer

The deployment of DNSsec, an enhancement to the domain name system that could 
protect against certain types of phishing and pharming attacks, is still facing 
skepticism and resistance from those who would be involved in implementing it.


==========> 05-12-01-NewSci-NewSolutionsToVirusProblemOfferHope.txt==========

http://www.newscientist.com/article.ns?id=dn8403

Viral cure could 'immunise' the internet
14:35 01 December 2005
NewScientist.com news service
Kurt Kleiner

A cure for computer viruses that spreads in a viral fashion could immunise the 
internet, even against pests that travel at lightning speed, a mathematical 
study reveals.


==========> 05-12-05-BusWeek-ComputersMightFixProblemsAutomatically.txt==========

http://www.businessweek.com/magazine/content/05_49/b3962101.htm?chan=db

DECEMBER 5, 2005
Computer, Heal Thyself
Intelligent machines that can learn and fix themselves are becoming a reality
Business Week

Back in the Fall of 2001, Paul Horn was wrestling with the computer industry's 
demons. The former University of Chicago physics professor had been running 
IBM's () research labs since 1996. During that time, the Internet, wireless 


==========> 05-12-05-InfoWeek-ITDepartmentsUnderfundedAndUnderstaffed.txt==========

http://www.informationweek.com/story/showArticle.jhtml?articleID=174900279

Security's Shaky State
When it comes to security, most IT departments are underfunded, understaffed, 
and underrepresented, IT security pros say.
By Ted Kemp, InformationWeek
Dec. 5, 2005

Resourceful I.T. security professionals are getting the job done, but their 
efforts have been hampered by undersized staffs and underfunded budgets that 


==========> 05-12-06-CNETNews-9-11PanelsFaultsGovernmentOnCybersecurity.txt==========

http://news.com.com/911+panel+faults+government+on+cybersecurity/2100-7348_3-598
4743.html

9/11 panel faults government on cybersecurity
By Joris Evers
Staff Writer, CNET News.com
Published: December 6, 2005, 4:27 PM PST

The federal government is not making enough progress in protecting critical 
infrastructures such as communications networks and the Internet, said former 


==========> 05-12-06-CNETNews-IMWormRepliesToUsers.txt==========

http://news.com.com/New+IM+worm+chats+with+intended+victims/2100-7349_3-5984845.
html?tag=nefd.top

New IM worm chats with intended victims
By Joris Evers
Staff Writer, CNET News.com
Published: December 6, 2005, 5:43 PM PST

You can now instant message with a worm.



==========> 05-12-06-Wired-ResearcherFindsCiscoRouterBugs.txt==========

http://www.wired.com/news/technology/0,1282,69762,00.html

Firm Allegedly Hiding Cisco Bugs 
By Kim Zetter
Wired
02:00 AM Dec. 06, 2005 PT

The computer security researcher who revealed a serious vulnerability in the 
operating system for Cisco Systems routers this year says he discovered 15 
additional flaws in the software that have gone unreported until now, one of 


==========> 05-12-07-CompWorld-IMWormRepliesToUsers.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,106832,00.htm
l

Security firm detects IM bot that chats with you
Bot replies with messages such as 'lol no its not its a virus'
News Story by Nancy Gohring

DECEMBER 07, 2005 (IDG NEWS SERVICE) - A new form of malicious instant-message 
bot is on the loose that talks back to the user, possibly signifying a 
potentially dangerous trend, an instant messaging security firm said.


==========> 05-12-07-CompWorld-PortScansNotAlwaysAttacksOnComputers.txt==========

http://www.computerworld.com/securitytopics/security/story/0,10801,106849,00.htm
l

Port scans may not always signal attacks, research indicates
A study found little correlation between port scanning and network attacks
News Story by Jaikumar Vijayan

DECEMBER 07, 2005 (COMPUTERWORLD) - The assumption that network port scans are 
a precursor to attempted hacks into computers may be misleading, according to 
research at the University of Maryland’s A. James Clark School of Engineering.


==========> 05-12-07-Yahoo-IntelWorkingOnRootkitDetection.txt==========

http://news.yahoo.com/s/pcworld/20051207/tc_pcworld/123863

Intel Working on Rootkit Detection Techniques
Tom Krazit, IDG News Service Wed Dec 7, 6:00 PM ET
Yahoo

FOLSOM, CALIFORNIA-- Intel is working on a research project that would 
immediately notify PC users if they inadvertently download a rootkit such as 
the XCP (extended copy protection) software found on certain music CDs shipped 
by Sony, researchers said Tuesday.


==========> 05-12-09-ClarksonU-VulnerabititiesOfBiometricSystemsStudied.txt==========

http://www.clarkson.edu/news/print.php?id=1397

Clarkson University News
09 December 2005
Clarkson Engineer And "Spoofing" Expert Looks To Outwit High-Tech Identity Fraud

Eyeballs, a severed hand or fingers carried in ziplock bags. Back alley eye 
replacement surgery. These are scenarios used in recent blockbuster movies like 
Steven Spielberg’s “Minority Report” and “Tomorrow Never Dies” to illustrate 
how unsavory characters in high-tech worlds beat sophisticated security and 


==========> 05-12-12-CNETNews-SecureSocketLayerToGetHighAssuranceCertificates.txt==========

http://news.com.com/Browsers+to+get+sturdier+padlocks/2100-1029_3-5989633.html

Browsers to get sturdier padlocks
By Joris Evers
CNet News
Story last modified Mon Dec 12 04:00:00 PST 2005

The yellow security padlock in Web browsers, weakened by lax standards and 
loose supervision, will get reinforced next year with tougher requirements and 
browser updates.


==========> 05-12-13-FinTimes-USOffiicalSaysTechLeadershipKeyToCybersecurity.txt==========

# "Technology Leadership Is Key to Security"
Financial Times (12/13/05) P. 17; McCormick, David

Leadership in the technology realm is fast becoming the lynch pin of U.S. 
security and prosperity, writes U.S. Undersecretary of Commerce David 
McCormick, adding that leadership demands a delicate balance between attracting 
the top researchers in the world and ensuring that sensitive information to 
which foreign visitors may be privy does not pass into the wrong hands. While 
typically viewed as a trade-off between security and commerce, the restrictions 
on exporting sensitive U.S. technologies must support both, as preserving 


==========> 05-12-13-WashPost-TechIndustyGroupBlastsUSLeadershipOnCybersecurity.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2005/12/13/AR2005121301294.
html

Tech Group Blasts Federal Leadership on Cyber-Security
By Brian Krebs
washingtonpost.com Staff Writer
Tuesday, December 13, 2005; 5:50 PM

A group of leading technology companies today chastised Congress and the Bush 
administration for what it characterized as a failure to support initiatives to 


==========> 05-12-19-TechRev-TheInternetIsBroken.txt==========

http://www.technologyreview.com/InfoTech-Networks/wtr_16051,258,p1.html

Monday, December 19, 2005
The Internet Is Broken
The Net's basic flaws cost firms billions, impede innovation, and threaten 
national security. It's time for a clean-slate approach, says MIT's David D. 
Clark.
Technology Review
By David Talbot



==========> 05-12-19-WashPost-SecurityFirmGuidanceCustomerDatabaseBrokenInto.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2005/12/19/AR2005121900928.
html

Hackers Break Into Computer-Security Firm's Customer Database
Personal Data for Law Enforcement, Security Professionals Exposed
By Brian Krebs
washingtonpost.com Staff Writer
Monday, December 19, 2005; 5:33 PM

Guidance Software -- the leading provider of software used to diagnose hacker 


==========> 05-12-20-TechRev-TheInternetIsBroken.txt==========

http://www.technologyreview.com/InfoTech/wtr_16055,258,p1.html

Tuesday, December 20, 2005
The Internet Is Broken -- Part 2
We can't keep patching the Internet’s security holes. Now computer scientists 
are proposing an entirely new architecture.
By David Talbot
Technology Review

This article -- the cover story in Technology Review’s December-January print 


==========> 05-12-26-USAToday-NewCyberattacksAimedAtCorporateEspionage.txt==========

http://www.usatoday.com/money/industries/technology/2005-12-26-cyber-attack-usat
_x.htm

Posted 12/26/2005 11:51 PM
New breed of cyberattack takes aim at sensitive data
By Jon Swartz, USA TODAY

SAN FRANCISCO — A new breed of targeted digital attack designed to filch 
sensitive data from computers at businesses and government agencies has emerged 
as the latest cyberthreat, tech security experts say.


==========> 05-12-29-SJMerc-OregonManPleadsGuityToCyberattcks.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13508411.htm

Posted on Thu, Dec. 29, 2005
EBay attacker pleads guilty
WORM OVERLOADED HIGH-PROFILE SITES
By Michael Bazeley
Mercury News

An Oregon man has pleaded guilty to charges he used a computer worm to infect 
as many as 20,000 computers, which then attacked eBay.com and other Web sites 


==========> 05-12-31-TelecomWeb-HouseDemsReleaseCriticalReportOnDHSCybersecurity.txt==========

http://www.telecomweb.com/news/1135794721.htm

Dems Press For Cyber/Telecom Security Czar
TelecomWeb
Dec. 31, 2005

Democrats in the U.S. House of Representatives today released a report raising 
serious concerns about the Department of Homeland Security's (DHS) ability to 
keep the country safe, with the lack of a once-discussed, high-level 
cyber/telecom security chief making it onto a list of 33 alleged “unfulfilled 


==========> 05-12-31-USACM-USACMChairCommentsOnDODCybersecurity.txt==========

=============================================================
                    ACM Washington Update
                         Vol. 9.12
                      31 December 2005
=============================================================

[2] USACM CHAIR COMMENTS ON PENTAGON CYBERSECURITY

Prof. Eugene Spafford, USACM Chair and executive director of Purdue 
University’s Center for Education and Research in Information Assurance and 


==========> 05-USACM-DataSecurityLegislationMovingForwardInCongress.txt==========

=============================================================
                    ACM Washington Update
                         Vol. 9.10
                      31 October 2005
=============================================================

[4] DATA SECURITY LEGISLATION MOVING FORWARD IN CONGRESS

Recently, we reported on the weblog that the Senate Judiciary Committee -- a 
major player in the effort to enact federal data security legislation -- 


==========> 06-01-00-ACMInteractions-PeopleGiveUpTheirPasswardsTooEasily.txt==========

Fresh: pushing the envelope: A penny for your thoughts, a latte for your 
password
Fred Sampson
January 2006 	  	
interactions,  Volume 13 Issue 1 

We probably all know people who juggle 30 or more user ID/password 
combinations, one set for each application or server to which they need access. 
Some they use everyday; some they use only occasionally. Some get changed more 
often than they get used. Some people keep their passwords in their notebooks, 


==========> 06-01-00-ACMUbiquity-KeepingInformationSecure.txt==========

Information security
John Peter Jesan
January 2006 	  	
Ubiquity,  Volume 7 Issue 2 

John Peter Jesan is a Software Engineer / Infosec Professional working in 
CitiStreet, a joint venture of State Street and Citigroup companies. He is also 
a Doctoral Student in Computer Information Systems at Nova Southeastern 
University, Fort Lauderdale, FL. His area of research interest is Information 
Security. He got certified by National Security Agency(NSA) for Information 


==========> 06-01-00-CACM-UsablePrivacyAndSecurityForPersonalInformationManagement.txt==========

Personal information management: Usable privacy and security for personal 
information management
Clare-Marie Karat, Carolyn Brodie, John Karat
January 2006 	  	
Communications of the ACM,  Volume 49 Issue 1 

The goal is a policy workbench enabling users to create and transform natural 
language policies into machine-readable code for enforcement and compliance 
audits.



==========> 06-01-00-CACM-UsingCostBenefitAnalysisInBudgetingForCyberSecurity.txt==========

Budgeting process for information security expenditures
Lawrence A. Gordon, Martin P. Loeb
January 2006 	  	
Communications of the ACM,  Volume 49 Issue 1 

Empirical evidence shows that cost-benefit analysis is a sound basis for 
budgeting information security expenditures.

We conducted an empirical study to examine the way corporations make decisions 
regarding information security expenditures. This study assessed whether firms 


==========> 06-01-00-IEEEInternetComp-DenialOfServiceAttackDetectionTechiques.txt==========

http://www.computer.org/portal/site/dsonline/menuitem.9ed3d9924aeb0dcd82ccc6716b
be36ec/index.jsp?&pName=dso_level1&path=dsonline/2006/01&file=w1spot.xml&xsl=art
icle.xsl&

From IEEE Internet Computing
Denial-of-Service Attack-Detection Techniques
Jan./Feb. 2006
Glenn Carl and George Kesidis • Pennsylvania State University
Richard R. Brooks • Clemson University
Suresh Rai • Louisiana State University


==========> 06-01-01-CampusTech-SetGoalsForVulnerabilityScanners.txt==========

http://www.campus-technology.com/article.asp?id=17720

Feeling Vulnerable?
By Doug Gale
When it comes to vulnerability scanners, know your tools, and clarify your 
goals—or be sorry later.
Campus Technology Jan. 1, 2006

“You can be sure of succeeding in your attacks if you only attack places which 
are undefended. You can ensure the safety of your defense if you only hold 


==========> 06-01-03-CompWorld-RSACEOSeesLackOfUSCybersecurityLeadership.txt==========

http://computerworld.com/securitytopics/security/story/0,10801,107443,00.html

Q&A: RSA CEO sees lack of leadership in U.S. cybersecurity efforts
'The government has done absolutely nothing to execute on their own strategy,' 
says Art Coviello
News Story by Jaikumar Vijayan

JANUARY 03, 2006 (COMPUTERWORLD) - Art Coviello wears multiple hats. As 
president and CEO of RSA Security Inc., he is responsible for the company’s 
vision and long-term strategy. He is also a founding member and co-chair of the 


==========> 06-01-05-RedHerring-MSToReleaseSecurityFixEarly.txt==========

http://www.redherring.com/Article.aspx?a=15180&hed=Microsoft+to+Issue+Security+F
ix&sector=Industries&subsector=Computing

Microsoft to Issue Security Fix
The software giant plans to move up its release of a Windows problem fix after 
pressure from security experts.
January 5, 2006
Red Herring

Succumbing to pressure from security experts, Microsoft said Thursday it’s 


==========> 06-01-05-SecFocus-SecurityFlawsOnTheRise.txt==========

http://www.securityfocus.com/news/11367

Security flaws on the rise, questions remain
Robert Lemos, SecurityFocus 2006-01-05

After three years of modest or no gains, the number of publicly reported 
vulnerabilities jumped in 2005, boosted by easy-to-find bugs in Web 
applications. Yet, questions remain about the value of analyzing current 
databases, whose data rarely correlates easily.



==========> 06-01-10-CNETNews-USHomelandSecuritySupportsOpenSourceBugHunt.txt==========

http://news.com.com/Homeland+Security+helps+secure+open-source+code/2100-1002_3-
6025579.html

Homeland Security helps secure open-source code
By Joris Evers
CNET News
Story last modified Tue Jan 10 17:05:00 PST 2006

The U.S. Department of Homeland Security is extending the scope of its 
protection to open-source software.


==========> 06-01-10-Symantec-NortonProtectedRecycleBinHasHiddenFile.txt==========

http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html

SYM06-002
January 10, 2006
Symantec Norton Protected Recycle Bin Exposure
Symantec

Revision History
None



==========> 06-01-10-Telephony-HomelandSecurityConferenceFocusesOnCollaboration.txt==========

http://telephonyonline.com/regulatory/news/Homeland_Security_Conference_011006/

HSNI: Security conference focuses on collaboration
By Tim McElligott
Telephony
Jan 10, 2006 8:42 AM

ORLANDO -- All oars went into the water this week at the inaugural Homeland 
Security for Networked Industries conference in Orlando, Fla., as 
representatives from the government, communications, transportation and utility 


==========> 06-01-11-eWeek-NortonProtectedRecycleBinHasHiddenFile.txt==========

http://www.eweek.com/article2/0,1759,1910077,00.asp?kc=EWRSS03119TX1K0000594

Symantec Caught in Norton 'Rootkit' Flap
By Ryan Naraine
January 11, 2006 	
eWeek

Symantec Corp. has fessed up to using a rootkit-type feature in Norton 
SystemWorks that could provide the perfect hiding place for attackers to place 
malicious files on computers.


==========> 06-01-11-SearchSec-FBISaysCyberAttacksSucceeding.txt==========

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1157706,0
0.html

FBI says attacks succeeding despite security investments
By Bill Brenner, Senior News Writer
11 Jan 2006
SearchSecurity.com

Despite investing in a variety of security technologies, enterprises continue 
to suffer network attacks at the hands of malware writers and inside 


==========> 06-01-15-SFChron-USMoreVulnerableToTerroristCyberAttacks.txt==========

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/01/15/ING2AGLP021.DTL

Waging war through the Internet
America is far more vulnerable to terrorists who hack systems than missions to 
blow things up
John Arquilla
Sunday, January 15, 2006
San Francisco Chronicle 

    Over the past four years, huge efforts have been made to keep al Qaeda and 


==========> 06-01-17-CyberIndia-USAndIndiaAgreeToWorkTogetherOnCybersecurity.txt==========

http://www.ciol.com/content/news/2006/106011714.asp

Indo–US cooperation to tackle cyber crime
India, US decide to enhance co-operation among law enforcement agencies to deal 
with cyber crime
Tuesday, January 17, 2006
Cyber India Online

NEW DELHI: At the third Plenary of the Indo-US Cyber security Forum which 
concluded here today, the Confederation of Indian Industry (CII) in 


==========> 06-01-19-CNETNews-CyberCrimeCostsUSBusiness67BDollars.txt==========

http://news.com.com/Computer+crime+costs+67+billion,+FBI+says/2100-7349_3-602894
6.html

Computer crime costs $67 billion, FBI says
By Joris Evers
CNET Networks
Story last modified Thu Jan 19 14:20:00 PST 2006

Dealing with viruses, spyware, PC theft and other computer-related crimes costs 
U.S. businesses a staggering $67.2 billion a year, according to the FBI.


==========> 06-01-22-KCStar-ManySayInternetNeedsRedoingForBetterSecurity.txt==========

http://www.kansascity.com/mld/kansascity/13681958.htm

Posted on Sun, Jan. 22, 2006	
To build a better Net
Many say cyberspace is in need of rethinking and repair, becoming as perilous 
as it is valuable
By SCOTT CANON
The Kansas City Star

“It’s an arms race out there, and the criminal element is finding new ways to 


==========> 06-01-23-SJMerc-HackerPleadsGuiltyToProvidingAttackNetwork.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13693354.htm

Posted on Mon, Jan. 23, 2006
Hacker pleads guilty to building, renting attack network
Mercury News

SAN FRANCISCO (AP) - A 20-year-old hacker admitted Monday to surreptitiously 
seizing control of hundreds of thousands of Internet-connected computers, using 
the zombie network to serve pop-up ads and renting it to people who mounted 
attacks on Web sites and sent out spam.


==========> 06-01-24-USACM-LetterToCongressUrgingBroaderViewOfDataSecurity.txt==========

http://www.acm.org/usacm/weblog/index.php?p=345

January 24, 2006
USACM urges policymakers to adopt a broader view of data security

Following last year’s numerous high-profile data breaches (which we’ve been 
covering closely), there are now numerous pieces of data security and privacy 
legislation pending in Congress – coming under the jurisdiction of numerous 
committees and using a range of different approaches. Indeed, the field is so 
crowded that it’s difficult to tell which bills have the best chance for 


==========> 06-01-25-FedCompWeek-Panel-CybercrimeWillIncrease.txt==========

http://www.fcw.com/article92085-01-25-06-Web

Panel: Cybercrime will grow in 2006
BY Michael Arnone
Published on Jan. 25, 2006
Federal Computer Week

Cybersecurity crime increased dramatically in 2005, and 2006 promises even more 
incidents, a panel of federal cybersecurity experts said Jan. 24.



==========> 06-01-25-SJMerc-StopBadSWCoalitionToIdentifyCompanies.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13709131.htm

Posted on Wed, Jan. 25, 2006
Shining a light on shady software
ALLIANCE PLANNING TO IDENTIFY HARMFUL PROGRAMS AND SITES
By Michael Bazeley
Mercury News

A coalition of academics, consumer advocates and technology firms is taking aim 
at malicious software, launching a site today that it hopes will help protect 


==========> 06-01-25-WashPost-StopBadSWCoalitionToIdentifyCompanies.txt==========

# "Internet Coalition Sets Up Anti-'Badware' Site"
Washington Post (01/25/06) P. D4; Mohammed, Arshad

The Stop Badware Coalition, which consists of Google and institutes at Harvard 
and Oxford universities, today will announce the launch of an anti-spyware 
campaign designed to counteract the spread of malicious computer programs that 
have the ability to steal personal information, spy on users who are Web 
surfing, and overcrowd computers with pop-up ads. The coalition will have a Web 
site, www.stopbadware.org, that catalogs programs that are dangerous to users 
so they can know if a program is harmful before downloading it. Companies that 


==========> 06-01-27-CompReseller_AllchinDiscussesMSVistaSecurity.txt==========

http://www.crn.com/sections/custom/custom.jhtml;jsessionid=MCX3J53IO3DE4QSNDBECK
HSCJUMEKJVN?articleId=177104675&pgno=2

Interview: Microsoft's Allchin Discusses Vista Security
By Paula Rooney & Barbara Darrow, CRN
6:00 PM EST Fri. Jan. 27, 2006
From the January 30, 2006 Computer Reseller News

CRN Industry Editor Barbara Darrow and Senior Writer Paula Rooney met with 
Microsoft's Jim Allchin, co-president, Platform Products & Services Division, 


==========> 06-01-28-MilInfoTech-DesigningARoadmapForCybersecurity.txt==========

http://www.military-information-technology.com/article.cfm?DocID=1294

Assurance Provider: Designing a Roadmap for Information Security
Daniel G. Wolf
Director, Information Assurance Directorate National Security Agency
Military Information Technology, Jan. 28, 2006

Daniel G. Wolf is director of the Information Assurance (IA) Directorate at the 
National Security Agency (NSA), where he has the responsibility for defining 
and implementing the information assurance strategy to protect the Global 


==========> 06-01-30-FinTimes-CompputerVirusesAdvanceOver20YearsAgo.txt==========

The Computer Virus Comes of Age
Financial Times (01/30/06) P. 6; Palmer, Maija

The appearance of the Brain virus 20 years ago touched off an age of computer 
vulnerability that has advanced from a slow-moving, innocuous virus transmitted 
via floppy disk to modern estimates of around 120,000 viruses, some of which 
are capable of bringing down corporate networks and intercepting sensitive 
personal information. The roughly 1 billion Internet users, many of whom use 
high-speed connections, enable viruses to travel far more quickly today than 
they did in the days of Brain. MyDoom, for instance, spread through email, 


==========> 06-01-31-ISNSecNews-GovtRegulationNotTheAnswerToNetSecurity.txt==========

http://www.isn.ethz.ch/news/sw/details.cfm?id=14625

Forum tackles Internet regulation
(By Eric J. Lyman in Rome)
ISN SECURITY WATCH (31/01/06)

The future security of the Internet does not depend on increased government 
regulation, according to a group of private sector representatives at a 
conference held on the future of the digital economy in Rome.



==========> 06-01-31-SJMerc-CME-24WormSetToCorruptDocumentFiles.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13756684.htm

Posted on Tue, Jan. 31, 2006
Security researchers warn of file-destroying worm
Mercury News

NEW YORK (AP) - If you have computer files you'd rather not lose, now is a good 
time to make sure your anti-virus software is up to date.

A worm set to activate Friday will corrupt documents using the most common file 


==========> 06-01-31-TechWorld-BrowserCookieHandlingCouldLeadToAttacks.txt==========

http://www.techworld.com/security/news/index.cfm?newsid=5276&inkc=0

Browsers face triple threat
How the cookies crumble.
Matthew Broersma, Techworld
31 January 2006

Polish security researcher Michael Zalewski has highlighted three bugs in the 
handling of cookies that he says could be used to carry out attacks on 
commercial websites.


==========> 06-02-00-CACM-InvestigatingSophisticatedCyberSecurityBreaches.txt==========

Next-generation cyber forensics: Investigating sophisticated security breaches
Eoghan Casey
February 2006 	  	
Communications of the ACM,  Volume 49 Issue 2 

Sophisticated intruders take full advantage of the lack of forensic readiness. 
To respond more effectively to such attacks, computer security professionals 
and digital investigators must combine talents and work together.

Well-funded groups in China are gathering sensitive information by breaking 


==========> 06-02-00-CACM-StateAndLocalLawEnforcementNotReadyForCyberSecurity.txt==========

Next-generation cyber forensics: State and local law enforcement is not ready 
for a cyber Katrina
Rahul Bhaskar
February 2006 	  	
Communications of the ACM,  Volume 49 Issue 2 

After witnessing such a dismal response to Hurricane Katrina last September, a 
hurricane of a different dimension still hovers over the infrastructure of U.S. 
computer networks. Cyber Katrina, if you will, is posed to hit the U.S. and 
authorities are indeed not ready [2, 5] to handle the aftermath. Today there 


==========> 06-02-02-BusWeek-MoreWorkNeededToStopCybercrime.txt==========

http://www.businessweek.com/technology/content/feb2006/tc20060202_832554.htm

FEBRUARY 2, 2006
Viewpoint
By Paul Horn
It's Time to Arrest Cyber Crime
Business Week

As the bad guys get ever more sophisticated, even more ambitious efforts to 
thwart them are needed. Here are some tips


==========> 06-02-03-CNN-UsersPracticeSafeComputingToAvoidKamaSutraWormDamage.txt==========

http://www.cnn.com/2006/TECH/internet/02/03/wormstrike/

Kama Sutra worm hits home
Many users practiced 'safe computing' to avoid damage
By Marsha Walton
CNN, Feb. 3, 2006

ATLANTA, Georgia (CNN) -- Many computer users around the globe apparently 
heeded the warnings about a worm with a sexy name and took precautions to 
protect their data from the destruction of "Kama Sutra."


==========> 06-02-03-SJMerc-KamaSutraWormCausesLittledamageSoFar.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13783862.htm

Posted on Fri, Feb. 03, 2006
Kama Sutra worm causes little damage so far
Mercury News - Associated Press

Companies and individuals heeded this week's warning -- some may call it 
``hype'' -- about a file-destroying computer worm known as ``Kama Sutra,'' 
helping minimize its damage Friday, security experts said.



==========> 06-02-03-TMCnet-BeneficialWormsToTrackDownAndEliminateMaliciousWorms.txt==========

http://www.tmcnet.com/usubmit/2006/02/03/1341508.htm

[February 03, 2006]  	
TMCnet
Turning the worm secures the computer

(New Scientist Via Thomson Dialog NewsEdge)WORMS, the enemy of PC owners and IT 
departments everywhere, are about to become a force for good. Beneficial worms 
will spread rapidly through networks and patch machines before a malicious worm 
can attack.


==========> 06-02-07-AP-MSWillOfferNewPaidSecuritySubscriptionService.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13813306.htm

Posted on Tue, Feb. 07, 2006
Microsoft to release paid security offering in June

SEATTLE (AP) - A new security service from Microsoft Corp. will charge users 
$49.95 per year to better protect its Windows operating system from spyware, 
viruses and other Internet attacks.

Microsoft plans to release the product in early June.


==========> 06-02-07-SecFocus-SchmooCon-AppleTargetForHackers.txt==========

http://www.securityfocus.com/news/11375

Apple's in the eye of flaw finders
Robert Lemos, SecurityFocus 2006-02-07

At the recent ShmooCon hacking conference, one security researcher found out 
the hard way that such venues can be hostile, when an unknown hacker took 
control of the researcher's computer, disabling the firewall and starting up a 
file server.



==========> 06-02-08-SecFocus-AppleComputerWithOS-XDisabledByAttack.txt==========

http://www.theregister.co.uk/2006/02/08/apple_vulnerability/

Apple's in the eye of flaw finders
By SecurityFocus
Published Wednesday 8th February 2006 11:07 GMT

At the recent ShmooCon hacking conference, one security researcher found out 
the hard way that such venues can be hostile, when an unknown hacker took 
control of the researcher's computer, disabling the firewall and starting up a 
file server.


==========> 06-02-08-ZDNet-SecurityExpertsReportOnStateOfCybersecurityAtDemo2006.txt==========

http://blogs.zdnet.com/BTL/?p=2562

February 8, 2006
Security gurus report on the state of cybersecurity at Demo 2006
Posted by Dan Farber @ 4:32 pm
ZDNet Blogs

Demo 2006: At the close of Demo, John Patrick led a discussion on the state of 
security with Partha Dasgupta, an associate professor at Arizona State 
University specializing in cryptography; Hillarie Orman,  chief technology 


==========> 06-02-09-AP-NewGoogleFeatureTransfersUsersHardDriveData.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13830236.htm

Posted on Thu, Feb. 09, 2006
Google's new search feature seeks greater access to personal computers

SAN FRANCISCO (AP) - Google Inc. is offering a new tool that will automatically 
transfer information from one personal computer to another, but anyone wanting 
that convenience must authorize the Internet search leader to store the 
material for up to 30 days.



==========> 06-02-09-AP-USAirPassengerScreeningPlanSuspended.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13830920.htm

Posted on Thu, Feb. 09, 2006
Air passenger screening plan suspended over security concerns

WASHINGTON (AP) - Security concerns have caused the government to suspend plans 
for an ambitious program to check every domestic airline passenger's name 
against government watch lists, Transportation Security Administration chief 
Kip Hawley said Thursday.



==========> 06-02-10-AP-USWrapsCyberStormExerciseTestingInternetDefenses.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13842562.htm

Posted on Fri, Feb. 10, 2006
U.S. wraps up 'Cyber Storm' exercise testing Internet defenses

WASHINGTON (AP) - The government concluded its ``Cyber Storm'' wargame Friday, 
its biggest-ever exercise to test how it would respond to devastating attacks 
over the Internet from anti-globalization activists, underground hackers and 
bloggers.



==========> 06-02-13-SJMerc-VoIPCallsCanBeHackedSpammedAndSavedOnServers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13860853.htm

Posted on Mon, Feb. 13, 2006
Like e-mail, calls via Internet can be hacked, spammed, saved on servers
By Jessie Seyfer
Mercury News

The allure of Internet phone calling is understandable -- dirt-cheap calls to 
anywhere in the world, sound quality that's at times superior to the 
traditional land-line and the ability to take your phone number with you when 


==========> 06-02-14-AP-GatesOutlinesStepsToImproveComputerSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13871318.htm

Posted on Tue, Feb. 14, 2006
Gates outlines further steps to improve computer security

SAN JOSE, Calif. (AP) - Trying to simplify online transactions and make them 
safer, Microsoft Corp. Chairman Bill Gates showed off a tool that manages all 
the usernames and passwords that people and companies use to unlock the doors 
of the Internet.



==========> 06-02-14-EETimes-CryptoExpertsSaysRFIDTagsCanBeCrackedWithCellphone.txt==========

http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=180201688

Cellphone could crack RFID tags, says cryptographer
Rick Merritt 	
EE Times
(02/14/2006 4:26 PM EST)

SAN JOSE — A well known cryptographer has applied power analysis techniques to 
crack passwords for the most popular brand of RFID tags.



==========> 06-02-14-FinTimes-GatesDefendsVisionOnInternetSecurity.txt==========

http://news.ft.com/cms/s/2105c8a0-9db5-11da-b1c6-0000779e2340.html

Gates defends vision on internet security
By Richard Waters in San Francisco
Published: February 14 2006 23:57 | Last updated: February 14 2006 23:57
Financial Times

Whenever Bill Gates has a vision for the future of the software industry, alarm 
bells are likely to sound somewhere – whether in the offices of anti-trust 
regulators, competitors, or a press that is always on the look out for new 


==========> 06-02-14-SJMerc-GatesOutlinesStepsToImproveComputerSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13871692.htm

Posted on Tue, Feb. 14, 2006
Gates discusses security protections at S.J. conference
By Jessie Seyfer
Mercury News

Microsoft Chairman Bill Gates spoke before a packed crowd today at the San Jose 
Civic Auditorium, officially kicking off the RSA computer security conference, 
which is taking place all week at the McEnery Convention Center.


==========> 06-02-15-PanelOfexpertsSeesProgressInCybersecurity.txt==========

http://news.com.com/Panel+sees+progress+made+in+cybersecurity/2100-7355_3-603967
7.html

Panel sees progress made in cybersecurity
By Joris Evers
CNET Networks
Story last modified Wed Feb 15 05:54:44 PST 2006

SAN JOSE, Calif.--Progress has been made on the government's strategy for 
protecting the Internet and securing information systems, but the work is not 


==========> 06-02-15-SJMerc-AreComputerSecurityCompaniesSucceedingInProvidingProtection.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13878635.htm

Posted on Wed, Feb. 15, 2006
Computer security industry needs to avoid crying wolf
By Mike Langberg
Mercury News

You wouldn't expect to learn about a decline in home-invasion robberies at a 
burglar-alarm convention.



==========> 06-02-15-SJMerc-GatesUnveilsNewPCSecurity-SeesEndOfPasswords.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13878631.htm

Posted on Wed, Feb. 15, 2006
Gates unveils new PC security, sees end of passwords
By Jessie Seyfer
Mercury News

Microsoft Chairman Bill Gates presented a new desktop security program Tuesday 
that he said would protect people from phishing scams and eventually make 
Internet passwords passé.


==========> 06-02-16-AP-AppleHackersEncounterPoeticWarning.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13894391.htm

Posted on Thu, Feb. 16, 2006
Apple hackers encounter a poetic warning

SAN JOSE, Calif. (AP) - Apple Computer Inc. has resorted to a poetic broadside 
in the inevitable cat-and-mouse game between hackers and high-tech companies.

The maker of Macintosh computers had anticipated that hackers would try to 
crack its new OS X operating system built to work on Intel Corp.'s chips and 


==========> 06-02-16-SJMerc-FBIChiefAsksTechForHelpOnCriminalHacking.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13887708.htm

Posted on Thu, Feb. 16, 2006
With criminal hacking up, FBI chief asks valley for help
By Matthai Chakko Kuruvila
Mercury News

Computer hacking has evolved from a sport for geeks into a moneymaking tool for 
organized crime -- a trend so disturbing to FBI Director Robert Mueller that he 
came to San Jose Wednesday to ask for help from tech security experts.


==========> 06-02-16-TechRev-SecurityExpertsReadyToFightBackWithCryptography.txt==========

http://www.technologyreview.com/InfoTech-Software/wtr_16347,300,p1.html

Thursday, February 16, 2006
Calling Cryptographers
With hardware, software, and networks constantly under attack, security experts 
says they're ready to fight back.
By Kate Greene
Technology Review

Microsoft CEO Bill Gates kicked off the annual RSA Conference on information 


==========> 06-02-19-WashPost-HackersHijackingThousandsOfPCs.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.
html

Invasion of the Computer Snatchers
Hackers are hijacking thousands of PCs to spy on users, shake down online 
businesses, steal identities and send millions of pieces of spam. If you think 
your computer is safe, think again
By Brian Krebs
Sunday, February 19, 2006; W10
Washington Post Magazine


==========> 06-02-21-RedHerring-GartnerSuggestsDisablingGoogleSearchFeature.txt==========

http://www.redherring.com/Article.aspx?a=15805&hed=Gartner+Warns+on+Google+App

Gartner Warns on Google App
Research firm cautions corporations to disable computer-to-computer search and 
set policy as to what is searchable.
February 21, 2006
Red Herring

Research firm Gartner warned businesses to either disable or carefully manage 
the feature in Google Desktop that allows users to temporarily store virtual 


==========> 06-02-21-UMass-OnlineShoppingHazards.txt==========

http://www.umass.edu/newsoffice/newsreleases/articles/30676.php

Buyer Beware: Online Shopping Hazards Exposed By UMass Amherst Computer 
Scientist
Feb. 21, 2006
Contact:	Kevin Fu
413/545-4006
Univ of Massachusetts

AMHERST, Mass. – Consumers who shop online may be risking their privacy with 


==========> 06-02-24-ScienceMag-ACareerInComputerSecurity.txt==========

http://sciencecareers.sciencemag.org/career_development/previous_issues/articles
/2006_02_24/guarding_the_wire_a_career_in_computer_security

Guarding the Wire: A Career in Computer Security
Andrew Fazekas
United States
24 February 2006
Science Magazine

Safe computing environments are vital--and elusive--for businesses, 


==========> 06-02-24-SJMerc-McAfeeEmployeeDataLost-NotEncrypted.txt==========

http://www.siliconvalley.com/mld/siliconvalley/13952271.htm

Posted on Fri, Feb. 24, 2006
Security giant's data lost
MCAFEE: AUDITOR FAILED TO ENCRYPT EMPLOYEE-RECORDS CD, LEFT IT ON PLANE
By Matthai Chakko Kuruvila
Mercury News

McAfee, the Santa Clara security software company, has lost the personal 
information of thousands of its employees due to a lapse by an external auditor.


==========> 06-03-00-InfoToday-GraphicalPasswordsPromiseEasierUse.txt==========

http://www.infotoday.com/IT/default.shtml

An Image of the Future: Graphical Passwords
Information Today (03/06) Vol. 23, No. 3, P. 39; Poulson, Deborah

Computer users frustrated with having to remember a multitude of alphanumeric 
passwords will welcome the development of graphical passwords, writes Deborah 
Poulson. First patented by physicist and entrepreneur Greg Blonder in 1996, 
graphical passwords work by displaying an image on a touch-screen or pen-based 
computer, and prompting the user to select the areas in the image, called click 


==========> 06-03-01-SCMag-DHSCyberSecurityExecDescribesMission.txt==========

 Forging a National Cyber Security Strategy
SC Magazine (03/01/06) P. 48; Purdy Jr., Andy

Deputy director of the Department of Homeland Security's (DHS) National Cyber 
Security Division (NCSD) Andy Purdy details his agency's mission of developing 
a comprehensive and cohesive plan to ensure the security of America's critical 
data through intense public-private collaboration and the various tools, 
resources, and insights this effort involves. He describes the first priority 
of the National Strategy to Secure Cyberspace as the development of a national 
cyberspace security response system, a core element of which is strong 


==========> 06-03-05-NYT-NeighborsPiggybackOnOthersWiFi.txt==========

http://www.nytimes.com/2006/03/05/technology/05wireless.html?_r=1&oref=slogin

March 5, 2006
Hey Neighbor, Stop Piggybacking on My Wireless
By MICHEL MARRIOTT
NY Times

For a while, the wireless Internet connection Christine and Randy Brodeur 
installed last year seemed perfect. They were able to sit in their sunny Los 
Angeles backyard working on their laptop computers.


==========> 06-03-06-ElecWeekly-HackersAccessSmartcardInformation.txt==========

http://www.electronicsweekly.com/Articles/2006/03/06/37793/Securitytacklessmartc
ardhackers.htm

Security tackles smartcard hackers
by Christine Evans-Pughe
Monday 6 March 2006
Electronics Weekly

Troublesome people, hackers. A weekend with no interruptions and by Monday they 
will have dreamt up a clever new way to steal your electronic data. For a 


==========> 06-03-06-ZDNet-MacOSXHackedInUnderThirtyMinutes.txt==========

http://www.zdnet.com.au/news/security/soa/Mac_OS_X_hacked_in_less_than_30_minute
s/0,2000061744,39241748,00.htm

Mac OS X hacked under 30 minutes
Munir Kotadia, ZDNet Australia
March 06, 2006

update Gaining root access to a Mac is "easy pickings," according to an 
individual who won an OS X hacking challenge last month by gaining root control 
of a machine using an unpublished security vulnerability.


==========> 06-03-07-SearchSec-NSF-TRUSTProject-MultipleUniversities.txt==========

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1171482,0
0.html

Scientists band together for TRUST-worthy research
By Niall McKay, Contributor
07 Mar 2006 | SearchSecurity.com

When the U.S. Secret Service wanted to put a stop to password theft and 
phishing, they went to TRUST -- Team for Research in Ubiquitous Secure 
Technology -- a recently formed group of some of the best computer security 


==========> 06-03-10-eWeel-VirtualMachineMonitorRootkits.txt==========

http://www.eweek.com/article2/0,1895,1936666,00.asp

VM Rootkits: The Next Big Threat?
By Ryan Naraine
March 10, 2006 	
eWeek

Lab rats at Microsoft Research and the University of Michigan have teamed up to 
create prototypes for virtual machine-based rootkits that significantly push 
the envelope for hiding malware and that can maintain control of a target 


==========> 06-03-13-InfoWorld-SecurityHoleFoundInGnuPGCryptoProgram.txt==========

http://www.infoworld.com/article/06/03/13/76377_HNgpghole_1.html

Security hole found in crypto program GPG
Attackers could sneak malicious code into e-mails
By James Niccolai, IDG News Service
March 13, 2006

Developers of the open-source GnuPG encryption software have reported a 
security flaw that could allow an attacker to sneak malicious code into a 
signed e-mail message.


==========> 06-03-15-GovExec-CongressionalReportRatesUSGovtOrganizationsCybersecurityAsDismal.txt==========

http://www.govexec.com/story_page.cfm?articleid=33621&dcn=todaysnews

March 16, 2006
Congressional report rates cybersecurity as dismal
By Daniel Pulliam, GovExec
dpulliam@govexec.com

A majority of agencies received low marks from a congressional committee 
Thursday on their level of compliance with a federal computer system security 
act, but there's growing criticism that the law is ineffective.


==========> 06-03-15-NYT-Study-RFIDChipsVulnerableToHacking.txt==========

http://www.nytimes.com/2006/03/15/technology/15tag.html?_r=1&oref=slogin

March 15, 2006
Study Says Chips in ID Tags Are Vulnerable to Viruses
By JOHN MARKOFF
The New York Times

A group of European computer researchers have demonstrated that it is possible 
to insert a software virus into radio frequency identification tags, part of a 
microchip-based tracking technology in growing use in commercial and security 


==========> 06-03-16-AP-ICANNToLookAtUsingDNSNameServersToAttackWebsites.txt==========

http://www.siliconvalley.com/mld/siliconvalley/14113570.htm

Posted on Thu, Mar. 16, 2006
Internet panel to consider defenses against new attacks

WASHINGTON (AP) - The Internet's primary oversight body will consider defensive 
measures against a new variety of powerful electronic attacks that can 
overwhelm Web sites and disrupt e-mails by exploiting the computers that help 
manage global Internet traffic.



==========> 06-03-16-InfoWeek-Researcher-RFIDsVulnerableToViruses.txt==========

http://www.informationweek.com/security/showArticle.jhtml?articleID=183700423&su
bSection=Cybercrime

RFID World Still Reacting Strongly To Virus Research
A researcher who suggests that computer viruses could be spread by RFID 
technology sets off a firestorm of debate. Industry sources weigh in.
By Laurie Sullivan
TechWeb News
Mar 16, 2006 05:41 PM



==========> 06-03-17-ITMgmt-CongressionalReportRatesUSGovtOrganizationsCybersecurityAsDismal.txt==========

http://itmanagement.earthweb.com/secu/article.php/3592256

Feds Nearly Fail Cybersecurity... Again
March 17, 2006
By Sharon Gaudin
IT Management

The Department of Homeland Security isn't all that secure... at least when it 
comes to its computer systems.



==========> 06-03-23-SJMerc-FidelitySaysRecordsFor196KH-PEmployeesOnStolenLaptop.txt==========

http://www.siliconvalley.com/mld/siliconvalley/14168041.htm

Posted on Thu, Mar. 23, 2006
HP worker data stolen
FIDELITY ALERTS 196,000 RETIREES OF LAPTOP THEFT, MONITORS THEIR ACCOUNTS
By Nicole C. Wong
Mercury News

A laptop computer containing the names, Social Security numbers, compensation 
and other information for 196,000 current and former Hewlett-Packard employees 


==========> 06-03-24-AP-UsingDNSNameServersToAttackWebsites.txt==========

http://news.com.com/DNS+servers+do+hackers+dirty+work/2100-7349_3-6053468.html

DNS servers do hackers' dirty work
By Joris Evers
CNET Networks
Story last modified Fri Mar 24 09:59:14 PST 2006

In a twist on distributed denial-of-service attacks, cybercriminals are using 
DNS servers--the phonebooks of the Internet--to amplify their assaults and 
disrupt online business.


==========> 06-03-24-SJMerc-LossOfLaptopsAGrowingProblem.txt==========

http://www.siliconvalley.com/mld/siliconvalley/14177713.htm

Posted on Fri, Mar. 24, 2006
Mobile workforce puts data at risk
LOSS OF DEVICES REPRESENTS A GROWING PROBLEM
By Nicole C. Wong
Mercury News

The risk of identity theft is rising as the workforce becomes more mobile and 
people tote around sensitive personal data on computer equipment, observers say.


==========> 06-03-27-WashTech-ITCoordinationCouncilDraftsCyberattackResponse.txt==========

http://www.washingtontechnology.com/news/1_1/daily_news/28284-1.html

03/27/06
Council to draw up cyberattack response
By Alice Lipowicz
Staff Writer, Washington Technology

Setting up a national IT disaster response apparatus is one possible topic to 
be addressed by the IT Sector Coordinating Council as it drafts a 
sector-specific plan for protecting the nation’s computer networks against a 


==========> 06-04-00-ACMQueue-MonitoringOutboundNetworkConnections-ExtrusionDetection.txt==========

Reviews: Review of "Extrusion Detection: Security Monitoring for Internal 
Intrusions by Richard Bejtlich," Adddison-Wesley Professional, 2005, $49.99, 
ISBN: 0321349962.
Radu State
April 2006 	  	
Queue,  Volume 4 Issue 3 

Although most readers are probably familiar with the term intrusion detection 
and its general underlying function, they are probably not familiar with 
extrusion detection, a new concept that may become an emerging key technology 


==========> 06-04-00-CACM-BiometricAppliancesOfferedForSale.txt==========

Communications of the ACM, Volume 49, Number 4 (2006), Page 120
Inside Risks: Fake ID: batteries not included, Lauren Weinstein

It was only a matter of time. We've come to expect almost anything imaginable 
to be sold on late-night TV infomercials—from feel-good "health" bracelets to 
"get rich quick" real-estate schemes. So I shouldn't have been too surprised to 
stumble across a 3 a.m. full-hour ad for a firm offering biometric "appliances" 
(for legal applications only—the superimposed fine print notes—not responsible 
for customer misuse!).



==========> 06-04-00-EnterNetsAndServers-TestbedsBoostCyberSecurityResearch.txt==========

http://enterprisenetworksandservers.com/monthly/art.php?2083

Testbeds boost cyber security research
By Tom Kreidler
Enterprise Networks & Servers, April 2006

Information technology (IT) testbeds have been used for years to evaluate the 
utility of cutting-edge technologies and address challenging technical 
problems. Now they are emerging as a powerful new tool in the fight against 
cyber attacks.


==========> 06-04-00-NatlSciAndTechCouncil-FederalPlanForCyberSecurity.txt==========

http://nitrd.gov/pubs/csia/csia_federal_plan.pdf

Federal Plan for Cyber Security and Information Assurance Research and 
Development
National Science and Technology Council, Internagency Working Group on Cyber 
Decurity and Information Assurance
April 2006

About the National Science and Technology Council
The National Science and Technology Council (NSTC)was established by Executive 


==========> 06-04-03-CompBusRev-USGovtTakesInterestInDenialOfServiceAttacks.txt==========

http://www.cbronline.com/article_news.asp?guid=44F6BD06-8855-44AF-98A1-F319FF589
5B9

US takes interest in DDoS attacks
3rd April 2006
By Kevin Murphy, Computer Business Reciew

Senior levels of the US government are taking an interest in recent distributed 
denial-of-service attacks against the internet's domain name system, according 
to a person familiar with the situation.


==========> 06-04-04-NSF-NSFFundsStudiesOfVoIPSecurity.txt==========

http://www.eurekalert.org/pub_releases/2006-04/nsf-cwi040406.php

Public release date: 4-Apr-2006
National Science Foundation
Collaboration will investigate vulnerabilities of rapidly growing Internet 
phone and...

New research aims to plug holes in "Voice over Internet Protocol" before they 
happen
The National Science Foundation (NSF) has issed four awards totaling $600,000 


==========> 06-04-04-USACM-DataSecurityLegislationInchesForward.txt==========

=============================================================
                    ACM Washington Update
                         Vol. 10.3
                       4 April 2006
=============================================================

[3] MIXED BAG DATA SECURITY LEGISLATION INCHES FORWARD, USACM COMMENTS ON
PROPOSAL

Congress took another step forward in trying to deal with the numerous data


==========> 06-04-05-PCWorld-WillNewBillsProtectYourPersonalData.txt==========

http://www.pcworld.com/article/id,125293-c,privacylegislation/article.html

Tech.gov: Data Protection, the Federal Way
Congress wants to protect your data and make sure you're notified when there's 
a problem. Will the latest bills do the job?
Anush Yegyazarian, PC World,  April 05, 2006 12:00 AM PDT

Practically from the moment that ChoicePoint and its data breaches first hit 
the national consciousness last year, Congress has been trying to find the 
right way to protect the data handled by information brokers and to set 


==========> 06-04-07-ByteAndSwitch-ITManagersWarnedOfSmartViruses.txt==========

http://www.byteandswitch.com/document.asp?doc_id=92299&WT.svl=news2_1

April 07, 2006
Beware the Smart Virus
Byte and Switch

SAN DIEGO -- Storage Networking World -- IT managers at this week's SNW show 
claimed to be bracing themselves for a new breed of super virus based on 
complex mathematical theories that could wreak havoc on storage networks and 
servers.


==========> 06-04-07-CompWorld-SecurityRisksInWebServicesIgnored.txt==========

http://www.computerworld.com/developmenttopics/development/webdev/story/0,10801,
110321,00.html

Researcher: Security risks in Web services largely ignored
AJAX, XML could be exploited by hackers, Stamos warns
News Story by Robert McMillan

APRIL 07, 2006 (IDG NEWS SERVICE) - VANCOUVER, British Columbia -- In their 
rush to implement Web services, some companies may be exposing themselves to 
new security risks that they may not fully understand, a security researcher 


==========> 06-04-07-UBuffalo-SpaffordToDiscussCybersecurityCrisis.txt==========

http://spectrum.buffalo.edu/article.php?id=26984

Campus News   - APRIL 7th, 2006
To packed crowd, speaker discusses cyber security crisis
TOM HALLECK - Staff Writer

Professor Eugene H. Spafford, Ph.D., discussed the issue of cyber crime and 
Internet security at a lecture on Thursday afternoon.

America has long been in the age of the computer, and with companies' increased 


==========> 06-04-10-GovExec-RepDavisMayRevisitComputerSecurityLaw.txt==========

http://www.govexec.com/story_page.cfm?articleid=33811&printerfriendlyVers=1&

GovExec.com
DAILY BRIEFING April 10, 2006
Lawmaker may revisit computer security law
By Daniel Pulliam
dpulliam@govexec.com

Recent criticism of the federal law governing agencies' policies on
information technology security has attracted the attention of a key


==========> 06-04-11-AP-OnlineVoteOnWashStateQuarterSuspended.txt==========

http://www.siliconvalley.com/mld/siliconvalley/14317988.htm

Posted on Tue, Apr. 11, 2006
Vote on new Washington quarter hijacked by computer mischief

OLYMPIA, Wash. (AP) - Talk about your two-bit schemes.

Robotic computer programs stuffed the online ballot boxes in a contest for 
Washington's official state quarter design, forcing technicians to suspend 
voting.


==========> 06-04-17-GovtCompNews-USDHSStillGearingUpResponseToCyberthreats.txt==========

http://www.gcn.com/online/vol1_no1/40422-1.html

04/17/06 -- 02:28 PM
DHS still gearing up response to cyberthreats
By William Jackson, GCN Staff

The nation faces a real threat to its critical infrastructure while the 
Homeland Security Department still struggles to develop the systems needed to 
assess and respond to those risks, the department’s head of cybersecurity said 
today.


==========> 06-04-18-GovtCompNews-DebateOverWhetherDevelopersOrUsersCauseSecurityProblems.txt==========

http://www.gcn.com/online/vol1_no1/40437-1.html

04/18/06 -- 04:53 PM
Software insecurity: Plenty of blame to go around
Government Computer News
By William Jackson, GCN Staff

The reason software so often is not secure is the fault either of developers or 
of users.



==========> 06-04-20-AP-WestchesterCtyToRequireWirelessNetworkSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14390363.htm

Posted on Thu, Apr. 20, 2006
N.Y. county requires security for wireless business networks

WHITE PLAINS, N.Y. (AP) - Westchester County on Thursday enacted a law that is 
designed to limit identity theft by forcing local businesses to install basic 
security measures for any wireless network that stores customers' credit card 
numbers or other financial information.



==========> 06-04-21-CNETNews-AuthenticatingEmailCanBreakIt.txt==========

http://news.com.com/Danger+Authenticating+e-mail+can+break+it/2100-7349_3-606295
3.html

Danger: Authenticating e-mail can break it
By Joris Evers
CNET Networks
Story last modified Fri Apr 21 05:25:39 PDT 2006

CHICAGO--The promise of e-mail authentication is too good to ignore, but if it 
is implemented incorrectly it will break a company's mail system instead of 


==========> 06-04-24-AP-MacUsersFaceGrowingSecurityRisk.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14417423.htm

Posted on Mon, Apr. 24, 2006
Macs, long a safe haven, face growing security risk, experts say

SAN FRANCISCO (AP) - Benjamin Daines was browsing the Web when he clicked on a 
series of links promising to deliver pictures of an unreleased update to a 
computer operating system.

Instead, a window opened on his screen and showed strange commands being run, 


==========> 06-04-25-NatlJ-CouncilReleasesPlanForCybersecurityResearch.txt==========

http://www.govexec.com/story_page.cfm?articleid=33927&dcn=todaysnews

April 25, 2006
Council releases blueprint for federal cybersecurity research
National Journal
By Daniel Pulliam
dpulliam@govexec.com

President Bush's science and technology council has released a blueprint for 
coordinating federal interagency cybersecurity research and development.


==========> 06-04-26-CompWorld-BugsPutWidelyUsedDNSSoftwareAtRisk.txt==========

http://www.computerworld.com/securitytopics/security/holes/story/0,10801,110897,
00.html

Bugs put widely used DNS software at risk
Finnish researchers uncover a variety of holes
News Story by Robert McMillan

APRIL 26, 2006 (IDG NEWS SERVICE) - A number of flaws in the software that is 
used to administer the Internet's Domain Name System have been discovered by 
researchers at Finland's University of Oulu.


==========> 06-04-27-UIllinois-NewSoftwareAllowsPrivacyAndSecurityInSharingNetworkConnection.txt==========

http://www.news.uiuc.edu/news/06/0427internet.html

Software allows neighbors to improve Internet access at no extra cost
University of Illinois at Urbana-Champaign
James E. Kloeppel, Physical Sciences Editor
217-244-1073; kloeppel@uiuc.edu
4/27/06

CHAMPAIGN, Ill. — Computer scientists at the University of Illinois at 
Urbana-Champaign have developed software that enables the sharing of high-speed 


==========> 06-04-28-BBC-DNSServersOpenToAttack.txt==========

http://news.bbc.co.uk/1/hi/technology/4954208.stm

Big holes in net's heart revealed
By Mark Ward
Technology Correspondent, BBC News website
Published: 2006/04/28 13:58:07 GMT

Simple attacks could let malicious hackers take over more than one-third of the 
net's sites, reveals research.



==========> 06-05-00-ACMInteractions-EvaluatingSecurityAndPrivacyIndicators.txt==========

HCI and security: What do they "indicate?": evaluating security and privacy 
indicators
Lorrie Faith Cranor
May 2006 	  	
interactions,  Volume 13 Issue 3 

Security- and privacy-related tools often feature graphical (or in some cases 
textual or audio) indicators designed to assist users in protecting their 
security or privacy. But a growing body of literature has found the 
effectiveness of many of these indicators to be rather disappointing.


==========> 06-05-00-ACMInteractions-HumanComputerInteractionAndFeelingSecure.txt==========

HCI and security: Feeling secure
Joel Grossman
May 2006 	  	
interactions,  Volume 13 Issue 3 

What does it mean to provide a secure user experience? The intersection of the 
two has generally been defined—and explored—in technical terms. Hard-working 
people in BSD t-shirts have established over time what we, as user-experience 
professionals, have come to understand as the key considerations when working 
with security. These tend to the functional: standardized, time-tested design 


==========> 06-05-00-ACMInteractions-HumanComputerInterfacesCanPromoteSecurity.txt==========

HCI and security: Firefighters and engineers
Ka-Ping Yee
May 2006 	  	
interactions,  Volume 13 Issue 3 

Computer security can be described in two different ways: keeping users away 
from dangerous things, or enabling users to do useful things safely. The former 
perspective is attack-oriented; the latter is task-oriented.

In the attack-oriented mindset, users trudge along a dark path through the 


==========> 06-05-00-ACMInteractions-IntroductionToHumanComputerInterfacesAndSecurity.txt==========

HCI and security: Introduction
Ryan West
May 2006 	  	
interactions,  Volume 13 Issue 3 

In the 1983 movie WarGames, teen hacker Matthew Broderick accessed NORAD 
headquarters through dial-up, guessed the password to the W.O.P.R. 
supercomputer, and nearly destroyed the world in a game of thermonuclear war.

Armageddon in three steps? Now that's ease of use!


==========> 06-05-00-ACMInteractions-IsUsableSecurityAnOxymoron-HumanComputerInteractionIssues.txt==========

HCI and security: Is usable security an oxymoron?
Alexander J. DeWitt, Jasna Kuljis
May 2006 	  	
interactions,  Volume 13 Issue 3 

Until relatively recently, software security was of little concern to computer 
users. However, the media coverage of severe security breaches has made even 
relatively computer-illiterate users aware of possible dangers from malicious 
attacks and misuse to both their systems and sensitive personal information. 
There are many software packages available to combat these security threats. 


==========> 06-05-00-ACMInteractions-MinimalFeedbackHintsForRememberingPasswords.txt==========

HCI and security: Minimal-feedback hints for remembering passwords
Morten Hertzum
May 2006 	  	
interactions,  Volume 13 Issue 3 

Passwords are a widely used mechanism for user authentication and are thus 
critical to the security of many systems. To provide effective security, 
passwords should be known to the password holder but remain unknown to 
everybody else. While personal information and real words are relatively easy 
for a user to remember, they make weak passwords from a security point of view 


==========> 06-05-00-ACMInteractions-UserInterfaceDesign-EvaluatingSecurityAndPrivacyIndicators.txt==========

HCI and security: What do they "indicate?": evaluating security and privacy 
indicators
Lorrie Faith Cranor
May 2006 	  	
interactions,  Volume 13 Issue 3 

Security- and privacy-related tools often feature graphical (or in some cases 
textual or audio) indicators designed to assist users in protecting their 
security or privacy. But a growing body of literature has found the 
effectiveness of many of these indicators to be rather disappointing.


==========> 06-05-00-ACMInteractions-UsingHumanComputerInterfacesToPromoteSecurity.txt==========

HCI and security: IT security: protecting organizations in spite of themselves
David A. Siegel, Bill Reid, Susan M. Dray
May 2006 	  	
interactions,  Volume 13 Issue 3 

IT Security as an Organizational Function

It is a mantra of our profession that any search for strictly technical 
solutions that do not take the human and organizational elements into account 
is doomed to failure. This becomes especially interesting when it is borne out 


==========> 06-05-00-ACMInterations-KeepingUsersAwayFromDangerousThigsOrPermittingDoingThingsSafely.txt==========

HCI and security: Firefighters and engineers
Ka-Ping Yee
May 2006 	  	
interactions,  Volume 13 Issue 3 

Computer security can be described in two different ways: keeping users away 
from dangerous things, or enabling users to do useful things safely. The former 
perspective is attack-oriented; the latter is task-oriented.

In the attack-oriented mindset, users trudge along a dark path through the 


==========> 06-05-00-CACM-DecidingWhetherToDownloadOrNot.txt==========

HCI and security: To download or not to download: an examination of computer 
security decision making
Jefferson B. Hardee, Ryan West, Christopher B. Mayhorn
May 2006 	  	
interactions,  Volume 13 Issue 3 

Imagine you are in the middle of studying for tomorrow's test when your 
antivirus software prompts you with a message indicating new virus definitions 
are available. Would you update the antivirus software now or later or not at 
all?


==========> 06-05-00-CornellU-DNSNamingSystemIsNotSecure.txt==========

http://www.cs.cornell.edu/people/egs/papers/dnssurvey.pdf

Perils of Transitive Trust in the Domain Name System
Venugopalan Ramasubramanian and Emin G¨ un Sirer
Dept. of Computer Science, Cornell University, Ithaca, NY 14853
May 2006

Abstract
The Domain Name System, DNS, is based on nameserver
delegations, which introduce complex and subtle depen-


==========> 06-05-01-FedCompWeek-CybersecurityPlanIdentifiesResearchThreats.txt==========

http://www.fcw.com/article94225-05-01-06-Print

Cybersecurity research plan identifies threats
Federal plan lacks a funding strategy for critical infrastructure protection R&D
Source: National Science and Technology Council
BY Aliya Sternstein
Federal Computer Week, Published on May 1, 2006

More Related Links



==========> 06-05-01-GovtCompNews-ExpertSaysGovtNeedsBetterOrganizationAndFocus.txt==========

http://www.gcn.com/online/vol1_no1/40570-1.html

Better organization, focus needed for cybersecurity
Government Computer News
By William Jackson, GCN Staff
[Accessed May 1, 2006]

The government needs to establish clear lines of authority and clarify 
responsibility for an effective national information assurance policy, former 
presidential adviser Paul Kurtz said Thursday.


==========> 06-05-05-AP-CAManPleadsGuiltyToComputerAttacks.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14509668.htm

Posted on Fri, May. 05, 2006
California man pleads guilty in computer attack

SEATTLE (AP) - A man pleaded guilty to charges of launching an attack that hit 
tens of thousands of computers, including some that belonged to the Department 
of Defense, and crippled a hospital's network.

Under a plea agreement, Christopher Maxwell, 20, of Vacaville, Calif., will be 


==========> 06-05-05-BBC-NASAHackerSuspectFearedUFOCoverup.txt==========

http://news.bbc.co.uk/1/hi/programmes/click_online/4977134.stm

Hacker fears 'UFO cover-up'
BBC NEWS
EXCLUSIVE INTERVIEW
May 5, 2006

In 2002, Gary McKinnon was arrested by the UK's national high-tech crime unit, 
after being accused of hacking into Nasa and the US military computer networks.



==========> 06-05-05-NetWorld-USDataDataBreachNotificationLawUnlikelyThisYear.txt==========

http://www.networkworld.com/news/2006/050506-data-breach-notification-law-unlike
ly.html?fsrc=netflash-rss

Data breach notification law unlikely this year
By Grant Gross, IDG News Service, 05/05/06
Network World

In the wake of a series of data breaches in early 2005, the U.S. Congress 
seemed ready to move quickly on legislation that would require companies to 
notify customers when their personal information had been compromised.


==========> 06-05-08-CornellUniv-SurveyOfDNSSecurity-VulnerableAndBaluableAssets.txt==========

http://www.cs.cornell.edu/people/egs/beehive/dnssurvey.html

A Survey of DNS Security: Most Vulnerable and Valuable Assets
Cornell UNiversity
May 8, 2006

It is well-known that nameservers in the Domain Name System are vulnerable to a 
wide range of attacks. We recently performed a large scale survey to answer 
some basic questions about the legacy DNS:



==========> 06-05-10-AP-BritishCourtOKsExtraditionOfHackerSuspectToUS.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14546132.htm

Posted on Wed, May. 10, 2006
Court rules Briton can be extradited to face U.S. hacking charges

LONDON (AP) - A British computer hacker facing extradition to the United States 
on charges of damaging U.S. Army, Air Force, Navy and NASA systems said 
Wednesday he never intended to cause harm -- he was just searching for hidden 
evidence of UFOs.



==========> 06-05-11-eWeek-AJAX-AsyncJavaScriptAndXML-TacklesSecurity.txt==========

http://www.eweek.com/article2/0,1895,1960822,00.asp

AJAX Experts Tackle Security, Other Issues
By Darryl K. Taft
May 11, 2006 	
eWeek

SAN FRANCISCO—A panel of experts broke down many of the key issues surrounding 
AJAX—including security, tooling, support for devices and, not a small 
question, what will Microsoft do—at the AJAX Experience conference here May 10.


==========> 06-05-11-eWeek-MSResearchersDevelopingAutomatedMalwareClassification.txt==========

http://www.eweek.com/article2/0,1895,1961132,00.asp

MS Researchers Tackle Automated Malware Classification
By Ryan Naraine
May 11, 2006 	
eWeek

Researchers from Microsoft's anti-malware engineering team are working on an 
automated way to sort through the thousands of malware families and variants 
attacking Windows computers.


==========> 06-05-12-NewSci-MashupWebsitesAreHackersDreamComeTrue.txt==========

http://www.newscientisttech.com/article/mg19025516.400

'Mashup' websites are a hacker's dream come true
12 May 2006
From New Scientist Print Edition
Paul Marks

TAKE an online map of a city, throw in some information on local house prices 
or crime levels, and you have the recipe for a "mashup" website.



==========> 06-05-14-Reuters-CyberThreatsToUSBusinessGrowMoreDangerous.txt==========

http://today.reuters.com/news/newsArticle.aspx?type=reutersEdge&storyID=2006-05-
14T145726Z_01_N14347122_RTRUKOC_0_US-SECURITY.xml

Cyber threats to US business grow more dangerous
Sun May 14, 2006 10:55am ET7
Reuters
By Joel Rothstein

WASHINGTON (Reuters) - Attacks on U.S. computer networks could escalate from 
mere inconveniences to disasters that ruin companies or even kill people, 


==========> 06-05-16-ZDNetr-BadSecurity-EveryoneDoesIt.txt==========

http://blogs.zdnet.com/Ou/?p=226

ZDNet, May 16, 2006
Bank's defense of bad security: Everyone else does it
Posted by George Ou @ 11:54 pm

When I wrote "Many Banks failing to use SSL authentication", I was surprised to 
see how many people didn't get it and actually got angry with me for pointing 
out a serious security issue with online banking even though all the security 
experts agree that this is a real serious problem.  But even more of a 


==========> 06-05-19-InfoWorld-ResearchersSaySpendMoreToProtectSeriousAttacks.txt==========

http://infoworld.com/article/06/05/19/78509_HNholesinapproach_1.html

Researchers: spend to protect against one attack, not many
Model to be proposed next month is based on minimizing risk defined by 
probability of a breach
By Jeremy Kirk, IDG News Service
May 19, 2006

In an academic paper to be presented next month at the University of Cambridge 
in England, a research team will make a compelling and somewhat surprising 


==========> 06-05-19-ITNews-USDHSBashesRFIDToTrackPeople.txt==========

http://www.itnews.com.au/newsstory.aspx?CIaNID=32759&src=site-marq

DHS privacy office bashes RFID technology to track people
By Laurie Sullivan   |   19 May 2006 09:24 AEST
IT News
The Department of Homeland Security's Privacy Office has issued a draft report 
that strongly criticizes privacy and security risks of using radio frequency 
identification devices for human identification.

The privacy office says the technology offers little performance benefit for 


==========> 06-05-19-MasseyUniv-HackingUsingGoogleBigProblem.txt==========

http://masseynews.massey.ac.nz/2006/Massey_News/issue-08/stories/01-08-06.html

‘Google hacking’ attacks rising
New Zealand web sites are more vulnerable to “Google hacking” than many people 
realise and “hacking” attacks are on the rise, according to a recent study by 
Massey researchers.
Massey Univ,  May 19, 2006

Personal information held by businesses, government departments and voluntary 
organizations are potentially at risk, along with operations of the websites 


==========> 06-05-22-NetWorld-SecurityExpertRecommendsNetDiversity.txt==========

Security Expert Recommends Net Diversity
Network World (05/22/06) Vol. 23, No. 20, P. 19; Marsan, Carolyn Duffy

Eugene Spafford, director of Purdue University's Center for Education and 
Research in Information Assurance and Security, says the three biggest threats 
to information security that multinationals are likely to face are the 
deployment of cost-saving or feature-enhancing resources (such as VoIP and 
wireless) without careful consideration of the consequences; the erosion of the 
network perimeter through the advent of advanced communications technologies; 
and excessive dependency on a small set of suppliers, leading to a situation in 


==========> 06-05-22-USACM-VALaptopWithPersonalInformationStolen.txt==========

May 22, 2006
ACM-USACM
VA Department Loses Personal Information On 26.5 Million Vets

Many privacy advocates dubbed 2005, “The Year of Data Breach.” Perhaps the term 
should be amended to “the years” or even “decade” with yet another announcement 
of a massive loss of data. This time a Department of Veterans Affairs (VA) 
employee took a laptop home, which was then stolen, that had personal 
information (including social security numbers) on 26.5 million veterans. It 
doesn’t look like the data was encrypted.


==========> 06-05-22-VetAffairs-VALaptopWithPersonalInformationStolen.txt==========

http://www.va.gov/

IMPORTANT ANNOUNCEMENT
[Accessed May22, 2006]

The Department of Veterans Affairs (VA) has recently learned that an employee, 
a data analyst, took home electronic data from the VA, which he was not 
authorized to do. This behavior was in violation of our policies.  This data 
contained identifying information including names, social security numbers, and 
dates of birth for up to 26.5 million veterans and some spouses, as well as 


==========> 06-05-24-EEYE-RemotelyExploitableVulnerabilityExistsInSymantecAntivirusProgram.txt==========

http://www.eeye.com/html/research/upcoming/20060524.html

EEYEB-20060524
eEye
Date Reported: May 24, 2006
Vendor: Symantec

Description:
A remotely exploitable vulnerability exists within the Symantec Antivirus 
program. This flaw does not require any end user interaction for exploitation 


==========> 06-05-25-AP-SymantecAntivirusSoftwareExposesCustomerComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14666871.htm

Posted on Thu, May. 25, 2006
Experts: Symantec antivirus software exposes customer computers

WASHINGTON (AP) - Symantec Corp.'s leading antivirus software, which protects 
some of the world's largest corporations and U.S. government agencies, suffers 
from a flaw that lets hackers seize control of computers to steal sensitive 
data, delete files or implant malicious programs, researchers said Thursday.



==========> 06-05-25-AP-VADiscoversTheftOfPersonalDataForMillionsOfVeterans.txt==========

http://news.yahoo.com/s/ap/20060525/ap_on_go_ca_st_pe/vets_id_theft_3

VA breach discovered through office gossip
By HOPE YEN, Associated Press WriterThu May 25, 7:25 PM ET

The theft of personal data for 26.5 million veterans came to the attention of 
the Veterans Affairs inspector general only through office gossip, he told 
Congress Thursday.

In four hours of testimony, IG George Opfer said the department failed to heed 


==========> 06-05-25-AP-VAEmployeeImproperlyTookDataHome.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14666861.htm

Posted on Thu, May. 25, 2006
VA employee improperly took data home for 3 years, investigators say

WASHINGTON (AP) - The theft of personal data for 26.5 million veterans came to 
the attention of the Veterans Affairs inspector general only through office 
gossip, he told Congress Thursday.

In four hours of testimony, IG George Opfer said the department failed to heed 


==========> 06-05-25-CNET-MPAAAccusedOfHiringHacker.txt==========

http://news.com.com/MPAA+accused+of+hiring+a+hacker/2100-1030_3-6076665.html?tag
=st_lh

MPAA accused of hiring a hacker
By Greg Sandoval
CNET Networks
Story last modified Thu May 25 04:49:56 PDT 2006

A lawsuit filed Wednesday accuses the Motion Picture Association of America of 
hiring a hacker to steal information from a company that the MPAA has accused 


==========> 06-05-25-eWeek-SymantecAntiVirusWormHolePutsCustomersAtRisk.txt==========

http://www.eweek.com/article2/0,1895,1967941,00.asp

Symantec AntiVirus Worm Hole Puts Millions at Risk
By Ryan Naraine, eWeek
May 25, 2006 	

A gaping security flaw in the latest versions of Symantec's anti-virus software 
suite could put millions of users at risk of a debilitating worm attack, 
Internet security experts warned May 25.



==========> 06-05-26-AP-MPAAAccusedOfHiringHacker.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14675610.htm

Posted on Fri, May. 26, 2006
Companies claim Hollywood trade group paid hacker to spy

LOS ANGELES (AP) - Valence Media, a company accused of aiding online movie 
pirates, says the group that represents Hollywood studios hired a computer 
hacker to spy on it.

Valence Media, which operates the Web site www.torrentspy.com, was sued in 


==========> 06-05-29-BusWeek-CybercrooksAreStealingBillions.txt==========

http://www.businessweek.com/magazine/content/06_22/b3986093.htm

MAY 29, 2006
Meet The Hackers
Cybercrooks are stealing billions. An inside look at law enforcement's biggest 
targets
Business Week

Dimitry Ivanovich Golubov doesn't look like an arch criminal. A baby-faced 
22-year-old Ukrainian, he is described by his lawyer as an unassuming part-time 


==========> 06-06-00-ACMCrossroads-TrustedP2PFileSharingApplications.txt==========

Architecting trust-enabled peer-to-peer file-sharing applications
Crossroads
Volume 12 ,  Issue 4  (Summer 2006) table of contents
Pages: 5 - 5  
Girish Suryanarayana, Mamadou H. Diallo, Justin R. Erenkrantz, Richard N. Taylor
ACM Press   New York, NY, USA

Decentralized peer-to-peer (P2P) resource sharing applications lack a 
centralized authority that can facilitate peer and resource look-ups and 
coordinate resource sharing between peers. Instead, peers directly interact and 


==========> 06-06-00-CACM-AcademicFreedomANdTheHackerEthic.txt==========

Hacking and innovation: Academic freedom and the hacker ethic
Tom Cross
June 2006 	  	
Communications of the ACM,  Volume 49 Issue 6 

Hackers advocate the free pursuit and sharing of knowledge without restriction, 
even as they acknowledge that applying it is something else.

There is a global culture of people who call themselves computer hackers that 
is driven by a fundamental belief that information should be free and that the 


==========> 06-06-00-CACM-ComplexityAndFeedbackHighlightsNeedForBetterFailureModes.txt==========

Viewpoint: How to think about security failures
Scott Campbell
January 2006 	  	
Communications of the ACM,  Volume 49 Issue 1 

Understanding complexity and feedback in security models highlights the need 
for better failure modes in solutions.

Why is securing large computer systems so difficult? It's not just for the 
obvious reasons—that they're large and publicly available through the Internet. 


==========> 06-06-00-CACM-ComputersAreVeryVulnerableInWirelessHotspots.txt==========

Communications of the ACM
Volume 49, Number 6 (2006), Pages 50-56
Wireless hotspots: petri dish of wireless security
Bruce Potter

Laptops and PDAs are so vulnerable in wireless hotspots, users would do well to 
turn them off.

Achieving a truly secure connection at a public wireless hotspot is an 
impossible proposition. Despite the lack of security, wireless hotspots using 


==========> 06-06-00-CACM-MeansSoughtToDetectAndPreventSecurityVulnerabilitiesFromBeingExploited.txt==========

Hacking and innovation: Software security is software reliability
Felix FX Lindner
June 2006 	  	
Communications of the ACM,  Volume 49 Issue 6 

Enlist hacker expertise, but stay with academic fault naming conventions, when 
defending against the risk of exploitation of vulnerabilities and intrusions.

Recent efforts by academic researchers and the computer security industry have 
sought to find ways to detect and prevent software vulnerabilities from being 


==========> 06-06-00-CACM-ThinkLikeAnAttackerNotLegally.txt==========

Hacking and innovation: Security through legality
Stephen Bono, Aviel Rubin, Adam Stubblefield, Matthew Green
June 2006 	  	
Communications of the ACM,  Volume 49 Issue 6 

The law alone won't prevent an unauthorized visit or even a deliberate attack. 
Security depends on being able to think like an attacker.

That would work, but no attacker would try it," said the chief designer of a 
wireless security system we had been contracted to evaluate. After several 


==========> 06-06-00-CACM-WhiteHatHackingAcrossTheDomainNameSystem.txt==========

Hacking and innovation: Explorations in namespace: white-hat hacking across the 
domain name system
Dan Kaminsky
June 2006 	  	
Communications of the ACM,  Volume 49 Issue 6 

DNS cache scanning across a sample set of more than 500,000 name servers 
revealed the extent of last year's Sony rootkit infestation on client machines.

It's a fact that the larger the data set, the more difficult it is to update 


==========> 06-06-00-CACM-WirelessHotspotsCauseManySecurityProblems.txt==========

Hacking and innovation: Wireless hotspots: petri dish of wireless security
Bruce Potter
June 2006 	  	
Communications of the ACM,  Volume 49 Issue 6 

Laptops and PDAs are so vulnerable in wireless hotspots, users would do well to 
turn them off.

Achieving a truly secure connection at a public wireless hotspot is an 
impossible proposition. Despite the lack of security, wireless hotspots using 


==========> 06-06-01-AP-PersonalDataOnOverOneMillionLostByStudentLoanCompany.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14716836.htm

Posted on Thu, Jun. 01, 2006
Personal data of 1.3 million lost by student loan company

AUSTIN, Texas (AP) - Equipment containing the names and social security numbers 
of about 1.3 million Texas Guaranteed Student Loan Corp. borrowers has 
disappeared, company officials said.

There was no evidence the information had been misused, but Texas Guarantee 


==========> 06-06-01-ConcordiaJ-SecurityResearchersToProduceNewTools.txt==========

http://cjournal.concordia.ca/journalarchives/2006-07/jun_1/007067.shtml

Security researchers to produce new tools
barbara black
Concordia Journal, June 1, 2006

The researchers involved in the project are (seated left to right) Rachida 
Dssouli, CIISE Director, Chadi Assi, Assistant Professor, CIISE. Behind them 
are Mourad Debbabi, Associate Director, CIISE and Concordia Research Chair, 
Tier 1. Seated on the table is Amr Youssef, Associate Professor, CIISE.


==========> 06-06-01-NZHerald-ComputerNetworksVulnerableToTerroristAttacks.txt==========

http://www.nzherald.co.nz/search/story.cfm?storyid=0000B25C-5835-147D-BD1483027A
F1010F

The enemy within: terror by computer
New Zealand Herald, Thursday June 1, 2006
By Jimmy Lee Shreeve
 
According to cyber-security experts, the terror attacks of September 11 and 
July 7 could be seen as mere staging posts compared with the devastation that 
might be unleashed if terrorists turn their focus from the physical to the 


==========> 06-06-01-Schneier-BadSecurity-EveryoneDoesIt.txt==========

http://www.schneier.com/blog/

Bad Security: Everyone Does It
Bank defends its bad security by saying that everyone else does it too.
Schneier, Posted on June 01, 2006 at 12:00 PM
Aligning Interest with Capability

Have you ever been to a retail store and seen this sign on the register: "Your 
purchase free if you don't get a receipt"? You almost certainly didn't see it 
in an expensive or high-end store. You saw it in a convenience store, or a 


==========> 06-06-02-AP-SwedishPoliceComputerShutDownByAttack.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14725576.htm

Posted on Fri, Jun. 02, 2006
Swedish police Web site shut down by Internet attack

STOCKHOLM, Sweden (AP) - The Web site of Sweden's national police was shut down 
after an attack that investigators said could be retaliation for a crackdown on 
a popular file-sharing site called The Pirate Bay.

Meanwhile, the government faced allegations that police had acted under 


==========> 06-06-06-FtWorthST-CompaniesSeenAsLaxOnProtectingData.txt==========

http://www.siliconvalley.com/mld/siliconvalley/14754071.htm

Posted on Tue, Jun. 06, 2006
Despite breaches, companies seen as lax on protecting data
By Aman Batheja
Fort Worth Star Telegram

FORT WORTH, Texas - Another week, another huge breach of personal data.

Dallas-based Hotels.com announced last week that credit-card numbers and other 


==========> 06-06-06-USACM-VALosesPersonalInfoOnVeterans.txt==========

ACM Washington Update
Vol. 10.5, June 2006

VA DEPARTMENT LOSES PERSONAL INFORMATION ON 26.5 MILLION VETS

Many privacy advocates dubbed 2005 "The Year of Data Breach." Perhaps the
term should be amended to "the years" or even "decade" with yet another
announcement of a massive loss of data. This time a Department of Veterans
Affairs (VA) employee took a laptop home, which was then stolen, that had
personal information (including social security numbers) on 26.5 million


==========> 06-06-07-NYT-ArrestMadeInHackingSchemeToResellnternetPhoneService.txt==========

http://www.nytimes.com/2006/06/07/technology/07cnd-voice.html?ex=1149912000&en=1
4614ee0dce68b5c&ei=5087%0A

June 7, 2006
Hacker Said to Resell Internet Phone Service
By KEN BELSON and TOM ZELLER Jr.
The New York Times

Federal authorities arrested one man in Miami and another in Spokane, Wash., 
today in connection with what they said was a hacking scheme involving the 


==========> 06-06-08-MiamiHerald-ArrestMadeInVoIPHackingScheme.txt==========

http://www.siliconvalley.com/mld/siliconvalley/14770527.htm

Posted on Thu, Jun. 08, 2006
Miami man arrested in VoIP scheme
A crackdown on a VoIP hacking scheme stretching from coast to coast led to the 
arrest of a Miami man.
BY JOSEPH TARTAKOFF, jtartakoff@MiamiHerald.com

In what appears to be one of the first cases of its kind, a Miami man was 
arrested Wednesday morning for allegedly stealing more than 10 million minutes 


==========> 06-06-10-AP-HackersGetSSNsFor1500OnDOEComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14789954.htm

Posted on Sat, Jun. 10, 2006
DOE computers hacked; info on 1,500 taken
H. JOSEF HEBERT
Associated Press

WASHINGTON - A hacker stole a file containing the names and Social Security 
numbers of 1,500 people working for the Energy Department's nuclear weapons 
agency.


==========> 06-06-12-AP-VirusTargetsWinnyFileSharingProgram.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14801373.htm

Posted on Mon, Jun. 12, 2006
Virus spreads data, scandal over Winny
CARL FREIRE
Associated Press

TOKYO - A computer virus that targets the popular file-sharing program Winny 
isn't the most destructive bug or even the most widespread. But it's the most 
talked about in Japan as it generates headline after headline, month after 


==========> 06-06-12-CNET-MSSaysRootkitInfectedZombieComputersMostPrevalentThreat.txt==========

http://news.com.com/Microsoft+Zombies+most+prevalent+Windows+threat/2100-7349_3-
6082615.html?tag=nefd.top

Microsoft: Zombies most prevalent Windows threat
By Joris Evers
CNET Networks

A correction was made to this story. Read below for details.

Many Windows PCs have been turned into zombies, but rootkits are not yet 


==========> 06-06-12-eWeek-MSSaysRootkitInfectedZombieComputersMostPrevalentThreat.txt==========

http://www.eweek.com/article2/0,1895,1974620,00.asp

Microsoft: Trojans, Bots Are 'Significant and Tangible Threat'
By Ryan Naraine
June 12, 2006 	

BOSTON -- Microsoft security researchers have used data collected from its MSRT 
(malicious software removal tool) to produce the clearest picture yet of the 
malware scourge on Windows -- and it's not a pretty sight.



==========> 06-06-12-eWeek-SecurityOnusIsOnSoftwareDevelopers.txt==========

http://www.eweek.com/article2/0,1895,1972593,00.asp

Security Onus Is on Developers
By Peter Coffee
eWeek, June 12, 2006 	

During last month's JavaOne Conference in San Francisco, Fortify Software 
convened a panel to discuss the role of application developers in software 
security and the need for appropriate development technology, without which 
genuine security is impossible to achieve.


==========> 06-06-12-FedCompWeek-IsTheNationalStrategyToSecureCyberspaceStillRelevant.txt==========

http://www.fcw.com/article94815-06-12-06-Print

The best-laid plan?
Experts debate whether the National Strategy to Secure Cyberspace is still 
relevant — if it ever was
By Jennifer McAdams, Federal Computer Week, Published June 12, 2006

Propped on the shelves of many government and industry information technology 
security offices is a dated, 76-page glossy document titled “The National 
Strategy to Secure Cyberspace,” perhaps the only tangible evidence that the 


==========> 06-06-13-AP-YahooSaysMaliciousEmailWormContained.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14809505.htm

Posted on Tue, Jun. 13, 2006
Yahoo says e-mail worm contained

SUNNYVALE, Calif. (AP) - Yahoo Inc. said Tuesday it has contained a malicious 
program aimed at the millions of people who use its e-mail service, which ranks 
as the world's largest.

The worm, dubbed ``Yamanner,'' infected a recipient's computer as soon as the 


==========> 06-06-14-ACMCrossroads-ProblemsWithWiFiSecurity.txt==========

http://www.acm.org/crossroads/xrds11-1/wifi.html

Crossroads, The ACM Student Magazine
WiFi Exposed
by Andrea Bittau
[Accessed June 14, 2006]

Introduction

Over the past few years, IEEE 802.11 wireless networks have become increasingly 


==========> 06-06-19-AP-MSConfirmsVulnerabilityInExcel.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14855842.htm

Posted on Mon, Jun. 19, 2006
Microsoft confirms vulnerability in spreadsheet program

SAN FRANCISCO (AP) - A flaw in Microsoft Corp.'s Excel spreadsheet could allow 
criminals to remotely control a computer, the company confirmed Monday.

Microsoft, the world's biggest software maker, is aware of just one case in 
which a user was attacked via the vulnerability, according to a Web site 


==========> 06-06-19-AP-PettyThievesBiggerThreatToDataSecurityThanHackers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14853654.htm

Posted on Mon, Jun. 19, 2006
Petty thieves, not hackers, are driving data-security fears
By Stephen Manning, Associated Press

ROCKVILLE, Md. - Reports of data theft often conjure up images of malicious 
hackers breaking into remote databases to filch Social Security numbers, 
credit-card records and other personal information.



==========> 06-06-19-ITWeek-DomainNameSystemDNSDefencesNeedStrengthening.txt==========

http://www.vnunet.com/itweek/analysis/2158577/why-dns-defences-bolstering

Interview: Why DNS defences need bolstering
Nominum’s Albert Gouyet explains how enterprises can protect their DNS servers
Phil Muncaster, IT Week 19 Jun 2006

IT Week: As vice-president of marketing for Domain Name System [DNS] server 
specialist Nominum, can you describe the security threats in this field?

Albert Gouyet: Network naming and addressing is now being used as the vector in 


==========> 06-06-26-CNET-BusinessRoundtableWarmsOfInternetOutage.txt==========

http://news.com.com/U.S.+unprepared+for+Net+meltdown%2C+blue+chips+warn/2100-734
8_3-6087470.html

U.S. unprepared for Net meltdown, blue chips warn
By Anne Broache, CNET Networks, Story last modified Mon Jun 26 12:21:57 PDT 2006

The United States has never experienced a massive Internet outage, but a 
coalition of dynamic chief executives said Friday that the nation must do more 
to prepare for that prospect.



==========> 06-06-26-GovtCompNews-ITExecutivesPushToGuardInternet.txt==========

http://www.washingtontechnology.com/news/21_12/news/28812-1.html

Government Computer News, 06/26/06; Vol. 21 No. 12
Cyberprotection takes center stage
By Alice Lipowicz, Staff Writer

IT execs push to guard virtual assets
A year ago, an IT critical infrastructure list circulating in Washington 
included the headquarters of Intel Corp. and Microsoft Corp. Today, the list is 
more likely to include virtual assets such as networks that carry data to and 


==========> 06-06-29-FedCompWeek-BushAdminRandDMemoStressesCompetitivenesAndCybersecurity.txt==========

http://www.fcw.com/article95102-06-29-06-Web

White House memo on R&D budget priorities stresses competitiveness
BY Aliya Sternstein, Federal Computer Week, Published on June 29, 2006

A Bush administration memo on research and development budget priorities for 
fiscal 2008 stresses competitiveness above other areas, including energy and 
cybersecurity.

The document refers to the new innovation agenda laid out in President Bush's 


==========> 06-07-00-CACM-AnImprovedTrustModelGoesBeyondSecurity.txt==========

Communications of the ACM
Volume 49, Number 7 (2006), Pages 94-101
Trust beyond security: an expanded trust model
Lance J. Hoffman, Kim Lawson-Jenkins, Jeremy Blum

Developing an improved trust model and related metrics for distributed 
computer-based systems that will be useful immediately and resilient to 
changing technology.

Advances in network and microprocessor technology have increased the adoption 


==========> 06-07-00-IEEESecAndPrivacy-IntrusionTolerantMiddleware.txt==========

http://www.computer.org/portal/site/security/menuitem.6f7b2414551cb84651286b108b
cd45f3/index.jsp?&pName=security_level1_article&TheCat=1001&path=security/2006/v
4n4&file=oth.xml&

Intrusion-Tolerant Middleware: The Road to Automatic Security
Paulo E. Veríssimo, Nuno F. Neves, Christian Cachin, Jonathan Poritz, David 
Powell and Yves Deswarte, Robert Stroud, and Ian Welch
IEEE Security and Privacy, Jul./Aug. 2006




==========> 06-07-05-CompWorld-ResearchersClaimWorkaroundForChinaFirewall.txt==========

http://www.computerworld.com.au/index.php/id;681916559;fp;16;fpid;0

Researchers claim Great Firewall workaround
Sumner Lemon and Nancy Gohring, IDG News Service, 05/07/2006 08:32:37

A group of researchers at the University of Cambridge claims to have found a 
way to circumvent China's Internet content controls, but some doubt whether 
their findings really offer a breakthrough.

Their paper, titled "Ignoring the Great Firewall of China," offers an insight 


==========> 06-07-05-NetWorld-DOEFederatedModelTriesToIdentifySecurityThreats.txt==========

http://www.networkworld.com/news/2006/070506-argonne-national-lab.html

DOE’s Federated Model aims to identify security threats
By Cara Garretson, NetworkWorld.com, 07/05/06
Argonne National Laboratory, a division of the Department of Energy (DOE) 
operated out of the University of Chicago, is spearheading an effort to collect 
information about cyber security events that is beginning to gain steam.

Called The Federated Model, this information-sharing initiative among 
government, universities, and research labs began last fall and currently has 


==========> 06-07-06-USACM-SpaffordTestifiesAboutVADataBreach.txt==========

=============================================================
                ACM Washington Update
                    Vol. 10.6
                    July 6, 2006
=============================================================

USACM's Chair Testifies on VA Data Breach

Testifying before the House Veterans' Affairs Committee about the recent
databreach at the Veterans Affairs (VA) Department, Eugene Spafford argued


==========> 06-07-09-ISTResults-EULaunchesInformationSecurityAndReliabilityInitiative.txt==========

http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Feat
ures/ID/82606

Securing Europe’s future information society
A security taskforce ensuring a secure information society of the future
ISTResults [Accessed July 9, 2006]

As our society is rapidly adopting more information and communication 
technologies in services and commerce, private information is at increasing 
risk and security and reliability problems become prevalent. The EU has 


==========> 06-07-10-ISTResults-SecurityProvidersPlayingCatchupUnCyberattacks.txt==========

http://istresults.cordis.lu/index.cfm/section/news/tpl/article/ID/82644/Browsing
Type/Features

Seeking to tighten the Net against attack
ISTResults
Broadband connections secured by novel security solutions
10 Jul 2006

As more users switch to broadband internet access, security providers are 
playing a frantic game of ‘catch-up’ to secure networks against the many 


==========> 06-07-11-AP-USStateDeptInvestigatingAttacksOnItsComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15015613.htm

Posted on Tue, Jul. 11, 2006
State Department investigating broad cyberattack

WASHINGTON (AP) - The State Department is recovering from large-scale computer 
break-ins worldwide over the past several weeks that appeared to target its 
headquarters and offices dealing with China and North Korea, The Associated 
Press has learned.



==========> 06-07-12-OMB-MemoToAgenciesOnReportingIncidentsInvolvingPersonallyIdentifyingInformation.txt==========

http://www.whitehouse.gov/omb/memoranda/fy2006/m06-19.pdf

EXECUTIVE OFFICE OF THE PRESIDENT EXECUTIVE OFFICE OF THE PRESIDENT
OFFICE OF MANAGEMENT AND BUDGET OFFICE OF MANAGEMENT AND BUDGET
WASHINGTON, D.C. 20503 WASHINGTON, D.C. 20503
M-06-19 M-06-19
July 12, 2006 July 12, 2006
MEMORANDUM FOR CHIEF INFORMATION OFFICERS MEMORANDUM FOR CHIEF INFORMATION 
OFFICERS
FROM: Karen S. Evans FROM: Karen S. Evans


==========> 06-07-14-AP-FBIComputerConsultatntAvoidsJailForStealingPasswords.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15041024.htm

Posted on Fri, Jul. 14, 2006
FBI computer consultant spared jail time in hacking case

WASHINGTON (AP) - An FBI computer consultant who pleaded guilty to hacking the 
secret passwords of Director Robert Mueller and others will not serve any time 
in prison, a federal judge has ruled.

Joseph Thomas Colon of Springfield, Ill., was sentenced Thursday by U.S. 


==========> 06-07-14-AP-McAfeeUrgesCustomersToUpdateItsFlawedSoftware.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15040892.htm

Posted on Fri, Jul. 14, 2006
McAfee urges update to flawed security software

WASHINGTON (AP) - A leading computer security company, McAfee Inc., quietly 
fixed a dangerous design flaw months ago in its flagship technology for 
managing protective software in large organizations but did not warn businesses 
and U.S. government agencies until Friday.



==========> 06-07-19-ZDNet-80PercentOfProgramsCanDefeatAntivirusSoftware.txt==========

http://www.zdnet.com.au/news/security/soa/Eighty_percent_of_new_malware_defeats_
antivirus/0,2000061744,39263949,00.htm

Eighty percent of new malware defeats antivirus
By Munir Kotadia, ZDNet Australia, 19 July 2006 03:05 PM

The most popular antivirus applications on the market are rendered useless by 
around 80 percent of new malware, according to AusCERT.

At a security breakfast hosted by e-mail security firm Messagelabs in Sydney on 


==========> 06-07-24-Wired-HackersOnPlanetEarthConference.txt==========

http://www.wired.com/news/technology/0,71450-0.html?tw=wn_index_2

Hackers Fight Authority in NYC
By Annalee Newitz, Wired, 10:30 AM Jul, 24, 2006

NEW YORK -- On the 18th floor of the Hotel Pennsylvania, an anonymous crowd 
gathered. Their ages ranged from 13 to 80; they wore everything from T-shirts 
or formal suits to pastel sundresses or Goth black mesh. But you could tell 
they were together by their matching conference tags that displayed numbers 
instead of names.


==========> 06-07-27-GovtCompNews-DHSSetsUpResearchGroupToStudyWhatHappensInCyberAttack.txt==========

http://www.gcn.com/print/25_21/41399-1.html

What happens when the Net is attacked?
That’s the question an obscure Homeland Security project is attempting to 
answer. So far, so good.
By William Jackson, GCN Staff [Accessed July 27, 2006]

When a building collapses, you can see the devastation. When a network is 
brought to its knees, the effects are less obvious. That’s why a little-known 
research institute funded by the Homeland Security Department is working to 


==========> 06-07-28-CNET-SecurityBecomesAfterthoughtInWeb20.txt==========

http://news.com.com/The+security+risk+in+Web+2.0/2100-1002_3-6099228.html

The security risk in Web 2.0
By Joris Evers
CNET Networks, Story last modified Fri Jul 28 13:10:10 PDT 2006

Web 2.0 is causing a splash as it stretches the boundaries of what Web sites 
can do. But in the rush to add features, security has become an afterthought, 
experts say.



==========> 06-07-31-AP-McAfeeSecuritySoftwareMayExposeSensitiveInformation.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15167164.htm

Posted on Mon, Jul. 31, 2006
McAfee security programs may expose data
DAN GOODIN, Associated Press

SAN FRANCISCO - Consumer versions of McAfee Inc.'s leading software for 
securing PCs is susceptible to a flaw that can expose passwords and other 
sensitive information stored on personal computers, researchers said Monday.



==========> 06-08-01-AP-HackersAndSecurityExpertsMingleAtConferences.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15173764.htm

Posted on Tue, Aug. 01, 2006, Associated Press
Hackers, security experts mingle at Las Vegas conferences

The middle-aged G-men who wear crisp suits and consort with teenage hackers 
sporting purple hair can make the two conferences that will converge in Las 
Vegas this week look like a scene from a science-fiction movie.

In fact, the gatherings are the most important in the world of computer 


==========> 06-08-04-CSIA-CyberSecurityIndustryAllianceSupportsEUConventionOnCybercrime.txt==========

CSIA Applauds Ratification of Cybercrime Treaty
U.S. Support of the Council of Europe's Convention on Cybercrime is
Important Milestone in the Battle Against International Computer-related
Crime

Arlington, Va. - Aug. 4, 2006 - The Cyber Security Industry Alliance
(CSIA) today commended the Senate for its ratification of the Convention
on Cybercrime adopted through the Council of Europe.




==========> 06-08-06-AP-HackersgatherAtDefComToExploitComputerSecurityFlaws.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15213627.htm

Posted on Sun, Aug. 06, 2006
Hackers meet to exploit computer flaws
DAN GOODIN, Associated Press

LAS VEGAS - In a dimly lit room off the main drag of a computer-security 
conference, programmers guzzle caffeine-laced drinks and wolf pizza while 
methodically hunting for cryptic messages hidden in the bowels of enemy 
territory.


==========> 06-08-07-ISTResults-SolvingTheSecurityChallengeOfDynamicNetworks.txt==========

http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Feat
ures/ID/82946

Solving the security challenge of dynamic networks
Towards a secure information society
ISTResults, Aug 7, 2006

Europe is hurtling towards an information society capable of offering 
communication services anywhere in the world; a society where data and 
communication devices spontaneously form networks using any medium with any 


==========> 06-08-07-NSF-ResearchProgramOnDataConfidentiality.txt==========

Title: Research on Data Confidentiality, Date: 08/07/06
Research on Data Confidentiality
National Science Foundation
Directorate for Social, Behavioral, and Economic Sciences (SBE)
Directorate for Computer and Information Science and Engineering (CISE)
Directorate for Education and Human Resources (EHR)

Dear Colleague:

Programs in SBE, CISE, and EHR are soliciting research


==========> 06-08-09-AP-GoogleWarnsUsersAboutMaliciousWebsites.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15236054.htm

Posted on Wed, Aug. 09, 2006
Google warns about malicious sites

NEW YORK (AP) - Google is issuing this warning to people who try to click on 
links to sites with spyware and other malicious code: ``The site you are about 
to visit may harm your computer!''

Users can search again, learn more about malicious code at the site 


==========> 06-08-09-AP-HomelandSecurityUrgesUsersToGetWindowsPatch.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15235803.htm

Posted on Wed, Aug. 09, 2006
Homeland Security urges users to get Microsoft patch

NEW YORK (Dow Jones/AP) -- The Department of Homeland Security issued an 
advisory Wednesday urging people to immediately apply a security patch for 
vulnerabilities in all supported versions of the Microsoft Corp. Windows 
operating system.



==========> 06-08-10-CircleID-ALookAtDNSSecurityExtensions.txt==========

http://www.circleid.com/posts/dnssec_deployment_and_dns_security_extensions/

A Fundamental Look at DNSSEC, Deployment, and DNS Security Extensions
Posted by Geoff Huston on Aug 10, 2006

In looking at the general topic of trust and the Internet, one of the more 
critical parts of the Internet’s infrastructure that appears to be a central 
anchor point of trust is that of the Domain Name Service, or DNS. The mapping 
of “named” service points to the protocol-level address is a function that 
every Internet user relies upon, one way or another.


==========> 06-08-11-GovtCompNews-OMBPushingGovtAgenciesTowardStricterITSecurityAccoutability.txt==========

http://www.gcn.com/print/25_21/41426-1.html

OMB sets one-hour data breach rule
Agencies must report incidents to U.S. CERT, detail security spending
By Mary Mosquera, GCN Staff [Accessed Aug. 11, 2006]

With the deluge of recent data breaches, the Office of Management and Budget is 
pushing agencies toward stricter IT security accountability.

Agencies now have a clear standard for reporting all incidents and a 


==========> 06-08-28-SJMerc-WhatNewUsersNeedToKnowAboutWiFiSecurity.txt==========

http://www.siliconvalley.com/mld/siliconvalley/15380846.htm

Posted on Mon, Aug. 28, 2006
WiFi security: What new users of free networks need to know
By Therese Poletti, Mercury News

Gordon Hamachi, a software developer who lives in Mountain View, just started 
using the new free wireless computer network that Google has launched to cover 
the entire city.



==========> 06-08-29-AP-TMobileHackerSentencedToYearOnHomeDetention.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15389688.htm

Posted on Tue, Aug. 29, 2006
T-Mobile hacker sentenced to year of home detention

LOS ANGELES (AP) - A hacker who infiltrated the network of T-Mobile USA Inc. 
and accessed personal information of hundreds of customers, including a Secret 
Service agent, was sentenced Monday to one year of home detention.

Nicholas Lee Jacobsen, 23, must also pay $10,000 in restitution to T-Mobile to 


==========> 06-09-01-InfoWeek-ResearchersReportFingerprintMethodForSecuringWiFiNetworks.txt==========

http://www.informationweek.com/security/showArticle.jhtml?articleID=192501293

University Research Aims At More Secure Wi-Fi
The technology depends on the RF signal "fingerprints" that make every wireless 
transceiver virtually unique.
By Jack Shandle,  Wireless Net DesignLine, Sept. 1, 2006

Researchers at Carleton University, Ottawa, Canada, have reported positive 
results for a novel means of securing Wi-Fi and other wireless networks from 
hackers and other unauthorized intrusion.


==========> 06-09-01-SDTimes-DHSLackOfAttentionToCybersecurityIsProblem.txt==========

http://www.sdtimes.com/article/story-20060901-01.html

U.S. Leadership on Cybersecurity ‘AWOL’
Homeland Security stalled on naming czar, accepting development guidance
By Jennifer deJong, San Diego Times, September 1, 2006 

Not very—if the U.S. Department of Homeland Security’s lack of attention to the 
issue is any indication.

The position of DHS cybersecurity chief has been vacant for nearly two years. 


==========> 06-09-03-eWeek-TheHuntForInfrastructureSecurityHoles.txt==========

http://www.eweek.com/article2/0,1895,2011679,00.asp

Sandia's Red Teams: On the Hunt for Security Holes
eWeek, September 3, 2006
By Chris Preimesberger

Is it possible for a cyber-terrorist to hack into a city's water distribution 
system and poison thousands? Or disrupt air traffic communications to cause two 
airplanes to collide? Or create a surge in the power grid that would leave 
millions of people in the dark?


==========> 06-09-04-eWeek-ExperimentalMaliciousCodeZapperForBrowser.txt==========

http://www.eweek.com/article2/0,1895,2011765,00.asp

Microsoft Research Builds 'BrowserShield'
By Ryan Naraine
eWeek, September 4, 2006 	

Microsoft researchers are experimenting with an automatic code zapper for the 
company's Internet Explorer Web browser.

Researchers at the Redmond, Wash., company have completed work on a prototype 


==========> 06-09-06-DarkReading-ResearchersChallengeDenialOfServiceAttackData.txt==========

http://www.darkreading.com/document.asp?doc_id=103049

Researchers Challenge DOS Attack Data
Tim Wilson, Site Editor, Dark Reading

SEPTEMBER 6, 2006 | Conventional wisdom about the sources and causes of 
denial-of-service (DOS) attacks -- and the best methods for preventing them -- 
could be completely wrong, a group of researchers said this week.

Researchers at the University of Michigan, Carnegie Mellon University, and AT&T 


==========> 06-09-07-InfoWorld-CyberSecurityLagsPost9-11.txt==========

http://www.infoworld.com/article/06/09/07/HNitsecuritypost911_1.html

IT security lags five years after Sept. 11
Costs and government disagreements cited as primary obstacle
By Grant Gross, Ben Ames and Robert McMillan, IDG News Service
Info World, September 07, 2006

Since terrorists attacked the U.S. on Sept. 11, 2001, the government has begun 
a robust, and oft-criticized, electronic-surveillance program, but other 
IT-related security projects designed to thwart terrorism have made little 


==========> 06-09-08-CNET-AReportCardOnPost9-11AntiTerrorRechnology.txt==========

http://news.com.com/A+report+card+on+anti-terror+technology/2100-1028_3-6113064.
html

Post-9/11 antiterror technology: A report card
By Declan McCullagh
CNET Networks, Story last modified Fri Sep 08 04:58:52 PDT 2006

This is part one of a two-part series that looks back at the five years since 
Sept. 11, 2001. 



==========> 06-09-08-RFIDJ-NSFAwardsConsortiumGrantToImproveRFIDSecurity.txt==========

http://www.rfidjournal.com/article/articleview/2642/1/1/

RFID Security Consortium Receives $1.1 Million NSF Grant
RFID JOurnal
Comprised mostly of academics, the group hopes to develop ways to improve 
security measures for RFID systems, and to incorporate the study of RFID into 
engineering curricula.
By Mary Catherine O'Connor

Sept. 8, 2006—The National Science Foundation (NSF) has awarded a $1.1 million 


==========> 06-09-11-AP-AOLOffersUsersInsuranceAgainstIDTheftAndComputerDamage.txt==========

http://www.siliconvalley.com/mld/siliconvalley/business/technology/15494310.htm

Posted on Mon, Sep. 11, 2006
AOL to offer insurance to subscribers, ANICK JESDANUN, Associated Press

NEW YORK - Free insurance coverage for identity theft and computer damage is 
among the premium security offerings AOL is making available to its dwindling 
base of paying subscribers.

The move, which AOL said it would announce to its members Tuesday, follows last 


==========> 06-09-12-Sandia-ResearchersSayFingerprintingTechniqueDemosWirelessDeviceDriverVulnerabilities.txt==========

http://www.sandia.gov/news/resources/releases/2006/wireless-fingerprinting.html

September 12, 2006
Sandia fingerprinting technique demonstrates wireless device driver 
vulnerabilities
Light Wizard Wireless network drivers, say Sandia researchers, are easy to 
interact with and potentially exploit if the attacker is within transmission 
range of the wireless device. By role-playing the position of an adversary, 
Sandia has demonstrated a unique fingerprinting technique that allows hackers 
with ill intent to identify a wireless driver without modification to or 


==========> 06-09-13-AP-FakeCyberAttackersWinDHSWarGame.txt==========

http://www.siliconvalley.com/mld/siliconvalley/15511440.htm

Posted on Wed, Sep. 13, 2006
'Bad guys' win DHS cybersecurity war game

WASHINGTON (AP) - Fake cyberattackers and hackers largely foiled government and 
industry attempts to fight back quickly and effectively during a test of 
computer security systems, the government said Wednesday.

Yet the Homeland Security Department claimed victory in the four-day, $3 


==========> 06-09-13-CompWorld-HouseCommQuestionsDHSPrepardnessForCyberAttacks.txt==========

http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName
=security&articleId=9003267&taxonomyId=17&intsrc=kc_top

Lawmakers question DHS preparedness for fighting cyberattacks
A cybersecurity leader for the agency is expected 'very soon'
Jaikumar Vijayan

September 13, 2006 (IDG News Service) -- The ongoing delay in appointing an 
assistant secretary for cybersecurity at the U.S. Department of Homeland 
Security (DHS) may be hindering the agency's ability to fend off cyberattacks 


==========> 06-09-13-eWeek-SimulatedAttacksRevealCybersecurityResponseFlaws.txt==========

http://www.eweek.com/article2/0,1895,2015743,00.asp

Simulated IT Attacks Reveal Response Flaws
By  Matt Hines, September 13, 2006, eWeek

The U.S. Department of Homeland Security issued the results of its Cyber Storm 
exercise on Sept. 13, highlighting areas where the government and private 
organizations must improve their responsiveness to emerging IT-related threats.

The agency release a 23-page report on the findings of the simulated IT attack, 


==========> 06-09-18-AP-WhiteHouseSelectsCyberSecurityChiefAfterOneYearDelay.txt==========

http://www.siliconvalley.com/mld/siliconvalley/business/technology/15549934.htm

Posted on Mon, Sep. 18, 2006
After year's delay, White House selects cybersecurity chief

WASHINGTON (AP) - The White House has chosen an industry information security 
specialist as its cybersecurity chief, an official said Monday, filling a job 
that has had no permanent director for a year.

Greg Garcia will be nominated later this week as the Department of Homeland 


==========> 06-09-18-USHouse-CongBoehlertPraisesGarciaAppointmentToUSDHSSecurityPosition.txt==========

BOEHLERT PRAISES APPOINTMENT OF GREG GARCIA TO CYBER SECURITY POS
ITION AT DHS
House Committee on Science
Sherwood Boehlert (R-NY), Chairman
Bart Gordon (D-TN), Ranking Minority Member
 
www.house.gov/science
FOR IMMEDIATE RELEASE
September 18, 2006
Science Committee Press Office: 202-225-4275


==========> 06-09-22-AP-ActingDHSCybersecurityChiefContractorQuits.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15586222.htm

Posted on Fri, Sep. 22, 2006
Cybersecurity chief quits after unusual contract expires

WASHINGTON (AP) - The Bush administration's cybersecurity chief, who worked 
under an unusual agreement with a private university that does extensive 
business with the office he manages, is leaving his job.

Donald ``Andy'' Purdy Jr. will step down as acting director of the National 


==========> 06-09-22-AP-MissingCensusBureauLaptopsCreateLossOfPublicConfidence.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15584212.htm

Posted on Fri, Sep. 22, 2006
Missing laptops: Loss of public confidence would doom census

WASHINGTON (AP) - When Elizabeth Mazur found a census taker's business card 
stuck inside her door last fall, she dutifully called the number and agreed to 
take part in a monthly survey on income and poverty.

Some questions were personal: Who did she live with? How much money did she 


==========> 06-09-22-USHouse-CongDavisSaysCommerceDeptLaptopLossesShocking.txt==========

http://tomdavis.house.gov/cgi-data/news/files/265.shtml

Davis Statement on Missing Commerce Computers
September 22, 2006

Washington, D.C. Government Reform Committee Chairman Tom Davis (R-VA) issued 
the following statement today in response to information he received yesterday 
from Commerce Secretary Carlos M. Gutierrez. The Department informed Davis that 
1,137 laptops had been lost, misplaced, or stolen since 2001. It also is 
missing 46 "thumb drives" and 16 hand-held computers. 672 of the missing 


==========> 06-09-22-WashPost-1100LaptopsMissingFromCommerceDept-250FromCensusBureau.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2006/09/21/AR2006092101602.
html?sub=AR

1,100 Laptops Missing From Commerce Dept.
By Alan Sipress
Washington Post Staff Writer, Friday, September 22, 2006; A03

More than 1,100 laptop computers have vanished from the Department of Commerce 
since 2001, including nearly 250 from the Census Bureau containing such 
personal information as names, incomes and Social Security numbers, federal 


==========> 06-09-25-GovtCompNews-USDHSExecToRaiseAwarenessOfCybersecurity.txt==========

http://www.gcn.com/print/25_29/42086-1.html

Garcia looks to raise cybersecurity’s profile
Government Computer News, 09/25/06
By Patience Wait,

Greg Garcia, the Homeland Security Department’s new assistant secretary for 
cybersecurity and telecommunications, faces a big task: raising awareness of IT 
security’s importance from a post that had essentially been left vacant for two 
years.


==========> 06-09-28-OhipStateU-StudyShowsInternetToBeResilientAgainstCyberAttack.txt==========

http://researchnews.osu.edu/archive/netrelib.htm

STUDY SHOWS INTERNET TO BE RESILIENT AGAINST TERROR ATTACK
Ohio State UNiversity, Sept. 28, 2006

COLUMBUS , Ohio – Researchers have simulated what would happen to Internet 
reliability in the United States if terrorists were able to knock out various 
physical components of the network.

The good news is that it would be very difficult to cause major disruptions 


==========> 06-09-28-PennStateU-IBMLedConsortiumSelectedToWorkOnWirelessAndRFIDSecurity.txt==========

http://live.psu.edu/index.php?sec=vs&story=19705&pf=1

Penn State joins international effort to secure wireless, sensor networks
Thursday, September 28, 2006

University Park, Pa. -- An IBM-led consortium including Penn State has been 
chosen by the U.S. Army Research Laboratory and the United Kingdom's Ministry 
of Defense to carry out research in advanced secure wireless and sensor 
networks.



==========> 06-10-00-CACM-VirtualMachinesMayNotProvideSecurity.txt==========

Communications of the ACM
Volume 49, Number 10 (2006), Page 104
Inside risks: Virtual machines, virtual security?
Steven M. Bellovin

Virtual machines (VMs) are once again a hot trend in system configuration, as 
demonstrated by the emergence of VMware, Xen, and a renewed interest in 
hardware assists for virtualization. Some uses are clearly beneficial: virtual 
machines are great for hosting Web sites and servers because VMs avoid the use 
of multiple computers to support different applications running on diverse 


==========> 06-10-00-PopSci-NewIdeasMayMakeInternetSafeFromHackers.txt==========

http://www.popsci.com/popsci/technology/8402e1010a0dd010vgnvcm1000004eecbccdrcrd
.html

The Internet is Sick... But We Can Make it Better
How ideas from biology—evolution, immune systems and forensics—will keep your 
PC safe from hackers
By Dan Tynan, Popular Science, October 2006

What do you think happens when you connect your computer to the Internet? In 
less than an hour, it may not be yours anymore. While you’re Googling your name 


==========> 06-10-02-SJMerc-CrooksAttackingLessSecureHomeComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/15660604.htm

Posted on Mon, Oct. 02, 2006
Security report: Cybercrooks turn attention to home PCs
By Mike Langberg, Mercury News

The endless struggle between good and evil has spilled into cyberspace.

Online criminals are becoming dramatically more organized, efficient and 
dangerous.


==========> 06-10-04-CNET-DomainNameSystemNotSecure.txt==========

http://news.com.com/Neither+safe+nor+secure+on+the+Internet/2010-7345_3-6122351.
html

Neither safe nor secure on the Internet
By Jerry L. Archer, Published: October 4, 2006, 4:00 AM PDT
CNET News

Most of us don’t like speed limits, but we accept the rules of the road because 
they represent the reasonable application of oversight and practical insight.



==========> 06-10-04-UTexas-UTSAAwardedUSDHSCybersecurityGrant.txt==========

http://www.eurekalert.org/pub_releases/2006-10/uota-ua100406.php

Public release date: 4-Oct-2006
University of Texas at San Antonio
UTSA awarded $3.1 million for cyber-security program development

Funding helps states and communities train and develop cyber-security programs
UTSA Center for Infrastructure Assurance and Security Director Greg White 
instructs administrators from 31 states on how to develop and conduct 
cyber-security training exercises. The UTSA center hosted "Dark...


==========> 06-10-06-AP-OnelaptopPerChildComputerHasRevolutionarySecurityMeasures.txt==========

http://news.yahoo.com/s/ap/20061006/ap_on_hi_te/hundred_dollar_laptop

100 dollar laptop may be at security forefront
By BRIAN BERGSTEIN, AP Technology WriterFri Oct 6, 7:54 PM ET

The $100 laptops planned for children around the world might turn out to be as 
revolutionary for their security measures as for their low-cost economics.

The One Laptop Per Child project, a nonprofit begun at the Massachusetts 
Institute of Technology, aims to improve education by giving children 


==========> 06-10-06-NewSci-TactilePasswordsCouldProvideGreaterSecurityInPublicEnvironments.txt==========

http://www.newscientisttech.com/article/dn10248-tactile-passwords-could-stop-atm
-shouldersurfing.html

Tactile passwords could stop ATM 'shoulder-surfing'
18:24 06 October 2006, NewScientist.com news service, Tom Simonite

Entering passwords using a Braille-like device could prevent snoopers from 
stealing sensitive computer codes, such as ATM numbers, researchers say.

Computer engineers at Queen's University Belfast, UK, developed the tactile 


==========> 06-10-06-WashPost-HackersUsingChineseServersAttackUSDOCComputers.txt==========

Computer System Under Attack
Commerce Department Targeted; Hackers Traced to China
By Alan Sipress, Washington Post Staff Writer, October 6, 2006; A21

Hackers operating through Chinese Internet servers have launched a
debilitating attack on the computer system of a sensitive Commerce
Department bureau, forcing it to replace hundreds of workstations and
block employees from regular use of the Internet for more than a month,
Commerce officials said yesterday.



==========> 06-10-10-Newswise-NewTechniqueEnablesSendingSecretMessagesOverInternet.txt==========

http://www.newswise.com/p/articles/view/524166/

Released: Tue 10-Oct-2006, 00:00 ET 
Sending Secret Messages Over Public Internet Lines Can Take Place With New 
Technique
Newswise

A new technique sends secret messages under other people's noses so cleverly 
that it would impress James Bond--yet the procedure is so firmly rooted in the 
real world that it can be instantly used with existing equipment and 


==========> 06-10-11-PCWorld-RealIDActsProblemsWithCostsPrivacyAndSecurity.txt==========

http://www.pcworld.com/article/id,127419-c,techrelatedlegislation/article.html

Tech.gov: Real ID's Real Problems
As the deadline for national identification cards approaches, questions about 
their true costs, privacy, and security remain unanswered.
Anush Yegyazarian, PC World, October 11, 2006 12:00 AM PDT

More than a year has passed since the Real ID Act of 2005 became law. And in a 
little over 18 months, the first new driver's licenses mandated by the 
legislation are supposed to debut. That may seem like a long time, but given 


==========> 06-10-11-WiscTechNet-ProfSaysSafeInternetRequiresTotalNetworkSecurity.txt==========

http://wistechnology.com/article.php?id=3388

Safe Internet requires total network security, prof. says
New wisdom turns to multi-layered protection
By Joe Vanden Plas • 10/11/06, Wisconsin Technology Network

Madison, Wis. - When it comes to securing information networks, Paul Barford 
believes the good guys always are one step behind the guys in the black hats.

Barford, an assistant professor in the University of Wisconsin-Madison 


==========> 06-10-12-CompWorldAus-SecuritySoftwareNeedsBetterUsability.txt==========

http://www.computerworld.com.au/index.php/id;1970653607;fp;;fpid;;pf;1

Geek speak bridles information security
Usability, training of critical importance
Rodney Gedda 12/10/2006 09:03:13
ComputerWorld Australia

Usability of security software is partly to blame for low protection levels in 
many computers, according to international security experts.



==========> 06-10-16-AP-TodaysVirusesAreLongTermThreats.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15770606.htm

Posted on Mon, Oct. 16, 2006
Today's computer viruses have more staying power
By Anick Jesdanun, Associated Press

NEW YORK - In the past, virus writers seeking fame and attention wrote their 
malicious programs to spread as quickly and broadly as possible, boasting to 
colleagues when they managed to cripple hundreds of thousands of computers 
worldwide in a matter of hours.


==========> 06-10-17-BusWire-W3CLaunchesSecureBrowsingInitiative.txt==========

http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&ne
wsId=20061017005222&newsLang=en

Business Wire, October 17, 2006 10:00 AM Eastern Time
W3C Launches Secure Browsing Initiative

"Security Context" Important Step Toward Fraud Prevention

http://www.w3.org/--(BUSINESS WIRE)--Recognizing the challenges people face 
when browsing the Web, W3C today launched an initiative to build a foundation 


==========> 06-10-23-NYT-ResearchersSeeProblemsWithNewRFIDCreditCards.txt==========

http://www.nytimes.com/2006/10/23/business/23card.html?_r=1&oref=slogin

The New York Times, October 23, 2006
Researchers See Privacy Pitfalls in No-Swipe Credit Cards
By JOHN SCHWARTZ

AMHERST, Mass. — They call it the “Johnny Carson attack,” for his comic pose as 
a psychic divining the contents of an envelope.

Tom Heydt-Benjamin tapped an envelope against a black plastic box connected to 


==========> 06-10-26-eWeek-AntVirusSoftwareIsIneffective.txt==========

http://www.eweek.com/article2/0,1759,2040760,00.asp

Rutkowska: Anti-Virus Software Is Ineffective
By Ryan Naraine
eWeek, October 26, 2006

Q&A: Stealth malware researcher Joanna Rutkowska discusses her interest in 
computer security, the threat from rootkits and why the world is not ready for 
virtual machine technology.



==========> 06-10-27-Science-TheEconomicsOfInformationSecurity.txt==========

The Economics of Information Security
Science (10/27/06) Vol. 314, No. 5799, P. 610; Anderson, Ross; Moore, Tyler

The economics of information security has recently emerged as a field 
characterized by prosperity and rapid momentum, write University of Cambridge 
researchers Ross Anderson and Tyler Moore. The assembly of distributed systems 
from machines owned by principals with different interests demonstrates the 
increasing value of incentives in assuring reliability. Indeed, incentives are 
coming close to equaling technical design in importance. Anderson and Moore 
note, for instance, that public disclosure of vulnerabilities gives vendors an 


==========> 06-10-30-InfoWorld-SmallTafgetedAttacksAreTheNextWaveOfITSecurityProblems.txt==========

http://www.infoworld.com/article/06/10/30/44FEsecfuture_1.html

Future-proof your IT security
Small, targeted incursions are the next wave of attacks compromising enterprise 
networks. Know the enemy
By Paul F. Roberts, InfoWorld, October 30, 2006

Asymmetric warfare is hell. Sure, you may have night-vision goggles, body 
armor, and air support, but you’re also working for a bureaucratic organization 
built to fight a war that doesn’t look much like the one you’re in. Your 


==========> 06-10-31-GovtCompNews-GAOSaysBetterCoordinationOfCybersecurityRandDNeeded.txt==========

http://www.gcn.com/online/vol1_no1/42465-1.html

10/31/06 -- 04:56 PM
GAO: Better coordination of cybersecurity R&D needed
By Patience Wait, GCN Staff

The federal government has to do a better job of coordinating research and 
development on cybersecurity issues and needs to improve its information 
sharing and collaboration efforts on the topic, according to a just-released 
report by the Government Accountability Office.


==========> 06-11-00-ACMQueue-FictionalAccountOfTransitionFromHackerToBigTimeCriminal.txt==========

http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=435

Criminal Code: The Making of a Cybercriminal
From Cybercrime
ACM Queue Vol. 4, No. 9 - November 2006
by Thomas Wadlow, Independent Consultant, and Vlad Gorelik, Sana Security

Queue's first-ever narrative chronicles one man's transition from small-time 
hacker to big-time crook.



==========> 06-11-00-ACMQueue-HowWeHandleTheSecurityProblemWillHaveLastingEffectOnCOmputing.txt==========

http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=436

Playing for Keeps
ACM Queue vol. 4, no. 9 - November 2006 
From Cybercrime, by Daniel E. Geer, Verdasys

How we ultimately decide to handle the security problem will have a lasting 
effect on computing as we know it.

Inflection points come at you without warning and quickly recede out of reach. 


==========> 06-11-00-CACM-DevelopingAnEffectivePlatformForDeterringNetworkAttacks.txt==========

Communications of the ACM
Volume 49, Number 11 (2006), Pages 64-72
New architecture for intra-domain network security issues
Dijiang Huang, Qing Cao, Amit Sinha, Marc J. Schniederjans, Cory Beard, Lein 
Harn, Deep Medhi

Developing an effective platform for deterring network attacks.

The pervasive nature of information infrastructure coupled with threats for 
cyber terrorism makes network infrastructure security a critical area of 


==========> 06-11-02-Heise-VirusAuthorsUseWkipediaInSeveralWaysToSpreadViruses.txt==========

http://www.heise.de/english/newsticker/news/80417/from/atom10

Heise, Nov. 2, 2006 11:36
Virus authors use Wikipedia to spread contaminants

Apparently, authors of malware are trying to exploit the good reputation of 
Wikipedia, the open online encyclopedia, to infect PCs with their malicious 
software. In a mass e-mail, recipients were told to download a "security 
update" for windows from a Wikipedia site.



==========> 06-11-02-NetworkWorld-IETFChairSpeaksOutOnVPNsAndP2PSIP.txt==========

http://www.networkworld.com/news/2006/110206-ietf-chairman-qna.html

Of VPNs and peer-to-peer SIP: IETF chair speaks out
By Carolyn Duffy Marsan, Network World, 11/02/06

Some of the Internet’s greatest technical minds will gather next week in San 
Diego to debate how best to plug security holes and design new services for the 
Internet. More than 1,200 network engineers are expected to attend the Internet 
Engineering Task Force’s 67th meeting. Network World Senior Editor Carolyn 
Duffy Marsan interviewed IETF chairman Brian Carpenter, a distinguished 


==========> 06-11-03-Sophos-VirusAuthorsUseWkipediaInSeveralWaysToSpreadViruses.txt==========

http://www.sophos.com/pressoffice/news/articles/2006/11/wikipedia-malware.html

Sophos, 3 November 2006
Hackers hijack Wikipedia page to spread malware

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam 
analysis centers, have reminded computer users to be wary of unsolicited emails 
and believing everything they read on the internet, after hackers took 
advantage of the popular Wikipedia encyclopedia in their attempt to spread 
malicious code.


==========> 06-11-06-AP-ChileChargesForWithHackingGovernmentSitesAroundTheWorld.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15944725.htm

Posted on Mon, Nov. 06, 2006
Chile charges 4 with hacking foreign-government Web sites

SANTIAGO, Chile (AP) - Chilean police arrested four suspected computer hackers 
on Monday, accusing them of being part of an international group that has 
broken into thousands of government Web sites around the globe in recent years.

Police Chief Gerardo Raventos said the group was responsible for 


==========> 06-11-06-AP-McAfeeHasNewSoftwareThatTriesToBlockAccessToProblemSites.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15944497.htm

Posted on Mon, Nov. 06, 2006
Latest security software tries to block visits to problem sites

NEW YORK (AP) - For years, computer security software lurked in the background 
and tried to stop viruses and other malicious programs as they attack your 
computer.

Newer products are trying to keep you from reaching Web sites before the nasty 


==========> 06-11-06-USACM-DataSecurityProblemsContinueToPlagueTheUSGovernment.txt==========

=============================================================
                ACM Washington Update
                    Vol. 10.10
                  November 6, 2006
=============================================================

[5] DATA SECURITY PROBLEMS CONTINUE TO PLAGUE THE GOVERNMENT

With reported data breaches in the Department of Veterans Affairs, the
Department of Agriculture and elsewhere, it is clear that this is a


==========> 06-11-14-Wired-Bots-AutonomousPrograms-ALosingBattle.txt==========

http://www.wired.com/wired/archive/14.11/botnet.html

Attack of the Bots 
The latest threat to the Net: autonomous software programs that combine forces 
to perpetrate mayhem, fraud, and espionage on a global scale. How one company 
fought the new Internet mafia – and lost.
By Scott Berinato, Wired, Nov. 14, 2006

AT FIRST, IT LOOKED LIKE typical network congestion. So the system 
administrators weren't too concerned when TypePad blogs and LiveJournal social 


==========> 06-11-15-AP-FormerexecChargedWithHackingIntoSourceMediaComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16021094.htm

Posted on Wed, Nov. 15, 2006
Hoffacker charged with hacking system, Associated Press

NEW YORK - A former Source Media Inc. executive was charged with hacking into 
the company's computer system three years after he was dismissed, and tipping 
off employees whose jobs were in jeopardy, prosecutors said Wednesday.

In a press release, the U.S. Attorney's office in Manhattan said Stevan 


==========> 06-11-15-IndianaUnivScientistsWorkingOnToolsToMakeWiFiMoreSecure.txt==========

http://newsinfo.iu.edu/news/page/normal/4418.html

IU informatics scientists seek tools to shield against Wi-Fi drive-bys
Wednesday, November 15, 2006

BLOOMINGTON, Ind. -- As wireless networking usage increases in homes and at 
small businesses, so grows the threat from cyber crooks who use slick software 
to steal consumers' personal information and wreak havoc with their computer 
systems.



==========> 06-11-17-TheGuardian-ComputerExpertCracksBritishElectronicPassportSecurity.txt==========

http://www.guardian.co.uk/g2/story/0,,1950151,00.html

Cracked it!  Three million Britons have been issued with the new hi-tech 
passport, designed to frustrate terrorists and fraudsters. So why did Steve 
Boggan and a friendly computer expert find it so easy to break the security 
codes?
Friday November 17, 2006, The Guardian

Six months ago, with the help of a rather scary computer expert, I 
deconstructed the life of an airline passenger simply by using information 


==========> 06-11-20-NewSci-MicrochipEncryptionProcessingMayRevealKeys.txt==========

http://www.newscientisttech.com/article/dn10609

Hard-working chips may reveal encryption keys
15:35 20 November 2006, NewScientist.com news service, Will Knight

Details of a possible weakness in the way modern microchips process 
cryptographic information have been published by an international team of 
researchers.

The flaw could let a hacker steal the cryptographic keys used to protect 


==========> 06-11-23-NYT-AsHouseholdsBecomeIntegratedIntoInternetPotentialForDamageIncreases.txt==========

You're Not Alone
New York Times (11/23/06) Hamilton, William L.

As more aspects of the household become integrated into the Internet, the 
potential for damage done by hackers is increasing. Computer scientist Peter G. 
Neumann, who specializes in security issues at SRI International, calls the 
home, "the next frontier of risk...here we are putting computer communications 
into the home so that [a hacker can] can turn on your oven, or overload your 
heating system...from anywhere in the world. You could bring down a lot of 
households simultaneously." The use of "botnets," groups of inadequately 


==========> 06-12-01-AP-RomanianIndictedOnHackingIntoUSGovernmentComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16138293.htm

Posted on Fri, Dec. 01, 2006
Romanian charged with hacking in U.S., Associated Press

LOS ANGELES - A Romanian national was indicted on charges of hacking into more 
than 150 U.S. government computers, causing disruptions that cost NASA, the 
Energy Department and the Navy nearly $1.5 million.

The federal indictment charges Victor Faur, 26, of Arad, Romania with nine 


==========> 06-12-01-AP-USWarnsOfPossibleAttackOnFinancialWebsites.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16134772.htm

Posted on Fri, Dec. 01, 2006
U.S. reports unconfirmed cyber threat, Associated Press

WASHINGTON - The government warned on Thursday of a possible Internet attack on 
U.S. stock market and banking Web sites from a radical Muslim group, but 
officials said the threat was unconfirmed and seemed to pose no immediate 
danger.



==========> 06-12-05-AP-HackersAttackUSNavalWarCollegeComputerNetwork.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16169679.htm

Posted on Tue, Dec. 05, 2006
Hackers attack U.S. Naval War College's computer network

PROVIDENCE, R.I. (AP) - Hackers attacked the computer network at the Naval War 
College in Newport, taking down the school's network for more than two weeks, 
including some e-mail services and the college's Web site.

The Navy Cyber Defense Operations Command in Norfolk, Va., detected the 


==========> 06-12-07-UnivOfDelaware-SpaffordAddressesCybersecurityThreats.txt==========

http://www.udel.edu/PR/UDaily/2007/dec/security120706.html

Guest lecturer Eugene H. Spafford focuses on cybersecurity threats
Univ. of Delaware

2:36 p.m., Dec. 7, 2006--Eugene H. Spafford, professor of computer science at 
Purdue University and executive director of its Center for Education and 
Research in Information Assurance and Security (CERIAS), spoke Wednesday 
afternoon, Dec. 6, about the current state of cybersecurity in the United 
States and the shape of things to come if measures for better software and 


==========> 06-12-10-AP-WindowsSecurityImprovementsWontMakeOnlineLifeSaver.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16210790.htm

Posted on Sun, Dec. 10, 2006
How much will Windows security matter?, BRIAN BERGSTEIN, Associated Press

NEW YORK - Microsoft Corp. took great pains to improve security in its newly 
released computer operating system, Windows Vista, redesigning it to reduce 
users' exposure to destructive programs from the Internet. Outside researchers 
commend the retooled approach - yet they also say the changes won't make online 
life much safer than it is now.


==========> 06-12-12-LinuxDotCom-SystemsShouldBeSecurelyConfiguredFromTheBeginning.txt==========

http://specialreports.linux.com/specialreports/06/12/08/1929225.shtml?tid=137&ti
d=129&tid=35

Linux.com, 2006.12.12 16:01
Configuration: the forgotten side of security
jzb

When the average computer user thinks about security, they usually think about 
reactive measures like anti-virus programs or security patches -- responses to 
a specific threat. Such measures play a role in securing a workstation or a 


==========> 06-12-14-AP-PersonalDataCompromisedAtUTDallas.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16234587.htm

Posted on Thu, Dec. 14, 2006
Personal data hacked at Texas college, Associated Press

RICHARDSON, Texas - Hackers might have obtained the personal information of 
6,000 people who worked for, applied to or attended the University of Texas at 
Dallas, school officials said Wednesday.

The information includes names and Social Security numbers, the school said. In 


==========> 06-12-15-AP-WormAttacksComputersViaSymantecAntivirusProgram.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16251109.htm

Posted on Fri, Dec. 15, 2006
Worm hits computers via antivirus program, Associated Press

SAN FRANCISCO - A computer worm is attacking some business PCs through a flaw 
in antivirus software by Symantec Corp., a security company warned Friday.

EEye Digital Security, based in Aliso Viejo, said the worm, dubbed "Big 
Yellow," began attacking some computer systems on Thursday - seven months after 


==========> 06-12-18-SecFocus-PHPSecurityApplicationsNeedBetterSecurity.txt==========

http://www.securityfocus.com/news/11430?ref=rss

PHP security under scrutiny
Robert Lemos, SecurityFocus 2006-12-18

Perhaps PHP should stand for Pretty Hard to Protect: A week after a prominent 
bug finder and developer left the PHP Group, data from the National 
Vulnerability Database has underscored the need for better security in 
PHP-based Web applications.



==========> 06-12-19-AP-DisgruntledEmployeePlantedElectronicBombInPrescriptionManagementCompanyComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16275148.htm

Posted on Tue, Dec. 19, 2006
Feds: NJ worker put 'bomb' in computers
WAYNE PARRY, Associated Press

NEWARK, N.J. - A computer administrator upset over the possibility of losing 
his job planted an electronic "bomb" in the systems of one of the nation's 
largest prescription drug management companies, prosecutors said Tuesday.



==========> 06-12-21-WSJ-BiometricSecurityDevicesAreFarFromFoolproof.txt==========

"How Biometric Security Is Far From Foolproof" 
Wall Street Journal (12/21/06) P. B3; Bulkeley, William M. 

As more businesses begin relying on biometric security devices, many
wonder 
how susceptible they are to fakery, and their fears may be justified.  
International Biometrics, a consulting firm, was hired by a New
York-based 
financial group to look into the plausibility of such "spoofing."  Most 
fingerprint scanners simply take a picture of the fingerprint and


==========> 06-12-24-AP-WebSafeSecurityMarkFeaturesEludeSmallOnlineMerchants.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16312964.htm

Posted on Sun, Dec. 24, 2006
Web 'safe' mark may elude new merchants
ANICK JESDANUN, Associated Press

NEW YORK - As an online shopper, Claudia Race knows she must look out for 
scams. So as an Internet entrepreneur working out of her home in New Braunfels, 
Texas, Race wants to use all the tools available to assure customers they can 
trust the vacation-rentals service she is about to launch.


==========> 06-12-26-UnivOfMass-ResearcherSaysNotReusingMemoryWouldMakeComputersMoreSecure.txt==========

http://www.umass.edu/newsoffice/newsreleases/articles/43057.php

New Program by UMass Amherst Computer Scientist Prevents Crashes and Hacker 
Attacks
Dec. 26, 2006, University of Massachusetts at Amherst

AMHERST, Mass. – Today’s computers have more than 2,000 times as much memory as 
the machines of yesteryear, yet programmers are still writing code as if memory 
is in short supply. Not only does this make programs crash annoyingly, but it 
also can make users vulnerable to hacker attacks, says computer scientist Emery 


==========> 06-12-29-Wired-ComputersClockSkewCanBeUsedToIdentifySpecificComputers.txt==========

http://www.wired.com/news/technology/0,72375-0.html?tw=wn_index_5

Computer Warming a Privacy Risk
Quinn Norton, Wired, 02:00 AM Dec, 29, 2006

BERLIN -- A security researcher has a devised a novel attack on online 
anonymity systems in which he literally takes a computer's temperature over the 
internet.

The attack uses a phenomenon called "clock skew" -- the tendency for the 


==========> 06-12-30-TechNewsWorld-PredictingTopSecurityThreatsFor2007.txt==========

http://www.technewsworld.com/story/54924.html

Predicting the Top Security Threats for 2007
By Jennifer LeClaire, TechNewsWorld, 12/30/06 1:30 AM PT

The Skype Trojan Horse reminded users that instant messaging is a potential 
hotbed for propagating malicious payloads, and that trend is likely to continue 
in 2007, said MessageLabs chief security analyst Mark Sunner. "IM will continue 
to be a target through spam over IM and the spoofing of IM identities to lure 
users into disclosing data or following poisoned URLs."


==========> 07-01-00-CACM-OpenSourceSoftwareIsTheMostSecure.txt==========

Communications of the ACM
Volume 50, Number 1 (2007), Pages 79-83
Increased security through open source
Jaap-Henk Hoepman, Bart Jacobs

It may seem counterintuitive, but going "open" all the way offers the most 
security.

The last few years have shown a worldwide rise in attention toward, and actual 
use of, open source software (OSS), most notably the operating system Linux and 


==========> 07-01-03-ResearchersSayAdobeAcrobatReaderHasSecurityVulnerabilities.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16378561.htm

Posted on Wed, Jan. 03, 2007
Researchers: Adobe's PDF software flawed
JORDAN ROBERTSON, Associated Press

SAN FRANCISCO - Computer security researchers said Wednesday they have 
discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader 
software that allows cyber-intruders to attack personal computers through 
trusted Web links.


==========> 07-01-03-SJMerc--2006SawMoreSophisticatedCriminalAcitvityOnComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/16374909.htm

Hackers' infections slither onto Web sites
ONLINE SECURITY EXPERTS ISSUE WARNINGS ABOUT ORGANIZED INTERNET CRIME EFFORTS
By Elise Ackerman, Mercury News, Jan. 03, 2007

It was the year when cybercriminals targeted everything from MySpace to 
Wikipedia, and even a Web site maintained by a Kentucky Boy Scout troop wasn't 
safe for casual browsing.



==========> 07-01-07-NatlJ-FederalDataSecurityStandardsAgainInDanger.txt==========

Of Cyber Wars and Turf Wars
National Journal (01/06/07) Vol. 39, No. 1, P. 38; Swindell, Bill

As the 110th Congress begins its first session, federal data-security standards 
are once again in danger of falling victim to infighting. Financial Services 
Committee Chairman Rep. Barney Frank (D-Mass.) has requested the formation of a 
multi-committee task force to craft a single data-security standards bill, in 
hopes of avoiding the jurisdictional struggle between the Financial Services 
Committee (FSC) and the Energy and Commerce Committee (ECC) that befell the 
109th Congress's attempt to lay down data-security standards. "I want us to 


==========> 07-01-07-NYT-ZombieComputersAGrowingThreat.txt==========

http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1&oref=slogin

The New York Times, January 7, 2007
Attack of the Zombie Computers Is Growing Threat
By JOHN MARKOFF

In their persistent quest to breach the Internet’s defenses, the bad guys are 
honing their weapons and increasing their firepower.

With growing sophistication, they are taking advantage of programs that 


==========> 07-01-08-CompWorld-IntelDevelopsWaysForSystemsToAdaptToSecurityChallenges.txt==========

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomy
Name=security&articleId=277028&taxonomyId=17&intsrc=kc_feat

Computer Security: Adapt or Die
As security threats evolve, systems will have to become adaptive and resilient.
Gary Anthes

January 08, 2007 (Computerworld) -- Intel Corp. is developing a way for 
networked computers to “gossip” among themselves, sharing their experiences and 
“beliefs.” The idea is to stay a step ahead of hackers.


==========> 07-01-16-Bus2-MustKnowSecurityInsightsFor2007.txt==========

http://blogs.business2.com/utilitybelt/2007/01/interview_mustk.html

Business 2, 2007.01.16
Interview: Must-know security insights for 2007
Posted by: Jon Fortt | Jan 16, 2007 2:16:32 PM

0701kocher_bw Security has become something of a niche for this blog, since 
there are few things you can do that are of greater utility than protect your 
stuff. So for some insights into the trends that will matter in 2007, I chatted 
with Paul Kocher, president of Cryptography Research and one of the architects 


==========> 07-01-16-GovtExec-AdvidsoryCouncilCallsForMoreCollaborationWithPrivateSector.txt==========

http://www.govexec.com/dailyfed/0107/011607j1.htm

January 16, 2007, Government Executive
Advisory council seeks tighter cyber security net
By Jonathan Marino

An advisory council approved a report Tuesday calling for greater collaboration 
between the government and private sector to create a cybersecurity network 
impermeable to what officials called a growing terrorist threat.



==========> 07-01-17-APRetailerMarshallsReportsCustomerDataTheft.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16482506.htm

Posted on Wed, Jan. 17, 2007
Parent of T.J. Maxx, Marshalls reports customer data theft

FRAMINGHAM, Mass. (AP) - TJX Cos., operator of T.J. Maxx and Marshalls discount 
stores, said Wednesday its computer systems were hacked late last year and 
customer data has been stolen.

The company said the full extent of the intrusion is not yet known, but it is 


==========> 07-01-18-AP-eBayTightensSecurityPrecautions.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16485614.htm

Posted on Thu, Jan. 18, 2007
EBay heightens security precautions
RACHEL KONRAD, Associated Press

SAN FRANCISCO - Executives at eBay Inc. are touting security as their top 
priority in 2007 after an internal survey showed that online scammers may be 
denting the company's reputation.



==========> 07-01-19-AP-VirusSpreadsDisguisedAsEuropeanStorms.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16500869.htm

Posted on Fri, Jan. 19, 2007
Virus spreads disguised as news on European storms

HELSINKI, Finland (AP) - Spammers are exploiting the public's interest in this 
week's European storm to spread a computer virus that sends junk e-mail, 
computer security experts said Friday.

The malicious program, dubbed ``Storm Worm,'' has infected at least 10,000 PCs 


==========> 07-01-19-ZDNetUK-LinuxDeveloperArguesAgainstSecurityLiability.txt==========

http://www.zdnet.com.au/news/software/soa/Linux_guru_argues_against_security_lia
bility/0,130061733,339273139,00.htm?ref=search

Linux guru argues against security liability
By Tom Espiner, ZDNet UK, 19 January 2007 08:16 AM

Alan Cox, one of the leading Linux kernel developers, has told a House of Lords 
hearing that neither open- nor closed-source developers should be liable for 
the security of the code they write.



==========> 07-01-20-ITBus-CodeObfuscationTechniquesBeingUsedByHackers.txt==========

http://www.itbusiness.ca/it/client/en/Home/News.asp?id=41807&bSearch=True

ITBusiness, January 20, 2007
Malware creators turn code protection technique to their advantage 		
"Obfuscation" being used to hide malicious payload, report says 	
by Poonam Khanna 	

A technique for coding designed to protect software against reverse engineering 
that is being exploited by malicious code writers is growing in popularity, 
according to a report released this week.


==========> 07-01-21-AP-HackersAttackGorbachevWebsite.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16515217.htm

Posted on Sun, Jan. 21, 2007
Hackers attack Gorbachev's Web site, Associated Press

MOSCOW - Hackers attacked the Web site of a foundation run by former Soviet 
leader Mikhail Gorbachev, accusing him of brutally suppressing a 
pro-independence demonstration in Soviet Azerbaijan in 1990.

The perpetrators posted photographs of the suppressed rally on the Web site and 


==========> 07-01-21-AP-SpammersUseEuropeanStormInterestToSendVirus.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16515223.htm

Posted on Sun, Jan. 21, 2007
Virus exploits interest in Europe storm, Associated Press

HELSINKI, Finland - Spammers are exploiting the public's interest in this 
week's European storm to spread a computer virus that sends junk e-mail, 
computer security experts said Friday.

The malicious program, dubbed "Storm Worm," has infected at least 10,000 PCs 


==========> 07-01-23-CNET-StormWormTrojanHorseProliferates.txt==========

http://news.com.com/Storm+Worm+Trojan+horse+surges+on/2100-7349_3-6152308.html

'Storm Worm' Trojan horse surges on
By Tom Espiner, CNET Networks, Jan 23 06:36:27 PST 2007

Many home PC users may have been infected after a large-scale sustained Trojan 
horse attack that took place over the weekend, security vendors believe.

The Trojan, named "Storm Worm" by antivirus vendor F-Secure, first started to 
spread on Friday as extreme storms engulfed Europe. The e-mail claimed to 


==========> 07-01-25-BBCNews-CriminalsControllingMillionsOfComputersThreatenInternetFuture.txt==========

http://news.bbc.co.uk/2/hi/business/6298641.stm

Criminals 'may overwhelm the web'
By Tim Weber, Business editor, BBC News website, Davos, 2007/01/25 

Criminals controlling millions of personal computers are threatening the 
internet's future, experts have warned.

Up to a quarter of computers on the net may be used by cyber criminals in 
so-called botnets, said Vint Cerf, one of the fathers of the internet.


==========> 07-01-26-Fosters-ResearchersDevelopComputerModelForCyberSecurityThreats.txt==========

http://www.fosters.com/apps/pbcs.dll/article?AID=/20070126/FOSTERS01/101260276

Fosters, Article published Jan 26, 2007
New UNH model measures cyber threat

DURHAM — The United States is vulnerable to cyber attacks, according to 
researchers at the University of New Hampshire, but can we measure just how 
much of a threat any nation, terrorist group, or individual poses?

Researchers and students with the Justiceworks Technical Analysis Group have 


==========> 07-01-29-MedisNews-PotentialCyberAttacksWorriesExpert.txt==========

http://www.siliconvalley.com/mld/siliconvalley/16573836.htm

Posted on Mon, Jan. 29, 2007
Tech's dark potential troubles terror expert
By Frank Davies, MediaNews Washington Bureau

WASHINGTON - Five years from now, a wave of cyber attacks cripples the Internet 
infrastructure and global finance. One terrorist assault targets a 
supercomputer hub at Moffett Field near Mountain View.



==========> 07-01-29-UMassCollegian-ScientistProgramCombatsHackers.txt==========

http://media.www.dailycollegian.com/media/storage/paper874/news/2007/01/29/News/
Umass.Scientists.Program.Combats.Hackers-2681643.shtml?sourcedomain=www.dailycol
legian.com&MIIHost=media.collegepublisher.com

UMass scientist's program combats hackers
Michelle Osorio, U Mass Collegian Staff
Posted: 1/29/07

In an age where many computer software developers are concerned with speed, 
University of Massachusetts computer scientist Emery Berger is honing in on 


==========> 07-01-30-NYT-MSOffersBountyForFindingVistaBugs.txt==========

http://www.nytimes.com/2007/01/30/technology/30bugs.html?_r=1&oref=slogin

The New York Times, January 30, 2007
A Lively Market, Legal and Not, for Software Bugs, By BRAD STONE

Microsoft says its new operating system, Windows Vista, is the most secure in 
the company’s history. Now the bounty hunters will test just how secure it is.

When its predecessor, Windows XP, was released five years ago, software bugs 
were typically hunted by hackers for fame and glory, not financial reward. But 


==========> 07-02-00-ACMQueue-UnderstandingHowRootkitsHideProcessesAndFilesFromDetection.txt==========

A Conversation with Jamie Butler

Rootkitting out all evil, ACM Queue vol. 5, no. 1 - February 2007
From Open Source Security

Rootkit technology hit center stage in 2005 when analysts discovered that Sony 
BMG surreptitiously installed a rootkit as part of its DRM (digital rights 
management) solution. Although that debacle increased general awareness of 
rootkits, the technology remains the scourge of the software industry through 
its ability to hide processes and files from detection by system analysis and 


==========> 07-02-00-CACM-ApproachingITSecurityAsAnEngineeringAndManagementProblem.txt==========

Communications of the ACM
Volume 50, Number 2 (2007), Pages 96-98
Technical opinion: IT security: in search of the Holy Grail
Rolf Oppliger

Approaching IT security as an engineering and management problem.

Information technology security is an important topic today. Many companies and 
organizations claim that they have found the Holy Grail to IT security, and 
that they are providing exacly the type of product or service security 


==========> 07-02-01-DarkReading-SchneierToDiscussInteracrtionBetweenPsychologyAndSecurity.txt==========

http://www.darkreading.com/document.asp?doc_id=116153&WT.svl=news1_1

Schneier: In Touch With Security's Sensitive Side
Kelly Jackson Higgins, Senior Editor, Dark Reading

FEBRUARY 1, 2007 | Cryptologist and now, psychologist: Renowned security expert 
Bruce Schneier once again is turning security on its head -- literally. 
Schneier will share his latest research and insight at the RSA conference next 
week on the interplay between psychology and security. (See Schneier On 
Schneier.)


==========> 07-02-03-MichStNews-SurveyFindsOnly10PercentOnInternetUsersConfidentOfTheirSecurity.txt==========

http://www.statenews.com/article.phtml?pk=39480

Project analyzes Internet security [Accessed Feb. 3, 2007]
By KRISTI JOURDAN, The Michigan State News

With every keystroke, computer hackers try to work their way into your computer.

But not if Robert LaRose and Nora Rifon, two MSU professors, can help it.

Last year, the duo conducted a national survey of 557 home Internet users. The 


==========> 07-02-06-AP-HackersOverwhelmAtLeast3Of13InternetTrafficComputers.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16637127.htm

Posted on Tue, Feb. 06, 2007
Hackers overwhelm some key Internet traffic computers

WASHINGTON (AP) - Hackers briefly overwhelmed at least three of the 13 
computers that help manage global computer traffic Tuesday in one of the most 
significant attacks against the Internet since 2002.

Experts said the unusually powerful attacks lasted as long as 12 hours but 


==========> 07-02-06-AP-MSGatesSaysBiggestChallengeIsKeepingDataSecure.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16637223.htm

Posted on Tue, Feb. 06, 2007
Gates says technology's biggest challenge is keeping data secure

SAN FRANCISCO (AP) - Keeping information secure in this age of laptop-lugging 
workers is the tech industry's most formidable challenge, Microsoft Corp. 
Chairman Bill Gates said Tuesday.

Speaking to an annual gathering of 15,000 computer security experts in San 


==========> 07-02-06-PRNewswire-UmarylandStudySaysComputersAttackedEvery39Seconds.txt==========

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/02-06-200
7/0004521013&EDATE=

UM Study: Hackers Attack Computers Every 39 Seconds
Clark School's Cukier Stresses Strong Passwords as Defense Against Harm

    COLLEGE PARK, Md., Feb. 6 /PRNewswire/ -- Are hackers trying to get
into your computer right now? And what are they up to? A study by the
University of Maryland's A. James Clark School of Engineering is one of the
first to quantify the near-constant rate of hacker attacks of computers


==========> 07-02-07-AP-HackersOverwhelmAtLeast3Of13InternetTrafficComputers.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2007/02/06/AR2007020601563.
html

Internet Servers Handle Major Global Attack
By Ted Bridis, Associated Press, February 7, 2007; D03

Hackers briefly overwhelmed at least three of the 13 computers that help manage 
global computer traffic yesterday in one of the most significant attacks 
against the Internet since 2002.



==========> 07-02-07-OpenID-UsersCanHaveUniversalIdentifierAndProtectPasswords.txt==========

http://openid.net/

What is OpenID?
[Accessed Feb. 7, 2007]

OpenID is an open, decentralized, free framework for user-centric digital 
identity.

OpenID starts with the concept that anyone can identify themselves on the 
Internet the same way websites do-with a URI (also called a URL or web 


==========> 07-02-07-SJMerc-MSDescribesNewSecurityTechnologoes.txt==========

http://www.siliconvalley.com/mld/siliconvalley/16641213.htm

Posted on Wed, Feb. 07, 2007
Data security gets smarter
NEW TECHNOLOGIES MAKE SAFEGUARDS PORTABLE, ADAPTABLE
By Ryan Blitstein, Mercury News

Computer security is often about keeping the bad guys out. On Tuesday, 
Microsoft unveiled a series of technologies that make it easier to let the 
right people in.


==========> 07-02-08-NetWorld-USDODPreparedToRetaliateToCyberAttack.txt==========

http://www.networkworld.com/news/2007/020807-rsa-cyber-attacks.html

U.S. cyber counterattack: Bomb 'em one way or the other
National Cyber Response Coordination Group establishing proper response to 
cyberattacks
By Ellen Messmer, Network World, 02/08/07

San Francisco — If the United States found itself under a major cyberattack 
aimed at undermining the nation’s critical information infrastructure, the 
Department of Defense is prepared, based on the authority of the president, to 


==========> 07-02-09-InfoWorld-NewUSCybersecurityChiefProvidesGuidance.txt==========

http://www.infoworld.com/article/07/02/09/HNcybersecurityguidance_1.html

New U.S. cybersecurity chief lays out guidance
Cybersecurity czar takes 'carrot and stick' approach to getting private sector 
to secure critical infrastructure
By Robert McMillan, IDG News Service, February 09, 2007

SAN FRANCISCO -- U.S. companies and the federal government need to step up and 
fix the problems in their computer networks, the nation's new cybersecurity 
czar told attendees during his first-ever address at RSA Conference here on 


==========> 07-02-12-CompWorld-WillSpamVirusesAndBotnetsDestryTheInternet.txt==========

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomy
Id=16&articleId=279934&intsrc=hm_topic

Spam, viruses, botnets: Can the Internet be saved?
Gary Anthes

February 12, 2007 (Computerworld) Advances in IT over the decades have come 
mostly in small increments — Release 2.3 yields to 2.4, transistors shrink a 
few more nanometers, Ethernet gets another speed boost, bugs are fixed, and 
algorithms get tweaked. That kind of evolutionary approach has served users 


==========> 07-02-12-InfoWorld-USDHSReadyingCybersecurityTest.txt==========

http://www.infoworld.com/article/07/02/12/HNcyberstorm2_1.html

US government readying massive cybersecurity test
Second Cyber Storm online attack simulation to be bigger in scope and involve 
more companies both in and out of the IT world
By Robert McMillan, IDG News Service, February 12, 2007

The U.S. Department of Homeland Security (DHS) is planning a large-scale test 
of the nation's response to a cyberattack to be held in early 2008.



==========> 07-02-12-SJMerc-LaptopsAtRSASecurityConferenceFoundVulnerableToAttacks.txt==========

http://www.siliconvalley.com/mld/siliconvalley/16680051.htm

Posted on Mon, Feb. 12, 2007
Tech Notebook: No safety, even at security gathering
By Ryan Blitstein, Sarah Jane Tribble and Matt Marshall, Mercury News

No one is safe anymore -- not even at RSA, one of the information security 
industry's largest gatherings, which took place in San Francisco last week.

Wireless security company AirDefense found that almost 500 laptops, PDAs and 


==========> 07-02-15-AP-TRUSTeCertifiesFirstDownloadableProgramsAsSafe.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16703641.htm

Posted on Thu, Feb. 15, 2007
TRUSTe group certifies first group of downloadable programs as safe

NEW YORK (AP) - An organization that monitors Web site privacy and e-mail 
practices for businesses has certified eight computer programs as 
consumer-friendly and non-invasive.

The list includes Save 4.0 from WhenU.com, a company that previously drew 


==========> 07-02-20-CNET-USDHSCyberSecurityChiefWantsCongressToDeviseWaysToPromoteAdoptionOfSecurityTechnologies.txt==========

http://news.com.com/U.S.+cybersecurity+czar+has+his+marching+orders/2008-7348_3-
6160438.html

U.S. cybersecurity czar has his marching orders
By Joris Evers, CNET Networks, Feb 20 06:27:51 PST 2007

The top U.S. cybersecurity official wants Congress to come up with ways to 
promote adoption of security technologies, and he sees a tax break as one 
possible incentive.



==========> 07-02-22-TechDaily-USDHSCybersecurityHeadSeesChallengesAhead.txt==========

http://www.govexec.com/dailyfed/0207/022207tdpm1.htm

Homeland Security cyber czar sees challenges ahead
By Heather Greenfield, National Journal's Technology Daily, February 22, 2007

The criminals in cyberspace are getting more organized, but so are those 
fighting against them according to the Homeland Security Department's new 
secretary for cybersecurity and telecommunications.

In an interview with Technology Daily, Greg Garcia outlined his goals after 


==========> 07-03-00-CACM-PoorInformationSecurityDerivesFromRiskBasedApproach.txt==========

Communications of the ACM
Volume 50, Number 3 (2007), Page 120
Inside risks: Risks of risk-based security
Donn B. Parker

Information technology trade publications report increasing information 
security losses, questionable risk management and risk assessments, and 
underfunding and understaffing. Government departments receive low grades in 
security. Legislators react by adopting draconian laws such as Sarbanes-Oxley. 
The poor state of information security derives from a fundamental risk-based 


==========> 07-03-00-Symantec-InternetSecurityThreatReport.txt==========

http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport

Internet Security Threat Report
Symantec, March 2007

The Symantec Internet Security Threat Report offers analysis and discussion of 
threat activity over a six-month period. It covers Internet attacks, 
vulnerabilities, malicious code, phishing, spam and security risks as well as 
future trends. The eleventh version of the report, released March 19, 2007, is 
now available.


==========> 07-03-01-eWeek-DemosShowPowerfulNewHackingTechniques.txt==========

http://www.eweek.com/article2/0,1759,2099603,00.asp

Black Hat Demonstrations Shatter Hardware Hacking Myths
By Lisa Vaas, eWeek, March 1, 2007 	

ARLINGTON, Va.—Unless you were at Black Hat on Feb. 28, you probably woke up 
safe in the assumption that if a rootkit hit your system, reimaging would 
remove it. You probably also thought that the best way to search a PC's 
volatile memory, or RAM, was by grabbing it with a PCI card or a FireWire bus.



==========> 07-03-01-NetWorld-PoorCodeInWebApplicationsLeavesThemVulnerable.txt==========

http://www.networkworld.com/news/2007/030107-web-apps-security-problems.html

Here's why your Web apps are sitting ducks
Honeypot researchers blame poor code, search-based hacks for security troubles
By Bob Brown, Network World, 03/01/07

Despite improvements in code quality, Web servers remain at high risk of being 
hacked, according to a new paper from researchers who use honeypot technologies 
to examine how hackers tick.



==========> 07-03-07-HoneyBlog-Puppetnets-MisusingWebBrowsersToAttackComputers.txt==========

http://honeyblog.org/archives/87-Puppetnets-Misusing-Web-Browsers-as-a-Distribut
ed-Attack-Infrastructure.html#extended

"Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure"
honeyblog [Accessed March 7, 2007]

The recent ACM Conference on Computer and Communications Security (CCS'06) had 
some interesting papers. One of them deals with so called Puppetnets. A 
puppetnet is created by malicious web sites which exploit a visiting web 
browser and take control of it. Similar to a botnet, these puppetnets can be 


==========> 07-03-12-AP-3FromIndiaIndictedForHackingBrokerageAccountsToPumpUpStockValues.txt==========

http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16888219.htm

Associated Press, Posted on Mon, Mar. 12, 2007
3 Indian men indicted in online stock hacking scheme

WASHINGTON - Three men from India were indicted Monday on federal charges of 
hacking into online brokerage accounts and pumping up stock values to turn a 
hefty profit for themselves, the Justice Department said.

The alleged ``hack, pump and dump'' scheme has cost one brokerage firm at least 


==========> 07-03-12-UWash-2BPersonalRecordsCompromised-HackersNotAlwaysToBlame.txt==========

http://uwnews.washington.edu/ni/article.asp?articleID=31264

University of Washington Office of News and Information, Mar. 12, 2007
Hackers get bum rap for corporate America's digital delinquency
Peter Lewis,  pblewis@u.washington.edu   	

If Phil Howard's calculations prove true, by year's end the 2 billionth 
personal record -- some American's social-security or credit-card number, 
academic grades or medical history -- will become compromised, and it's 
corporate America, not rogue hackers, who are primarily to blame. By his 


==========> 07-03-14-USAToday-ChineseHackersLikelyBehindAttackOnUSMilitaryComputers.txt==========

http://www.usatoday.com/tech/news/computersecurity/hacking/2007-03-11-chinese-ha
ckers-us-defense_N.htm

Chinese hackers seek U.S. access
By Jon Swartz, USA TODAY, March 14, 2007

SAN FRANCISCO — The cyberattack of a U.S. military computer system has deepened 
concern about cyberspying and the security of the Internet's infrastructure.

Chinese hackers were most likely behind an intrusion in November that disabled 


==========> 07-03-19-StanfordCIS-2BPersonalRecordsCompromised-HackersNotAlwaysToBlame.txt==========

The Center for Internet and Society and The Stanford Law and Technology 
Association
present
A Case of Misplaced Blame? News Accounts of Hacker, Consumer, and
Organizational Responsibility for Compromised Digital Records, 1980-2006
Dr. Philip N. Howard
Assistant Professor of Communications
University of Washington
Monday, March 19, 2007



==========> 07-03-21-CNET-JavaScriptProgramJiktoWillMakePCsHuntForEntryIntoComputers.txt==========

http://news.com.com/Tool+turns+unsuspecting+surfers+into+hacking+help/2100-1002_
3-6169034.html

Tool turns unsuspecting surfers into hacking help
By Joris Evers, CNET Networks, Mar 21 07:36:29 PDT 2007

A security researcher has found a way hackers can make PCs of unsuspecting Web 
surfers do their dirty work, without having to actually commandeer the systems.

That's possible with a new security tool called Jikto. The tool is written in 


==========> 07-03-23-QuennslandUnivOfTech-SearchEngineRankingsGiveMaliciousSitesHighRankings.txt==========

http://www.news.qut.edu.au/cgi-bin/WebObjects/News.woa/wa/goNewsPage?newsEventID
=12042

Queensland University of Technology, 23 March 2007 
Security that nets malicious websites

Have you ever wondered how fraudulent or malicious websites can rank highly on 
search engines like Google or Yahoo?

Queensland University of Technology IT researcher Professor Audun Josang said a 


==========> 07-03-28-NetWorld-QandAWithIABChairOnDNSSecurityAndOtherIssues.txt==========

http://www.networkworld.com/news/2007/032807-iab-chair-dns-security.html

Q&A: New IAB chair mulls DNS security, unwanted Internet traffic
IAB chair Olaf Kolkman says DNSSEC isn’t a failure, but it will take a while 
for the security extensions to become widely deployed
By Carolyn Duffy Marsan, Network World, 03/28/07

Olaf Kolkman, a Dutch DNS expert, is the new chair of the Internet Architecture 
Board, a panel of 13 leading network engineers who provide technical oversight 
to the IETF, the Internet’s premier standards-setting body. He’s also CEO of 


==========> 07-03-30-WashPost-HackersSteal46MCreditCardsDataFromTJX.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2007/03/29/AR2007032900237.
html

Data Theft Grows To Biggest Ever
Fraudulent Purchases Pop Up in Breach Of 45.7 Million Shoppers' Records
By Ellen Nakashima and Ylan Q. Mui, Washington Post Staff Writers, March 30, 
2007; D01

At least 45.7 million credit and debit card numbers from customers in the 
United States, Britain and Canada were stolen over a period of several years 


==========> 07-04-00-ACMQueue-TheEvolutionOfSecurity.txt==========

http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=478

The Evolution of Security, From DNS
Vol. 5, No. 3 - April 2007, by Daniel E. Geer, Verdasys

What can nature tell us about how best to manage our risks?

Security people are never in charge unless an acute embarrassment has occurred. 
Otherwise, their advice is tempered by "economic reality," which is to say that 
security is a means, not an end. This is as it should be. Since means are about 


==========> 07-04-00-CACM-AnalysisOnIntrusionPreventionDataForPredictingHostileActivity.txt==========

Communications of the ACM
Volume 50, Number 4 (2007), Pages 63-68
Analysis of active intrusion prevention data for predicting hostile activity in 
computer networks
Ido Green, Tzvi Raz, Moshe Zviran

Using a generic and reliable model to anticipate future attack scenarios.

The widespread use of computer networks and the Internet have created a 
parallel increase in the concern for security and more specifically, for 


==========> 07-04-04-InfoWorld-SecurityResearchesDiscoverFasterWayToCrackWiFiWEP.txt==========

http://www.infoworld.com/article/07/04/04/HNdontusewep_1.html?source=searchresul
t

Don't use WEP, say German security researchers
Researchers have discovered a faster way to crack the Wi-Fi security protocol
By Peter Sayer, IDG News Service, April 04, 2007

The Wi-Fi security protocol WEP should not be relied on to protect sensitive 
material, according to three German security researchers who have discovered a 
faster way to crack it. They plan to demonstrate their findings at a security 


==========> 07-04-05-TechDaily-BiggestThreatToInternetCouldBeMassiveVirtualBlackout.txt==========

http://www.govexec.com/dailyfed/0407/040507tdpm2.htm

Biggest threat to Internet could be a massive virtual blackout
By Andrew Noyes, National Journal's Technology Daily, April 5, 2007

The most serious threat to the Internet infrastructure in the 21st century is a 
massive virtual blackout known as a "distributed denial of service attack," an 
outspoken board member for the group that administers Internet addresses said 
Thursday at a Hudson Institute briefing.



==========> 07-04-10-VaTech-NewResearchToProtectPersonalInformationFromThjeftAndAbuse.txt==========

http://www.vtnews.vt.edu/story.php?relyear=2007&itemno=215

Protecting electronic information from theft and abuse is the goal of Virginia 
Tech CAREER research
By Liz Crumbley, Virginia Polytechnic Institute & State Univ.

BLACKSBURG, VA., April 10, 2007 -- Learning to design computers so that 
personal and security information can be protected from theft or abuse is the 
goal of Virginia Tech College of Engineering researcher Patrick Schaumont, who 
has received a National Science Foundation (NSF) Faculty Early Career 


==========> 07-04-12-UPI-USGovtPlansToImplementANewInternetSecurityRegime.txt==========

http://www.upi.com/Security_Terrorism/Analysis/2007/04/12/analysis_owning_the_ke
ys_to_the_internet/

Published: April 12, 2007 at 2:14 PM
Analysis: Owning the keys to the Internet
By SHAUN WATERMAN, UPI Homeland and National Security Editor

WASHINGTON April 12 (UPI) -- The U.S. government is pressing ahead with plans 
to implement a new security regime for the basic architecture of the World Wide 
Web, despite unease in some corners of the international Internet management 


==========> 07-04-13-Dartmouth-DartmouthCyberSecurityProjectGetsUSDHSResearchFunding.txt==========

http://www.dartmouth.edu/~news/releases/2007/04/13.html

Dartmouth gets award for cyber security studies
Dartmouth College Office of Public Affairs • Press Release
Posted 04/13/07 • Laurie Burnham • (603) 646-3661

The U.S. Department of Homeland Security recently approved an $11.7 million 
funding increase for Dartmouth's Cyber Security Collaboration and Information 
Sharing Project. The award, which will be divided between two Dartmouth 
institutes, will provide $8.7 million to the Institute for Information 


==========> 07-04-13-SJMerc-StormWormEmailVirusReturns.txt==========

http://www.siliconvalley.com/ci_5660308?nclick_check=1

Storm Worm e-mail virus returns with a vengeance
By Ryan Blitstein, Mercury News, 04/13/2007 10:53:11 AM PDT

The Storm Worm is back.

The e-mail virus, which first attacked in January, has returned with a 
vengeance during the last 24 hours, boosting the amount of virus traffic on the 
Internet to as much as 60 times the normal amount, according to San Carlos 


==========> 07-04-16-InfoWorld-P2PWormsAndBotnetsIncreasing.txt==========

http://www.infoworld.com/article/07/04/16/HNp2pworm_1.html

P2P worms get their turn
Security experts warn of dangerous new threats arising from new botnet 
techniques and the consolidation of fraudulent organizations
By Matt Hines, InfoWorld, April 16, 2007

Massive networks of infected computers controlled by attackers worldwide will 
serve as a powerful engine for the new breed of so-called P2P worm that is 
currently echoing across cyberspace.


==========> 07-04-17-eWeek-SecurityRemainsAChallengeForBrowserDevelopers.txt==========

http://www.eweek.com/article2/0,1895,2114880,00.asp

Security Remains a Challenge for Browser Developers
By Peter Galli, eWeek, April 17, 2007	

SAN FRANCISCO—Some of the leading names in the browser market took to the stage 
at the Web 2.0 conference here on April 16 to give an update on the state of 
that technology, and all agreed that security was one of the biggest challenges 
facing the industry.



==========> 07-04-19-WashPost-USGovernmentComputersTargetedAtUnprecidentedScale.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2007/04/19/AR2007041901898.
html

Gov't Straining to Secure Computer Systems
Hackers Increasingly Gaining Access to Networks, Congress Is Told
By Brian Krebs, washingtonpost.com Staff Writer, April 19, 2007; 5:33 PM

Federal computer networks are being targeted on an unprecedented scale and 
recent high-profile compromises at two key federal agencies are likely just the 
most visible symptoms of a government-wide security epidemic, government 


==========> 07-04-25-MSAndACM-BotnetBrownBagSession.txt==========

Microsoft and ACM
How Botnets Generate Spam and Steal Your Identity, April 25, 2007 

Robots are alive and well today, but resemble nothing you’ve seen from science 
fiction or in a lab. 
They are hiding on millions of computers around the world. Known as ‘bots, they 
are programs 
installed on computers, without the knowledge of their owners, turning them 
into “zombies” under 
the control of a hacker or “bot herder” and used by criminal networks. When 


==========> 07-05-00-ACMQueue-HarwiredHomeNetworksAreBetterThanWireless.txt==========

http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=494

Embracing Wired Networks: Even at home, hardwiring is the way to go.
From API Design, Vol. 5, No. 4 - May/June 2007
by Mache Creeger, Emergent Technology Associates
ACMQueue [Accessed Aug. 14, 2007

Most people I know run wireless networks in their homes. Not me. I hardwired my 
home and leave the Wi-Fi turned off. My feeling is to do it once, do it right, 
and then forget about it. I want a low-cost network infrastructure with 


==========> 07-05-01-CFP2007-ComputersFreedomAndPrivacyConference.txt==========

http://www.cfp2007.org/live/index.html

The Computers, Freedom & Privacy Conference has been a leading venue for public 
debate on the future of computing, privacy and freedom in the online world for 
the past 16 years. Join us for our 17th year with key representatives from 
government, business, education, and non-profits; including the legal, law 
enforcement, security, media, consumer, and hacker communities. We will gather 
together to discuss policy trends, security issues and to help map the future 
of society and new technologies.



==========> 07-05-05-NewSci-FirewallsAndAntivirusProgramsDoNotExamineBrowserDownloadedMaterial.txt==========

http://www.newscientisttech.com/channel/tech/mg19426026.000-web-browsers-are-new
-frontline-in-internet-war.html

Web browsers are new frontline in internet war
05 May 2007, Jeff Hecht, NewScientist.com news service

YOU are surfing the net, and stop at a sports site you regularly visit to read 
the latest headlines. You are always careful to avoid sites that appear 
suspect, so you feel safe online. Unbeknownst to you, though, and to the 
innocent owner of the website, a piece of malicious code has been added to the 


==========> 07-05-07-TechDaily-USDHSAdvisoryPanelProposalsForRealIDActDocuments.txt==========

Panel Finalizes Proposal For Standardized Licenses
by Andrew Noyes 
Tech Daily, May 7, 2007

     A government advisory board charged with examining data protection and
privacy policies on Monday finished a dozen recommendations on driver's
licenses that will be sent to the Homeland Security Department before a
Tuesday deadline. 
     After a lengthy debate, the group approved a document to guide the
agency as it moves toward implementing the so-called REAL ID Act, which


==========> 07-05-08-ACM-USACMProposesDelayInRealIDImplementationToAssurePrivacyAndSecurity.txt==========

http://campus.acm.org/public/pressroom/press_releases/5_2007/realid.cfm

The Association for Computing Machinery
USACM URGES REVISIONS TO NATIONAL IDENTIFICATION POLICY
Proposes Delay in Real ID Implementation to Assure Individual Privacy and 
Security

Washington, DC - May 8, 2007 - ACM's US Public Policy Committee (USACM) today 
issued a series of recommendations that address serious flaws in the nation's 
REAL ID Act. In comments to a proposed rulemaking setting out regulations for 


==========> 07-05-08-AP-UnivOfMissouriStudentDataCompromised.txt==========

http://www.siliconvalley.com/news/ci_5846931

Missouri reports computer breach revealed of more than 22,000 students' 
personal information
Associated Press, 05/08/2007 12:44:47 PM PDT

COLUMBIA, Mo. - A computer hacker accessed the Social Security numbers of more 
than 22,000 current or former students at the University of Missouri, the 
second such attack this year, school officials said Tuesday. The FBI is 
investigating.


==========> 07-05-08-USACM-USACMBriefsLawmakersAboutBotnetThreats.txt==========

=============================================================
                ACM Washington Update
                    Vol. 11.4
                  May 8, 2007
=============================================================

ACM EDUCATES POLICYMAKERS ABOUT THE THREATS FROM BOTNETS

ACM and Microsoft cosponsored a Capitol Hill briefing about the growing
threat of botnets - malicious software installed on unsuspecting computers,


==========> 07-05-09-eWeek-JavaSecurityProblemsGettingWorse.txt==========

http://www.eweek.com/article2/0,1759,2128071,00.asp

Java Security Traps Getting Worse
By Lisa Vaas, eWeek, May 9, 2007

Updated: At JavaOne last year, Fortify's Brian Chess discussed how to avoid 
Java security holes. A year later, with even Sun's manuals containing code with 
cross-site scripting vulnerabilities, we're actually worse off than ever.

A year ago at JavaOne, Fortify Software Founder and Chief Scientist Brian Chess 


==========> 07-05-11-IdahoNatlLab-CriticalInfrastructureInSeriousJepardyFromHackerAttacks.txt==========

http://www2.csoonline.com/exclusives/column.html?CID=32893

U.S. Critical Infrastructure in Serious Jeopardy
Our electrical service, transportation, refineries and drinking water are at 
serious risk from very simple hacker attacks.
Aaron Turner, Idaho National Lab [Accessed May 11, 2007]

WHITE PAPER
Security Beyond Today: Layered security for addressing fraud today ... and 
adapting to tomorrow


==========> 07-05-14-NetWorld-OffensiveTEchnologiesUsedToSecureComputerNetworks.txt==========

http://www.networkworld.com/news/2007/051407-woot-offensive-technologies.html

Using “offensive technologies” to secure networks
Network security researchers to focus on attacks and defense
By Bob Brown, Network World, 05/14/07

The First Usenix Workshop on Offensive Technologies is coming to Boston on Aug 
6. It’s hard to resist an event called WOOT, even though we weren’t quite sure 
what it was all about. So we shot an e-mail to Tal Garfinkel, a Ph.D graduate 
student in Stanford University’s computer science department and one of WOOT’s 


==========> 07-05-16-InternetWormAttackedVoterDatabaseInFloridaDuringEarlyVoting.txt==========

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleI
d=9019560&intsrc=hm_list

Worm attacked voter database in notorious Florida district
Machine in hotly contested 13th Congressional district lain low by Slammer on 
first day of election, By Brad Friedman

May 16, 2007 (Computerworld) -- The computer database infrastructure of 
Sarasota County, Fla., was attacked by a notorious Internet worm on the first 
day of early voting during the 2006 election, which featured the now-contested 


==========> 07-05-17-AP-EstonianOfficialSuggestsRussianRoleInCyberAttacks.txt==========

http://www.siliconvalley.com/news/ci_5918836

Estonia's defense minister: Possible Russian role in cyber attacks
Associated Press, 05/17/2007 10:10:39 AM PDT

TALLINN, Estonia - Estonia's defense minister said Thursday there was a 
possibility that the Russian government was involved in cyber attacks against 
the Baltic nation's Web sites this month.

The evidence collected so far did not prove "a governmental role, but it 


==========> 07-05-17-TimesOnline-GovernmentsPrepareForInternetBasedAttackOnInfrastructure.txt==========

http://www.timesonline.co.uk/tol/news/world/article1803847.ece

Times Online, May 17, 2007
Cyber-war - the way of the future?, ByJonathan Richards

Governments are increasingly preparing themselves for an internet-based attack 
on their essential service infrastructure, say security experts

The prospect of inter-governmental cyber-war was something for which countries 
needed to be increasingly prepared, security experts said today.


==========> 07-05-18-SyracuseUniv-ResearchersPublishPlanToDecentralizeDNSWithDNSSecurityExtensions.txt==========

http://sunews.syr.edu/story_details.cfm?id=4147

Academic group releases plan to share power over Internet root zone keys
Friday, May 18, 2007, Margaret Costello,  Syracuse University

A group of scholars centered at Syracuse University has published a plan to 
decentralize authority over the Internet domain name system (DNS) as it 
transitions to a new, more secure technology known as DNS Security Extensions 
(DNSSEC).



==========> 07-05-18-WashInternetDaily-DNSSecurityExtensionsCostlyInternetGovernanceProjectTold.txt==========

DNSSec Too Costly, Difficult to Use, IGP Hears
Washington Internet Daily (05/18/07) Vol. 8, No. 96, Piper, Greg

The Internet Governance Project addressed the issue of the DNS Security 
Extensions protocol (DNSSec) during a meeting that was attended by Matt Larson 
of VeriSign's naming and directory services unit. Larson explained that there 
has not yet been much demand for DNSSec, and it would require a 
multimillion-dollar investment from VeriSign; thus the company is "looking at 
this landscape very carefully." Speakers at the meeting said IT departments 
would not be able to handle the litany of technical problems posed by DNSSec, 


==========> 07-05-19-WashPost-EstoniaSubjectOfMassiveCyberAttacks.txt==========

http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR2007051802122.
html

Cyber Assaults on Estonia Typify a New Battle Tactic
By Peter Finn, Washington Post Foreign Service, May 19, 2007; A01

TALLINN, Estonia, May 18 -- This small Baltic country, one of the most wired 
societies in Europe, has been subject in recent weeks to massive and 
coordinated cyber attacks on Web sites of the government, banks, 
telecommunications companies, Internet service providers and news 


==========> 07-05-21-FedCompWeek-USDHSSeeksCybersecurityResearchWhitePapers.txt==========

http://www.fcw.com/article102766-05-21-07-Web

DHS seeks research on nine cybersecurity areas
BY Alice Lipowicz, Federal Computer Week, Published on May 21, 2007

The Homeland Security Department is initiating an ambitious Cyber Security 
Research Development Center program that entails soliciting input from 
industry, government labs and academia on how to protect data against the 
latest threats and intrusions.



==========> 07-05-22-CompWorld-USDHAPublishesSectorSpecificPlanForSecureITInfrastructure.txt==========

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomy
Name=disaster_recovery&articleId=9020680&taxonomyId=151&intsrc=kc_top

DHS publishes sector-specific protection plan for IT infrastructure
It aims to protect 17 specific sectors against a range of terrorist and natural 
threats

May 22, 2007 (Computerworld) -- The U.S. Department of Homeland Security (DHS) 
yesterday released a broad blueprint of actions that technology companies and 
government entities can take to mitigate terrorist and other threats against 


==========> 07-05-22-KansasCityInfoZine-BetterSecurityWouldLeadToMoreInternetApplications.txt==========

http://www.infozine.com/news/stories/op/storiesView/sid/23018/

Kansas CityinfoZine, Tuesday, May 22, 2007
Better Internet Security Means Technological Breakthroughs
By Aariel Charbonnet - Passengers may soon be able to send e-mails from 
commercial aircraft 30,000 feet above ground. That was among several 
predictions two engineering experts described at a Capitol Hill briefing Monday.
 
Washington, D.C. - Scripps Howard Foundation Wire - infoZine - Carl Gunter, a 
professor of computer science at the University of Illinois at 


==========> 07-05-22-PressDemo-SonomaStateProfessorDefendsTeachingVirusProgramming.txt==========

http://www1.pressdemocrat.com/apps/pbcs.dll/article?AID=/20070522/NEWS/705220312
/1033/NEWS01

Computer viruses invade SSU class -- on purpose
Professor defends teaching how to create malicious programs; 3 companies vow 
not to hire grads
By NATHAN HALVERSON, THE PRESS DEMOCRAT, May 22, 2007

In a well-secured, windowless lab in the basement of Sonoma State University's 
Darwin Hall, students spent last semester creating and experimenting with 


==========> 07-05-23-CompWorldAus-GlobalNatureOfSoftwareDevelopmentRaisesSecurityIssues.txt==========

http://www.computerworld.com.au/index.php?id=1888189123

Globalization has made software development a national security issue
Expert says the global nature of software development is a concern
Sandra Rossi, Computer World Australia, 23/05/2007 14:05:50

Former US cyber security tsar Andy Purdy this week warned that globalization, 
which is driving companies to pursue talent and lower costs around the world, 
has turned software development into a national security issue.



==========> 07-05-23-SecSearch-SixSecurityResearchersWorkingBehindTheScenes.txt==========

http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1256055,00.htm
l

Eyeing unnoticed security researchers, By Dennis Fisher
SecuritySearch.com, 23 May 2007
Executive Editor Dennis Fisher identifies six security researchers that have 
been conducting work behind the scenes rather than seeking the limelight.

Security experts and law enforcement officers often talk about the fact that 
hacking is a full-time, 24-hour-a-day job for the bad guys. They have no 


==========> 07-05-24-CarnegieMellonUniv-CompScientistsUsesCAPTCHATechnologyToImproveSecurityAndScannedTextSearchability.txt==========

http://www.cmu.edu/news/archive/2007/May/may24_recaptcha.shtml

Carnegie Mellon Project Boosts Book Digitization Efforts
System Improves Internet Security and Book Searchability, CMU, May 24, 2007

PITTSBURGH—A Carnegie Mellon University computer scientist is enlisting the 
unwitting help of thousands, if not millions, of Web users each day to 
eliminate a technical bottleneck that has slowed efforts to transform books, 
newspapers and other printed materials into digitized text that is computer 
searchable.     


==========> 07-05-24-eGovMonitor-NovInternetGovernanceForumToAddressAccessAndSecurityIssues.txt==========

http://www.egovmonitor.com/node/11166

Internet Governance Forum in November to address access, security issues, UN 
official says
Source: United Nations
eGovMonitor, Published Thursday, 24 May, 2007 - 12:02

The next meeting of the Internet Governance Forum in November will focus on 
access, openness, security and diversity, a top United Nations official said 
yesterday at a press conference in Geneva.


==========> 07-05-24-UWisc-ResearchersTryToStayOneStepAheadOfVirusCreators.txt==========

http://www.news.wisc.edu/13827

Computer scientists set on winning the computer virus ‘cold war’
Univ. of Wisconsin-Madison, May 24, 2007

First came the virus. Then came the antivirus software. Ever since, virus 
programmers have been escalating their technology, trying to stay one step 
ahead of the computer security engineers and vice versa.

"Essentially, this is an arms race," says Somesh Jha, an associate professor of 


==========> 07-05-28-WashTech-RealIDCouldCreateSecurityAndPrivacyIssues.txt==========

http://www.washingtontechnology.com/print/22_09/30734-1.html

Washington Technology, 05/28/07; Vol. 22 No. 09
Real ID, real debate, By Alice Lipowicz
Sides argue about whether license standardization can or should be done

“It is a private network with multiple security layers. If we had to support 
the same concept for 280 million people, it is doable.” — Philippe Guiot, AAMVA

Security experts, vendors and trade associations are sharpening the debate on 


==========> 07-05-29-NYT-EstonianDataSiegeLooksLikeCyberWarfare.txt==========

http://www.nytimes.com/2007/05/29/technology/29estonia.html?_r=1&adxnnl=1&oref=s
login&adxnnlx=1180559767-0pchisYi321O752E4vhQcw

The New York Times, May 29, 2007
Digital Fears Emerge After Data Siege in Estonia
By MARK LANDLER and JOHN MARKOFF

TALLINN, Estonia, May 24 — When Estonian authorities began removing a bronze 
statue of a World War II-era Soviet soldier from a park in this bustling Baltic 
seaport last month, they expected violent street protests by Estonians of 


==========> 07-05-30-eWeek-ChineseMilitaryPreparesForCyberWarfareFirstStrike.txt==========

http://www.eweek.com/article2/0,1759,2139041,00.asp

China Prepares for First Strike in Electronic War
eWeek, May 30, 2007, By  Lisa Vaas

China's military is preparing for electronic warfare by setting up information 
warfare units that are developing viruses to attack enemy computers and 
networks, according to the Department of Defense's annual report to Congress.

According to the DoD, the PLA (People's Liberation Army) has also established 


==========> 07-05-30-NewSci-P2PFileSharingNetworksBeingSubvertedForWebAttacks.txt==========

http://www.newscientisttech.com/article/dn11949-filesharing-sites-being-subverte
d-for-web-attacks.html

File-sharing sites are being subverted for web attacks, By Mason Inman
NewScientist.com news service, 12:36 30 May 2007

Peer-to-peer (P2P) file-sharing networks, which let users trade movies, music 
and software online, are increasingly being used to trick PCs into attacking 
other machines, experts say.



==========> 07-06-00-CACM-DevelopersAreResponsibleForSystemRisks.txt==========

Communications of the ACM, Volume 50, Number 6 (2007), Page 104
Inside risks: Risks are your responsibility, Peter A. Freeman

In his February 2007 column, Peter Neumann mentioned some failures that 
resulted from inadequate attention to the architecture of the overall system 
when considering components. But many developers cannot influence or even 
comprehend the system architecture. So, how can they be held responsible in 
such a situation? Although many system failures can be detected and prevented 
without reference to the system architecture, professionals working on isolated 
components still have professional—indeed, moral—duties to ensure their results 


==========> 07-06-00-CACM-DNSSEC-DNSSecurityExtensionsAndSecuringInternetInfrastructure.txt==========

Communications of the ACM, Volume 50, Number 6 (2007), Pages 44-50
DNSSEC: a protocol toward securing the internet infrastructure
Amy Friedlander, Allison Mankin, W. Douglas Maughan, Stephen D. Crocker

DNSSEC is properly understood as a component in an ecology of security 
protocols and measures.

Asked about their security concerns on the Internet, most end users in the U.S. 
cite privacy and data confidentiality [6]. Experts, however, have substantially 
different views. A 2004 survey of technology leaders by the Pew Internet & 


==========> 07-06-00-FTC-HackersAndSpammersMayBeUsingYourComputer.txt==========

http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt132.shtm

FTC Consumer Alert, June 2007 
Botnets and Hackers and Spam (Oh, My!)

Hackers and spammers may be using your computer right now. They invade secretly 
and hide software to get access to the information on your computer, including 
your email program. Once on your computer, they can spy on your Internet 
surfing, steal your personal information, and use your computer to send spam — 
potentially offensive or illegal — to other computers without your knowledge.


==========> 07-06-00-USGAO-ReportOnOnSocialSecurityNumberSecurity.txt==========

http://www.gao.gov/new.items/d07752.pdf

Report to the Chairman, Subcommittee  on Administrative Oversight and the 
Courts, Committee on the Judiciary, U.S. Senate 
United States Government Accountability Office, June 2007 
Federal Actions Could Further Decrease Availability in Public Records, though 
Other Vulnerabilities Remain
GAO-07-752 

Letter 1


==========> 07-06-02-InfoWeek-NewDigitalIdentitySystemsAreMoreComprehensive.txt==========

URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=199900170

Web Credibility: Hard Earned, Harder To Prove
Digital identity and "reputation" systems are evolving into more comprehensive 
and transportable ID managers.
By J. Nicholas Hoover,  InformationWeek, June 2, 2007

Nobody knows you're a dog on the Web--or a mechanic, athlete, hacker, marketing 
whiz, zealot, or SQL programmer. That is, unless you tell them. In which case, 
they may or may not believe you, and they have few options for verifying your 


==========> 07-06-04-AP-SearchTermsRelatedToMusicAndTechMostLikelyToReturnSitesWithMaliciousCode.txt==========

http://www.siliconvalley.com/news/ci_6057100

Study: Music, tech search terms riskiest, but search engines slightly safer 
overall
Associated Press, 06/04/2007 07:12:30 AM PDT

NEW YORK - Search terms related to music and technology are most likely to 
return sites with spyware and other malicious code, a new study finds.

Some 42 percent of the results using the term "screensavers," for example, led 


==========> 07-06-04-FedCompWeek-USDHSSeeksCyberSecurityResearchInNineAreas.txt==========

http://www.fcw.com/article102864-06-04-07-Print

DHS sets its cyber R&D goals
Growing cybersecurity threats prompt DHS to seek quick turnaround on cyber 
research
BY Brian Robinson, Feomputer Week, Published on June 4, 2007

DHS seeks research on nine cybersecurity areas
Science & Technology Directorate’s broad agency announcement (FedBizOpps.gov)
New DHS plans target sector-specific infrastructure protection


==========> 07-06-05-ArsTechnica-ExpertsSayGovernmentInvolvementNeededToCombatPhishing.txt==========

http://arstechnica.com/news.ars/post/20070605-internet2-security-boss-pcs-need-u
niversal-healthcare.html

Internet2 Security Honcho: PCs Need Universal Healthcare
By Ken Fisher  | Published: June 05, 2007 - 11:52AM CT | ArsTechnica

Joe St Sauver, manager of Internet2 Security Programs, gave a presentation last 
week at the Anti-Phishing Working Group Counter e-Crime Summit in San Francisco 
that argued government involvement will eventually be necessary to combat the 
growing menace of botnets.


==========> 07-06-05-WSJ-ResearchersSayAttacksOnDNSRootServersThreatenGlobalEconomy.txt==========

Net Attack
Wall Street Journal (06/05/07) Mannes, Aaron; Hendler, James

University of Maryland Ph.D. student Aaron Mannes and Rensselaer Polytechnic 
Institute computer science professor James Hendler warn that the cyberwarfare 
era is upon us, as evidenced by numerous incidents that include an assault on 
six of the 13 "root servers" comprising the Internet's backbone in February. 
Such attacks threaten the global economy, and signify the pressing need to 
strengthen the Internet against criminals. The authors note similarities 
between various politically charged online attacks, such as the defacing or 


==========> 07-06-07-ACM-ExpertUrgesIdentityVerificationSafeguardsForElmployeeElegibilitySystems.txt==========

http://campus.acm.org/public/pressroom/press_releases/6_2007/neumann.cfm

The Association for Computing Machinery
COMPUTER EXPERT URGES IDENTITY VERIFICATION SAFEGUARDS FOR EMPLOYEE ELIGIBILITY 
SYSTEMS
Neumann's Congressional Testimony Warns of Risks to Personal Privacy, System 
Integrity

NEW YORK, June 7, 2007 - At a Congressional hearing today on security and 
privacy issues affecting efforts to verify employee eligibility, Peter G. 


==========> 07-06-07-AScribeNewswire-ExpertUrgesIdentityVerificationSafeguardsForEmployeeElicibilitySystems.txt==========

http://newswire.ascribe.org/cgi-bin/behold.pl?ascribeid=20070607.071237&time=08%
2002%20PDT&year=2007&public=0

AScribe Newswire, Jun 7 08:02:29 2007 Pacific Time
Computer Expert Urges Identity Verification Safeguards for Employee Eligibility 
Systems; Neumann's Congressional Testimony Warns of Risks to Personal Privacy, 
System Integrity

       NEW YORK, June 7 (AScribe Newswire) -- At a Congressional hearing today 
on security and privacy issues affecting efforts to verify employee 


==========> 07-06-07-CSMonitor-CouldUSRepelCyberattack.txt==========

http://www.csmonitor.com/2007/0607/p01s01-usmi.html

Could US repel a cyberattack?
The nation's defense relies on a small group that operates on a tiny budget and 
with little clout, experts say.
By Ben Arnoldy and Gordon Lubold | Staff writers of The Christian Science 
Monitor, June 7, 2007

Oakland, Calif. and Washington - Evidence is mounting that cyberwarfare tactics 
are part of the 21st-century arsenals of powers like Russia and China, yet the 


==========> 07-06-07-NetWorld-NewAntivirusTechnologyReliesOnSystemStateChanges.txt==========

http://www.networkworld.com/news/2007/060707-antivirus-technology-needs-classifi
cation-fix.html

Antivirus fix in works by security researchers
Claim current antivirus tools too inconsistent in handling threats
By Network World Staff, Network World, 06/07/07

Antivirus technologies might not be on their last legs, but they could use a 
second wind, security researchers say.



==========> 07-06-07-USACM-ExpertUrgesIdentityVerificationSafeguardsForEmployeeElicibilitySystems.txt==========

COMPUTER EXPERT URGES IDENTITY VERIFICATION SAFEGUARDS FOR EMPLOYEE
ELIGIBILITY SYSTEMS

Neumann's Congressional Testimony Warns of Risks to Personal Privacy, System 
Integrity
ACM

NEW YORK, June 7, 2007 - At a Congressional hearing today on security
and privacy issues affecting efforts to verify employee eligibility,
Peter G. Neumann testified on behalf of the U.S. Public Policy Committee


==========> 07-06-08-DarkReading-AntiHackingLawsThreatenWebSecurityResearchers.txt==========

http://www.darkreading.com/document.asp?doc_id=125984

Laws Threaten Security Researchers
Dark Reading, JUNE 8, 2007

What if a Web researcher found a bug on your Website today -- but was too 
afraid of the law to tell you?

The Computer Security Institute (CSI) recently formed a working group of Web 
researchers, computer crime law experts, and U.S. Department of Justice agents 


==========> 07-06-11-ChicTrib-ResearchersDevelopingHardwareToProtectComputerDataByUniqueSignature.txt==========

Hardware Designed to Protect Data From Theft By Hackers
Chicago Tribune (06/11/07) Van, Jon

In an effort to make computers more secure and reliable, University of Illinois 
at Urbana-Champaign researchers have been working for more than a year on the 
Trusted ILLIAC project, an effort to develop hardware that is capable of 
configuring itself to give each application a unique signature. The hardware 
cannot be reprogrammed by hackers and creates a barrier to protect sensitive 
data. "Hackers cannot reprogram it, and even insiders cannot access this data," 
says Ravi Iyer, chief scientist of the university's Information Trust 


==========> 07-06-12-AP-MSFixesSecirityFlawsInWindowsIE.txt==========

http://www.siliconvalley.com/news/ci_6123195

Microsoft fixes critical security flaws in Windows, IE
Associated Press, Article Launched: 06/12/2007 01:43:47 PM PDT

SEATTLE - Microsoft Corp. released four critical patches Tuesday to plug 
security holes in several versions of its Windows operating system, Internet 
Explorer Web browser and other programs.

The patches that carried Microsoft's highest security warning all are to 


==========> 07-06-12-Guardian-SafariForWindowsHasSecurityIssues.txt==========

http://blogs.guardian.co.uk/technology/archives/2007/06/12/malware_writers_may_b
e_delighted_with_safari_for_windows.html

Remind us again what the 'secret' features were in Leopard, Mr Jobs? 
Malware writers may be delighted with Safari for Windows
By Jack Schofield / Apple/ Security Tuesday June 12 2007

Safari for Windows is only a public beta, which is just as well. Security 
researchers and malware writers explored it with some relish, and Thor Larholm 
proclaimed: Safari for Windows, 0day exploit in 2 hours. He notes:


==========> 07-06-12-Larholm-SafariForWindowsHasSecurityIssues.txt==========

http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours/

Tuesday, June 12th, 2007 at 2:39
Safari for Windows, 0day exploit in 2 hours, By Thor Larholm

Apple released version 3 of their popular Safari web browser today, with the 
added twist of offering both an OS X and a Windows version. Given that Apple 
has had a lousy track record with security on OS X, in addition to a hostile 
attitude towards security researchers, a lot of people are expecting to see 
quite a number of vulnerabilities targeted towards this new Windows browser.


==========> 07-06-13-AP-FBISyasMillionsOfComputersAreControlledByHackers.txt==========

http://www.siliconvalley.com/news/ci_6134414

FBI: Millions of computers infected, controlled by hackers
Associated Press, Article Launched: 06/13/2007 07:40:39 PM PDT

WASHINGTON - More than 1 million computers - possibly yours, too - are used by 
hackers as remote-controlled robots to crash online systems, accept spam and 
steal users' personal information, the FBI said Wednesday.

The government has no way to track down all the computers, both in the U.S. and 


==========> 07-06-13-PCWorld-SafariForWindowsHasSecurityIssues.txt==========

http://www.pcworld.com/article/id,132845-c,browserbugs/article.html

Windows Safari Bug-Hunters Boost Tally
Just a day after Apple unveils its browser, security researchers report 18 
flaws--and counting.
Robert McMillan, IDG News Service, June 13, 2007 5:00 AM PDT

Security researchers have jumped on Apple's beta version of the Safari browser, 
digging up as many as 18 bugs in the software, just one day after its release.
Fast Finds


==========> 07-06-13-TheReg-FBIIdentifiesMillionthIpAddressOfCompromisedComputers.txt==========

http://www.theregister.co.uk/2007/06/13/millionth_botnet_address/

FBI logs its millionth zombie address, By Dan Goodin in San Francisco
The Register, Published Wednesday 13th June 2007 22:45 GMT

Federal law enforcement agents targeting botnets recently recorded a grim 
milestone, identifying the millionth potential zombie victim, the FBI said 
Wednesday.

Operation Bot Roast, as the cyber crime project has come to be known, has now 


==========> 07-06-14-FBI-HowToKeepYourComputerSafeWhileOnline.txt==========

http://www.fbi.gov/cyberinvest/protect_online.htm

How to Protect Your Computer
FBI [Accessed June 14, 2007]

The same advice parents might deliver to young drivers on their first solo 
journey applies to everyone who wants to navigate safely online. A special 
agent in our Cyber Division offered the following:

- "Don't drive in bad neighborhoods."


==========> 07-06-16-NewSci-ConsutantSaysInternetSecurityCouldBeImprovedIfResearchersHadFinancialIncentives.txt==========

Murky Trade in Bugs Plays Into the Hands of Hackers
New Scientist (06/16/07) Vol. 194, No. 2608, P. 30; Biever, Celeste

Computer security consultant Charlie Miller believes the security of the 
Internet could be improved if researchers were offered financial incentives to 
search for and report software bugs, as the increasing complexity of software 
has made finding such vulnerabilities tougher and more time-consuming. As a 
result, many "white-hat" hackers no longer feel bragging rights alone are 
enough compensation for bug-hunting, which only serves to improve the chances 
of "black hat" hackers finding and exploiting the bugs for criminal purposes. 


==========> 07-06-18-CongQuarterly-USShouldDrawWarningFromEstonianCyberAttacks.txt==========

http://public.cq.com/docs/hs/hsnews110-000002534151.html

Congressional Quarterly, June 18, 2007 – 8:17 p.m.
U.S. Should Draw Warning From Estonian Web Site Attacks
By Matthew E. Berger, CQ Staff

Imagine if the Web sites for the White House, Congress and other governmental 
agencies all shut down one day. The equivalent became close to a reality for 
Estonia, and attacks on their governmental online infrastructure have raised 
new questions about the vulnerability of U.S. government computer networks.


==========> 07-06-18-USAToday-NATOConsidersSafetyAgainstCyberAttacks.txt==========

http://www.usatoday.com/news/world/2007-06-14-cyberattacks_N.htm

NATO mulling safety against cyberattacks
By Jim Michaels, USA TODAY, June 18, 2007

BRUSSELS — NATO defense ministers are considering extending the alliance's 
protection into cyberspace in the wake of a devastating digital attack that 
nearly crippled member nation Estonia.

Defense ministers agreed "urgent work is needed to enhance the ability to 


==========> 07-06-20-AP-FranceBansGovernmentOfficialsBlackBerryUseCitingSecurityIssues.txt==========

http://www.siliconvalley.com/news/ci_6185447

French government, fearing U.S. snooping, bans BlackBerry use by officials
Associated Press, Article Launched: 06/20/2007 07:36:04 AM PDT

PARIS - BlackBerry handhelds have been called addictive, invasive, wonderful - 
and now, a threat to French state secrets.

That, at least, is the fear of French government defense experts, who have 
advised against their use by officials in France's corridors of power, 


==========> 07-06-20-AP-USDHSAcknowledgesComputerBreakIns.txt==========

http://www.siliconvalley.com/news/ci_6185484

Homeland Security Department acknowledges own computer break-ins
Associated Press, Article Launched: 06/20/2007 07:46:04 AM PDT

WASHINGTON - The Homeland Security Department, the lead U.S. agency for 
fighting cyber threats, suffered more than 800 hacker break-ins, virus 
outbreaks and other computer security problems over two years, senior officials 
acknowledged to Congress.



==========> 07-06-20-ArsTechnica-ReportWarnsAdvancedAuthenticationSystemsNotAsEffectiveAsClaimed.txt==========

http://arstechnica.com/news.ars/post/20070620-sec.html

Security study pokes holes in advanced authentication claims
By Joel Hruska | ArsTechnica | Published: June 20, 2007 - 08:43AM CT

Although they've been touted by banks as a security improvement over simple 
password protection, there's study data to indicate that image authentication 
systems aren't as useful or effective as some think. These systems (my own bank 
refers to them as "Personal Security Images") present the end user with a 
previously chosen image, typically at the same time password input is required.


==========> 07-06-20-BBC-FranceBansGovernmentOfficialsBlackBerryUseCitingSecurityIssues.txt==========

http://news.bbc.co.uk/2/hi/business/6221146.stm

BBC NEWS,2007/06/20 10:45:03 GMT
Blackberry ban for French elite

French government officials have been ordered not to use handheld Blackberry 
devices amid fears that foreigners could spy on them, reports say.

Workers in the French president's and prime minister's office have been told 
their e-mails risk falling into foreign hands, Le Monde newspaper reports.


==========> 07-06-21-AP-OhioComputerTapeWithTaxpayerDataStolen.txt==========

http://www.siliconvalley.com/news/ci_6194898

Tape stolen from intern's car had information on 225,000 taxpayers, Ohio 
governor says
Associated Press, Article Launched: 06/21/2007 08:06:27 AM PDT

COLUMBUS, Ohio - A missing computer backup tape containing personal information 
on state employees also holds the names and Social Security numbers of 225,000 
taxpayers, Gov. Ted Strickland said.



==========> 07-06-21-Ascribe-ComputerExpertWarnsOfRisksToSocialSecurityNumbers.txt==========

http://www.ascribe.org/cgi-bin/behold.pl?ascribeid=20070621.071859&time=08%2054%
20PDT&year=2007&public=1

Thu Jun 21 08:54:16 2007 Pacific Time
Computer Privacy Expert Warns of Growing Risks to Social Security Numbers; 
USACM's Dr. Ana I. Anton Proposes Actions to Prevent Identity Theft

       NEW YORK, June 21 (AScribe Newswire) -- At a Congressional hearing today 
on protecting the privacy of social security numbers, Ana I. Anton testified on 
behalf of the U.S. Public Policy Committee of the Association for Computing 


==========> 07-06-21-USACM-TestimonyOnSocialSecurityNumberSecurity.txt==========

http://www.acm.org/usacm/PDF/SSN_Anton_USACM_testimony.pdf

USACM, June 21, 2007
Testimony before the House Committee on Ways and, Means Subcommittee on Social 
Security on Protecting the Privacy of the Social Security Number from Identity 
Theft
Statement of, Ana I. Antón, Ph.D., Associate Professor, North Carolina State 
University
Director ThePrivacyPlace.Org
On Behalf of USACM (the US Public Policy Committee of the Association for 


==========> 07-06-21-USGAO-TestimonyOnSocialSecurityNumberSecurity.txt==========

http://www.gao.gov/highlights/d071023thigh.pdf

Highlights of GAO-07-1023T, a testimony  before the Committee On Ways and  
Means, Subcommittee on Social Security 
Government Accountability Office, June 21, 2007

Text Box: Since its creation, the Social Security number (SSN) has evolved 
beyond its intended purpose to become the identifier of choice for public and 
private sector entities, and it is now used for myriad non-Social Security 
purposes. This is significant because a person’s SSN, along with name and date 


==========> 07-06-24-NYT-ExpertsWarnOfCyberWarfare.txt==========

http://www.siliconvalley.com/latestheadlines/ci_6217605?nclick_check=1

Preparing for computer attacks
SECURITY EXPERTS: REMOTE-CONTROL WARFARE POSSIBLE
By John Schwartz, New York Times, Article Launched: 06/24/2007 01:42:39 AM PDT

Anyone who follows technology or military affairs has heard the predictions for 
more than a decade. Cyberwar is coming.

Although the long-announced, long-awaited computer-based conflict has yet to 


==========> 07-06-25-ZDNetBlogs-SecurityRequiresProperUSeOfProgrammingLanguages.txt==========

http://blogs.zdnet.com/Murphy/?p=899

ZDNet, June 25th, 2007
Security issues, Paul Murphy @ 12:15 am

One of the things that struck me as odd about the programming languages 
discussion here a few weeks ago was the fact that so many people seemed to 
think “security” a function of the programming language, not its usage.

On looking into this, I found it to be a fairly common opinion with many 


==========> 07-06-28-CNET-WebPopularityAndSecuritySolutions.txt==========

http://news.com.com/Solving+the+Web+security+challenge/2009-1002_3-6189437.html

Solving the Web security challenge
By Mike Ricciuti and Joris Evers, Staff writers, CNET News, June 28, 2007

Editors' note: This is part four of a four-day series examining the state and 
future of Web security.

The Web, for better or worse, has arguably become the equivalent of a massive 
public agency. It is the repository for consumer information and services of 


==========> 07-06-28-CompResAssoc-NRCReleasesNewReportOnCyberSecurity.txt==========

http://www.cra.org/govaffairs/blog/

Computing Research Association, June 28, 2007
Cyber Security Report Released

The National Research Council of the National Academies of Science released a 
new report on cyber security and research called "Toward a Safer and More 
Secure Cyberspace." The report is available for free online at the National 
Academies Press.



==========> 07-06-28-TechRev-AnalysisOfHandwrittenPasswordsCouldMakeLoggingInMoreConvenient.txt==========

http://www.technologyreview.com/Infotech/18986/

Technology Review - Published by MIT, Thursday, June 28, 2007
Handwritten Passwords
Analyzing script could ease the strain on people's memories, By Erica Naone

A new online authentication system called Dynahand could make logging in to 
websites a little easier. With Dynahand, users simply identify their own 
handwriting, instead of entering a cryptic password or buying a biometric 
device to scan their fingerprints.


==========> 07-06-29-ChronHigherEd-CanInternetBeSavedFromConstantThreats.txt==========

Can the Internet Be Saved?
Chronicle of Higher Education (06/29/07) Vol. 53, No. 43, P. A25; Fischman, Josh

The Internet is bowing under constant pressure from spam, malware, mobile 
devices, a lack of security, and spotty connections, and the National Science 
Foundation officially launched the Global Environment for Network Innovations 
(GENI) project to reinvent the Net in May. The biggest problem with the 
Internet is security, and at the root of this problem is the lack of 
authenticated identity and the erroneous assumption that every network insider 
is to be trusted; Princeton professor Larry L. Peterson thinks one solution is 


==========> 07-07-00-CACM-AKnowledgeArchitectureForITSecurity.txt==========

Communications of the ACM, Volume 50, Number 7 (2007), Pages 103-108
A knowledge architecture for IT security, Someswar Kesh, Pauline Ratnasingam

The major benefits of knowledge management, particularly as it pertains to 
security measures, makes it critical that organizations have a mechanism for 
defining and identifying knowledge needs.

With the explosion of the Internet and Web technologies as a medium of 
exchange, issues related to IT security have been growing exponentially. 
Protecting the organization's IT infrastructure from hackers, viruses, theft of 


==========> 07-07-01-SanDiegoTimes-SoftwareNeedsSecurityStandards.txt==========

http://www.sdtimes.com/article/special-20070701-01.html

What Can Be Done About Software Security?
Good project management, enterprisewide commitment, ongiong training seen as 
crucial
By David Worthington, San Diego Times

July 1, 2007 — Security flaws darken the sky over every company that encounters 
them. The consequences can be so severe that it is remarkable flaws continue to 
persist after years of stakeholders enduring the expense, pain and risks 


==========> 07-07-01-Wired-ExpertSaysEPassportsAreVulnerable.txt==========

http://www.wired.com/politics/security/news/2007/08/epassport

Scan This Guy's E-Passport and Watch Your System Crash
By Kim Zetter Email 08.01.07 | 2:00 AM | Wired
RFID expert Lukas Grunwald says e-passport readers are vulnerable to sabotage.

A German security researcher who demonstrated last year that he could clone the 
computer chip in an electronic passport has revealed additional vulnerabilities 
in the design of the new documents and the inspection systems used to read them.



==========> 07-07-02-SJMerc-GoodAndBadGuysMingleAtBlackHatAndDefconConferences.txt==========

http://www.siliconvalley.com/ci_6523922?nclick_check=1

Takahashi: Foes mingle at Las Vegas hacking conferences
By Dean Takahashi, Mercury News, 08/02/2007 01:51:10 AM PDT

There aren't many places where you can see the gray space between the good guys 
and the bad guys in the cybercrime wars. But the Black Hat and Defcon 
conferences coming up this week in Las Vegas are a study in contrasts where 
criminal hackers and Feds can stare each other down.



==========> 07-07-03-FedCompWeek-LawmakersTellUSDHSToSpendMoreOnCybersecurity.txt==========

http://www.fcw.com/article103126-07-03-07-Web

Lawmakers to DHS: Spend more on cybersecurity
BY Jason Miller, FederalComputerWeek, Published on July 3, 2007

A week after grilling Scott Charbo, the Homeland Security Department’s chief 
information officer, about the agency’s cybersecurity posture, the House 
Homeland Security Committee took aim at the efforts of DHS’ Science and 
Technology Directorate to improve federal security.



==========> 07-07-03-NetWorld-SecurityResearchersDetailP2PThreatsVulnerabilityDisclosuresAndHackerProfiling.txt==========

http://www.networkworld.com/news/2007/070307-security-threats-carnegie-mellon.ht
ml

Is securing your network worth the money?
Security researchers detail P2P threats, vulnerability disclosures and hacker 
profiling at recent Carnegie Mellon confab.
By Bob Brown, NetworkWorld.com, 07/03/07

We often hear corporate IT pros complain that justifying security expenses is 
tough because they don’t necessarily generate revenue or enable new business 


==========> 07-07-03-USACM-ComputerExpertsTestifyOnEmploymentEligibilityVerificationSystems.txt==========

=============================================================
                ACM Washington Update
                    Vol. 11.6
                  July 3, 2007
=============================================================

USACM MEMBERS GO TO THE HILL: EMPLOYMENT ELIGIBILITY VERIFICATION
SYSTEMS

During a Congressional hearing in June, Dr. Peter G. Neumann, Principal


==========> 07-07-03-USACM-ComputerExpertsTestifyOnSocialSecurityNumberPrivacyAndSecurity.txt==========

=============================================================
                ACM Washington Update
                    Vol. 11.6
                  July 3, 2007
=============================================================

USACM MEMBERS GO TO THE HILL AGAIN: SOCIAL SECURITY NUMBERS

Also in June, Dr. Annie Anton, Associate Professor of Computer Engineering
at North Carolina State University and USACM-EC member, testified in front


==========> 07-07-04-DalhousieUniv-HowSafeAreWirelessNetworks.txt==========

http://dalnews.dal.ca/2007/07/04/wireless.html

Dalhousie University, July 04, 2007
How safe are wireless networks?
Research explores security challenges, By Dawn Morrison

The fraud was staggering for its scope and audacity. According to the Wall 
Street Journal, the biggest known theft of credit-card numbers in history 
started two years ago at a Marshalls clothing store in Minnesota. Hackers used 
a laptop computer to break into the central database of Marshalls’ parent 


==========> 07-07-05-AP-GAOReportSaysConnectingDataBreachesToIDTheftDifficult.txt==========

http://www.siliconvalley.com/news/ci_6306043

GAO: Connecting data breaches, ID thefts is difficult
Associated Press, Article Launched: 07/05/2007 02:07:25 PM PDT

WASHINGTON - Personal information about Americans is stolen or lost from some 
government or private computer almost daily, but congressional auditors can 
link only a few identity thefts to the breaches.

That's primarily because links are so hard to find that nobody knows how 


==========> 07-07-05-ArsTechnica-USGovernmentPreparesForCybersecurityWarGames.txt==========

http://arstechnica.com/news.ars/post/20070705-us-government-prepares-for-cyber-w
ar-games.html

US government prepares for cyber war games
By Jeremy Reimer | ArsTechnica | Published: July 05, 2007 - 09:38PM CT

In May, the nation of Estonia suffered a massive distributed denial-of-service 
(DDoS) attack on that country's major web sites, an attack that Estonian 
officials believed was ordered by the Russian government in response to the 
removal of a statue of a Soviet soldier. Russian officials denied involvement, 


==========> 07-07-07-BaseLineMag-SecurityAsAToolToProtectJobsAndBuildBusiness.txt==========

http://www.baselinemag.com/article2/0,1397,2152093,00.asp

Baseline Mag, July 7, 2007
Computer Security as a Business Enabler, By John McCormick

The executive director of Purdue University's Center for Education and Research 
in Information Assurance and Security (Cerias) advises CIOs to view security 
not as a problem, but as a tool to protect jobs and help build business.

Last month, Eugene Spafford, one of the nation's foremost computer security 


==========> 07-07-07-InfoWeek-CyberterrorismOnTheIncrease.txt==========

http://www.informationweek.com/news/showArticle.jhtml?articleID=200900812

Cyberterrorism: By Whatever Name, It's On The Increase
Experts say U.S. companies need to take the increasing use of cyberwarfare 
tactics and tools very seriously.
By Larry Greenemeier, InformationWeek, July 7, 2007 12:00 AM (From the July 9, 
2007 issue)

Security Pros are hesitant to label Web attacks as "cyberterrorism" because of 
the volatile connotations of that phrase. But recent events in England and 


==========> 07-07-09-CompWorld-RiceUnivResearcherDanWallachExposesSecurityFlaws.txt==========

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleI
d=296031&source=rss_news50

Dan Wallach: Security Watchdog for the Industry
This research guru helped design the security architecture used for Java, 
JavaScript and C#.
Stacy Collett, July 09, 2007 (Computerworld) --

Dan Wallach doesn’t shy away from a good fight — especially when it comes to 
exposing security flaws in important technologies that affect the public. When 


==========> 07-07-10-CompWorld-ResearcherDevelopsBootableLiveCDForEnhancedSecurity.txt==========

http://www.computerworld.com.au/index.php?id=1600527757

Bootable disc makes for safer banking, researcher claims
Scientist develops bootable CD to bypass virus
ComputerWorld, Sharon Springell 10/07/2007 09:09:03

A computer science researcher has developed a secure software application 
intended to bypass the problem of viruses altogether.

"Viruses are a fact of life. Let's provide a different way of doing certain 


==========> 07-07-11-AP-BritishDataWatchdogOutlinesHorrifyingNumberOfSecurityBreaches.txt==========

http://www.siliconvalley.com/news/ci_6348946

British data watchdog outlines 'horrifying' number of security breaches by 
banks, firms
Associated Press, Article Launched: 07/11/2007 09:40:47 AM PDT

LONDON - Britain's data watchdog outlined a "horrifying" number of security 
breaches by major retailers and banks Wednesday, saying they risked losing 
customer confidence.



==========> 07-07-11-AP-SensitveUSMilitaryDocumentsLeftUnprotectedOnline.txt==========

http://www.siliconvalley.com/news/ci_6349994

Sensitive military documents left unprotected online
Associated Press, Article Launched: 07/11/2007 12:57:00 PM PDT

GREENSBORO, N.C. - Detailed schematics of a military detainee holding facility 
in southern Iraq. Geographical surveys and aerial photographs of two military 
airfields outside Baghdad. Plans for a new fuel farm at Bagram Air Base in 
Afghanistan.



==========> 07-07-12-DarkReading-DNSPinningVulnerabilityCouldSpellTroubleForWeb2.txt==========

http://www.darkreading.com/document.asp?doc_id=128963

Old Flaw Threatens Web 2.0
DarkReading

JULY 12, 2007 | An old bug is rearing its ugly head again -- and this time, it 
could spell trouble for not only Internet users, but for corporate intranets as 
well.

The so-called "DNS pinning" vulnerability -- sometimes called DNS rebinding -- 


==========> 07-07-12-InfoWorld-GoogleBusinessApplicationsCauseIncreasedSecurityQuestions.txt==========

http://www.infoworld.com/article/07/07/12/Mounting-scrutiny-for-Google-security_
1.html

Mounting scrutiny for Google security
As Google moves into the business environment, it is starting to face the same 
security questions other business app vendors face
By Matt Hines, InfoWorld, July 12, 2007

Much as the ubiquity of Microsoft's Windows operating system and Office 
productivity tools has made the software giant a focal point of security 


==========> 07-07-13-Science-25thAnniversaryOfFirstComputerVirusForAppleIIComputers.txt==========

Happy Birthday, Dear Viruses
Science (07/13/07) Vol. 317, No. 5835, P. 210; Ford, Richard; Spafford, Eugene 
H.

This year marks the 25th anniversary of the genesis of the first computer 
virus. In 1982, a high school student in Pittsburgh wrote a virus that infected 
Apple II systems. The virus is known as the "Elk Cloner" and did little more 
than copy itself to floppy disks and display bad poetry, a minor irritation 
compared to the viruses of today. After Elk Cloner, the problem of malware grew 
slowly in the early 1980s, but became major news in 1988 when the "Morris Worm" 


==========> 07-07-14-NatonalJ-USDOJSaysCountriesWithWeakCybercrimeLawsHavenForHackers.txt==========

Zombie Nets
National Journal (07/14/07) Vol. 39, No. 28, P. 46; Munro, Neil

Christopher Painter of the Justice Department notes that countries with weak 
anti-cybercrime enforcement become hacker sanctuaries, which can thwart the 
trackdown of these criminals by U.S. authorities, according to former Pentagon 
principal assistant secretary of Defense for networks and information 
integration Linton Wells. Networks of compromised "zombie" computers, or 
"botnets," which can flood target systems with traffic, are being constructed 
and improved by malefactors as revenue-generating tools, say Painter and Arbor 


==========> 07-07-20-SJMerc-VirginAtlanticWebsiteFloodedByHackers.txt==========

http://www.siliconvalley.com/news/ci_6421030

Hackers flood Virgin air site on launch day
Michael Martinez, Mercury News, Article Launched: 07/20/2007 01:47:05 AM PDT

Virgin America's first day of ticket sales Thursday was slowed by apparent 
hackers flooding the start-up airline's Web site, but officials said they still 
did good business with consumers looking to book flights when the carrier takes 
off next month.



==========> 07-07-22-ArsTechnica-HacksLetThirdPartyApplicationsRunOnIPhone.txt==========

http://arstechnica.com/journals/apple.ars/2007/07/22/first-native-third-party-ap
plications-running-on-iphone

Ars Technica, By Erik Kennedy | Published: July 22, 2007 - 07:05PM CT
3rd-party applications running on iPhone

iPhone?Late last week, one "Nightwatch," an anonymous hacker familiar with the 
ARM processor family, wrote a "Hello, World!" program and ran it. Ordinarily, 
that wouldn't really be sufficient fodder for an Infinite Loop post, but this 
particular program is Kind of a Big Deal™. It was run on an iPhone—the first 


==========> 07-07-23-NYT-IPhoneFlawLetsHackersTakeOver.txt==========

http://www.nytimes.com/2007/07/23/technology/23iphone.html?ex=1342843200&en=d998
2c7ce95f0666&ei=5088&partner=rssnyt&emc=rss

The New York Times, July 23, 2007
IPhone Flaw Lets Hackers Take Over, Security Firm Says, By JOHN SCHWARTZ

A team of computer security consultants say they have found a flaw in Apple’s 
wildly popular iPhone that allows them to take control of the device.

The researchers, working for Independent Security Evaluators, a company that 


==========> 07-07-23-SJMerc-SecurityFlawFoundInIPhone.txt==========

http://www.siliconvalley.com/news/ci_6443314

Security flaw found in iPhone
By Dean Takahashi, Mercury News, 07/23/2007 08:45:03 AM PDT

A team of independent security experts has found a flaw in the Apple iPhone 
that allows hackers to take control of the device, the New York Times reported 
today.

The researchers at Independent Security Evaluators, which test the security of 


==========> 07-07-24-InfoWeek-GAOReport-CybercrimePosesNationalRiskToUS.txt==========

http://www.informationweek.com/news/showArticle.jhtml?articleID=201200774

Government Reports Cybercrime Poses National Risk
A GAO report calls on companies and government agencies to beef up their 
security to battle the escalating cybercrime issue.
By Sharon Gaudin, InformationWeek, July 24, 2007 11:59 AM

A government study showed that while cybercrime is posing a risk to national 
security and the U.S. economy, law enforcement still lacks the technical 
capabilities to tackle it.


==========> 07-07-24-SecurityEvaluators-ResearchDiscoverIPhoneVulnerability.txt==========

http://www.securityevaluators.com/iphone/

Exploiting the iPhone
Security Evaluators [Accessed July 24, 2007]

Shortly after the iPhone was released, a group of security researchers at 
Independent Security Evaluators decided to investigate how hard it would be for 
a remote adversary to compromise the private information stored on the device. 
Within two weeks of part time work, we had successfully discovered a 
vulnerability, developed a toolchain for working with the iPhone's architecture 


==========> 07-07-26-NetWorld-SecurityIsTopConcernforNewIETFChief.txt==========

http://www.networkworld.com/news/2007/073007-ietf-qa.html?fsrc=rss-security

Q&A: Security top concern for new IETF chair
Leading standards body gets serious about bolstering Internet security
By Carolyn Duffy Marsan, Network World, 07/26/07

CHICAGO — Russ Housley is the first chair of the IETF with a particular 
expertise in network security. Housley, who runs consulting firm Vigil 
Security, has been active in the IETF for nearly 20 years and helped write 
early e-mail security and public key infrastructure standards. Three months 


==========> 07-07-30-SFChron-WorldwideCriminalsInfectingUnprotectedComputersWithMalware.txt==========

http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/07/30/BUUSR98VI2.DTL

ONLINE UNDERWORLD
Criminals are more sophisticated these days, creating networks of bots that 
roam the Internet infecting PCs with malware
Tom Abate, SF Chronicle Staff Writer, Monday, July 30, 2007

A worldwide group of criminals has infiltrated the Internet in recent years. 
Using computer automation, they find unprotected personal computers and zap 
them with software that turns infected PCs into law-breaking zombies - without 


==========> 07-07-31-NetWorld-StanfordEthaneProjectProvidesStrongNetworkSecurity.txt==========

http://www.networkworld.com/community/node/17986

Researchers set to spark up new more secure network, routers, switches
NetworkWorld, Submitted by Layer 8 on Tue, 07/31/2007 - 10:28am.

Stanford researchers will in August update their work on their new architecture 
for corporate networks which provides a powerful yet simple management model 
and strong security relationships.

Known as Ethane, the simple-to-define access policies are maintained in one 


==========> 07-08-00-CACM-IsASingleOperatingSystemASecurityRisk.txt==========

Communications of the ACM, Volume 50, Number 8 (2007), Page 112
Inside risks: Which is riskier: OS diversity or OS monopoly?, David Lorge Parnas

It is computer science "folk wisdom" that our computer systems, particularly 
the networks, are unnecessarily vulnerable because so many of our systems are 
either made by Microsoft, highly dependent on Microsoft software, or required 
to interact with Microsoft software. Many see this as a single point of 
failure, an Achilles' heel. Analogies are drawn to situations such as many 
people concentrated in a dangerous area, large quantities of hazardous 
materials stored in one place, or systems reliant on a single power source. 


==========> 07-08-00-CACM-RisksOfUnauthorizedUseOfWiFiAccessPoints.txt==========

Communications of the ACM, Volume 50, Number 8 (2007), Pages 72-77
Unintended invitation: organizational wi-fi use by external roaming users, 
Janice C. Sipior, Burke T. Ward

Unauthorized users risk civil and criminal liability; Wi-Fi network providers 
risk system intrusion and disruption.

Paul Timmins and Adam Botbyl stumbled onto an unsecured wireless fidelity 
(Wi-Fi) network while looking for wireless access points in 2003. Timmins 
wanted to check his email on his laptop. He later claimed that when he tried to 


==========> 07-08-00-CACM-SecurityForGeneralAudiences.txt==========

Communications of the ACM, Volume 50, Number 8 (2007), Pages 15-18
Digital village: Better-than-nothing security practices, Hal Berghel
Security for general audiences.

There are a number of different digital security models recommended by 
professionals and organizations in the information security business, including 
time-based security, principle of least privilege, defense-in-depth, baseline 
security, perimeter hardening, intrusion detection, and intrusion prevention. 
All of these models attempt to circumscribe and quantify some measure of risk 
as the function of real or potential vulnerabilities and threats.


==========> 07-08-00-InfoTofay-IntlTelecomUnionAnnoucesGlobalCybersecurityAgenda.txt==========

http://www.infotoday.com/IT/default.asp

Action Plan to Beat Cybercrime
Information Today (08/07) Vol. 24, No. 7, P. 24; Ashling, Jim

The International Telecommunication Union (ITU) recently announced the Global 
Cybersecurity Agenda, a two-year program to improve users' trust in the 
security of online transactions. ITU secretary general Hamadoun Toure said the 
agenda would focus on finding technical solutions for every environment, 
developing interoperable legislative frameworks, building capacity in all 


==========> 07-08-01-GovtCompNews-FormerCounterterrorismChiefSaysUSLostItsWayInCybersecurity.txt==========

http://www.gcn.com/online/vol1_no1/44783-1.html

Government Computer News , 08/01/07 -- 05:16 PM
Clarke wants to know, where did we go wrong?, By William Jackson

LAS VEGAS — At some point in the four years since the release of the National 
Strategy to Secure Cyberspace the United States lost its way, said former U.S. 
counterterrorism czar Richard A. Clarke.

“I’d like to know why it was that we lost momentum in solving the problem in 


==========> 07-08-03-AP-ComputerMediaPlayersVulnerableToMaliciousAttack.txt==========

http://www.siliconvalley.com/news/ci_6533805

PC media players open to attack, researcher says
The Associated Press, 08/03/2007 01:44:48 AM PDT

LAS VEGAS (AP) - Media players in personal computers have serious 
vulnerabilities that could allow online criminals to attach malicious code and 
infect computers without the user's knowledge, a researcher said Thursday.

As a result, audio and video downloads can be turned into digital weapons that 


==========> 07-08-03-AP-StudyFindsLaxComputerSecurityByIRSEmployees.txt==========

http://www.siliconvalley.com/news/ci_6535821

Inspector general finds lax computer security by IRS employees
Associated Press, 08/03/2007 08:14:36 AM PDT

WASHINGTON - IRS employees ignored security rules and turned over sensitive 
computer information to a caller posing as a technical support person, 
according to a government study.

Sixty-one of the 102 people who got the test calls, including managers and a 


==========> 07-08-03-WashPost-GAOStudySaysUSBorderControlComputersVulnerableToAttack.txt==========

Border Computers Vulnerable to Attack
GAO Report Details Problems in System
By Spencer S. Hsu, Washington Post Staff Writer, August 3, 2007; A02

The U.S. government's main border control system is plagued by computer
security weaknesses, increasing the risk of computer attacks, data thefts,
and manipulation of millions of identity records including passport, visa
and Social Security numbers and the world's largest fingerprint database,
officials said.



==========> 07-08-04-SJMerc-HardToTellGoodHackersFromBadAtHackerConferences.txt==========

http://www.siliconvalley.com/ci_6543943

Takahashi: Good hackers and bad
YOU CAN'T TELL THEM APART AT THIS WEEK'S BLACK HAT, DEFCON CONFERENCES
By Dean Takahashi, Mercury News, 08/04/2007 01:49:18 AM PDT

LAS VEGAS - I came here thinking it would be easy to tell the white hats from 
the black hats among computer hackers. But at the Black Hat and Defcon hacker 
conferences, it's not easy to tell the difference. I mostly saw gray.



==========> 07-08-07-TheRegister-ProfsSayTeachingHackingHelpsStudentLearnAboutComputerSecurity.txt==========

http://www.theregister.co.uk/2007/08/07/teaching_students_hacking/

Teaching hacking helps students, professors say
By Robert Lemos, SecurityFocus, 7th August 2007 09:23 GMT

When Sam Bowne visited the DEFCON hacking conference in 2006, he saw a lot of 
people having fun with a really interesting topic: computer security.

As a professor of computer science at the City College of San Francisco, Bowne 
wanted to find a way to make computer security accessible to the average 


==========> 07-08-09-CompWorld-CleversafeSlicesCorporateDataForSafeStorageOnOneOrManyServers.txt==========

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomy
Name=operating_systems&articleId=9029720&taxonomyId=89&intsrc=kc_top

Slicing sensitive corporate data for secure, dispersed storage
Cleversafe looks to a new approach to protect critical data, Todd R. Weiss

August 09, 2007 (Computerworld) -- SAN FRANCISCO -- S. Christopher Gladwin, who 
some 10 years ago founded the MusicNow online music retrieval and sales 
service, is hoping that he has just developed a better mousetrap to secure 
storage of business data.


==========> 07-08-09-InfoWorld-IsolatingApplicationsForTestingCouldImproveComputerSecurity.txt==========

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleI
d=9029885&intsrc=news_ts_head

'Virtual sandboxing' provides safe security testing
Detain, contain, explain, Matt Hines

August 09, 2007 (InfoWorld) -- Faced with volumes of browser vulnerabilities 
and Web-based exploits designed to take advantage of the flaws, security 
researchers at the ongoing Usenix Security Symposium in Boston on Wednesday 
presented a new process for protecting users with execution-based malware 


==========> 07-08-13-SJMerc-BestOnlineSecurityIsUpToUsers.txt==========

http://www.siliconvalley.com/news/ci_6610520?nclick_check=1

Online security: Best defense is your head
By John Boudreau, Mercury News, 08/13/2007 01:42:06 AM PDT

Our digital lifestyles are giving Internet pickpockets new opportunities for 
online shakedowns.

So consumers and regulators are increasingly demanding more protection from 
Internet companies. Last week, the advocacy group Center for Democracy and 


==========> 07-08-15-SJMerc-ManyFacebookUsersExposeThemselvesToVulnerabilities.txt==========

http://www.siliconvalley.com/news/ci_6627039

Report: Facebook users lax on privacy
FAKE `FRIEND' EASILY SCOOPS UP LOADS OF PERSONAL DATA
By John Boudreau, Mercury News, 08/15/2007 01:37:32 AM PDT

Four out of 10 users of Web site Facebook unwittingly expose themselves to the 
risk of identify theft and virus attacks, according to a new study that 
underscores growing concerns among security experts about online social 
networking.


==========> 07-08-16-UMich-AdvancesInQuantumComputersCouldElevateSecurityToNewLevels.txt==========

http://www.ns.umich.edu/htdocs/releases/story.php?id=5991

University of Michigan News Service, Aug. 16, 2007
Computing breakthrough could elevate computer security to unprecedented levels

ANN ARBOR, Mich.—By using pulses of light to dramatically accelerate quantum 
computers, University of Michigan researchers have made strides in technology 
that could foil national and personal security threats. It's a leap, they say, 
that could lead to tougher protections of information and quicker deciphering 
of hackers' encryption codes. A new paper on the results of this research,