Note: You can view the full content of our pages on any browser or Internet device. However, our pages look best in browsers that support Web Standards.
Below you will find abstracts of reports and articles, with links to the full text, concerned with computer security issues.
The U.S. House of Representatives Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations has released its report on the computer security of government agencies. The show many agencies and departments receiving a failing grade (See Sidebar 1-6 for previous results). The subcommittee began grading federal agencies after Congress passed the Government Information Security Reform Act of 2000, requiring federal agencies to establish agencywide computer security programs that protect the systems that support their missions.
The 2002 scores are posted at:
The full report, Making Federal Computers Secure: Overseeing Effective Information Security Management, is available at
http://www.house.gov/reform/gefmir/reports/computer_security.pdf
These days, law-abiding citizens and criminals alike are using hand-held organizers to coordinate their daily activities. The New York Times reported that in San Jose, California, police broke up an identity-theft crime ring in October 2002. Using search warrants, police seized and examined the hand-helds of the suspects, which contained the names of more than 20 victims along with their personal information and e-mail confirmations of transfers from victims’ bank accounts. This is just one example of how data from hand-helds has been used to prosecute criminals, and to better understand how and with whom they operate.
The full story, "A Palmtop for the Prosecution," by Jennifer Lee (October 24, 2002) can be viewed at:
http://www.nytimes.com/2002/10/24/technology/circuits/24palm.html (Registration required.)
On November 19, 2002, Microsoft took a public file server offline after Internet users discovered that the system contained scores of internal Microsoft documents, including a huge customer database with millions of entries. Normally, the file transfer protocol server enables Microsoft customers to upload or download files to and from the Product Support team. However, an ineffective security policy, allowed the public to have full access to folders containing confidential company and customer information.
The full story, "Microsoft Spills Customer Data," by Brian McWilliams (November 20, 2002) can be viewed at:
http://www.wired.com/news/infostructure/0,1377,56481,00.html
The FCC chartered the Network Reliability and Interoperability Council to recommend ways for companies to stop cyberattacks after 9/11. Bill Hancock, chair of the council, stated that "Over time, we're getting very sophisticated attacks from morons," implying that hackers don't need to be highly skilled to cause trouble. The Council made its initial recommendations based on existing industry best practices, which many companies don't often follow. The complexity of today's networks has created new threats and vulnerabilities not present in simple networks used just a decade ago. The full story, "Complex Networks Too Easy to Hack," by Michael Grebb (December 9, 2002) can be viewed at:
http://www.wired.com/news/politics/0,1283,56766,00.html
Tony Grubesic, assistant professor of geography at the University of Cincinnati, led a group of scientists from Ohio State University in carrying out simulated attacks on key internet hubs to show how vulnerable the worldwide network is to disruption, disaster, or terrorism. The scientists warned that the network would unravel itself if the major nodes of the internet were destroyed, with suburbs and rural areas gradually cut off from the internet. Grubesic compared the internet to the air transportation system. A delay or disruption at O’Hare will cause a ripple effect across all other airports with which it is linked. The same would occur in the cities considered to be the major nodes of the internet. The researchers' work will appear in the February 2003 edition of Telematics and Informatics.
The full story, "Risk of Internet Collapse Rising," (November 26, 2002) can be viewed at:
http://news.bbc.co.uk/1/hi/technology/2514651.stm
IDC, a technology research firm, has laid out its 2003 predictions for information technology and cyber security. The first was "A major cyberterrorism event will disrupt the economy and bring the Internet to its knees for a day or two," an increasing threat for the U.S. because of the potential war with Iraq. IDC makes its predictions by polling more than 700 analysts. Last year, seven of its 10 predictions were correct. Predictions are included for several areas including wireless, telecommunications, and digital imaging.
The full story, "IDC: Cyberterror and Other Prophecies," by Ed Frauenheim (December 12, 2002) can be viewed at:
http://news.com.com/2100-1001-977780.html?tag=fd_top
In 2001, the Code Red virus infected 350,000 computers in 14 hours. Matthew Williamson, researcher at the Hewlett-Packard laboratories in Bristol, England, has developed a new approach to slow the spread of computer viruses so that "engineers can finish their pizzas and get to the scene of the crime." He explained that once a virus infects a computer, it will try to connect to other computers as fast as possible to spread the virus further. Uninfected machines do not make the connections at this speed, so Williamson’s idea is to "limit the rate at which a computer can connect to other computers" by use of a throttle, which alerts people to an attack.
The full story, "Throttled at Birth," (November 21, 2002) can be viewed at:
http://www.economist.com/science/displayStory.cfm?story_id=1454331