Association for Computing Machinery
Timely Topics for IT Professionals

About ACM TechNews

ACM TechNews is published every week on Monday, Wednesday, and Friday.


ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either HP or ACM.

To send comments, please write to technews@hq.acm.org.

Volume 5, Issue 464: March 3, 2003

  • "IETF Creates Antispam Research Group"
    Computerworld (02/28/03); Weiss, Todd R.

    Finding new ways to stem the growing tide of unsolicited junk email, or spam, will be the task of a new panel organized by the Internet Engineering Task Force (IETF). The Anti-Spam Research Group (ASRG) will operate under the aegis of the IETF's Internet Research Task Force, chaired by CipherTrust research and development director Paul Judge, who notes that spam commonly accounts for 50 percent of all Internet traffic. Many anti-spam products usually filter email, differentiating between authentic messages and spam, but Judge says "that really doesn't solve the problem globally, because all those messages are still traveling the Internet, hogging bandwidth." The ASRG's goal is to re-evaluate the spam problem and current solutions so that new solutions can be created. The research carried out by the ASRG could be used by the IETF to build new Internet-related standards. One possible solution would be to develop spam-fighting applications that could relay approval or refusal for an incoming email before it can penetrate a mailbox or corporate firewall. Aberdeen Group analyst Eric Hemmendinger says the ASRG shows promise, but the success of its mission will depend on the deployment of solutions by vendors and IT leaders. Meanwhile, Robert Frances Group analyst Chad Robinson says that the ASRG must roll out spam solutions fast, or risk losing its effectiveness. The ASRG will meet for the first time at the IETF's 56th conference in San Francisco on March 20.
    Click Here to View Full Article

  • "Pondering Value of Copyright vs. Innovation"
    New York Times (03/03/03) P. C2; Harmon, Amy

    The debate between copyright owners' right to protect their products and researchers' need to disassemble such products in order to improve them and invent new products was the theme at several California conferences that took place this past weekend. A gathering at the University of California, Berkeley, centered on digital rights management, a technology that allows copyright holders to restrict how people can use certain products. Recording Industry Association of America attorney Carey Sherman declared that such technology and the law that sanctions it, the Digital Millennium Copyright Act (DMCA), will enable copyright owners to offer more digital content to users, but speakers such as Boston College Law School's Joseph Liu countered that such measures could seriously inhibit academic research. Rep. Zoe Lofgren (D-Calif.), who also attended the Berkeley conference, warned that digital rights management could wreak havoc if its scope is extended too far. To illustrate her point, she noted a Kentucky judge's March 28 decision to issue a preliminary injunction to Lexmark International that protects an authentication chip in Lexmark printer cartridges, under the auspices of the DMCA. Another conference at Stanford University was the site of a debate between technologists, economists, and lawyers over airwave allocation and how it could be affected by the emergence of anti-band interference technology. Certain economists favor the sale of large portions of the spectrum outright, rather than FCC apportionment, arguing that such a measure would create a healthy economic climate for innovation. Opponents said the increasing ease of non-interfering airwave communications via technology such as software-enabled radios eliminates the need for ownership rights.

  • "Pentagon Spy Database Funding Revealed"
    CNet (02/27/03); McCullagh, Declan

    The Electronic Privacy Information Center (EPIC) on Thursday forced John Poindexter of the Defense Advanced Research Projects Agency (DARPA) to disclose a hefty document detailing some 26 grants awarded to academic and private-sector research projects related to the controversial Total Information Awareness (TIA) program last fall. The documents indicate that almost 200 companies and universities submitted proposals to DARPA. Among those that received grants were Veridian, which proposed a project involving "Human augmentation of reasoning through patterning;" Texas-based CycCorp and 21st Century Technologies, for a "terrorism knowledge base" and Automated Detection, Identification, and Tracking of Deceptive Terrorist Activity (AUDIT), respectively; the University of Southern California, for its Just-In-Case Just-In-Time Intelligence Analysis (JIST) system; and Evolving Logic for "Confronting Surprise: Robust Adaptive Planning for Effective Total Information Awareness." The documents show "the breadth and impact of this program, which its defenders have tried to describe as being on the drawing board or in the research stages," noted EPIC director Marc Rotenberg. "This is a Defense-funded project for domestic surveillance, and it's very important not to lose sight of that." In late February, Congress approved an omnibus spending bill that called for more detailed study of TIA research and development. The mandate will permit full funding of the Pentagon-approved grants if Poindexter submits a "schedule for proposed research and development" to Congress, or if President Bush vouches that TIA is a vital national security component.
    http://news.com.com/2100-1028-990497.html

    To read more about TIA, visit http://www.acm.org/usacm.

  • "Securing a Digital Lock"
    California Aggie (03/03/03); Moffitt, Matt

    Researchers at the University of California Davis Computer Security Lab (SecLab) are working on a number of solutions to protect computer systems from external Internet-borne attacks and internal security breaches. However, senior researcher Jeff Rowe emphasizes that technical solutions will not be able to completely address the issue of security, as much of the problem stems from social causes. He says that individual companies often do not cooperate on network security and instead take a less effective individualistic approach because they see security as a competitive differentiator. Personal users can also do a lot to shore up their systems with regular and easy-to-do updates to anti-virus software and patches. Moreover, when intruders do succeed in compromising PC security, a simple reboot often knocks out hackers' Internet links. Corporate security is much more difficult because companies cannot afford to shut down entire systems, but SecLab researchers are working on one solution that would contain threats on a locked portion of the network, similar to locking a burglar in a room of a house. SecLab researchers recently overcame the popular EZ-gimpy program used by online services such as Yahoo! to stymie automated account creation programs. University of California associate professor of computer science Matt Bishop says such protection schemes should never be expected to hold up forever. In that regard, he worries about worms such as Slammer released earlier this year, which he says could have been programmed to be more destructive, deleting critical files from computers.
    http://www.californiaaggie.com/_articles/5761.taf

  • "German Copyright Levy on PCs Worries Many"
    IDG News Service (02/27/03); Blau, John

    German copyright holders' society VG Wort is fighting for a levy on new PCs that manufacturers say would unfairly raise the cost of new units without adding value. Fujitsu Siemens Computers, Germany's largest PC maker, is lobbying the German Patent Office, lawmakers, and the European Union along with national and regional trade groups. Thus far, the Patent Office has offered a compromise that would raise the price of new PCs $13, less than half the amount requested by VG Wort. Germany and several other European nations already impose a copyright levy on analog devices, which have little or no protection against private copying of material. Manufacturers of PCs and other digital recording devices argue that digital rights management (DRM) technology negates the need for such broad compensation, and say that the technology needs to be coupled with a framework for compensating artists and copyright holders on a per-use basis. VG Wort's push is the first of any European copyright protection group, but the debate has already triggered alarms across the continent. However, European Parliament members are set against intervening on a broad basis and instead want interested parties to work out specific DRM specifications and standards on their own.
    http://www.idg.net/ic_1187905_9677_1-5042.html

  • "NIPC Leadership, Protocol Questioned"
    InfoWorld (02/27/03); Roberts, Paul

    The National Infrastructure Protection Center (NIPC) moved from the FBI to the U.S. Department of Homeland Security's Directorate for Information Analysis and Infrastructure Protection (IAIP) on March 1, but not everyone whose job transferred to the new department made the transition; some will take new positions in the FBI, which will also retain about one-third of the original NIPC staff for its new Cyber Division. Commander David Wray of the NIPC notes that there will be over 200 vacancies in the NIPC, because "only about a third to a half [of the FBI's NIPC staff] are coming over." SANS Institute research director Allan Paller estimates that the majority of those defections are people firmly entrenched in the FBI culture, both in terms of career and personality. He also says many key leadership positions are unfilled, which could make it difficult for the IAIP to bring in talented staff. In fact, one source close to the matter guesses that it could be months before the leadership roles are filled. Wray says the IAIP will codify information gathered through intelligence channels and uncovered by FBI criminal investigations, but there is a profound lack of specific information-sharing protocols; furthermore, Wray offers little details on how the IAIP would interact with computer security divisions in the FBI, the CIA, and NSA in order to deal with threats such as a computer worm attack. Paller adds that the IAIP's cyber watch unit, which traces emerging computer threats, needs a leader to serve as liaison between the directorate and the intelligence and private sector security community. Without a trusted individual in this position, the community may be hesitant to disclose critical information that could forestall cyberattacks.
    http://www.infoworld.com/article/03/02/27/HNnpic_1.html

  • "Senator Seeks Full Copyright Disclosures"
    SiliconValley.com (03/02/03); Gillmor, Dan

    Sen. Ron Wyden (D-Ore.) feels that vendors of products equipped with anti-copying safeguards should alert customers to such restrictions by clearly labeling such items as copyright-controlled. Wyden believes that informed consumers dissatisfied by these usage limitations will stop buying such products and clamor for changes to copyright law, writes Dan Gillmor. The latest version of Intuit's TurboTax, for example, includes third-party monitoring software and restrictions that effectively force owners of the program to use it on just one machine. Gillmor argues that disclosures about such practices on the outside of the package likely would have sent buyers looking for alternatives. Forthcoming next-generation digital music will feature anti-copying security measures, and consumers are likely to complain that their fair-use rights are being trampled on. At a February conference in Silicon Valley, Wyden noted that the consumer-rights movement is still emerging, and acknowledged that many congressmen do not favor revisions to current copyright laws, given that the U.S. entertainment industry has provided a great deal of political support. Gillmor notes that the disclosure legislation Wyden is backing could be hampered by debates on the size and clarity of the labels to be placed on copyright-controlled products. Furthermore, the American public seems resigned to allowing the government and corporations to set limits. "We have become a nation of sheep, and it's possible the public doesn't care enough to do anything about this," Gillmor argues.
    Click Here to View Full Article

  • "Way to Control Electron Spin with Electrical Field"
    Newswise (02/28/03)

    David Awschalom of the University of California at Santa Barbara and Jeremy Levy of the University of Pittsburgh have made a significant breakthrough in the field of spintronics by being able to manipulate electron spin using electrical fields, rather than the magnetic fields that most spintronics researchers have relied on. A graduate student of Awschalom's built a semiconductor of aluminum gallium arsenide and gallium arsenide sandwiched between 50-micron-wide metallic plates, and electron spin was changed by applying microwave electrical signals to the plates. "Most researchers using the spin-based model for spintronics and quantum computing have assumed that the behavior of spins must be controlled by magnetic fields," notes Levy. "The prospect of controlling 100 million magnets each independently on the equivalent of [the size of] a chip has boggled the imagination of researchers." Levy points out, however, that electrical gates used in modern computers already control 100 million devices. Although the tests were conducted at a low temperature, Awschalom and Levy agree that it should be easy to design smaller semiconductors that function at higher temperatures. A key conclusion of the breakthrough is that spintronics are interoperable with current electronic systems, and this makes the prospect of electron spin-based information storage and quantum computing closer to reality. The research that led to the breakthrough was funded by the Defense Advanced Research Projects Agency.
    http://www.newswise.com/articles/2003/3/SPINTRON.PIT.html

  • "Is Vigilante Hacking Legal?"
    CNet (02/27/03); Lemos, Robert

    Attorney Curtis Karnow said Feb. 27 at the Black Hat Security Briefings summit in Seattle that federal nuisance laws might be extended to legally allow counterattacks to halt Internet hacking. "It has a lot of promise...if we can get the court to look at it," he said, since the law allows people to try and stop a perceived nuisance without anyone's permission. Under the laws, states and citizens can sue to shut down operations that could be damaging to the public, such as buildings where drug dealing occurs or mines that emit too much dust. Such self-help aspects of nuisance laws might legally allow hacking victims to launch a counterattack to shut down a program on the offending server. But Karnow warns that such tactics could unintentionally hurt innocent parties and should be used very carefully. Still, defensive hacking has occurred in the past, for instance when the FBI extracted data from a Russian server without sanction after having arrested two suspected Russian hackers. If Karnow's approach were feasible, it could help system administrators whose servers have been targeted yet received little help from law enforcement agencies. Meanwhile, the North American Network Operators Group (NANOG) is considering how to handle an expected 20,000 servers that are contaminated by the Slammer worm as well as a comparable number of computers affected by the Code Red and Nimda worms
    http://news.com.com/2100-1002-990469.html

  • "Cerf's Upbeat on Net's Future"
    Computerworld New Zealand (02/25/03); Bell, Stephen

    Internet pioneer Vint Cerf offered a generally positive outlook on future Internet developments at a recent function organized by the U.S. Embassy in Wellington, New Zealand. He acknowledged that Internet content is a combination of junk and useful material, and said this encourages discrimination and critical thinking. Cerf predicted that technologies such as voice-over-IP, the Enum standard, and Session Initiation Protocol (SIP) will enable the Internet to penetrate deeper into the telecommunications sector. He also speculated that videoconferencing, a notoriously laggard application, could be energized by the multiplayer video game market, if players use a sound-and-video connection that allows them to interact more closely with opponents, such as viewing their reaction when they lose. When asked whether the Internet will promote a narrow point of view among users, Cerf responded that this could be offset by services such as Web searches, which have the potential to expose users to new material; he insisted that "The Internet, aided by serendipity, broadens the mind, it doesn't narrow it." Cerf said the problem of online pornography is exaggerated, and advocated a policy of user guidance rather than censorship as the best solution. He noted that the spread of inexpensive non-PC devices used for network access, combined with increasing competition and PC design breakthroughs, will help make Internet access universal. Cerf also said the "digital divide" could be bridged through the advent of open-source software. Other projected developments he had high hopes for include Internet-enabled cars, clothing, and household appliances; and interplanetary Net access, which will require new protocols and independent fat clients in order to handle signal delays.
    http://www.pcworld.com/news/article/0,aid,109528,00.asp

  • "Overclocking Poses Risks to PDAs"
    IDG News Service (02/26/03); Krazit, Tom

    Wibble-wobble.com and Revolutionary Software Front are offering handheld users a cheap way to ratchet up the performance of their personal digital assistants (PDAs) by boosting processor clock speed beyond the vendor's specified rate. However, analysts and vendors caution that this practice, known as overclocking, can ultimately be detrimental to the handheld. More power is consumed, more heat is generated, and battery life is shortened--all of which can lead to system failures and loss of data. Wibble-wobble.com's XScaleCtrl and Revolutionary Software Front's Clear Speed enable users to increase processor speed from 100 MHz to 500 MHz via a software download. International Data (IDC) analyst Dave Linsalata notes that the programs only seem to work for handhelds equipped with processors from Intel and Microsoft's Pocket PC 2002 operating system. Representatives from Intel and Dell Computer note that a handheld broken as a result of overclocking is not covered by its warranty. "For most people, the number of tasks you can perform on older processors are just fine without the need for overclocking," explains fellow IDC analyst Alex Slawsby. "And as price points go down, the urge to get more performance for less money starts to balance out." David Rogers of Intel also reports that handheld users can extend battery life by underclocking their PDAs.
    http://www.pcworld.com/news/article/0,aid,109556,00.asp

  • "To Trap a Superworm"
    Business Week (02/25/03); Salkever, Alex

    The threat of superworms jumped from theory to reality with the release of Slammer in late January; more virulent than earlier worms such as Nimda and CodeRed, Slammer exploited weaknesses in Microsoft SQL database products to launch buffer overflow attacks that infected all vulnerable servers within 10 minutes. Leading computer worm researchers estimated that the number of contaminated servers doubled every 8.5 seconds, with each infected server able to launch tens of thousands of data queries each second. One researcher, Silicon Defense co-founder Stuart Staniford, claims that his company has developed a hardware device that can effectively block superworms such as Slammer. The product, known as CounterMalice, is an intrusion-detection tool that can segregate computer networks into cells, and monitor each cell for atypical activity that might be indicative of a superworm attack, such as data queries to unfamiliar computers, unusual query sequences, and communications to places that are not live. Once a worm is recognized, CounterMalice quarantines the infected machines and obstructs the services the worm is using to proliferate, giving systems administrators a better chance to shield the rest of their networks. However, CounterMalice's effectiveness cannot be tested until the next superworm attack, whenever that may be. There are also unanswered questions about how the tool may impact network performance. Computer-security analysts expect CounterMalice to be bundled with other network defense tools, such as intrusion-detection systems or antivirus software.
    Click Here to View Full Article

  • "DOD Deploys High-Tech Arsenal"
    Federal Computer Week (02/24/03); Caterinicchia, Dan; French, Matthew

    Battlefield tactics are being transformed by information technology developed over the last decade in order to give American forces an edge and minimize casualties. The cost and reliability of IT have respectively fallen and risen since Operation Desert Storm, which depended primarily on radio to coordinate assaults. Battlefield communications have improved significantly with the advent of email, videoconferencing, and high-speed networks, while the Global Positioning System (GPS) is used extensively in conjunction with intelligence gathering on friendly and unfriendly troop movements to establish "situational awareness" and lower the odds of friendly fire incidents. Continuous information access makes battle strategy flexible: If battle conditions change suddenly, for example, commanders can modify their tactics on the spur of the moment. The technology that has evolved the most since Desert Storm is network bandwidth, according to retired Air Force Lt. Gen. James Cassity Jr., who lists military personnel's growing familiarity with IT as another key development. Another technology showing great promise is the Joint En-route Mission Planning and Rehearsal System-Near Term, which commanders can use to access and discuss intelligence data as it comes in via chat rooms, electronic whiteboards, and streaming video and voice applications. But IT will not solve all battlefield challenges--working with technology in environments vulnerable to chemical or biological attack and making different countries' computer systems compatible have yet to be addressed, notes John Osterholz of the U.S. Defense Department's CIO office. Retired Army Capt. John Hillen also points out that information overload must be accounted for, and cautions that "there will never be a 100 percent guarantee" against friendly fire incidents.
    http://www.fcw.com/fcw/articles/2003/0224/cov-dod-02-24-03.asp

  • "Civil Liberties and Combating Terrorism: Legal Principles and the TIA Program"
    Hill (02/26/03) Vol. 10, No. 8, P. 33; Rosenzweig, Paul; Scardaville, Michael

    Research on developing the Total Information Awareness (TIA) project and new technology for the anti-terrorism program should continue, even though some members of Congress have expressed concerns about its potential impact on individual privacy in America, write Paul Rosenzweig and Michael Scardaville of the Heritage Foundation. Presently in its initial stages, TIA is a research program on developing technology that would enhance the way law enforcement and intelligence agencies share and access information on suspected terrorists. Rather than jeopardize the development of a tool that could help protect the country from a terrorist attack, Rosenzweig and Scardaville suggest that Congress should authorize TIA and employ strong oversight of the TIA system. What is more, TIA should be restricted in use to investigating terrorist, foreign intelligence, or national security matters, and the technology should not be used for monitoring ordinary criminal activity. TIA should operate under existing laws for obtaining information on private individuals, such as the use of search warrants and subpoenas, the authors maintain. And an audit trail system should be incorporated into TIA to keep an accurate record of how the technology has been used. A sunset provision of five years should be enough time to determine whether to reauthorize the TIA program, according to Rosenzweig and Scardaville.
    http://www.hillnews.com/news/022603/ss_civil.aspx

  • "The Net Comes Home"
    New Scientist (02/15/03) Vol. 177, No. 2382, P. 26; Daviss, Bennett

    The Internet 0 project at MIT's new Center for Bits and Atoms aims to create an open-source standard for a building automation network connected by electrical cables. The network would offer the simplicity, reliability, and elasticity of a global Internet without the need for computer control, according to center director Neil Gershenfeld; the result will be buildings full of myriad appliances that can act as Web servers. Gershenfeld adds that competing systems such as X10 and LonWorks from Echelon lack scalability. The Net circuit boards that are the building blocks of Internet 0 were made possible by two advancements: The streamlining of the Net's communications system to its basic components via "de-layering," and the deceleration of the data transfer rate to lower interference caused by electronic reflections. MIT scientist Raffi Krikorian, who devised the Internet 0 circuit, has equipped the unit with sensors and switches so that it can communicate to its counterparts in an enclosed environment and control the connected devices; later models will include wireless communications capability, and a programming mode that can be used to set up devices that carry out functions in response to specific stimuli. Issues that Internet 0 will need to address if it is to become an effective tool include security and the inherent complexity of building automation. Although Gershenfeld admits that Internet 0 needs refining, he maintains that its limitations will be set by the community that uses it. The advantages of such a system include less hard-wiring, and lower heating costs thanks to temperature control systems carefully modulated by the network. Krikorian expects Internet 0 hardware to be commercialized in about 12 months, while one of its first deployments will be in MIT's new Media Labs building.

  • "Think Tiny, Think Big"
    Government Executive (02/03) Vol. 35, No. 2, P. 62; Reppert, Barton

    Under the aegis of the National Nanotechnology Initiative (NNI), federal scientists and industrial and academic researchers are forging ahead to develop new technologies that have the potential to revolutionize advanced materials and manufacturing, computing, electronics, medicine, security, and biotechnology, to name just a few areas. In a May 30 memo issued to departments and agency heads involved in NNI, presidential science adviser John Marburger and Office of Management and Budget Director Mitch Daniels placed special emphasis on security and anti-terror technologies such as sensors augmented with nanostructures that can gather and deliver samples more effectively. The NNI was initiated by the Clinton administration, and the Bush administration has expressed eagerness to continue supporting the program. Some researchers argue that other countries' nanotech efforts could overtake that of the United States unless the NNI's budget is raised even higher than its current 2003 allotment of $710 million. A National Academy of Sciences review panel thinks that the program's management could be improved, especially in the areas of interagency coordination and interagency partnerships. In particular, the panel suggested that a nanoscience and nanotech advisory board be set up in order to find "research opportunities" outside the missions of the 16 federal agencies involved in NNI. Complicating interagency partnerships are the burgeoning workload, and the different agency cultures and operating protocols that exist, according to James Murday, executive secretary of the National Science and Technology Council's Subcommittee on Nanoscale Science, Engineering, and Technology. Nanotech critics such as Sun Microsystems co-founder Bill Joy, who believes the science could be potentially devastating, want limits to be imposed on nanotech research, but Richard Russell of the White House Office of Science and Technology Policy downplays those fears, asserting that the principal focus of nanotech research will be the technology's economic and health benefits.
    http://www.govexec.com/features/0203/0203managetech2.htm

  • "Flash Drives Arrive"
    Electronic Business (02/03) Vol. 29, No. 2, P. 40; Arensman, Russ

    By taking advantage of the ubiquity of the universal serial bus (USB) connector, sales of USB flash drives surged from $39 million to $125 million in 2002, according to Web-Feet Research. "This was one of these markets that's been pulled through by the consumers, instead of the manufacturers trying to push it on people," notes Web-Feet Managing Director Alan Niebel, who expects annual flash-drive sales to total $2.5 billion in four years. What flash drives lack in cheapness they make up in durability, convenience, and bigger storage capacity than floppy disk drives; a 16 MB flash drive can store more data than 10 floppy disks, while some drives can store 1 GB. Not all market researchers agree on the size and growth of the flash drive market, partly because over 300 new suppliers--many of them based in China or Taiwan--have entered the marketplace. Semico Research's Jim Handy contends that approximately 2.3 million USB flash drive units were sold last year, while M-Systems Flash Disk Pioneers' Blaine Phelps estimates that shipments approached 4.5 million. Flash drives on the market include M-Systems devices that are equipped with ARM7 processors and boast more security than 8-bit processor drives; TREK 2000 drives that verify users via biometric fingerprint recognition; and SanDisk's recently released Cruzer, which features small, removable flash memory cards. More sophisticated drives are capable of storing encrypted data, and some are being integrated with application software. Digital cameras, voice recorders, and MP3 players equipped with flash drives are expected to debut later this year.
    Click Here to View Full Article

  • "Computer Security's Early Warning Systems"
    Network Magazine (02/03) Vol. 18, No. 2, P. 24; Conry-Murray, Andrew

    To combat the threat of more sophisticated hackers exploiting unknown or unpatched network weaknesses, a cadre of vendors and research groups are implementing early warning systems to give network administrators a heads up hours or even days before an attack. Analysts at the SANS Institute's Internet Storm Center study signs of worm attacks gleaned from a network of sensors and analysis systems run by volunteers, and then notify the security community, federal agencies, and ISPs upon confirmation. Honeypots are bogus computers designed as a ruse to keep hackers away from vital systems, but Sun Microsystems' Lance Spitzner has organized many honeypots into a network dedicated to analyzing hacking methods called the Honeynet Project. A honeynet uses multiple servers to run default installations of real-world operating systems and applications which, along with a firewall, give the system an air of authenticity; selling the illusion that the honeynet is a corporate entity is fabricated information, while both the firewall and the Snort Intrusion Detection System (IDS) recognize break-ins and alert project members. The data and insights gathered through honeynet analysis is then disseminated to the security community at large. The DeepSight Threat management (DSTM) service offered by Symantec subsidiary SecurityFocus studies aggregated data from roughly 16,000 IDS devices deployed throughout 189 countries; it uses this data to establish a pattern of hacker activity and build a baseline in order to more easily identify attack surges and thus spot the initial proliferation of new worms or attack tools. Meanwhile, ISS' X-Force research division seeks out risks and vulnerabilities in the software and applications that make up the Internet's core infrastructure, and reports these flaws to vendors first, then to subscribers of its X-Force Threat Analysis Service (XFTAS) 24 hours later, according to X-Force director Chris Rouland. The vulnerabilities are revealed to the public 30 days after the vendor is alerted, giving it ample time to build and distribute patches.
    http://www.networkmagazine.com/article/NMG20030205S0006