ACM TechNews is published every week on Monday, Wednesday, and Friday.
ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either HP or ACM.
To send comments, please write to firstname.lastname@example.org.
Volume 5, Issue 469: Friday, March 14, 2003
- "Spam's Cost To Business Escalates"
Washington Post (03/13/03) P. A1; Krim, Jonathan
The war is raging between purveyors of unsolicited commercial email (spam) and the various legislative, industry, and consumer groups that want to stamp it out, and the spammers appear to have the upper hand: Ferris Research estimates that spam-related productivity losses and antispam equipment spending will cost U.S. business over $10 billion this year. The development and deployment of federally authorized spam controls is getting bogged down while legislators and activists clash over what constitutes spam and how it should be regulated; meanwhile, the increasing sophistication of spammers is enabling them to thwart attempts to track them down, circumvent spam filters and other protective measures, and broaden their scope by using vulnerable computers as spam launching pads. Brightmail estimates that the spam portion of email traffic has ballooned from a mere 8 percent in late 2001 to approximately 40 percent today, while experts predict spam will account for 50 percent of all email by year's end. The growing volume of spam and spam-related complaints has caused Internet retailers and the direct marketing industry to be more receptive to the notion of a national spam law. Activists such as Junkbusters founder Jason Catlett believe that the only truly effective deterrent is an outright prohibition on spam, and the implementation of an opt-in policy in which companies cannot send consumers commercial email without their express permission. Marketers and most Internet providers prefer an opt-out policy that assumes they have permission to send commercial email unless consumers say otherwise, while some industry insiders allege that an outright spam ban would violate the right to free speech. Experts say the most promising federal solution is the reintroduction of a bill sponsored by Sens. Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.) that would ban email with deceptive subject lines and elements designed to conceal the spammer's identity.
- "Tech Wars: P-to-P Friends, Foes Struggle"
Medill News Service (03/13/03); Costello-Dougherty, Malaika
The government and the U.S. entertainment industry are trying to stop unlawful file-sharing through peer-to-peer (P2P) networks by applying pressure on academic institutions and large companies where such practices are rampant. However, attempts to do so--usually in the form of bolstering firewalls and monitoring network traffic--are often stymied as P2P users leverage sophisticated technology to circumvent filters and firewalls, according to Dr. John Hale of the University of Tulsa's Center for Information Security. "Ultimately, end-to-end encryption of communication channels will make it virtually impossible for system administrators and Internet service providers to monitor network traffic," he predicts. His institution is focusing on alternate ways to inhibit P2P services, such as file spoofing and interdiction. Spoofing, which Chris Hoofnagle of the Electronic Privacy Information Center says is probably legal, can block P2P file-sharing by uploading large volumes of decoy downloads to the network. The scope of file spoofing is undetermined, since the practice and its practitioners generally keep a low profile. Meanwhile, interdiction involves swamping P2P networks with search requests to such a degree that legitimate users cannot get through. Hoofnagle notes that interdiction shares many similarities to denial-of-service attacks, which are outlawed by the Computer Fraud and Abuse Act. Hale says the Center for Information Security is developing P2P countermeasures, but is holding back from deploying them in order to study their potential for abuse and unintended effects first.
- "Does File Trading Fund Terrorism?"
IDG News Service (03/13/03); Gross, Grant
Although witnesses and representatives at the U.S. House Judiciary Committee's Subcommittee on Courts, the Internet, and Intellectual Property hearing on Thursday testified that profits from illegal file-trading via peer-to-peer services were being used to finance terrorist organizations, no solid evidence was presented. The Justice Department's John G. Malcolm said that unauthorized copying of intellectual property appears to be linked to organized crime, which often funds terrorism, but failed to produce any concrete examples when asked to do so by subcommittee chairman Rep. Lamar Smith (R-Texas). Malcolm supported the concept that file-trading network creators are a type of organized criminal, citing this week's indictment of alleged DrinkorDie ringleader Hew Raymond Griffiths as an example. "This indictment and the extradition sends a clear and unequivocal message to everybody involved in illegal piracy that regardless of where you are, the Justice Department will find you, investigate you, arrest you, prosecute you, and incarcerate you," he proclaimed. Testimony was also presented by Films by Jove President Joan Borsten Vidov, who accused the Russian Ministry of Culture of trying to redistribute films her company had legally acquired the rights to without permission. "What fits the definition of organized crime more than a foreign government deciding to steal the property of a small U.S. business?" she inquired. Rep. John Carter (R-Texas) suggested that file-trading on college campuses could be deterred if the Justice Department threatens student users with prosecution and jail time. Rep. Robert Wexler (D-Fla.) favored the dissemination of public service commercials detailing the supposed connection between piracy and organized crime.
- "Carbon Chips Net Step Post-Silicon, Says Scientist"
Investor's Business Daily (03/13/03) P. A8; Tsuruoka, Doug
IBM's Phaedon Avouris is working on carbon nanotube replacements to today's silicon computer chip technology. Besides the physical limitations ever-shrinking silicon-based chips will face in 10 years, Avouris points out that the advanced chip-making equipment needed will cost as much as $100 million apiece. He cites cyclotron radiation, electron beams, and ultrashort wavelength as lithography technology that promise to improve the performance of silicon chips for the next few generations. However, Avouris points out the comparative advantages of carbon nanotubes to materials used in traditional computer chips, including energy efficiency, material strength, and the abundance of base material. Furthermore, computer chips built using carbon nanotubes would fit as many as 40 million circuits in a space only as wide as a human hair. Unlike electrical wires made of metal, carbon nanotubes also do not pose resistance to electrical flow. Avouris says carbon nanotubes could be produced on the scales of today's chip-grade silicon if production ramps up, thanks to the abundance of carbon. He says IBM plans an additional two or three years of basic research into carbon nanotubes before passing it on to engineering teams for commercial application. Pointedly, Avouris cites a 1948 Popular Science article quoting Bell Labs scientists, who were working on electric transistors at the time. When asked whether their work would have commercial application, they answered, "We don't know; time will tell."
- "Social Software and the Politics of Groups"
InternetWeek (03/10/03); Shirky, Clay
Thanks to the advent of the Internet and social software that facilitates group communications, large numbers of people can now converse with each other without being inconvenienced by conventional barriers of physical location and time. This in turn has caused new social patterns--chatrooms, Weblogs, mailing lists, etc.--to emerge. Social software also sets up groups as entities, giving rise to behavior that cannot be anticipated by analyzing individuals. In defiance of earlier projections about the Internet's social impact, many successful online communities have limited their growth or set up size boundaries; erected non-trivial blocks to joining or becoming a member in good standing; and are enforcing criteria that restrict individual freedoms. The tension between the individual and the community inherent in social interactions, whether online or offline, must be addressed in a group-supportive system by rules that outline the relationship between individuals and the group and set limits on certain kinds of interactions. Designers of social software must consider a wide range of issues, including how good group experience can be tested, how software supports group goals, and the best barriers to group membership. In terms of advancement, user software is ahead of social software because developers are more familiar with single-user rather than group experience. Another contributing factor is greater developer emphasis on software's technical aspects instead of its social implications.
Click Here to View Full Article
- "Who Cares About the Fastest Internet Ever?"
NewsFactor Network (03/13/03); Ray, Tiernan
Last week's announcement that Stanford Linear Accelerator (SLAC) researchers had successfully transmitted 6.7 billion bytes across 10,000 kilometers at a rate of 1 Gbps, thus achieving a new Internet land-speed record, may have been less than revolutionary, given that many commercial Internet products already feature gigabit speed transmission. But SLAC staff say the real breakthrough was smarter rather than faster communication, and the reduction of round-trip latency. The amount of time computers wait to receive data on either end increases the further apart they are, so Les Cottrell of SLAC's Computer Services made TCP transmission more intelligent by increasing the size of the data packets, thus lowering the number of acknowledgements that travel round-trip during transmission. With the SLAC method, a data packet sent from Sunnyvale, Calif., to Amsterdam and back took 170 milliseconds, while all 6.7 billion bytes were transmitted in 58 seconds. The breakthrough's short-term applications could include collaborative scientific ventures, such as those involving particle and nuclear physics. "Today we can replicate data [between labs] using transmission of a few hundred megabytes per second," Cottrell explains. "But the data are increasing by a factor of two each year, or faster than Moore's Law." Cottrell also foresees real-time transmission of medical data between patients and doctors, and notes that PCs may eventually need to be redesigned to accommodate the new transmission rate.
- "Yaha Virus Uses Netizens as Pawns"
Wired News (03/13/03); Delio, Michelle
An Internet battle between Pakistani and Indian hacker groups threatens regular users, but corporations are unlikely to be affected. On March 12, the Indian Snakes hacker group released the Yaha.Q version of their email worm, which organizes denial-of-service attacks against five Pakistani Web sites, changes settings on infected PCs, and contains messages to online enemies and one computer security expert who scoffed at previous Yaha versions. TruSecure virus guru Roger Thompson remains unimpressed, saying many companies that filter out executable email attachments are immune to Yaha.Q, but many home Internet users may be hit. Using subject lines such as "Friendship screensaver" and "Sample.exe," the Yaha.Q worm is loaded in an email attachment tagged with .exe or .scr. Canadian computer security researcher Ian Murray remarks that many virus writers have something to say, but probably create the virus before attaching their message. Examples of politically-motivated viruses include the Adore worm that sent information housed on Linux systems to Chinese servers in 2001, purportedly in response to an airborne mishap between Chinese and American military planes. The Lion worm in 2001 criticized Japanese textbooks that claimed Japanese occupation of Korea and China in the early 20th century was beneficial to those countries.
- "Twins Crack Face Recognition Puzzle"
Reuters (03/12/03); Gershberg, Michele
International security may be revolutionized by a new face recognition technology developed by students Michael and Alex Bronstein. The Bronsteins, who are identical twins, were jokingly challenged by Technion Institute professor Ron Kimmel to create a system that could distinguish between the two of them; the end result was a tool that scans and maps the human face into a three-dimensional signature using light patterns. Kimmel says this technique offers far greater accuracy than most current security systems, which use two-dimensional images to identify people. Furthermore, the system's comparison of facial features is not hindered by lighting conditions or the subject's pose. Still, significant changes to facial surfaces caused by aging, plastic surgery, or the growth or removal of facial hair could inhibit ID verification. The system's core software was developed by Kimmel and his former student Assi Eyad, while the Bronsteins and engineer Eyal Gordon built a 3D scanner. Kimmel and the Bronsteins plan to commercialize the product, which could be used as a security tool in many areas, including airports, border crossings, and ATMs.
- "Recognizing the Dance on the Dotted Line"
New York Times (03/13/03) P. E5; Austen, Ian
Shoppers may no longer have to carry debit or credit cards while identity thieves and forgers could be thwarted with the advent of biometric handwriting recognition technology, according to advocates. Biometric handwriting systems do not analyze the signature itself, but rather the act of signing; Shai Waisel of WonderNet, which produces the Penflow handwriting authentication system, suggests that signing is practically an unconscious act. "When you sign your name, you are moving your hand two times faster than you can control it," explains Thomas G. Zimmerman of IBM's Almaden Research Center. "[Forgers] can't reproduce the cadence of the dance that your hand does." Most biometric handwriting recognition devices have been restricted to financial institutions because of their cost and data requirements, but more stores may avail themselves of the technology thanks to two developments: The acknowledgement of electronic signatures as legitimate signatures via national legislation, and the subsequent installation of digital signature pads by retailers. Using such pads, customers write three to six autograph samples with an electronic pen while software times their hand movements and directional changes; these factors are then compared to the stored record when a customer signs for a purchase. Zimmerman believes such systems would obviate the need for plastic credit cards, while Waisel says at the very least they could do away with the need for signatures and other identifying information on those cards. Guido DiGregorio, CEO of digital signature pad supplier Communication Intelligence, thinks Web-based retailers would be able to beef up security by using signature authentication technology for online transactions. However, Richard Mader of the National Retail Federation notes that the technology must be incapable of accidentally rejecting legitimate cardholders if it is to be widely adopted.
(Access to this site is free; however, first-time visitors must register.)
- "Two Programmers Speculate on the Future of Software Development"
The next five years for the software development industry will see an increasing amount of work being done offshore, in places such as India where costs are cheaper, according to former CNet developers Dan Seewer and Kevin Cobb. Cobb said software development would follow the path of the automotive industry in terms of offshore work, but also expressed doubt over quality control in offshore production. Seewer said another change was a shift from legacy code maintenance to programs that are written from the ground up overseas, and added that smaller, in-house development projects had a better chance of not being outsourced offshore because of project management issues. Cobb and Seewer both expected experienced software engineers in the United States to have work even with development going overseas, and also said that documentation libraries for software developed offshore would not be a problem for future re-purposing efforts. Meanwhile, Cobb and Sewer both supported a software engineering licensure that would certify developers for specific, critical jobs, such as developing air traffic control software or that used in medical systems. Seewer referred to an article on the topic published in the November 2002 issue of the Association for Computing Machinery's Communications of the ACM magazine.
Click Here to View Full Article
- "Military's 'Sneaky Wave' Out of Hiding"
CNet (03/11/03); Charny, Ben
The IEEE is studying proposals from Philips, Texas Instruments, and other wireless-networking companies to decide which technology will be used for 802.15.3a, a wireless personal area network (WPAN) specification designed to compete with the highly popular Bluetooth standard. Intel's Ben Manny estimates that 95 percent of the submitted proposals use ultra wideband (UWB) as a core technology, which was originally developed by the U.S. military as a communications medium that would be impervious to eavesdropping. Most radio transmissions operate in narrow frequency bands of about 100 MHz, while UWB operates in a band tens of thousands of megahertz wide and overlaps already-occupied bandwidth. UWB, which was once called the "sneaky wave," is cheaper and more power-efficient than Bluetooth, and 100 times faster, according to supporters. However, critics are concerned that the technology, which has yet to be tested in the commercial arena, could interfere with systems operating in nearby bandwidths. UWB advocates discount such worries, claiming that the technology's low power requirements prevent interference. IEEE will decide the limits of UWB this week, and many wireless-networking companies have proposed splitting the wave into smaller segments of a few thousand megahertz each. Manny believes UWB will be a component of the final 802.15.3a specification, but acknowledges that "there are a number of different ways to do it." The IEEE has until June to select the winning proposal.
- "Gadget Accessibility Slowly Spreading"
Associated Press (03/12/03); Bergstein, Brian
Spurred by government mandates as well as the drive to make money, technology companies are now working harder to make computers, Web sites, and other forms of communications technology accessible to people with disabilities. Among the gadgetry tech companies are researching, developing, or offering is video relay, which allows hearing-impaired people to communicate to operators and vice-versa using sign language captured by a Web camera. Another technology that deaf people can take advantage of is an Israeli-developed tool that assists lip-readers by displaying a computer-generated face whose lip movements correspond to what is being spoken over the phone. People with poor vision are using software that reads on-screen text aloud, which is controlled by the user's breathing and eye-blinks. There are, however, wrinkles to be ironed out: Newer digital cell phones are known to disrupt the operation of hearing aids, while the difficulty many disabled people experience with wireless devices has prompted design improvements to be a major topic at this month's CTIA Wireless 2003. Furthermore, PricewaterhouseCoopers estimates that less than 15 percent of federal agencies' Web sites feature clear, easy-to-find content, despite a federal law requiring such sites to be accessible to the disabled.
Click Here to View Full Article
- "Alliance to Certify, Publicize Public Wireless Access Zones"
The Wi-Fi Alliance trade group, which includes such members as Microsoft, Dell, Intel, Nokia, Philips, and Texas Instruments, plans to make people more aware of the Wi-Fi wireless networking standard in two ways. First, the group wants to give a "seal of approval" to various access points where laptop users can log on, regardless of the laptop's network card manufacturer or technology. Second, the group unveiled a Web site on March 12 to allow users to search for access points in various countries. Some 1,700 access points are listed so far, but the number is expected to expand quickly, says Brian Grimm, association marketing director. Meanwhile, operators are still mulling ways to bill users who roam out of their home network. Grimm expects that in the future, only one account will be needed to connect from anywhere, but that is still years away. Many companies currently offer access points as a complementary bonus for clients, while others bill according to a period of time. The alliance's Andrea Vocale, a Cisco Systems executive, says, "The pervasiveness of Wi-Fi is what it's about. We want the experience to be the same, with one standard everywhere."
Click Here to View Full Article
- "'Snow Days' Could Take Down Net"
Investor's Business Daily (03/14/03) P. A6; Howell, Donna
To stay abreast of ever-changing network security threats and protective measures, many tech security managers attend the annual SANS Institute security conference. Major topics of this year's meeting, held this week, focused on software holes that hackers and hacker-developed worms exploit. Ed Skoudis of Predictive Systems declared that future worms will make the recent Slammer worm's capabilities pale in comparison. SANS Research Director Alan Paller said network administrators are chiefly afraid of superworms capable of disrupting companies or whole sections of the Internet, while Skoudis expected such worms to completely shut down the Internet for 24 hours or more within two to five years. Paller outlined a migration pattern that hackers appear to be following, from operating systems to services to databases to applications and clients. He noted that fixing the mess caused by worms is very expensive, so more people are working to stop worms at the outset by reducing vulnerabilities. Paller explained that money issues are hindering security spending among ISPs. Security solutions showcased at the SANS conference included an intrusion prevention appliance from NetScreen Technologies, which follows up the discovery of new vulnerabilities with the release of emergency updates to customers.
- "Thousands 'Trojaned' Through Net Shares: CERT"
ZDNet Australia (03/12/03); Gray, Patrick
A rise in network share-based attacks may foreshadow a massive distributed denial of service (DDoS) attack, according to a warning issued by CERT/CC today. The advisory asserts that hackers have compiled an army of thousands of "zombie" systems infected via manual and self-replicating worm style attacks. Many home user systems were compromised over the weekend by the Deloder worm, which exploits vulnerable Windows network shares and installs a pair of Trojan programs, in particular an Internet Relay Chat (IRC) "bot." "This is a total turnaround, [malicious hackers are] bringing the worms to them," explains AusCERT security analyst Matthew McGlashan. The latest assaults target Windows NT/2000/XP machines, whereas past incidents usually focused on Windows 95/98/ME systems. The widespread corporate practice of securing network shares behind firewalls has prompted malicious hackers to concentrate on home users and other "soft" targets, McGlashan explains. The CERT warning says that the "problem is exacerbated by...intruders specifically targeting Internet address ranges known to contain a high density of weakly protected systems." McGlashan predicts that rival hacking groups will battle for control over the zombie systems.
Click Here to View Full Article
- "Thinking Outside the ICANN Box: Creating a Prototype Based on Internet Experience--Part II"
CircleID (03/12/03); Hauben, Ronda
A new proposal, "The Internet an International Public Treasure," contains an outline for researchers and participants to begin developing a prototype of a workable Internet governing structure. The document addresses preparation and foundation-laying work necessary to begin building a global collaborative Internet governing tool. All of this will require strong leadership, and the report suggests a process for generating that leadership. The prototype will include mechanisms for DNS, IP allocation, and protocol maintenance. The governing structure will focus on essential DNS tasks, be cognizant of the diversity in the user community, and understand how Internet tools function to serve diverse communication and disparate users. In regard to IP allocation, protocols, and DNS--ICANN has failed to contemplate and understand these interlocking structures before setting out to govern them, and the report specifically calls for understanding these structures theoretically before beginning to contemplate an appropriate oversight mechanism. Researchers working on this project are beginning to address these structural questions now in order to develop a prototype. Researchers will also address issues of the Internet's historical development in order to better envision a fair and workable future, and how to publicize a report on a finalized prototype.
- "Goal Oriented"
InformationWeek (03/10/03) No. 930; Hayes, Mary
Seagate Technologies and other large companies are turning to online accountability systems as a way to maintain alignment between corporate goals and employees' efforts. In response to worries that such systems could lead to an Orwellian model of employee monitoring, Baxter Healthcare VP Faye Katt counters that performance-management software can actually empower workers when used properly. However, Meta Group analyst Maria Schafer warns that poorly managed goal-alignment systems will conflict with corporate culture, especially one with an autocratic architecture. She adds that the cornerstone of an effective system is communicating to employees that their insight and participation benefits the company, which in turn reinforces the company's commitment to its workforce; making employee compensation contingent on the goal-alignment system's appraisal of their performance is another incentive. Return on investment from performance-management software cannot necessarily be read in terms of revenue, employee retention, or operational efficiencies, but adopters such as Seagate and Baxter note that employees have responded favorably while company goals have a palpable, dynamic presence. Schafer forecasts that less than 5 percent of companies use goal-alignment software, but Performaworks CEO Paul Schaut believes that the languishing economy and scaled-down IT budgets could fuel greater interest in the technology. Textron's Steve Ostiguy notes that companies generally have a poor track record of clearly communicating performance goals to employees upfront, but goal-alignment software is an effective solution. With such a tool, "Employees know exactly what their objectives are and how they relate to business units and, ultimately, the entire enterprise," he says.
- "Flaws Put Open Source on Hot Seat"
Network World (03/10/03) Vol. 20, No. 10, P. 1; Fontana, John
The disclosure of the SendMail and Snort security flaws last week highlighted the problems of building and installing open-source patches. "With open source you really have a double-edged sword," notes Dan Ingevaldson of Internet Security Systems, the company that identified the SendMail vulnerability. "It's very open but there is no single point of contact where there is a list of enterprise customers using the code." The open-source community's quick response time to such vulnerabilities was demonstrated by the fact that a patch for the SendMail bug was ready in less then 24 hours, but another issue is awareness; in SendMail's case, all users of the applications were probably aware of the flaw, given that approximately three-quarters of all email is transferred by SendMail. However, patching software and code that is not well known is a more difficult proposition. Further complicating patching is when open-source code is modified for users' systems prior to a vulnerability's disclosure--in such a case, the released patch may be ineffective, says SendMail code creator Eric Allman. Experts advise corporate users to be aware of the tracking problems inherent in open-source software, as well as the possibility that patch producers may not necessarily be trusted sources. An even greater problem is that many users of open-source and commercial software fail to even install patches.
- "Nano's Balancing Act"
Small Times (02/03) Vol. 3, No. 1, P. 34; Stuart, Candace
A growing movement of activists, academics, and business leaders is trying to strike a balance between nanotechnology's potential benefits and its hazards through such organizations as Rice University's Center for Biological and Environmental Nanotechnology (CBEN) and the Science and Environmental Health Network (SEHN). Nanotech is already being applied in water purification, pollutant detection, and more energy-efficient products, but some critics are calling for a moratorium on all nanotech research and development until concrete proof of its safety is furnished. Nanotech opponents generally give little priority to the technology's environmental effects, focusing instead on its societal ramifications and potential for abuse. CBEN is researching the potential environmental impact of nanomaterials such as carbon nanotubes and titanium dioxide in an effort to minimize risk, according to environmental engineer Mark Wiesner. Meanwhile, NASA's Johnson Space Flight Center has undertaken several projects to measure the effects of nanotubes on the environment and respiratory systems. SEHN balances its research on the possible environmental and health benefits of science with the precautionary principle, an evolving template that addresses the risk and scientific uncertainty in immature technologies. Both nanotech supporters and critics agree that studying the biotechnology industry's past missteps could help reduce nanotech's unintended consequences. Such mistakes include disregarding public concern and withholding information, notes CBEN director Vicki Colvin.