The federal government's cybersecurity research investments are woefully insufficient, concludes a report prepared by a subcommittee of the President's Information Technology Advisory Committee (PITAC). The report says the U.S. should give $148 million annually to the National Science Foundation to be channeled into Internet security research, as well as greater research investments by the Homeland Security Department and the Defense Advanced Research Projects Agency (DARPA). "The federal government is largely failing in its responsibility to protect the nation from cyberthreats," declared panel co-chair Edward Lazowska, who also chairs the University of Washington's computer science and engineering department. SRI International computer scientist Peter Neumann criticized both the White House and Congress for giving civilian cybersecurity research a low priority. Panelists were also concerned about DARPA and the National Security Agency's shift in focus from long-term academic research to short-term classified research, and noted a basic shortage of leadership and coordination in the federal cybersecurity research effort. They proposed the creation of a federal interagency group to address this shortage. The subcommittee argued that the cybersecurity research community lacks the numbers to fulfill a federal objective to at least double the population of civilian cybersecurity researchers by 2010. The report criticizes the commercial cybersecurity strategy of patching, and lists 10 cybersecurity research areas that should take precedence, including cyberforensics, authentication technologies, monitoring and detection tools, and secure protocols.
Click Here to View Full Article
(Articles published within 7 days can be accessed free of charge on this site. After 7 days, a pay-per-article option is available. First-time visitors will need to register.)

World Wide Web inventor Tim Berners-Lee is a big believer in the potential of the mobile Internet, but believes designers will have to do a better job of simplifying Web pages for handsets. Designers have already tweaked Web pages for the visually impaired and for others, and he believes they will do so for users of mobile devices. Berners-Lee's comments came during a seminar on the future of the Web, and he added that there is a demand for browsing the Web with a mobile device. "Everyone was supposed to be browsing the Web with their mobile phone, but the problem is that it has not happened," he said. Berners-Lee initially envisioned the Web would be a tool for collaboration, but other than the emergence of resources such as "wikis," that has not happened as well. "Wikis in general are great examples of how people want to be creative and not just suck in information," Berners-Lee said of the interactive online notepads.
Click Here to View Full Article

Cornell University researchers led by assistant computer science professor Emin Gun Sirer have developed "Credence," a new open-source software program designed to clear peer-to-peer (P2P) networks of spam by allowing different computers to "gossip" with each other to determine which P2P files are trustworthy. Credence starts out in the manner of many contemporary P2P networks, in which users rate the legitimacy of files; but the gossiping function checks to see how users on other systems have rated the same files, looking for similar evaluations. During a file search, Credence gives priority to results that receive high ratings by this user community with matching ratings. Spammers who rate their own files as legitimate are thus segregated from these communities of well-reputed computers. "I believe in people; I think most people are honest," notes Sirer. "I think it will be people on the periphery who will be kept out." However, antipiracy companies plant decoys of popular digital content in file-swapping networks in an effort to curb copyright infringement, and the Credence software could filter out these decoys as well. Still, Overpeer general manager Marc Morgenstern is confident that antipiracy companies such as his will inevitably find a way to bypass such filters as part of the arms race between digital pirates and copyright holders.
Click Here to View Full Article

Last November's congressional approval of the Visa Reform Act of 2004 mandated a $2,000 increase in the fee for H-1B applications and allocated $500 of each payment for H-1B antifraud probes. The additional funds from these revisions, due to go into effect this month, may put employers of H-1B visa holders at greater risk of being investigated for abuse, according to immigration attorneys. The U.S. Labor Department estimates that it carried out 49 probes of alleged H-1B abuses from October 2004 through Jan. 31, 2005, compared to 142 investigations in fiscal 2003 and 118 investigations in fiscal 2004. Attorney Irina Plumlee with Gardere Wynne Sewell expects to see more audits of H-1B employers due to the extra money allocated by the revisions, and also because of the political atmosphere in Congress and heightened security measures. Complaints from H-1B holders are usually the catalyst that triggers abuse probes, but federal investigations as well as random audits can also be built using information from third parties. The new legislation also broadens federal officials' criteria for investigating companies, including checking for adherence to an altered wage-rate system that accommodates greater fluctuations in pay to visa holders. The availability of 20,000 additional H-1Bs for foreign workers with advanced degrees from U.S. schools has been postponed until the rules governing the visas are published in the Federal Register, but immigration lawyer Robert Webber says the U.S. Citizenship and Immigration Services agency has bungled its handling of the new law and "has created complete confusion."
Click Here to View Full Article

Professors Cindy Riemenschneider and Deb Armstrong of the University of Arkansas' Sam M. Walton College of Business examined why fewer women have been getting involved in IT careers in recent years, and have concluded that time management and sources of stress at home and in the office are the chief factors in women's departure from the IT field. Riemenschneider explains that IT is constantly deadline- and training-oriented, and dealing with this and familial duties gives rise to turnover as well as promotional obstacles. The UA researchers say flexibility is a major element in improving career satisfaction, and Heather Letterman of Data-Tronics says her company is aware that IT workers are frequently on call 24 hours a day and makes allowances by letting employees take time off during normal business hours if necessary. Data-Tronics data coordinator Cindy House says technological advancements have also helped give female IT workers more flexibility, an example of which are home connections that facilitate job-related tasks outside the office. Meanwhile, a report from the Information Technology Association of America's (ITAA) Blue Ribbon Diversity Panel lists entry barriers for women that include a shortage of role models and opportunities to network, fewer female science and engineering graduates, a negative image of the IT industry, recruiting stereotypes, and an absence of strong corporate commitment. However, the ITAA report points out that the amount of women holding professional IT jobs expanded from 25 percent to 25.3 percent between 1996 and 2002, even as the overall number of female IT workers declined in the same period. Tyson Foods CIO Jerri Dunn says making young women aware of career opportunities is crucial to hiring female IT workers, and advises women to continually attend networking events.
Click Here to View Full Article

To learn more about ACM's Committee on Women and Computing, visit http://www.acm.org/women.

The University of Alberta is creating a $2 million program that delves into three-dimensional telepresence technology, and has received $1.7 million to set up an industrial research chair to aid in its exploration in collaborative virtual environments, says U of A computer science professor Pierre Boulanger. Telepresence would enable a surgical expert to demonstrate hand and scalpel movements to students who are thousands of miles away, for example. The technology would render holographic images similar to the way in which characters from the Star Trek TV show interacted with 3D images of people and places on a holodeck. "Computers are smart enough today to adapt to people, and that's really a recent shift in computing," says co-chair Christoph Sensen of the University of Calgary, who is developing virtual tools for medical experts. TRLabs, the University of Alberta, the Canadian Foundation for Innovation, and other industry parties are providing the grants that fund the provincial chair.
Click Here to View Full Article

Law enforcement agents say cybercriminals use unsecured Wi-Fi networks to hide their identity and location, and that the problem is growing as more and more universities, municipalities, independent retailers increasingly offer wide-ranging Wi-Fi grids available to anyone with a Wi-Fi card. As a result, Wi-Fi use is exploding; over 10 million U.S. homes now have wireless Internet connections via a Wi-Fi base station. However, wireless routers are often sold and set up without activating features that hide a Wi-Fi network or encrypt data sent over the network. SBC, the nation's No. 1 DSL service provider, says it has shipped approximately 1 million routers to its customers with encryption turned on by default; but most consumers are simply happy to get their wireless network operating and do not want to complicate the system, says analyst Roberta Wiggins. The Secret Service cracked a ring of professional data thieves in October and arrested more than 30 people, half of whom used unsecured Wi-Fi networks to obscure their real identity and location. Law enforcement officers say cybercriminals are often logged into neighboring Wi-Fi networks when apprehended at home. Secret Service special agent Jan Gilhooly says the common practice of hiding behind other people's network access has caused law enforcement to conduct more in-person surveillance prior to an arrest. Private conversations captured in the recent Secret Service investigation showed the criminals shared information about how to access unsecured Wi-Fi signals with specialized antennas, for example. Wi-Fi cards do provide identifiable information that law enforcement can track and use to identify a perpetrator, but most consumer routers do not store the information and the equipment is easily switched out of a laptop computer.
Click Here to View Full Article
(Articles published within 7 days can be accessed free of charge on this site. After 7 days, a pay-per-article option is available. First-time visitors will need to register.)

Spam, phishing, DDoS attacks, worms, and other network-oriented malware are driven by groups of zombie machines, but reverse firewalls on network attachment devices such as routers and DSL equipment could help stop those operations, writes former ICANN board member Karl Auerbach. The telephone network is protected from potentially dangerous equipment through a certification process, and a similar certification regime could be used to secure the Internet. PCs themselves would not be included, but rather the in-between home and office network equipment manufactured by the likes of Cisco and Netgear. Those devices run on proprietary code and are fairly task-specific. Certification would ensure client machines are not harming the general Internet by placing restrictions on outgoing packets, such as those bearing false addresses, containing certain illegal bit patterns, unrelated to established connections, or containing IP fragments or excessive ICMP activity. Though this scheme would add a layer of regulation and would not stop hackers entirely, it would make it much more difficult to operate zombie machine operations.
Click Here to View Full Article

IBM Almaden Research Center director Mark Dean says in an interview that a great deal of his time is dedicated to cultivating an interest in science and engineering among African-Americans, noting that promoting and hiring minorities is a major effort for IBM. Dean, an African-American, says the industry must imitate society. "We need to mix, we need to match the mix that exists in society, or we won't be able to produce products that get to all of our constituency," he explains, adding that he is aggressively pursuing all minority science and engineering Ph.D. graduates. Dean argues that minorities should at least give consideration to engineering and the sciences, because such skills will position them for careers in the emerging service sciences discipline. The IBM Almaden director reports that some universities are already producing graduates with degrees that could be described as proto services/science degrees, although the current name for the discipline is information systems management. "People are starting to get the idea that if people graduate with something more than just a technical understanding, with an understanding of how to work with people and best practices, it's the human part of technology," Dean remarks. He expresses excitement at IBM Almaden's work with software that automatically tags information recorded in the course of a day to create "meta data" that would allow people to retrieve such information as a memory aid for reference or personal improvement; however, he notes that there are still uncertainties over whether others would feel comfortable with such recording. Other areas of concentration at IBM Almaden Dean mentions include explorations into solid state memory and advances beyond the current structured database.
Click Here to View Full Article

University of Bath researcher Adrian Bowyer is developing a 3D printer that can replicate itself and has the potential to dramatically lower the cost of rapid prototyping, in which objects stored on a computer are printed out in layers. Bowyer says his self-replicating rapid prototyper (RepRap), which is designed to print conducting materials without using a laser, could reduce the price of prototypers from their current cost of $25,000 to around $500. Instead of fusing powdered metal with a laser, RepRap will employ a metal alloy of bismuth, lead, tin, and cadmium that boasts a low melting point and that can be squirted into circuit patterns from a heated syringe. Bowyer has already printed metal circuitry onto an autonomous robot with this technique, and he thinks future self-replicating machines will dispense both metal and plastic from the same nozzle. The University of Bath researcher says RepRap does not need to be enabled for self assembly; rather, the machine only has to generate all the needed components except for the microprocessors and the lubricating grease, which could be added later. Bowyer intends to freely distribute the software that controls the self-copying process online so that users can improve and expand RepRap's efficiency and capabilities. Wohlers Associates analyst Terry Wohlers has reservations about Bowyer's concept, arguing that it makes little sense from an economic standpoint. "Many of the components could be produced much faster and cheaper by other machines," he contends.
Click Here to View Full Article

The University of Southern Mississippi (USM) will collaborate with the Open Source Software Institute (OSSI) and the U.S. Naval Oceanographic Office on a three-year research and development program investigating the adoption and use of open source software by the Navy as part of a Cooperative Research and Development Agreement (CRADA) between OSSI and the Commander, Naval Meteorology, and Oceanography Command (CNMOC). The OSSI-CNMOC CRADA follows up a previous OSSI-Navy CRADA that allowed the Navy to identify and record how open source applications and programs were employed within their enterprise systems. The new CRADA will focus on the usage of open source software within Naval Web services, scientific computing, and enterprise architecture systems. USM assistant computer science professor Dr. Andrew Strelzoff will supervise the CRADA project's scientific and mission-oriented computing phase, and will lead a research team made up of faculty and research students from USM's computer science department. The team will devise and deploy novel "code only" software tools that analyze the Navy's processes for developing, maintaining, and restructuring software. Speaking at the recent CRADA signing ceremony held at Mississippi's John C. Stennis Space Center, Strelzoff hailed the agreement as "a great opportunity for our department and grad students to get hands-on experience and to make a significant contribution to the Navy and the open source software community."
Click Here to View Full Article

Researchers with the Honeynet Project have released findings about bot net activity since last summer. The collections of hijacked computers are increasingly used for financial purposes rather than online vandalism, such as denial-of-service attacks against Web sites. Bot net activity appears well organized and directed by skilled hackers, suggesting links to organized crime, said Honeynet Project member and German computer science academic Thorsten Holz, the primary author of the report. Bot nets are used to spread financially oriented adware and spyware, harvest identity and financial data, and to attack rival bot nets with denial-of-service barrages. Akamai Technologies suffered a well-publicized outage last year that is suspected to have been caused by bot net attack. One of the more interesting attacks published in the findings was a bot net scheme to steal and sell items from Diablo II players. If the online game software was detected on a target machine, the player's characters would deposit virtual items in drop spots on the game world, where they would be picked up by hackers and sold on eBay. Although the largest bot nets spanned more than 50,000 computers, the Honeynet researchers said smaller networks of between 3,000 and 8,000 machines were becoming preferable because they were more difficult to track. The paper also predicted bot nets would begin adopting peer-to-peer communications instead of IRC command and control.
Click Here to View Full Article

Collaborative-filtering systems' appeal lies in their potential to alert consumers to items of interest they might otherwise miss, and to help online vendors boost sales via cross-selling. Collaborative filtering has been around since the early 1990s at Xerox PARC, but only just recently caught on because the computational muscle and seamlessness it requires has only now become available. The start of the collaborative-filtering process is the explicit or implicit collection of data on individuals' preferences; examples of the former include numerical rankings, while examples of the latter include the amount of time spent viewing a Web page. Collaborative-filtering systems base their recommendations on either a user-user or item-item model: The first model finds users with similar tastes, while the second finds items with similar appeal to many users. The item-item model is advantageous in that it does not require frequent similarity calculations, and can scale up over millions of items and millions of users. Privacy advocates are concerned that collaborative filtering requires information about many people to be stored in a central repository, but the University of California at Berkeley's John Canny proposes an alternative scheme that upholds user privacy because the personal data is aggregated by users themselves. The growing popularity of collaborative filtering also carries the danger of people increasingly attempting to manipulate recommendations, and a solution suggested by Harvard University's Nolan Miller and colleagues ascertains the likelihood of a user's "honesty" using probabilistic techniques. But even with the problems of user dishonesty and privacy addressed, the accuracy of collaborative-filtering systems may still be constrained by the simple fact that people's preferences shift over time.
Click Here to View Full Article

Wireless carriers and technology companies are testing new services based on IP multimedia subsystem (IMS) standards that aim to break down the walls between cellular, wireline, and cable platforms. IMS leverages Internet protocol (IP) to achieve converged telecommunications where cell phone users could stream video to other people even as they hold a conversation, or seamlessly switch an ongoing TV show from a regular set to PDA, for instance. Because IMS allows data to be sent via digital packets instead of dedicated analog streams, services are not constrained by the traditional circuit-switched network infrastructure and can be mixed simultaneously. Ideally, IMS services would use soft switches, but circuit-switched networks can be used as well. IMS standards also address potential quality-of-service issues that could crop up as different applications compete for resources. Experts say the initial IMS-enabled services will likely be push-to-talk over cellular (PoC); Motorola already has roughly a dozen contracts to deploy such IMS-based PoC services. Lucent Technologies' John Marinho says PoC is a sort of testbed for future "push-to-X" services that allow users to send text messages, photographs, or video to other users based on presence and session initiation protocol; Marinho says each of these services has previously been siloed, but would become more attractive when used in conjunction. Nokia Networks' Petri Seppanen says migration to packet-switched networks, more powerful handsets, and increased competition from other technologies such as voice over Wi-Fi are driving IMS interest. Because IMS is standardized, it will also help reduce costs.
Click Here to View Full Article

IT and building automation systems (BAS) experts say their two worlds are merging with the initial development of Web-based control standards and migration to IP networks; innovative building operators and BAS companies are already using IP and Web technologies to more effectively manage their heating, air conditioning, lighting, and other building-control functions. As more functions move to the IT infrastructure, experts predict BAS will become another customer of the IT department, much as accounting or other functions rely on IT staff. The migration to IP networks is similar to that of telephony's current move to IP, but as sensors, security cameras, actuators, and other devices become connected, they will also communicate as peers via Web services; open standards are the basis for this integration, and will also enable integration with other business systems such as accounting. The OASIS Open Building Information Exchange (OBIX) committee has been working since April 2003 to create standard building-control system interfaces for Web deployment, a draft discovery service for plug-and-play BAS devices, and an alarm service for automated settings. If the initiative is successful, OBIX-related Web services could outnumber all other Web services combined, says OBIX Chairman Toby Considine. There are still a number of obstacles for BAS integration into the IT infrastructure, including reticence on the part of BAS companies to move away from proprietary technology, lack of awareness among IT professionals, and standards. Security is also an issue, and Yale University placed its new IP-based BAS on a separate, parallel network protected from the general Internet by nonroutable IP addresses. Control-system companies have no idea about directory-enabled security, which is especially worrisome considering some of these systems control building access, says Kenmark Group CEO Mark Kendall.
Click Here to View Full Article

Researchers at the University of Southampton's School of Electronics and Computer Science relate their experiences in deploying mobile Grid clients for the Finance Education in a Scalable Software Environment (Finesse) e-learning system with the goal of establishing whether such implementations are feasible. Mobility's arguable benefits for e-learning include increased access to learning resources for students and teachers and the enablement of computers to enhance a wholly independent learning model, and the researchers think the assembly of such applications necessitates a software infrastructure envisioned by ELeGI; ensuring that this architecture has the elasticity to support such applications is the purpose behind their deployment of mobile Grid clients. The researchers focused on developing a mobile client interface to make online Finesse portfolios accessible through a personal digital assistant, which was seen as an important step toward the long-term goal of guaranteeing the Grid infrastructure's support of next-generation mobile and pervasive learning applications. Three Mobile Grid deployment options were explored--Java-based, Net-based, and proxy-based Grid clients--and the first two were found to be unsuitable. Java Virtual Machines were unable to directly invoke Finesse Grid Services from the PDA because they all run some streamlined version of the Java API, leading the researchers to infer that no Open Grid Service Infrastructure Java API currently exists. OGSI.NET was unfit because of its unavailability on mobile devices and its problematic compatibility with Globus Toolkit (GT3) and other existing Grid systems. The researchers conclude that deploying a Web-based proxy that communicates to distributed Grid services via GT3, and then offers this functionality through a specially-designed mobile device Web interface, is the optimal solution.
Click Here to View Full Article

Agile software development approaches such as eXtreme Programming (XP) can boost productivity and enable products to arrive at projected delivery dates and fulfill expectations by skipping the bureaucracy typical of the classical "waterfall" software development model, where programming often takes a back seat to planning and documentation. The agile development model supports a Whole Team strategy wherein line-of-business representatives are involved as team members from the beginning; they frequently meet with programmers to provide as much input regarding the final product's features, functionality, and performance as possible. Though agile methods differ from project to project, they are unified in their emphasis on customer interaction, pair-partnering among developers, fast coding with test-driven development and regular refactoring, and planning. Agile approaches can be a hard sell to management, given increasingly risk-averse corporations' unfamiliarity with the methodology. To overcome this reticence, advocates suggest a gradual introduction of agile methods in areas where they make the most sense. Primavera Software's Bob Schatz notes that an organization's willingness to adopt XP or other agile methods is predicated on the pain it suffers because of its reliance on non-agile methods. Author and XP guru Ron Jeffries says that an agile effort's success depends on getting management on board, preferably from at least two levels up, and the best enticement for management is working software. Most coders voluntarily pursue agile programming without any pressure to do so, but some programmers are getting introduced to agile methods on management's orders, or as part of starting a new position with a new employer.
Click Here to View Full Article

Experts are predicting trouble ahead for U.S. innovation in terms of federal funding for speculative research into radical technologies, which has declined recently in favor of defense and homeland security solutions that use relatively mature technologies. "If we don't pay attention to the warning signs, 15, 20 years from now, we could find ourselves in a relatively disadvantageous position in terms of global leadership," warns Rensselaer Polytechnic Institute President Ann Jackson. She notes that America's ability to respond to threats could also suffer from basic research funding cutbacks at non-defense-related agencies, because of national security's reliance on innovation across a wide spectrum of fields. Lux Research estimates that nanotechnology venture funding fell from $386 million to $200 million between 2002 and 2004, which means that nanotech startups are having a tougher time researching technologies with enormous long-term potential. Technologies that take a much shorter time to develop, such as radio frequency identification, are attracting more investor interest, as are mobile applications, IT security, e-commerce, and biotechnology. Startups such as Cogent, which sells automated fingerprint recognition systems, are doing well in public markets, while Google, eBay, and other enterprises are reaping rewards from the revival of e-commerce and other kinds of Web business. Meanwhile, biotech companies with established products are drawing considerably more funding than firms with products still undergoing preclinical trials. Though tech licensing and patenting efforts have chiefly favored short-term deals involving technologies that are closer to commercialization of late, MIT's Lita Nelsen reports a growing interest in security-related technologies, even in early developmental stages.
Click Here to View Full Article