Volume 4, Issue 369: Wednesday, July 3, 2002
- "Survey: Raises for Security Pros Decline"
Computerworld Online (07/02/02); Rosencrance, Linda
Salary increases for security professionals have declined since December 2000 from 11.6 percent to 7 percent, according to a recent SANS Institute survey conducted during April and May of 1,214 security and systems administrative professionals. However, security professionals, whose average salary was $69,340, still saw better raises that their co-workers in networking and application development. SANS Institute research director Alan Paller said businesses are not hiring new security professionals, instead, they are training current employees in new security functions. A Foote Partners survey of 30,000 IT workers found that corporate security salaries grew 3.1 percent between 2001's first quarter and the second quarter of 2002, while other high-tech workers saw their salaries decline 5.5 percent during the same time period. The SANS survey also found that salaries in New York, New England, and New Jersey were 9 percent higher than the national average, while salary increases in Mid-Atlantic and West Coast states were 4 percent and 3 percent higher than the national average.
- "Silicon Valley Goes Into Sleep Mode This Week"
SiliconValley.com (07/02/02); Boudreau, John
Like in other recent recessions, major Silicon Valley companies are asking their workers to use up vacation time this Fourth of July week in order to save costs. Adobe Systems made the same move last year and saved several million dollars, according to a spokeswoman. This year, many employees of Hewlett-Packard, Sun Microsystems, and Silicon Graphics are taking a week-long furlough. Those that stay behind, however, reveal the hard work behind the Silicon Valley industry as they remain to finish projects on a tight deadline. Adobe engineer David Penny says the surreal working situation for those left behind is a bonding experience as they labor in darkened, empty buildings. Silicon Valley Manufacturing Group CEO Carl Guardino says this week's suggested vacation is a cost-saving maneuver that helps keep layoffs at bay. He says, "The basic philosophy is that 51 weeks of a job is much better than no job at all." Businesses used a similar strategy during the recession in the early 1990s as well as one in the mid 1980s. Adobe's Holly Campbell says employees were not forced to take time off, but many saw it as a way to help the company hold down costs, while also encouraging them to use up leave time when business is slow.
- "Worm Exploits Apache Vulnerability on FreeBSD"
IDG News Service (07/01/02); Evers, Joris
Security experts say a new worm is slowly spreading that takes advantage of a known vulnerability in the Apache Web server software running atop the FreeBSD system. Apache Web servers are used for 63 percent of existing Web sites and FreeBSD is the third-most popular software run on them, after Linux and Solaris. F-Secure of Iceland announced the discovery of the worm, which installs a backdoor application hackers can use to remotely control the Web server. F-Secure researcher Mikko Hypponen says the worm, named Scalper, is not yet widespread but could possibly infect a sizeable number of FreeBSD Apache servers that are not yet running version Apache 1.3.26. Netcraft says approximately 14 million Apache machines have not yet updated their software to block the vulnerability exploited by Scalper.
Click Here to View Full Article
- "Cartoon Inspires Student to Create a New Approach for Encryption"
Chronicle of Higher Education Online (07/03/02); Carlson, Scott
University of Dayton mechanical engineering major Jason R. Kauffman has created a new encryption technology based on a number generator that has won the backing of his university to be submitted for a patent and eventually sold to businesses. Kauffman was inspired by watching a Disney movie called the "Hunchback of Notre Dame" that created a raucous crowd scene by assigning numbers to various body movements, and then using a mathematical equation to generate pseudo-random numbers triggering the corresponding body movements. Kauffman, who created the encryption technology for a class project, says that mathematicians and computer scientists have said number generators could be used for encryption, but none have outlined how. Kauffman uses a number generator as a basis for his encryption technique, and according to Kauffman, "since you don't know what any of the values are mathematically, [a hacker] can't solve it." Kauffman has teamed with his research scientist father and the University of Dayton to apply for a patent, and this team plans to sell the patented encryption technology to computer companies, banks, and government agencies.
- "Grassroots Techies Want to Build a Wireless Internet Network Across the Bay Area"
San Francisco Chronicle (06/30/02) P. G3; Wallack, Todd
Wi-Fi Internet access is slowly being spread to cover more and more area in cities with high concentrations of techies, such as San Francisco, Seattle, and New York. These enthusiasts have formed groups--such as SF Wireless and the Bay Area Wireless Users Group (BAWUG) in the San Francisco area--that are working together to build free high-speed wireless networks. The lowest-cost wireless nodes now cost as little as $200 and allow people with cable modems or DSL lines to network with their neighbors. However, hobbyists usually buy more powerful equipment, and have come up with unique solutions, such as the dish-shaped transmitters used by the BAWUG to send signals 20 miles across the San Francisco Bay. The idea of free high-speed wireless Internet access is not supported by commercial providers such as AT&T, or wireless startups such as Boingo, which wants to link Wi-Fi networks throughout the country. Boingo, headed by Earthlink founder Sky Dayton, resells access on a daily or monthly basis and currently has 650 hot spots nationwide. Wireless phone carriers are also working on Internet access schemes based on 2.5G or 3G networks, which operate at much lower speeds but have more ubiquitous coverage. Some experts say the two technologies could converge in the future so that users would be able to access Wi-Fi when possible and then switch to 3G in more remote areas.
Click Here to View Full Article
- "Justice Probe of Sun Could Spur New Look at H-1B Visas"
EE Times Online (06/28/02); Quan, Margaret
The Justice Department is making a preliminary investigation into claims that Sun Microsystems favored H-1B workers as it scaled back its workforce last November. The case could have legislative ramifications, according to experts, even if Sun is able to prove that it had legitimate business reasons for each of the layoffs. The company maintains that it cut workers based on performance and necessity, but critics say that foreign workers were retained because their salaries are usually cheaper. A laid-off employee filed the complaint after consulting with other cut Sun workers. Programmers Guild founder John Miano expects more conflict over H-1B between domestic labor concerns, such as his, and industry, which he says has already begun releasing studies supporting their stance. The IT industry lobbied hard to raise the cap on the number of H-1B visas issued so that they can hire foreign workers with valuable skills. Management labor relations attorney George Barford says that although he expects Sun to justify its layoffs, he believes the case could "stir interest in the work visa program by government officials because of the program's impact on unemployed workers in technology and because of increased security concerns regarding visas."
- "Safe From Prying Eyes"
Financial Times (07/02/02) P. 12; Flaherty, Nick
Companies are paying more attention to mobile phone digital security now that businesses are using Internet-enabled mobile devices more often. Wireless security can be as secure as traditional digital security for desktop networks, the difference being that wireless security extends outside corporate headquarters, says I-SEC managing director Geoff Davies. AirZip plans to launch a wireless security offering in July that relies on digital certificates to control access to data, and that can control whether data or documents can be printed out or emailed to another user. AirZip relies on patented compression technology to allow documents and images to be sent to PDAs and mobile phones, a technique already in use to allow maps to be transmitted to wireless devices. Encryption such as 802.11b is a basic form of securing data, but this encryption creates secure links only to PCs. California-based startup Netscaler, which has begun creating a European operations base, is offering a server add-on device that uses SSL security protocol to protect data. Amino Communications offers a "network diversity" approach that breaks up transmitted information into individual bits instead of IP packets, and sends the data bits over different lines, such as a laptop PC and a mobile phone, so that only the intended destination receives the entire data stream. If one transmission line is hacked, only a piece of any message is viewed. The approach uses a table of data at the receiving end to reconfigure the data; the table is encrypted using PKI or smart cards. Amino's approach greatly reduces transmission overhead, thus increasing data transfer rates. The company is working with the University of Nottingham to verify the system's security and plans to license its technology.
Click Here to View Full Article
- "In-Q-Tel Sounds Call on 'IT Warriors'"
The federal government needs the help of corporate America's IT workforce, said Gilman Louie, CEO of the Central Intelligence Agency's In-Q-Tel venture capital group. In-Q-Tel represents a different tact for acquiring technology to be used for national security and other such purposes. In the past, government scientists developed technology in relative isolation from their corporate counterparts under so-called Skunkworks programs. Louie, speaking at the TechXNY show in New York, noted that the government and corporations share many of the same problems, such as how to organize and leverage massive amounts of gathered data. He said both government and industry computer security design needed to take on a more biological framework, where active defenses are engaged. Louie also suggested a different tact for backing up data, a peer-to-peer distributed system instead of a simple mirror link, for example. In-Q-Tel also wants to find a secure wireless networking solution and technology relating to remote sensors that could help with homeland security efforts.
- "The Future Supercomputer: Colossus or Cluster?"
NewsFactor Network (07/01/02); Gill, Lisa
The latest rankings in the Top 500 Supercomputer list show that clustered systems are gaining in power and popularity among the supercomputer crowd. Clustered systems make up 16 percent of the list, double the percentage from last November. The most popular technology for clustered systems was IBM's Netfinity, Intel-based system, while Aberdeen analyst Bill Claybrook says Linux is proving itself to be the most successful operating system for clustered machines. Cray director of high-performance computing solutions Wayne Kugel says the rising popularity of clustered systems shows the evolution of the supercomputing arena, where both clustered and massively parallel systems will complement one another. In bioinformatics, for example, Kugel says that clustered systems are best used to extract base data while parallel systems work to integrate the data. Because parallel systems have better internal communication and less latency, they are best-suited for enormous individual problems--the top-ranking Earth Simulator built in Japan by NEC is one example of such a system.
- "A New Kind of Science?"
ABCNews.com (06/30/02); Paulos, John Allen
The fallacy that "like causes like" has misled many scientists, and for instance is behind the Freudian theory that oral fixations in childhood automatically blossom into eating, smoking, and kissing disorders. However, computer scientists have long known that cause-and-effect can be asymmetrical, and that even very simple computer programs can produce amazingly complex results. Stephen Wolfram has written a new, 1200-page book on the subject of how simple rules and algorithms can generate complex results--called "A New King of Science." Wolfram outlines how simple games designed to produce randomly generated patterns, or produce configurations of "1"s and "0"s, actually produce complex structures that are neither random nor repetitive, and which resemble complex structures found in biology, economics, chemistry, and in other sciences. Wolfram argues that computer scientists should focus on simple programs rather than equations because programs, when run, offer a better picture of scientific phenomena. Wolfram also offers a "Principle of Computational Equivalence" that states that all above-simple processes, whether artificial in computers or natural biological ones, can give rise to universal computers. Wolfram's principle echoes the Church-Turing thesis stating that any rule-governed process or computer-run process that can be performed, also can be done by a Turing machine or by an equivalent universal computer.
- "Putting Vision Systems Into Perspective"
CNet (07/02/02); Shankland, Stephen
A California startup is working to enable computers to see in 3D by using stereo vision video cameras, which would merge two views to gain depth perception, just like humans do. The company, Tyzx, says that its products could be used by vehicles and robots to better navigate and perform tasks that depend on visual sensory. Currently, computers equipped with visual sensors have a difficult time separating important objects out from the background, but stereo vision could help them focus. MD Robotics is building stereo vision into the controls for a robot arm that works from the Space Shuttle. Other markets for the technology include the military and surveillance industries, and eventually "intelligent environments" such as security systems. Other companies researching 3D computer vision include Microsoft and Point Gray Research, which has a system that uses up to 60 cameras. Tyzx's strategy revolves around a proprietary processor called DeepSea that operates at just 33 MHz but achieves incredible performance when comparing two simultaneous video streams. Whereas today's digital cameras use charged-coupled devices (CCDs) chips, Tyzx expects to produce its DeepSea chip using cheaper CMOS technology. Carnegie Mellon University stereo vision pioneer Takeo Kanade, a member of Tyzx's independent advisory board, says, "I believe it's a great idea. Conceptually it's easy, but computationally it's not."
- "Internet Address Group Approves Overhaul"
New York Times (06/29/02) P. B4; Stellin, Susan
ICANN has approved the outline of a reorganization plan, one that is designed to hasten decision-making and streamline operations. "What we're talking about is an organization that is much more reflective of the public interest balanced with the private interest, that is much more communicative and that is much more effective in getting things done," says CEO Stuart Lynn. The plan's biggest point of contention is how individual Internet users will be represented in ICANN's decisions, and there are questions on how expired domain names are reallocated, how much personal information about domain owners is made public or sold, and which new extensions are added to the system. The board also scrapped the idea of choosing board members by online election, on the grounds of cost and possible fraud, but the plan does not offer an alternative. The new plan lacks limits on ICANN's power, says Center for Democracy and Technology associate director Alan Davidson. ICANN's contract with the Commerce Department is up for renewal in September, but assistant secretary of commerce Nancy J. Victory says the department wants to see the results of ICANN's reorganization efforts before making a decision. The ICANN board has approved proposals allowing domain name owners 30 days past expiration to renew domain registrations and to refund $6,000 of each $35,000 fee paid by 11 groups that applied to run the .org extension, which VeriSign is giving up this year.
(Access to this site is free; however, first-time visitors must register.)
- "Coming Soon: A 'Telephone Tooth'"
Associated Press (06/28/02); Wagner, Thomas
Two recent master's graduates of the Royal College of Art in London have created a "telephone tooth" device that is implanted into a person's molar, enabling them to receive audio signals that can transmit a conversation, music, or verbal Internet content such as local news, all without anyone else hearing it. The "telephone tooth" consists of a wireless, low-frequency receiver, and a device that transmits signals into vibrations, which then flow through the molar and into the inner ear to create audible sounds. The telephone tooth, also known as the "molar mobile," cannot send conversation back. Some who tested a prototype version said they would not want it implanted in their mouth, while an 8-year-old commented that it would be a great device to talk to friends without parents knowing. The two British inventors are now working with MIT Media Lab European research partner Media Lab Europe in Dublin, Ireland, although no commercial products have been announced. Analysts say the device could be used by investors and stockbrokers, spies, or athletes receiving information from coaches.
Click Here to View Full Article
- "Researchers Claim New Chip Technology Beats Moore's Law"
NewsFactor Network (06/28/02); McDonald, Tim
A team of engineering researchers at Princeton University have announced a breakthrough chipmaking technology that promises to create more powerful chips faster and for much less cost. Lead researcher Stephen Chou says the method, called laser assisted direct input (LADI), beats Moore's Law and breaks preconceptions about what efficiencies are possible when making chips. However, Aberdeen Group semiconductor analyst Russ Craig is skeptical of Chou's claims, noting that large chipmaking companies such as Intel and Texas Instruments have not commented on the technology and that it is probably not yet mature. LADI uses a quartz die to press designs into silicon, which is zapped with a laser for 20 billionths of a second so that it melts and molds around the quartz. Chou says the result is chips with features as small as 10 nanometers wide, compared with the 90 nanometers currently possible using the most advanced tools. The process also takes just a small fraction of a second while traditional etching processes can take up to 20 minutes per chip.
- "Radio-Ready Chips"
Technology Review (06/02) Vol. 105, No. 5, P. 22; Roush, Wade
Silicon radio transceivers could usher in a new generation of wireless devices, and Intel aims to hold a vanguard position with plans to embed silicon-based radios in all of its microchips within five years. Today's wireless communications devices keep the analog front-end and digital back-end components separate, with silicon chips comprising the back-end element. Putting both front-end and back-end parts on the same silicon chip with traditional photolithographic techniques would save space and money. Recent research developments gave Intel CTO Patrick Gelsinger the confidence to announce the company's radio chip initiative: Teams led by Steve Pawlowski of Intel Lab's Communications and Interconnect Technology Group and Valluri Rao of the Analytical and Microsystems Technologies division are working on core technologies that place front-end and back-end radio functionality on silicon. Pawlowski's team is trying out silicon circuitry capable of amplification, mixing, and signal conversion, and Pawlowski reports that "pretty good signal gain" has been reached. Signal-processing chips that can switch between rival wireless communications standards are also being developed by Pawlowski's group. Getting oscillators, variable capacitors, and other elements to operate at severely reduced size and dimensions is another challenge, and Rao and colleagues believe lithography-based microelectromechanical (MEMS) assembly methods are the solution. Mass-producing MEMS structures will present a further challenge.
- "Enter the Mesh"
Small Times (06/02) Vol. 2, No. 3, P. 20; Mason, Jack
Pervasive computing and small technology are expected to intertwine into the Mesh, a system of technology that connects with all aspects of life and commerce--what Graviton's Larry Goldstein calls "nervous systems for the engineered world." Douglas Heintzman of IBM's Pervasive Computing Group sees sensors that establish a device's location and compact, high-density data storage as two key small tech drivers of the move toward the Mesh. Wireless microelectromechanical devices (MEMS) technology will cut the costs and increase the power of industrial automation, while Intel Research's David Tennenhouse says, "Sensing systems will help companies operate as true real-time businesses, so that inventory or sales can be gauged not just day to day, but perhaps hour by hour or minute by minute." Intel has embarked on a wide-ranging Mesh initiative that includes minute radios that link sensors or motes, processors that could act as wireless gateways between sensor arrays and the Internet, and novel small storage. Applications of Mesh technology include 3D radar vision for computers being developed by Canesta, "smart dust" that could track enemy troops on a battlefield, radio frequency identity tags that track inventory, "smart offices," and everyday appliances (electric toothbrushes, for instance) that can communicate with their users and each other. The challenge and promise of pervasive computing involves making the devices cheap to produce and capable of running on minimal power. Small tech-powered devices will adapt themselves to their users through biometric recognition systems. At its core, the Mesh will become so pervasive that its users will take it for granted.
- "Can the Hackers be Stopped?"
Application Development Trends (06/02) Vol. 9, No. 6, P. 39; Waters, John K.
Experts such as Sun Microsystems security architect Lance Spitzner believe the key to effective hacker security lies in studying the methods and motivations of hackers. Spitzner came up with an intelligence-gathering tool through the creation of honeypots--computers designed into be broken into so that the hackers' techniques can be analyzed. Sharing the results of this analysis with members of The Honeynet Project yields further insights that can be applied to anti-hacking strategies. One of the most common threats The Honeynet Project deals with are "script kiddies," a hacking technique in which intruders attempt to commandeer computer systems in the simplest way possible by scanning for a target--any target--that is vulnerable to certain exploits. Since many hackers carry out attacks for bragging rights, a key source of information is chat sessions in which criminal hackers or "blackhats" discuss their exploits. The basic motive of all hackers is to penetrate the most systems, according to Spitzner, who has worked out a strategy to guard against script kiddie penetration that includes protecting systems from commonly known exploits, running services on an as-needed basis, being on the lookout for probes, and limiting the systems that can conduct zone transfers from Name Servers. Trends outlined by The Honeynet Project's research include an increase in hackers who do it for financial gain, as well as a gender-, ethnic- and socioeconomic-based shift beyond the white, male, upper-middle class American hacker demographic. Foundstone President and CTO Stuart McClure notes that computer security should be viewed as a continuous process rather than an end result, adding that "The standard line is, 'people, processes and technology.'"