Volume 5, Issue 465: Wednesday, March 5, 2003
- "Major Internet Vulnerability Discovered in E-Mail Protocol"
Computerworld (03/03/03); Verton, Dan
Fixing a major buffer overflow vulnerability in the sendmail mail transfer agent (MTA) has been the goal of intense, clandestine collaboration between the Department of Homeland Security (DHS), the White House Office of Cyberspace Security, and Internet Security Systems (ISS) since Feb. 14. ISS publicly released an alert on Monday in which it listed all sendmail versions between 5.79 and 8.12.7 as vulnerable. "Sendmail's vulnerability offers a legitimate test [of the new DHS and its ability to work with the private sector] because sendmail handles a large amount of Internet mail traffic and is installed on at least 1.5 million Internet-connected systems," according to an alert statement issued by the SANS Institute. Between half and three-quarters of all Internet email traffic is handled by sendmail. Over the past two weeks, homeland security officials have been notifying IT vendors, including Sun Microsystems, Hewlett-Packard, IBM, and Silicon Graphics, about the vulnerability. Also alerted was the Sendmail Consortium, which develops an open-source version of the software, and has advised all users to either upgrade to Sendmail 8.12.8 or download a patch for 8.12.x. Meanwhile, commercial customers can download a binary patch from Sendmail Inc. on the company's Web site. The SANS alert notes that early versions of sendmail patches were first released to the U.S. military on Feb. 25 and 26.
Click Here to View Full Article
- "Europe Hacker Laws Could Make Protest a Crime"
New York Times (03/05/03) P. A8
The justice ministers of the European Union approved legislation last week designed to prevent computer hacking and the proliferation of computer viruses, but legal experts warn that they could also legalize crackdowns on online protests. Such protests take the form of a barrage of messages flooding computer systems, one example being last week's "virtual protest march" against a possible war with Iraq. All 15 EU member states agreed to make unlawful access to and interference with information systems a criminal act that could be punishable by at least two years in prison in certain cases. The mandate "criminalizes behavior which, until now, has been seen as lawful civil disobedience," declares Judicium CEO Leon de Costa. Critics fault the agreement for not distinguishing between online demonstrations and malicious online activities carried out by hackers and terrorists. Italian European Parliament deputy Marco Cappato says he favored a provision that makes a distinction between online trespassing and online intrusions, but failed to convince the EU justice ministers to pass it. An EU diplomat familiar with the drafting of the new laws acknowledges that there is room for revision. Munich University law professor Ulrich Sieber has advised legislators to modify the code by including a reference to the right to free expression as determined by the EU's Charter of Fundamental Human Rights.
(Access to this site is free; however, first-time visitors must register.)
- "Hello, Tech Designers? This Stuff Is Too Small"
USA Today (03/04/03) P. 1D; Graham, Jefferson
As technology gadgets such as cell phones, PDAs, and digital cameras continue shrinking in size, usability complaints are growing in number and volume. Technology designers such as Dennis Boyle of Ideo are crafting ever-smaller devices, such as Boyle's finger ring phone with a belt-attached wireless transmitter. However, Sony designer Andy Proehl counters that technological miniaturization is in response to customer demand, and points out that manufacturers create a wide variety of models for different users. Proehl's recent work, for example, was Sony's $800 high-end Clie PDA, which comes with a plethora of functions, and also features the largest screen for any Palm handheld. Meanwhile, a recent Palm PDA Fossil watch broke the barrier on the other end with a one-inch-square screen. Still, Jakob Nielsen of usability consultant firm Nielsen Norman Group says designers today show contempt for a large portion of their audience when they aim for smaller and flashier devices. Palmsource user experience manager Jeff Parrish says that technology itself will help alleviate some problems, as with emerging OLED displays that have greater contrast and color range than current display technologies. Sony, which more than quadrupled its handheld sales last year, is known for brighter, more defined displays than competitors such as Palm, which saw PDA sales decline. GartnerG2 analyst Todd Kort says this shows the importance of better visibility for small devices. Tim Parsey of Motorola says designs like the finger ring phone miss the point of future miniaturization, which he says will lead to slimmer but not necessarily smaller devices. He says, "Small for the sake of small has run out." Nevertheless, the miniaturization drive has led to such "concept" devices such as hood sweatshirts with speakers, camera necklaces, and toe rings with GPS circuitry.
- "Keynoter Presents an Exercise in Imagination"
Semiconductor Business News (03/04/03); Clarke, Peter
Philips Research Laboratories' science program director Emile Aarts delivered a keynote speech at the Design, Automation, and Test in Europe (DATE) conference in Munich in which he reported on the current state of ambient intelligence. He described ambient intelligence as a combination of ubiquitous computing and intelligent social user interfaces, one that supports an environment with deeply embedded computer technology. "Remove the boxes and what is left is the functionality," Aarts explained. He said that ambient intelligence systems are characterized by contextual awareness, personalization, adaptation, and anticipatory capabilities. Aarts noted that such systems would be linked via networking in order to supply a common electronic space that operates around the clock and can respond to the presence of human beings. He predicted that ambient intelligent systems will emerge once the gap between software-programmable processors and reconfigurable computing platforms is bridged within a decade. At the end of his talk, Aarts forecast that Europe will spend approximately $4 billion on ambient intelligence research over the next few years. Ambient intelligence is also one of the two main themes covered by papers selected for the 2003 DATE conference.
- "Klez Won't Stop Making Net Rounds"
Wired News (03/04/03); Delio, Michelle
The Klez email virus continues to linger some 11 months after it was first spotted, and it remains at the top of most antivirus companies' threat lists. SecurityFocus columnist George Smith says Klez's persistence proves that scolding users to update their antivirus software is not an effective solution. "Klezes are the fault of techno-bumpkins too stupid to update their antivirus," he asserts. Smith also notes that the antivirus industry is too co-dependent and places unreasonable demands on users, such as its insistence on more and more frequent AV updates. He predicts that Klez will continue to hang around, because more people who fail to adequately protect themselves are always coming online, while Klez itself is very efficient and easy to refine. Meanwhile, Sophos product manager Chris Wraight warns that one compromised machine and a user with a sizable address book are all that is needed to keep Klez in perpetual circulation. Vmyths' Rob Rosenberger faults the antivirus industry for its poor effort to develop anticipatory applications that can fight computer viruses by detecting antisocial behavioral patterns common to malicious code. The perseverance of the Klez virus should have acted as a wake-up call to the languishing AV and software industry, but no changes have thus far been enacted.
- "Time for a New Internet Protocol?"
NewsFactor Network (03/04/03); Ryan, Vincent
Internet Protocol version 6 (IPv6) offers significant advantages over the current IPv4 standard, including greater IP address space and end-to-end security and configuration preferences that address ever-growing demands for mobile communications; the last two components in particular could give the commercial adoption of IPv6 a much-needed boost. The heavy concentration of IPv4 addresses in North America has spurred other nations to deploy IPv6, with Europe and Japan at the forefront. The United States remains a slow IPv6 adopter for a number of reasons, one of them being network address translators (NATs), a series of IPv4 workarounds that allow service providers and corporations to enable a large number of computers to share one IP address, thus slowing down IP address usage, according to Margaret Wasserman of the Internet Engineering Task Force (IETF). She notes, however, that NATs lack IPv6's end-to-end security and autoconfiguration; the former is considered vital to the research and education community, while the latter enables peer-to-peer communications. Pittsburgh Supercomputing Center network engineer Michael H. Lambert remarks that U.S. research and education networks have started to run both the IPv4 and IPv6 standards on their backbones simultaneously, and Wasserman says such coexistence should last a while. A key enabler of IPv6 is Windows XP software, which has prompted Microsoft to urge the computing industry to more rapidly deploy the standard. Hindering U.S. IPv6 adoption is a lack of a commercial market, which can only be created if service providers offer commercial services. Wasserman says IPv6 adoption could be government-directed, as it is in Japan.
- "New System Recovers and Reuses Electronic Wastes"
Researchers at the Georgia Institute of Technology have developed a "reverse production" system in which all the materials contained in electronic waste such as discarded computers and monitors are reclaimed and reused, thus staunching the flow of e-waste that is being dumped into landfills and threatening the environment. Georgia Tech's Jane Ammons and Matthew Realff are working on a mathematical model for economically viable "closed loop" manufacturing and recovery systems. The model, which is used to predict the economic success of recovery initiatives, is designed and continuously revised to mitigate the effects of uncertain variables such as quantities, locations, and types and conditions of old parts. Realff's specialty is the design and operation of e-waste reclamation processes that will yield the most reusable materials. He says that more precise representations of recycling chores to be bundled into the strategic models and the creation of cheaper alternatives can be developed by measuring various density and surface properties. A team of students led by Ammons and Realff are now refining and testing the mathematical model by analyzing hundreds of possible situations. Their work has attracted interest from Belgian and Taiwanese officials, as well as multinational logistics and electronics companies. The two-year project is being funded by the Georgia Department of Natural Resources' Pollution Prevention Assistance Division and the National Science Foundation.
- "Tangled Threesome Opens Door to Quantum Computer"
ABC Online (03/04/03); Kingsley, Danny
Physicists at the University of Michigan on Tuesday announced that they have successfully entangled three electrons, which represents a significant step toward the development of a quantum computer. Professor Steve Prawer of Australia's Center for Quantum Computer Technology says, "Scientists around the world are knocking off the problems that make quantum computing difficult...what we thought to be impossible five years ago is now becoming possible." In quantum computing, each electron acts as a qubit--the quantum equivalent of one bit of information--which can exist in an "on" and "off" state simultaneously. Entangled qubits are able to affect each other no matter how much distance separates them, and controlling this unique phenomenon will enable researchers to build "gates" for a quantum computer. The University of Michigan scientists generated and harnessed spin-entangled states in a series of non-interacting electrons contained in a quantum well using a number of methods, including 50 to 100 femtosecond laser pulses. "In a three bit quantum computer, every single number between 0 and 7 could be represented at the same time in the computer," Prawer says. Power and calculative speed are increased exponentially as more bits are added. A quantum computer would chiefly be used to factor large numbers, a vital component of encryption. The University of Michigan physicists' work is detailed in today's issue of Nature Materials.
- "Scientists Question Electronic Voting"
San Francisco Chronicle (03/03/03) P. E1; Norr, Henry
A debate is brewing over whether Santa Clara County, Calif., should make the transition to touch-screen voting, or opt instead for a digital balloting solution that leaves a paper trail to ensure the accuracy of the vote count. Some of Silicon Valley's brightest scientists, along with California Voter Foundation President Kim Alexander and Stanford University professor David Dill, oppose an all-electronic solution, arguing that the lack of an audit trail raises the odds of election fraud and other abuses. The opposition is not against touch-screen voting per se, as long as a "voter-verifiable audit trail" is supplied. Adding weight to the argument against paperless voting are documented cases of misrecorded votes in recent Florida elections that involved touch-screen systems; publicist Bev Harris' expose that Sen. Chuck Hagel (R-Neb.) failed to note on federal disclosure forms that he was part owner and former CEO of the manufacturer that provided voting machines used in his last two runs for office; and former VoteHere engineer Dan Spillane's recent lawsuit against his employer, alleging that he was fired for revealing hundreds of defects in the company's touch-screen machines. Dill and Alexander are also part of a task force organized by new California secretary of state Kevin Shelley to advise him on the security and auditability issues related to touch-screen voting. Santa Clara County supervisors decided last week to tentatively purchase touch screens from Sequoia Voting Systems, but also approved an amendment requiring the Sequoia contract to include the provision of printing equipment at no extra charge if California deems it necessary. A state judge ordered a year ago that California must switch from punch-card voting machines to more modern equipment in time for the 2004 presidential election. Thus far, all but nine counties have done so.
Click Here to View Full Article
- "Bush's Cyberstrategery"
Slate (03/03/03); Koerner, Brendan I.
Brendan Koerner writes that the White House's National Strategy to Secure Cyberspace is overblown, and its promotion by government IT experts only serves to continue the practice of raising alarms on a threat that is practically nonexistent. For example, the strategy cites a series of 1998 hacking incidents as proof of cyberterrorism's existence, declaring that they "were targeted against those organizations that conduct advanced technical research on national security, including atmospheric and oceanographic topics as well as aircraft and cockpit design." Koerner debunks this assertion, noting that they were actually in reference to break-ins at the Pentagon, NASA, and several research labs that either were later discredited or not nearly as damaging as claimed. He also explains that the estimates of rising "identified computer security vulnerabilities" mentioned in the report--1,090 to 4,129 between 2001 and 2002--are but a fraction of the actual total, but this threat is offset by the fact that only a few of these vulnerabilities are being exploited by hackers. Koerner contends that so-called cyber-threats to the country's critical infrastructure are used by the National Infrastructure Protection Center (NIPC) as a "scare tactic" to keep the agency funded, and dismisses the NIPC as "one of the most ineffectual bureaucratic agencies ever to come down the pike." But he writes that the computer industry is just as culpable in continuing the hype, with industry representatives making outrageously high estimates for cyberattack damages. Koerner acknowledges that computer security is a problem, but thinks the cybersecurity strategy would be more effective if it made software vendors liable for buggy products or promoted the adoption of open-source solutions, rather than spout "meaningless jargon."
- "Cyber-Warfare: Latest Weapon in Military Arsenal"
EarthWeb (02/28/03); Gaudin, Sharon
President Bush reportedly signed an order last July for the government to concoct a cyber-warfare strategy the military would use to aid battlefield tactics and disrupt the enemy's communications infrastructure. Experts note that cyber-warfare could be used to jam enemy radars so that U.S. missiles can reach their targets without being tracked and intercepted; shut down electric grids and power plants, leaving the enemy without vital utilities and reducing the risk of collateral damage; and interrupt the flow of supplies and other services that are computer-coordinated. Bush's National Security Directive 16 detailed when the U.S. would resort to cyberattacks, what kinds of cyber-weaponry would be employed, who would have the authorization to launch cyberattacks, and the kinds of targets that would be selected. Experts note that a cyber-warfare plan must be carefully thought out--Bob Hillery of the SANS Institute notes that a cyberattack could lead to real casualties, especially if food storage and hospitals are affected by a communications disruption. The scope of computer networks must also be considered, since a target brought down by a cyberattack could impact network access and services in other geographical areas, perhaps even other countries. Another danger is the possibility that a cyberattack could backfire on the United States, and it is for that reason that worms and viruses are unlikely to be used by the U.S. military, according to Keith A. Rhodes of the General Accounting Office. Industry observers are concerned that a U.S.-launched cyberattack could trigger reprisals that could be even more damaging, given the country's high level of reliance on computer networks. "The biggest problem you have to worry about is that we're more vulnerable as a country than they are," warns SilentRunner VP Dan Woolley.
- "Quantum Computing Catches the Bus"
Technology Research News (03/05/03); Smalley, Eric
National Institute of Standards and Technology (NIST) researchers have devised a way to more quickly and accurately link components in future quantum computers. These links are analogous to the classical computer communications bus, a vital aspect to computer structures. While every quantum computer design involving a significant number of qubits, or discrete particles, exists only in theory, the new work is significant because it cuts out the "bucket brigade" approach used by other designs. Like classical computers' communications buses, the new quantum computer bus would allow distant qubits to interact with one another directly by using the special characteristics of quantum physics. The two end-point qubits would become entangled along with all the qubits in between. Quantum physics dictates that entangled particles respond singularly to any interaction, so the two end qubits would be able to interact with each other as if directly connected. Other designs, including those using optical lattices, semiconductor quantum dots, and semiconductor impurities all pass interactions between distant qubits one to another individually, an approach that takes longer and invites computational error. The NIST idea, however, involves extra work to construct, but would be necessary for large quantum computers, according to MIT postdoctoral fellow David Kielpinski.
Click Here to View Full Article
- "Now Complete, Grid Computing Spec Is Proposed"
InternetNews.com (03/04/03); Boulton, Clint
While actual implementations of grid standards are few, many such protocols are being developed through groups such as the Global Grid Forum. Sun Microsystems, Intel, and a host of other vendors recently put together a new standard called Distributed Resource Management Application API (DRMAA) that promises to speed ahead of other protocols because of its focused application. DRMAA allows developers to more easily write sophisticated applications specifically for operation on the grid. As a result, managers and administrators can monitor, control, and delete data on the grid more efficiently, and grid complexity is largely hidden from end users. Sun's Peter Jeffcock says the DRMAA specification would allow independent software vendors to write applications directly for a grid computing DRM system and thus spread the reach of grid computing. Otherwise, developers must fit applications to each proprietary DRM system interface. Jeffcock says that DRMAA would also have a significant practical effect on end users as well because it lets computers use the grid system automatically to solve complex problems. DRMAA will go through a 60-day review period in the Global Grid Forum and, if approved, faces a six to 20-month additional review period before it officially becomes a standard.
- "Inching Toward Mobile IM"
Instant Messaging Planet (02/28/03); Saunders, Christopher
If mobile instant messaging is to become a killer app, carriers' delivery systems must be compatible, and a number of deals have been made to deploy IM interoperability between mobile communications platforms. The Open Mobile Alliance's (OMA) Wireless Village group is developing standards that support IM and presence across multiple networks; its members include Ericsson, Nokia, and Motorola. The OMA recently tested the compatibility of version 1.1 of its Instant Messaging and Presence Services specifications, and passed 20 carriers, vendors, and handset operators. Meanwhile, Ericsson announced earlier this week that it would commence testing of its mobile IM and presence server to ensure compatibility with mobile IM deployments from Ecrio, MessageVine, Sony, and other carriers. MessageVine teamed up with Gemplus in February to build support for mobile IM based on the SIM Toolkit, a goal that can only be reached if Gemplus customers become MessageVine customers. "The majority of the target audience for mobile IM does not own a high-end mobile device," notes MessageVine's Amit Rahav. "Offering IM over [email protected] SIM browsing brings the service to all devices in a user-friendly, dynamic format." The various deals and developments among OMA members could lead to a shift away from mobile IM services offered by proprietary giants AIM, Microsoft, and Yahoo!, according to supporters.
Click Here to View Full Article
- "Serial SCSI Promises Faster I/O in Servers"
Computerworld (03/03/03) Vol. 37, No. 9, P. 10; Mearian, Lucas
The new serial SCSI specification is set for approval by the second quarter of this year, according to the International Committee for Information Technology Standards' T10 technical committee. Maxtor and Seagate Technologies both say they plan serial SCSI disk drives by year's end, and the T10 technical committee chairman says it will be implemented in servers, low-end disk arrays, and workstations. Serial SCSI could replace Fibre Channel as the high-end I/O technology of choice and will definitely take over the role of its parallel predecessor. Serial SCSI is faster than Fibre Channel technology and boasts some of the same advantages, such as simultaneous send-and-receive transmission and dual I/O ports for fail-over. Additionally, extenders included in the specification allow point-to-point links between controllers and disks, so that data flows smoothly even with competing demands. Maxtor says it expects serial SCSI to replace Fibre Channel completely within five to 10 years, while rival Seagate maintains the two technologies are complementary. Seagate has a vested interest because it produces nearly all the high-end disk arrays using Fibre Channel. Case Western Reserve University CIO Lev Gonick expects serial SCSI to boost the bandwidth available between internal servers. But Carlson Companies enterprise architecture director Mark Price is wary of fast deployment, saying he will hold off replacing his firm's Fibre Channel SAN with a serial SCSI-based system until it equals or is lower than the cost of the current system.
Click Here to View Full Article
- "Knotty Calculations"
Science News (02/22/03) Vol. 163, No. 8, P. 124; Klarreich, Erica
California Institute of Technology physicist Alexei Kitaev and Microsoft Research mathematician Michael Freedman proposed in a February paper that knot theory can be used to close the gap between quantum mechanics and computer science, thus clearing the way for a quantum computer. They based their theory on physicist Edward Witten's description of a physical system that should calculate the Jones polynomial of complicated knots in the course of its regularly scheduled operations. Mathematicians demonstrated in the late 1980s that techniques to quickly calculate the Jones polynomial would result in a numerical output that could be used to solve other complex problems. Freedman gradually came to believe that quantum Hall fluids might present the physics needed for such a computer to work, and he partnered with Kitaev when the latter published a paper detailing the mechanism of such a system. The system, which the researchers dubbed a topological quantum computer, would encode information as space-time braids, while the Jones polynomial would be calculated instantaneously, per Witten's theory. Freedman and Kitaev are considering the possibilities of a fractional quantum Hall fluid, a medium formed when electrons at the flat conjunction of two semiconductors are subjected to a magnetic field at near-zero-degree temperature; a liquid electron sea is formed, while quasi-particles called anyons are generated by the introduction of additional electrons, and these particles can recall the path of their braid even after they stop moving. The computer Freedman and Kitaev modeled would yield a range of values rather than the precise value of the Jones polynomial, but that should be sufficient to solve many problems. The researchers teamed up with Zhenghan Wang and Michael Larsen of Indiana University in 2002 to prove that a topological quantum computer and a qubit quantum computer would be equally effective.
- "Taking a Look at TTS"
Speech Technology (02/03) Vol. 8, No. 1, P. 27; Henton, Caroline
At the SpeechTEK 2002 conference, 10 vendors related how well their text to speech (TTS) systems were able to vocalize the following text sentence: "From Laurel Canyon Blvd., turn left onto Mulholland Dr.; Dr. O'Shaugnessy lives at the yellow house on the corner of the first 'Stop' sign: 2529 Wonderland Ave." The results were mixed, but supported a number of conclusions about the current state of TTS technology and the challenges that lie ahead. One of the most daunting tasks involves a greater concentration on linguistic, phonetic, and acoustic studies instead of clarification of deployment issues; obsolete compression methods result in a robotic, monotone voice that puts off customers. TTS systems also need to better control shifts in intonation contours and associative voice quality, and incorporate no more than eight levels of word stress. Users should be able to control timing, overall rate, and loudness in a concatenative system. The survey of TTS systems also established that concatenative speech synthesis and large footprint, large database, non-uniform unit, or variable-unit concatenative systems are becoming widespread; female voices are more common than male voices; poor segmental selections that give rise to unnatural speech effects still occasionally crop up in concatenative systems; email reading, news reports, and driving instructions are frequent TTS applications; and the issue of giving TTS systems different accents, speech styles, and diversity is being addressed. Overall, intonation, natural pauses and breaths, and discourse-appropriate variations in rate of speech need to be modeled better in order to refine TTS systems.