Former White House cybersecurity advisor Richard A. Clarke told a House Government Reform subcommittee yesterday that the Homeland Security Department is ill-equipped to effectively implement the White House's National Strategy to Secure Cyberspace, which he co-authored. He warned that legislators should not dismiss the ramifications of an assault on U.S. computer networks, arguing that such thinking is similar to the now-defunct assumption that a major foreign terrorist attack could never take place on American soil. Clarke recommended that the government build a national cybersecurity center with a work force of cybersecurity experts, and create the position of a federal chief information security officer. He also suggested that federal personnel be prohibited from accessing agency networks without authentication cards, while such networks' IT security should be outsourced. Former National Infrastructure Protection Center (NIPC) director Michael Vatis, who also testified before the House panel, agreed with Clarke, citing the disbanding of the White House board Clarke headed as being partly responsible for the government's current cyber-defense shortcomings. He added that many positions in the Homeland Security Department's cybersecurity division are still unfilled, because most FBI cybersecurity specialists assigned to the NIPC were not transferred to the new department. The Homeland Security Department's David Wray admitted that over 200 positions are still vacant, but supported the Bush administration's decision to have all cybersecurity efforts coordinated by a single officer.
Click Here to View Full Article

The lean economic times provide Silicon Valley workers, many now laid-off, a chance for reflection on their industry, especially the frenetic pace at which it has been driven. Observers note that even in sectors not immediately dealing with semiconductors, the prediction of Intel founder Gordon Moore that transistor density would double every 18 months dictates their markets. Today, Moore's Law has become more challenging recently because of its exponential nature and means that $1 now buys 50 million transistors and typical Intel chips run 3 billion instructions per second--both figures that are expected to theoretically double in a year and a half. Several companies have already realized the implications of fighting inevitability, such as National Semiconductor, which recently announced it was closing its information appliance business (CEO Brian L. Halla cited the increasing expense of keeping pace with Moore's Law for the exit). At the most recent International Solid State Circuits Conference, Moore himself charged semiconductor designers to delay the inevitable "red brick wall" the industry tries to foresee and forestall each year. IBM chemist William D. Hinsberg said materials used for lithography would not hold up for chip component sizes under 50 nanometers, a boundary expected to come by 2007. KLA-Tencor lithography technology vice president Chris A. Mack, who spoke at a February meeting of the International Society for Optical Engineering along with Hinsberg, said Moore's Law is becoming less relevant as consumers focus on functionality rather than technical capability. Other Silicon Valley voices, however, do not seem ready to unburden themselves from rapid advances, including Intel Chairman Andrew S. Grove, who in 1996 set "Internet time" to Moore's Law.
http://nytimes.com/2003/04/09/technology/09MOOR.html
(Access to this site is free; however, first-time visitors must register.)

U.S. military email inboxes are being hit with spam even though military systems are installed with anti-spam filters. The Defense Department Information Systems Agency has established general standards for having anti-spam filtering, and the Pentagon's Lt. Col. Gary Keck says that each military branch can purchase and install whatever program meets these standards. The Air Force does not list its domain name server addresses publicly and also hides its proxy addresses. Firewall software and email filtering programs have been installed at U.S. bases in an effort to limit the amount of spam getting through overseas. However, "everyone has to deal with spam, even the military," says Cloudmark CEO Karl Jacob. Jacob says that during the last month use of Cloudmark's anti-spam tool SpamNet has risen 20% among .mil domain name owners. The Direct Marketing Association has stated that commercial senders of email should not email military members during conflicts, but this dictum has been ignored by some. Brightmail CEO Enrique Salem notes that, "When you are at war, email becomes a different form of a weapon," comparing it to the many leaflets U.S. forces have dropped in Iraq.
Click Here to View Full Article
(Access to this site is free; however, first-time visitors must register.)

Although the Transportation Security Administration (TSA) has begun using data mining technology to verify the identity of travelers, privacy fears hinder the government from extensively mining personal information in order to nab terrorists. The screening program of the TSA and other agencies are considered to be smaller operations, but the Department of Defense has plans to use far more powerful technology for its Total Information Awareness (TIA) program. Such technologies would mine databases for purchase records, email, phone logs, travel arrangements, and more. TIA critics view the effort as an attempt to create a single centralized database that would hold every scrap of information about citizens. Congress has already voted that the Pentagon must justify the need for TIA and seek its approval to monitor citizens. Some data-mining experts maintain that there are bound to be errors when applying mathematical pattern-finding tools to databases, considering 10% of credit reports contain errors in names or in other identifying information. Meanwhile, ACM's Barbara Simons wonders, "Is it even possible to put together a database with sensitive financial, medical, educational, communication, and travel records--without providing a new target for exploitation and attack by hackers and terrorists?" Moreover, Robert Grossman of the National Center for Data Mining at the University of Illinois-Chicago warns that due to the enormous amount of data that would be collected and analyzed, and the ability of terrorists to adjust their tactics to avoid detection, innocent people likely would get falsely identified by a data-mining system while potential terrorists would get missed.
http://www.usnews.com/usnews/issue/030407/tech/7data.htm

Bluetooth and Wi-Fi will soon face challenges in wireless connectivity and networking with the emergence of WirelessUSB and ZigBee, respectively. Millions of consumers experienced Bluetooth for the first time last year, using the technology to connect their PCs, phones, personal organizers, and other tools so that the devices could exchange data. But by the end of 2003, consumers will have a low-cost alternative in WirelessUSB, which makes use of the USB ports already in PCs and other consumer products and allows the devices to exchange data. WirelessUSB, developed by Cypress Semiconductor, is viewed as a solution for simple uses such as reading utility meters, remote lighting control, wireless gaming, and PC peripherals, and it is much faster than Bluetooth in sending signals. Similarly, ZigBee is viewed as a low-cost alternative to 802.11 wireless networking, and it has the potential to become the wireless network of choice for building automation and lighting control. ZigBee, backed by Philips, Motorola, Honeywell and nearly 45 other electronics and industrial companies, is a more affordable, power-friendly, and simpler way to let devices access the Internet and corporate data. Although ZigBee supports as many as 255 connected devices before network performance suffers, compared to 50 connected devices for Wi-Fi, its range of 30 meters is less than the range of 802.11 wireless networking, which extends to 100 meters. Significant shipments of ZigBee chips are not likely to begin until next year.
Click Here to View Full Article

The grim economy is forcing companies to maximize their budgets for computer software, a market that has retrenched for the first time in 40 years. Companies are carefully scrutinizing the way they use software; they are using fewer programs, switching to less expensive or open-source applications, and reducing waste by buying licenses only for specific users. Corporate software license sales were a $74.9 billion market last year, but the market has not grown since 2001. Tech purchasers "have more power and leverage now than they have had any time in the past 10 years," says analyst Laura DiDio. Revenues have dropped off significantly recently for Siebel Systems, PeopleSoft, and Computer Associates, among others, after all experienced big sales increases throughout much of the 1990s. Gartner Dataquest predicts widespread consolidation and bankruptcies within the software sector for 2003 and 2004. Many buyers are forgoing systems with snazzy extras that add costs, and are favoring online subscription services over large software packages. Software for analyzing computer behavior and programs that guard data against disasters will be among the big sellers this year, according to a Forrester Research survey of 877 tech buyers. Software developers are responding by offering more streamlined programs at reduced prices and by going after new markets such as small and medium-sized businesses. Others are focusing on software maintenance agreements and consulting on existing software installations. Still, big business software sales are expected to rise 4% this year, and corporate competitiveness is expected to eventually drive increased sales as companies look to gain an edge. Former Great Plains Software CEO Doug Burgum says the natural replacement cycle will take over by 2005 due to "a lot of pent-up demand."
http://www.usatoday.com/usatonline/20030408/5045242s.htm

Movie studios are trying to convince state legislators to widen the scope of laws governing theft of cable and phone services to include new digital devices and Internet-based products, thus giving the Motion Picture Association of America (MPAA) "an additional way to protect [movie] studios' private property," according to the MPAA's Vans Stevenson. Princeton University's Edward Felten warned that the studios' original proposal could be applied too broadly, and ban the bypassing of electronic safeguards--and the equipment used to do so--for legitimate purposes. The studios disputed such assertions, but revised the bills so that they applied to persons and companies that display "the intent to defraud" service providers, and to electronic devices chiefly designed to do so. Electronic Frontier Foundation attorney Fred von Lohmann is still critical of the proposal, arguing that the context of "intent to fraud" remains opaque. "All of the [state] acts appear to be aimed at regulating what the American consumer can connect in the living room," he maintains. The MPAA met with consumer-electronics and technology company representatives, librarians, and software manufacturers last week to address what kinds of activities and devices should not be outlawed under the proposed statutes. Thus far, six states have adopted such bills, including Virginia, Delaware, Illinois, Maryland, and Michigan. The MPAA notes that no legislation has been introduced in California.
http://www.latimes.com/business/la-fi-mpaa8apr08,1,6928287.story
(Access to this site is free; however, first-time visitors must register.)

Oracle CEO Larry Ellison believes the computer industry has reached the limits of its growth, and predicts the failure of 1,000 tech companies thanks to consolidation and increasing standardization of products. He expects the biotechnology sector to come to the fore; tech startup numbers will dwindle, while the small group of vendors that comes out on top will dominate product development. These winners will include Oracle, Microsoft, IBM, Amazon.com, Dell Computer, Yahoo!, SAP, Intel, and eBay. Ariba, Commerce One, Siebel Systems, and BEA Systems are among the companies Ellison expects to fail. He argues that such firms will die because they follow a suicidal path of developing increasingly complicated "solutions" before identifying problems, and then try to foist these overly complex products on customers. Ellison anticipates falling prices thanks to the emergence of cheaper Linux-based computers, increased offshore outsourcing of software development, and companies growing in size due to industry maturation. He believes customers will be the primary beneficiaries of these trends, because tech companies will have to offer simpler, more innovative products and services in order to stay afloat. Many people slam Ellison's gloomy forecast: Netscape co-founder Marc Andreessen observes that, historically, large companies have never fostered innovation. And though many agree that an industry shakeout is likely, they doubt that industry growth is ending--some call Ellison's dire warnings an overreaction to the tech downturn.

A recent Meta Group survey of North American IT managers indicates sinking morale among IT workers despite salary raises. Maria Schafer, author of Meta Group's annual IT Staffing and Compensation Guide says 71% of respondents consider IT employee burnout to be a serious issue. She thinks that long work weeks--which often clock in at 55 hours--and firings prompted by the recession are depressing IT professionals, even though base salaries continue to rise an average of 5%, while computer system architects, senior Web developers, and others with highly desirable skills can receive an 8% to 10% pay raise. Forty-four percent of polled IT managers are trying to lure higher-level IT workers with sign-on bonuses, while 54% are still offering personnel annual year-end bonuses. Furthermore, the number of respondents who expect their IT compensation budget to increase over the next year surpasses those who supported such a forecast last year. International Data (IDC) observes a decline in IT spending in 2001 and 2002, and has downgraded this year's IT growth forecast from 3.7% to 2.3%; over the past two years, the technology industry has laid off 10% of its work force, mostly those holding manufacturing jobs, according to the American Electronics Association. Tech worker proponents say overseas IT outsourcing and the H-1B visa guest worker program are exacerbating the situation. According to the Meta Group survey, the most commonly used panacea for low staff morale is to provide workers with training opportunities.
http://news.com.com/2100-1022-995868.html

Sans Institute research director Allan Paller believes computer security problems can be solved more effectively through teamwork, and has made it his job to build security projects that rely on consensus. He reports that demand for Sans courses is so high that his organization has plenty of money left over after administration costs, which it funnels into security research programs. Paller observes that security practices are changing because of the convergence of two trends: General agreement that security solutions must be implemented in the face of rising hacker and worm attacks, and more and more people accepting the same secure-system model. He notes that most organizations usually rely on vendors to configure their systems safely, and in the past such vendors would often charge exorbitantly for such services. Today, "organizations are hoping they can buy the safer versions for roughly the same price as they were buying the old versions," Paller remarks. He says the penetration of safe systems into the mainstream could be accelerated if the federal government decides to invest in such systems. He thinks that worms are a serious threat--indeed, they have the potential to take down the entire Internet--although recent worm assaults have not amounted to much in terms of potency. Paller notes that NASA made several important discoveries about the effectiveness of patching: Problems can be resolved on a step-by-step basis, and those responsible for fixing vulnerabilities will be more productive and provide better-quality services if they are praised for patching flaws rather than denigrated for not patching them.

The Indian software and IT services industry is facing a toughened global environment as other nations raise non-tariff barriers to limit competitiveness. Even in liberal countries such as the Netherlands, one Indian software company, I-Flex, has experienced unprecedented pressure; its European operations head was jailed in Britain on an extradition request and 14 employees were deported. I-Flex says Dutch authorities used a visa technicality as an excuse for the crackdown, saying work visas were required where previously they had allowed business visas for temporary work. In the U.S., the annual quota for H-1B visas has fallen from 195,000 visas to just 65,000 per year, and four states have drafted legislation restricting government agencies from outsourcing overseas. Following complaints from Siemens employees in the U.S., officials there are reviewing policies on L1 visas as well, which allow firms to shift workers from one country to another as long as they remain employed at that firm. The Siemens workers say they were replaced by workers from the Indian Tata Consultancy Services. Accordingly, Indian firms such as Wipro have issued memos to workers overseas telling them to refrain from offending their colleagues, who may already see their jobs under threat. Kiran Karnik, head of the Indian IT trade group Nasscom, says increased time required to get a U.S. visa has stifled Indian firms' competitive advantage because consultant deals are extremely time-sensitive, and have had the effect similar to keeping agricultural imports in port for extended periods. About 60% of Indian software outsourcing work is done for U.S. companies; the Indian IT sector has grown about 25% annually for the last two years while IT markets in other countries have declined sharply.
http://search.ft.com/search/article.html?id=030409001116

MIT has named School of Architecture and Planning Dean William Mitchell, 57, as the new head of its Program in Media Arts and Sciences, which is responsible for the school's Media Lab. In his new leadership position, Mitchell will be charged with building a tighter relationship between the freewheeling Media Lab and MIT's academic establishment. Founded in 1985, the Media Lab has gained a reputation for being a haven for chaos, where students and researchers could explore work in areas that ranged from quantum physics to opera. However, many of the inventions in the mid-1990s were funded by major corporate sponsors, which have since held back on their assistance because the tech industry and the economy is in a slump. The Media Lab is considering relying more on government funding for support. Although MIT wants to see the Media Lab serve as a resource for more academic pursuits, Mitchell's experience in heading architectural and design programs suggests he would be able to incorporate academic discipline into an environment where the hands-on approach exists. Mitchell says media arts used to refer to the way emerging technologies would impact people's daily lives. "Now it involves things like sensor technology, nanotechnology, wearable devices, wireless devices," says Mitchell.
http://boston.com/business/news/2003/04/07/media_lab.htm

The recent certification of 17 domestically-trained Afghans as computer networking specialists is a watershed for Afghanistan, a country that is a decades-long laggard in information technology, and whose recently-ousted Taliban government virtually eliminated all educational and professional opportunities for women. Under the aegis of the United Nations Development Program (UNDP), Cisco Systems set up a Cisco Networking Academy at Kabul University, and the first 17 graduates--six of them women--received their industry standard certificates on Tuesday. One female graduate, 23-year-old Rita Dorani, urged all Afghan women to familiarize themselves with computer technology, while men should not stand in their way. Although the Western-backed regime that replaced the Taliban is more permissive, Afghan women still remain rights-challenged in the largely conservative provinces; UNDP project director Mark LePage noted that the UN plans to bring the initiative to those provinces. UNDP's Deputy Director for Afghanistan Knut Ostby said that such programs offer opportunities for the nation to bring its IT infrastructure rapidly up to date, and the Cisco Networking Academy graduates will hopefully lead the rest of the country in becoming an established IT player.
Click Here to View Full Article

The U.S. Department of Defense has been a major supporter of nanotechnology research for over 20 years, and this year will spend $243 million on nanotech R&D; the total federal budget for nanotech this year is $774 million. The technology promises to radically change computing, and Dr. Clifford Lau of the Defense Department's Office of Basic Research predicts that nanotech will also dramatically alter all aspects of warfare, including weapons, communications, and the health of soldiers. Among the nanotech products being developed and in some cases deployed by the military is Inframat's flexible Nanox compound, which the Navy is using to coat boiler feed lines on steam-powered ships and minesweeper propulsion shafts so that they have greater durability and heat resistance; and lightweight, waterproof uniforms that are stronger than armor and handhelds capable of detecting the presence of chemical and biological weapons, which MIT's Institute for Soldier Nanotechnologies is working on. Even more useful could be nanoscale sensors that can be distributed into far-flung, computer-coordinated surveillance networks that could be used to detect and respond to chemical attacks by the enemy. The Defense Department is keeping an eye on international nanotech research efforts: The National Science Foundation estimates that less than 5,000 U.S. graduates received doctorates in nanotech-related engineering fields in the year 2000, compared to almost 25,000 graduates in Asian countries. Most experts agree that manufacturers will have to develop self-assembling nanoscale systems, although a number of companies are marketing products that can be used to directly manipulate tiny particles.
http://www.nytimes.com/2003/04/08/technology/08NANO.html
(Access to this site is free; however, first-time visitors must register.)

The SETI@home project released a new version of its distributed client software on April 4 in order to close a buffer overflow flaw that could allow hackers to commandeer the computer systems of SETI@home volunteers. SETI@home is a distributed computing project in which PC users donate idle processing time to scan radio-telescope data for signs of intelligent extraterrestrial transmissions. Delft University student Berend-Jan Wever reported three vulnerabilities, including the buffer overflow problem, to SETI@home in December, which were not disclosed to the public until this past weekend. In order to exploit the flaw, a hacker must either successfully route a victim to a bogus SETI@home server, or take over a SETI@home Web server. Wever added that the first attack can be carried out with widely available software, and both he and SETI@home urge participants to download the latest software from the SETI@home Web site, which also offers a patch for software users. Another flaw reported by Wever resides in the project servers that could allow a hacker to breach the main servers and take advantage of all SETI@home clients, although SETI@home director David Anderson says this vulnerability was fixed almost two months ago. The third flaw Wever alerted SETI@home to lies in the unencrypted data the client sends to the server--such information revolves around the computer that is running the client.
http://news.com.com/2100-1002-995801.html

The European Physical Journal recently accepted a paper by Stefano Bettelli of Paul Sabatier University detailing his and his colleagues' efforts in creating a programming language for a quantum computer. A quantum computer's bits, or qubits, simultaneously exist in "0" and "1" states, enabling parallel calculations. The act of measuring a qubit's value triggers a collapse to a 0 or 1 state, while in principle a well-organized quantum computation should prevent this from happening until it becomes necessary to learn what one of the qubit's values is. Dr. Bettelli and his colleagues have organized a programming language composed of quantum registers and quantum operators--the former are supposed to allow a program to interact with specific qubits, while the latter facilitate qubit manipulation. The quantum operators are the quantum version of logical operators--"and", "not", and "or"--that form the foundation of classical programming. In order to usefully describe the program's unitary transformations, Dr. Bettelli employs object-oriented programming, which integrates data and commands into individual bundles, or objects. Using an object to represent a unitary transformation makes it relatively easy to translate classical programming directives into quantum-level physical control instructions. Quantum registers and operators will have to be combined with classical computations by the quantum programming language.
Click Here to View Full Article

Stanford Law School professor Lawrence Lessig has given scholars, scientists, artists, photographers, and writers an opportunity to share their works more easily on the Internet via the Creative Commons. Last December, Lessig and several other cyber-activists launched the online nonprofit Creative Commons in an effort to offer special licenses to copyright holders who do not mind other people using their work. Copyright holders have the option to choose a license that allows others to use their work along as attribution is given, a license that allows others to use their work commercially, or a license that allows others to modify their work. Furthermore, Creative Commons allows copyright holders to donate their work to the public domain. Creative Commons' Web site, www.creativecommons.org, serves as the access point to these specially copyrighted materials. Lessig has long argued that existing copyright laws, burgeoning intellectual-property laws, and the interests of large media poses a threat to the Internet.
Click Here to View Full Article

Several startups are readying products that use semiconductor quantum dots, first for the biotechnology industry and later for tunable lasers, telecommunications, and light-emitting diodes (LEDs); this commercialization is fueling basic research in the hopes that quantum dots could one day be used in quantum computers. Quantum-dot manufacturing is split into two categories--epitaxial growth, which is particularly conducive to telecommunications and quantum computing applications, and colloidal synthesis, whose scalability makes the dots more suitable for lasers and LEDs. Steven Talbot of Evident Technologies explains that further commercialization can only proceed by raising the scalability of colloidal synthesis, while Brian Korgel of the University of Texas at Austin says quantum dots need to be more stable and durable, and be able to self-assemble reliably. "If we can understand the fundamental physics, we can ultimately make better quantum dots," remarks Jerry Floro of Sandia National Laboratories. Scalability is less of an issue for the biotech sector, which places more value on high quality than high volume, notes Quantum Dot director of chemistry Charles Hotz. Quantum-dot biotech applications currently being explored and considered include fluorescent biological sensors for detection of certain cells and biological weapons, and biomechanical hybrids that can directly link to neurons and control neural functions remotely. Potential applications for quantum-dot LEDs include internal lighting for buildings, chemical and biological sensors, full-color flat-panel screens, and super-dense optical memories and data storage; in the telecommunications sector, quantum dots could find use as all-optical switches and logic gates. Meanwhile, a research team led by Purdue University's Albert Chang is investigating the detection and control of quantum dots' electron spin as a way to convey information and perform calculations in a quantum computer.
http://www.aip.org/tip/INPHFA/vol-9/iss-1/p14.html