A dozen witnesses testified on cybersecurity solutions at a hearing before the House Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census on Sept. 10, but only three alluded to federal legislation that would make addressing cybersecurity concerns a requirement for private companies. Qualys CTO Gerhard Eschelbeck said that the employment of automated security applications should be strongly encouraged by public policy; CERT Coordination Center director Richard Pethia thought the government should wield its purchasing power to insert "code integrity" clauses in software licenses and make vendors liable for faulty products; and AtStake's Christopher Wysopal thought Pethia's suggestion was a good idea, given the U.S. government's role as one of the world's biggest software buyers. Most panelists agreed that more money should be channeled into law enforcement's efforts to combat cyberthreats as well as federally funded security research and development. There was general consensus among the witnesses that cyberattacks are growing in frequency and sophistication, while computer vulnerabilities also appear to be on the rise. Subcommittee Chairman Rep. Adam Putnam (R-Fla.) is considering a bill that would require publicly traded companies to include a cybersecurity checklist in their reports to the Securities and Exchange Commission, a measure that Putnam thinks will raise cybersecurity awareness among CEOs. The subcommittee chairman noted that the hearing, which was originally supposed to focus on federal cybersecurity initiatives, was widened to include the private sector as a result of the recent Sobig.F and Blaster worm outbreaks. In response to Putnam's questions whether law enforcement has a different attitude toward cybercrime than more conventional crime--an idea stemming from a notable lack of cybercrime arrests--John Malcolm of the Justice Department said that law enforcement agencies do not treat cybercrime any differently, but admitted that cyber-criminals cover their tracks well.
Click Here to View Full Article

The average information technology worker earned $65,000 in 2002, or about 8% more than in 2001, according to the Sage/SANS/BigAdmin Annual Salary Survey. "The solid growth exceeded my expectations, because my expectations were low," says Robert Kolstad, director of Sage, an organization for system administrators. The survey of 9,651 IT workers and 683 consultants conducted by Sage, the SANS Institute, and BigAdmin, a system administrator site operated by Sun Microsystems, comes at a time when the IT industry is facing unemployment that is approaching historic levels. A casual work environment, challenging workload, and good co-workers is what IT workers like most about their jobs. However, IT workers said poor decisions by management and corporate bureaucracy makes them uncomfortable. IT workers were still concerned about job security, particularly with the steady flow of IT jobs outsourced to India and other countries, as well as the advancement of automation software that could make certain jobs obsolete. The survey also found that about 15% of respondents were unemployed for at least one week last year.
Click Here to View Full Article

Eric Byres, a computer security researcher at the British Columbia Institute of Technology, warns that hackers are probing weaknesses in the computer-security protections of power plants and said electricity infrastructure is an attractive target for hackers who want their exploits to become famous. He warns that a hacker could disrupt electricity supply throughout an entire city if security protections are breached. He says, "This would be a real badge of honor in the hacking community. To be the first guy to be able to turn off the lights in Los Angeles would make you famous." Rich Mogull of the Gartner Group's Information Security and Risk division believes that angry, ex-employees pose the most dangerous threat to system security because of their inside knowledge of utility computer systems and adds the industry has invested too little resources to improve security. Byres believes systems are increasingly vulnerable to cyberattack because many utilities use common software packages rather than invest in their own specially designed systems. The interconnection between different utility computer systems, combined with Internet compatibility, provides hackers with a variety of ways to potentially gain access to control systems. FirstEnergy Corp. is seeking to determine whether the Blaster worm that affected 500,000 computers worldwide on Aug. 11 had a part in the massive blackout three days later that left millions of people without power.
Click Here to View Full Article

Enabling a computer to read lip movements could significantly improve the accuracy of automatic speech recognition even in noisy environments, and researchers at IBM, Intel, and elsewhere are working on such a capability. IBM's Chalapathy Neti says a computer can be taught to integrate audio and visual input to determine what is being said with the help of cameras, statistical models, and vision algorithms. The camera picks up skin-tone pixels, the statistical models look for face-like objects, and the algorithms concentrate on the mouth area and ascertain where specific physical features--the center and corners of the lips, for instance--are located; statistical models are also employed to combine visual and audio features and predict the speaker's words. Neti and colleagues are working on systems designed to handle variables that may affect the accuracy of the camera-based system, such as inconstant lighting: Currently in the prototype stage is an audiovisual headset that features a small camera attached to a boom so that the mouth region remains visible even when the subject is walking or moving his head. Neti says the research group has also developed a feedback system that monitors confidence levels. Meanwhile, Intel researcher Ara V. Nefian says his company has created audiovisual analysis software and made it available to the public through the Open Source Computer Vision Library. The system, which recognizes four out of five words in noisy environments, can "extract visual features and then acoustic features, and combine them using a model that analyzes them jointly," Nefian explains. An audiovisual speech recognition system being developed by Northwestern University's Aggelos Katsaggelos could be used to boost security.
Click Here to View Full Article
(Access to this site is free; however, first-time visitors must register.)

Former Israeli prime minister and Nobel Peace Prize honoree Shimon Peres told attendees at the recent World Nano-Economic Conference in Washington, D.C., that science and technology--nanotechnology in particular--could be used to promote peace, and urged both the American and Israeli governments to set up knowledge centers in which academic rather than governmental agencies shape foreign policy. He described nanotech as being akin to atomic power, and argued that the technology would be much more useful as a tool for peace than as a weapon. However, insiders such as Foresight Institute President Christine Peterson say the advancement of nanotech is an uphill climb, especially since the nanotech industry currently suffers from a lack of integration. Nanotech development follows a gradual rather than revolutionary path, because short-term applications such as enhanced strength, performance, safety, accuracy, and sensitivity are for the most part not apparent in existing products. In the long term, "We want to be able to design and build nanosystems for manufacturing complex, atomically-precise products of any size from cubic-micron mainframes to aircraft carriers," Peterson explains. Nanotech investment is stronger in America than in Europe, and Peterson observes that American investors can look beyond the nanotech hype that has been a developmental barrier for many. Jih Chang Yang, executive director of Taiwan's Industrial Technology Research Institute, thinks nanotech could yield a very hefty short-term payoff through its enhancement of metals, plastics, textiles, papers, and even toilets. He reports that industrialization constitutes 62% of Taiwan's $650 million nanotech development program, and says his country expects to be pouring $19 billion into nanotech research and production within five years.
Click Here to View Full Article

Fueling critics' allegations that electronic voting systems are vulnerable to tampering and abuse is a March 2002 primary in San Luis Obispo County, Calif., in which the results of absentee votes were apparently posted on a Web site operated by voting machine supplier Diebold Election Systems more than four hours before polls closed. The county employs optical scan machines in which voters mark their choices on a sheet a paper, while the ballots are scanned into a computer and transmitted to a central server through a modem once the polls close; computer security experts say the modem allows hackers to ambush the data. Diebold's Deborah Seiler acknowledges that her company is looking into the San Luis Obispo incident, but insists that Diebold's e-voting systems are rendered fraud-proof by thorough oversight. She argues that the timestamps for the votes could be misleading, and suggests that Diebold engineers may have published the results long after the county primary wrapped up. Milpitas computer system administrator Jim March wonders what the county's server was doing linked to a Diebold server, especially if it dialed out while polls were still open; he explains that the incident could be attributed to an outside hacker or a malevolent or blundering Diebold employee. California Voter Foundation President Kim Alexander admits that the incident and other problems have made e-voting systems a source of worry.
Click Here to View Full Article

MIT researchers are developing intelligent software that can interpret what rough, unpolished sketches represent using Bayesian analysis techniques. The software is designed to recognize hand-drawn objects that correlate with the user's intentions, ascertain their context, and animate the drawings to reflect real-world movements. Determining context is beyond the abilities of current sketching software, which only identifies geometry. The MIT software, developed by Randall Davis and Christine Alvarado at the Artificial Intelligence Laboratory, studies the image as it is being sketched and assigns likelihoods to various interpretations of the represented objects; the evaluations are amended as details are added through Bayesian analysis, which scans specific effects to compute the probability of their causes. "With our software, the 'causes' are what the user had in mind to draw, and the 'effects' are what was actually drawn," explains Davis. The objects' animation is facilitated when the program adds gravity, friction, and other physical laws to the completed interpretation. The software's Bayesian component can only identify squares at this point, but Davis plans to expand the spectrum of crudely drawn configurations the program can recognize. The technology could dramatically augment the education of children and the visualization of engineering designs.
Click Here to View Full Article

Security experts predict new biometric security applications will be necessary in the future to secure e-commerce and prevent identity theft. AMS vice president Jeffrey Z. Johnson says the industry has so far done a poor job of selling the concept of biometric security to the public, since many people regard biometrics as unreliable or unnecessary; in reality, Johnson says biometric technology has already reached a very mature stage in many respects. EDS security and privacy sources executive director Albert Decker says people's fears about the security of their biometric information is weighing against their desire for an easier way of accessing multiple systems and online services. Users have to remember too many passwords, and then are worried about fraudulent use of their passwords or email accounts, for example. While computer security used to be only a worry for companies, the burden has shifted to the user level as well, a trend Decker says will eventually speed biometric security adoption. Intel is already working on a sort of biometric authentication that sidesteps concerns about databased personal identifiers: Instead of relying on a person's physical characteristics, Intel Research principal engineer Roy Want says computer systems could present users with a selection of images, some of which will be personal images easily identifiable by the user; this relies on people's cognitive recognition abilities rather than any physical biometric traits. Want says this so-called photographic authentication should be marketable in three to five years. Aberdeen Group security vice president James Hurley, however, warns that many biometric security efforts currently underway focus too much on technology and not enough on usability.
Click Here to View Full Article

Millions of computer users are putting the time they spend away from their PCs to more productive use by volunteering to participate in distributed computing projects, in which idle processing power is collectively tapped to generate simulations and analyze data for disease studies, weather forecasting, protein modeling, and other scientific research. Distributed computing is expected to broaden its horizons with the introduction of the Berkeley Open Infrastructure for Network Computing (Boinc) software program by the SETI@home project. Boinc promises to boost efficiency because it will enable volunteers to participate in more than one distributed computing project, according to Dr. David P. Anderson of the University of California's Space Sciences Laboratory. The program, which runs on Windows computers as well as the Mac OS X operating system, can also be used to more fully exploit computing time. "By setting things up the way we have, when one project doesn't have any work to do, the other projects can receive the benefit," Anderson explains. The University of Oxford's Climateprediction.net project will employ Boinc so volunteers can run 3D simulations of potential 100-year climate changes, while Stanford University's Folding@Home project plans to use Boinc for research into protein self-assembly and how this process may contribute to diseases such as Parkinson's or Alzheimer's. "Part of the big idea [behind Boinc] is to try to set things up so the general public has some reason to be interested in all these different science projects, so it's not just something you read about in the back pages of the New York Times when the project is over," comments Anderson.
Click Here to View Full Article
(Access to this site is free; however, first-time visitors must register.)

In an overview of speech technology, Lawrence R. Rabiner of Rutgers University's Center for Advanced Information Processing predicts that speech recognition and voice control technology will render keyboards, remote controls, and phone numbers archaic within 10 years, and transform life in the home and the workplace. "We are rapidly approaching the point where entering data to devices by voice--regardless of language or accent--will be as accurate and efficient as entering it by keypad or mouse," he declares. "The idea of 'going to work' to get things done will change to 'getting things done' no matter where you are." Rabiner notes that advances in voice control will stem from new abilities to consolidate and transfer vast amounts of computer code without overtaxing network capacity, while the physical shrinkage of technology will support a migration away from manual controls. He believes security will be upgraded with the advent of speech-based authentication, while household appliances such as entertainment centers will be operated by voice instead of by remote or hand. In the next five to 10 years, Rabiner foresees network accessibility and voice control being extended to virtually all office and household devices; more convenient shopping, home activities, and scheduling through the use of voice-controlled agents; and phone calls based on name rather than number. Rabiner presents his views as part of a broad examination of speech processing in the Sept. 12 issue of Science.
Click Here to View Full Article

Internet pioneer Vint Cerf is reluctant to predict the next radical shift in the Internet itself, but he says that voice over IP (VoIP) is an evolutionary Internet application that will transform telecommunications. Cerf currently serves as MCI's senior vice president for Internet Architecture and Technology, and says MCI already routes 10% of its calls via IP switches and plans to move completely over to IP by 2005. VoIP makes telephony much more efficient, since carriers do not have to dedicate line capacity for the duration of the call; instead, Cerf explains that capacity is only allocated when there is something to transmit. In addition to saving money, VoIP opens up numerous possibilities in terms of value-added services, since carriers can easily send and integrate data, voice, text, and even run programs over their networks. However, regulatory issues are currently a barrier to Cerf's vision, and he strongly advocates the opening up of Bell company facilities to competition, saying broadband should work the same as the dial-up model. The cost to carriers such as MCI should not be as much as one would expect, since MCI and its peers have huge amounts of unused backbone capacity; the major cost to change over to VoIP for carriers would be interface issues, such as Session Initiation Protocol to configure each call. Cerf foresees an entirely networked home where the Internet is used as a central control mechanism--of course, he says, "you need strong authentication to make sure some 15-year-old next door won't reprogram your house." In the commercial realm, a more robust IP environment will allow companies to automate inventory controls and bundle voice, data, and other transmissions into one channel to save money.
Click Here to View Full Article

Lawmakers this week convened computer security experts to discuss ways to better secure the nation's IT infrastructure. The technology subcommittee of the House Committee on Government Reform listened to testimony from law enforcement, security firms, and IT vendors. Symantec President John Schwarz stirred controversy by suggesting the government criminalize information on the Internet that helps hackers and virus writers; he did not say what effects that would have on freedom of speech or even legitimate security work, but noted 450 new viruses and reiterations appear each month. Qualys CTO Gerhard Eschelbeck noted that recent viruses and worms are unleashed more quickly after software flaws are published: Slammer came six months after a flaw was disclosed, while Nimda appeared just four months after a disclosure and Blaster appeared just three weeks after news of a vulnerability. These viruses are spreading much faster as well--Schwarz warned that the most dangerous intrusions were not well known and likely lurking on critical systems, threatening business and critical public infrastructure. Atstake research and development director Chris Wysopal said the most effective security solutions were better designed software and education of computer users, and he suggested a national organization that could monitor computer user safety the same way the National Highway Traffic Safety Administration does for motorists. And as the largest IT buyer, the government should pressure software vendors to produce more secure products. Notably, the Department of Homeland Security recently signed a $90 million contract with Microsoft for desktop and server software without requiring security testing.
Click Here to View Full Article

Liquid crystal displays (LCDs) in computer screens usually boast a dynamic brightness range between 300 to 1 and 800 to 1, compared to the 10 million to 1 range of the human eye. However, researchers at Canada's York University, the University of British Columbia, and Sunnybrook Technologies have developed high dynamic range display technology that elevates LCD range to 90,000 to 1, using very bright light-emitting diodes (LED) to provide backlighting. The backlight can be segmented, and those segments can be controlled independently. York University's Wolfgang Stuerzlinger explains that this breakthrough allows more realistic images to be displayed, and facilitates the generation of much darker intensities than traditional screens. Helge Seetzen of Sunnybrook Technologies says the system works because the blur caused by the difference in size between the LED backlights and the liquid crystal pixels can be controlled. Software is employed to compensate for the majority of the blur; the human eye does not register the rest of the blur. "Most areas in the average images aren't at the top brightness end--or we would have a desire for sunglasses all the time--so the vast majority of the LEDs are actually providing fairly little light at a given time and thus consume very little power," notes Seetzen, who adds that the display could still cost more than current monitors. Seetzen says the technology could be used to dramatically boost the viewability of medical images as well as architectural rendering such as flight and vehicle simulators and military command and control viewers.
Click Here to View Full Article

The prevalence of the Linux operating system seems to contradict the spirit of the open-source movement, which is designed not to favor any one OS. Open Source Development Lab director Tim Witham notes that more people are using Linux than the other major open-source OS, BSD. He opines that this is because the Linux process is more generally inclusive than BSD is. Although the BSD license allows developers to write code and deploy it in commercial, proprietary software, they can also prevent their code from interoperating with other classes of BSD. "The great majority of people working on Linux have been contributing back to the main line, so the progress has been more focused," Witham explains. Though there is argument that BSD is a stronger OS than Linux, Meta Group analyst Tom Murphy points out that its release into the marketplace was delayed by a copyright infringement lawsuit filed by AT&T, which developed the Unix code BSD is based on. Murphy adds that Linux's acceptance for corporate use was boosted significantly with the support of companies such as Dell, Oracle, and IBM. Forrester analyst Ted Schadler observes that the endorsement of Linux by such heavyweights came about because Linux creator Linus Torvalds was receptive to corporate entreaties early on.
Click Here to View Full Article

Liquid crystal displays (LCDs) and plasma panels are poised to battle over the large-screen market, and the possibility exists for LCDs to dominate thanks to their continuously evolving technology. LCDs are currently the screen of choice for consumer electronic devices such as CD players, laptops, portable phones, and digital watches thanks to their power efficiency, low weight, and thinness, but their use in large-panel displays has been limited because manufacturers were previously unable to surpass the 30-inch diagonal threshold; LCDs' narrow viewing angle also caused the displayed image to be obstructed by even the slightest deviation in the viewer's perspective, while early LCDs did not enjoy the rapid pixel-switching that plasma screens boast and thus were less adept at displaying moving objects. However, materials and fabrication breakthroughs are expected to allow LCDs to penetrate the plasma market as 40-inch LCD screens are rolled out this year. Back-plane improvements over the last two decades have allowed LCD refresh rates to catch up to plasma screens. Corning researchers discovered that LCD glasses were alternately too dense or too light because of their oxide content, which led to the development of the optimally dense 1737 glass. This resulted in a significant decline in LCD screen price. Furthermore, IBM researchers learned two years ago that they could boost LCD screen quality and viewing angles by aligning the elongated liquid crystals in the display materials with beams of electrically charged atoms. Meanwhile, organic light-emitting diodes are expected to help usher in new flexible displays with high-quality viewability.

With the Recording Industry Association of America (RIAA) and copyright holders threatening to go after file-swappers that make unauthorized copies of digital content, many traders are going to underground "darknets" in the hopes of keeping their activities secret. One file-trading service, Direct Connect, offers free software that allows individuals to establish a members-only network with password protection. "As soon as [the RIAA] laid down those individual subpoenas, we started seeing posts from people looking for private networks," notes Chris Hedgecock, whose Zeropaid Web site is where approximately 160,000 file sharers gather to exchange information. Darknets are not only used by digital pirates: They have become a platform for political dissidents and civil libertarians, while major corporations such as Hewlett-Packard are also taking advantage of these private networks to share sensitive information with outside partners. Darknets usually boast more security than the average corporate intranet, because the data passing to and from computers on the darknet is often encrypted; darknets are also designed for quick and easy assembly and disassembly. The technology that supports darknets is coming from a variety of sources, including independent developers, America Online's Nullsoft division, and companies such as Groove Networks that sell specialized darknet software. Trustworthy members is the key component for certain darknets, while others rely on technological privacy solutions. The entertainment industry is not particularly concerned about darknets, and feels they can cause little damage given their usually small memberships.
Click Here to View Full Article

Ethical hackers such as Ryan Breed of Unisys function as security consultants, and they use a variety of tools--many of them freely available online--to test the cyber-defenses of the companies that hire them. Such tools include Ethereal, a network protocol analyzer that can study network traffic in real time or from a saved file; NetStumbler, a wireless network locater; Network Mapper, a program that can scan a network for operating systems, servers, classes of services and ports, and firewalls and packet filters; Netcat, used for network analysis; Nikto, a scanning tool that tests Web servers for potential security leaks; and Nessus, a remote security scanner that searches for network vulnerabilities and produces lists of the flaws it uncovers. Breed notes that a hacker can learn a lot about a target company, its corporate domains, and related Web sites through search services such as Google.com, while corporate ads for IT job vacancies are another possible source of information. "You'll find out what kind of software and systems they run from the skills and experience they're seeking in their IT job listings," Breed observes. Another strategy hackers may use is to study Internet message boards on Yahoo! and other financial sites, as well as sites run by former employees of the target company. From hacks carried out by security consultants such as Breed, companies are learning that they need to beef up network protection--not just by changing passwords more often, but by formulating and implementing better security policies. Breed explains that one of his jobs, in which he breached the company's internal systems via a router misconfiguration, "dispels one of the popular security myths: That a company can focus only on securing its perimeter and remain secure."
Click Here to View Full Article

Former White House Cybersecurity Adviser Richard Clarke says the Homeland Security Department has fallen short in its effort to fortify the computerized infrastructure of the U.S., and cites its failure to establish a national cyberspace security center with a well-known cybersecurity specialist placed high in its hierarchy; he notes that IT managers are finding it tough to secure security funding in the current economy, but cautions that spending alone does not ensure effective cybersecurity. Clarke recommends that CIOs formulate a detailed IT security policy as well as an enforcement methodology--and clearly articulate that policy to their IT departments. Jonathan Zittrain, co-founder of Harvard University's Berkman Center for Internet & Society, acknowledges that corporate strategies for IT security and how tight security should be are difficult to determine, given the openness of the technological environment and lingering uncertainty about the vulnerability of the Internet and the connected networks. He says CIOs must factor in a balanced risk-reward ratio and be especially alert for signs of excessive security, such as employees being denied legitimate access to information. Counterpane Internet Security CTO Bruce Schneier writes that citizens and consumers are being kept out of the security equation and have little influence as individuals with the governments, businesses, and organizations responsible for instituting the many intrusive security measures that add frustration to our daily lives. His solution is for individuals to mobilize and take a stand, though he urges people to direct their complaints to the head of the agency, organization, or company and pressure elected officials to make agencies and corporations amend their security practices. Marc Rotenberg of the Electronic Privacy Information Center is concerned that both the public and private sectors are implementing a legislative and technological framework for monitoring citizens and customers that may be hard to disassemble once the threat recedes. He says it is folly to live in ignorance of these issues.
Click Here to View Full Article

The TOP500 list does more than just rank the world's fastest supercomputers: It outlines high-performance computing (HPC) trends characterized by rapidly changing computer architectures and steady, predictable growth in performance levels; the biggest individual driver of this growth is the rise in chip performance according to Moore's Law, though there are clear indications that HPC performance is in fact surpassing Moore's Law thanks to increasing processor density. Specialized HPC manufacturers such as Cray Research, Intel, and Hitachi ruled the supercomputing market 10 years ago, but they have since receded in favor of workstation and PC makers such as IBM, Sun Microsystems, and Hewlett-Packard. It is projected from the performance growth curve that the first supercomputer capable of processing 100 teraflops per second will emerge by 2005, while systems capable of 1 petaflop per second will arrive by 2010. Meanwhile, about 160 systems are replaced every six months on average. As of June 2003, the top supercomputer in the world was NEC's Earth Simulator in Japan. Massively parallel processing systems have comprised the majority of the top 500 supercomputers over the last decade, but there has been significant growth in the number of clustered systems throughout the last several years. Although the leading supercomputer centers are government laboratories (most of them American), it is unclear what short-term influence they have on the market. None of the top 10 centers are based in Europe.
Click Here to View Full Article