[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips August 1, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
- Subject: Clips August 1, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Thu, 01 Aug 2002 11:04:31 -0400
Clips August 1, 2002
ARTICLES
Man Hoped to Win Woman He Met on Web
A Think Tank That Needs to Spell It Out
Cybercafe Crackdown May Trip Up Leering Boys
Applicants for New Dot-Org Domain Controller Under Review
Security czar points finger of blame
Burns tackling BIA troubles
A Shift Registers in Willingness to Pay for Internet Content
OMB freezes management systems
Experts translate voice tech needs
Taxpayers will file 2002 federal returns online for free
Administration launches a clearinghouse for volunteers
***********************
Man Hoped to Win Woman He Met on Web
Pr. William Jury Urges Death for Couple's Killer
By Josh White
A Prince William County jury recommended a death sentence for Larry "Bill"
Elliott yesterday, suggesting the highest penalty for the former Army
intelligence officer who became obsessed with a woman he had met on the
Internet and then killed a Woodbridge couple to win her love.
Jurors deliberated for more than 10 hours over three days in making the
choice between the death penalty and a life sentence without parole for
Elliott, 52, of Hanover, Va., deciding ultimately that the gruesome nature
of the crime deserved death. Jurors took less than half that time last week
to find Elliott guilty of the Jan. 2, 2001, murders of Robert Finch, 30,
and Dana Thrall, 25.
Elliott also received a life prison sentence for the murders and a
mandatory eight years in prison on weapons violations. Circuit Court Judge
William D. Hamblen is scheduled to confirm the sentences at a Sept. 20
hearing, during which he has the option of reducing the death sentence to a
life term.
Elliott, a career military intelligence official, became entangled in a
bizarre relationship with a woman he had met through an adult Web site,
giving her more than $450,000 over 18 months to help her out of financial
trouble. Elliott developed an obsession with the woman, Rebecca Gragg, but
she rebuffed his attempts at having a sexually intimate relationship.
According to testimony and argument in court during the past three weeks,
Elliott's obsession turned him into a frustrated and jealous murderer. He
killed Finch, Gragg's ex-boyfriend, apparently because he perceived Finch
to be an obstacle to Gragg's love, witnesses said.
"There's no question that if Mr. Elliott hadn't gotten involved with
Rebecca Gragg, two people would be alive today," Commonwealth's Attorney
Paul B. Ebert said. "But he killed them. To think about eliminating someone
is what the death penalty is designed to prevent."
Elliott went to Thrall's Woodbridge townhouse on Jan. 2 in the
early-morning darkness and shot Finch three times. He then shot Thrall,
beat her over the head, reloaded his revolver and shot her three more times
in the head. Thrall's two children -- ages 6 and 4 at the time -- were in
an upstairs bedroom and heard the gunshots and Thrall's scream.
"He looked right into Dana's eyes and beat the life out of her and didn't
even care," said Jennifer Finch, Robert Finch's younger sister and one of
Thrall's best friends.
She said yesterday that she was bothered by Elliott's unwavering stare as
the verdicts were read. "It makes me angry that he has shown no remorse for
what he did," she said.
Kim Lephart, Thrall's older sister, said she doesn't believe the death
sentence will change much for the family, other than giving Thrall's
children some solace that "the bad guy" won't ever be out on the streets.
"I want Dana's scream to haunt him," Lephart said.
Police linked Elliott to the scene with a spot of his blood that was found
on a back gate, and witnesses saw him near the home before the slayings.
Elliott's truck was also spotted near the scene, and he later made cryptic
remarks to Gragg about having to clean up a mess.
Elliott's defense team tried to put the blame on Gragg during the trial,
telling the jury that she wanted Finch out of her life because of a bitter
custody dispute. Henry W. Asbill and William A. Moffitt, Elliott's
attorneys, argued that Gragg could have sent an unknown person to commit
the murders.
In arguing for Elliott's life, Moffitt told jurors Monday that his client
fell victim to one of the most human emotions: love.
"There's no question that Mr. Elliott fell in love with Rebecca Gragg, and
a more unfortunate circumstance cannot be contemplated," Moffitt said.
"This is a case that cries out in its humanness; it's completely
understandable in human terms. It cries out for him to be punished severely
and harshly, but it does not call out for his death."
Gragg said yesterday that she resents Elliott.
"He told me at first that he just wanted to help me make a better life for
my children, and what he actually did was tear our lives apart," Gragg
said. "If anything, I feel that he is getting off easy. He won't have to
live with this for very long, and we will have to live with this for the
rest of our lives."
*******************
Washington Post
A Think Tank That Needs to Spell It Out
By Shannon Henry
Virginia's Center for Innovative Technology is trying to reinvent itself
again, although who knows if this time will be the charm.
Since the CIT was founded in 1984, it has evaded several near-shutdowns.
Its mission has never been clear to many taxpayers and technologists. And
now, Anne Armstrong, who since 1999 has been the president of the nonprofit
technology think tank, has suddenly left.
Armstrong would not talk about the circumstances of her departure.
"Everybody thought it was time to make a change," says CIT Chairman Paul
Brubaker, who is also chief executive of Aquilent in Laurel. He says the
decision was mutual.
Its last president, Bob Templin, was ousted by the CIT board as then-Gov.
James Gilmore (R-Va.) appointed his own secretary of technology to oversee
the group. Now there's another new governor and soon there will be another
CIT president.
The group says that in coming weeks it will unveil an operating plan that
will finally explain to everyone what happens in the slanted glass building
off the Dulles Toll Road and what it intends to accomplish in the future.
"I don't think anybody in the private sector knows what [CIT] is," says
venture capitalist Jack Biddle of Novak Biddle Venture Partners in Bethesda.
Still, the CIT has a $9.2 million annual budget. But the pool has been
shrinking: Last year's budget was $12.5 million.
The new operating plan, says Brubaker, will outline CIT's intent to bring
more federal research and development to Virginia, more commercialization
to the state, and a continued focus on economic development. "It represents
a shift in priorities," says Brubaker about the plan.
There's a sense of immediacy. By Nov. 6, the current secretary of
technology, George Newstrom, is supposed to deliver a report to Virginia's
General Assembly explaining whether "the mission of CIT can be fulfilled
elsewhere in Northern Virginia," and an analysis of the prominent
building's land and property value.
Brubaker says the group needs to better demonstrate a return on investment
for the state. However, he thinks much of the problem is articulating the
group's goals and actions, rather than a deeper problem of failed
accomplishments. The attitude that the CIT doesn't do much is "all
perception and zippo reality," he says. "If there was a sin, it was taking
on new activity without giving up the old activity."
Bobbie Kilberg, president of the Northern Virginia Technology Council,
which is housed in the CIT building, says the change in management was
political. After Mark Warner (D) was elected governor, he installed
Newstrom, a former EDS executive, to take over for the state's first chief
technology officer, Don Upson. Armstrong, a former newspaper editor, had
been Upson's choice. "When administrations change, people change," says
Kilberg, who has been a supporter of keeping the CIT alive and well funded.
She says if the group can clearly outline three or so goals in its new plan
and then stick to them, it will be in good shape. CIT's challenge is to
explain to its funders and to Virginia natives what it does.
Brubaker hopes to have a new CIT president in place within 90 days. "We're
looking for a CEO type," says Brubaker. The search is being led by Alan
Merten, president of George Mason University. In the meantime, Newstrom
will serve as acting president. "In this economy, there will be a lot of
good people out there," says Kilberg of the applicant pool.
Harry Glazer, who made his name in the tech heyday in Washington as a
lawyer to start-up companies, is leaving law firm Greenberg Traurig at the
end of the month to join Sherwood Partners of Los Angeles, which advises
financially troubled corporations. While Sherwood is known for winding
companies down, Glazer will open the Washington-area office of the firm to
jump in at an earlier stage to give advice, ideally before things get too
bad. He'll be a principal owner in the business. "I'm heading up their
healthy company practice," says Glazer.
Shannon Henry's e-mail address is henrys@xxxxxxxxxxxxx
*************************
Wired News
Sprint Calls Audible in Spam Suit
A lawsuit charging Sprint with sending illegal, unsolicited e-mail appears
to be turning into a test case for how much evidence a company can recover
when defending against allegations of wrongful spamming.
The class-action suit, Terry Gillman v. Sprint Communications, claims that
the phone company violated a recently enacted Utah statute that places
restrictions on senders of unsolicited e-mail.
The suit seeks damages of $10 per day for each unwanted e-mail the Utah
plaintiffs received from Sprint (FON), along with payment of court costs.
Under Utah law, spammers can be forced to pay up to $10 for each
unsolicited e-mail they send or $25,000 for each day they continue to spam.
Plaintiffs' lawyers said the case was modeled after a lawsuit filed nearly
four years ago by Washington's state attorney general against a notorious
spammer.
The new suit took an unusual twist in early July, however, when Sprint
filed a motion requesting it be provided with the lead plaintiff's hard
drive for the discovery phase of the case.
Sprint spokesman Mark Bonavia declined to comment on the suit, saying it is
company policy not to discuss pending litigation.
In a motion filed in Utah's 3rd District Court in Salt Lake City, however,
the phone company rejected the charges, adding that it "intends to
discontinue the allegedly actionable behavior."
Sprint also requested Gillman, the lead plaintiff in the suit, provide all
electronic and hard copies of the allegedly inappropriate e-mail.
"This will permit Sprint to better investigate and prevent such alleged
violations and will also prevent plaintiff from artificially increasing his
damages by refusing to provide the basic information supporting his claim,"
the motion states.
Denver Snuffer, the attorney for the plaintiffs, characterized the request
for the hard drive as an intimidation tactic. He said demands for physical
evidence such as computer hard drives are not feasible in the context of a
spam class-action lawsuit.
"There are an estimated 1.4 million Internet users in Utah who may have
received Sprint spam, and to ask that many people to literally remove and
deliver their hard drives to Sprint is ridiculous," he said.
Sprint's motion contained a request only for Gillman's hard drive. As of
yet, no equipment has been turned over.
Judge Denise Lindberg of 3rd District Court, State of Utah ordered instead
that both Sprint and the plaintiffs not delete any electronic records that
may be pertinent in the case, Snuffer said.
The lawsuit is intended to represent all Utah residents who received the
unwanted e-mail from Sprint after the state's anti-spam statute took effect
on May 7. Currently, more than half of U.S. states have anti-spam statutes
in place, though specific restrictions on commercial e-mail vary.
Under Utah's law, companies aren't prohibited from sending unsolicited
e-mail. However, senders must clearly state their legal name and address,
include the letters "ADV:" in the subject line, and provide a convenient
way for the recipient to opt out of getting further messages.
Snuffer said the Sprint messages did not comply with these rules.
*************************
New York Times
Cybercafe Crackdown May Trip Up Leering Boys
By IAN FISHER
LAHORE, Pakistan, July 27 Shahid Masood is a bit down on the Internet
these days. But he has never seen anyone who looks like a terrorist at the
cybercafe he owns here.
Mostly he sees boys trying to see girls without their clothes.
"People do not use it in a positive manner," he said in this vibrant city
with two universities and many students, who make for enthusiastic
customers if not always rich ones. "Most of the people access porn sites.
Then it is e-mail and chat sites. Otherwise, there is not much usage of the
Internet."
In this sense cybercafes in Pakistan are not too different from those in
the rest of the world. But in this strict Islamic society of segregation
between the sexes and strict bans on sexual content in the media, privacy
on the Internet is highly prized. So there is more than a little worry
about new government rules, set down in the name of fighting terrorism,
that would keep track of cybercafe users.
Under the rules, Pakistan's thousands of unregulated cybercafes often no
more than a hot hallway with a few computers and no refreshments will be
required to register with the government. Then, starting a month from now,
the cafes will have to ask every customer for proof of identity.
The idea is to provide a way of tracking terrorists and deny them the use
of computers in perfect anonymity. But the Internet here is also a way for
young people to do things society does not normally allow them, and any
intrusion into this new zone of privacy could mean a huge drop in business,
cybercafe owners and their customers say.
"How is it practical?" complained Azir Raziullah, 28, who owns the Web Zone
cybercafe in a mall here with no fewer than seven of them. "If you go to a
hair-cutting shop, do you show ID? If you go to a boutique and buy a shirt,
do you show ID? What is the Internet? It's just business."
But it is, in fact, much more than just business, and some Internet users
say they would not take the risk with their privacy in a country as
confusing as Pakistan on the issue of personal freedom. Pakistan has, on
the one hand, a famously outspoken press and fewer blocks on Internet sites
than some Muslim countries although one site used by Al Qaeda supporters
was recently blocked.
Then again, it is possible to be stoned here for blasphemy.
"I don't think giving an ID is a good idea," said one young computer
student who identified himself only as Atif. For one, he admits to
occasional glimpses at pornographic sites. He would not like that fact
known, much less traced.
Second, he regularly chats with young women online, women he normally could
get nowhere near mostly talking, with disappointing tameness, about the
food they eat.
"It's a good service," he said earnestly. "It has affected my life. I get a
lot of information," he added, and then smiled: "And when I want I can chat."
It is perhaps more risky for women. Kiran Anwar, 21, also a computer
student, said she too has found the Internet a rewarding, and socially
safe, way to talk to people she would not meet otherwise. She noted,
however, that chatters seem to be major liars. Everyone she encounters
online, it seems, is rich, attractive and from a good family.
"I think of it as fun, as enjoyment, as passing the time," she said. "There
are no side effects to that. As long as we are just having chat not
meeting up."
And, she said, "It is very private."
Shahzada Alam, chairman of the Pakistan Telecommunication Authority, which
regulates the Internet as well as mobile and fixed-line phones, said the
rules are aimed at potential terrorists not curious or lovesick teenagers.
Part of the concern, he said, arose after the disappearance in January of
Daniel Pearl, the Wall Street Journal reporter whose captors sent messages
and photographs via e-mail, though apparently through home computers.
Cybercafes, he said, are so far completely unregulated, a hole in
Pakistan's national security that he said needed to be narrowed, though not
closed completely. Requiring identification, he said, seemed like a gentle
step.
"You have to have a balance, that is most important," he said. "If you
over-control or over-regulate you will discourage people from using it. But
if you keep it totally uncontrolled, it could be used by criminals."
That balance is a noble goal, said Mueen Sadiq Malik, chief executive of
Paknet, the state-owned Internet provider, but not an easy one to put in
place. He said that Paknet, one of the largest of the 100 Internet service
providers in Pakistan, has been the first required to register cybercafes
and inform them that they must ask their customers for identification.
To begin complying, his workers have combed their records for heavy
Internet users, one clue to which of his 100,000 customers are cybercafes.
He has also sent his workers to the streets. So far, he said, they have
learned that Internet cafes have spread with the same chaotic freedom as
the Internet itself.
"In the ultimate analysis, it's not going to go too far," he said of the
government plan.
He added that he does not think terrorists "depend on this as a major means
of communication."
He continued: "You can place phone calls. You can use mobiles and keep
changing them."
He smiled at the impossibility of halting communications, modern or not.
"They could send pigeons across," he said.
*************************
Washington Post
Applicants for New Dot-Org Domain Controller Under Review
By David McGuire
The "dot-org" Internet domain, operated for years by Internet addressing
giant VeriSign Inc., will find out who its new landlord will be in late
September, before VeriSign relinquishes its hold on the domain at the end
of the year.
Eleven entities, including three in the Washington region, have applied to
operate the "dot-org" Internet domain, and global Internet addressing
authorities are now slogging through hundreds of pages of application
documents in search of a winning bidder.
"Dot-org is important now because it is the one space on the Internet that
. . . has been devoted to noncommercial speech," said Barry Steinhardt, the
director of the American Civil Liberties Union's Technology and Liberty
Program. "If it were to be turned into just another dot-com, that would be
a blow to speech."
In the Internet atlas, "dot-org" shows up as the stuffy university town on
the outskirts of the commerce-steeped "dot-com" downtown. But dot-org is
indispensable to consumer advocates, public interest groups and political
dissidents, many of whom are watching closely to see who will be chosen to
take the helm of the domain.
Dot-org will represent a lucrative asset for whatever organization takes
the reins. As the wholesale seller of dot-org names, VeriSign makes $6 a
year for every registered dot-org name. With more than 2.3 million
registrations already in place, dot-org will provide its operator with a
predictable revenue stream in an often shaky Internet environment.
The Internet Corporation for Assigned Names and Numbers (ICANN), the
organization that will choose the new registry operator, said it won't give
preference to nonprofit bidders. The top priority, ICANN President M.
Stuart Lynn said, is finding a stable operator to replace VeriSign.
"I don't believe the [ICANN] board would favor a decision to jeopardize the
stability of dot-org, so that becomes a very primary criteria," Lynn said.
"ICANN's first priority is to preserve the stability and reliability of the
Internet and the [Domain Name Server]."
If selected, a nonprofit organization will be eligible for a $5 million
endowment from VeriSign to bring its registry operations up to speed.
Commercial bidders are not eligible to receive the endowment. ICANN plans
to award the contract in late September.
In exchange for giving up dot-org, VeriSign solidified its control of
dot-com, the world's most heavily populated domain extension.
Registry operators such as VeriSign serve as domain-name wholesalers,
charging the industry's retailers, called registrars, a flat fee for every
name they sell to customers. Some registry operators, including VeriSign,
also act as registrars.
ICANN is seeking a new bidder for dot-org as part of its ongoing mandate to
bolster competition in the domain-name industry. Dulles-based Network
Solutions, which was bought by VeriSign in 1999, maintained a
government-approved monopoly over the industry until 1999, providing both
front- and back-end services for all names sold with dot-com, dot-net and
dot-org extensions.
Eleven bidders paid $35,000 registration fees, submitting massive amounts
of documents outlining their preparedness to take the job. Their
applications comprise a wide range of theories on how best to promote and
manage the domain.
Two of those bidders, the Washington-based DotOrg Foundation and
Reston-based Internet Society, say they intend to operate dot-org as a
nonprofit enterprise, while the third, Washington-based NeuStar Inc. is
taking a commercial approach.
Ken Hansen, director of development for NeuStar, which runs the recently
christened "dot-biz" and "dot-us" domains, said a for-profit entity with
experience operating Internet domains would provide the most stable
environment for dot-org.
The noncommercial entities that rely on their dot-org addresses don't care
who runs the domain, so long as it runs smoothly, Hansen said. "These
organizations use their Web sites to get their message out, they use it to
raise money [and] they use it to provide mission-critical services."
Officials at both the DotOrg Foundation and the Internet Society say they
would use the proceeds from operating dot-org to develop online tools and
services designed to help noncommercial groups expand their online
offerings. Neither the DotOrg Foundation, which was created solely to bid
for the dot-org contract, nor the Internet Society have direct experience
operating domain names.
Both organizations have made deals with outside registry operators to
provide back-end services for dot-org in the event that they win the bid.
The dot-org registry operator will not set the retail price for dot-org
addresses but will establish the wholesale price that registrars must pay
when they sell names to retail customers. Lower wholesale prices could
translate into lower retail prices for domain-name shoppers.
Bidders have proposed wholesale prices ranging from the current rate of $6
per name, per year, to less than $4 per name.
***********************
Government Computer News
Security adviser previews national strategy
By William Jackson
GCN Staff
LAS VEGASPresidential cybersecurity adviser Richard Clarke drew ovations
from a crowd of 1,500 security experts attending the Black Hat Briefings
when he criticized the performance of software developers.
"The software industry has an obligation to do a better job of creating
software that works," Clarke said.
Clarke, head of the president's Critical Infrastructure Protection Board,
also drew applause when he said, "I don't trust the government to regulate
the Internet." He made the comments while giving a preview of the National
Strategy for Securing Cyberspace, which the administration plans to release
Sept. 18.
The 2,800-page report focuses on creating responsibility and accountability
for cybersecurity. The strategy responds to more than 200 questions, and
experts from the private sector developed much of it. Clarke said the
administration would update it several times a year.
"Chances are we will get it wrong in some aspects the first time around,"
he said.
Without revealing specific recommendations, Clarke outlined the strategy's
major areas:
Software development: Clarke called for more rigorous development practices
on the part of developers, and continued input from users to disclose
vulnerabilities.
Wireless networking: Wireless LANs are notoriously unsecure, he said.
Vendors have a responsibility to create more easily securable systems, and
users should not use systems with known vulnerabilities.
Broadband access: Telecommunications companies and Internet service
providers should provide firewall and other security services to customers
using always-on Internet connections, which leave systems open to hacking
over the Internet.
Internet security: There is no clear-cut responsibility for developing
secure Internet technologies, and the government should take a leadership
role in promoting security. The government should not regulate the
Internet, but it cannot walk away from this responsibility either, Clarke
said.
Federal government: Agencies need to do their part by using the security
products it is encouraging industry to develop. Clarke cited a number of
secure computing initiatives by hardware and software developers and said
that if they produce significantly more secure products, he would recommend
a massive replacement or upgrade of government systems.
************************
Associated Press
Bush Adviser Encourages Hacking
Wed Jul 31, 1:37 PM ET
By D. IAN HOPPER, AP Technology Writer
LAS VEGAS (AP) - A presidential advisor encouraged the nation's top
computer security professionals and hackers Wednesday to try to break
computer programs, but said they might need protection from the legal wrath
of software makers.
Richard Clarke, President Bush ( news - web sites)'s computer security
advisor, told hackers at the Black Hat conference that most security holes
in software are not found by the software maker.
"Some of us, here in this room, have an obligation to find the
vulnerabilities," Clarke said.
Clarke said the hackers should be responsible about reporting the
programming mistakes. A hacker should contact the software maker first, he
said, then go to the government if the software maker doesn't respond soon.
Hackers commonly share their findings with others in their community
through e-mail lists or Web sites. But how much they should disclose is an
ongoing debate among computer security professionals. Some argue that full
disclosure is best, while others say a hacker should only warn that a
problem exists without showing how to take advantage of it.
Clarke said hackers shouldn't help criminals by showing how to exploit a
programming bug before the software maker has a chance to fix the problem
by issuing a patch, or fix.
"It's irresponsible and sometimes extremely damaging to release information
before the patch is out," Clarke said.
Companies differ in their response to independent researchers. While some
encourage or even reward bug-hunters, others are more concerned about the
possibility of extortion or embarassment to the company. In some instances,
they seek civil or criminal charges against the hacker.
Clarke said that situation is "very disappointing," as long as the hacker
acts in good faith.
"If there are legal protections they don't have that they need, we need to
look at that," he said.
**************************
News.com
Security czar points finger of blame
By Robert Lemos
LAS VEGAS--Software makers and Internet service providers must share the
blame for the nation's vulnerable networks, President Bush's special
adviser on cyberspace security said Wednesday.
Speaking to a thousand attendees at the annual Black Hat Security briefings
here, Richard Clarke identified five specific groups responsible for the
vulnerability and said that people who can secure the Internet must step up
to the plate.
"There are a lot of people in our country that rely on cyberspace, who are
not taking responsibility for securing their part of cyberspace," he said.
The speech, which precedes the Bush administration's rollout on Sept. 18 of
the national strategy for critical infrastructure protection, outlined many
of the issues that Clarke and others had to consider in constructing the
new strategy.
The major issue, Clarke said, is that companies and organizations that
create the hardware, software and services that makeup the Internet aren't
doing enough to secure their products. In laying the blame for the
vulnerabilities in the Internet, he pointed not only to software makers and
ISPs, but also to those who create and use wireless networks, to the lack
of a group responsible for securing the Internet, and to the government
itself.
While he didn't outline the national strategy's recommendations, Clarke's
list of the five groups shows whom the government is targeting with the new
initiative.
Clarke saved much of his rhetoric to lambaste the software industry.
"The software industry has an obligation to do a better job producing
software that works," he said. "It's no longer acceptable that we can buy
software and run software on sensitive systems that is filled with glitches."
Clarke pointed to statistics published by the Computer Emergency Response
Team (CERT) Coordination Center that show that the number of software
vulnerabilities found by researchers has increased every year. The number
of flaws found to date has already surpassed the total flaws found last
year, he said.
He also said that while few firms acknowledged the incidents, nearly every
major financial and banking company was hit hard by the Nimda virus last
September. He cited damage figures of nearly $3 billions attributed to the
virus.
He stressed, however, that the virus got into computers through
vulnerabilities that at the time were known.
"It's not because the vulnerabilities has not been identified (that Nimda
spread), but because the patches had not been applied," he said.
He called on software makers to provide patches that are easy to install
and also have been checked for compatibility with the major software
applications used by most companies.
"That's why Nimda was so successful," he said. "Not because (the system
administrators) didn't have a chance to put the patches on but because they
wanted to test the patches themselves."
ISPs to step up
Internet service providers also have to be more security conscious, Clarke
said. By selling broadband connectivity to home users without making
security a priority, telecommunications companies, cable providers and ISPs
have not only opened the nation's homes to attack, but also created a host
of computers with fast connections that have hardly any security.
"Millions of houses are getting connected, which means that more and more
are getting vulnerable," he said.
In a measure of how greatly wireless networks are undermining corporate and
home-user security, Clarke put such networks in his top five of security
offenders. Already, he said, the Department of Defense has ordered the
shutdown of all wireless LANs in use within the department and in the
various military forces.
"Companies throughout the country have networks that are wide open because
of wireless LANs," he said.
Clarke also called on the government to drive more secure standards for the
Internet and for the Net's gurus to form an organization responsible for
the network's security.
Clarke likened the situation to Winston Churchill's early warnings of
Germany's air force buildup prior to World War II that prepared Great
Britain for the air war against Germany. He said that today's system
administrators must do the same.
"You all have responsibility to be Winston Churchills, to be out there in
front of anyone who will listen to say we are vulnerable," he told the
attendees. "If a cyberwar comes, and come it will, we will be like the
(Royal Air Force) and win."
*******************
Federal Computer Week
Burns tackling BIA troubles
Brian Burns, an information technology expert with 18 years of experience
in government and the private sector, has been named the chief information
officer at the troubled Bureau of Indian Affairs.
Until recently, Burns was the deputy assistant secretary for information
resources management and the deputy chief information officer at the
Department of Health and Human Services, where he oversaw an IT budget of
$3.5 billion.
"I depend on the chief information officer to keep the BIA's computer
network well-maintained and secure for our employees and service
beneficiaries," said Neal McCaleb, the assistant secretary for Indian Affairs.
In taking this new job, Burns will be responsible for helping to fix BIA's
computerized systems. Citing security concerns, U.S. District Judge Royce
Lamberth pulled the plug on the Interior Department's Web sites in December
2001 to protect data maintained under its Trust Asset and Accounting
Management System.
Since the shutdown, most of the department has gone back online. The
remaining systems, including those maintained by the Bureau of Indian
Affairs, are responsible for much of the agency's trust operations.
Interior has held American Indian-owned lands in trust for more than 100
years, leasing the properties and processing revenue earned from farming
and drilling. A group of beneficiaries filed a class action lawsuit in
1996, claiming that poor bookkeeping has prevented landowners and their
descendants from determining their account balances. They estimate as much
as $10 billion in lost or missing funds.
Burns is no stranger to troubleshooting. He has specialized in program
management, systems architecture and telecommunications and security
technology.
At HHS, he oversaw the department's enterprise IT investment strategy,
architecture and security across 12 agencies, including the Indian Health
Service, the Centers for Disease Control and Prevention, the Centers for
Medicare and Medicaid Services, the National Institutes of Health, and the
Food and Drug Administration. He also oversaw HHS' successful Year 2000
conversion and worked to make sure HHS computer systems and their data was
protected following the Sept. 11 terrorist attacks.
Last month, Melissa Rose Chapman became CIO at HHS, where she will oversee
the department's IT resources, program systems and infrastructure. In
addition, she will be responsible for the development of the agency's
enterprise architecture plan.
Prior to taking the HHS job, Chapman was a career executive with the Food
and Drug Administration, where she most recently was acting CIO. In that
post, she oversaw more than $200 million in IT expenditures.
Among her projects at the FDA, she led an IT team in planning for the
reauthorization of the Prescription Drug User Fee Act and spearheaded
development of FDA's e-commerce systems that provided electronic review of
drug applications.
Megan Lisagor contributed to this report.
*************************
News.com
Wi-Fi users warned of pirates
By Ben Charny
Staff Writer, CNET News.com
July 31, 2002, 3:49 PM PT
AT&T Broadband is warning customers to secure their Wi-Fi networks after an
unusual case in which a subscriber played an unwitting role in dispatching
a pirated movie over the Internet, the company's spokeswoman said.
The movie pirate lived next door to the subscriber, and was able to access
his neighbor's Wi-Fi wireless network to send the movie out over his
neighbor's AT&T Broadband high-speed Internet service, according to AT&T
Broadband spokeswoman Sara Eder.
The actual pirate was ultimately caught, and the AT&T Broadband customer
got a break.
"All we could do was ask the neighbor to encrypt his Wi-Fi network," said
Eder, who added that they tracked down the problem after getting a
complaint from an agency representing the movie's producers.
The incident has sparked an "educational effort" by the company, which is
asking customers with Wi-Fi networks to turn on the encryption that comes
standard with most of these devices, but is usually not activated when
shipped by manufacturers.
The case is another example of how insecure most Wi-Fi networks are and
comes at a time when DSL (digital subscriber line) providers are beginning
to crack down on users who share their bandwidth via Wi-Fi. Broadband
providers say Wi-Fi networks are an easy, anonymous way to shuttle pirated
content onto the Web.
Time Warner Cable recently sent letters out to a dozen or so Wi-Fi
subscribers who are sharing their bandwidth over a wireless network. The
letters point out that sharing bandwidth opens subscribers up to legal
risks if others use it for untoward purposes. The company has yet to shut
down any customers, a spokeswoman said.
Tim Pozar, of the Bay Area Wireless Users Group, still ruffles at Time
Warner Cable's claims that somehow a Wi-Fi user could be found liable for
unauthorized use of a broadband network. The latest case of the pirated
movie is a sign that the DSL providers threats are toothless, he said.
"It's like someone tapping your line, then using (you) for a drug drop," he
said.
Pozar said the movie case is the first he's heard of involving pirated
material being shuttled over a Wi-Fi network. The most egregious use until
now was spamming, he said.
NIST fit
While Wi-Fi makes it possible to roam a 300-foot area and connect to the
Internet or another device without wires, hackers continue to show that the
networks are porous. The latest slam came from the National Institute of
Standards and Technology (NIST), which reviews new technology for
government agencies.
NIST called current Wi-Fi networks "an unacceptable risk" for government
agencies because they don't meet government security needs. NIST recommends
the agencies "simply wait" for more mature security standards to come out
before adding 802.11b networks into their work places or operations.
New security standards aren't expected to be ratified until later this
year, which would put more secure products on the market sometime next year.
While the warnings to activate the encryption are helpful to consumers,
businesses generally do not need them. Often they are already familiar with
security holes in WEP (Wireless Equivalent Privacy), the standard security
measures on every piece of Wi-Fi equipment, said Tom Hussey, wireless
Internet product manager for Nortel Networks.
"Fortune 500 types are well aware of the inefficiencies," and they add more
security measures on their own, he said.
************************
New York Times
A Shift Registers in Willingness to Pay for Internet Content
More Internet users are showing a willingness to pay for content
online subscribing to news sites, for example, or paying fees to send
e-greeting cards suggesting a shift in consumers' expectations that online
services should be free, according to a survey of cyberspending patterns
released yesterday.
But the survey, put out by the Online Publishers Association, an industry
trade group, also shows that a relative handful of businesses benefit from
these purchases and that advertising remains the overwhelming source of
income for supporting digital content.
Extrapolating the online transactions of 1.1 million consumers, the survey
found that consumers spent $675 million for digital goods and services in
2001, nearly double the $350 million they spent the year earlier. The
survey found that 12.4 million Americans paid for some type of content in
the first quarter of this year, compared with 7 million in the first
quarter of 2001. The survey did not include payments made to pornography sites.
A big chunk of the spending accrued to business and financial news sites,
which in 2001 racked up $214.3 million in revenue from selling content,
mainly through monthly and annual subscriptions.
"It's where people need information the fastest that influences their
livelihood," said Michael A. Zimbalist, executive director of the Online
Publishers Association, which is based in New York. The association
includes about 20 major online publishers, including New York Times
Digital, The Wall Street Journal Online, Washingtonpost.Newsweek
Interactive, MSNBC.com, ESPN.com and CBS Marketwatch.
The strength of business and financial news sites comes as little surprise
given that financial sites started selling content relatively early in the
history of the Web; the category has been anchored by the success of The
Wall Street Journal Online, which, with roughly 650,000 subscribers,
accrued the second-most revenue, after Real Networks, a distributor of
audio and video material.
Several other prominent media companies have recently introduced for-pay
packages on their Web sites. ABC.com said yesterday that it would begin
charging $4.95 a month for "ABC News On Demand," which includes news clips
and day-after replays of "World News Tonight" and "Nightline," as well as
30 days of the programs' archives. CNN.com began charging for access to
video on its site earlier this year.
Mr. Zimbalist said the industry had also been heartened by a very recent
surge of content sales in several emerging categories, notably personals
and dating sites, one of the fastest-growing categories, with $72 million
in sales in 2001. In just the first quarter of 2002, it had sales of $53.1
million.
In addition, there has been a sudden growth of revenue among sports sites,
which are selling subscriptions to fantasy sports leagues and access to
sports news and statistics, and among online greeting card companies, some
of which now charge people to send virtual cards. American Greetings.com
has accrued 1.5 million subscribers, who pay $11.95 a year, since it
started selling subscriptions in December, according to the company's chief
executive, Josef Mandelbaum.
Mr. Zimbalist said the growth in these categories suggested that businesses
are beginning to figure out how to package their services in ways that
appeal to consumers, and that consumers are overcoming the idea that
content on the Internet should be free.
Mr. Mandelbaum, whose company also owns Blue Mountain Arts, eGreetings and
Beatgreets, said: "In the past five years, we trained consumers that
content was free that was our fault." He added that there had been a
"general reluctance, but slowly but surely, people are paying for content."
The story behind the growth in sales of e-greeting cards, however,
underscores that in some regards the spending patterns are quite narrow.
Mr. Mandelbuam said AmericanGreetings and its subsidiaries controlled some
75 percent of the free e-greeting market; it and Hallmark.com, a
competitor, now command much of the subscriber-based market, meaning that
the growth in the category is accruing to just a few businesses.
Similarly, just as The Wall Street Journal dominates subscription revenue
in the online financial category, Real Networks draws more than half of the
revenue in the entertainment-lifestyle category. Real Networks, which has
750,000 subscribers to its premium services, had the most revenue from
content sales in 2001.
Generally, the survey found that of the 1,700 sites charging for content,
the 100 with the most revenue drew 97 percent of all revenue and the top 50
sites drew 85 percent of the revenue.
Neil Budde, publisher of The Wall Street Journal Online, said that one
common theme he has seen among sites that are successfully charging for
content is that they have created an audience eager to return for
information or services on a frequent basis. "If most of your traffic is
once a month, or once every couple of months," he said, "you've got less of
a chance than if you've got regular repeat visitors."
According to the survey, revenue from sales of online content in 2001
constituted about one-eleventh of the $7.2 billion in advertising-based
online revenue. But Mr. Zimbalist, noting that content sales hit $300
million in the first quarter of this year nearly half the total for all of
last year said he believed that fees paid for content could become an
increasingly large piece of the pie, perhaps as much as one-fifth of the
revenue. "It is becoming a leg on the stool that supports online
publishing," he said.
***********************
Federal Computer Week
OMB freezes management systems
The Office of Management and Budget on July 30 issued a memo to the
agencies that are moving to the proposed Homeland Security Department,
directing them to freeze all planned investments on major management systems.
The freeze is a step toward creating an information technology architecture
for the proposed department.
The memo focuses on the financial, human resources and procurement
management systems at the agencies. It also describes how the proposed
department could take advantage of particular initiatives already under way
as part of the E-Government Strategy.
Those initiatives, which are being developed by multi-agency teams under
OMB's leadership, are designed to improve efficiency and effectiveness and
include e-Training, Integrated Acquisition Environment, e-Travel,
Recruitment One Stop, and Integrated Human Relations and Payroll Processing.
The affected agencies include the Federal Emergency Management Agency and
the Agriculture, Commerce, Justice, Transportation and Treasury departments.
Each of those agencies has its own management systems, and they have
millions of dollars worth of modernization efforts planned or under way.
Among the largest investments over fiscal 2002 and 2003 are:
* $86 million for the Customs Service's Automated Commercial Environment.
* $24.1 million for the Coast Guard's Finance Center Total System.
* $23.9 million for the Immigration and Naturalization Service's Federal
Financial Management System.
The freeze affects all investments more than $500,000, pending a quick
review by the Business Systems IT Review Group created by the memo. Initial
estimates show consolidation of the financial systems alone could save up
to $85 million over the next two years, according to OMB.
The review group will be led by OMB and the Office of Homeland Security,
and will be made up of chief financial officers, procurement executives,
chief information officers and human resources executives from each of the
agencies. The group will define high-level requirements, recommend actions
and track savings.
The memo outlines a review structure similar to the one in place for all
homeland security IT investments, detailed in a July 19 OMB memo. Under
that process, reviews of agency investments are expected to take only days
or weeks, according to OMB officials.
*********************
Federal Computer Week
Experts translate voice tech needs
The universal translator made popular in Star Trek movies is still years,
if not decades away, but speech and voice recognition technologies can and
are helping the U.S. armed services achieve their missions.
However, government users must better define their requirements to get
applicable tools into warfighters' hands, according to government and
industry experts.
"Our responsibility [in the armed services] is to better explain what we
need to do," said Ashley Johnson, science adviser for the Marine Corps'
Marine Forces Pacific. "It's the art of the possible with requirements. For
high-tech analysis and intelligence stuff at the three-letter agencies,
there are good tools, but moving that capability to the front line targeted
to mission areas, we're just starting to scratch the surface."
Speaking July 30 at a speech and voice technology conference in Washington,
D.C., Johnson said getting quality technologies, including translation
tools, into warfighters' hands requires a "management of expectations" from
Defense Department users and commercial technology providers.
He added that pocket "phrase-a-lators," which can translate basic phrases
in foreign languages, are being used in Afghanistan and elsewhere in the
world with some success.
Judith Markowitz, president of J. Markowitz, Consultants, said the speech
and voice technology market is expected to be worth about $6 billion by
2006, with government and military customers accounting for 15 percent to
20 percent of that spending.
The three main types of technologies are:
* Voice biometrics, which includes speaker authentication.
* Speech and voice generation, which includes text-to-speech synthesis.
* Speech and language recognition, which includes audio mining.
But if a vendor suggests a device is "all things to all people," military
users will quickly be disappointed when it doesn't meet expectations, and
then they will "throw it in the back of the truck," Johnson said.
"You have got to target a device towards an environment," Johnson said. "If
a Marine understands what he's got and how to use it, even if it's only 70
or 80 percent, he can deal with that."
Jake Hodges, vice president of operations at Eumetria Inc., a consulting
firm that has evaluated numerous speech and voice technologies for
government agencies, agreed and said that determining operational
requirements and how a device is going to be used are the key elements.
"First, you have to understand what a users' requirements are or they will
take the systems out there and the portions that it applies to [will use
it] and for the others that it doesn't work, it becomes a doorstop," Hodges
said. "One piece of equipment can't satisfy everybody."
However, dependability is equally important as a small footprint, reliable
power source and usability, Johnson said.
"It must also be user-friendly," he said. "If you need a Ph.D. to use it
and you hand that to a 19-year-old Marine who is used to five or six
sentences explaining how to use [equipment], that's not the right
environment." But that tool could work for a senior intelligence analyst,
she added. "You have to understand the target."
**************************
Federal Computer Week
Letters to the editor
Defining Homeland rules
Following are responses to an FCW.com poll question that asked, "Given an
opportunity, would you work for the Homeland Security Department?"
With this uncertainty, the new department heads must be held accountable to
a much more stringent law or oversight. So assuring correctness and holding
accountable all those in charge of the new department on operational and
personnel activities is a must! Specific rules applying to those agency
heads must be outlined and fleshed out immediately! Otherwise, we slow down
the intent of the agency, namely to assure homeland security.
Name withheld by request
***
An opportunity to work in and for a new agency with expanded powers comes
but once in a lifetime. Once the Federal Aviation Administration was the
ultimate agency to work for, with vast powers to regulate and build a
better United States. Now it is fast becoming the Homeland Security
Department. What better way to complete federal service than to have a
helping hand in building this new agency?
Name withheld by request
***
As a federal employee, I would not work at the Homeland Security Department
until Congress decides on how our current civil service rights and
guarantees are to be handled. I will stay with the Army and still serve my
country yet retain my civil service security.
Name withheld by request
************************
Government Computer News
Taxpayers will file 2002 federal returns online for free
By Jason Miller
The Office of Management and Budget yesterday said it came to an agreement
with tax software vendors to let citizens file their tax returns online at
no cost. OMB said it will publish a Federal Register notice detailing the
terms of the agreement and open a 30-day comment period.
After the comment period, OMB will review suggestions and put a new free
tax filing consortium Web page online by Dec. 31 so taxpayers can file 2002
returns electronically.
The Web site is one of the milestones for the EZ Tax Filing e-government
projectone of the 24 Quicksilver initiatives OMB is leading.
OMB officials said they expect 78 million taxpayers to file online next
year. Previously, companies charged individuals an average of $12.50 to
file their taxes online. Under this agreement, the consortium will offer
free online tax preparation and filing, and the IRS will not compete with
the group by offering free services. The IRS also will provide links to the
companies in the consortium.
*************************
Government Computer News
Administration launches a clearinghouse for volunteers
By Dipka Bhambhani
President Bush this week introduced the USA Freedom Corps Volunteer
Network, a Web portal that will act as a clearinghouse for more than 50,000
volunteer organizations nationwide.
The new site, at www.usafreedomcorps.gov, connects users to service
opportunities within organizations such as America's Promise, the National
Mentoring Partnership, Points of Light Foundation, SERVEnet, United Way and
VolunteerMatch.
Users enter basic search information such as how they would like to
volunteer and where. They receive a detailed list of opportunities that
match their criteria.
"We understand that serving others meets needs that a government can never
fulfill," President Bush said at the White House Tuesday. "We're promoting
service to prepare for crises at home, to strengthen our communities, to
help people in need, and to extend American compassion throughout the world."
***********************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx