[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips August 14, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
- Subject: Clips August 14, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Wed, 14 Aug 2002 10:23:23 -0400
Clips August 14, 2002
ARTICLES
Princeton Disciplining Staff for Yale Web Site Break-Ins
Sex.com case turning dirty
Fortified by Defense Dollars
Is Now a Good Time To Be a Hacker?
Military maps out homeland help
Roster Change
IRS reaches deal to offer free e-filing
Bush Stresses Need for Broadband Deregulation
Florida ready to move past chad of 2000 election
Students tackle simulated rescue with 'robotics war game'
Computer 'bloodhound' finds hard-to-see features in images
White-Hat Hate Crimes on the Rise
Glitch blacks out FBI's Web sites
10% of the world's population now have internet access
Sleeping with the enemy
************************
New York Times
Princeton Disciplining Staff for Yale Web Site Break-Ins
By KAREN W. ARENSON
Princeton University said yesterday that it planned to allow its two top
admissions officials to remain at the university despite their lapses in
judgment involving a break-in by admissions officials into Yale
University's computer system.
In announcing the findings, Princeton's president, Shirley M. Tilghman,
said that Stephen E. LeMenager, the admissions official who first broke
into a Yale Web site for college applicants, would be moved to another job
at Princeton.
She said Princeton would also allow Fred Hargadon, its longtime dean of
admission and Mr. LeMenager's boss, to remain in place until next June,
when he will retire as previously planned. She said yesterday that Mr.
LeMenager, the associate dean and director of admission, had told Mr.
Hargadon of the unauthorized entry and that Mr. Hargadon failed to
recognize its significance, to prevent other such entries or to report the
break-in.
Dr. Tilghman also said that everyone involved in the break-ins including
those who knew about them and did not report them would be disciplined,
though she would not say how many people were involved or how they would be
disciplined.
"These actions were wrong," Dr. Tilghman said yesterday during a news
conference to report on what Princeton had found in its own investigation
and the steps it was taking.
Mr. Hargadon issued a statement yesterday saying that he accepted
responsibility for the "inappropriate actions" of staff members and for not
calling attention to the misbehavior. He pledged "to restore the complete
integrity" of the office in his remaining months.
Theodore O. Rogers Jr., a lawyer for Mr. LeMenager, said neither he nor his
client would comment.
Dr. Tilghman said the university's investigation had found that the actions
were motivated by a desire to check out the Yale Web site's security and by
simple curiosity. The admissions process was not affected, she added.
In April, on the day the Ivy League universities notify applicants of their
decision, Mr. LeMenager entered the Yale Web site using birth dates and
Social Security numbers from Princeton applicants who had also applied to
Yale. He then told his boss and others in the admissions office, some of
whom also entered the site.
The Yale site stated specifically that it was intended only for the
applicants, not their friends, relatives or anyone else.
Dr. Tilghman said yesterday that she did not yet know whether any legal
actions would be taken against Princeton. She said that the university had
contacted the students whose information was misused and received
indications "that they were satisfied with our apologies." And she said
Princeton was cooperating with federal authorities investigating the matter.
Yale's president, Richard C. Levin, said in a statement yesterday that he
was impressed by the thoroughness of Princeton's investigation, which was
conducted by a former federal prosecutor. Dr. Tilghman said that Princeton
would assess all its privacy policies and also the security of its
information systems, and that it planned to hire a technology security
director.
"One of the lessons of this experience is that even individuals with a high
degree of sensitivity to ethical principles in traditional settings can
fail to be equally sensitive when technology is involved," she said, "as
when someone who would never open a sealed envelope addressed to another
person enters a secured Web site."
She said the admissions office was known for not being technologically
oriented. "That does not excuse what happened," she said, "but it helps
explain their failure to recognize that what happened was wrong."
Similarly, when Mr. LeMenager told a Yale admissions official of his
ability to enter the Yale Web site at a meeting of Ivy League admissions
officials in May, Dr. Tilghman said, the ensuing discussion at the meeting
was about security issues, not about the impropriety of the action.
Dr. Tilghman has asked Nancy Malkiel, dean of the college at Princeton, to
oversee a training program for all members of the admissions staff on the
privacy and confidentiality of applicants.
"We will learn from this and make changes," she said, "and move on as a
better place."
********************
News.com
Sex.com case turning dirty
By Lisa M. Bowman
Although it's an arcane case about property rights in the digital age, the
Sex.com saga has all the trappings of a juicy pulp fiction novel: a
fugitive on the lam in Mexico, would-be bounty hunters and porn.
Now justices in the 9th Circuit Court of Appeals are hoping to sort out at
least one of the issues: whether domain name registrar VeriSign can be held
responsible for turning the Sex.com name over to someone who sent the
company a forged letter requesting the transfer.
The case offers more than a glance into the prurient world of Net porn. It
could have important legal implications for companies that administer
domain names, including determining the duties and liabilities for domain
name registrars that handle Web addresses. In addition, the case could help
settle how domain names are treated under property law.
On Tuesday, a three-judge panel heard arguments from lawyers representing
Gary Kremen, the businessman who lost and then won back the rights to the
Sex.com domain name from VeriSign, which turned over the domain name; and
from Stephen Cohen, the man who tricked VeriSign into giving him the name
for five years and now apparently is hiding out in Mexico.
In this phase of the legal saga, which has gone on for more than six years,
the appellate judges are trying to decide VeriSign's culpability in the case.
The Sex.com name is one of the most lucrative sites on the Web because it's
become a natural destination for those looking for porn. Kremen originally
registered the name in 1994. Soon afterward, Cohen sent Network Solutions
(which is now owned by VeriSign) a fraudulent letter authorizing the
transfer of the name to him.
Kremen sued, and last year he won the name back from Cohen, but he has yet
to see the $65 million in damages a judge ordered Cohen to pay him.
However, the court also ruled that Kremen cannot sue VeriSign for the
transfer because a domain name isn't tangible property. Now Kremen's hoping
the appellate panel will overturn that ruling.
During Tuesday's hearing, the judges seemed to cast doubts on VeriSign's
claims that it's not responsible for turning the name over to Cohen after
receiving his forged letter.
Judge Alex Kozinski wondered how VeriSign's DNS database of domain names
was any different from a stock certificate, which he said connects an owner
with some property.
David Dolkas, an attorney at Gray Cary Ware & Freidenrich, the firm
representing VeriSign, said that if the judges were asking "is the DNS
database somehow representative of an ownership right, the answer is no."
"Why not?" Kozinski replied. "Why isn't that exactly what it is?"
Judge Margaret McKeown also grilled Dolkas, asking him if the company is
claiming that it has no responsibility at all in the case.
Dolka reiterated claims that VeriSign shouldn't be held liable, saying the
database is simply a neutral translator between Web addresses and domain
names.
He said a ruling against his company would "create a world of hurt,"
opening the floodgates for all types of suits, including contract and
property claims from people whose domains are down for just a short while.
Dolkas said people who feel they've been wronged in the domain name process
already have a variety of private dispute resolution remedies. "There's no
hole that needs to be plugged," he said.
James Wagstaffe, a Kremen attorney, argued that VeriSign broke an implied
contract that gave his client ownership of the name. "They didn't do what
they said they were going to do," he told the court. Wagstaffe said the
whole case could have been avoided if VeriSign had simply phoned or
e-mailed Kremen and asked him if he approved the transfer. "They do it now.
They should have done it then," he said.
The judges will issue a ruling on the matter sometime in the coming weeks
or months.
The lively court hearing also touched on a variety of other issues,
including Cohen's whereabouts.
At one point, the judges chastised Cohen's attorney for his
characterization of the federal judge who ruled against his client. Mike
Mayock said the judge was "sucker punched" and "blindsided" by Kremen, an
assertion that didn't go over well with the judges.
"You're really standing there telling us he's a fool?" wondered an
incredulous Kozinski. "I don't think it's appropriate for you to call a
district judge a sucker."
Meanwhile, Kremen said he's planning to reinstate a $50,000 bounty he
offered last year for information leading to Cohen's arrest. Cohen
apparently fled to Mexico and has failed to appear at several court hearings.
************************
Washington Post
Fortified by Defense Dollars
Government Contractors Help Stabilize Region's Economy
By Renae Merle and Neil Irwin
When the local commercial technology sector collapsed, government
contractors got a new title: savior.
While telecommunications and software companies laid off thousands of
employees over the past two years, government contractors added to their
payrolls. When investors abandoned the highfliers of the new economy,
causing their market values to collapse, the companies that worked on
federal contracts kept plugging along.
Now, as the local economy regroups after the end of the boom, the brightest
regional star is also one of the oldest. More than half of the economic
activity in the region can be traced, directly or indirectly, to federal
spending, according to the George Mason University Center for Regional
Analysis. The massive ripple effect of government spending, filtered
through these technology-oriented contractors, is the main reason that the
Washington area economy hasn't staggered as badly as other areas that
placed big bets on technology have.
"Washington is holding up very well compared to some of the other large
tech regions, like Silicon Valley," said Christine Chmura, president of
Chmura Economics and Analytics. "The key reason is the influence of the
federal government and those contracts."
"Washington didn't get hit nearly as bad as other technology centers
because of defense spending," agreed Steven Cochrane, chief regional
economist of consulting firm Economy.com. "Defense work is really
increasingly tied into telecommunications and Internet infrastructure, and
all sorts of weaponry needs millions of lines of software code."
The 11 largest defense contractors in the nation employ more than 48,000
people here, significantly more than companies in telecommunications or
software or biotechnology. The shares of the nine largest locally based
defense contractors were worth $49.2 billion as of July 31, far exceeding
the worth of local companies in the other sectors.
These companies benefited from the boom, as did the WorldComs and
MedImmunes, but their boom wasn't nearly as large. Employment rose by about
3,500 jobs between March 2000 and July 31, 2002. While the value of
companies in the other sectors were tumbling during that period, the market
capitalization of the largest locally based defense contractors rose by
more than $29 billion.
But if government contractors find themselves cast in the role of savior,
they are not playing the role of miracle worker.
"Federal spending is having an effect on the local economy, but it's
obfuscated by the fact that non-federally related technology is still in
decline," said Anirban Basu, chief economist of Towson University's
Regional Economic Studies Institute. "The net effect is a decline."
So far, federal spending for the war on terrorism has not created enough
jobs to keep the region's total employment from falling.
The flood of homeland security spending expected to boost the industry has
yet to appear. So far, money has been allocated for just nine contracts out
of 12,000 proposals sent to the Defense Department earlier this year. The
administration has proposed spending $52 billion more for technology, a 16
percent increase over the current budget.
"I think there were unrealistic expectations that the money being put forth
would be a windfall for lots of companies and it's been slower to develop,"
said Jim Kane, head of marketing firm Federal Sources Inc.
It's a turnabout from the early 1990s, when fears of declining defense
spending led contractors to diversify. In 1999, SRA International Inc.
launched an emerging-technologies unit to commercialize some of its
applications.
"In the mid-1990s as the dot-com [craze] was at a fever pitch, there was a
strong market pull to commercial," said Edward Legasey, chief operating
officer of SRA.
Now with federal spending expected to hit new heights, SRA is closing down
the unit, which reported an $6 million loss last year.
Still, some firms have already experienced an increase in work related to
homeland security, although it comes at a cost.
DynCorp Corp. planned to spend three to five years on a $51 million Federal
Bureau of Investigation contract to update the agency's computer systems.
But after Sept. 11, the FBI decided to condense the contract to 12 months.
That meant an unexpected boost in current earnings, but the firm must fill
a future gap in projected revenue, said Paul Lombardi, chairman and chief
executive.
Much of the significant homeland security spending is expected to be
allocated in the fiscal 2003 budget, which is still being debated by
Congress, and may take even longer as policies are developed, industry
observers said.
"A lot of the government spending on defense and homeland security is still
a projection. It hasn't actually been spent yet, so it hasn't dramatically
affected companies in this region," said Jerry Grossman, managing director
of investment bank Houlihan Lokey Howard & Zukin.
That hasn't dampened investor enthusiasm for the sector. Six government
contractors have been able to raise more than $1.1 billion since Sept. 11,
according to research by RBC Capital Markets.
That has helped keep local unemployment rates down, a marked contrast to
other tech-heavy parts of the country. But tech workers may also find
themselves rebuffed by the federal sector without the right credentials.
Since being laid off by telecommunications equipment firm Tellabs Inc. 10
months ago, Lance Choi, a veteran electronics engineer has seen more form
rejection letters than he cares to count -- and those are just the ones
from the would-be employers nice enough to bother sending rejection letters.
Government agencies and contractors often need workers with security
clearances, he complains, but won't hire a person without one and then put
him through the process of receiving clearance.
The skills needed for government work don't always translate from the
commercial sector, local firms said. And many executives of government
contractors say that there is a disconnect -- in culture and in technical
ability -- between the old-line contractors and the johnny-come-latelies to
government work.
In part, it's the same culture clash of a few years ago, when
multibillion-dollar companies doing "boring" government work lost out in
the competition for workers, investment dollars and public attention to
firms that ultimately proved ephemeral. But it's also true that someone
trained in telecommunications or software development may not be qualified
to design computer networks for large government agencies.
"We have had hundreds of companies doing commercial business come to us in
the last year," said Michael A. Daniels, a senior executive with government
contractor Science Applications International Corp. "They've never done any
business with the federal government, but they come in and tell us that all
their skills and capabilities ought to be transferable to that world.
"But when you look at those skills, they're just not transferable. They all
want to believe it is. But 75 percent of those commercial companies don't
have the skills to do government work."
Coleman Raphael was chief executive of Atlantic Research, a company that
makes rockets for missiles, in the 1980s. During the boom, he advised a
start-up Internet company. When he urged executives of the company to have
a clear plan for how and when it would become profitable, rather than
continue open-ended spending on advertising, they dismissed him as a
"dinosaur," he recently recalled. The company is no longer in business.
Anteon is inundated with applications for its more than 200 openings, and
Pat Dawson, Anteon's senior vice president of administration, said he
fields six calls a week from headhunters. It is quite a turnabout from 2000
when start-ups lured employees away with 20 percent raises and stock
options, pushing its turnover rate to more than 20 percent. The rate is
back down to 10 percent and Anteon has rehired about 90 employees who left.
But Dawson foresees cultural differences as a potential barrier for some
tech employees. Applicants used to tons of stock options or a higher pay
scale may be surprised by Anteon's more restrained approach, Dawson said.
"We don't have the high margins that would allow us to lavish people with
foosball tables," Dawson said. "Our margin levels in the government sector
require us to be more conservative with those type of employee benefits."
************************
NewsFactor
Is Now a Good Time To Be a Hacker?
Clark told an audience at the annual Black Hat Security convention in Las
Vegas that he blames the lax security of ISPs, hardware makers, wireless
network users and the government itself for creating an unstable Internet
environment that is ripe for attack. [For the complete story see:
http://www.newsfactor.com/perl/story/19011.html#story-start]
************************
Federal Computer Week
Military maps out homeland help
The four main military branches are working on a memorandum of agreement to
define what technologies and services they use and how they will work
together to support other first responders and the proposed Homeland
Security Department.
Michael Albarelli, director of homeland security at the Army
Communications-Electronics Command, said a working group, which also
includes members from the Air Force, the Navy and the Marine Corps, met
last week at Hanscom Air Force Base in Lexington, Mass., to iron out the
details of the memorandum.
The Defense Department military services are looking at what technologies,
processes and equipment they have that first responders could use in the
event of a natural disaster or other national emergency. Lessons learned
from last year's terrorist attacks provide the foundation for the memo,
which also includes governance on "how we operate jointly in those types
of" events, Albarelli said.
Once a final copy of the memorandum is ready, the working group will submit
it to the Office of the Secretary of Defense, where officials will review
it before submitting it to the proposed Homeland Security Department, he said.
"Everyone has a copy of it, and we're moving out," Albarelli said. "It
should be signed in about a month."
DOD is not looking for a leadership role in homeland security, but rather
is concerned with how the military services can best support the proposed
department, other civilian agencies and first responders in a disaster
situation, he said.
"We believe we can help them," Albarelli said.
************************
Federal Computer Week
Roster Change
Daryl White, the Interior Department's former chief information officer,
will retire from the federal government Aug. 15. After four years as
Interior's CIO, White became the Bureau of Reclamation's special assistant
for technology in June. W. Hord Tipton, previously CIO at the Bureau of
Land Management, took over the Interior CIO position.
For more, please see "Former Interior CIO retiring"
***
Federal Aviation Administrator Jane Garvey said goodbye to the airspace
agency earlier this month, and a senate confirmation hearing for her
designated replacement, Marion Blakey, has been postponed until after Labor
Day. Monte Belger, formerly Garvey's deputy, is now acting in her stead,
delaying plans to retire.
***
Tammy DiBlasi has been appointed as federal account manager for Okena Inc.,
a developer of intrusion prevention security software, the company
announced Aug. 6.
DiBlasi will be responsible for providing Okena's StormWatch and StormFront
host-based intrusion prevention security solutions to federal agencies,
including management of existing deployments in the Army, Air Force,
Defense Information Systems Agency, Defense Logistics Agency, and
departments of State, Treasury, Energy and Justice.
DiBlasi joins Okena with more than 10 years of experience providing
technology solutions to the federal government. DiBlasi previously served
as federal account manager for Symantec Corp.
***********************
Government Executive
IRS reaches deal to offer free e-filing
From National Journal's Technology Daily
The Internal Revenue Service and a consortium of private-sector firms have
reached a deal that will enable approximately 78 million Americans to
electronically file their taxes on the Internet free of charge.
Under the proposed agreement, announced by the Treasury Department and
Office of Management and Budget, a group of firms including American
Express, AT&T and H&R Block will collaborate to enable citizens to file
taxes online free of charge at an IRS Web portal.
However, the system applies to 60 percent or more of taxpayers who meet
certain qualifications. Treasury will post those criteria in the Federal
Register at a later date.
Federal officials seek to have the system up and running by year's end for
the 2003 tax-filing season.
The new system fulfills one of President Bush's 24 e-government mandates,
and it is designed to increase the speed with which taxpayers receive their
refunds.
**************************
Computerworld
FAA moving to enhance integration with Norad
By DAN VERTON
WASHINGTON -- The Federal Aviation Administration is providing the
Pentagon's North American Aerospace Defense Command (Norad) with FAA
control systems, specifically radar and voice, to improve military air
defense operations in the event of another terrorist hijacking.
Although FAA officials said the systems will enable military planners to
see the same picture as FAA air traffic controllers and should help improve
civilian-military cooperation during any future emergency, the current FAA
system for coordinating a governmentwide response to a potential hijacking
remains surprisingly low-tech.
A basic voice teleconferencing link established on the morning of Sept. 11
has evolved into what the FAA calls "an events network" and remains in
place today as the primary emergency communications network for senior
government officials and FAA tactical decision-makers, said Dave Canoles,
director of emergency operations and communications at the FAA.
Canoles, who served as manager of air traffic evaluations and
investigations during last year's terrorist attacks, spoke to reporters
yesterday at FAA headquarters for the first time about the events of Sept.
11. He was responsible for establishing the voice network now in place.
The teleconferencing line is similar to a 24-hour, always-open party line,
with coordination and data exchanges "continuously" taking place, said
Canoles.
"It's a means of enhancing communications between the FAA, Defense
Department, Office of Homeland Security and the Transportation Security
Administration," he said.
Meanwhile, the Defense Department has also asked that the FAA send
permanent air traffic control liaisons to various military air bases as an
additional means of enhancing coordination, said Bill Peacock, director of
air traffic at the FAA. "They want several air traffic controllers in their
facilities, in some cases 24 hours per day and in other cases 16 hours per
day," said Peacock.
Despite the seemingly low-tech nature of the network now in place to
provide coordination across the nation's airspace, the FAA on Sept. 11
managed in just three and a half hours to clear the skies over the entire
U.S. of more than 4,500 commercial flights. During that time, there were at
least 11 "suspect airplanes" that officials feared could have been
hijacked; four of those aircraft did, in fact, take part in the attacks.
Although the hijackings that day were not the classic hijackings FAA
officials have trained for and experienced over the years, "the calls to
Norad were timely. We were all kind of coming to the same conclusion at the
same time," said Peacock, despite the apparent lack of IT-enabled
understanding among various regional air traffic control centers about what
was happening.
However, there were still problems getting the word out to the civilian
general aviation community, Peacock said, noting that several general
aviation flights took off from civilian airstrips that day despite the
grounding of all flights. "They either didn't get the word or they ignored
it," he said.
Meanwhile, FAA officials are studying ways to make it harder for hijackers
to turn off the aircraft transponders that tell air traffic controllers the
current location of the aircraft on radar -- a situation that significantly
complicated coordination and response efforts on Sept. 11, said Peacock. He
could not provide details on what new technologies might be considered.
"There were a couple of little clues [on Sept. 11] that said the
airplane[s] were forcibly taken off-line," said Canoles, referring to the
difficulty of deciphering how and why the transponders on the four hijacked
aircraft shut down.
The standard operating procedure now is to "treat everything with
suspicion," said Linda Schuessler, FAA manager of air traffic evaluations
and investigations and someone who was in the FAA tactical operations
center in Herndon, Va., on Sept. 11.
The bottom line, said Peacock, is that the FAA is still counting on air
traffic controllers to spot the loss of a transponder and determine whether
it's the result of a hijacking, said Peacock.
*************************
Washington Post
Bush Stresses Need for Broadband Deregulation
By Brian Krebs
In perhaps the clearest indication of the White House's stance on broadband
policy to date, President Bush today praised federal regulators for
pursuing a plan to deregulate the market for high-speed Internet services.
"The Federal Communications Commission is focusing on policies to encourage
high-speed Internet service for every home and every business in America,"
Bush said at an economic forum in Texas. "The private sector will deploy
broadband. But government at all levels should remove hurdles that slow the
pace of deployment."
Administration officials have so far been careful not to endorse FCC
proposals or legislation in Congress designed to scale back laws that
restrict the incumbent Baby Bell regional telephone monopolies from serving
the long-distance broadband market.
In the coming months, the FCC is expected to vote on a proposal to classify
telephone-based broadband access as an information service rather than a
telecommunications service, a move that would free the major phone
companies from a host of open-access requirements. The commission
tentatively reached the same conclusion for cable-based broadband service
in a separate proceeding earlier this year.
Traditional dial-up Internet service providers say those regulatory moves
could prevent them from offering high-speed Internet services over the
networks controlled by the phone and cable industries. Consumer groups also
broadly oppose the apparent policy shift, arguing that it will drive
smaller competitors out of business, effectively limiting consumer choice.
**********************
USA Today
Florida ready to move past chad of 2000 election
By Deborah Sharp, USA TODAY
DELRAY BEACH, Fla The "butterfly ballot" threw him for a loop two years
ago, but Edward Japalucci needed only moments to master the new
touch-screen machine that many Florida voters will use in next month's primary.
It will take a lot longer for his hard feelings to fade over the 2000
presidential election, when voting mishaps made his county a national punch
line and led ultimately to statewide voting changes.
"It wasn't very funny," says Japalucci, 73. "If you're a Democrat, it
wasn't very funny at all."
On Sept. 10, the Florida primary will mark the first statewide election
since the voting debacle of November 2000. Florida has made broad changes
since then. The 30-year-old punch-card technology that was used is now
banned. Voter education has increased. And recount rules are standardized.
Election supervisors have been busy demonstrating the touch-screen voting
machines at malls, senior centers and small civic gatherings. The screens
resemble bank ATMs.
At the Elks lodge here, Japalucci and 26 others turned out recently for a
demonstration by Palm Beach County Elections Supervisor Theresa LePore.
There were only a few glitches.
"It's a computer. I know that scares a lot of people, especially older
people," LePore says. She compared it to other touch-screens, from
microwaves to video poker. "Don't be afraid of it."
But with the old punch-card technology, Florida put the outcome of the
presidential election on hold through 36 days of recounts, court battles
and protests. The U.S. Supreme Court finally settled the stalemate. Of 5.8
million ballots cast in Florida for the Republican and Democrat candidates,
George W. Bush beat Al Gore by an official margin of 537 votes.
Florida bore the brunt of national scrutiny of voting methods. But the
narrow outcome revealed voting system flaws nationwide. Some 101 million
Americans voted in the presidential election.
Researchers from the California Institute of Technology and the
Massachusetts Institute of Technology studied the nation's voting
technology after the 2000 election. They concluded that between 4 million
and 6 million Americans were unable to vote, or their votes were uncounted:
At least 1.5 million presidential votes were lost due to faulty equipment
or confusing ballot design.
Registration mix-ups accounted for 1.5 million to 3 million lost votes.
Polling place foul-ups led to 1 million lost votes.
Most Americans were surprised to discover vast numbers of votes are
routinely uncounted in a system hobbled by everything from voter error to
flawed technology. If victory margins are wide, the spoiled votes rarely
become an issue. But in a close race, the shortcomings are revealed.
Which is why a nation learned, through the Florida recounts, about the
once-obscure chad. Chad not "chads" are tiny bits of paper that result
after a voter makes selections on a punch-card ballot. Sometimes the chad
does not fully separate from the ballot, those are called hanging, pregnant
or dimpled chads.
Nearly every state filed election reform measures after Florida's fiasco: a
staggering 3,561 bills. By early July, only 440 provisions had passed,
according to the National Conference of State Legislatures.
A handful of states, besides Florida, made major changes, including
Georgia, Maryland and California.
"Obviously, some momentum has been lost. Congress hasn't produced a bill in
almost two years. It's an absolute outrage," says Doug Lewis, of the
non-profit Election Center. The center represents about 6,800 election
supervisors in counties and other jurisdictions nationwide.
The House has passed a bill to provide up to $2.65 billion over three years
to set minimum standards for national elections that would include
modernizing voting equipment, improving voter education and training
election administrators and poll workers. The effort has hit a snag in the
Senate, however, over the insistence of Republicans that first-time voters
be required to show photo ID or other documentation to vote.
In Palm Beach County, LePore has held more than 500 demonstrations with the
county's $14.4 million voting machines. Fifteen of Florida's 67 counties
purchased touch-screen machines. The other counties opted to use optical
scan ballots, in which voters pencil in ovals next to a candidate's name,
as with standardized school tests.
With touch screens, voters select a candidate by touching a circle next to
the person's name. The technology allows voters to review their selections.
It also includes some fail-safe measures. For example, it won't allow
voters to mistakenly mark more than one candidate in a single race or skip
marking a particular race. Such "over-votes" or "under-votes" were a
problem in 2000.
The equipment had a rocky debut in Palm Beach County this winter. Problems
in two municipal elections led losing candidates to file lawsuits and
demand recounts. One of the suits has been dropped.
LePore says touch-screen problems were minimal. This year, some 65,000
people voted in 20 municipal elections, she says, and about twice that
number have tried the new technology at demonstrations. The county has
700,000 registered voters.
"The equipment has worked just fine," says LePore, 47, who is serving a
second term.
LePore was pilloried in 2000 for the design of the butterfly ballot. It
listed the candidates on facing pages instead of down one page. She did it
to make the ballot easier for seniors to read, but many voters were
confused about which hole to punch for their candidate.
She says she doesn't like to relive those days after the 2000 election,
when she received death threats and had to have a security detail.
But memories of that time still divide county voters. Many Democrats say
victory was stolen from Gore, while many Republicans say a rightful Bush
win was unfairly tainted by protests and recounts.
Bud Harvey, 79, an Elks member and a Republican, praised the new technology
after his tryout: "The Republicans are going to win again. This time,
without any problems."
*************************
Nando Times
Students tackle simulated rescue with 'robotics war game'
By SCOTT R. BURNELL, United Press International
WASHINGTON (August 13, 2002 3:44 p.m. EDT) - Students gathered Monday
around a cardboard mockup of Washington's train station to try their hand
at using robots to search for and assist terrorism victims.
The mission was to explore Union Station in the aftermath of an explosion.
The teams were assembled from a collection of students, from elementary
school through college, who were given a variety of modular pieces from
which to create their robot. The exercise controllers threw in various
complications, including having complete beginners operate the robots via
laptop computers and other controls.
The student "robotics war game," and a parallel simulation where
businessmen tested out solutions to rapidly move technology, are preludes
to the Naval-Industry Research and Development Partnership Conference, said
David Brown, a professor at the Defense Acquisition University.
The organizers specifically looked at bringing young children into the
exercise because of their imagination and lack of experience with knowing
what can't be done, Brown told United Press International. Combining that
thinking with the applications knowledge of older students can be very
enlightening, he said.
"There will be some injured people, but there might be terrorists or other
threatening people that have to be discriminated from the 'friendlies,'"
Brown said. "The biggest part of the challenge is (the physical) gaps in
the mockup. It's not a smooth, laid-out course."
Brown ran the exercise at the Ronald Reagan International Trade Center in
conjunction with technical experts from the University of South Florida's
Center for Robot Assisted Search and Rescue and the New York City Police
Department.
At the same time in the room next to the Union Station mockup, groups of
business managers and technology developers were going through a parallel
war game, focused on delivering new tools to the searchers.
"What we're looking at from the acquisition side is speeding up the
development cycle - bringing what today might be eight years down to maybe
three or four years," Brown said. "There may be some very good lessons
learned if you say, 'You only have three or four hours to do it,' and walk
through it."
"A big part of this will be to look at interoperability between different
systems built by different people from different parts of the country,"
Brown said. "We want to see if we can create an integrated system that can
actually perform the mission."
The business war game covered such concepts as ensuring a system's software
can be easily altered in the field to meet unexpected missions, said Thomas
Kowalczyk, a manager at the Office of Naval Research who oversaw both
simulations. The program is meant to help companies better integrate their
research activities into the Department of Defense's acquisition process,
he said.
"Since a significant dollar volume of the government's money is put through
the industrial base, the better the industry is at finding and deploying
technology, the better the government will be," Kowalczyk said.
Robin Murphy, a USF professor of computer science and engineering and
CRASAR's director, opened the exercise with the center's real-world
experiences in using robots in the rubble of the World Trade Center. A
narrow-minded focus on "what the robot can do" hurts both technology
builders and operational teams, she said.
For example, operators might think in terms of "one robot, one person" when
in reality two or more people might be needed to carry the robot to a
search site or possibly recover the system with ropes, Murphy said. Prior
to Sept. 11, some robot makers didn't place a high priority on
waterproofing their systems, thinking the robots would "only be involved in
searching," she said. During the World Trade Center operations, they
discovered exposure to human remains and bodily fluids required the robots
to be decontaminated with water and bleach, she said.
***********************
Nando Times
Computer 'bloodhound' finds hard-to-see features in images
By SUE VORENBERG, Scripps Howard News Service
ALBUQUERQUE, N.M. (August 13, 2002 4:54 p.m. EDT) - Los Alamos National
Laboratory has found a new solution to the sort of puzzle found in the
famous "Where's Waldo?" books: Let the computer do it.
The lab has created a computer program that can pick hard-to-see features
out of a larger image. It could be used to find the small character out of
the Waldo children's books, but more practical applications include
emergencies, planetary exploration and medical science.
"One of the problems we face is that we're inundated with more and more
kinds of data - especially in satellite images," said Jeff Bloch, a Los
Alamos scientist.
"This works a little like a blood hound," Bloch said. "You give it a piece
of clothing from somebody you're looking for and hopefully it picks up a
scent and finds other traces of that person."
The program can analyze data 10 to 100 times faster than the human eye
could, Bloch said. It also uses a unique programming structure, called a
genetic algorithm, that lets it learn and modify itself to get better results.
"The system actually generates its own computer code," he said. "It's a
computer program that creates other computer programs, sort of like (how) a
population of deer evolves in the wild. It may create 100 programs to help
it find a specific feature. The fittest ones survive, the rest are erased.
Then the ones that survive are used to create a new generation of programs
that perform the task even better."
The program, called GENIE (GENetic Imagery Exploration), was used in New
Mexico after the Cerro Grande Fire to determine where the most severe fire
damage occurred. A person loads an image into the system and teaches it how
to find specific features in a test landscape.
"It's a paint program," Bloch said. "You look at an image and paint in red
the things you don't want and green the things you do want. Then an
algorithm looks at it and picks things out and asks you if it got the reds
and greens right. It refines the process from there."
An algorithm is a systematic mathematical way to solve a problem that many
computer programmers incorporate into software.
The initial training of the system often takes an hour or two, and when
it's done the program can pick all the key features from a satellite or
other aerial image of a large area within a day.
The software was also used to map debris after the Sept. 11 terrorist
attacks. The computer can see colors much more distinctly than the human
eye can, and it can see things the human eye can't, such as infrared or
ultraviolet light.
"After the World Trade Center went down there were satellite images of the
damage, but to the visual eye they looked just like Manhattan with a large
plume of smoke," said Nancy Ambrosiano, a lab spokeswoman. "We ran GENIE on
it and it was able to distinguish the smoke plume, debris field underneath,
the hot spots and what was just a shadow from the smoke."
The Sept. 11 use was just a test, Ambrosiano said, but if the debris were
toxic, the software could have been used to create a safe radius for
emergency workers. It could also show them where the most damage was or
where the largest amount of debris had fallen.
The lab is talking to several companies interested in licensing GENIE for a
variety of uses. The lab also plans to continue developing it to make it
even more efficient and versatile, Bloch said.
"We've only just scratched the surface with GENIE," Bloch said. "There are
new applications appearing every month. There are so many new things you
get to learn about working on this - it has applications for biomedical
imaging, even planetary science and finding features on other planets. It
gives glimpses into so many areas. It's amazing."
**********************
News Factor
Protecting Personal Information on the Internet
The details of your life may be only a click away - your birthday, your
address, your mother's maiden name. The increasing sophistication and power
of Internet search engines, along with growing numbers of online databases,
have made finding personal information as easy as typing a name in the
computer - yours. [For the complete story see:
http://www.newsfactor.com/perl/story/18880.html#story-start]
***********************
Wired News
White-Hat Hate Crimes on the Rise
When hackers broke into Ryan Russell's server and plastered his private
e-mails and other personal files on the Internet last week, Russell tried
to shrug it off as a harmless prank.
But Russell, editor of Hack Proofing Your Network and an analyst with
SecurityFocus.com, also seemed shaken by the incident.
"There's a group out there whose goal in life is to show they're smarter
than you and they have the tools to do it," said Russell, a "white-hat"
hacker who goes by the nickname "BlueBoar."
The break-in at Russell's Thieveco.com site, which is hosted by a Canadian
ISP, appears to be the latest in a series of attacks against white hats and
prominent figures in the information security profession.
Claiming responsibility for the attacks is a shadowy group named el8.
Earlier this year, members launched Project Mayhem, a campaign designed to
"cause worldwide physical destruction to the security industry
infrastructure," according to an article published last month in el8's
online magazine.
While the authors of el8's e-zine have an obvious penchant for
tongue-in-cheek hyperbole and black humor ("Going to Defcon or Blackhat?
Initiate a napalm strike," urges one recent article), most victims of
Project Mayhem are not amused.
OpenBSD co-founder Theo de Raadt, cited as a top el8 target, angrily
refused to discuss the compromise in late July of a file server maintained
by the open-source, Unix-based operating-system project. On Aug. 1, a
dangerous Trojan horse program was discovered amid the code for OpenBSD,
which is used by thousands of organizations and renowned for its security.
While de Raadt wouldn't comment on whether there were any suspects in the
case, the lead article in the latest el8 newsletter, published in early
July, contains an obvious smoking gun. The article begins with several
lines of screen-display from what appears to be an OpenBSD.org system. The
"w-command" output suggests that attackers had access to one of de Raadt's
accounts.
According to Steve "Hellnbak" Manzuik, co-moderator of the VulnWatch
security mailing list, hacker feuds are nothing new, and Project Mayhem
isn't the first time that security professionals have been attacked by
"script kiddies," or inexperienced hackers.
"The only real difference is that the el8 guys are not script kiddies.
Nothing has changed, other than the bar has been raised," Manzuik said.
Much of Project Mayhem's modus operandi appears borrowed from Hollywood.
The group's newsletter cribs heavily from the 1999 movie Fight Club,
starring Brad Pitt and Edward Norton, which depicts disaffected young males
who find release in punching each other out and contemplating the complete
and total destruction of society.
"They are referencing it constantly. They're like a copycat of the movie,
only moved to the hacker scene," said Thor "Jumper" Larholm, a white-hat
security researcher with Pivx Solutions.
Indeed, some of Project Mayhem's recent victims appear to be honoring a
recurring line in Fight Club: "The first rule of Project Mayhem is you do
not ask questions."
Shane "K2" Macaulay, a member of a hacking counter-attack think tank called
the Honeynet Project, had several recent e-mail conversations with Honeynet
founder Lance Spitzer, as well as other colleagues, intercepted by hackers
and mockingly reproduced in the latest el8 zine. Macaulay declined
interview requests.
Other Honeynet members refused to comment on el8's published threats
against their project, although one Honeynet participant conceded that
"there are people in the movement that may be able to make some of their
claims come true."
Why so much venom against white hats, the hackers who ostensibly break
software in order to help make the Internet safer? The el8 zines don't
clearly spell out the group's motivations, but Project Mayhem appears to be
a violent incarnation of the "anti-sec" movement, a campaign to persuade
hackers not to publish information about the security bugs they uncover.
"Why be targeted by us when you can join us? Why post info, codes, or bugs
when the end result is your entire system, family, and friends being owned?
Doesn't it look like more fun to be a black hat than a white hat?" asks el8
in its latest newsletter.
According to Eric "Loki" Hines, founder of Fate Research Labs, el8 members
are frustrated by white hats who spill the beans about security
vulnerabilities, thereby enabling vendors to create patches and protect users.
"You've got to realize that these people are walking around with exploits
that vendors haven't even heard of yet. They're pissed and they've got this
almost God-like power that enables them to break into any network that they
want," Hines said. He reported that FateLabs.com was knocked offline last
week by a denial-of-service attack immediately after the security firm
published an advisory about a security bug.
Mark "Simple Nomad" Loveless, a senior security analyst with Bindview
Corporation, said el8's stance is just an extreme version of that shared by
many disillusioned hackers.
"The commercial security industry is feeding off of white-hat hackers, and
with the amount of fear, uncertainty and doubt being slung in the industry,
I am not surprised by this feeling from el8," Loveless said.
One recent Project Mayhem victim says being attacked by el8 "made me
realize the errors of my ways." Christopher "Ambient Empire" Abad, a
security expert with Qualys, confirmed that excerpts of e-mails and other
files stolen from his directory on a server were published in el8's latest
zine. A message in the newsletter announced that a CD-ROM of his files
would be available for purchase at the Defcon hacker convention.
"Not all that glitters is white hat," said Abad, whose new website includes
a message that says "Support Hacker Reform ... The rights of the people
come before the rights of the corporation and the government."
Other hackers said they are sympathetic toward Project Mayhem, although
they were quick to distance themselves from the recent attacks on white hats.
Members of one group, which has recently taken over an Internet relay chat
channel named #phrack, last week co-authored a mission statement saying
that white hats will be "hunted down" if they continue to publicize
information about security bugs.
"If they do not change they will continue to be targeted, and it sucks to
get owned, fired, physically beaten," said the #phrack manifesto, which was
posted, along with the contents of Russell's home directory, at the website
of one of the #phrack channel's operators, a 16-year-old who uses the
nickname "gayh1tler."
But Hines said the constant threats he receives from angry black hats will
not frighten Fate Research Labs into sitting on vulnerabilities it discovers.
"One of these days, these kids are going to have to pay a mortgage and get
a job. And they're not going to become lawyers or doctors -- they're going
to do what they're good at. And that means getting a career in the security
industry," Hines said.
***********************
MSNBC
Glitch blacks out FBI's Web sites
Outage blamed on accidental misconfiguration
By Declan Mccullagh
WASHINGTON, Aug. 13 The FBI accidentally pulled the plug on its own Web
sites on Tuesday morning. A misconfiguration in the bureau's domain name
setup meant that many visitors to FBI.gov could not get through. As of 2
p.m. ET, the FBI's configuration problem had been fixed. The apparent error
also wiped out the online presence of the FBI's high-tech crime unit, the
National Infrastructure Protection Center, at NIPC.gov.
AN FBI SPOKESMAN said earlier Tuesday that the glitch was accidental
and was not the result of a malicious attack. "The server is down," said
Paul Moskal. "It's an internal issue here. That's the good news, as opposed
to some attack or something."
Early on Tuesday, the FBI's domain name servers started sending
empty replies when visitors tried to reach the site. Some Internet service
providers kept a temporary copy of the correct information, meaning that
FBI.gov and NIPC.gov were occasionally reachable.
The FBI receives its Internet connectivity through Akamai, a
Cambridge, Mass.-based company with about 13,000 servers that store data on
behalf of clients.
"This has nothing to do with the services that Akamai provides
FBI.gov," said Jeff Young, a spokesman for Akamai. "We obviously are
continuing to support them however we can."
FBI.gov is an alias for FBI.edgesuite.net, which continued to
operate normally. Edgesuite is an Akamai product marketed for e-government
use.
Jon Lasser, a Baltimore-area system administrator and author of
"Think Unix," said the FBI's mistake was likely "some sort of server
misconfiguration. Their host stopped returning the addresses of their Web
servers. That's not good."
Easily recognizable names like FBI.gov are translated into numeric
addresses through the Domain Name System (DNS).
Microsoft made a similar DNS blunder in January 2001 that knocked
out its Web sites for a full day. An embarrassing series of problems
centering on a collection of routers in Canyon Park, Wash., took out dozens
of Microsoft properties including Hotmail.com, MSN.com, Microsoft.com, and
MSNBC.com.
Moskal blamed the bureau's woes on "an internal crash that we all
experience occasionally."
**********************
Euromedia.net
10% of the world's population now have internet access
Editor: Cathy O'Sullivan
10 per cent of the world's population, or 580.78m people, have internet
access, according to Nua. com's 2002 Global Internet Trends report.
The figure represents an increase of 173.68m since December 2000 when
407.1m people were online.
The report shows that for the first time ever, Europe has the highest
number of internet users in the world. There are now 185.83m Europeans
online, compared to 182.83m in the US and Canada.
The number of internet users in Asia/Pacific has also risen dramatically
over the last couple of years and there are now 167.86m people with
access to the net in the region.
The Nua study indicates that if anything, the digital divide between
developed and developing nations is as wide as it ever was. While Europeans
account for 32 per cent of global internet users, only six per cent of the
world's internet users are based in Latin America, and just one per cent
each in the Middle East and Africa.
In fact, France has double the number of internet users than either Africa
or the Middle East. While both regions have seen a slight increase in the
numbers of people who can access the internet, the lack of telecoms
infrastructures in these regions means that most citizens remain unconnected.
Nua forecasts that over one billion people will be online by the end of 2005.
***********************
Sydney Morning Herald
Sleeping with the enemy
By Kim Zetter
A good hacker is hard to find, or so it seemed during the dot-com boom.
Companies, particularly in the United States, were making the rounds of
hacker conferences and IRC channels willing to pay $150,000 for a security
guru who was still going through his voice change.
Even the American assistant secretary of defence showed up last year at the
hacker blowout in Las Vegas known as Def Con to recruit "the best of the
best" for a cyber-terrorism unit.
But as computer security has become more specialised and training has
improved, legitimate pros have elbowed aside the teens.
So it seems odd that only 43 per cent of Australian organisations would be
willing to hire former hackers to help secure their networks; only 14 per
cent of US organisations said they would do the same.
Perhaps it all depends on who you are calling a hacker.
Some of the most respected names in computer security are also some of the
most respected names in the hacking community.
And many tools used for testing the security of networks (and, well, for
cracking them) were designed by hackers.
Massachusetts-based security firm @stake is composed of former members of
the L0pht hacking group, which developed a password-cracking tool called
L0phtCrack. Peiter Zatko (aka Mudge), the company's pony-tailed founder,
even testified before the US Congress on computer security.
Then there's Chris Goggans (aka Erik Bloodaxe) of Security Design
International, who served as editor of the notorious hacker zine Phrack, a
cornucopia of illegal tips and tricks. And Rain Forest Puppy (he prefers
not to have his real name published), another security pro, has found many
holes in Microsoft products and has developed a respectful relationship
with that company. But he has also developed an anti-IDS Web scanning tool
called Whisker that hackers use to ferret out their prey.
Most hackers working in security are either reformed black-hat hackers or
people who never dirtied their hats beyond grey. That is, they may have
cracked systems but didn't cause destruction or steal data. Or at least
they did not get caught doing it.
Hackers with a criminal record or who admit to still hacking are rarely
trusted with a job these days, although, incredibly, at one time they were.
The hiring of the latter type of hackers in the US has, thankfully, fallen
out of fashion, says Giga analyst Steve Hunt. "You can hire someone who is
an expert at defending resources or who is an expert at violating them.
They both have the same fundamental skills. But just one has a professional
ethic and a legacy of honour and service."
The risks of hiring a known hacker are obvious. But you face the same risks
with any disgruntled employee or with a closet hacker who does a little
unauthorised sleuthing through your system.
Companies that claim to oppose hiring hackers are probably unwittingly
hiring them, says William Knowles, editor of security news list InfoSec,
who notes that today's hackers have little to distinguish them from
traditional security administrators.
"A few years ago at Def Con I saw a lot of familiar faces in the hacking
crowd, but I didn't know why they were familiar. Then I realised they were
the same faces I'd seen at security conferences. Companies have been hiring
hackers for years, they just don't realise it," he says.
Mario Duarte, a former administrator of the now-defunct Zuma, a San
Francisco-based host for e-commerce sites, considered himself brilliant for
hiring Optyx a few years back.
Optyx was a skinny, 19-year-old hacker with blue hair and ties to Cult of
the Dead Cow, makers of a Trojan horse called Back Orifice.
Duarte says Optyx was invaluable for showing him holes in Zuma's systems
that he was sure didn't exist.
But he had sleepless nights over the next couple of months, wondering if
the hacker would turn on him.
As it happened, it was another hacker hired by Duarte at Optyx's request
who proved a liability when a bad attitude and personal problems made it
clear the teen didn't belong in a corporate environment.
But how do you fire a hacker? Pretty easily, it turned out. Optyx, who took
pride in Zuma's servers as his personal domain, made it clear to his
departing friend the possible consequences of seeking revenge: "Don't even
think about it, dude. I'll hunt you down and kill you."
**************************
Broadband Networking Regulatory News
Senator McCain Introduces Broadband Deregulation Bill
Senator John McCain (R, AZ) proposed a new Consumer Broadband Deregulation
Act of 2002 (S.2863) that would deregulate the retail provision of
residential broadband services and dictate a hands-off approach to the
deployment of new facilities by telephone companies while maintaining
competitors' access to legacy systems. The senator said the proposed
legislation would put the federal government in the role of stimulator,
rather than regulator, of broadband services. The bill would also seek to
ensure that local and state barriers to broadband deployment are removed,
to facilitate wireless technology as a platform for broadband services, to
encourage deployment of broadband services to rural and underserved
communities, to ensure access to broadband services by people with
disabilities, and to enhance the enforcement tools of the FCC.
Some highlights of McCain's Consumer Broadband Deregulation Act of 2002
(S.2863)
A consumer broadband service provider would not be required to provide
Internet Service Provider access to its facilities or services for the
purpose of offering a consumer broadband service, except where such access
is already being provided. The exception would have a 5 year sunset,
unless the FCC found that further continuance of ISP access were necessary
to protect competition.
State and local governments would not be allowed to seek compensation from
consumer broadband service providers for access to, or use of, public
rights-of-way that exceeds direct and actual costs for access to and use of
the rights of way.
Incumbent local exchange carriers would be required to provide any
requesting telecommunications carrier with non-discriminatory access to
unbundled network elements at any technically feasible point. But the duty
to provide this access would not require the ILEC to provide access to a
fiber loop or a fiber feeder sub-loop, unless the ILEC has removed or
rendered useless the existing copper loop.
ILECs would not be required to provide collocation in a remote terminal
FCC penalties would be substantially increased.
The federal government would promote broadband through e-government
activities, including video streaming of public events, online education
initiatives, access to public documents, etc.
Full text can be found online at:
http://mccain.senate.gov/acrobat/rbroadbill.pdf
(Adobe Acrobat format, 17 pages)
***************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx