Web Security

Vol. 7 No. 2 – February 2009

Web Security

Articles

Cybercrime 2.0: When the Cloud Turns Dark

Web-based malware attacks are more insidious than ever. What can be done to stem the tide?

Cybercrime 2.0: When the Cloud Turns Dark

Web-based malware attacks are more insidious than ever. What can be done to stem the tide?

Niels Provos, Moheeb Abu Rajab, and Panayiotis Mavrommatis, Google

As the Web has become vital for day-to-day transactions, it has also become an attractive avenue for cybercrime. Financially motivated, the crime we see on the Web today is quite different from the more traditional network attacks. A few years ago Internet attackers relied heavily on remotely exploiting servers identified by scanning the Internet for vulnerable network services. Autonomously spreading computer worms such as Code Red and SQLSlammer were examples of such scanning attacks. Their huge scale put even the Internet at large at risk; for example, SQLSlammer generated traffic sufficient to melt down backbones.

As a result, academia and industry alike developed effective ways to fortify the network perimeter against such attacks. Unfortunately, the attackers similarly changed tactics, moving away from noisy scanning and concentrating more on stealthy attacks.

by Niels Provos, Moheeb Abu Rajab, Panayiotis Mavrommatis

Kode Vicious

Don't be Typecast as a Software Developer

Kode Vicious's temper obviously suffers from having to clean up after the mistakes of his peers. What would he have them learn now so that he can look forward to a graceful and mellow old age?

Don't be Typecast as a Software Developer

Dear KV,

I would like to think that learning more will help me in my everyday job of writing glue and customization code at a systems integrator. But the obvious applicable knowledge is specific to tools and packages that may become obsolete or discontinued even within the lifetime of the project, and in some cases have already reached this destination.

by George V. Neville-Neil

Articles

How Do I Model State? Let Me Count the Ways

A study of the technology and sociology of Web services specifications

How Do I Model State? Let Me Count the Ways

A study of the technology and sociology of Web services specifications

Ian Foster, Argonne National Laboratory

Savas Parastatidis, Microsoft Research

Paul Watson, Newcastle University

Mark McKeown, University of Manchester

There is nothing like a disagreement concerning an arcane technical matter to bring out the best (and worst) in software architects and developers. As every reader knows from experience, it can be hard to get to the bottom of what exactly is being debated. One reason for this lack of clarity is often that different people care about different aspects of the problem. In the absence of agreement concerning the problem, it can be difficult to reach an agreement about the solutions.

In this article we discuss a technical matter that has spurred vigorous debate in recent years: How to define interactions among Web services to support operations on state (that is, data values associated with a service that persist across interactions, so that the result of one operation can depend on prior ones).4 An airline reservation system and a scheduler of computational jobs are two examples of systems with this requirement. Both must provide their clients with access to information about ongoing activities: reservations and jobs, respectively. Clients typically want to name and/or identify state (refer to a specific reservation or job), access that state (get the status of a flight reservation or the execution progress of a job), modify part of that state (change the departure time of a flight or set the CPU requirements of a job), and destroy it (cancel a reservation or kill a job).

by Ian Foster, Savas Parastatidis, Paul Watson, Mark McKeown

Security in the Browser

Web browsers leave users vulnerable to an ever-growing number of attacks. Can we make them secure while preserving their usability?

Security in the Browser

Thomas Wadlow, Consultant

Vlad Gorelik, AVG Technologies

Web browsers leave users vulnerable to an ever-growing number of attacks. What can be done to make them secure while preserving their usability?

"Sealed in a depleted uranium sphere at the bottom of the ocean." That's the often-mentioned description of what it takes to make a computer reasonably secure. Obviously, in the Internet age or any other, such a machine would be fairly useless.

by Thomas Wadlow, Vlad Gorelik

Interviews

A Conversation with Arthur Whitney

Can code ever be too terse? The designer of the K and Q languages discusses this question and many more with Queue editorial board member Bryan Cantrill.

A Conversation with Arthur Whitney

A few well-chosen words about programming languages from a long-time designer

When it comes to programming languages, Arthur Whitney is a man of few words. The languages he has designed, such as A, K, and Q, are known for their terse, often cryptic syntax and tendency to use single ASCII characters instead of reserved words. While these languages may mystify those used to wordier languages such as Java, their speed and efficiency has made them popular with engineers on Wall Street.

Whitney began his Wall Street career in the 1980s, building trading systems at Morgan Stanley using his own version of APL (the language on which all of his later languages are based). Eventually he started his own company, Kx Systems, which today provides realtime and historical data-analysis software to many Wall Street investment banks. The company's signature product, KDB+, is a column-oriented database based on the K language.