Vol. 4 No. 9 – November 2006


A Conversation with Douglas W. Jones and Peter G. Neumann:
Does technology help or hinder election integrity?

Elections form the fundamental basis of all democracies. In light of many past problems with the integrity of election processes around the world, ongoing efforts have sought to increase the use of computers and communications in elections to help automate the process. Unfortunately, many existing computer-related processes are poorly conceived and implemented, introducing new problems related to such issues as voter confidentiality and privacy, computer system integrity, accountability and resolution of irregularities, ease of administration by election officials, and ease of use by voters—with many special problems for those with various handicaps. Overall, the issues relating to computer security provide a representative cross-section of the difficulties inherent in attempting to develop and operate trustworthy systems for other applications. These issues, of course, have relevance internationally and are increasingly timely.

Better Health Care Through Technology:
What can you do for aging loved ones?

Leveraging technology to support aging relatives in their homes is a cost-efficient way to maintain health and happiness and extend life. As the technology expert for my extended family, it has fallen to me to architect the infrastructure that will support my family’s aging loved ones in their homes as long as possible. Over the years, I have assisted four different senior households in achieving this goal, and although things have been bumpy at times, I have refined technical solutions and methodologies that seem to work well.

by Mache Creeger

Criminal Code: The Making of a Cybercriminal:
A fictional account of malware creators and their experiences

This is a fictional account of malware creators and their experiences. Although the characters are made up, the techniques and events are patterned on real activities of many different groups developing malicious software. “Make some money!” Misha’s father shouted. “You spent all that time for a stupid contest and where did it get you? Nowhere! You have no job and you didn’t even win! You need to stop playing silly computer games and earn some money!”

by Thomas Wadlow, Vlad Gorelik

Cybercrime: An Epidemic:
Who commits these crimes, and what are their motivations?

Painted in the broadest of strokes, cybercrime essentially is the leveraging of information systems and technology to commit larceny, extortion, identity theft, fraud, and, in some cases, corporate espionage. Who are the miscreants who commit these crimes, and what are their motivations? One might imagine they are not the same individuals committing crimes in the physical world. Bank robbers and scam artists garner a certain public notoriety after only a few occurrences of their crimes, yet cybercriminals largely remain invisible and unheralded. Based on sketchy news accounts and a few public arrests, such as Mafiaboy, accused of paralyzing Amazon, CNN, and other Web sites, the public may infer these miscreants are merely a subculture of teenagers. In this article we provide insight into the root causes of cybercrime, its participants and their motivations, and we identify some of the issues inherent in dealing with this crime wave.

by Team Cymru

E-mail Authentication: What, Why, How?:
Perhaps we should have figured out what was going to happen when Usenet started to go bad.

Internet e-mail was conceived in a different world than we live in today. It was a small, tightly knit community, and we didn’t really have to worry too much about miscreants. Generally, if someone did something wrong, the problem could be dealt with through social means; “shunning” is very effective in small communities. Perhaps we should have figured out what was going to happen when Usenet started to go bad. Usenet was based on an inexpensive network called UUCP, which was fairly easy to join, so it gave us a taste of what happens when the community becomes larger and more distributed—and harder to manage. Even the worst flame wars seemed fairly innocuous in the grand scheme of things, and kill files were really enough, but there was a seed of something ominous that was going to germinate all too soon.

by Eric Allman

Playing for Keeps:
Will security threats bring an end to general-purpose computing?

Inflection points come at you without warning and quickly recede out of reach. We may be nearing one now. If so, we are now about to play for keeps, and “we” doesn’t mean just us security geeks. If anything, it’s because we security geeks have not worked the necessary miracles already that an inflection point seems to be approaching at high velocity.

by Daniel E. Geer

The Joy of Spam:
Embracing e-mail’s dark side

Not a day goes by that a large amount of spam doesn’t get past the two filters that I have in place. Most of this e-mail is annoying and some of it dangerous. But I have finally come to peace with spam and it no longer bothers me. How did I do that, you ask? I have learned to respect, even love, spam’s malicious beauty. I want to share my journey to inner peace, hopeful that you will find happiness, too.

by Phillip A. Laplante

Understanding the Problem:
Is there any data showing that Java projects are any more or less successful than those using older languages?

I’ve done a one-day intro class and read a book on Java but never had to write any serious code in it. As an admin, however, I’ve been up close and personal with a number of Java server projects, which seem to share a number of problems.

by George Neville-Neil