Ed Felten and Computist Gary McGraw are putting their complete book "Securing Java: Getting Down to Business with Mobile Code" on the Web, for public benefit and perhaps to sell more copies if you like what you see. "What we've done so far seems to be making a large impact," and the book is nicely presented. . [, 13Jan99.] (Gary is also involved with the 1st annual Int. Software Assurance Certification Conference (ISACC'99), 28Feb-02Mar99 in northern VA. .)

A PC game called "Israeli Air Force" had such realistic maps that they could be used to plan real attacks. The manufacturer has agreed to make changes before release in Israel. [Steve Hamm, BW, 11Jan99, p. 6.]

Beware an email attachment called "picture.exe". It's a Trojan horse that creates Windows subdirectory programs note.exe and manager.exe and adds a "run=note.exe" line to your win.ini file. These pull data from your Internet cache directory and your AOL username and password file (if any), encrypt it as a DAT file, and send it to an email address in China. A second DAT is also built, of unknown purpose. Network Associates has updated its McAfee virus program to detect picture.exe. [Bob Sullivan, MSNBC, 07Jan99. Bill Park.]

Norway's Supreme Court has ruled that it's no crime to test the security of other people's computer systems as long as you don't actually break in. Checking to see which doors are unlocked isn't a security breach. [USA Today, 13Jan99. Edupage.]