close this bookVolume 10: No. 04
View the documentAdministrivia
View the documentNSF news
View the documentOther opportunities
View the documentSecurity and privacy
View the documentIndustry news
View the documentEducation
View the documentCopyright law

The Clinton administration is decreasing red tape and increasing the speed of computers that can be exported to all countries except Iraq, Libya, North Korea, Cuba, Sudan, and Syria. [MSNBC, 01Feb00. NewsScan.]

China has decided that all information put on the Web must first be viewed and approved by national security forces, including news reports. Chat room operations must also be approved. Every corporate and individual user of encryption must turn in a form documenting the techniques used. [WSJ, 27Jan00. Edupage.] (The encryption deadline was widely ignored. "If everyone ... had complied, about 9M Internet users would have shown up in one tiny government office to hand-deliver a form specifying what kind of encryption they used." [NYTimes, 01Feb00. NewsScan.])

A Norwegian teenager and his father have been charged for publishing their DVD security code crack. [AP. NYT, 26Jan00. NewsScan.]

A programmer in Paris spent four years cracking the 640-bit encryption key used to verify digital signature on smartcards, to patent his own version (for sale for $1.5M). Unfortunately, he demonstrated his homemade card to bank officials by purchasing Paris Metro tickets. He has been arrested on counterfeiting and fraud charges, facing a possible 7-year jail term. [MSNBC, 25Jan00. NewsScan.]

Oops! Software used by the month-old X.Com online bank allowed customers to transfer funds from anyone's US bank account. All they needed was the account number and bank routing information, which are printed on physical bank cheques. (Yes, the British spelling of this word is superior to the US spelling. Or at least easier to use unambiguously.) X.Com ads have touted the ease of accessing and moving your money. [NY Times, 28Jan00. NewsScan.]

NEC has a new encryption technology called Cipherunicorn-A that uses false keys as decoys for a real key. It also uses varying key lengths within the encryption sequence. [IBD, 27Jan00. NewsScan.]

A serious security flaw has been discovered in "cross-site scripting" using code tied to URL links. The code can be hidden in any website, online document, discussion forum, or email message -- yes, even spam. Any link that sends you to another page, or any form that asks for data, can activate unchecked code or transmit private data invisibly. The threat occurs when sites fail to verify that hidden code from a user's browser is safe -- and most sites do not check code. CMU's CERT Coordination Center "says only a massive effort by Web site designers can remedy the problem, but in the interim, users should avoid clicking on Web links from untrusted sources." [AP. MSNBC , 02Feb00; NewsScan. Also LA Times, 03Feb00; Edupage.]

Experience with computer problems shows that many are PEBCAK errors: Problem Exists Between Chair And Keyboard. [J.D. Stone, NewsScan, 19Jan00.] (But you don't get secure systems just by educating people, or by yelling at them, or by asking them to be really, really careful, or even by hiring smarter people.)

----- "Management is efficiency in climbing the ladder of success; leadership determines whether the ladder is leaning against the right wall." -- Stephen R. Covey. -----