October
12, 2002
<No RealAudio | MP3>
<Weekly Newsletter>
top
|
- Tech
Talk Guest: Alan Paller
- Director
of Research and Founder, The
Sans Institute
- The
SANS Institute, founded in 1992, is a cooperative research organization
to deliver graduate-level education to the people who secure
and manage important information systems.
- Alan
is responsible for the research programs that have reached community-wide
consensus on how to secure Windows NT, Windows 2000, LINUX,
and Solaris systems as well as Cisco routers, and how to respond
to computer security incidents.
- Alan
met with President Clinton in the aftermath of the Yahoo and eBay
denial of service attacks in February of 2000 and helped develop
a global response procedure to such attacks. This work led to the
development of the Internet
Storm Center.
- Alan
frequently testifies before Congress. He
most recently testified before the Senate Government Affairs Committee.
- Alan
co-founded (with Franklin Reed) the CIO
Institute, a foundation that funds technology awards programs
(the Government Technology Leadership Awards) and that fosters the
sharing of experiences among CIOs in very large organizations.
- Tech
Talk Guest: Paul Renard
- Director
of IT Department, Stratford University
- Prior
to Stratford, Paul was VP for AMS
- Worked
on large distributed software projects and homeland security initiatives
- Threats
Found on the Internet
- Sans
Network Security 2002 Conference
- October
18-25, 2002
- Renaissance
Washington, DC Hotel and the Washington Convention Center
- Many
education tracks, vendor exhibits, and networking receptions
- Outlook
Express Has Another Critical Security Flaw
- Buffer
overflow in Outlooks S/MIME parsing functions could compromise system
- Outlook
Express supports digital signing of messages through S/MIME
- Discovery
of flaw credited to Noam Rathus of Beyond Security
- A
patch has been issued by Microsoft
- Microsoft
Theme Song
(Tech Talk version sung with love)
- Whenever
Justice tries to break us apart
- Our
resolve only gets tougher
- We
will always reserve the right
- To
code another unchecked buffer
- Connecting
the Dots in Homeland Security
- The
Markle Foundation
released the report, National
Security in the Information Age, October 8th.
- The
report was written by a bipartisan panel of experts headed by former
Netscape chief executive James Barksdale and Zoe Baird,
who was a member of President Bill Clinton's Foreign Intelligence
Advisory Board and is now president of the Markle Foundation. Other
members were former NATO commander Gen. Wesley Clark, former
CIA general counsel Jeffrey Smith and Eric Holder,
who was Clinton's deputy attorney general.
- Its
theme can be summed up in this line, "We have not yet begun to
mobilize our society’s strengths in information, intelligence,
and technology."
- The
task force recommended that Department of Homeland Security (DHS)
should be a central hub for decisions about what information needs
to be collected and stored—in the government or in the private
sector—and about where the information should be analyzed and
how
- It
calls for a networked information technology system to share information
among local, state, regional and federal agencies and the private
sector.
- It
calls for an end to "stovepipe" data collection systems
that have all the disadvantages of privacy invasion, but none
of the global intelligence advantages.
- Lovely
spam! Wonderful spam!
- Why
is spam called spam?
- It
all began with famous Monty
Python skit revolving around a restaurant specializing in dishes
involving lots of Spam. A group of Vikings sitting in the corner
would sing Spam, Spam,
Spam, lovely Spam. Wonderful Spam!, drowning out the waitress
and all conversation in the restaurant.
- Since
unsolicited e-mail is seen as drowning out all other communication,
it made sense to call it spam (with a lowercase "s"
to differentiate it from the Hormel meat product). At least
it made sense in the 1980s to users in the MUD (multi-user dungeon)
community.
- In
1994 the first large-scale spamming occurred with the infamous
Green Card spam. Two attorneys trying to drum up some clients
hired a programmer to flood every USENET newsgroup. This unsolicited
e-mail made people so angry that recipients began referring
to it as spam.
- What
can the ISP do to reduce the level of spam?
- Reject
mail from open SMTP relays using the Open
Relay Database
- Use
a spam filter which is dynamically updated, such as Brightmail
- Brightmail
serves a number of large ISPs including BellSouth, Comcast,
EarthLink, Microsoft's MSN and Hotmail, and Verizon.
- What
can the user do to reduce spam?
- Don't
publish your e-mail address in chat rooms, message boards, etc.
Use address munging
when possible.
- Filter
your incoming within your e-mail client. Place spam in a junk
folder for later deletion.
- Mcafee
Spamkiller -- Very easy to use. Good for beginners.
- Norton
Spam Alert -- Has more controls. Designed for advanced
users.
- Cloudmark
SpamNet -- Uses consensus data to identify spam. Innovative
idea that is still in beta testing. Written by the author
of Napster.
- Procure
your own filtered POP account. Leave spam on pop server for
deletion.
- Spamcop
gives you a new, filtered pop account. Forward you current
e-mail address to the spamcop address and retrieve all e-mail
from SpamCop.
- An
option for AOL Users
- Garbage
Man has gotten good reviews from AOL users ($8 shareware)
- Join
with others in the fight
- Man
dies after playing computer games nonstop
- 24
year old South Korean man died after playing computer games nonstop
for 86 hours
- Played
in Internet Cafe, Kwangju, without sleep or meals
- Police
are investigating
- Stratford
News
- Stratford
Security Imitative Starting this week
- Stratford
Open House October 26
- Wireless
and Hacking Demonstrations
- Computer
Clinic
- Live
Tech Talk Broadcast
- All
classes starting this week (Graduate and Undergraduate)
|