News Bits
June 7, 2002
I received a correspondence from Carl Landwehr proposing a fascinating "community project"
whose goal is to develop a timeline with important events and work in computer
security. Have a look at the PDF files to see the start of that work. here is an excerpt
from Carl:
"What I am hoping others (students?) might like to do as a community project, would be
for someone (or some many) to produce from this a set of database entries of the form:
(date, event, reference) that could be used to help construct (or reconstruct) the
history of significant events in computer security. There are lots of important events
in the history of security/information assurance technology (e.g. creation and
development of firewalls, VPNs, public key crypto) that are not to be found anywhere
on these charts. These baseline events could be strung together in (probably endless)
ways, according to one's prejudices and beliefs, to indicate which events were
significant, which influenced what other events, what streams of thought and
investigation were pursued, etc. Having the tuples might be a useful place to start.
The first of these timelines [see the PDF files] is an updated and abstracted version
of the second one; the others are even older and were made for other purposes. I happily
place them in the public domain, warts and all."
If you have thoughts on this or would like to participate, send a note to me
(davis@iastate.edu) or to Carl directly (clandweh@nsf.gov).
August 2002
IEEE Computer Society initiates a search for the first editor in chief of IEEE Security and Privacy
magazine.
The IEEE Computer Society is seeking applicants, by
1 October, for the position of
editor in chief of IEEE Security & Privacy, a new magazine
to be launched in January 2003. The first EIC will serve a two-year term,
renewable for a second two years.
The full call is located at
http://computer.org/pr/Aug02/SP_EIC.htm.
July 26, 2002
Correspondence from reader Susan Gerhart (gerharts@erau.edu): Interactive Instructional Materials Available --- Buffer Overflows, Cryptography, Personnel, Scenarios Please visit
Work performed under National Science Foundation Grant 0113627 Embry-Riddle Aeronautical University, Prescott AZ College of Engineering
http://coe.pr.erau.eduBuffer Overflow Security Vulnerabilities -
-how do buffer overflows occur?
-what can be done to prevent and to defend against them?
-what was Code Red? (remember, one year ago)
Contents:
- Java applet simulations of buffer overflow attacks
- Instructional tutorials (Macromedia Authorware)
- Lecture-ready PPT and PDF presentations
- Checklists for programmers and testers
- Stimulating quizzes and scavenger hunts
- Easy-to-advanced explanations
http://nsfsecurity.pr.erau.edu/bom
!!! Feedback and evaluation sought !!!
Also, cryptography illustrations
- Java applets for sample DES functions
- explanations of confusion and diffusion
Under development:- personnel security, dimensions of security, scenario illustrations of security situations
Contact: gerharts@erau.edu
September 5, 2002
NIST System Security Requirements Seminar (in conjunction with SREIS)
The Computer Security Division of the National Institute of Standards and Technology (NIST) will host a one-day IT security requirements seminar on October 17, 2002 following the SREIS (see http://www.sreis.org). The purpose of this security seminar is to present: (1) an overview of the current federal IT security certification and accreditation initiative, (2) a detailed description of the proposed new certification and accreditation process and associated security requirements and controls for IT systems, and (3) an overview of NIST supporting publications on risk management, system security planning, and contingency/continuity of operations planning. The program is available at http://www.sreis.org/nistinfo.php.
News Bits contains correspondence, interesting links, non-commercial announcements and other snippets of information the editor thought that Cipher readers might find interesting.