Any of you who look at your system logs are aware that there is an incessant and widespread password guessing attack against ssh accounts. I'd guess that it is a botnet, and I wonder why there is so little ability to shut it down. This Cipher issue has a reference to a research project sponsored by the US Department of Homeland Security to combat botnets, and that may offer some help. However, it is puzzling to me that there is not more attention paid to these ongoing attacks. Presumably the people behind this have an ever-increasing army of enslaved machines to draw on. Normally a "take-over" of this scope would arouse international attention and technology resources for stopping it. There has been one recent arrest in California, of a botnet operator, but surely we have the technology to stop these attacks without waiting for identification of the responsible parties.
This Cipher issue has an IETF security news article by Eric Rescorla and Russ Housley about recent changes to the ubiquitous TLS protocol. It is interesting because it shows how cryptographic research affects Internet protocols. Standardization can be a slow process, but it is a necessary and ongoing effort.
We have book reviews, announcements of awards and surveys, news, and the list of security conferences and new calls-for-papers for researchers. The contributors have my gratitude, both the stalwarts who contribute to every issue (great thanks) and those who take advantage of Cipher's wide readership for their announcements.
Hilarie Orman