Dear Readers,
This month's newsletter has Sven Dietrich's review of the second edition of Matt Bishop's comprehensive book "Computer Security: Art and Science". As always, "we need some".
The list of upcoming events that have opportunities for publishing research papers is maintained at our online site as always, but we have simplified the format used in the newsletter. If an event catches your interest, follow the link to the event's website, or look at our comprehensive lists with more details on the Cipher website. Yong Guan, our calendar editor, quickly pivoted to the new format for this issue.
We have been publishing Cipher as an online computer security newsletter for over 25 years now. Carl Landwehr started this, he was the first editor, and Paul Syverson and Jim Davis were the subsequent editors before me. Sven Dietrich and Yong Guan loyally have helped keep this venture alive for many years.
Carl Landwehr enlisted my help originally as the online "calendar of events" editor. I did this for quite a while but eventually started looking for someone to take it over. I discovered that security researchers were surprisingly bottom-line oriented, and a few hours per month of admin time was not something they were eager to offer. Thus, I realized that I was spending too much of my own time on the task. In the next months I wrote a convoluted set of pattern matching expressions for automatically turning a call-for-papers into a formatted piece of html and plain text. That saved me an order of magnitude in processing time. Today, the newsletter itself is constructed largely from automatically generated templates. That gives me time to write the flowery prose in this Editor's Letter each month.
As for computer security itself, the shared interest of the readers of the newsletter, I think that our ability to protect systems is unequal to the task of covering the ever expanding attack surface. As the several news items about the Internet of Things illustrate, the things that are new and popular are the continual enemies of security and privacy. In the digital world, we live on the brink of extinction in the same way that that our biosphere holds a delicate balance against the raw forces of chaos.
A Song About the NSA Advisory re Internet Explorer and the CryptoAPI
Your cheating cert,
Had IE fooled.
It missed the point,
And chaos ruled.
The verify,
It all went through,
Your cheating cert,
Rickrolled a few.
When malware hits,
And naught remains,
We'll wish we'd patched,
Our browser's brain.
We'll walk the curve,
And add in vain,
Your cheatin' cert,
Is EC's bane.
(apologies to Hank Williams, Sr. and the great Patsy Cline)