Showing posts from January, 2010

From the Editors: A Witty Lesson

[This editorial was published originally in " Security & Privacy " Volume 2 Number 4 July/August 2004 ] Archaeologists wonder why the city of Naachtun, capital of the Mayan kingdom of Masuul, was abandoned suddenly, with no evidence of natural or manmade disaster. No volcanic eruption. No invading hordes. Why, after more than 250 years of growth and economic vigor was this city abruptly evacuated? Did the leading people in the city fail to react to some important change? What happened? Two recent Internet worms, Slammer and Witty, have sounded an alarm to the entire computer security industry. To date, however, we have failed to respond to the alarm with the vigor warranted. Could we be dooming the Internet itself to the fate of Naachtun? When Slammer hit in January 2003, it shocked the security community by growing with unprecedented rapidity‚ -- doubling every eight seconds or so. The bulk of the machines destined to be infected were hit within 10 minutes, although the

From the Editors: Whose Data Are These, Anyway?

[This editorial was published originally in " Security & Privacy " Volume 2 Number 3 May/June 2004 ] A few years ago I had lunch with Ray Cornbill, a friend of mine who is a distinguished professor, though not a physician, at a major medical school. Ray's unique sideline is as an international rugby coach. We chatted about our work and compared notes on current events. As we finished our lunch and prepared to depart, he made a remarkable statement: "I'm going over to the radiology practice to pick up my old x-rays." What did he mean by that? It turns out that the radiology lab that had taken his x-rays for the past couple of decades decided that it could no longer afford to keep the old ones around. Because he was a well-known professor at an affiliated medical school, a staff member had given him the heads up about the imminent disposal. Why did he care? Well, before becoming a rugby coach, he was an active rugby player for many years. Rugby is, shall w

From the Editors: Toward a Security Ontology

[This editorial was published originally in " Security & Privacy " Volume 1 Number 3 May/June 2003 ] There comes a point in the life of any new discipline when it realizes that it must begin to grow up. That time has come to the security field, as this magazine's founding indicates. Many things come with adulthood — some desirable and some less so. If we're to establish a place in the engineering community for ourselves as practitioners with expertise in security and privacy issues, we must be clear about what it is that we do and what we don't do; what can be expected of us and the boundaries of our capabilities. Today, far too much security terminology is vaguely defined. We find ourselves confused when we communicate with our colleagues and, worse yet, we confuse the people we're trying to serve. Back in the bad old days, it seemed clearer. The Orange Book (see the related sidebar) was new and seemed relevant, and the industry agreed on the nature of th