***************************************************** Edupage is a service of EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. *****************************************************
TOP STORIES FOR FRIDAY, DECEMBER 13, 2002 Snooping Software Tries to Predict Insider Attacks California Laws Require Disclosure of Security Lapses IDC Forecasts Cyberterror in 2003 AND SEVIS Data-Entry Deadline Extended Poor Security Compromises JSTOR Wall Street Journal Faults Free Sites SNOOPING SOFTWARE TRIES TO PREDICT INSIDER ATTACKS Given a growing understanding among many businesses that company insiders can do much more damage than even skilled outside hackers, a new generation of computer forensics applications attempts to predict which employees are likely to commit malicious acts with technology. Applications from companies including Guidance Software and Savvydata monitor traffic and files on the network, looking for employees who have "unauthorized data" and who exhibit other characteristics that might predict illegal activity. Some products also correlate data collected in the workplace with employees' criminal records, credit histories, and other information. Such tactics alarm some observers. Jeff Newhouse, a system administrator for a Wall Street firm, said he would likely refuse to work for a company that uses such tools. Nick Freson, a systems administrator from Brooklyn, pointed out that companies are in a difficult situation because they are faulted if they snoop on employees, and they are faulted if they fail to uncover employee fraud. Wired News, 13 December 2002 http://www.wired.com/news/infostructure/0,1377,56826,00.html CALIFORNIA LAWS REQUIRE DISCLOSURE OF SECURITY LAPSES A new law in California will require companies to notify customers if a lapse in computer security has allowed unauthorized access of the users' identities and personal information. In all, the California legislature approved more than a dozen measures this session dealing with identity theft. A draft is being circulated of another bill, written by California Senator Diane Feinstein, that would require businesses to disclose information about all lapses in security to police. Many security experts say that early detection and notification are vital in dealing with identity theft, giving consumers ample time to address the problem if they know their personal information has been exposed. California has taken a very proactive stance on disclosure of security breaches, even when companies are unsure if personal information was obtained. Some argue that the laws go too far. Mark Rasch, former head of the Computer Crime Unit at the U.S. Department of Justice, said the laws are onerous and "a potential public relations nightmare" for companies that are forced to reveal security lapses. ComputerWorld, 13 December 2002 http://www.idg.net/ic_989654_1794_9-10000.html IDC FORECASTS CYBERTERROR IN 2003 Research firm IDC has released a set of predictions for information technology in 2003, based on opinions of its staff of more than 700 analysts in most areas of technology. Included on the list is a prediction for a major cyberattack, one that will disrupt all online traffic for at least one day and will have serious implications for the economy. The company also predicts an increase in IT spending of more than six percent. A strong move away from UNIX systems to Linux is also in the cards, according to IDC. Analysts at IDC said that many users see Linux as a low-end type of UNIX, though this is not technically true, and that the market for strictly UNIX vendors is becoming increasingly difficult. NewsFactor Network, 13 December 2002 http://www.newsfactor.com/perl/story/20242.html AND ***************************************************** SEVIS DATA-ENTRY DEADLINE EXTENDED The deadline for colleges and universities to enter information about their international students into the new Student and Exchange Visitor Information System (SEVIS) has been extended, from January 30, 2003, to August 1, 2003. The Immigration and Naturalization Service (INS) announced the extension with the release of a finalized set of rules released this week on the functioning of SEVIS. Under the new rules, January 30 becomes the deadline for schools that enroll foreign students to sign up with SEVIS. Although some institutions reportedly were pleased with the extra time, observers noted that the final SEVIS rules require more information on foreign students, including whether they receive practical training in their fields of study and information about work experience related to the students' educations. Chronicle of Higher Education, 12 December 2002 (sub. req'd) http://chronicle.com/daily/2002/12/2002121202n.htm POOR SECURITY COMPROMISES JSTOR An unidentified hacker was able to exploit security weaknesses in several college networks to download about 50,000 articles from JSTOR, a nonprofit that maintains a digital library of scholarly journals. Access to JSTOR is by subscription, but several proxy servers at subscribing institutions were open for public use. According to Kevin M. Guthrie, president of JSTOR, the number of articles downloaded before the organization stopped the theft represents about five percent of JSTOR's library. Guthrie expressed concern that some colleges and universities are unaware that proxy servers, which are used to authorize user access to certain content, that are left "open" can be used by a hacker outside of the institution to access content inappropriately. Chronicle of Higher Education, 12 December 2002 http://chronicle.com/free/2002/12/2002121201t.htm WALL STREET JOURNAL FAULTS FREE SITES A new ad campaign from The Wall Street Journal tells consumers that free news sites are poor places to read well-researched, high-quality reporting. The ads, which criticize free sites as being uninformed, simplistic, and unreliable, are running on some of those free sites, including The Motley Fool, Hoover's Online, Bloomberg.com, and CBS MarketWatch. Representatives of some of those sites said that they do not see themselves as direct competitors with The Wall Street Journal and, half jokingly, that they are happy to take the Journal's ad money. Scott Schulman of Dow Jones, which publishes the Journal, said the ads are intended to show consumers that the Journal's content is different, valuable, and worth paying for. At the end of the third quarter, The Journal Online had 664,000 paid subscribers, 9 percent more than a year earlier. New York Times, 13 December 2002 (registration req'd) http://www.nytimes.com/2002/12/12/business/media/12ADCO.html ***************************************************** EDUPAGE INFORMATION To subscribe, unsubscribe, or change your settings, visit http://www.educause.edu/pub/edupage/edupage.html Or, you can subscribe or unsubscribe by sending e-mail to [EMAIL PROTECTED] To SUBSCRIBE, in the body of the message type: SUBSCRIBE Edupage YourFirstName YourLastName To UNSUBSCRIBE, in the body of the message type: SIGNOFF Edupage If you have subscription problems, send e-mail to [EMAIL PROTECTED] For past issues of Edupage or information about translations of Edupage into other languages, visit http://www.educause.edu/pub/edupage/edupage.html ***************************************************** OTHER EDUCAUSE PUBLICATIONS EDUCAUSE publishes periodicals, including "EQ" and "EDUCAUSE Review," books, and other materials dealing with the impacts and implications of information technology in higher education. For information on EDUCAUSE publications see http://www.educause.edu/pub/ ***************************************************** CONFERENCES For information on all EDUCAUSE learning and networking opportunities, see http://www.educause.edu/conference/ ***************************************************** COPYRIGHT Edupage copyright (c) 2002, EDUCAUSE
