[ISN] Tech companies: Do as Bond would do
http://news.com.com/2100-1001-940195.html?tag=fd_top By Tiffany Kary Staff Writer, CNET News.com June 27, 2002, 5:05 PM PT NEW YORK--The head of a government-based venture capital firm pleaded to the information technology industry: Be like James Bond. The fictional British spy used technology to his advantage when tracking down criminal masterminds. But in the real-world fight against terrorism, the situation shouldn't be different, Gilman Louie, chief executive of In-Q-Tel, said during a keynote speech at the TechXNY trade show here. I am asking all of you in this room to do one thing: to think about how we can employ these technologies to give ourselves a competitive edge, Louie said. His speech, called James Bond Saves the USA, stressed that the government's ability to analyze and distribute information quickly is the greatest weapon it has in diffusing terrorist threats. The cooperation of IT companies in the fight against terrorism is not a new call. After the Sept. 11 attacks, the U.S. government proposed several funding initiatives to spur technology innovation that could help so-called homeland security. In-Q-Tel is a nonprofit technology company funded by the CIA. The company identifies technologies that could be of use to national security efforts and works with businesses to develop technologies as well. The partnership of technology companies and government was evident at this year's show. For the first time, the FBI had a booth, and FBI agent Harold Hendershot gave a keynote speech--a spot usually reserved for industry executives. Security was one of the most popular themes on the floor and on discussion panels this year, according to show director Christina Condos of CMP Media. Louie urged IT companies to help solve technology problems for corporate America because at the same time, he said, those technologies could eventually help the government's cause. If we want to make IT effective for the government, we have to make it effective for the people, Louie said. In-Q-Tel has invested in 30 companies since its launch in 1999. More than 12 technologies from those companies are being used by the government, Louie said. Some of the companies In-Q-Tel has invested in include Attensity, a Salt Lake City-based data integration company; Stratify, a Mountain View, Calif.-based database management company; and SafeWeb, an Emeryville, Calif.-based security company. Managing information overload Louie outlined a number of problems for which his company is seeking technology fixes. Keeping track of various information amid a deluge of spam or unwanted e-mail is a challenge many individuals face--and one companies should address aggressively, he said. The same technologies that can solve America's e-mail problem and eliminate the phone tag game will also help intelligence analysts do their jobs, he said. Technologies to improve data mining or anything that can save a worker 20 minutes a day will also help the government, he added. We cannot afford to have this country buried in information it can't digest. Security for hardware and equipment is another issue where there is much room for corporate and government crossover, Louie said. The government needs laptops that are secure and tamper-proof if lost. Corporate CEOs require similar safeguards, as customer lists and corporate secrets are often kept on handhelds or laptops. Current methods of security only slow down portable devices, Louie said, and often cause file access times to lag by as much as a factor of ten. Also on the radar for companies should be better practices for backing up data and planning for recovery in the event of a disaster. The current technologies aren't adequate for the government--or the private sector, Louie said. Storing all backup data in one secure place--the silo philosophy--or simply mirroring or copying data isn't good enough, he said. I have a fail-proof test, Louie said. Tell everyone to stay home one day. Give them no access to the company's intranets and see if the company can still do business. - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.
[ISN] Tip from Mtn. View sparked online terror probe
Forwarded from: William Knowles [EMAIL PROTECTED] http://www.siliconvalley.com/mld/siliconvalley/3554398.htm By Sean Webby Mercury News June 27, 2002 Laura Wigod, Mountain View's Web site coordinator, was thrilled when she first noticed the Middle Easterners visiting the city's site. ``Oh, wow! That is so neat that we have visitors from Saudi Arabia,'' Wigod recalled thinking to herself as she looked over Web transaction report one Monday in August. Wigod was studying Farsi, the main language spoken in Iran, and was fascinated by the Mideast. It wasn't until October, after Sept. 11 and with the faraway hits on the site continuing -- from Saudi Arabia, Pakistan and the United Arab Emirates -- that she got a chilling thought: Why would someone in the Middle East be so intently researching how the Silicon Valley city's water system, utilities and police department worked? Her observations, which were soon shared with the FBI, were apparently the catalyst for an investigation that documented a much larger pattern throughout the country, now of great concern to the U.S. government. A disturbing pattern ``We did get the impression from the FBI that no one else had yet identified this pattern,'' City Manager Kevin Duggan said. ``We are very happy we played a part in helping identify this issue for a broader array of public agencies that could in theory be potential targets.'' Duggan reported that the FBI had identified at least 30 other municipalities with similar patterns. The FBI did not return phone calls late Wednesday. Mountain View police confirmed that their department referred the pattern to federal investigators and helped them investigate it. Wigod's reports showed that at least 50 times since August 2001, people in certain Middle Eastern countries had used the Google or Yahoo search engines to bring up the city's official Web site. Specifically, they had spent time looking at the site's links to Mountain View's engineering standards, its police and fire operations and its utilities. ``It was a little chilling,'' Wigod said. ``What made me nervous was what they were looking at. Why were they downloading the water report?'' Wigod then brought the information to her supervisor and the Mountain View Police Department. ``It seemed curious,'' Duggan said. ``We didn't want to leap to any conclusions about it. But when you see a pattern like that you can't be complacent.'' Police take over Detective Chris Hsiung -- at the time the department's high-tech investigator -- took over the case, said police news officer Jim Bennett. After examining the traffic, Hsiung called the FBI's high-tech squad in the Bay Area and began working with them on the investigation. Hsiung, who is now a patrol supervisor, would not comment for this story. Meanwhile, the city continued to quietly watch the Web site. The hits kept coming. On Oct. 18, the city decided -- on the advice of the FBI -- to shut down the Web site. By the next Monday, after having stripped off a variety of information relating to the city's water supply and some public-safety operations, they put the site back up. Duggan cautioned that he had no reason to believe that Mountain View is, or was, a terror target. After she discovered the pattern, Wigod kept her secret to herself. But she said she was quietly thrilled whenever she saw the president warning about cyberterror or an FBI warning about threats to the water system. ``I go, `Wooo, I'm thwarting terrorists!' '' *==* Communications without intelligence is noise; Intelligence without communications is irrelevant. Gen Alfred. M. Gray, USMC C4I.org - Computer Security, Intelligence - http://www.c4i.org *==* - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.
[ISN] WS-Security Spec Sent to OASIS
http://www.eweek.com/article2/0,3959,290627,00.asp June 27, 2002 By Darryl K. Taft Moving ahead on promises made when they formed the initiative in April, IBM, Microsoft Corp. and VeriSign Inc. Thursday announced that they will submit the latest version of the Web Services Security (WS-Security) specification to the Organization for the Advancement of Structured Information Standards for ongoing development. The WS-Security specification is a leading Web services standards effort to support, integrate and unify multiple security models, mechanisms and technologies, allowing a variety of systems to interoperate in a platform- and language-neutral manner, the companies said. Eric Newcomer, chief technology officer of Iona Technologies Inc., in Waltham, Mass., and a founding member of the working group that will handle the WS-Security standards effort within OASIS, said from his perspective IBM and Microsoft grew impatient with the efforts of the Worldwide Web Consortium (W3C) to deliver a standard around security and Web services. Newcomer, a member of the W3C Web Services Architecture Working Group, said the group has been trying to create a security working group at the W3C to no avail. It's hard to do, he said. However, I'd say it's a good choice, Newcomer said of the decision to push the standard through OASIS. They have a good track record delivering standards, he said. In addition to Iona, many OASIS member companies pledged support for WS-Security, including Baltimore Technologies plc., BEA Systems Inc., Documentum Inc., Entrust Inc., Netegrity Inc., Novell Inc., Oblix Inc., RSA Security Inc., SAP AG, Sun Microsystems Inc., Systinet Corp. and Vodafone Group plc. With this announcement, IBM, Microsoft and VeriSign strengthened their commitment to build and deliver standards-based security solutions, the companies said. The three companies will continue to work together to advance standards-based specifications that will allow for comprehensive Web services security solutions as outlined in the Security in a Web Services World road map, which was drafted by IBM and Microsoft in April. We have to make some progress, and we have to get this stuff standardized, Newcomer said. The WS-Security specification, which provides the foundation for that road map, defines a standard set of Simple Object Access Protocol (SOAP) extensions, or message headers, which can be used to implement integrity and confidentiality in Web services applications. Web services are applications that can be accessed through XML and SOAP-based protocols, making them platform- and language-independent. WS-Security provides a foundation layer for secure Web services, laying the groundwork for higher-level facilities such as federation, policy and trust. - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.