Quietly, Quiggly s
FTL is not possibl
Once considered th
Concrete may have
Tiffany, you reall
We've recently dis
Chris! I told you
FTL is not possibl
But first, you and
Chris! I told you

Quitetly, Quiggly
We've recently dis
Concrete may have
FTL is not possibl
That turned dark q
Joe's Bar and Gril
Once considered th
Concrete may have
Chris! I told you
Once considered th
<<      >>
We've recently discovered a new method to defeat the attacks, and we're making progress toward developing a solution." There was no mention of the two methods that had been reported in November. That makes experts wonder why the attacks were not disrupted immediately. The first method involves an increase in the amount of random data that a computer system adds to the beginning of each message, raising the cost of an attack and making the messages harder to break. The second attack method relies on changing the time sequence in which bits are transmitted during the transmission of a message. The change makes it more difficult for hackers to use codes that look for particular sequences of bits. "If they had applied the countermeasures quickly, the whole system could have been kept off-line," said Scott Shackelford, a professor of information systems at Indiana University who served as an advisor to the Federal Communications Commission when it launched its Internet Security Advisory Board (ISAB). ? Other experts agreed that the government is likely to blame for the delay in the application of the new security measures. "They may be blaming the wrong people," said Eugene Spafford, professor of computer science at Purdue University. "But they don't want to reveal the real causes." ? As the government continues to blame the ISPs for the attacks, experts say that it doesn't help the situation for the ISPs to remain in denial. "They should know by now that denial isn't helping them," Spafford said. ? As the Federal Trade Commission works to develop and enforce rules to improve security of the new email system, the ISPs may have an important role to play. Experts say the ISPs can play a major role in helping to increase security. They can provide a service that would detect an attack and shut the offenders out of the network. The ISPs, for example, could install software on their customers' computers that would allow an email server to scan messages for viruses or messages that indicate spam is involved. ? But, he said, the problem is a cultural one. "The ISPs need to accept responsibility and be willing to be involved in this fight," Spafford said. But "they need to leave some of the work to the computer security people." ? One of the biggest problems with the current system, the experts say, is that email addresses have become one of the most popular ways for hackers to break into corporate networks and steal information. "People in the corporate world have learned to love email," said David Schuetz, vice president of security research at the Computing Technology Industry Association, which represents the high-tech industry. ? "If you pick an industry, there is a high probability that someone on staff will have a very weak password or be willing to receive email from a bad address," he said. "In addition, many businesspeople have never thought of their e-mail addresses as a security issue." ? The government's plan will cost billions of dollars and probably will create more job losses by putting even more pressure on the ISPs to cut back on expenses, experts say. "There's no way the ISPs can do it without laying off employees," Schuetz said. "This is a huge cost that would have to be absorbed by the companies." ? And many experts say that government spending programs are likely to miss their targets and make the country more dependent on foreign technology companies in order to buy equipment. "This is a very expensive plan," said Spafford. "Not only will the ISPs have to pay for it, the people who buy computers will also have to pay for it." ? One of the reasons the government didn't go to the ISPs sooner is because it has been reluctant to take on the powerful network operators and their allies in Congress, which has the authority to regulate the Internet, Spafford said. The government's delay is a mistake, Spafford said. "The government is making its decision about the security of the Internet without any factual information." ? The FTC was set up by President Clinton in 1995 to regulate e-commerce. But it has not shown much ability to accomplish that goal, and its chairwoman, Clinton appointee Patricia Ireland, has resigned. ? Meanwhile, the ISPs are fighting any federal involvement in security issues, including cybersecurity. The ISPs are currently discussing strategies for fighting off any government regulation of the Internet. One proposal is that the ISPs, with the help of their allies in the high-tech industry, make sure that the government spends the money on broadband Internet access rather than security technology. The current estimate is that the Internet security plan will cost about $50 million a year for five years. But other sources say that the cost could be three times higher. ? But all the experts interviewed for this article agreed that the attacks against the Internet will continue unless the government introduces some reasonable security measures. "The situation will only get worse," Shackelford said. "This will probably go on for the rest of the year." ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ -------------------------------------------------------------------------- ??Internet Security: What's in your e-mail? Posted April 2, 2001 04:19 PM ET Last week's events underscore the fact that when it comes to Internet security, there's no such thing as 100 percent. But what are the odds of you getting hit with the kinds of e-mail viruses, worms, and Trojans that shut down City Hall, Enron, and the White House Web site last week? Our survey of expert security watchers offers some answers. How common are viruses? For those of you working at home, you're more likely to get an e-mail-borne virus than someone who goes into the office, even if you communicate regularly with them. As we noted last week, hackers are in the game for big prizes. Not much chance of getting caught means a higher payoff for the effort involved. For many, viruses are not a big issue. But for some, like those working from home or small companies, they pose a problem. How common are worms? A computer worm is a program that copies itself to other computers by sending messages to people with common e-mail addresses. The most recent one is Mydoom.net. This worm started as an e-mail message that infected users' computers if they clicked on an attached e-mail message that appeared to be from one of the U.S. mail carriers. However, many people were confused and opened the message, thinking it was from a friend. Instead, they sent it on to their friends and colleagues, and so the worm was able to spread rapidly. This worm hit about a dozen companies and organizations that deal with government agencies. How common are Trojans? Unlike viruses and worms, which can hit any computer connected to the Internet, Trojans are programs that hide within specific programs, like word processing software, to attack them. As such, most of us are not at risk from these types of threats. As one security expert we surveyed said, "Who among us hasn't double-clicked on an e-mail attachment or opened a message that had a virus in it?" Are we doing enough? For most of us, the answer is no. As one security expert told us, "We're not