by Mark Ward, Technology Correspondent, BBC News website

Like many subjects, information security comes with its own terminology and the jargon can be opaque to outsiders. Below is the list of terms in the Glossary that helps shed light on the murky world of cyber crime.

DCL: I thought it might be interesting to compare it with our event processing glossary.  Note the links into the definitions in the glossary don’t work, my fault!  Enjoy!

Hi-Tech Crime Glossary

Adware Blackhat Bot Botnet Botnet herder Bullet-proof hosting Carder Cash-out Channel Cross-site scripting Dead-drop DDoS Drive-by download Exploit Firewall Honeypot IP Address

IRC Keylogger Malware Man-in-the-middle Packet sniffing Phishing Port Roots Script kiddie Spyware TCP Trojan Virus Whitehat Worm Zero day Zombie

by Declan McCullagh cnet news

The Department of Homeland Security’s top cybersecurity official told CNET on Wednesday that the department may eventually extend its Einstein technology, which is designed to detect and prevent electronic attacks, to networks operated by the private sector. The technology was created for federal networks.

Greg Schaffer, assistant secretary for cybersecurity and communications, said in an interview that the department is evaluating whether Einstein “makes sense for expansion to critical infrastructure spaces” over time.

Not much is known about how Einstein works, and the House Intelligence Committee once charged that descriptions were overly “vague” because of “excessive classification.” The White House did confirm this week that the latest version, called Einstein 3, involves attempting to thwart in-progress cyberattacks by sharing information with the National Security Agency.

Greater federal involvement in privately operated networks may spark privacy or surveillance concerns, not least because of the NSA’s central involvement in the Bush administration’s warrantless wiretapping scandal. Earlier reports have said that Einstein 3 has the ability to read the content of emails and other messages, and that AT&T has been asked to test the system. (The Obama administration says the “contents” of communications are not shared with the NSA.) Read the report

by Dan Costa, PCmag.com

“If Apple’s target is Google’s Android, why is the company going after HTC? Because HTC brought a knife to a gun fight.”

Apple’s claim that HTC’s Android phones violate at least 20 of its patents seems, at a glance, like simple corporate maneuvering. Android is, arguably, the iPhone OS’s strongest competitor, so it shouldn’t come as a surprise that Apple would throw up some legal hurdles. But the suit, ultimately, shows how our patent system protects large, veteran companies and punishes upstart contenders.

First, let’s examine Apple’s claims. The company filed suit in the U.S. District Court in Delaware with 20 instances of patent violations, most involving the iPhone. Apple also appealed to the International Trade Commission, whose only recourse would be to ban the import of HTC phones from the United States entirely. There are a fairly wide range of patents, but many of them are interface-related. Truly understanding the claims requires some engineering experience, a law degree, and a finely-tuned B.S. detector. I have one of the three.

Take Patent #7,657,849: For Unlocking A Device By Performing Gestures On An Unlock Image. That’s right, Apple owns that sideways swipe that wakes up the iPhone—and just about every other smartphone on the market. As written, it would also apply to the Palm Pre’s Upward Thumb Swipe Unlock gesture. I suspect that the act of touching, itself, is patent pending…… Read the Blog.

DCL comment: This is only implicitly about event processing. But it shows how absurdly ignorant the patent award process has become. It can be argued that most of these patents should never have been allowed in the first place. I wonder what’s happening  with patents in CEP and event processing in general?

by Janine Milne, CBR OnLine

Progress CTO John Bates discusses in a Q&A session the future of business process management  and why buying Savvion was important to company’s strategy.

Q: Why did you buy Savvion?
A: We did an exhaustive search for a BPM company that would be a perfect fit for us and we felt Savvion was that perfect fit. We’d been partnering with Lombardi for years, but they are not really an enterprise company, more departmental. They are a good bunch of people but it didn’t fit what we needed. Our customers want to be able to respond and dynamically change and react to their customers before their competition does – they are looking for operational responsiveness. …..

Q: Can we expect to see more acquisitions in this space, particularly as IBM recently bought Lombardi? …. Read the session.

by Chris Kanaracus, IDG News Service

CEP (complex-event processing) vendor Streambase on Tuesday launched a Web site where customers, developers and partners can download, share and perhaps one day sell components.

The new Streambase Component Exchange is stocked with an initial set of items, including an adapter for pulling in Twitter streams, an integration with the Python programming language, and domain-specific algorithms. The vendor hopes the exchange will help flesh out its ecosystem, which now includes roughly 100 customers and several hundred developers. Right now, the components are available at no charge, but that could change in the future, company officials said. …..

Streambase’s “open-edge” licensing model for the exchange states in part that components are not “supported, verified or endorsed by Streambase, even when created by a Streambase employee, partner or affiliate.” However, the code may be redistributed, modified and used in both source and binary forms as long as certain conditions are met. PC World report

Since version 1 of the Glossary of event processing terminology was published nearly two years ago there has been a demand to add additional commonly used terms.  This draft of version 2  includes about 20 additional terms, a modest extension of version 1.

The draft of the proposed Glossary version 2 in pdf format is now available here for comments by the event processing community.  Your comments will be very helpful in making final decisions about what to include or not to include. Please add your comments to the EPTS forum discussion (see the EPTS link on the right). There is a simple process to join the forum if you’re not already a member.

EPTS Glossary v.2 draft full 2 February 2010 to post for comment

(Please note that all comments and suggested changes are subject to the EPTS copyright agreement, see
http://www.ep-ts.com/content/view/61/95/  )

by Elinor Mills, CNET News

Peiter Zatko–a respected hacker known as “Mudge”–has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks, CNET has learned.

Zatko will become a program manager in mid-March within the Strategic Technologies Office at DARPA (Defense Advanced Research Projects Agency), which is the research and development office for the Department of Defense. His focus will be cybersecurity, he said in an interview with CNET on Tuesday.

One of his main goals will be to fund researchers at hacker spaces, start-ups, and boutiques who are most likely to develop technologies that can leapfrog what comes out of large corporations. “I want revolutionary changes. I don’t want evolutionary ones,” he said.

He’s also hoping that giving a big push to research and development will do more to advance the progress of cybersecurity than public policy decisions have been able to do over the past few decades.  “Not much has changed” with regard to strengthening the U.S. cybersecurity position, he said. “As a society, we have a larger dependence on being wired in, yet the government only focuses on particular areas.” ………………

Zatko cut his security chops as a teen-age hacker in the 1980s and managed to stay one step ahead of the law. He ran the L0pht hacker space during the 1990s, where he invented anti-sniffing technology that became the first remote promiscuous system detector used by the Defense Department. He also pioneered work on buffer overflows, which are a basis for many computer network attacks.  Report

by John Poulter, ComputerWeekly.com

The foiled Christmas Day attempt to blow up a plane over Detroit has once again sparked debate about international security and how data relating to passengers is tracked and managed.

Frustratingly, whilst Umar Farouk Abdulmutallab, the alleged bomber, appeared on several terrorist databases and ‘watch lists’ his status was not elevated to a category that would have prevented him boarding the flight. The US terrorist watch list alone includes the names of more than one million people. Monitoring air bound passengers may seem like a daunting task for many, however, this issue of managing growing amounts of information is not exclusive to governments, but is a problem for industries worldwide.

In today’s digital world every individual has a trail of information that they leave in their wake, whether it be from using credit cards, computers or making a phone call. The volume of this kind of data is increasing exponentially, along with the locations the data is found in. The challenge for security organisations worldwide is to identify which information is important and then from there sharing the data across agencies. …..

In the case of the recent attempt, another technique known as complex event processing could have flagged two seemingly independent events – that the ticket was paid for in cash, and the suspected terrorist did not have any checked bags – and generated an immediate alert for additional screening given that he was on a watch list. Essentially, complex event processing compares multiple events with the goal of identifying the meaningful ones. Having this kind of technology in place would enable responses to possible threats as they occur by giving the right people access to the right information when they most need it.  Article

Companies Fight Endless War Against Computer Attacks

by STEVE LOHR, New York Times

The recent computer attacks on the mighty Google left every corporate network in the world looking a little less safe.

Google’s confrontation with China — over government censorship in general and specific attacks on its systems — is an exceptional case, of course, extending to human rights and international politics as well as high-tech spying. But the intrusion into Google’s computers and related attacks from within China on some 30 other companies point to the rising sophistication of such assaults and the vulnerability of even the best defenses, security experts say.  …

Computer security is an ever-escalating competition between so-called black-hat attackers and white-hat defenders. One of the attackers’ main tools is malicious software, known as malware, which has steadily evolved in recent years. Malware was once mainly viruses and worms, digital pests that gummed up and sometimes damaged personal computers and networks.

Malware today, however, is likely to be more subtle and selective, nesting inside corporate networks. And it can be a tool for industrial espionage, transmitting digital copies of trade secrets, customer lists, future plans and contracts. ……

Security experts say employee awareness and training are a crucial defense. Often, malware infections are a result of high-tech twists on old-fashioned cons. One scam, for example, involves small U.S.B. flash drives, left in a company parking lot, adorned with the company logo. Curious employees pick them up, put them in their computers and open what looks like an innocuous document. In fact, once run, it is software that collects passwords and other confidential information on a user’s computer and sends it to the attackers. More advanced malware can allow an outsider to completely take over the PC and, from there, explore a company’s network. … Article

See also  “Fearing Hackers Who Leave No Trace”

The Federal Communications Commission is considering aggressive moves to stake out its authority to oversee consumer access to the Internet, as a recent court hearing and industry opposition have cast doubt on its power over Web service providers.  The FCC, which regulates public access to telephone and television services, has been working to claim the same role for the Internet. The stakes are high, as the Obama administration pushes an agenda of open broadband access for all and big corporations work to protect their enormous investments in a new and powerful medium.

“This is a pivotal moment,” said Ben Scott, director of policy at the public interest group Free Press. The government wants to treat broadband Internet as a national infrastructure, he said, like phone lines or the broadcast spectrum. But federal regulators are grappling with older policies that do not clearly protect consumers’ access to the Web, their privacy or prices of service.

The issue may have reached a turning point last week when a federal appeals court questioned the limits of the FCC’s authority in a 2008 case involving Comcast. Article