RSVP for Cyberwar
The Bush Administration has fired its first volley in the war against cyberterrorism and it's a rather polite volley at that. Originally promoted as a White House report titled "The National Strategy to Secure Cyberspace," the fifty-seven page document issued at Stanford University in September 2002 (and online at www.whitehouse.gov/pcipb) is only a draft with an open invitation for commentary. No date has been set for the finalized report on the nation's plan to deal with potential electronic terrorists.
Instead of a real plan, the draft offers suggestions aimed at corporations, small businesses, government agencies, and individuals. Its main focus is a call for increased use of firewall and anti-virus software to protect against Net-borne intruders. The draft also raises the idea for companies to establish internal cybersecurity teams to regularly review their internal IT vulnerabilities. It recommends that state and municipal governments establish their own IT security programs, while working with local law enforcement agencies to concentrate on cybercrime. No new federal cyberterrorism agency is proposed.
Glaringly missing from the draft is a focus on improving the internal security of the Windows operating system, which has long been plagued by holes. Cameron Kelly Brown, president of the New York-based AMIT Consulting, does not find this omission accidental. "Microsoft has placed a large capital investment in the Bush White House, which obviously doesn't want to piss off its investors," he says.
Jon Lasser, president of the Washington, D.C.-area Cluestick Consulting, adds that the lack of proposed regulations and laws in the draft clearly appeals to the tech sector. "The computer industry has always been against regulation. Regulation adds expenses and slows down the organization. It's simple self-interest," he says.
Rob Rosenberger, editor of the Vmyths.com news service and former consultant to government agencies on virus hoaxes, is critical of both the White House and Richard Clarke (who did not return calls for comment), the administration's senior cybersecurity advisor and the driving force behind this effort. "The White House isn't serious," he says. "Richard Clarke claims to fear a coming cyberwar with China, yet he tacitly approved the transfer of computer warfare technology to them. Clarke was the White House counterterrorism coordinator when 9/11 struck. He was too busy looking for cyberterrorism, and he should have been fired outright for the loss of 3,000 lives. But such a firing would have raised too many thorny questions—and probably would have forced the resignation of the National Security Advisor. Now add the fact the White House needs to distract the media so our real counterterrorism experts can fight the war on terror without CNN cameras getting in the way."
—Phil Hall
VeriSign Language
When Fremont, California immigration attorney Anu Gupta inexplicably lost her paid-up domain name, immigrationdesk.com, to an India-based reseller in August, she called VeriSign. Customer service representative "Richard" offered to help, but vanished the next day. Two tech-support reps for the largest registrar of .com domains hung up on her.
Finally, Gupta got angry. "I said, 'If I don't get my domain name back I'm going to create hell for you,'" she recalls. "'This is really not acceptable.'"
It took six days for VeriSign to return Gupta's Web site, but she drummed up publicity for the incident, delivering another costly blow to the company's tattered customer-service image. A federal court ruled earlier this year that VeriSign attempted to poach rivals' customers by sending false renewal notices; the FTC has pledged to investigate the company's marketing practices. In April, VeriSign reported a sharp drop in expiring-address renewals—leading to reduced earnings forecasts and sharply lower stock prices.
"Right now, the registrar business is full of bad behavior, sleazy marketing practices, and poor customer service," says former ICANN chairman Esther Dyson. "The good news is there's more competition, and it should be getting better."
From the Net's early days, VeriSign has been the dominant player in the domain-name registration business. In 2000, the Herndon, Virginia, company paid $21 billion for Network Solutions, to which the U.S. had granted the lucrative rights to pass out domain names. Then ICANN expanded competition to the broad pool of registrars, sending registration prices plummeting.
VeriSign is finally beginning to respond. "We had a kind of monopoly attitude—customers did what we wanted them to do rather than 'we respond to what customers tell us to do,'" says John Donoghue, the company's senior vice president for mass marketing. "That has changed fairly dramatically over the last six months."
Although Donoghue won't talk publicly about Gupta's case, he says enough to contradict her story. "I believe her issue was resolved in twenty-four hours, which is longer than it should have taken—but we were able to get the domain back," he recalls. "We are very focused on satisfying every customer."
—Steve Knopper
Mapping the Great Virtual Unknown
Drawing the Internet is like dancing about architecture—it's nearly impossible. But it's nevertheless essential for developing efficient routing protocols. If you don't know how the Internet is put together, you can't make the most of it.
Until recently, methods of mapping the Internet presumed a random physical distribution of routers. The resulting models still provided a pretty good idea of what was on the Internet—more than 225,000 routers and 162 million hosts at last count—but a less clear idea of how these routers and hosts interacted. "The problem is working out what traffic volumes flow on different links," says Martin Dodge, a researcher at the Centre for Advanced Spatial Analysis, University College London. As an example, he cites WorldCom, "where they were building loads of capacity that was then under-used."
In 1999, physicists were surprised to discover that the physical distribution of nodes on the Internet is not random, but rather scale-free, or fractal, which means that any portion of the network, if magnified, will appear identical to the entire network. A map of this fractal Internet resembles natural systems such as the organization of neurons in the brain, and that's not surprising, since the Internet evolved in an organic manner.
This discovery has several ramifications, according to Albert-László Barabási, a professor of physics at Notre Dame. Barabási published a recent paper about the fractal nature of the Internet in which he and his colleagues wrote that "the likelihood of connecting two nodes [in this case, either routers or autonomous systems] decreases linearly with the distance between them, and the likelihood of connecting to a node with k links increases linearly with k." This means that nodes tend to connect to nearby nodes, which is intuitive, but also that nodes with lots of links tend to attract even more links.
More implications: Protocols designed for random network models fare poorly on the scale-free, real-world Internet. The scale-free Internet displays high tolerance to random node failures—which explains its robustness—but is fragile in the face of attacks. And viruses spread more freely on scale-free networks than on random networks; the new fractal model suggests that blocking viruses at the node level is far more efficient than loading antivirus software onto as many clients as possible.
There's another reason for mapping the Internet correctly. "For many people, the Internet is invisible and mysterious," says Dodge. "Mapping helps make the virtual much more tangible."
—Gordon Bass
Yippee for Yahoo Messenger
Can instant messages really reach mobile phones in an instant?
That's the question facing Yahoo Messenger 5.5, a major upgrade to the company's instant messaging software.
Much like America Online's AIM, Yahoo is extending its IM software to encompass mobile phones, handheld computers, and other wireless devices. The first step of the journey involves mobile phones within the AT&T Wireless network. For $4.99 per month, customers can receive an unlimited number of Yahoo instant messages, and send up to one hundred.
However, the service comes with several caveats—particularly for businesses trying to control telecom costs. If you send more than a hundred instant messages per month from your cell phone, each additional message costs $.10. That expense can add up very quickly, considering more than half of all IM conversations span more than eight messages, according to research firm Gartner.
Another potential concern: Sending an IM from a cell phone requires your message to traverse a wireless network. That may spook some privacy and security advocates, though a Yahoo spokeswoman says the transmissions are secure.
Yahoo has strong brand recognition, but AOL still dominates the instant messaging market. More than 64 million people use AIM, and AOL routes more than 1.38 billion instant messages each day, the company claims. By contrast, Yahoo Messenger handles fewer than 100 million instant messages per day, according to Gartner.
Some users who have given Yahoo Messenger a try ultimately returned to AIM. For instance, Jill Keough, director of academic computing for the New York Institute of Technology, dumped Yahoo's IM software about a year ago, after she noticed an increased number of attempted hacker attacks targeting her computer. She now uses AIM, though her college is reviewing its instant messaging policy to ensure that the academic network doesn't get bogged down with IM traffic.
Meanwhile, AOL continues to up the ante. The company recently unveiled Enterprise AIM Services targeted at business users, including an Enterprise Gateway to monitor the use of IM services within an organization. Moreover, a private domain service with federated authentication allows IT managers to oversee IM users from a corporate directory. AOL also is developing a client with encryption capabilities, though a release date has yet to be disclosed.
—Joseph Panettieri
