Items from security-related news (E74.Sep-2006)
One vulnerable application is the Domain Name Service (DNS) resolver based on the widely used BIND software. BIND uses OpenSSL and inherits the vulnerability. Because the error in in the verifier, security-conscious administrators will want to make sure that they do not use a signing key based on exponent 3.
"Security and Privacy" is a common term, and the brouhaha about AOL's attempt to help researchers shows why privacy remains an elusive goal in a world of increasing Internet use. We've known for a long time that large collections of information can yield surprising inferences when properly collated, but the amazing insights into the personal lives of AOL users was astonishing. Caveat espicator.
Research conducted at the Georgia Institute of Technology's College of Computing identified two additional techniques for combating spam: improving the security of the Internet's routing infrastructure and developing algorithms to identify computers' membership in "botnets".
Nick Feamster, a Georgia Tech assistant professor of computing and his Ph.D. student Anirudh Ramachandran will present their findings on Sept. 14, 2006 in Pisa, Italy, at the Association for Computing Machinery's annual flagship conference of its Special Interest Group on Data Communication (SIGCOMM).
From 18 months of Internet routing and spam data the researchers
* Internet routes are being hijacked by spammers;
* they can identify many narrow ranges within Internet protocol (IP) address space that are generating only spam, and
* and they can identify the Internet service providers (ISP) from which spam is coming.
"We know route hijacking is occurring," Feamster said. "It's being done by a small, but fairly persistent and sophisticated group of spammers, who cannot be traced using conventional methods."