News Bits

June 7, 2002

I received a correspondence from Carl Landwehr proposing a fascinating "community project" whose goal is to develop a timeline with important events and work in computer security. Have a look at the PDF files to see the start of that work. here is an excerpt from Carl:

"What I am hoping others (students?) might like to do as a community project, would be for someone (or some many) to produce from this a set of database entries of the form: (date, event, reference) that could be used to help construct (or reconstruct) the history of significant events in computer security. There are lots of important events in the history of security/information assurance technology (e.g. creation and development of firewalls, VPNs, public key crypto) that are not to be found anywhere on these charts. These baseline events could be strung together in (probably endless) ways, according to one's prejudices and beliefs, to indicate which events were significant, which influenced what other events, what streams of thought and investigation were pursued, etc. Having the tuples might be a useful place to start. The first of these timelines [see the PDF files] is an updated and abstracted version of the second one; the others are even older and were made for other purposes. I happily place them in the public domain, warts and all."

If you have thoughts on this or would like to participate, send a note to me ( or to Carl directly (

August  2002

IEEE Computer Society initiates a search for the first editor in chief of IEEE Security and Privacy magazine.

The IEEE Computer Society is seeking applicants, by 1 October, for the position of editor in chief of IEEE Security & Privacy, a new magazine to be launched in January 2003. The first EIC will serve a two-year term, renewable for a second two years.

The full call is located at


July 26,  2002

Correspondence from reader Susan Gerhart (

Interactive Instructional Materials Available ---

Buffer Overflows, Cryptography, Personnel, Scenarios

Please visit

Work performed under National Science Foundation Grant 0113627 Embry-Riddle Aeronautical University, Prescott AZ College of Engineering

Buffer Overflow Security Vulnerabilities -
-how do buffer overflows occur?
-what can be done to prevent and to defend against them?
-what was Code Red? (remember, one year ago)

- Java applet simulations of buffer overflow attacks
- Instructional tutorials (Macromedia Authorware)
- Lecture-ready PPT and PDF presentations
- Checklists for programmers and testers
- Stimulating quizzes and scavenger hunts
- Easy-to-advanced explanations

!!! Feedback and evaluation sought !!!

Also, cryptography illustrations
- Java applets for sample DES functions
- explanations of confusion and diffusion

Under development:- personnel security, dimensions of security, scenario illustrations of security situations



September 5, 2002


NIST System Security Requirements Seminar (in conjunction with SREIS)

The Computer Security Division of the National Institute of Standards and Technology (NIST) will host a one-day IT security requirements seminar on October 17, 2002 following the SREIS (see The purpose of this security seminar is to present: (1) an overview of the current federal IT security certification and accreditation initiative, (2) a detailed description of the proposed new certification and accreditation process and associated security requirements and controls for IT systems, and (3) an overview of NIST supporting publications on risk management, system security planning, and contingency/continuity of operations planning. The program is available at



News Bits contains correspondence, interesting links, non-commercial announcements and other snippets of information the editor thought that Cipher readers might find interesting.