Dear Readers,

The Cipher newsletter is published under the auspices of the IEEE Technical Committee on Security and Privacy, and its major activities are the Symposium on Security and Privacy and the Computer Security Foundations Workshop. The symposium will be held May 21-24 at its traditional location, the Claremont Resort in Berkeley, California, and the workshop will be in Venice, Italy, July 5-7. Both events have a long history of featuring excellent research papers. The home page of the technical committee has links to the events, and registration information will be forthcoming shortly.

Cipher gets queries about advertising and announcements frequently, and its multiple modes of publication on occasion cause confusion. Cipher is a floorwax and a dessert topping and a facial lotion, which is to say that it is a newsletter in two forms and a website. The newsletter is published online six times a year; each publication is also sent as plain text email to about 2000 subscribers. The calendar of events and the associated calls-for-papers list on the website get frequent updates that are not tied to the newsletter publication schedule.

This issue of Cipher has book reviews and news items, including an announcement of fellowships at the new Institute for Information Infrastructure Security (I3P), which is funded by the Department of Homeland Security.

It is to no one's surprise that the Windows operating system turned out to have yet another in a long list of vulnerabilities resulting from obscure conditions for interpreting data as executable code. Does anyone remember that old phrase from security evaluations "and nothing else"? In today's world, there's always something else.

The revelations about domestic wiretaps raise questions about what other forms of surveillance we are subjected to, and how would we know? Are there even more obscure forms of computer communication surveillance going by our government than have yet been revealed?

Go privately and securely and suspiciously,

Hilarie Orman
Cipher Editor