News Bits
NIST announces the release of draft Special Publication 800-120, Recommendation for EAP Methods Used in Wireless Network Access Authentication, This Recommendation specifies security requirements for authentication methods with key establishment supported by the Extensible Authentication Protocol (EAP) defined in IETF RFC 3748 for wireless access authentications to federal networks. Please submit comments to 800-120comments@nist.gov with "Comments on SP 800-120" in the subject line.
The comment period closes on January 30, 2009.
Applications are Invited for the Position of Editor-in-Chief for IEEE Transactions on Dependable and Secure Computing, http://www.computer.org/tdsc
The IEEE Computer Society seeks applicants for the position of Editor-in-Chief (EIC) of IEEE Transactions on Dependable and Secure Computing. The initial two-year term of the new EIC is to begin 1 January 2010.
QUALIFICATIONS AND REQUIREMENTS
In general, candidates for all IEEE Computer Society Editor in Chief
positions should possess a good understanding of industry, academic, and
government aspects of the specific publication's field. IEEE Transactions on
Dependable and Secure Computing emphasizes the research into foundations,
methodologies, and mechanisms that support the achievement-through design,
modeling, and evaluation-of systems and networks that are dependable and
secure to the desired degree without compromising performance. The focus also
includes measurement, modeling, and simulation techniques, and foundations
for jointly evaluating, verifying, and designing for performance, security,
and dependability constraints. In addition, candidates must demonstrate the
managerial skills necessary to process manuscripts through the editorial
cycle in a timely fashion. An EIC must be able to attract respected experts
to his or her editorial board. Major responsibilities of the EIC include
Applicants should possess recognized expertise in the computer science and engineering community, have editorial experience, and be able to lead an active editorial board and work effectively with technical and publishing professionals. Applicants must have clear employer support.
SEARCH PROCEDURE
Prospective candidates are asked to provide a complete resume or curriculum
vitae, a brief plan (or vision statement) for the publication's future, and a
letter of support from their institution or employer in electronic form by
2 March 2009. Material should be sent as PDF files to Jennifer Carruth
jcarruth@computer.org , the staff coordinator for the IEEE TDSC search, who
will coordinate getting all information to the search committee and its
Chair.
Researchers in the Netherlands carried out a tour de force of trust exploitation by capitalizing on a well-known weakness in the MD5 hash function. Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger state:
We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.