Cipher Issue 91, July 2009, Editor's Letter

Dear Readers,

These are the summer security doldrums, the time when people attend conferences in pleasant vacation spots but do not announce many new conferences. But, for some, this is the season of national cyberwarfare, and the fog of war was never more murky than in this arena. Has a north attacked a south? Or has a third-party, acting through one nation, attacked another? We may never know, and that is cause for concern --- could one lose a war without ever knowing it had started?

Our Cipher contributors have been writing through the July heat, and we are pleased to have a Richard Austin book review and a detailed set of notes for the recent DIMVA ("Detection, Intrusion, Malware, and Vulnerability Assessment" conference.

The Technical Committee on Security and Privacy is planning to honor the many people who have made the "Oakland" conference so successful over the last many years by holding a special anniversary event next year. Watch Cipher for more news about the plans.

My parting thought concerns the news about a software error that charged some 17,000 people the sum of 23 quadrillion dollars each. First of all, we should all be practicing the sequence "million-billion-trillion-quadrillion" if we want to be able to discuss global finance coherently. Second of all, if mistakes of this magnitude fall through the cracks, what hope to we have of producing verifiably secure software to prevent hacking? About one chance in 2 to the power 23 quadrillion, by my reckoning.

    Hilarie Orman
    Cipher Editor