Cipher Issue 160, March 29, 2021, Editor's Letter

Dear Readers,

You can help determine the best security paper of 2020. Nominations from the public are open for the National Security Agency's Best Science of Cybersecurity award through April 15. The winning authors will be honored at an awards ceremony (someday this will be an in-person event again). See our News section for more information. Past winners and honorable mentions are described at https://cps-vo.org/group/sos/papercompetition/pastcompetitions.

The venerable Security and Privacy Symposium is always held in May, and this year is no exception, although it will again be virtual. The dates are May 23-27, and some of the accepted paper titles are now listed on the website, https://www.ieee-security.org/TC/SP2021/program-papers.html . Registration information will be available soon.

The downwinders of the SolarWinds hack are numerous, but the resulting revelation of a vulnerability in Microsoft's Exchange product has turned out to be worse. Enterprises seem to have the unenviable choice of running local email servers with buggy proprietary software or trusting a third-party email provider with all their messages. Which is better? The pendulum swings, and having swung, swings back.

CyberOps

Hackers are from everywhere,
Hackers all are thieves,
A Hacker came to GMail,
And stole my private keys.
I phished at Hacker's house,
But Hacker wasn't there.
Hacker came to my house,
Leaving ransomware.
I went to Hacker's house,
Hacker used Exchange,
I stole his email,
And beat about his head.

      Hilarie Orman