THE MAGAZINE

For all the malicious code that has attacked computers in recent years, no widespread worm has actually targeted security software--until now. The Witty Worm, which struck in March, targeted a vulnerability in firewall products from Internet Security Systems (ISS).

The CAN-SPAM Act, intended to choke off the onslaught of junk e-mail, has generated copious commentary, criticism, congressional statements, and controversy. Now all that has been collected into one place: the CAN-SPAM Library at GigaLaw.com, a site created by attorney Douglas M. Isenberg to serve as a compendium of legal information related to the Internet. The library includes the text of the law and its legislative history, as well as links to relevant litigation, Federal Trade Commission regulations, and research reports. @ Link to the CAN-SPAM Library through SM Online.

A new bill introduced by California State Senator Debra Bowen (D-Redondo Beach) would restrict the use of information collected by radio frequency identification (RFID) tags.

The history and basics of computer forensics are laid out in "Computer Forensics: Characteristics and Preservation of Digital Evidence," an article by FBI computer forensic examiner Loren D. Mercer in a recent issue of the FBI Law Enforcement Bulletin.

Claims that open-source operating systems such as Linux are inherently more secure than Windows took a beating recently when Zone-H.org, an online group that collects attack information, released graphic representations of the Web-server intrusions against various operating systems between January 2003 and January 2004. In most months under review, Linux operating systems were successfully attacked far more often than Windows. @ More information on the Zone-H.org data is available via SM Online.

Security is only as strong as the weakest link in the chain, so even organizations with the most well-thought-out security programs can be jeopardized if their partners' security practices are lax. This is true of the Department of Defense as well its Defense Security Service, which monitors the information-security programs of more than 11,000 contractors, "cannot identify systemic vulnerabilities and make corrective changes to reduce the risk of information compromise" from contractors.

The search engine Google has achieved such ubiquity that it's already become a verb. Who hasn't googled an old friend, high-school flame, or job applicant? But its success has a dark side: It has become a chief source of information for hackers and virus writers who have learned how to use the search engine to dig up information that Web sites did not intend to make public.

The growing popularity of attacks against Web-browser software is evident in new research conducted by CompTIA, the Computing Technology Industry Association. The survey found that 36.8 percent of the nearly 900 organizations interviewed had seen browser-based attacks jump 25 percent from the previous year. Browser-based attacks are those that take place when a Web page contains malicious code that can compromise a Web browser. @ More information on the CompTIA survey is at SM Online.

The document defines public safety requirements and roles and then defines the various types of communications services, from voice to data. It then lays out a number of communications scenarios, such as the one mentioned, to give an idea of the challenges faced in improving the ability of public safety personnel to communicate among themselves and with other agencies and organizations with whom they work, as well as with the public. The paper then identifies wireless communications operational needs and gives definitions of wireless communications functional requirements. A glossary and a list of system capabilities can be found in appendices.

The California Court of Appeal has ruled that an Internet message board is a public forum and that a posting critical of a publicly traded company or its management practices is of public interest and cannot be censored. The lawsuit concerned alleged defamatory statements posted on an Internet message board. (National Technical Systems, Inc., v. Schoneman, California Court of Appeal, No. B162794, 2004)

A CCTV system is deemed fit for a chain of gyms.

Highly acclaimed in its first edition, the update of Geoff Craighead's High-Rise Security and Fire Life Safety manages to outdo the original. The thoroughly referenced work picks up where the last edition left off, detailing advances in practices and technology as well as discussing the impact of the destruction of the Twin Towers. It's destined to be a bible to building security professionals, an in-depth overview for other security professionals, and an engaging read for laypersons.

Developing a security mind, contends Day, involves moving from a focus on details to an overarching sensitivity to basic virtues and rules of security. Fundamental to the security mind are four security virtues and eight rules of IT security.

Checklists, though mundane, are a key component of many jobs. They help ensure that key issues aren't overlooked, and they serve as guideposts for anyone auditing the work. This book provides technology managers with a very good preparatory set of details and checklists for their e-commerce infrastructure. The book can also show a corporate auditor what to look for to ensure that appropriate controls are in place.

This book addresses the issue of providing professional training to security officers and supervisors who seek a career in security. A user-friendly text, it is filled with checklists covering topics such as how to improve job performance and prepare for a job interview.

Virtually everyone in the stock market in 2001 and 2002 was blindsided by the Internet bubble and various corporate frauds. How did it happen? Who is to blame? For insightful, authoritative answers, a good place to turn is to Harvard Business School Professor D. Quinn Mills's book .