THE MAGAZINE

Two bills that would curtail spyware passed the House of Representatives just before members adjourned to campaign for reelection. H.R. 2929, sponsored by Mary Bono (R-CA), criminalizes actions such as the "hijacking" of a browser, modifying bookmarks or a browser's start page, and installing any type of software program that would spy on a user's sessions. It would prohibit keystroke loggers, and make it illegal to use a "zombie" computer to damage another computer.

A U.K. group of Internet service providers (ISPs) has taken steps to stop spammers with a new "get tough" antispam policy. The 150 members of the London Internet Exchange (LINX)--which also includes major ISPs from Europe, the United States, and Asia--agreed to target and shut down the sites of "spammers who host their e-commerce Web sites with a reputable ISP while sending spam from another network," according to a release from the group. LINX is also calling on ISPs to shut down Web sites that sell spamming tools including CDs "containing millions of illegally collected e-mail addresses."

A Seattle man recently pled guilty in the first criminal conviction under the Health Insurance Portability and Accountability Act (HIPAA) that went into effect a year ago.

Michigan's Department of State runs several large IT systems to manage driver and vehicle information, and it collects nearly $2 billion annually in revenue from vehicle violations and fee collections. However, a recent audit of the IT infrastructure of the department by Michigan's Office of the Auditor General found that the "general controls over security, access, program and data changes, segregation of duties, and service continuity that support mainframe information systems were not effective." As a result, the report concluded that there was "significant risk" that unauthorized access to the systems could compromise the data on these systems. @ The Performance Audit of the Automated Information Systems is at SM Online.

Focusing on the short range may be bad for business--unless you're talking about remote control technology. The latest short-range wireless option is known as ZigBee, an open standard created by a nonprofit consortium of companies called the ZigBee Alliance.

PDAs are more popular than ever, with 2.75 million hand-held devices shipped in the second quarter of 2004 alone. PDAs are more popular than ever, with 2.75 million hand-held devices shipped in the second quarter of 2004 alone. Because criminals are among the loyal users of the devices, those who are tasked with performing forensic examinations of computers must also know how to get data off a PDA in a way that preserves evidence for a court case. A Special Publication of the National Institute of Standards and Technology (NIST) has been developed to help organizations create policies and procedures for dealing with PDA forensics. The document includes information on forensic tools and proper procedures. @ is available through SM Online.

Worms, rootkits, Trojans. These attacks, along with the rest of their malware friends, represent tremendous risks to any network connected to the Internet. And as with any type of security threat, ignorance isn't an option. The good news is that the Internet Storm Center is out there keeping an eye on these threats in real time. Their graphs show what malware is hitting the 'net the hardest and which ports are being targeted each day, and the daily "Handler's Diary" describes what threats IT security pros from SANS are watching and remediating. The SANS Internet Storm Center is this month's Site to See. Get there via SM Online.

Atherton, California, which has fewer than 10,000 residents, doesn't worry a lot about crime. From 2002-2003, there were fewer than 50 reports of vandalism--the highest category of crime in the city. Although the crime rate is low by most standards, police officers in Atherton face many of the same logistical challenges that confront departments twice their size. Securing the evidence room is one such challenge.

Cherry-picking a badge system for harvesters, and keeping a thumb on evidence.

Changing the Guard is an examination of prison privatization in the United States and several other nations. It is a story told through four essays by writers with academic backgrounds in law, sociology, economics, and criminology. Breaking the argument into four separate contributions adds strength through diversity of opinion, but it also creates redundancy--the writers often repeat each other's material.

The book also provides many suggestions on what job seekers should do. From mind-set (keep a level head and get your act together) to obstacles (don't believe age discrimination doesn't exist) to telephone interviewing (write out a telephone script that you feel comfortable with), Crawford's pragmatic counsel will help the reader through the ups and downs of the sometimes brutal job search.

One fascinating chapter explores the disposition of a bank account dormant since the Holocaust and how forensic investigators cracked the case 60 years after the fact. It describes how a large group of investigators went to Switzerland to determine the beneficiaries of dormant World War II-era Swiss bank accounts. The chapter details methodology used to retrieve documents and to discover what was hidden and who was entitled to it.

Author Kathleen M. Sweet is well-credentialed with her military and aviation background. She has done her homework: Her presentation is well-outlined and clearly documented, focusing on how terrorism on commercial aviation affects the world economy. She also reviews terrorist threats, law enforcement efforts, and intelligence-community initiatives.

How trustworthy is a computer system? The answer depends on what the system's owner wants in terms of security performance. Usually in a business, governmental, or academic setting, the owner wants the system to enforce certain access rules to restrict users from reading, writing to, or executing certain data elements. How well a system enforces various access controls determines its trustworthiness.