THE MAGAZINE

Test your knowledge of tech terms by guessing the following.

Only a few years back, when the vast majority of Internet users were still using dial-up connections to get online, it was all but impossible to make or receive a phone call while surfing the Web.

Researchers have found that the Web site of a popular online chess club has security flaws that could allow players to cheat by giving themselves more time on the clock to think about moves. Adding a few seconds might not seem like a lot, but because players have limited time in which to consider their next move (consider, for example, that some games must be completed in under one minute), a few seconds might be enough to win a game, particularly if those seconds allow a player to feed an opponent's move into a powerful chess-playing program.

A mom-and-pop company with a dozen employees and an organizational behemoth like the Department of Defense both need to secure their computer networks. But not all networks need the same level of protection. A new draft publication of the National Institute of Standards and Technology (NIST) provides recommended sets of security controls for low-, moderate-, and high-impact computer networks.

The Federal Trade Commission (FTC) has been at the forefront of efforts to contain the onslaught of spam that still plagues e-mail in-boxes across the world. Most of its efforts have relied on using legal action as a stick. Now it's trying the carrot as well.

Getting government agencies to share security information means first identifying the networks involved. A congressional briefing by the Government Accountability Office identified nine agencies and 34 networks that support homeland security functions (two of these networks are still under development). The briefing outlines each network and gives examples of how they might work together for counterterrorism efforts.

A financial services research organization has launched a new initiative to address the phishing problems that have been plaguing the sector. The three-phase project, to be conducted with the collaboration of other industry groups, will first look at technical requirements for counterphishing solutions and consider and test plans. The second phase will be used to implement pilots, assess results, and provide recommendations for the most promising solutions. The third and final phase will be dedicated to implementing these recommendations.

Throwing money at information security has never been a particularly effective way of preventing or solving IT problems. Indeed, the Department of Energy (DOE) is finding that throwing $2.7 billion (the amount estimated for fiscal year 2004) at its computer security issues may not do the job

What is the top obstacle to effective information security? According to the results of a recent Ernst & Young infosec survey, it's the lack of security awareness by users. Yet only 28 percent of the respondents indicated that their organizations made employee awareness training on IT security issues a top priority, and less than half provided employees with ongoing training in security. The survey's respondents included CIOs, CSOs, CISOs, and other top executives from more than 1,200 organizations. @ Link to the Ernst & Young Global Information Security Survey 2004 through SM Online.

A picture is worth a thousand viruses, the FTC hits spam with a two-pronged approach, an initiative aims to net phishers, and more.

Anyone with $699 to spare can buy a magnetic stripe code reader/writer that can, according to a sales pitch, "change any information you'd like including balance and credit information" after a single swipe of the card. Seventy bucks at the same site will buy you a keystroke logger with an 8,000-stroke memory, while for a mere $25 you can get a product that claims to be able make it "impossible for a video or still camera to take a legible photograph of your license plate number." Think you know your enemy? You'd better check out the hacker technology Web page that is this month's Site to See to find out whether you really do, and whether you know what kind of technology he or she has access to.

Hackers and crackers, cybervandals and cyberterrorists. New terms for these online menaces are coined regularly and are tossed about without much thought for who these people are and why they do what they do.

More than half of the organizations polled by the IT Governance Institute revealed that they regularly include IT subjects on their boards' agenda. That may indicate IT's increasing profile, but it also may reflect the fact that all but 7 percent of respondents said that they had experienced IT problems in the last year. @ The IT Governance Global Status Report is available for $100. Find out more, and download an executive summary, by visiting SM Online.

The National Science Foundation (NSF) recently announced 33 new projects through its Cyber Trust program, which promotes research into more secure computer systems.

The University of Iowa strengthens its ability to identify symptoms of bioterrorism.

Like the first edition, this updated version explores various approaches to the study of terrorism and its impact on society. The authors make the point that terrorists have many faces--not just those of Osama bin Laden and his followers, but others such as the U.S. citizen who opens fire in an abortion clinic.

Terrorists need money--and lots of it--to carry out their operations and to sustain themselves. With its intriguing title and an author who is an economist and a journalist, this book promised to offer revealing information on terrorist financial networks. Alas, such is not the case.

Perlmutter, director of the Institute for the Research of Organized and Ritual Violence, examines in detail groups and religions such as Odinism/Asatru (Germanic "heathenry"), the White Order of Thule (Aryan supremacism), and the Phineas Priesthood (a white-supremacist group, of sorts), depicting the violence their members have wrought.

Drawing on 30 years of experience in law enforcement, Gregory Lee has written a definitive work on criminal drug investigations. Lee offers an objective look at the worldwide illegal-drug industry and describes various methods for conducting investigations, all the while taking care not to understate the dangers involved in undercover work. After all, as he notes, undercover agents have the highest fatality rate of all investigative positions

This book examines the concept of private security companies providing community-oriented crime prevention on a contract basis. Borrowing heavily from the experience of security practitioners, it is rich in detail, well thought-out, and comprehensive--a close look at a bold new way to protect neighborhoods with a high risk of crime.

Author Robert Slade mines solid detail, including listing specific software tools that can be used to identify and track virus creators, however unlikely corporate America might be to invest resources for such an effort. Slade discusses legal rules of evidence and emphasizes the importance of keeping evidence pristine so that its veracity is unshakable.

An attorney and former police officer, the author is particularly strong on legal issues. He raises questions about the applicability of constitutional rights when private security personnel take action, an opportune inquiry at a time when the government looks to the private sector as a major homeland security resource.