Security Web Digest: War Consulting, Gateway Antivirus, White Hat Developments, ... and More

Will the war disrupt business? ... The computer security conflict with freedom... Where will tomorrow's security consultants come from?... and more from around the web.

Operation Iraqi Freedom

In a brief written by Gartner analysts Dan Miklovic and Rich Mogull, Gartner offered advice and tips that businesses can take to minimize the impact of the war with Iraq. "Times of crisis call for enterprises and IT managers to remain cool-headed and to attend to basics," Miklovic and Mogull say in their "How To Respond To War In Iraq" report. "Implement crisis-management plans, but dont make sudden changes in direction or do anything drastic unless its been thought out."

Most U.S corporations arent expecting a major business disruption from the war in Iraq, though a majority of companies have global IT contingency plans in place, according to the results of a survey of 60 companies released last week by Boston-based AMR Research Inc.


At two conferences on technology and homeland security Thursday, controversy arose over whether technological measures designed to protect the U.S. from terrorism should proceed unhindered. James Woolsey, a former director of the U.S. Central Intelligence Agency, noted that as that war drags on, U.S. citizens may have to make some compromises between civil liberties and security. He said technology such as data mining and airline passenger profiling can play a positive role, but he also warned that lawmakers and U.S. citizens need to keep an eye on privacy and other rights. Responding to a question about how to ensure technology is not misused to violate privacy, Paul Rosenzweig, a senior legal research follow at conservative think-tank Heritage Foundation, said Thursday that putting the brakes on technologies like the proposed Total Information Awareness (TIA) program in the U.S. Department of Defense is not the answer.

A new version of Symantecs gateway anti-virus product adds features that will block spam e-mail messages, according to a statement released by the company on Monday. The new anti-spam features are included in Version 3.1 of the AntiVirus for SMTP Gateways, an e-mail security product targeted at large enterprises that relies on a multilayered approach to fighting the spam problem, Symantec said. The new anti-spam features are a heuristic scanning engine and support for checking messages against multiple real-time blacklists.

White Hat

The fourth edition of Hacking Exposed by McClure, Scambray and Kurtz is out. White hat and, sadly, black hat hackers can improve the range and depth of their skills with the books methodical treatment of various attacks by platform, including Windows, UNIX, Linux and even Netware. Some very current and advanced techniques, such as SQL injection, are discussed. They even stick their toe in the waters of the nascent field of Windows rootkits. The large number of contributing authors with foreign-sounding names illustrates the work the authors have done to include the large amount of hacking information available outside the English-speaking world. If youre looking for a comprehensive and accessible treatment of the subject youll do no better.

Microsoft is working with a number of universities in several countries to set up courses that teach students how to write secure code, the company said Friday. The University of Leeds in England is the first to announce such a course. Third-year undergraduates at the University of Leeds will be asked to hack into software and fix any security bugs they find, Nick Efford, senior teaching fellow at the School of Computing, University of Leeds, said. That focus on security in software engineering makes the course different from most existing security classes, which typically focus on network security and cryptography, according to Efford.