Blog: Zero Days: How to protect yourself; includes a pretty good list of "should do's"

Zero Days: How to protect yourself; Larry Dignan: November 28th, 2007

The SANS Institute released its top 20 security risks for 2007, which documents the security arms race between cyber-criminals and the folks playing defense. But let's focus on the big scourge -- zero day attacks.
READ FULL STORY

Medical Software: Design of Patient Tracking Tools May Have Unintended Consequences

Design of Patient Tracking Tools May Have Unintended Consequences
University at Buffalo News (11/26/07) Goldbaum, Ellen
A new field study by researchers at the University at Buffalo, the University of Rochester, and the University of Florida, Jacksonville found that properly designing computational tools is critical for the successful use of such tools in patient-care applications, particularly in hospital emergency rooms. The study examined the use and efficiency of new electronic patient-status boards in the emergency departments of two busy, university-affiliated hospitals. Overall, the researchers found that computational tracking systems affect how health care providers communicate information and track activities regarding patient care, which can change how providers work. The results provide an important example of what can happen when new technologies are not developed by designers with a sufficient understanding of how the technology will be used, says UB professor Ann Bisantz. "Research in human factors, the study of the interactions between humans and technology, has shown that in complex workplaces where safety is critical, such mismatches between the way practitioners work and the technologies that are supposed to support them can have unintended consequences, including inefficiencies and workarounds, where the technology demands that people change their work method," Bisantz says. During observations, focus groups, and interviews with nurses, physicians, secretaries, IT specialists, and administrators, the researchers found that the computerized systems are unable to match the functionality of the manual, erasable whiteboards traditionally used in emergency departments. "If you don't understand the underlying structure of the work that is being done in a particular setting, then you cannot design the technology that will best support it," Bisantz says.
Click Here to View Full Article

Research: Simplicity Sought for Complex Computing [Wolfram]

Simplicity Sought for Complex Computing
Chicago Tribune (11/19/07) Van, Jon
Stephen Wolfram says people building complex computers and writing complicated software may achieve more studying nature. Wolfram says his company is exploring the "computational universe" to find more simple solutions to complex problems that are currently handled by complex software. "Nature has a secret it uses to make this complicated stuff," Wolfram says. "Traditionally, we're not taking advantage of that secret. We create things that go around things nature is doing." Wolfram believes that nature has created a molecule that could be used as a computer if people ever manage to isolate and program the molecule. University of Chicago Department of Computer Science Chairman Stuart Kurtz says a lot of computer scientists are fascinated by finding simple systems capable of producing complex results. For example, a University of Southern California professor has proposed using recombinant DNA for computing. While DNA computers are largely theoretical, computer scientists take them quite seriously, Kurtz says. "People are used to the idea that making computers is hard," Wolfram says. "But we're saying you can make computers out of small numbers of components, with very simple rules."
Click Here to View Full Article

Research: 'Suicide Nodes' Defend Networks From Within

'Suicide Nodes' Defend Networks From Within
New Scientist (11/01/07) Marks, Paul
University of Cambridge researchers have developed a computer defense system that mimics how bees sacrifice themselves for the greater good of the hive. The approach starts by giving all the devices on a network, or nodes, the ability to destroy themselves, and take down any nearby malevolent devices with them. The self-sacrifice provision provides a defense against malicious nodes attacking clean nodes. "Bee stingers are a relatively strong defense mechanism for protecting a hive, but whenever the bee stings, it dies," says University of Cambridge security engineer Tyler Moore. "Our suicide mechanism is similar in that it enables simple devices to protect a network by removing malicious devices--but at the cost of its own participation." The technique, called "suicide revocation," allows a single node to quickly decide if a nearby node's behavior is malevolent and to shut down the bad node, but at the cost of deactivating itself. The node also sends an encrypted message announcing that itself and the malevolent node have been shut down. The purpose of the suicide system is to protect networks as they become increasingly distributed and less centralized. Similar systems allow nodes to "blackball" malicious nodes by taking a collective vote before ostracizing the malicious node, but the process is slow and malicious nodes can outvote legitimate nodes. "Nodes must remove themselves in addition to cheating ones to make punishment expensive," says Moore. "Otherwise, bad nodes could remove many good nodes by falsely accusing them of misbehavior."
Click Here to View Full Article