Computer Security

The Johns Hopkins University is tightening its computer security after hackers broke into a computer at the medical school and secretly used it to generate a flood of e-mail advertisements.Efforts by the university to cope with the October break-in have caused balky and intermittent e-mail service for seven months for hundreds of staff members at the East Baltimore campus. At least once, e-mail service through the system, called "welchlink," shut down for two days."What was unique about this break-in was how slick it was," said J. Robert Sapp III, director of advanced technology for the Welch Medical Library.

SAN FRANCISCO -- Aviation officials have quietly notified airports in the United States and Britain that a design flaw in a widely used security system could enable terrorists to gain control of the electronic badges that allow employees with security clearance to enter and leave restricted areas.The computer security experts who discovered the flaw say that the same system, which is made by a small company in Southern California, is frequently used in state prisons, county jails, financial institutions, technology companies, drug companies, county and federal government buildings -- including the CIA -- and by military contractors.

PALO ALTO, Calif. -- If you've ever ordered a book over the Internet or checked the balance in your bank account, a flash across your computer screen probably said your transaction was "secure" -- a promise that your financial information would not be broadcast across the Internet.Standing behind such a promise is Whitfield Diffie, who looks as if he took a wrong turn at Woodstock and emerged in the blue-suit world of Washington.This math whiz-turned-inventor-turned-lobbyist has become a fixture of Senate subcommittee rooms, American Bar Association meetings, math conventions and even military conferences.

A privacy advocacy group said yesterday that the National Security Agency's expanding role in protecting U.S. computer networks against attack by hackers or terrorists carries the hidden risk of a "subtle erosion" of the civil liberties and privacy rights of U.S. citizens.In May, President Clinton established a number of new government agencies and boards charged with shoring up the nation's "critical infrastructure" -- the computers that control, for example, air traffic, electricity and banking.

When Rockville-based Axent Technologies went public in April, investors drove up it's stock price 34 percent, to $18.75 from $14, in the first day's trading. That roar of support made Axent one of the hottest traded stocks in the U.S. that day.So far, Wall Street's swooning hasn't waned for Maryland's newest publicly held company, which raised $36 million in the IPO. Axent's stock has risen as high as $21.75 since the April 24 public offering.What's all the fuss about?After all, Axent is a young company that posted a loss last year.

THE GOOD TIMES virus is a hoax.For more than a year, people have been sending alarms to one another via electronic mail that an insidious computer virus called Good Times is spreading over the Internet.According to the warnings, anyone who opens an electronic mail message with the words "Good Times" in its subject line risks all sorts of horrors, ranging from the erasure of hard disc drives to exploding video monitors.The E-mail warnings sound sufficiently dweeby to impress even experienced computer users.

Trusted Information Systems Inc. said yesterday that the U.S. government has agreed to let it export the strongest computer encryption systems that have ever been allowed to leave the United States.The Commerce Department gave permission for the Glenwood-based computer security company to export encryption systems that have mathematical keys of up to 168 "bits" long, a measure of the strength of the coding and the difficulty it will pose to hackers or government officials trying to crack the code.

UAW, Chrysler reach agreementUnited Auto Workers union members who went on strike yesterday reached a tentative agreement with Chrysler Corp. and planned to head back to work, a union official said."

Call it the Son of Netscape.A huge boom following Friday's initial public offering by a Minneapolis computer security firm has resulted in an $80 million paper gain for Grotech Capital Group, as the Timonium venture capital firm surfed the wave of Internet investing and rode Secured Computing Inc. shares from a $16 offering to yesterday's closing price of $55.50.For Grotech, which funded the company when it was spun off by Honeywell Inc. in 1989 and paid a total of $4 million for its 2 million shares, it was a big score even by the standards of the boom-and-bust venture capital business.

Trusted Information Systems, one of western Howard County's three largest employers and an international leader in computer security, is expanding again.The company, which started in the Glenwood home of founder and President Stephen T. Walker, has outgrown its office building on Route 97 and is constructing an identical building.Mr. Walker, a former computer security expert with the National Security Agency and the Pentagon, started his company with a single worker in 1983.In little more than a decade, he had more than 100 employees and offices in Los Angeles, San Francisco and London.

Bill Anderson calls it his "aha" moment - that sudden flash of insight when he drew a career-altering connection between decades-old research and his job as a computer security expert. At that time, nearly two years ago, Anderson had a comfortable job as vice president at an established computer security firm in Maryland. But while sitting on his couch one day reading Consciousness Explained, a book by American philosopher Daniel Dennett, Anderson learned about one scientist's research into variations in the way the human eye reads and processes text and images.

WASHINGTON -- Federal investigators say they have found serious computer security flaws that could lead to the improper disclosure of sensitive medical information on people enrolled in Medicare and Medicaid. In a new report, the investigators, from the Government Accountability Office, said "key information security controls were missing" from a huge communication network used by the federal Centers for Medicare and Medicaid Services. As a result, they said, sensitive, personally identifiable information "could be improperly modified, disclosed or deleted."

The Veterans Affairs data analyst responsible for the largest computer breach in government history earned a little bit of redemption yesterday -- but two experts said it may not be enough to prevent his termination. The government-issued laptop and external hard drive stolen from the analyst's Aspen Hill home May 3 were recovered, and the data appeared to be untouched, according to the FBI. In addition, the Associated Press reported that the 34-year veteran of the agency had permission to access and work with large amounts of sensitive data from home -- although not on the machine that was stolen, Tim S. McClain, the VA's general counsel, told a congressional committee.

WASHINGTON -- Anger over the theft of the Social Security numbers of 26.5 million veterans and their spouses flared in Congress yesterday, as Republicans and Democrats pounced on Veterans Affairs Secretary R. James Nicholson for what they said was a lapse in leadership. In testimony before House and Senate committees, Nicholson said he is "mad as hell" that it took his agency two weeks to inform him that an employee took home the data, only to have his home burglarized. "As a veteran, I am outraged," Nicholson said.

Last year, Congress gave the federal government a D+ in computer security. Even worse, the Department of Homeland Security, the agency responsible for tracking digital security breaches, got an F. So did the Department of Veterans Affairs, where an employee this month compromised the Social Security numbers of up to 26.5 million veterans and their spouses after burglars stole a laptop and discs from an analyst's Montgomery County home. In the VA case, the midlevel worker did not have permission to remove the material from VA offices.

OVER THE LAST 20 years, I've spent enough time with computers to conclude that (a) they are really cool and (b) you can't always trust 'em. I'm particularly leery of asking computers to do anything really important, such as running elections, without adult supervision. So I was delighted this week when critics of electronic voting systems won a convincing victory in the continuing battle to keep our elections honest and accurate. The vehicle was a $7.5 million National Science Foundation grant to a group led by Johns Hopkins University researchers who will study electronic voting systems and suggest improvements to make them safer and more reliable.

Jalapenos dancing across your computer screen might look amusing, but their charm wanes once you realize they spice up your PC with unwanted pop-up ads. This malevolent software, known as adware, is rising rapidly as an Internet menace, rivaling spam in annoyance but potentially far more damaging. Its cousin, spyware, sits unseen on a computer but has the ability to track Internet use - including some programs that monitor keystrokes, a serious security threat. Yesterday, New York Attorney General Eliot Spitzer filed a lawsuit against Los Angeles-based Intermix Media Inc., accusing the marketing firm of secretly installing spyware and adware on millions of home computers.

SANTA ANA, Calif. - Many people who know Nicolas Jacobsen said last week that they were surprised the young man had been accused of hacking into a huge cell phone network that guards millions of private messages. Former neighbors, including some who witnessed his arrest last fall after federal agents arrived at their aging Santa Ana apartment complex, said he was just too bright to do such a thing. "He could talk about politics. He knows about the law," said Victor Gonzalez, 60, a retired construction worker.

SAN FRANCISCO - The distribution Thursday of portions of the source code for two versions of the Windows operating system poses vexing legal and security challenges for Microsoft. Computer security experts said yesterday that having even relatively small parts of the code for Microsoft's Windows 2000 and Windows NT operating system as easily available reference material for potential vandals and troublemakers could complicate the company's difficult task of securing its software. Microsoft has been intensively criticized on security issues in recent years, and the company has devoted increasing resources to an effort to restore its credibility with its customers.

The online bank account. The e-mail inbox. The frequent-flier account. The Internet retailer who sells those hard-to-find exercise tapes. All of these Web sites - and thousands more - require passwords. And that's in addition to all the other user names, codes and personal identification numbers people need to log on to computers at work, withdraw cash from an automated teller machine, check their voice mail and disarm a home security system. With concerns about security on the Internet and on workplace computer networks reaching new heights, passwords are proliferating to the point that they threaten to overwhelm the original computer - the human brain.