The Community for Technology Leaders


Pages: pp. 12-15


Network Magazine,

November 2004

"Network Identity and VoIP Security," by David Greenfield.

The most important security issue surrounding voice over IP (VoIP) is not denial-of-service attacks or eavesdropping — challenges that get much attention but have been largely addressed — but rather, caller identity. Without a method for authenticating a person's identity, enterprises can't keep useful lists of who to filter out to block voice spam. Vital online transactions are also limited. AT&T and MCI both provide VoIP services that can confirm internal caller ID by using Session Initiation Protocol certificates, but neither can currently verify outside callers. Greenfield calls on VoIP vendors to not only write security standards but also to implement them.

PC Magazine,

30 November 2004

"Your Media Files Unbound," by Jamie M. Bsales.

ORB Networks is rolling out a service that lets consumers access multimedia content at home using any device that has a Web connection. A 10-Mbyte client applet on a home PC resizes the files to match the device's resolution and connection speed, then sends them to the device using ORB's secure server.


Visual Studio Magazine,

September 2004

"Program Mobile Devices," by Wei-Meng Lee.

For those who'd like to leverage the growing popularity of Short Message Service (SMS) in the US, Lee walks through the process of writing a Pocket PC application using Microsoft's new .NET Compact Framework to send SMS messages through a Bluetooth-enabled cell phone. SMS messages can be up to 160 alphanumeric characters — usually written using cell phone number keys — shared between mobile subscribers. Although the .NET Compact Framework doesn't have managed classes for programming Bluetooth, Lee explains a workaround technique that provides Bluetooth functionality through serial ports.

Network Magazine,

November 2004

"SSL VPNs: No Compromise?" by Andrew Conry-Murray.

Numerous vendors now offer a class of Secure Sockets Layer (SSL) remote-access software for virtual private networks (VPNs) that combines the best attributes of SSL technology and its rival, Internet Protocol Security (IPsec). However, these "network access" packages have some security problems and fail to solve new obstacles facing SSL VPNs, including their inability to keep out malicious software and stop application-layer attacks. Although vendors have taken steps to improve security measures — including adding security features at the gateway and sending SSL VPN traffic through extra security checks after it's been decrypted at the gateway — Conry-Murray says both have trade-offs in performance that network architects should weigh before deciding to use any of the network access packages.

Dr. Dobb's Journal,

November 2004

"ZigBee Wireless Sensor Networks," by Drew Gislason and Tim Gillman.

ZigBee is a promising, globally open wireless-sensor standard aimed at a niche that other technology standards don't yet cover: industries needing a low-cost, secure, reliable option for large sensor networks of up to 65,000 nodes running on batteries that can last months or years. ZigBee, whose hardware radio standard is IEEE 802.15.4, will work in various applications, including lighting controls, heating controls, home security, and automatic meter reading. The ZigBee Alliance (, formed to promote the standard and assure interoperability, now has more than 100 member companies in 22 countries on four continents.


Network Magazine,

November 2004

"NAT: Internet Mugger?" by David Greenfield.

The IETF has formed the Behavior Engineering for Hindrance Avoidance (Behave) working group to tackle the ongoing challenge of Network Address Translation. Most IETF members view NAT as a stumbling block to widespread VoIP deployment and network application, and some believe it blocks the transition to IPv6. However, the Behave WG seeks to define a comprehensive nomenclature for NAT technology and a set of best practices to dull its effects on the Internet's future. Cullen Jennings, engineer at Cisco Systems and cochair of the group, called it "a bit like making rules for how to mug someone."


Dr. Dobb's Journal,

November 2004

"Binary XML," by Oliver Goldman.

Although XML has been widely adopted, its verbose nature isn't compatible with applications with limited bandwidth and memory, or those that require binary data, and it doesn't allow for randomly accessing portions of a document. Various proposals claiming to fix these problems have been suggested. Collectively, these proposals are referred to as "Binary XML," even though some of the proposals don't involve binary data and none of them create files conforming to the XML specification. In this article, Goldman analyzes a few of the Binary XML proposals and takes a closer look at some of XML's perceived drawbacks.

"Creating Trace Listeners in .NET," by Michael Taylor.

Although the .NET framework gives programmers "powerful" ways to debug and examine applications, trace listeners can broaden its abilities. Trace listeners check for debug and trace messages from .NET and display messages to users either through text boxes or by putting them into files. Taylor says .NET has three predefined trace listeners, but programmers can also define their own, and he outlines how to do this.

December 2004

"Sensitive Data & the .NET Crypto API," by David B. Scofield and Eric Bergman-Terrell.

In addition to being a good idea, protecting sensitive information is also a legal requirement in many areas — from a California law requiring companies to publicly disclose confidential data leaks to the US Health Insurance Portability and Accountability Act of 1996, which mandates that healthcare providers safeguard patient information. Scofield and Bergman-Terrell believe .NET's Crypto API provides a simple, effective way to meet those goals — as long as organizations meet certain criteria, including choosing the correct cryptographic algorithm, generating keys and initialization vectors, and encrypting or decrypting objects and byte arrays. The authors provide a sample application to demonstrate how to achieve these three criteria.


PC Magazine,

19 October 2004

"Security Center Spoof," by Jay Munro and Neil J. Rubenking.

One problem with Windows XP Service Pack 2 is a spoofing vulnerability in the Windows Security Center, the new security control panel for Windows PCs. This security gap could let altered security settings go unnoticed and, among other things, cause the Security Center to report falsely that no problems exist while the PC is under attack. Munro and Rubenking say the problem lies in the Windows Management Instrumentation (WMI) subsystem, Microsoft's version of Web-Based Enterprise Management, an industry standard for retrieving management information. WMI is where Windows stores security status, but the authors found that the WMI database can be spoofed because it doesn't verify programs reading or writing information to it.

30 November 2004

"Picture Peril," by Jay Munro.

Munro predicts that a worm will soon exploit a Windows vulnerability that lets a JPEG download and execute a Trojan on a victim's system as soon as the user views the image. Such a worm could, among other things, let the victim's PC be controlled remotely. The good news is that the Windows XP Service Pack 2 or any firewall that blocks outgoing requests address the problem, which hackers have already exploited in limited ways on the Internet. Because the worm could be passed through email, IM, Web sites, or downloaded programs, however, Munro expects it will be too tantalizing for hackers to pass up.

Fall 2004 special issue

"Encryption Skeleton Key?" by John R. Quain.

A math professor at Purdue University believes he can prove the Riemann Zeta function, a formula proposed in the 1800s by the German mathematician G.F.B. Riemann to describe the distribution of prime numbers. If he's right, it could mean more than winning a US$1 million prize from the Clay Mathematics Institute, because analysts believe a proof of the Riemann Zeta function could eventually let hackers break e-commerce encryptions, which use prime numbers. For instance, it's not uncommon for Web sites to use the product of two prime numbers as public keys — that is, mathematical keys that can be made public and verify signatures formed with an accompanying private key.

Dr. Dobb's Journal,

November 2004

"Secure Web Forms & Struts Extensions," by Hari Gopal.

Digital signatures help solve the twin security dilemmas of address authentification and nonrepudiation, or ensuring that parties involved in an agreement don't deny their promises later. However, Secure Sockets Layer (SSL), one of the most common protocols for protecting electronic communications, doesn't address nonrepudiation. Gopal argues the need for a uniform cross-browser digital-signature library to encourage the adoption of digital signatures. He outlines one possible approach using secure Web forms that offer a simple method for using digital signatures in Web applications built with the open-source Jakarta Struts Framework, which uses Java Servlet and Java Server Pages.

Elsewhere in the IEEE Computer Society


October 2004

"New Chips Stop Buffer Overflow Attacks," by Linda Dailey Paulson.

The Slammer and Blaster worm PC attacks in 2003 both used the same method of infiltration: buffer overflow, which happens when a program attempts to store more data in a buffer than allowed. The extra information then overflows into other memory areas, corrupting their data and letting systems execute malevolent instructions put into that data by a hacker. A new generation of microprocessors, including products by Advanced Micro Devices and Intel, is now being designed to stop such attacks. Both the AMD and Intel microprocessors also let users switch off their security measures, so legacy programs that aren't written to work with the technology can still be used.

November 2004

"TCP Onloading for Data Center Servers," by Greg Regnier et al.

Regnier and his colleagues, researchers at Intel Labs, describe their efforts to improve servers' ability to process TCP/IP packets to meet the 1-to-10 Gbps speeds of today's Ethernets as an alternative to offloading packet processing to peripherals to achieve the same end. The team's onloading experiments involve more efficiently using one or more cores in the server platform of connection management protocol architectures for TCP/IP processing.

Computing in Science & Engineering,

November/December 2004

"3DESS: A Search Engine Enters the Third Dimension," by Pam Frost Gorder

The director of the Purdue Research and Education Center for Information Systems in Engineering and his colleagues have written a program called the three-dimensional engineering shape-search system (3DESS), which they've used to find 3D images based on an object's shape to make searching for 3D CAD files simpler. Unlike Internet search engines, which can only find two-dimensional images based on associated text, 3DESS addresses the common problem in CAD labs of searching databases of elements designed visually but indexed using text. Because no standards exist for describing 3D files, files are commonly indexed using a mish-mash of descriptions conjured on the fly by design engineers. 3DESS helps search 3D files by converting them into stacks of tiny cubes called voxels (or volume elements) similar to pixels. It ultimately uses those voxels to capture a model's topology, and then uses the distance between features to index and compare shapes.

IEEE Intelligent Systems,

September/October 2004

"Annotation for the Deep Web," by Siegfried Handschuh, Raphael Volz, and Steffen Staab.

Most existing approaches to generating metadata for the Semantic Web assume that information is static, but dynamic Web pages are estimated to outnumber static ones by as much as 100 to 1. Because manually annotating every dynamic Web page would be prohibitively labor-intensive, Handschuh, Volz, and Staab suggest a method for automatically annotating the databases behind Web pages so they can be reused for site-specific Semantic Web applications. Their solution, called "deep annotation," gets at one of the most basic obstacles of the Semantic Web: creating metadata through mass collaboration. The authors then walk through the process of deep annotation, which would let Web page users simply use information by itself or use the information's structure or context to generate mappings to other information structures.

"OntoMiner: Bootstrapping and Populating Ontologies from Domain-Specific Web Sites," by Hasan Davulcu et al.

Although XML and RDF are slowly becoming the standard ways to describe metadata, a large portion of semantic data online is still being put into HTML documents — a practice that's inhibiting the Semantic Web's evolution. Work has been done on algorithms that annotate HTML documents automatically with semantic labels, but Davulcu and his colleagues point out that building the domain ontologies to drive those algorithms is human-intensive. To address this issue, the authors describe a system they developed to automatically bootstrap and populate large, up-to-the-minute domain ontologies, thereby eliminating the algorithms' labor-intensive nature. Their system, called OntoMiner, uses a small number of relevant Web sites to automatically create the ontologies, which they say can then be used to create a set of labeled examples that a supervised machine-learning system, such as WebKB, can use.

IEEE Multimedia,

October–December 2004

"Just-in-Time Multimedia Distribution in a Mobile Computing Environment," by Michael J. O'Grady and Gregory M.P. O'Hare.

To explore the difficulties involved in just-in-time dissemination of multimedia information to mobile users, O'Grady and O'Hare created an experimental PDA for the tourism industry called Gulliver's Genie. To address bandwidth and processing issues, they used a 2.5G General Packet Radio Service (which covers a large geographic area) minimized the amount of information sent to Gulliver users, and then used intelligent precaching of files to presort which information users were most likely to want or need.

"On-Demand Learning for a Wireless Campus," by A.C.M. Fong, S.C. Hui, and C.T. Lau.

Nanyang Technological University has launched a multimillion-dollar effort to build a wireless infrastructure to complement its existing intranet by giving mobile services to staff and students. Fong and his colleagues outline how they tackled the technical difficulties involved with multimedia transmission to create an experimental "learn-on-demand" system to deliver live and recorded lectures, largely using existing technologies.

"That Obscure Object of Desire: Multimedia Metadata on the Web," by Jacco van Ossenbruggen, Frank Nack, and Lynda Hardman.

The next phase in multimedia development is to find a way to put multimedia metadata on the Web to allow for Web-based multimedia searches. In the first of a two-part series, the authors outline some of the potential obstacles for that effort. The challenges range from creating a standard multimedia metadata exchange format that improves on two existing approaches to creating semantic-based content descriptions that can be processed by machines, the Semantic Web, and the Multimedia Content Description Interface (MPEG-7).

IT Professional,

September/October 2004

"A Web-Enabled Plagiarism Detection Tool," by Colin J. Neill and Ganesh Shanmuganthan.

Plagiarism continues to be a serious problem on college campuses, thanks largely to the Internet. Although several services (including and are available to academia for ferreting out plagiarists, each has limitations or costs and none use Google, which is a potent tool that cites more than 4 billion Web pages. As a result, Neill and Shanmuganthan decided to develop their own Web-based plagiarism detector, tapping into Google's capabilities directly. They don't reveal the engine's inner workings in detail, for fear that creative students might find a way to defeat it sooner than they would otherwise, but the authors do describe their general theories. They designed the program to analyze documents based on grammatical content — identifying words it can eliminate from searches — and then access Google through its Web API service using SOAP. The program then generates an HTML report listing links of possible interest and an overall score for the likelihood of plagiarism.

About the Authors

Alison Skratt is a freelance writer based in Oakville, Conn.
78 ms
(Ver 3.x)