Emeritus Faculty Association #116 May 2006

Next Meeting:
Provost's Annual Luncheon, 12.00 noon, Friday, May 5th, Student Activities Center, Ballroom 2. Spouses or significant others are welcome. Be sure to RSVP to Faith Mirabile (632-7211, fmirabile@notes.cc.sunysb.edu) by April 21. While you are at it you could also rsvp for the president's special emeriti reception, 5.30-7.30pm Tuesday 9 May at Sunwood.
Our guest speaker for the luncheon will be Jim Klurfeld, whose talk is entitled "The Post-Cold War World, an Optimistic View - kind of": An examination of why the United States triumphed in the Cold War and what it means for us today, especially in the major challenges we now face: terrorism, Islamic fundamentalism, the rise of China and the spread of weapons of mass destruction.
James M. Klurfeld, Vice President and Editor of the editorial pages of Newsday, has been at the newspaper since 1968. He has worked as Washington Bureau Chief, Albany Bureau Chief and as a reporter in the Suffolk office. He was appointed Editor of the editorial pages in December 1987 with responsibility for the Editorial and Viewpoints pages. For the past nine years, Klurfeld has been seen on The Cutting Edge, a weekly half-hour television program on NY55. The show focuses on Newsday's Sunday Editorials, as well as other national, international and local issues. Klurfeld was a member of the Newsday investigative team that won the 1970 Pulitzer Prize for Public Service, as well as the New York State Publisher's Association and Deadline Club awards in the same category. The awards were for a three-year effort that disclosed official and political party corruption in three townships on Long Island. He also won the Sigma Delta Chi National Reporting Award with other members of the Washington Bureau in 1982. He was a member of that bureau for ten years, from 1976 until 1986, and covered national security affairs and national politics. He was Washington Bureau Chief from 1980 until 1986. He was the recipient of the 1988 American Society of Newspaper Editors Distinguished Writing Award for editorials on the Iran-Contra hearings. Klurfeld was born in 1945 in New York City and is a 1967 graduate of Syracuse University and a 1963 graduate of Syosset High School. He and his wife Judith live in Stony Brook, N.Y. They have two grown children.

Last Meeting:
Thanks and best wishes to Charles Staley, our predecessor as newsletter editor, who is attending his last meeting before departing to Pennsylvania.
In memoriam: Konrad Bieber
Elˇonore Zimmerman recounted how, from the city of his birth, Berlin, he fled in the early 30's, first to Paris, and then to an attic hideaout in Southern France. He also served a stint in the French army, was imprisoned, and escaped. After studying at Yale he arrived in Stony Brook in 1968 during a time of turmoil, and was particularly effective in communicating to the students the relevancy of literature to daily life and the relationship of politics and social awareness. These topics were also illumiated by his books on Simone de Beuvoire and Germany as seen by the French resistance. He was an impassioned advocate of the reconciliation of France and Germany, European cosmolitanism, and efforts toward a united Europe. He retired from active teaching in 1986.
Our Main Feature
Theo Pavlidis then introduced our speaker, R. Sekar, associate (shortly to be full) professor of Computer Science and the Director of the Center for Cybersecurity at Stony Brook. Sekar received a BSEE from IIT Madras, and Ph.D. in CS from Stony Brook in 1991. From 1991 to 1996, he was research scientist in at Bellcore, a spin-off from the famed Bell Laboratories. After a period at Iowa State U, he moved back to Stony Brook in 1999. He specializes in the areas of intrusion detection, prevention and response, as well as mobile and untrusted code security.
Sekar started with a short history. When we first started using the arpanet 30 years ago it's use was limited to specialists who were scholars and gentlemen (- well - mostly). The trouble started when the general public gained access to what became the expanded internet highway. In the mid 80's the first viruses were generated by some lovable users as a challenge and a hobby. A computer virus is a self-replicating program that spreads by inserting copies of itself into other executable code. Like its biological namesake it needs a host (an infected program). Originally these spread through distribution of floppy disks, but with the advent of the internet they developed into forms spread by email attachments. These were soon followed by worms, also self-replicating programs, but distinguished from viruses in that they are self-contained and do not need to be part of another program to propagate. Whereas viruses infect or corrupt files on a targeted computer, in general worms harm the network by clogging communications in a denial of service attack (DDoS). Experts worry about future worms that may be able to spread through the internet in under a second. In the last few years criminal elements have started to become involved. Incidents reported by the CERT coordination center (see note at end) have increased by a factior of 120 in the last 10 years. Attacks of some kind were experienced by 97% of medium to large companies responding to a 2003 CSI/FBI survey, and in 2004 17% of small to medium sized companies were targeted in DDoS extortions. Many companies which are victims of DDoS extortion threats will usually pay up, expecially those involved in intrusive activities themselves. Things will probably continue to get worse for a while before they start to get better (as happened with brigands when that other kind of highway first came into use). The latest generation of threats includes spyware, phishing, and rootkits.
Spyware is a type of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. Although the name suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party. A botnet is a collection of previously compromised computers which can later be activated through the implanted backdoors at a time of the atacker's choosing. At that time they can be used to mount a distributed DDoS attack, or alternatively can be sold or rented to spammers. Such an attack is hard to trace when it comes from mom and pop computers being rotated in and out of action. According to some sources, the going rate for relaying SPAM using a botnet is between 3 and 10 cents per bot per week.
Phishing is a form of criminal activity using social engineering techniques by masquerading as a trustworthy person or business in an apparently official electronic communication. This may be in the form of an email, an instant message, or a lookalike website. Usually it attempts to fraudulently acquire sensitive information, such as passwords and credit card details, or just telling victims to send hard cash so that they can qualify for a much larger sum.
What has enabled this mischief are the following factors: Always on, broadband connectivity; Software homogeneity (monoculture) so that finding a single bug means millions of computers; Lack of user awareness - millions of trusting users; Difficulty of traceability and attribution; Inherent complexity - operating systems with 10's of millions of lines of code; Short term thinking by vendors: feature obsession, shoddy quality, code bloat.
A famous example of such short term thinking was the 2005 Sony CD copy protection controversy, in which Sony BMG placed a rootkit in Microsoft Windows PC's to spy on users and reveal unauthorized copying of music CD's. A rootkit is a set of software tools intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. These often include so-called backdoors to help the attacker subsequently access the system more easily. In this case BMG's execution was flawed as well as its judgement, even in the subsequent uninstaller, giving openings for the bad guys.
This talk summary should not be concluded without some listing of user defense mechanisms:
Do not run as administrator unless necessary (create user accounts with lesser privileges).
Do not disable the auto-update and firewall features, usually enabled by default in the latest OS's (a firewall limits the access which software applications have to the operating system services).
Never click on links you are not sure of (better to navigate to official sites yourself). It is also a good idea to limit what your browser allows (see below).
There were many questions from the audience and we have no room for all of them. Theo Pavlidis made the useful point that employing a router adds a high degree of protection from takeover attempts. Such routers are cheaply available ($50) and also permit connections to other computers in your house. If it is a wireless router, be sure to activate the encryption feature. Don Garber wanted to know if Sekar had any confidence in the touchscreen electronic voting machines. The answer was no (there is a high degree of unanimity on this among security experts, see for example: Avriel Rubin , David Dill , Rebecca Mercuri and not to forget SB's own one time student Barbara Simons.

Computer Emergency Response Team - Coordination Center (CERT/CC)
Following the Morris worm, which when released in November 1988 brought about 10 percent of internet systems to a halt, the Defense Advanced Research Projects Agency charged the Software Engineering Institute at Carnegie Mellon University with setting up a center to coordinate communication among experts during security emergencies and to help prevent future incidents. In recent months, the CERT/CC has observed a trend whereby new software vulnerabilities are exploited and directed at web browsers through the use of compromised or malicious web sites. This problem is made worse because current versions of web browsers are configured to provide increased functionality at the cost of decreased security. A set of easily followed instructions for users to secure commonly used web browsers is available at: http://www.cert.org/tech_tips/securing_browser. Since you might easily reach a rogue website by clicking on a link or even by mistyping a URL, it is probably a good idea to apply these restrictions.

Stay secure!