No Sense of Security? Following my article on Macintosh security challenges in TidBITS-385, I've learned about Dr. John D. Howard's Ph.D. dissertation, which analyzes trends in Internet security from 1989 to 1995 using about 4,300 incidents reported to the Computer Emergency Response Team Coordination Center. Chapters 1 and 14 (the introduction, plus policy implications and recommendations) make for good general reading, and there's plenty of meat to back it up. The research as a whole finds that (with the exception of denial-of-service attacks), security incidents are declining relative to the size of the Internet.
If you're looking for a Macintosh security challenge, Sweden's Infinit Information AB opened its second Crack-A-Mac contest on 04-Jul-97. (See TidBITS-378 for details on the first contest.) This time, instead of running a standard, out-of-the-box Mac Web server, they're exposing a cutting edge, real-world system to a real-world pummeling. The Crack-A-Mac server setup includes final candidate versions of WebSTAR and Mac OS 8, plus SiteEdit Pro, multiple domain service via ClearlyHome, and database access via Lasso and FileMaker Pro. To claim the prize money (100,000 Swedish crowns; about $13,000 U.S.), read the contest rules, then alter the contents of the server's home page. [GD]