Net News

U.S. Cybersecurity Chief Abruptly Resigns

The government's cybersecurity chief has abruptly resigned from the Homeland Security Department amid a concerted campaign by the technology industry and some lawmakers to persuade the Bush administration to give him more authority and money for protection programs.

Amit Yoran, a former software executive from Symantec Corp., made his resignation effective this month as director of the National Cyber Security Division, giving a single's day notice of his intention to leave. He kept the job 1 year.

Yoran has privately confided to industry colleagues his frustrations in recent months over what he considers the department's lack of attention paid to computer security issues, according to lobbyists and others who recounted these conversations on condition they not be identified because the talks were personal.

As cybersecurity chief, Yoran and his division – with an $80 million budget and 60 employees ' were responsible for carrying out dozens of recommendations in the Bush administration's “National Strategy to Secure Cyberspace,” a set of proposals to better protect computer networks.

Yoran's position as a director ' at least bureaucratic three steps below Homeland Security Secretary Tom Ridge ' has irritated the technology industry and even some lawmakers. They have pressed unsuccessfully in recent months to elevate Yoran's role to that of an assistant secretary, which could mean broader authority and more money for programs.

America Online Inc. recently turned down a Microsoft Corp. proposal to help eliminate spam because Internet engineers are reluctant to adopt technology owned by the dominant software company.

AOL, a division of Time Warner Inc., said it would not adopt Microsoft's SenderID protocol because it has failed to win over experts skeptical of Microsoft's business practices.

“AOL will now not be moving forward with full deployment of the SenderID protocol,” AOL spokesman Nicholas Graham said in a statement.

The decision is the latest fallout from a dispute between Microsoft and advocates of free, “open source” software commonly used across the Internet.

Rather than agreeing on one common standard to eradicate fake e-mail addresses used by spammers, e-mail providers will be forced to use two slightly differing standards that, until recently, had been combined as one.

Microsoft spokesman Sean Sundwall suggested the two standards will be identical in most cases.

Spammers often appropriate the e-mail addresses of others in order to slip through content filters, a tactic known as “spoofing.”

Several proposals by Microsoft and others would allow Internet providers to check that a message from [email protected] actually comes from example.com's server computers. Messages that do not match up could be safely rejected as spam.

The technology would be invisible to everyday users.

Microsoft Chairman Bill Gates in January said the technique could help eliminate spam by 2006. Spam currently accounts for up to 83% of all e-mail traffic.

Microsoft in May combined its proposal with another developed by entrepreneur Meng Wong and submitted them to the standards-setting Internet Engineering Task Force (IETF) for approval.

But several key players have said they will not use the standard because Microsoft holds patents on the underlying technology, even though Microsoft has said it will not charge royalties for SenderID.

The Apache Software Foundation, which develops open source software, told the IETF last month that it could not use SenderID under Microsoft's terms.

“We believe the current license is … contrary to the practice of open Internet standards,” the group said in an open letter.

AOL said it will continue to use Wong's Sender Policy Framework proposal to check incoming e-mail, and will test other methods as well, such as one proposed by Yahoo Inc. that would use encrypted digital signatures to authenticate e-mail.

AOL will use both standards to send outgoing mail.

Microsoft will use SenderID on its Hotmail service starting this month.

U.S. Cybersecurity Chief Abruptly Resigns

The government's cybersecurity chief has abruptly resigned from the Homeland Security Department amid a concerted campaign by the technology industry and some lawmakers to persuade the Bush administration to give him more authority and money for protection programs.

Amit Yoran, a former software executive from Symantec Corp., made his resignation effective this month as director of the National Cyber Security Division, giving a single's day notice of his intention to leave. He kept the job 1 year.

Yoran has privately confided to industry colleagues his frustrations in recent months over what he considers the department's lack of attention paid to computer security issues, according to lobbyists and others who recounted these conversations on condition they not be identified because the talks were personal.

As cybersecurity chief, Yoran and his division – with an $80 million budget and 60 employees ' were responsible for carrying out dozens of recommendations in the Bush administration's “National Strategy to Secure Cyberspace,” a set of proposals to better protect computer networks.

Yoran's position as a director ' at least bureaucratic three steps below Homeland Security Secretary Tom Ridge ' has irritated the technology industry and even some lawmakers. They have pressed unsuccessfully in recent months to elevate Yoran's role to that of an assistant secretary, which could mean broader authority and more money for programs.

America Online Inc. recently turned down a Microsoft Corp. proposal to help eliminate spam because Internet engineers are reluctant to adopt technology owned by the dominant software company.

AOL, a division of Time Warner Inc., said it would not adopt Microsoft's SenderID protocol because it has failed to win over experts skeptical of Microsoft's business practices.

“AOL will now not be moving forward with full deployment of the SenderID protocol,” AOL spokesman Nicholas Graham said in a statement.

The decision is the latest fallout from a dispute between Microsoft and advocates of free, “open source” software commonly used across the Internet.

Rather than agreeing on one common standard to eradicate fake e-mail addresses used by spammers, e-mail providers will be forced to use two slightly differing standards that, until recently, had been combined as one.

Microsoft spokesman Sean Sundwall suggested the two standards will be identical in most cases.

Spammers often appropriate the e-mail addresses of others in order to slip through content filters, a tactic known as “spoofing.”

Several proposals by Microsoft and others would allow Internet providers to check that a message from [email protected] actually comes from example.com's server computers. Messages that do not match up could be safely rejected as spam.

The technology would be invisible to everyday users.

Microsoft Chairman Bill Gates in January said the technique could help eliminate spam by 2006. Spam currently accounts for up to 83% of all e-mail traffic.

Microsoft in May combined its proposal with another developed by entrepreneur Meng Wong and submitted them to the standards-setting Internet Engineering Task Force (IETF) for approval.

But several key players have said they will not use the standard because Microsoft holds patents on the underlying technology, even though Microsoft has said it will not charge royalties for SenderID.

The Apache Software Foundation, which develops open source software, told the IETF last month that it could not use SenderID under Microsoft's terms.

“We believe the current license is … contrary to the practice of open Internet standards,” the group said in an open letter.

AOL said it will continue to use Wong's Sender Policy Framework proposal to check incoming e-mail, and will test other methods as well, such as one proposed by Yahoo Inc. that would use encrypted digital signatures to authenticate e-mail.

AOL will use both standards to send outgoing mail.

Microsoft will use SenderID on its Hotmail service starting this month.