Monday, September 24, 2007

Daily Report

According to the Washington Business Journal, Nuclear Solutions Inc. has won a U.S. patent for technology that will detect shielded nuclear weapons. The D.C.-based company develops technologies for homeland security. (See item 5)

According to the Associated Press a report by The American Association of Railroads issued Thursday concluded that U.S. freight railroads will need $135 billion in infrastructure investment in the next 28 years. The Department of Transportation, whose data was used in the report, predicts that, measured by weight, rail freight transport will increase 88 percent in those 28 years. (See item 21)

Information Technology

42. September 21, Computerworld – (National) Unix admin pleads guilty to planting logic bomb at Medco Health. On Wednesday a former Unix system administrator at Medco Health Solutions Inc.’s Fair Lawn, N.J. office pleaded guilty in federal court to attempting to sabotage critical data -- including individual prescription drug data -- on more than 70 servers. The man, 51, is scheduled to be sentenced on January 8, and faces a maximum sentence of 10 years and a fine of $250,000. He was one of several systems administrators at Medco who feared they would get laid off when their company was being spun off from drug-maker Merck & Co. in 2003, according to a statement released by federal law enforcement authorities. Apparently angered by the prospect of losing his job, he created a “logic bomb” by modifying existing computer code and inserting new code into Medco's servers. The bomb was originally set to go off on April 23, 2004, the man’s birthday. When it failed to deploy because of a programming error, he reset the logic bomb to deploy on April 23, 2005, despite the fact that he had not been laid off as feared. The bomb was discovered and neutralized in early January 2005, after it was discovered by a Medco computer systems administrator investigating a system error. Had it gone off as scheduled, the malicious code would have wiped out data stored on 70 servers, including one critical server that maintained patient-specific drug interaction information that pharmacists use to determine whether conflicts exist among an individual's prescribed drugs. Also affected would have been information on clinical analyses, rebate applications, billing, new prescription call-ins from doctors, coverage determination applications and employee payroll data.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9038218&taxonomyId=17&intsrc=kc_top

43. September 20, Computerworld – (National) Hackers steal server log-ins from hosting vendor. Server hosting vendor Layered Technologies Inc. admitted this week that hackers broke into its support database and made off with as many as 6,000 client records, including log-in information that could give criminals access to clients' servers. The Plano, Texas-based company, which operates a pair of data centers that hold the physical servers it manages for clients, said the break-in happened sometime Monday night. “The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, e-mail addresses and server log-in details for [5,000] to 6,000 of our clients,” the firm's CEO wrote on the company blog Tuesday. According to other information posted on the blog, the database was reached through a vulnerability in a Web-based application used by Layered’s help desk. After hacking the Web application, the criminals next accessed the support database. “This allowed them to then view tickets and their contents,” said a blogger. “This attack was done using an open protocol (HTTP), which allowed them to then get into the database," he added.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9038040&taxonomyId=17&intsrc=kc_top

44. September 20, IDG News Service – (National) Hacker bears bad news about PDF. The hacker who discovered a recently patched QuickTime flaw affecting the Firefox browser says he has found an equally serious flaw in Adobe's PDF file format. “Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!!,” he wrote in a breathless Thursday blog posting. “All it takes is to open a PDF document or stumble across a page which embeds one.” The security researcher said he had confirmed the issue on Adobe Reader 8.1 on Windows XP and that other versions may be affected. He also pledged not to release the code that shows how the attack works until Adobe provided a patch for the problem.

If the PDF claims are true, it could be bad news for business users, who are used to opening PDF attachments without thinking twice, said the director of security operations with nCircle Network Security Inc. Though some attackers have crafted PDF attacks in recent years, this hacker’s code could also be more effective than typical exploits, the security director added. “Historically, those other exploits have been targeted for specific versions of Adobe Reader,” he said. “According to the information, this affects all versions. It's an inherent architectural problem in the way files are read.”

Source: http://www.infoworld.com/article/07/09/20/Hacker-bears-bad-news-about-PDF_1.html

Communications Sector

45. September 21, RCR Wireless News – (New York) NYC subway cell service still needs carriers. New York City Transit is one step closer to building a cellular phone network in its 277 subway stations, but it remains to be seen if mobile phone providers are going to pay to offer the service to their customers. Next week, the board of the Metropolitan Transportation Authority is expected to vote in favor of letting Transit Wireless, a consortium of telecom and construction companies, build an underground cellular phone network. Under the plan, Transit Wireless will pay New York City Transit at least $46.8 million over a 10-year period, according to the MTA. The firm will also spend an estimated $150 million to $200 million on installing the network. If approved, the company will build networks in six downtown Manhattan stations within two years and complete the rest of the stations in the next four. However, before people can start using their cell phones in the subway, their carriers will have to agree to pay Transit Wireless fees to offer the service. Some question how Transit Wireless will recoup all the money it has to spend on building the network. While it will be technically challenging to wire the stations, once a network is set up and operational, the success of it is riding on the wireless carriers’ participation. Carriers will have to determine if offering cell phone service on the subway platforms and stairwells will generate more revenue per user or reduce churn, analysts said.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070921/FREE/70920008/1017

46. September 20, Reuters – (National) Verizon Wireless to join Vodafone in upgrade to LTE. Verizon Wireless and Vodafone Group plc will both use Long Term Evolution technology as the 4G evolution path for their respective networks, according to remarks by company executives this week. The respective chiefs of both companies spoke about the technology choice at the Goldman Sachs Communacopia conference yesterday. Vodafone and Verizon control Verizon Wireless through a joint venture. They laid out a path toward LTE evolution within the next three to four years. Vodafone relies on GSM- and HSPA-based technology for wireless high-speed data access in its properties abroad, while Verizon Wireless—45 percent owned by Vodafone—is a CDMA operator whose most recent network upgrade has been to EV-DO Revision A. Asked if the complementary network evolution was reflective of cementing a long-term relationship between the two companies, Verizon’s chief called the categorization fair and said that Verizon has looked for stability in its relationship with Vodafone. As penetration rates slow, he added, common networks offer a new avenue for growth. “Going through a common platform is nothing more than the industry realizing that we can stimulate expansive growth by having a common platform and having the best networks,” he said. The news marks a serious setback for CDMA backers, as Verizon Wireless is one of the world’s largest supporters of the technology. Indeed, the news puts Ultra Mobile Broadband—which is Rev. C on the CDMA network-upgrade path—into question, as no operator has yet publicly voiced intentions to move toward the technology.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070920/FREE/70920004/1002

47. September 20, Government Executive – (National) Wireless broadband systems could be vulnerable to attack. The Centre for the Protection of National Infrastructure (CPNI) warned in a paper that WiMax has fundamental security flaws, including the lack of two-way authentication, which allows a hacker to set up a “rogue” base station to impersonate a legitimate in order to spoof the base station and launch man-in-the-middle attacks. The vulnerability could expose “subscribers to various confidentiality and availability threats,” according to the CNPI, a UK intergovernmental organization. While Wi-Fi is used in most businesses and homes for wireless connectivity to the Internet, WiMax is considerably stronger and can cover a larger area. Because of the WiMax advantages, more than 470 chip and equipment manufacturers and network operators -- such as Intel, Alcatel-Lucent, Fujitsu, Motorola, Samsung, AT&T and British Telecom -- rely on WiMax to develop systems. Sprint Nextel plans to use WiMax to provide high-speed mobile service to its subscribers through a public network to be launched in the U.S. in 2008. The Marine Corps has deployed tactical networks in the Mideast using WiMax equipment from Redline Communications. Caltrain, the California commuter rail operator, also uses Redline gear to provide high-speed voice, video and data services between rail stations. The WiMax 802.16e standard provides strong encryption through use of the Advanced Encryption Standard, which meets U.S. government requirements. However, AES management frames are broadcast in the clear, meaning an attacker can grab subscriber information and other sensitive network information, the CPNI report concluded.

Source: http://www.govexec.com/story_page.cfm?articleid=38088&dcn=todaysnews

48. September 20, RCR Wireless News – (National) FCC moves on 2155-2175 MHz spectrum band. The Federal Communications Commission launched a rulemaking on the highly-sought 2155 MHz-2175 MHz spectrum band, setting the stage for a resumption of a wireless open-access debate that gained strength during the agency’s 700 MHz proceeding. Late last month, the FCC tossed out applications of M2Z Networks Inc. and others that wanted the 2155 MHz-2175 MHz spectrum for a wireless broadband network. M2Z has challenged the agency’s ruling in the U.S. Court of Appeals for the District of Columbia Circuit. The mobile-phone and wireless broadband sectors opposed the M2Z plan. Google Inc., consumer advocates and special-interest groups lobbied for open-access and wholesale conditions in the 700 MHz spectrum being auctioned early next year, but scored only a partial victory. The FCC will require licensees of a 22 megahertz spectrum block to allow third-party devices and applications in that chunk of spectrum. Those entities have now set their sights on the 2155-2175 MHz band, hoping to see open access, wholesale and a nonexclusive, unlicensed regime mandated in what is known as the advanced wireless services III band.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070920/FREE/70920007/1005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)