Friday, September 21, 2007

Daily Report

The Star Telegram reports that 3,000 National Guard troops are being pulled from the U.S.-Mexico border. The troops were sent there to protect the border as part of Operation Jump Start, which started in May 2006. The move was unpopular among border-state lawmakers, who sought to maintain the status quo. (See item 13)

Reuters India reports that increased shipping controls on nuclear materials following the 9/11 attacks have led to greater difficulty in shipping radioactive material used in cancer treatments, manufacturing, and fueling nuclear power plants. According to the article, delays caused by the controls are a major deterrent to shipping companies that carry “normal, legal radioactive” cargo. (See item 20)

Information Technology

41. September 20, Computerworld (National) Would-be hacker vandalizes Vietnam Memorial site. A Vietnam War memorial Web site run by veterans was defaced in recent days by a “hacker” who left messages attacking the U.S., Israel, Armenia and the Kurds, the Washington Post reported in Thursday's issue. According to the Post, visitors to the Vietnam Veterans Memorial site who searched for casualties by date were redirected to a page that displayed the Turkish flag, a short video, and messages in both Turkish and English. One of the messages in Turkish read in translation: “Is there any equal or likeness to our martyrs at Gallipoli?” Someone identified as “Turk Defacer” took responsibility for the hack, which was reported to the site by several hundred visitors. The group that operates the site, the 4/9 Infantry Manchu (Vietnam) Association, removed the defacement and restored the site late Wednesday.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037778&intsrc=hm_list

42. September 20, Computerworld UK – (International) Caution urged as gadgets enter the workplace. IT security professionals need to take steps to properly manage how employee-owned consumer devices are used in the workplace, analysts warned at Gartner's IT security summit in London this week. With powerful consumer devices becoming increasingly ubiquitous in the enterprise, and home-working on the increase, Gartner said it was important that technology privileges reflect genuine need to avoid security problems. A survey by Gartner found that 15 percent of businesses will have at least some workers using their own devices by the year-end. A Gartner vice president said it was crucial that the management of user-owned technology reflect the needs of staff carrying out day-to-day tasks, rather than simply the person’s rank within the organization. Individual requirements of users in completing their work, weighed against the security risks they posed, ought to be the judging factors. “It is amazing how most companies focus on the technology they own and not on other devices and who is using them.” One key area of risk being largely ignored was the technology being used by outsourced workers, in spite of the fact they were often handling sensitive data for the company they were serving. It was vital this technology was properly managed, Gartner said.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037879&intsrc=hm_list

43. September 20, InfoWorld – (National) Paypal claims it is stemming the tide of phishers. Paypal’s security chief is not ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technology. Along with its parent company eBay, online payment processor Paypal has long held the inauspicious title of the Web's most frequently spoofed phishing target. However, speaking to the audience gathered at the IDC Security Forum in New York yesterday, he highlighted a number of areas where he claims that the company is making progress. Combined with more comprehensive end-user education programs -- including new how-to instructional videos posted to YouTube that offer tips on spotting common phishing e-mails-- the security chief said that by partnering with large Internet service providers (ISPs) and Web mail services, Paypal is seeing immediate results. Over half of all the e-mail traveling over the Internet funnels through a half dozen of the world's most popular ISPs and Webmail systems, including AOL, Gmail, Hotmail and Yahoo, the chief information security officer (CISO) said, all of whom Paypal has partnered with. By using electronic signatures that the companies can scan to differentiate legitimate communications sent out by Paypal and eBay from all the counterfeit messages bearing the companies' names, he said, the partners are eliminating millions of phishing attempts before they ever reach end-users' in-boxes.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9037919&taxonomyId=17&intsrc=kc_top

44. September 20, Computerworld – (National) SEC subpoenas Jobs in Apple backdating case, report says. The U.S. Securities and Exchange Commission (SEC) has subpoenaed Apple Inc. CEO Steve Jobs to give a deposition in the agency's stock-backdating case against the company's former general counsel, Bloomberg reported today. Jobs himself is not under investigation, sources said, but his testimony is wanted by the SEC for the lawsuit it filed against the attorney who left the company in May 2006, shortly before the SEC announced it was looking into option backdating at Apple. The accused was sued by the SEC in April for allegedly granting illegal backdated stock options to Jobs and other executives, then altering company records to cover the deals. She is the only Apple executive still pursued by the SEC. Jobs was issued a 7.5 million share grant in 2001. He agreed to pay the SEC $3.5 million to close his case.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037923&intsrc=hm_list

45. September 19, Computerworld – (National) Report: VA's IT security still needs work. The U.S. Department of Veterans Affairs has made some progress since a May 2006 data breach, but it has not completed 20 of 22 recommendations from an internal auditor, according to a report released Wednesday. As of May, the VA had not yet addressed several “critical success factors” for transforming its IT management, the U.S. Government Accountability Office said in its report. The VA had only completed two of 22 recommendations from its inspector general following the breach, in which a laptop and hard drive containing personal records of 26.5 million veterans and family members were stolen from a VA employee's home. The VA also needs to improve its IT asset control, the GAO said, referencing a July report showing about 2,400 missing IT devices at four VA locations in 2005 and 2006. While the VA has “many significant initiatives under way,” problems persist, even in the programs meant to fix past problems, the GAO report said. The VA has not completed a comprehensive security management program, recommended by the GAO, and it has not strengthened its critical infrastructure planning process, which was recommended by its inspector general, the GAO said. The VA has encrypted more than 18,000 laptops since the breach, and it is rolling out software that blocks unauthorized data storage devices such as thumb drives from connecting to the VA's network, he said. The agency has also installed software that blocks VA employees from sending e-mail containing Social Security numbers, he said.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9037740&taxonomyId=17&intsrc=kc_top

Communications Sector

46. September 19, RCR Wireless News – (National) MetroPCS goes live in LA. MetroPCS Communications Inc. rolled out service in the Los Angeles market today, pitching its flat-rate, unlimited plans to Angelinos. MetroPCS chairman and CEO said that the company’s initial network coverage includes 11 million potential customers. Metro said it has 400 L.A.-area authorized dealers and six company-owned retail stores, and plans to expand its distribution to 20 company-owned stores in the greater Los Angeles area in the next two years. The service is already available in the northern California cities of San Francisco and Sacramento.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070919/FREE/70919006/1002

47. September 19, Computerworld – (National) RFID heading to cell phones.
Researchers are exploring ways in which standard wireless devices could become radio frequency identification (RFID) readers and provide easy access to wide range of data. On Wednesday, presenters at RFID World in Boston focused on using second-generation active and passive RFID tags to provide advanced security and authentication, as well as ways to broaden the reach of the technology. One highlight was how the average wireless device could soon become an RFID reader, or perhaps a related radio-capable device for Near Field Communication, a short-distance radio technology to give a mobile user easy access to all kinds of data. One attendee said he was just starting early investigation into ways that fleet truck drivers could equip their standard cell phones to act as a kind of “speed pass” to quickly pay for fuel at a truck stop, similar to the Speedpass used at Mobil gas stations. Other attendees said they were dazzled by an MIT presentation Tuesday night that showed emerging technologies similar to RFID that would allow someone with diabetes to read his or her blood sugar level easily several times a day with a cell phone receiving data from a patch on the arm. The senior manager of supply chain technology at Boeing's Integrated Defense Systems said in an address that all the emerging wireless technologies are exciting, but warned IT managers to plan ways to prevent RF interference, especially in large companies with many wireless applications.

Source: http://www.infoworld.com/article/07/09/19/RFID-heading-to-cell-phones_1.html

48. September 19, IDG News Service – (National) Sprint sees enterprise IT role in WiMax. Sprint Nextel plans to cooperate with enterprises on the rollout of its WiMax mobile broadband network, letting the customers install and own short-range base stations in their buildings with automatic roaming onto the carrier's WiMax network outside. The service, planned for a national rollout next year under the Xohm brand name, is designed to deliver Internet access at megabits per second on a standards-based technology that has been heavily promoted by Intel. For enterprises, it will be similar to Wi-Fi, only more secure and with easy roaming onto a carrier network that spans whole metropolitan areas, said a Sprint official. Sprint has sent out an RFP (request for proposals) for WiMax femtocells, or miniature base stations meant to serve a home or other small area, he confirmed. He expects large enterprises to buy and deploy femtocells for consistent coverage across their offices and campuses, maintaining control over them as they do with current Wi-Fi networks. Sprint will work with enterprises and building owners to provide roaming onto the carrier network from WiMax femtocells or, in some cases, indoor Wi-Fi networks, he said.

Source:

http://www.infoworld.com/article/07/09/19/Sprint-sees-enterprise-IT-role-in-WiMax_1.html