Monday, November 19, 2007

Daily Report

• According to the Associated Press, a preliminary FAA investigation found that the near collision of two commercial aircraft at 25,000 feet over Indiana was caused by air traffic controller error. An FAA spokeswoman said the Tuesday evening incident happened amid a shift change during a busy time at the Chicago Center radar facility in Aurora, Illinois. (See item 14)

• In an Army Times report, the Department of Veterans Affairs announced that a computer containing the names, Social Security numbers and birthdates of 12,000 veterans was taken over the Veterans’ Day weekend from a VA medical center in Indianapolis. The records are of veterans who had been treated at the hospital. VA policy calls for immediate notification of those involved and the provision of free credit monitoring for those at risk of identity theft. Federal, state and local law-enforcement agencies are investigating the theft.(See item 10)

Information Technology

26. November 15, Army Times – (Indiana) Computer with veterans’ data stolen. The Department of Veterans Affairs announced that a computer containing the names, Social Security numbers and birthdates of 12,000 veterans was taken over the Veterans’ Day weekend from the VA medical center in Indianapolis. Three computers were taken from an unlocked room, but one computer contained records that could be used for identity theft. The records are of veterans who had been treated as patients at the hospital. A policy established earlier this year calls for immediate notification of everyone whose information is missing and a review of the potential threat of identity theft in such situations. If there is a risk of identity theft, VA policy calls for the government to provide free credit monitoring to those affected. Federal, state and local law enforcement agencies are investigating the theft.
Source:
http://www.armytimes.com/news/2007/11/military_veterans_stolendata_071115w/

27. November 15, Computerworld – (National) What retail wireless security? TJX may be in a class all by itself in terms of the number of records compromised in a data breach. But the retailer apparently has plenty of company when it comes to wireless security issues of the sort that led to the compromise it disclosed earlier this year. A survey of over 3,000 retail stores in several major U.S. cities by wireless security vendor AirDefense Inc. reveals that a large number of retailers are failing to take even the most rudimentary steps for protecting customer data from wireless compromises. Among the biggest issues: weakly protected client devices, wrongly configured wireless access points inside stores, data leakage, poorly named network identifiers, and outdated access-point firmware. According to AirDefense, about 85 percent of the 2,500 wireless devices that it discovered in retail stores, such as laptops and barcode scanners, were vulnerable to wireless hacks. Out of the 4,748 access points that were monitored for the survey, about 550 had poorly named SSIDs that could give away the store’s identity. “One thing we did not expect was the large number of point-of-sale devices that looked as if they had been turned on” and left in essentially the configuration in which they arrived at the store, said AirDefense’s chief security officer. Many of the access IDs that were being used by retailers had names that were dead giveaways, such as ‘retail wireless’, ‘POS WiFi’ or ‘store number 1234’,” he said. About 25% of the access points that were monitored used no encryption at all. In total, of the 3,000 stores monitored, about a quarter of them were still using the Wired Equivalent Privacy (WEP) protocol for encrypting traffic. WEP is considered to be among the weakest of the encryption options available today and was the standard in use by TJX when it was first breached.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9047258&taxonomyId=17&intsrc=kc_top

28. November 15, Wired – (National) Hackers use banner ads on major sites to hijack your PC. The worst-case scenario used to be that online ads are pesky, memory draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software. And the ads do their dirty work even if you do not click on them. The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball’s MLB.com to the Canada.com news portal. Hackers are using deceptive practices and tricky Flash programming to get their ads onto legitimate sites by way of DoubleClick’s DART program, which is used by Web publishers to manage advertising inventory. The ads work by closing a user’s browser window from a legitimate Web site. A new browser window comes up, redirecting the user to an antivirus site, while a dialog box comes up claiming the computer is infected and that the hard drive is being scanned. The malware tries to download software to the computer and scans the hard drive again. The malware looks like an ordinary Flash file, with its redirect function encrypted, so that when publishers upload it, the malware is not detectable. Once deployed on a site, the Flash file launches the malicious redirects, which appear to be triggered at preset times or at selected Web domains. DoubleClick acknowledges the malware is out there, and says it has implemented a new security monitoring system that has thus far captured and disabled a hundred ads. Publishers may be somewhat culpable, too. The distributor of the malware-infected ads is believed to be AdTraff, an online-marketing company with reported ties to the Russian Business Network, a secretive internet service provider that, security firms say, hosts some of the internet’s most egregious scams. AdTraff is believed to have posed as a legitimate advertiser, using its partners as references.
Source:
http://www.wired.com/techbiz/media/news/2007/11/doubleclick

Communications Sector

29. November 16, Business Wire – (International) Satellite industry safeguards C-band frequency spectrum use at WRC-07. The global satellite industry emerged today from four weeks of successful negotiations to protect the users of its C-band spectrum from terrestrial interference. With its “no change” campaign, the satellite industry at the 2007 World Radiocommunication Conference (WRC-07) has ensured its uninterrupted, interference-free use of C-band for the future. “This outcome represents a strong endorsement by a large number of administrations of the critical nature and value of Cband satellite services as they exist today,” the CEO of SES NEW SKIES, an SES Company. The Chairman and CEO of Inmarsat, stated: [The] decision to protect the Cband will enable us to continue offering essential communications to mobile users where terrestrial networks cannot reach, including aeronautical and maritime safety services.” In addition to ensuring their uninterrupted use of the C-band, WRC-07 also gave satellite operators assurances that any future IMT (International Mobile Telecommunications) networks will provide them with full protection from interference. The endorsement of the satellite industry’s use of this highly valuable spectrum in the band 3.4 - 4.2 GHz will ensure that operators will also have adequate bandwidth to roll out future service -- especially in those regions where they are most in demand. These include the developing world, large industrialized countries, and remote regions. The outcome, supporters said, showed recognition of the need for continued interference-free operation of C-band satellite services that are essential for the provision of national over-the-air and cable television services, emergency and disaster recovery communications, Internet services, and mobile and wireline telephony trunking services.
Source:
http://www.broadcastnewsroom.com/articles/viewarticle.jsp?id=235276

30. November 16, RCR Wireless News – (International) 700 MHz band to be used for broadband worldwide. The United States teamed with neighboring countries to get the 700 MHz band identified for wireless broadband services in the Americas and major markets in Asia at the close of the World Radiocommunication Conference in Geneva, effectively setting the foundation for a global market for WiMAX services and products in frequencies being relinquished in various timeframes by broadcasters around the globe. “WCA applauds a major victory for the broadband wireless industry in the agreement to adopt power limits on satellite services in the 2500-2690 MHz band that protects land-based services from interference in the major fourth generation/WiMAX frequency band in the U.S., and in many other parts of the world,” said the Wireless Communications Association International in a statement. Mobile satellite services armed with ancillary terrestrial component authorization won global recognition at WRC-07, but MSS-ATC will continue to lack the IMT imprimatur associated with 700 MHz and other frequency bands.
Source:

http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20071116/FREE/71116004/1005/allnews