Monday, November 26, 2007

Daily Report

  • · Bloomberg reports that Suez SA, the French energy and water group planning to merge with Gaz de France SA, wants to own and operate “third-generation” nuclear reactors by 2020 and is studying atomic energy expansion in Europe, the Middle East and the U.S. The Paris-based group already operates two nuclear plants in Belgium with a total of seven reactors through its Electrabel SA unit. (See item 6)
  • · The Associated Press reports that Southern California’s major water wholesaler announced plans to buy billions of gallons of water from farmers in the state to make up for a shortfall left by drought and restrictions on pumping out of the Delta. The water is being brokered by the state Department of Water Resources, which will look to farmers to voluntarily offer parts of their water supply for sale. (See item 21)

Information Technology

27. November 23, TechWorld.com – (National) Researcher releases proof-of-concept VoIP hack. An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology. Called SIPtap, the software is able to monitor multiple Voiceover- IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to infect a single PC inside the network with a Trojan incorporating these functions, although the hack would work at ISP level as well. The program can index ‘IP-tapped’ calls by caller -- using SIP identity information -- and by recipient, or even by date. Running from August this year until the most recent tap on November 21st, SIPtap had no problems in extracting enough information on the test network to prove that call recording of any and every VoIP call at a hypothetical company was now a trivial exercise. SIPtap demonstrates that the worst-case nightmares of VoIP vulnerability are now well within the capabilities of organized crime, which could use such a program to steal confidential data from companies, governments and even the police. The demonstrator, a UK-based VoIP expert, said “the threat is that an attacker engineers a Trojan and has it sit there passively [on a network], recording calls from anywhere on the Internet.” His advice was simple. “Apply the same vigor when building a VoIP network you would when building a Web site.”
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9048618&intsrc=hm_list

28. November 22, Reuters – (International) Skype encryption stumps German police. German police are unable to decipher the encryption used in the Internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany’s top police officer said on Thursday. Skype allows users to make telephone calls over the Internet from their computer to other Skype users free of charge. Law enforcement agencies and intelligence services have used wiretaps since the telephone was invented, but implementing them is much more complex in the modern telecommunications market where the providers are often foreign companies. “The encryption with Skype telephone software ... creates grave difficulties for us,” said the president of Germany’s Federal Police Office (BKA) at an annual gathering of security and law enforcement officials. “We can’t decipher it. That’s why we’re talking about source telecommunication surveillance -- that is, getting to the source before encryption or after it's been decrypted.” Experts say Skype and other Voice over Internet Protocol (VoIP) calling software are difficult to intercept because they work by breaking up voice data into small packets and switching them along thousands of router paths instead of a constant circuit between two parties, as with a traditional call. The police rep said they were not asking Skype to divulge its encryption keys or leave “back doors open” for German and other country’s law enforcement authorities. “There are no discussions with Skype. I don’t think that would help,” he said, adding that he did not want to harm the competitiveness of any company. He said there was a vital need for German law enforcement agencies to have the ability to conduct on-line searches of computer hard drives of suspected terrorists using “Trojan horse” spyware. These searches are especially important in cases where the suspects are aware that their Internet traffic and phone calls may be monitored and choose to store sensitive information directly on their hard drives without emailing it. Spyware computer searches are illegal in Germany.
Source:

http://news.yahoo.com/s/nm/20071122/wr_nm/security_internet_germany_dc;_ylt=AncWQ6lt4vFTvWGNmcTWN876VbIF

Communications Sector

29. November 22, Reuters – (International) Skype encryption stumps German police. German police are unable to decipher the encryption used in the Internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany’s top police officer said on Thursday. Skype allows users to make telephone calls over the Internet from their computer to other Skype users free of charge. Law enforcement agencies and intelligence services have used wiretaps since the telephone was invented, but implementing them is much more complex in the modern telecommunications market where the providers are often foreign companies. “The encryption with Skype telephone software ... creates grave difficulties for us,” said the president of Germany’s Federal Police Office (BKA) at an annual gathering of security and law enforcement officials. “We can’t decipher it. That’s why we’re talking about source telecommunication surveillance -- that is, getting to the source before encryption or after it’s been decrypted.” Experts say Skype and other Voice over Internet Protocol (VoIP) calling software are difficult to intercept because they work by breaking up voice data into small packets and switching them along thousands of router paths instead of a constant circuit between two parties, as with a traditional call. The police rep said they were not asking Skype to divulge its encryption keys or leave “back doors open” for German and other country’s law enforcement authorities. “There are no discussions with Skype. I don’t think that would help,” he said, adding that he did not want to harm the competitiveness of any company. He said there was a vital need for German law enforcement agencies to have the ability to conduct on-line searches of computer hard drives of suspected terrorists using “Trojan horse” spyware. These searches are especially important in cases where the suspects are aware that their Internet traffic and phone calls may be monitored and choose to store sensitive information directly on their hard drives without emailing it. Spyware computer searches are illegal in Germany.
Source:

http://news.yahoo.com/s/nm/20071122/wr_nm/security_internet_germany_dc;_ylt=AncWQ6lt4vFTvWGNmcTWN876VbIF