Thursday, January 24, 2008
• Purdue University News reports that researchers at the university are working with the state of Indiana to develop a system that would use a network of sensor-equipped cell phones to detect radiation sources, including possible radiological “dirty bombs” and nuclear weapons. By adding sensitive, but small radiation sensors to cell phones, which already contain GPS locators, researchers say they could enable a network of phones to function as a tracking system. (See items 7)
• According to Reuters, a new GAO report states that vaccines and drugs will not be enough to slow or prevent a pandemic of influenza, which global health experts almost universally agree is overdue. Supplies of antiviral drugs are low and a vaccine would have to be formulated to match the precise strain causing the pandemic. (See item 25)
30. January 23, SCMagazineUS.com – (International) China has penetrated key U.S. databases: SANS director. An aggressive, non-stop campaign by China to penetrate key government and industry databases in the United States already has succeeded and the United States urgently needs to monitor all internet traffic to critical government and private-sector networks “to find the enemy within,” the SANS Institute’s director of research told SCMagazineUS.com. He said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China’s People’s Liberation Army. The “smoking guns” pointing to a government-directed effort are keystroke logs of the attacks, which have been devoid of errors usually found in amateur hack attacks, the use of spear phishing to gain entry into computer networks, and the massively repetitive nature of the assault, the SANS research director said. SANS earlier this week placed espionage from China and other nations near the top of its annual list of cybersecurity menaces, reporting that targeted spear phishing is the weapon of choice used in the assault on U.S. databases and those of its allies.
31. January 22, ars technica – (National) Compromised web sites serve more malware than malicious ones. According to security firm WebSense, the number of legitimate web sites that have been hacked and are distributing or enabling various types of malware attacks is greater than the number of malicious sites created specifically for that purpose. The company’s latest report discusses this trend, along with the tremendous impact the Storm Worm had on the Internet through all of 2007. As WebSense states, there is a clear advantage to infecting a legitimate site that comes with its own built-in traffic and a user base. The type of theft varies depending on the site. Personal data and credit card information are the most obvious acquisition targets, but online gaming account theft and click-fraud are apparently common as well. It is well known that there are forums, discussion groups, and IRC channels devoted to the topics of which web sites are known to be vulnerable. The problem also runs deeper than simply educating administrators about security vulnerabilities in the software that they use -- locating the correct host provider for any particular web space can be difficult, and many sites do not fall off WebSense’s malicious site blacklist quickly, sometimes remaining there for weeks or even months after being notified of a problem.
33. January 23, Associated Press – (National) AT&T may begin monitoring online traffic. AT&T Inc. may begin monitoring traffic over its online network in an effort to stamp out theft of copyrighted material, its chief executive said Wednesday. The company’s CEO told a conference at the World Economic Forum that the company was still evaluating what it would do about peer-to-peer networks, one of the largest drivers of online traffic, but also a common way to illegally exchange copyright files. “It’s like being in a store and watching someone steal a DVD. Do you act?” he asked.