Thursday, April 24, 2008

Daily Report

• The Patriot Ledger reports unionized workers at the Pilgrim nuclear power plant are raising financial concerns about Entergy Corp.’s plan to spin off its plant and five other reactors into a new company. They say the new company could be saddled with as much as $6.5 billion in debt, which could increase the potential for layoffs, deferred maintenance, and safety risks at the plants. (See item 5)

• According to CNSNews.com, a former U.S. Army mechanical engineer is accused of passing secret defense documents to Israel in the early 1980s. The documents allegedly contained information on nuclear weapons, a modified F-15 fighter plane, and the U.S. Patriot missile air defense system. (See item 7)

Information Technology

31. April 23, IDG News Service – (International) CNN site hit by China attack. After being called off Friday, the on-again, off-again cyberattack against CNN’s Web site again picked up steam early this week, according to network security analysts. At its peak, the attack has sucked up 100MBps in bandwidth, enough to slow the news Web site for some visitors. “That’s a decent-sized attack,” said a senior security engineer with Arbor Networks. “Globally speaking, it’s probably garden-variety.” Organizers had originally called for the attack to be launched on April 19. But they soon called off their efforts with one organizer, CN-Magistrate, saying that “too many people are aware of it, and the situation is chaotic.” CN-Magistrate soon disbanded his Web site devoted to these attacks and dropped out of public view. Hackers had launched some low-intensity attacks against CNN ahead of the April 19 deadline, but on Sunday, another group calling itself HackCNN picked up the attack. CNN visitors experienced a noticeable slowdown during the early hours of Sunday and Monday, researchers said. This group also managed to deface a Sports Network Web site (sports.si.cnn.com), replacing sports scores with slogans such as “Tibet was, is, and always will be a part of China!” Although a CNN spokeswoman said that the Web site was not taken down by the attacks, Web monitoring company Netcraft said that some of its sensors were unable to get a response from CNN servers in Phoenix, San Jose, California, London, and Pennsylvania for about three hours on Sunday. On Monday, response times to CNN were as slow as two-tenths of a second, Netcraft said. CNN did slow down the rate at which network traffic from the Asia-Pacific region was able to reach its Web site, the spokeswoman said. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/04/23/CNN-site-hit-by-China-attack_1.html

32. April 23, Computer Weekly – (International) Use of new technologies exposing UK firms to risk, report finds. The adoption of new technologies is exposing UK companies to high levels of risk, according to a government security survey. The 2008 Information Security Breaches survey for the Department for Business, Enterprise, and Regulatory Reform reveals that although 17 percent of UK companies have adopted voice over IP (VoIP), only 30 percent have evaluated the security risk involved. Companies adopting VoIP were twice as likely to suffer a security breach, said the author of the report, which shows the number of UK companies that have implemented VoIP has doubled since the last survey in 2006. The same level of exposure was also true for the 42 percent of companies that have adopted wireless networks and the 54 percent of companies that have implemented remote access to corporate IT systems, said the report’s author. Instant messaging (IM) was another area of concern, he said, because it exposes companies to the same risks as e-mail, but half of companies using IM do not have any security controls in place. The report notes that financial companies take the most steps to mitigate IM risks, but said even in this sector, a third have taken no steps. Source: http://www.computerweekly.com/Articles/2008/04/23/230401/infosecurity-2008-use-of-new-technologies-exposing-uk-firms-to-risk-report.htm

33. April 22, vnunet.com – (International) Most breaches down to lost or stolen kit. Microsoft’s latest security report has shown that breaches from hacking attacks are plummeting, while lost equipment now accounts for over half of all security problems. Lost or stolen hardware was responsible for 58 percent of all data security breaches in the last six months of 2007. This compares with just 13 percent as a result of hacking, down from an average of 23 percent for previous years. “We all have smartphones and laptops and it is losing these that is a major problem,” said the general manager for Microsoft’s Malware Protection Agency. “If you think about what is often kept on these devices, losing it in public is a major problem.” The data comes from Microsoft users around the world and is analyzed by Microsoft malware labs. The information has allowed the company to create a threat map of the world, showing on average how many computers need to be scanned to find one piece of malware. Source: http://www.vnunet.com/vnunet/news/2214887/hacking-fades-favour-theft

34. April 22, IDG News Service – (National) Microsoft data show Web attacks taking off. Criminals changed tactics in the last six months of 2007, dropping malicious e-mail in favor of Web-based attacks, according to data reported to Microsoft by Windows users. The company saw the number of Trojan downloader programs it removed from Windows machines jump by 300 percent, according to the principal architect of Microsoft’s Malware Protection Center. These programs masquerade as legitimate pieces of software, but once installed they then download malicious software such as spyware or adware onto the victim’s computer. They are typically installed via the Web. The shift to the Web has been forced onto criminals, as system administrators have become better at blocking executable files from being sent via e-mail. Many companies compile data on Web attack trends, but Microsoft’s is the most comprehensive – based on data from the approximately 450 million computers that run the Microsoft Malicious Software Removal Tool that ships with Windows. On average, Microsoft removed malware from one out of every 123 computers it inspected each month during the period. In the U.S., that number was one in every 112. Japan was the least-infected country, with malware found on just one in 685 machines. Microsoft published its findings Monday in its Microsoft Security Intelligence Report, Volume 4. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/04/22/Microsoft-data-show-Web-attacks-taking-off_1.html

Communications Sector

Nothing to Report