Friday, September 28, 2007

Daily Report

CNN
reports that a mock cyber attack orchestrated in a DOE Idaho lab showed that the nation is vulnerable to coordinated attacks that could destroy the entire electrical infrastructure of large geographic areas for months. (See item 1)

The Associated Press reports that Chicago’s video surveillance equipment will soon be upgraded with smart software manufactured by IBM. The new surveillance system would be capable of “alerting emergency officials if the same car or truck circles the Sears Tower three times or if nobody picks up a backpack in Grant Park for, say, 30 seconds,” among other things. (See item 31)

Information Technology

31. September 27, Associated Press – (Illinois) Chicago video surveillance gets smarter. On Thursday, the city of Chicago and IBM Corp. announced the initial phase of what officials say could be the most advanced video security network in any U.S. city. Chicago already has thousands of security cameras in use by businesses and police—including some equipped with devices that recognize the sound of a gunshot, turn the cameras toward the source and place a 911 call. However, the new system would let cameras analyze images in real time 24 hours a day. For example, the system could be programmed to alert the city’s emergency center whenever a camera spots a vehicle matching the description of one being sought by authorities. The system could be programmed to recognize license plates. It could alert emergency officials if the same car or truck circles the Sears Tower three times or if nobody picks up a backpack in Grant Park for, say, 30 seconds. It is unclear when the system will be fully operational. Existing cameras could be equipped with the new IBM software, but additional cameras will likely be added as well.
Source:
http://www.breitbart.com/article.php?id=D8RTSNE84&show_article=1&catnum=1

32. September 26, Computerworld – (National) Gmail’s zero-day flaw allows attackers to steal messages. Accounts on Google Inc.’s Gmail can be easily hacked, allowing any past and future e-mail messages to be forwarded to the attacker’s own in-box -- a vulnerability researcher said Tuesday. Dubbed a “cross-site request forgery” (CSRF), the Gmail bug was disclosed Tuesday by a U.K.-based Web vulnerability penetration tester. He said attackers can use Gmail’s filtering feature to exploit the bug. An attack, he said, would start with a victim visiting a malicious Web site while also still logged into his Gmail account. The malicious site would then perform what Petkov called a “multipart/form-date POST” -- an HTML command that can be used to upload files -- to one of the Gmail application programming interfaces, then inject a rogue filter into the user’s filter list.” This filter will automatically transfer all e-mails matching the rule. Future e-mails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google,” he said.

Source: http://www.pcworld.com/article/id,137725/article.html#

33. September 26, Computerworld – (National) Cyber criminals turn to smaller botnets. Online criminals setting up botnets, networks of computers they have hijacked using malicious software, are downsizing those networks in an attempt to counter security software firms. Virus writers typically try to build the largest possible botnet to make it more powerful and therefore more valuable to rent out to criminals. However, researchers have reported seeing these large groups broken down into smaller units. “Most botnets are controlled by internet relay chat,” said an F-Secure researcher. “The problem for the owners is that if the central IRC server goes down they lose the whole botnet. These people do not want to put all their eggs in one basket, and are therefore running smaller botnets.” He explained that online gangs are increasingly trying to take over botnets run by other people, and that running numerous smaller botnets makes this less of a problem.
Source: http://www.vnunet.com/vnunet/news/2199688/botnets-getting-smallerase Wait.

Communications Sector

34. September 26, The Houston Chronicle – (National) Man pleads guilty to hacking Cox’s telecom systems. A former Cox Communications Inc. employee has pleaded guilty in federal court to hacking into the company’s telecommunications system and causing phone service failures around the country. The shutdown caused a loss of computer and telecommunication services — including 911 access — for Cox customers in Dallas, Las Vegas, New Orleans and Baton Rouge, La. For nearly two hours, Cox customers were unable to make emergency calls before Cox technicians could restore service, according to information provided in court.
Source: http://www.chron.com/disp/story.mpl/ap/tx/5168626.html

35. September 26, Associated Press – (Tennessee) FAA says Memphis outage caused by AT&T. AT&T Inc. manages the telephone line that went down at a Memphis air traffic control center causing nationwide airline delays Tuesday, the head of the Federal Aviation Administration told lawmakers. The communications failure, which limited the center’s ability to talk to flights passing through its airspace and to other air traffic control facilities for about three hours, shut down all airline traffic within 250 miles of Memphis, causing dozens of delays, diversions and cancellations at Dallas-Fort Worth International Airport and in Nashville. A National Air Traffic Controllers union spokesman on Tuesday called the outage a major safety problem and said controllers had to use their personal cell phones to talk to other air traffic control centers.
Source: http://ap.google.com/article/ALeqM5izmTH3YXhrMBHYxx90qNkQWNOwlA

Thursday, September 27, 2007

Daily Report

Computerworld reports that fraud police do not possess the resources needed to handle the increase in data that accompanies increased financial fraud. While greater computing power has helped, some are calling for a greater degree of information sharing with private financial institutions, despite privacy concerns. (See item 11)

The Herald Times reports that global climate change and a recent influx of a deadly fish virus are stressing the Great Lakes fisheries, thereby affecting the $4 billion Great Lakes commercial and sport fisheries industry. Other habitat stressors have also lead to a decline in the fish population there. (See item 19)

Information Technology

29. September 25, CNet News – (National) OpenOffice bug hits multiple operating systems. Researchers at iDefense have discovered that OpenOffice version 2.0.4 and earlier versions are vulnerable to maliciously crafted TIFF files, which can be delivered in an e-mail attachment, published on a Web site or shared using peer-to-peer software. In June, OpenOffice users were warned about a worm called “Badbunny” that was spreading in the wild through multiple operating systems, including Mac OS, Windows and Linux. At the time, Symantec posted an advisory that said: “A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources.” The next version of OpenOffice, which is a free, open-source office productive software package, arrived on September 17 and is not affected by the flaw.

Source: http://www.news.com/OpenOffice-bug-hits-multiple-operating-systems/2100-1002_3-6209919.html?tag=cd.lede

30. September 26, IDG News Service – (National) AIM vulnerable to worm attack, researchers warn. A critical flaw in the way that the AOL’s instant messaging client displays Web-based graphics could be exploited by criminals to create a self-copying worm attack, security researchers are warning. The flaw was discovered by researchers at Core Security Technologies Inc., which has been working with AOL over the past few weeks to patch the problem. AOL's servers are now filtering instant messaging traffic to intercept any attacks, but the company has yet to patch the underlying problem in its client software, security researchers said Tuesday. The flaw has to do with the way the AOL Instant Messaging (AIM) software uses Internet Explorer’s software to render HTML messages. By sending a maliciously encoded HTML message to an AIM user, an attacker could run unauthorized software on a victim’s computer or force the IE browser to visit a maliciously encoded Web page, said a Core Chief Technology Officer. This type of flaw could be exploited to create a self-replicating worm attack. “The frightening thing about this vulnerability is that it can be easily exploited to create a massive IM worm, because it doesn’t require any user interaction,” said an IT security expert. No attacks based on these flaws have been reported. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9038962&intsrc=news_ts_head

Communications Sector

31. September 25, Memphis Business Journal – (Tennessee) Telecom glitch stops departures at Memphis International. The Federal Aviation Administration's air route traffic control center in Memphis experienced a communications failure at 11:30 a.m on Tuesday, standing hundreds of passengers. According to an FAA spokesman, “several radar systems were impacted when the telecom lines that feed the center failed.” The center is one of 20 across the nation and is responsible for a 250-mile radius. The air route traffic control center communicates with all flights originating within that radius and those flying over the area. Source: http://www.bizjournals.com/memphis/stories/2007/09/24/daily12.html

32. September 24, AT&T press release – (National) AT&T wins deal to build next-generation enterprise network for U.S. Department of the Treasury. AT&T Inc. has announced a task order potentially worth up to $1 billion from the U.S. Department of the Treasury to build and transition the Department to a next-generation enterprise network known as Treasury Network (TNet). TNet is a secure enterprise network that will facilitate the convergence of data, voice and video technologies into a single network infrastructure that supports the efficient operation of applications and services across the Treasury’s entire operating environment. The $270 million task order awarded to AT&T could be worth up to $1 billion with enhanced services and other options over the life of the contract. The TNet order has a time frame of 10 years, which includes a four-year base with three two-year options. Source: http://www.att.com/gen/press-room?pid=4800&cdvn=news&newsarticleid=24427

Wednesday, September 26, 2007

Daily Report

The Associated Press reports that Exelon Corp. will end its contract with Wackenhut Corp., which had provided security at the Peach Bottom nuclear power plant in south-central Pennsylvania. Wackenhut security officers were caught on videotape sleeping while on duty in the “ready room,” which is just steps away from the nuclear reactors. (See item 8)

CNN reports that an FBI investigation has revealed that Homeland Security computers were hacked into and that “significant amounts of information” was sent to Chinese language websites. Lawmakers said dozens of DHS computers were compromised and the incidents “were not noticed until months after the initial attacks.” (See item 30)

Information Technology

30. September 25, CNN – (National) Investigators: Homeland Security computers hacked. Hackers compromised dozens of Department of Homeland Security computers, moving sensitive information to Chinese-language Web sites, congressional investigators said Monday. Investigators blamed Unisys, a government contractor, saying the firm hired to protect DHS computers tried to hide the incidents from the department. The FBI is investigating the incidents, a congressional staffer said, and two members of Congress have asked the department’s inspector general to also launch an investigation. “The results of our [committee] investigation suggest that the department is the victim not only of cyber attacks initiated by foreign entities, but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks,” said two congressional representatives in a written statement. The lawmakers said committee investigators found dozens of DHS computers were compromised and the incidents “were not noticed until months after the initial attacks.” The extent of the damage is unclear, but a House Homeland Security Committee staff member said the hackers “took significant amounts of information.”

Source: http://edition.cnn.com/2007/US/09/24/homelandsecurity.computers/

31. September 25, CNet News (National) Trojan attack targets top executives. Security company MessageLabs reported that 1,100 e-mails containing malware-infected RTF (rich text file) attachments were recorded over a 16-hour period this month. Four separate waves appeared between September 13 and 14, the company said. “All (the e-mails) were going after (top-level) management. The e-mails included the company name in the subject field, purporting to be a recruitment company. The top-level nature of the targets clearly indicates that the attackers are after information,” the MessageLabs representative said, “but the greater concern is the social-engineering technique used to spread the Trojan-harboring e-mail. The way that this works has the potential to be so effective. You are getting that top-down approach – if they forward that e-mail on internally, that e-mail is coming from a trusted source,” he said. Another security expert recently said that the perfect attack would be a zero-day attack using a rootkit-cloaked Trojan sent to an H.R. manager who, due to company policy, would be compelled to open the document. H added that there is little that organizations can do to protect against these threat types besides educating users of the risks, because banning the receipt of common file types is impractical.
Source: http://www.news.com/Trojan-attack-targets-top-executives/2100-7349_3-6209930.html

Communications Sector

32. September 25, New York Daily News – (New York) Reverse-911 a good call. New York City is considering a reverse-911 system that would allow officials to alert the public to emergencies and transmit needed information via telephone. The City’s Deputy Mayor reported to the City Council last week that a pilot reverse-911 program could be “ready to go” early next year, adding that the city needs “a redundant system that will cover all bases,” including an e-mail emergency notification and a text-messaging program along with the telephone system. He said a pilot e-mail system would be up and running at the end of next month and a text-messaging pilot by the end of the year.
Source: http://www.nydailynews.com/boroughs/2007/09/25/2007-09-25_reverse911_a_good_call.html

33. September 25, News Week – (New York) The latest contraband. In recent years contraband cell phones have become a hot commodity in prisons across the country, and they are posing a serious threat to security, authorities say, especially as phones get smaller and offer technologically advanced features. In Florida, which has the country’s third-largest prison system, 109 cell phones have been confiscated over the past year, a 25-30 percent increase from the previous year, and the number is expected to keep growing, according to Florida’s assistant secretary for institutions. Seven cell phones were recently confiscated in a major drug bust in the Sunshine State’s prison system; investigators believe inmates communicated on cell phones to smuggle crack cocaine and marijuana into one of Florida’s higher-security units through prisoner squads working on roads. Contraband phones were found in the prison, at the work camp and in transport vehicles running to and from work sites. Elsewhere, construction materials, sneaky visitors and corrupt prison guards have proved to be reliable means of entry; in New York smugglers have even hidden phone parts inside old typewriters to evade X-ray scrutiny. Prison officials are warning states that the security risk will continue to grow as cell phones shrink in size and advance technologically. Tiny phones equipped with cameras, Internet access and GPS navigation can help orchestrate prison-break plots, drug trafficking, gang violence and harassment of former victims.
Source: http://www.msnbc.msn.com/id/20958664/site/newsweek/

Tuesday, September 25, 2007

Daily Report

The Atlanta Journal-Constitution reports that a University of Georgia researcher is developing a portable chemical weapons detection system that could be used for homeland security and to save soldiers' lives in the field. The technology uses human neural cells and an array of electrodes to “detect the presence of an outside agent, like nerve gas.” (See item 5)

According to an MSNBC report, the federal government will take over the responsibility of matching passenger data to terrorist “watch lists.” Under the new legislation, which is expected to be enforced in 2009, airline workers will collect over 30 pieces of data to be sent electronically to the Transportation Security Administration (TSA). The change will affect U.S. and international carriers, including those flying from Canada to the Latin America without stopping on U.S. land. (See item 12)

Information Technology

27. September 24, Reuters – (National) Unisys probed for Homeland Security breach: report. The FBI is investigating allegations that Unisys Corp failed to detect a Chinese Web site’s cyber break-ins on computers at the U.S. Department of Homeland Security and then tried to cover up its shortcomings, The Washington Post reported on Monday. Unisys won a $1 billion contract in 2002 to build and manage information technology networks at the department and the Transportation Security Administration. But evidence gathered by the Homeland Security Committee of the U.S. House of Representatives indicates network-intrusion devices were not properly installed and monitored, the Post said. As a result, some 150 DHS computers were compromised by hackers using a Chinese-language Web site from June through October in 2006. Unisys, based in Blue Bell, Pennsylvania, disputed the charge with a statement saying: “We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols.” Besides the original $1 billion contract, Unisys received a $750 million follow-up deal in 2005, the Post said. An aide on the Homeland Security Committee told the newspaper that the FBI was investigating Unisys for criminal fraud. The committee also has called for the DHS to look into the matter. The committee also said the contractor allegedly had falsely certified the computer network had been protected to cover up its failings, the Post said.

Source: http://www.reuters.com/article/domesticNews/idUSN2436745420070924

28. September 24, IDG News Service – (International) Euro think tank recommends unbundling Windows from PCs. A pro-business think tank in Europe has recommended unbundling Microsoft Corp.’s Windows operating system from sales of new PCs in order to give customers more choice when buying a new computer. A report from the Globalisation Institute in Brussels urges the European Commission to require that PCs and operating systems be sold separately in Europe to break Microsoft’s monopoly in the desktop OS market. “Microsoft’s dominant position is not in the public interest. It limits the market and has slowed technical development to the prejudice of consumers,” said the report. The report is gaining attention partly because the Globalisation Institute usually advocates a hands-off approach to business regulation. It researches and develops policy options that are sometimes championed by politicians. The report comes one week after Europe’s second-highest court turned down Microsoft’s appeal of the European Commission’s 2004 antitrust ruling against it, which fined Microsoft around $600 million for abusing its OS monopoly.

Source: http://www.infoworld.com/article/07/09/24/Euro-think-tank-recommends-unbundling-Windows-from-PCs_1.html

29. September 21, Computerworld – (National) New Firefox 3.0 alpha blocks malware, secures plug-in updates. Mozilla Corp. updated the preview of Firefox 3.0 to alpha 8 late yesterday, unveiling for the first time to users several security features it has talked up for months. Among the security provisions debuting in the new alpha of “Gran Paradiso,” the code name for Firefox 3.0, are built-in anti-malware warnings and protection against rogue extension updates, according to documentation Mozilla posted to its Web site. The malware blocker, which was first mocked up in June, will block Web sites thought to contain malicious downloads. The feature, a companion to the phishing site alert system in the current Firefox 2.0, will use information provided by Google Inc. to flag potentially-dangerous sites, warn anyone trying to reach those URLs with Firefox and automatically block access to the site. Also included is a check meant to prevent plug-ins automatic updates from sending users to malicious sites where they might be infected by attack code or drive-by downloads. The newest preview, which can be downloaded in versions for Windows, Mac OS X and Linux from the Mozilla site, still comes with a warning to end users: “Alpha 8 is intended for Web application developers and our testing community. Current users of Mozilla Firefox should not use Gran Paradiso Alpha 8,” the browser's release notes. Mozilla has not officially committed to a release date for the final version of Firefox 3.0.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9038258&intsrc=hm_list

Communications Sector

30. September 24, RCR Wireless News – (National) UMB specification published. The groups behind the Ultra Mobile Broadband technology for wireless communications—which is often referred to as a 4G technology—announced that the specifications for the air interface have been published, and that UMB is now poised to become an official standard. The move is notable as it essentially creates a set of specifications that carriers, equipment makers and others can work from. UMB, an acronym that replaces the CDMA EV-DO Revision C designation—supports peak download data rates of up to 288 Mbps in a 20 MHz slice of bandwidth, according to the CDMA Development Group and the Third Generation Partnership Project 2 (3GPP2). The technology supports wireless Voice over IP calling and other high-tech features. UMB stands on the CDMA evolution path, and is often touted as an alternative to Long Term Evolution technology. LTE stands on the W-CDMA evolution path. According to the Third Generation Partnership Project (3GPP), LTE is set to support peak data rates of 100 Mbps within a 20 MHz slice of spectrum. Work on the specifications for LTE technology is set to be completed sometime this month. The 3GPP association works on technology specifications for the W-CMA evolution path, while the 3GPP2 works on technology for the CDMA evolution path. The UMB announcement is notable as Verizon Wireless—a major CDMA backer—is considering joining its European parent company Vodafone in a move to LTE technology in order to improve international roaming and lower equipment costs.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070924/FREE/70924001/1014

31. September 24, AP – (National) New service eavesdrops on Internet calls. A startup has come up with a new way to make money from phone calls connected via the Internet: having software listen to the calls, then displaying ads on the callers’ computer screens based on what is being talked about. For instance, a caller talking about going for dinner might see ads to local restaurants and restaurant review sites, while someone pondering whether to buy a new computer might see ads for computer stores. Relevant unsponsored links also appear. That is, if the system works. It is notoriously difficult for computers to recognize speech. A test of Puddingmedia's beta software was a mixed success according to one reporter. In the test, the quality of the call did not seem to be affected by the extra step. The company’s CEO stressed that the calls are not stored in any way, nor does Puddingmedia keep a record of which keywords were picked up from a particular call. Outfits like eBay Inc.'s Skype unit would be possible partners. Skype provides free calls between computers but charges for calls to phone numbers so it can recoup connection fees charged by phone companies. Those costs could possibly be offset with an advertising model like Puddingmedia’s.

Source: http://news.yahoo.com/s/ap/20070924/ap_on_hi_te/ads_that_listen;_ylt=AoKC58GhMEv_Ijc3SALw2Lis0NUE

Monday, September 24, 2007

Daily Report

According to the Washington Business Journal, Nuclear Solutions Inc. has won a U.S. patent for technology that will detect shielded nuclear weapons. The D.C.-based company develops technologies for homeland security. (See item 5)

According to the Associated Press a report by The American Association of Railroads issued Thursday concluded that U.S. freight railroads will need $135 billion in infrastructure investment in the next 28 years. The Department of Transportation, whose data was used in the report, predicts that, measured by weight, rail freight transport will increase 88 percent in those 28 years. (See item 21)

Information Technology

42. September 21, Computerworld – (National) Unix admin pleads guilty to planting logic bomb at Medco Health. On Wednesday a former Unix system administrator at Medco Health Solutions Inc.’s Fair Lawn, N.J. office pleaded guilty in federal court to attempting to sabotage critical data -- including individual prescription drug data -- on more than 70 servers. The man, 51, is scheduled to be sentenced on January 8, and faces a maximum sentence of 10 years and a fine of $250,000. He was one of several systems administrators at Medco who feared they would get laid off when their company was being spun off from drug-maker Merck & Co. in 2003, according to a statement released by federal law enforcement authorities. Apparently angered by the prospect of losing his job, he created a “logic bomb” by modifying existing computer code and inserting new code into Medco's servers. The bomb was originally set to go off on April 23, 2004, the man’s birthday. When it failed to deploy because of a programming error, he reset the logic bomb to deploy on April 23, 2005, despite the fact that he had not been laid off as feared. The bomb was discovered and neutralized in early January 2005, after it was discovered by a Medco computer systems administrator investigating a system error. Had it gone off as scheduled, the malicious code would have wiped out data stored on 70 servers, including one critical server that maintained patient-specific drug interaction information that pharmacists use to determine whether conflicts exist among an individual's prescribed drugs. Also affected would have been information on clinical analyses, rebate applications, billing, new prescription call-ins from doctors, coverage determination applications and employee payroll data.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9038218&taxonomyId=17&intsrc=kc_top

43. September 20, Computerworld – (National) Hackers steal server log-ins from hosting vendor. Server hosting vendor Layered Technologies Inc. admitted this week that hackers broke into its support database and made off with as many as 6,000 client records, including log-in information that could give criminals access to clients' servers. The Plano, Texas-based company, which operates a pair of data centers that hold the physical servers it manages for clients, said the break-in happened sometime Monday night. “The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, e-mail addresses and server log-in details for [5,000] to 6,000 of our clients,” the firm's CEO wrote on the company blog Tuesday. According to other information posted on the blog, the database was reached through a vulnerability in a Web-based application used by Layered’s help desk. After hacking the Web application, the criminals next accessed the support database. “This allowed them to then view tickets and their contents,” said a blogger. “This attack was done using an open protocol (HTTP), which allowed them to then get into the database," he added.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9038040&taxonomyId=17&intsrc=kc_top

44. September 20, IDG News Service – (National) Hacker bears bad news about PDF. The hacker who discovered a recently patched QuickTime flaw affecting the Firefox browser says he has found an equally serious flaw in Adobe's PDF file format. “Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!!,” he wrote in a breathless Thursday blog posting. “All it takes is to open a PDF document or stumble across a page which embeds one.” The security researcher said he had confirmed the issue on Adobe Reader 8.1 on Windows XP and that other versions may be affected. He also pledged not to release the code that shows how the attack works until Adobe provided a patch for the problem.

If the PDF claims are true, it could be bad news for business users, who are used to opening PDF attachments without thinking twice, said the director of security operations with nCircle Network Security Inc. Though some attackers have crafted PDF attacks in recent years, this hacker’s code could also be more effective than typical exploits, the security director added. “Historically, those other exploits have been targeted for specific versions of Adobe Reader,” he said. “According to the information, this affects all versions. It's an inherent architectural problem in the way files are read.”

Source: http://www.infoworld.com/article/07/09/20/Hacker-bears-bad-news-about-PDF_1.html

Communications Sector

45. September 21, RCR Wireless News – (New York) NYC subway cell service still needs carriers. New York City Transit is one step closer to building a cellular phone network in its 277 subway stations, but it remains to be seen if mobile phone providers are going to pay to offer the service to their customers. Next week, the board of the Metropolitan Transportation Authority is expected to vote in favor of letting Transit Wireless, a consortium of telecom and construction companies, build an underground cellular phone network. Under the plan, Transit Wireless will pay New York City Transit at least $46.8 million over a 10-year period, according to the MTA. The firm will also spend an estimated $150 million to $200 million on installing the network. If approved, the company will build networks in six downtown Manhattan stations within two years and complete the rest of the stations in the next four. However, before people can start using their cell phones in the subway, their carriers will have to agree to pay Transit Wireless fees to offer the service. Some question how Transit Wireless will recoup all the money it has to spend on building the network. While it will be technically challenging to wire the stations, once a network is set up and operational, the success of it is riding on the wireless carriers’ participation. Carriers will have to determine if offering cell phone service on the subway platforms and stairwells will generate more revenue per user or reduce churn, analysts said.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070921/FREE/70920008/1017

46. September 20, Reuters – (National) Verizon Wireless to join Vodafone in upgrade to LTE. Verizon Wireless and Vodafone Group plc will both use Long Term Evolution technology as the 4G evolution path for their respective networks, according to remarks by company executives this week. The respective chiefs of both companies spoke about the technology choice at the Goldman Sachs Communacopia conference yesterday. Vodafone and Verizon control Verizon Wireless through a joint venture. They laid out a path toward LTE evolution within the next three to four years. Vodafone relies on GSM- and HSPA-based technology for wireless high-speed data access in its properties abroad, while Verizon Wireless—45 percent owned by Vodafone—is a CDMA operator whose most recent network upgrade has been to EV-DO Revision A. Asked if the complementary network evolution was reflective of cementing a long-term relationship between the two companies, Verizon’s chief called the categorization fair and said that Verizon has looked for stability in its relationship with Vodafone. As penetration rates slow, he added, common networks offer a new avenue for growth. “Going through a common platform is nothing more than the industry realizing that we can stimulate expansive growth by having a common platform and having the best networks,” he said. The news marks a serious setback for CDMA backers, as Verizon Wireless is one of the world’s largest supporters of the technology. Indeed, the news puts Ultra Mobile Broadband—which is Rev. C on the CDMA network-upgrade path—into question, as no operator has yet publicly voiced intentions to move toward the technology.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070920/FREE/70920004/1002

47. September 20, Government Executive – (National) Wireless broadband systems could be vulnerable to attack. The Centre for the Protection of National Infrastructure (CPNI) warned in a paper that WiMax has fundamental security flaws, including the lack of two-way authentication, which allows a hacker to set up a “rogue” base station to impersonate a legitimate in order to spoof the base station and launch man-in-the-middle attacks. The vulnerability could expose “subscribers to various confidentiality and availability threats,” according to the CNPI, a UK intergovernmental organization. While Wi-Fi is used in most businesses and homes for wireless connectivity to the Internet, WiMax is considerably stronger and can cover a larger area. Because of the WiMax advantages, more than 470 chip and equipment manufacturers and network operators -- such as Intel, Alcatel-Lucent, Fujitsu, Motorola, Samsung, AT&T and British Telecom -- rely on WiMax to develop systems. Sprint Nextel plans to use WiMax to provide high-speed mobile service to its subscribers through a public network to be launched in the U.S. in 2008. The Marine Corps has deployed tactical networks in the Mideast using WiMax equipment from Redline Communications. Caltrain, the California commuter rail operator, also uses Redline gear to provide high-speed voice, video and data services between rail stations. The WiMax 802.16e standard provides strong encryption through use of the Advanced Encryption Standard, which meets U.S. government requirements. However, AES management frames are broadcast in the clear, meaning an attacker can grab subscriber information and other sensitive network information, the CPNI report concluded.

Source: http://www.govexec.com/story_page.cfm?articleid=38088&dcn=todaysnews

48. September 20, RCR Wireless News – (National) FCC moves on 2155-2175 MHz spectrum band. The Federal Communications Commission launched a rulemaking on the highly-sought 2155 MHz-2175 MHz spectrum band, setting the stage for a resumption of a wireless open-access debate that gained strength during the agency’s 700 MHz proceeding. Late last month, the FCC tossed out applications of M2Z Networks Inc. and others that wanted the 2155 MHz-2175 MHz spectrum for a wireless broadband network. M2Z has challenged the agency’s ruling in the U.S. Court of Appeals for the District of Columbia Circuit. The mobile-phone and wireless broadband sectors opposed the M2Z plan. Google Inc., consumer advocates and special-interest groups lobbied for open-access and wholesale conditions in the 700 MHz spectrum being auctioned early next year, but scored only a partial victory. The FCC will require licensees of a 22 megahertz spectrum block to allow third-party devices and applications in that chunk of spectrum. Those entities have now set their sights on the 2155-2175 MHz band, hoping to see open access, wholesale and a nonexclusive, unlicensed regime mandated in what is known as the advanced wireless services III band.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070920/FREE/70920007/1005

Friday, September 21, 2007

Daily Report

The Star Telegram reports that 3,000 National Guard troops are being pulled from the U.S.-Mexico border. The troops were sent there to protect the border as part of Operation Jump Start, which started in May 2006. The move was unpopular among border-state lawmakers, who sought to maintain the status quo. (See item 13)

Reuters India reports that increased shipping controls on nuclear materials following the 9/11 attacks have led to greater difficulty in shipping radioactive material used in cancer treatments, manufacturing, and fueling nuclear power plants. According to the article, delays caused by the controls are a major deterrent to shipping companies that carry “normal, legal radioactive” cargo. (See item 20)

Information Technology

41. September 20, Computerworld (National) Would-be hacker vandalizes Vietnam Memorial site. A Vietnam War memorial Web site run by veterans was defaced in recent days by a “hacker” who left messages attacking the U.S., Israel, Armenia and the Kurds, the Washington Post reported in Thursday's issue. According to the Post, visitors to the Vietnam Veterans Memorial site who searched for casualties by date were redirected to a page that displayed the Turkish flag, a short video, and messages in both Turkish and English. One of the messages in Turkish read in translation: “Is there any equal or likeness to our martyrs at Gallipoli?” Someone identified as “Turk Defacer” took responsibility for the hack, which was reported to the site by several hundred visitors. The group that operates the site, the 4/9 Infantry Manchu (Vietnam) Association, removed the defacement and restored the site late Wednesday.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037778&intsrc=hm_list

42. September 20, Computerworld UK – (International) Caution urged as gadgets enter the workplace. IT security professionals need to take steps to properly manage how employee-owned consumer devices are used in the workplace, analysts warned at Gartner's IT security summit in London this week. With powerful consumer devices becoming increasingly ubiquitous in the enterprise, and home-working on the increase, Gartner said it was important that technology privileges reflect genuine need to avoid security problems. A survey by Gartner found that 15 percent of businesses will have at least some workers using their own devices by the year-end. A Gartner vice president said it was crucial that the management of user-owned technology reflect the needs of staff carrying out day-to-day tasks, rather than simply the person’s rank within the organization. Individual requirements of users in completing their work, weighed against the security risks they posed, ought to be the judging factors. “It is amazing how most companies focus on the technology they own and not on other devices and who is using them.” One key area of risk being largely ignored was the technology being used by outsourced workers, in spite of the fact they were often handling sensitive data for the company they were serving. It was vital this technology was properly managed, Gartner said.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037879&intsrc=hm_list

43. September 20, InfoWorld – (National) Paypal claims it is stemming the tide of phishers. Paypal’s security chief is not ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technology. Along with its parent company eBay, online payment processor Paypal has long held the inauspicious title of the Web's most frequently spoofed phishing target. However, speaking to the audience gathered at the IDC Security Forum in New York yesterday, he highlighted a number of areas where he claims that the company is making progress. Combined with more comprehensive end-user education programs -- including new how-to instructional videos posted to YouTube that offer tips on spotting common phishing e-mails-- the security chief said that by partnering with large Internet service providers (ISPs) and Web mail services, Paypal is seeing immediate results. Over half of all the e-mail traveling over the Internet funnels through a half dozen of the world's most popular ISPs and Webmail systems, including AOL, Gmail, Hotmail and Yahoo, the chief information security officer (CISO) said, all of whom Paypal has partnered with. By using electronic signatures that the companies can scan to differentiate legitimate communications sent out by Paypal and eBay from all the counterfeit messages bearing the companies' names, he said, the partners are eliminating millions of phishing attempts before they ever reach end-users' in-boxes.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9037919&taxonomyId=17&intsrc=kc_top

44. September 20, Computerworld – (National) SEC subpoenas Jobs in Apple backdating case, report says. The U.S. Securities and Exchange Commission (SEC) has subpoenaed Apple Inc. CEO Steve Jobs to give a deposition in the agency's stock-backdating case against the company's former general counsel, Bloomberg reported today. Jobs himself is not under investigation, sources said, but his testimony is wanted by the SEC for the lawsuit it filed against the attorney who left the company in May 2006, shortly before the SEC announced it was looking into option backdating at Apple. The accused was sued by the SEC in April for allegedly granting illegal backdated stock options to Jobs and other executives, then altering company records to cover the deals. She is the only Apple executive still pursued by the SEC. Jobs was issued a 7.5 million share grant in 2001. He agreed to pay the SEC $3.5 million to close his case.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037923&intsrc=hm_list

45. September 19, Computerworld – (National) Report: VA's IT security still needs work. The U.S. Department of Veterans Affairs has made some progress since a May 2006 data breach, but it has not completed 20 of 22 recommendations from an internal auditor, according to a report released Wednesday. As of May, the VA had not yet addressed several “critical success factors” for transforming its IT management, the U.S. Government Accountability Office said in its report. The VA had only completed two of 22 recommendations from its inspector general following the breach, in which a laptop and hard drive containing personal records of 26.5 million veterans and family members were stolen from a VA employee's home. The VA also needs to improve its IT asset control, the GAO said, referencing a July report showing about 2,400 missing IT devices at four VA locations in 2005 and 2006. While the VA has “many significant initiatives under way,” problems persist, even in the programs meant to fix past problems, the GAO report said. The VA has not completed a comprehensive security management program, recommended by the GAO, and it has not strengthened its critical infrastructure planning process, which was recommended by its inspector general, the GAO said. The VA has encrypted more than 18,000 laptops since the breach, and it is rolling out software that blocks unauthorized data storage devices such as thumb drives from connecting to the VA's network, he said. The agency has also installed software that blocks VA employees from sending e-mail containing Social Security numbers, he said.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9037740&taxonomyId=17&intsrc=kc_top

Communications Sector

46. September 19, RCR Wireless News – (National) MetroPCS goes live in LA. MetroPCS Communications Inc. rolled out service in the Los Angeles market today, pitching its flat-rate, unlimited plans to Angelinos. MetroPCS chairman and CEO said that the company’s initial network coverage includes 11 million potential customers. Metro said it has 400 L.A.-area authorized dealers and six company-owned retail stores, and plans to expand its distribution to 20 company-owned stores in the greater Los Angeles area in the next two years. The service is already available in the northern California cities of San Francisco and Sacramento.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070919/FREE/70919006/1002

47. September 19, Computerworld – (National) RFID heading to cell phones.
Researchers are exploring ways in which standard wireless devices could become radio frequency identification (RFID) readers and provide easy access to wide range of data. On Wednesday, presenters at RFID World in Boston focused on using second-generation active and passive RFID tags to provide advanced security and authentication, as well as ways to broaden the reach of the technology. One highlight was how the average wireless device could soon become an RFID reader, or perhaps a related radio-capable device for Near Field Communication, a short-distance radio technology to give a mobile user easy access to all kinds of data. One attendee said he was just starting early investigation into ways that fleet truck drivers could equip their standard cell phones to act as a kind of “speed pass” to quickly pay for fuel at a truck stop, similar to the Speedpass used at Mobil gas stations. Other attendees said they were dazzled by an MIT presentation Tuesday night that showed emerging technologies similar to RFID that would allow someone with diabetes to read his or her blood sugar level easily several times a day with a cell phone receiving data from a patch on the arm. The senior manager of supply chain technology at Boeing's Integrated Defense Systems said in an address that all the emerging wireless technologies are exciting, but warned IT managers to plan ways to prevent RF interference, especially in large companies with many wireless applications.

Source: http://www.infoworld.com/article/07/09/19/RFID-heading-to-cell-phones_1.html

48. September 19, IDG News Service – (National) Sprint sees enterprise IT role in WiMax. Sprint Nextel plans to cooperate with enterprises on the rollout of its WiMax mobile broadband network, letting the customers install and own short-range base stations in their buildings with automatic roaming onto the carrier's WiMax network outside. The service, planned for a national rollout next year under the Xohm brand name, is designed to deliver Internet access at megabits per second on a standards-based technology that has been heavily promoted by Intel. For enterprises, it will be similar to Wi-Fi, only more secure and with easy roaming onto a carrier network that spans whole metropolitan areas, said a Sprint official. Sprint has sent out an RFP (request for proposals) for WiMax femtocells, or miniature base stations meant to serve a home or other small area, he confirmed. He expects large enterprises to buy and deploy femtocells for consistent coverage across their offices and campuses, maintaining control over them as they do with current Wi-Fi networks. Sprint will work with enterprises and building owners to provide roaming onto the carrier network from WiMax femtocells or, in some cases, indoor Wi-Fi networks, he said.

Source:

http://www.infoworld.com/article/07/09/19/Sprint-sees-enterprise-IT-role-in-WiMax_1.html