Monday, April 30, 2007

Daily Highlights

Saudi police have arrested 172 Islamic militants, some of whom were being trained abroad as pilots so they could fly suicide attacks against public figures, oil facilities, refineries, and military zones −− some of which were outside the kingdom. (See item 1)
The Department of Health and Human Services has announced the establishment the Biomedical Advanced Research and Development Authority that will manage the procurement and advanced development of medical countermeasures for chemical, biological, radiological, and nuclear agents. (See item 26)

Information Technology and Telecommunications Sector

30. April 27, Government Accountability Office — GAO−07−424: Information Technology: DHS Needs to Fully Define and Implement Policies and Procedures for Effectively Managing Investments (Report). The Department of Homeland Security (DHS) relies extensively on information technology (IT) to carry out its mission. For fiscal year 2008, DHS requested about $4 billion −− the third largest planned IT expenditure among federal departments. Given the size and significance of DHS’s IT investments, the Government Accountability Office's (GAO) objectives were to determine whether DHS (1) has established the management structure and associated policies and procedures needed to effectively manage these investments and (2) is implementing key practices needed to effectively control them. The GAO used its IT Investment Management (ITIM) framework and associated methodology to address these objectives, focusing on the framework’s stages related to the investment management provisions of the Clinger−Cohen Act. GAO recommends that DHS fully define the project−level and portfolio−level policies and procedures defined in GAO’s ITIM framework and implement the practices needed to effectively control investments. In written comments on this report, DHS agreed with GAO's findings and recommendations and stated it will use the report to improve its investment management process.

31. April 26, IDG News Service — FCC approves plan for auctioning 700MHz spectrum. The Federal Communications Commission (FCC) has approved a plan for auctions of wireless spectrum in the 700MHz band, taking the first step toward the multi−billion−dollar sale of spectrum being abandoned by television stations. The FCC late Wednesday, April 25, approved an auction plan that would sell pieces of the spectrum in chunks of varying geographic sizes, including metropolitan areas, larger regional economic zones, and multi−state regions. The FCC also will invite comments on a number of proposals for the spectrum, made available after Congress voted last year to require TV stations to switch to digital broadcasts and abandon channels 51 to 69 by February 2009.
Source: on_1.html

32. April 26, IDG News Service — New York teen hacks AOL, infects systems. A New York teenager broke into AOL networks and databases containing customer information and infected servers with a malicious program to transfer confidential data to his computer, AOL and the Manhattan District Attorney's Office allege. In a complaint filed in Criminal Court of the City of New York, the DA's office alleges that between December 24, 2006 and April 7, 2007, 17−year old Mike Nieves committed offenses like computer tampering, computer trespass, and criminal possession of computer material. Among his alleged exploits: Accessing systems containing customer billing records, addresses, and credit card information; Infecting machines at an AOL customer support call center in New Delhi, India, with a program to funnel information back to his PC; Logging in without permission into 49 AOL instant message accounts of AOL customer support employees; Attempting to break into an AOL customer support system containing sensitive customer information; Engaging in a phishing attack against AOL staffers through which he gained access to more than 60 accounts from AOL employees and subcontractors.
Source: ml

33. April 26, IDG News Service — Four plead guilty in auction software piracy scheme. Four men have pleaded guilty in U.S. court in Wisconsin to selling copyrighted software on, the Department of Justice (DOJ) announced Thursday, April 26. Pleading guilty in U.S. District Court for the Eastern District of Wisconsin were Eric Neil Barber of Manila, AR; Phillip Buchanan of Hampton, GA; Wendell Jay Davis of Las Vegas; and Craig J. Svetska, of West Chicago, IL, the DOJ said. The four sold counterfeit Rockwell Automation software with a retail value of more than $19.1 million through eBay, the DOJ said.
Source: 1.html

34. April 26, Associated Press — Lawsuit targets spam harvesters. An anti−spam organization filed a federal lawsuit Thursday, April 26, targeting so−called spam harvesters, who facilitate the mass distribution of junk e−mail by trolling the Internet and collecting millions of e−mail addresses. The lawsuit was filed in U.S. District Court in Alexandria, VA, by a Utah company called Unspam Technologies Inc. The company runs a Website called Project Honey Pot dedicated to tracking spam harvesters worldwide. Project Honey Pot has collected thousands of Internet addresses that it has linked to spam harvesters, but it so far has been unable to link those addresses to an actual person. The lawsuit names a variety of John Does as defendants, and the plaintiffs hope that the legal process will allow them to track the actual people who are harvesting the e−mail addresses, said lead attorney Jon Praed with the Arlington−based Internet Law Group.

35. April 26, VNUNet — Hacking tools top malware threats. Hacking tools head up the list of malware detected on computers around the world, according to figures released by Microsoft at Infosecurity Europe 2007. "Backdoors, key−loggers, downloads and droppers continue to be the main malware menaces we're seeing in the marketplace," said Nicholas McGrath, head of platform strategies Microsoft. Data collected from Microsoft's security software between July and December 2006 showed that attacks were much more likely to target individual machines. "The exploits are very much targeted at the individual, either by taking their identity to gain from something like their credit card, or taking control of the PC to build their own botnets to be used in organized criminal activities," said McGrath.
Source:−tools−top− malware−threats

36. April 26, VNUNet — Mobile phone users oblivious to data threats. Consumers fail to realize how much sensitive information they carry in their mobile phones, according to a university study. Professor Steve Furnell from Plymouth University, UK, said that focus groups carried
out on the campus showed a worrying trend of users not protecting their data on mobile devices because they did not see any threat. The study found that only 66 percent of people used a PIN to protect their device, although 45 percent of those did not bother to change the default number. Furnell said that the technology exists to protect users, but that they simply did not make use of it.
Source:−phone−users −oblivious