Monday, September 17, 2007

Daily Reports

Computerworld reported on Thursday that a major consulting firm is investigating how a confidential 2002 terrorist threat assessment for Chicago, conducted on behalf of the Federal Transit authority, made its way onto LimeWire, a peer-to-peer (P2P) file-sharing network, and eventually into the hands of a local Fox News journalist. (See item 40)

WRAL, a local North Carolina news station, reported that the U.S. Department of Agriculture on Friday declared 85 North Carolina counties disaster areas because of the ongoing drought. The state Drought Management Advisory Council issued a report Thursday showing that 98 of North Carolina's 100 counties were in severe, extreme or exceptional drought. (See item 17)

Information Technology

38. September 14, Infoworld – Badware hunters tame wild Webmasters. If hijacked sites and hosting companies that fail to police malware distribution sources represent two of the most serious threats to Internet security, there may be hope for improvement, according to researchers working with Harvard Law School's StopBadware.org. After publishing a list of rogue Web site hosting companies and launching a campaign to label every malicious site they can find on the Internet, an effort that has filtered out over 600,000 nefarious applications thus far, the StopBadware team says that people are responding. The project currently counts less than 250,000 Web sites that it classifies as distributors of programs that qualify as badware -- any application that either tries to hide itself or any of its intentions, based on the parameters of the effort. By inserting warnings into Google's search results that steer end-users away from malware and adware sources, while communicating with those responsible for creating or handing out the suspicious programs, progress is being made, according to StopBadware's lead researchers.

Source: http://www.infoworld.com/article/07/09/14/Badware-hunters-taming-wild-webmasters-hosts_1.html

39. September 13, Computerworld – Microsoft downplays stealth update concerns. Microsoft Corp. today downplayed the concerns over undercover updates to Windows XP and Windows Vista, saying that silent modifications to the Windows Update (WU) software have been a longtime practice and are needed to keep users patched. “Windows Update is a service that primarily delivers updates to Windows,” said the WU group program manager the team’s blog today. “To ensure ongoing service reliability and operation, we must also update and enhance the Windows Update service itself, including its client-side software.” Microsoft was moved to respond after the popular “Windows Secrets” newsletter looked into complaints that WU had modified numerous files in both XP and Vista, even though users had set the operating system to not install updates without their permission. In many cases, users who dug into Windows’ event logs found that the updates had been done in the middle of the night. Windows gives users some flexibility in how their PCs retrieve and install updates and patches from the company's servers. But some users have filed accounts of stealth updates to WU even when they had completely disabled the automatic update feature in the operating system. The program manager disputed those claims, saying, “WU does not automatically update itself when Automatic Updates is turned off, this only happens when the customer is using WU to automatically install upgrades or to be notified of updates.”

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9036478&intsrc=hm_list

40. September 13, Computerworld – Confidential Chicago terrorist threat assessment leaked over P2P. Officials at consulting firm Booz Allen Hamilton Inc. are looking into how a Fox News reporter acquired a confidential terrorist threat assessment on Chicago over a public file-sharing network. An investigative reporter with WFLD Fox News in Chicago, on Tuesday reported that he recently used a peer-to-peer (P2P) program called LimeWire obtain the Booz Allen document. The firm authored the document in 2002. A spokesman for Booz Allen confirmed the incident and said the document was commissioned by the Federal Transit Administration (FTA) five years ago. The spokesman said the company did not know how the documents ended up on the internet. He said that after Booz Allen completed the threat assessment, it made the document available to numerous federal, state and private-sector entities and first responders as required under its contract with the FTA. It was then the responsibility of those entities to protect the documents, he said. The Booz Allen incident again highlights what some analysts say is a growing problem: the easy availability of all sorts of government, personal and confidential information on P2P networks. In July, the House Committee on Oversight and Government Reform heard testimony from several witnesses about how everything from classified military documents to corporate data can be found on P2P networks.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9036481&taxonomyId=17&intsrc=kc_top

41. September 13, IDG News Service – Data explosion shakes up IT. In just three years, the bytes of data generated by digital cameras, mobile phones, business IT systems and other tech devices will equal the number of grains of sand on the world's beaches. It's a mind-boggling estimation from market analysis company IDC. But it reflects the proliferation of devices and systems used by consumers and businesses, IDC's vice president of worldwide IT markets and strategies said today. Over the next few years, corporations will face tough decisions on how to store data, find information and comply with regulations, he said. It won't be an easy task. While 85% of that data is predicted to come from consumers snapping photos, surfing Web pages and sending e-mail, about 60% of that consumer data will still cross corporate networks, he said. Much of the data is unstructured, meaning it's not clearly labeled as to its content, such as photos, video and perhaps phone recordings, which makes it more difficult to use. But technologies that enable deep analysis of the data are emerging, and could help businesses unlock what's important and improve their operations. But the security concerns still abound, as well as regulatory compliance and liability worries. According to data from the U.S. Computer Emergency Readiness Team, the number of reported software vulnerabilities declined in 2003 and 2004 but surged in 2005 to around 6,000, an all-time high.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9036378&taxonomyId=17&intsrc=kc_top

Communications Sector

42. September 13, RCR Wireless News – SF kills Wi-Fi plans. San Francisco has formally walked away from a deal to build a Wi-Fi network throughout the city. The effort was already largely considered dead late last month when EarthLink Inc. rescinded its proposal—which included a teaming with Google Inc.—to cover the estimated $14 million to $17 million cost of building San Francisco’s Wi-Fi network. A committee of the city’s Board of Supervisors put the final death knell on the project yesterday when it declined to vote on the contract. The move was largely a bureaucratic one that may well end the years-long efforts to blanket the city with free Internet access. Many analysts say there is little silver lining for EarthLink in the Wi-Fi deals it made with about a dozen cities. The deals call for EarthLink to shoulder all of the upfront costs, a situation that is now giving the company serious second-thoughts. EarthLink wanted the municipalities to help pay for the construction, but San Francisco and others have been unwilling to meet the company halfway.

Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070913/FREE/70913008/1014