Friday, October 19, 2007

Daily Report

· The Morning Journal reports that the NASA Plum Brook Station’s nuclear reactor in Ohio will be discarded. The reactor has not been operational since 1973, but the site has been designated as contaminated for purposes of cleanup. (See item 7)

· According to a report obtained by USA Today, screeners at Los Angeles, Chicago O’Hare, and San Francisco international airports failed to detect fake dangerous materials carried by undercover agents in 60 percent of tests. Experts were puzzled by the high failure rate, which, they believe, might encourage terrorists’ attempts to bring such materials on planes. (See item 12)

Information Technology

30. October 18, Computerworld – (National) States ask for Microsoft oversight until 2012. A group of state attorney generals urged a federal judge on Tuesday to hold Microsoft Corp. to a 2002 antitrust settlement another five years so that the company cannot stymie embryonic Web 2.0 rivals of its Windows operating system. According to six states -- California, Connecticut, Iowa, Kansas, Minnesota and Massachusetts -- and the District of Columbia, Microsoft could use its Internet Explorer browser as a “chokepoint” to block moves that might unseat Windows’ dominant position on the desktop. Although the states had said they would ask for an extension last month in a hearing before a U.S. District Court judge, the motion filed Tuesday formalized the request. Key parts of the consent decree that Microsoft struck with the U.S. Department of Justice and 20 states back in 2002 are scheduled to expire November 12. In August, federal regulators and those from New York, Louisiana, Maryland, Ohio and Wisconsin told the judge that the decree had done its job. The group of five other states plus Washington, D.C., dubbed the California group, disagreed.

31. October 17, Techworld – (National) Backing up clogs enterprise systems. Backup volumes in many organizations have grown so large that they are causing business disruption by tying up systems, storage, and network capacity and hogging valuable IT resources, according to a recent survey commissioned by storage management software vendor BridgeHead Software. More than half (59 percent) of IT executives said that the volume of data they are forced to backup is disrupting business operations or will do so eventually, according to a survey of 472 IT executives in the U.K. and North America. And the problem is not going away, with 93 percent saying that their routine backup volumes are continuing to increase. The problem is consuming IT resources for long periods with 37 percent admitting that daily backups of primary data now take them more than nine hours, while 19 percent said it took them more than 12 hours. More than two-thirds (84 percent) of those polled felt they could benefit by reducing the volume of data they routinely back up. One of the most effective ways of reducing the pressure on backups is to take information that is static or seldom accessed and archive it off primary storage systems according to BridgeHead Software’s CEO.

Communications Sector

32. October 17, IDG News Service – (National) Cafe Latte attack steals data from Wi-Fi PCs. If you use a secure wireless network, hackers may be able to steal data from your computer in the time it takes to have a cup of coffee. At the Toorcon hacking conference in San Diego this coming weekend, a security researcher will demonstrate a technique he has developed to attack laptops that use the WEP encryption system to log on to secure wireless networks. Developed in the late 1990s, WEP was the default method of securing Wi-Fi networks. Though the WPA (Wi-Fi Protected Access) system replaced it, about 41 percent of businesses continue to use WEP. That percentage is even higher among home users, security experts say. That is unfortunate because WEP has been riddled with security problems. In fact, WEP was blamed for the recent TJX Companies data breach in which thieves were able to access 45 million credit- and debit-card numbers. To date, however, researchers have tended to focus on exploiting WEP flaws in order to break into wireless networks. That generally meant that the attacker would roll up near the WEP-encrypted router, crack the WEP key used to encrypt network traffic, and then log on to the network. The researcher, a senior wireless security researcher with AirTight Networks, has taken a look at the client side of things and developed a way of tricking a WEP-enabled client into thinking that it is logging on to a network that it already knows. His technique, which he calls the Cafe Latte attack, allows an attacker to circumvent firewall protection and attack the laptop or to set up a “man in the middle” attack and snoop on the victim’s online activity. “Until now, the conventional belief was that in order to crack WEP, the attacker had to show up at the parking lot,” he said. “With the discovery of our attack, every employee of an organization is the target of an attack.”


33. October 17, IDG News Service – (National) Couple swarmed by SWAT team after 911 ‘hack.’ A Washington State teenager is facing 18 years in prison on charges that he used his computer to access Orange County, California's 911 emergency response system and convinced the sheriff’s department into storming an area couple’s home with a heavily armed SWAT team. The nineteen-year-old, of Mulkiteo, Washington is not only facing charges of unauthorized computer access, but he is also facing assault charges by proxy, meaning that authorities want Ellis to be convicted as if he, and not the SWAT (Special Weapons And Tactics) team, pointed weapons at the victims. The incident took place late in the evening of March 29, when Ellis allegedly used his computer to call the Orange County 911 dispatch and, during the course of a 38-minute telephone conversation, convinced dispatchers that he had murdered someone on the premises and was about to do it again. Within minutes, fire, police and a helicopter team had been dispatched to the home of the Lake Forest, California couple, whom authorities declined to identify. A spokeswoman with the Orange County District Attorney’s office characterized the suspect as a “computer hacker,” but declined to explain exactly how the attack was carried out. “One of the reasons that we’re not disclosing exactly how he did it is because we don’t want to teach other computer hackers how to do it,” she said. Still, it is not clear that Ellis’s alleged hack involved anything more complicated than tricking the 911 system into thinking he was calling from the Lake Forest couple’s number. County officials said Wednesday that he did not exploit a technical flaw in the 911 system’s software. Authorities said that the suspect had made nearly 200 fake 911 calls to dispatch systems in California, Arizona, Washington and Pennsylvania. He is set to be arraigned Monday in Santa Ana, California.