Wednesday, October 24, 2007

Daily Report

· The Associated Press reports that a dump used for toxic waste, which was shut down in 1979, might be the cause of cancer and other serious diseases that residents living near the plant have developed over the years. Health officials are now investigating if these suspicions are accurate. (See item 4)

· Newsday reports that methicillin-resistant Staphylococcus aureus (MRSA) infections could develop into a major health crisis, according to doctors. They say that the organism has caused infections in hospitals for years, but now that it has spread to communities, infecting people in gyms, schools and day care centers, it might lead to a major crisis. The doctors also expressed concern because of the lack of new antibiotics to treat this specific strain. (See item 24)

Information Technology

27. October 23, IDG News Service – (National) ID thieves have a 50-50 chance of going to prison. If you are a convicted identity thief, you have about a 50 percent chance of avoiding jail. That is one of the findings of a new study of closed U.S. Secret Service case files, released Monday by Utica College's Center for Identity Management and Information Protection. This is the first time researchers have been allowed to sift through the Secret Service’s data. The study's authors based their findings on an analysis of 500 closed Secret Service cases. “Prosecutors had a slightly better chance of sending a convicted identity thief to prison than not (51 percent) and could expect to see the imprisoned offender sentenced to three years or less of incarceration,” the report said. The college has been working with a number of partners, including the Secret Service, IBM, and the Federal Bureau of Investigation, since the Center's creation in mid-2006 to study the methods used by ID thieves and to help corporations and law enforcement prevent this type of crime. Technology like printers, mobile phones, and computers were used in about half of the cases, but the Internet was the exclusive tool of ID thieves only about 10 percent of the time. The median loss from identity theft was just over $31,000, but in one case, investigated by the Secret Service's Dallas field office, the defendant spent millions on luxury vehicles and then managed to set up shell companies and defraud investors. Losses totaled $13 million. “In general,” however, “the more offenders involved in the case, the higher the victim loss,” the study stated. According to Javelin Strategy & Research, identity theft cost U.S. businesses and consumers an estimated $49.3 billion in 2006.

28. October 23, The Associated Press – (International) British, Dutch police close pirate site. British and Dutch police shut down what they say is one the world’s biggest online sources of pirated music Tuesday and arrested the Web site’s 24-year-old suspected operator. The invitation-only OiNK Web site specialized in distributing albums leaked before their official release by record companies, the International Federation of the Phonographic Industry said. Many among OiNK’s estimated 180,000 members paid donations “to upload or download albums, often weeks before their release, and within hours albums would be distributed through public forums and blogs across the Internet.” Users were invited to the site if they could prove they had music to share, the IFPI said. The IFPI said more than 60 major albums were leaked on OiNK so far this year, making it the primary source worldwide for illegal prerelease music. Prerelease piracy is considered particularly damaging to music sales as it leads to early mixes and unfinished versions of artists’ recordings circulating on the Internet months before the release. Police in Cleveland, in northeast England, said they were tracing the money generated through the Web site, expected to amount to hundreds of thousands of dollars. The arrest of a 24-year-old IT worker at a house in Middlesbrough, northeast England, followed a two-year investigation by Dutch and British police and raids coordinated by Interpol. Cleveland police said the man, whose name was not released, was arrested on suspicion of conspiracy to defraud and infringement of copyright law. OiNK’s servers, in Amsterdam, were shut down by Dutch police, the IFPI said.

29. October 22, Computerworld – (Colorado) Update: World Series ticket sales to resume after Colo. stall. After a 26-hour delay, the Colorado Rockies baseball team will at last be able to sell its tickets for World Series home games at Coors Field. Sales should begin Tuesday at noon MDT on the Rockies’ Web site. When its automated ticketing vendor’s servers crashed early Monday morning, the Rockies struck out as they tried to sell tickets to three home World Series games, set to begin on Saturday. “It’s been an extremely frustrating day for our fans and the entire Rockies’ organization,” said the Rockies’ team president in a statement. “Our Web site, and ultimately our fans and our organization, were the victim of an external, malicious attack that shut down the system and kept our fans from being able to purchase their World Series tickets.” The National League team, which will face the American League champion, the Boston Red Sox, beginning Wednesday night in Boston, had announced last week that it would sell its World Series tickets via an online process to make it fair for all ticket buyers for the first World Series to involve a Colorado team. Only about 500 tickets had been sold online before the outage occurred, 10 minutes after the tickets went on sale Monday.

30. October 22, Computerworld – (National) Adobe patches critical PDF vulnerability. Adobe Systems Inc. patched its Reader and Acrobat programs Monday to fix a flaw that exposed most Windows XP users to exploits arriving in malicious PDF files. The patches are included in updates to Reader, the for-free PDF rendering utility, and Acrobat, Adobe’s full-featured application; both have been tagged as Version 8.1.1. “Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system,” Adobe warned in the bulletin that detailed the patch availability. “A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities.” Only users of Microsoft Corp.’s Windows XP who have Internet Explorer 7 installed are at risk of such attacks, Adobe added. The patches come a little more than two weeks after Adobe acknowledged the bug and posted a complicated work-around that required users to edit the Windows registry.

Communications Sector

31. October 23, The Associated Press – (International) Report: China starts work on first direct undersea cable to US. A group of phone companies has begun constructing the first undersea telecommunications cable directly linking China with the United States, a news report said Tuesday. The fiber-optic cable will go into operation next July ahead of the Beijing Olympics, the Chinese government's Xinhua News Agency said. The project, dubbed the Trans-Pacific Express, comes amid explosive growth in telephone and Internet traffic between China and the United States. Its developers say it will have 60 times the capacity of current cable connections between the two countries. Current U.S.-Chinese cable links run through Japan, but Beijing sees Tokyo as a regional rival and has long wanted an independent connection to the United States. Construction of the new cable began Monday in the Chinese coastal city of Qingdao, Xinhua said. Its developers are state-owned China Telecom Ltd., China Netcom Ltd. and China Unicom Ltd., Verizon Communications Inc. of the United States, Taiwan’s Chunghwa Telecom Co. and South Korea’s KT Corp. The cable is to have connections to South Korea and Taiwan, but none to Japan, according to its developers. Verizon said last year the system would extend more than 18,000 kilometers (11,000 miles) and represent an investment of US$500 million. The route of the cable is intended to minimize potential disruption from earthquakes by avoiding seismically active areas, Xinhua said. A quake in January severed an undersea cable near Taiwan, disrupting communications throughout Asia.

32. October 22, – (National) Comcast impersonates users to control P2P traffic. Comcast interferes with peer-to-peer traffic on its cable network by masquerading as users and resetting connections, The Associated Press reported on Friday. Apparently in an effort to maintain quality of service, Comcast cut off uploads of files to BitTorrent and other P2P networks. While observers agree that an Internet service provider needs to be able manage its traffic, the way Comcast is going about this -- by impersonating customers -- is troubling to many. “Comcast is in an interesting position because the amount of outbound and inbound traffic is constrained in their network,” said the CEO of, a California internet service provider. “In an asynchronous network, as the amount of outbound traffic grows, inbound rates will decrease.” Thus in order to maintain service quality for inbound traffic, which is important to all users, Comcast is throttling outbound P2P traffic. But the way Comcast is doing it -- by “injecting TCP resets that are forged as coming from the customer,” according to the exec -- is “pretty weird.” The AP story offered an apt metaphor: it is as if an AT&T operator broke into a phone conversation and impersonated one of the speakers, saying, “I have to go now, goodbye” and closed the connection. “That’s a fundamental line that’s been crossed,” he said. Yet, he added, Comcast might have no choice. “The peer-to-peer software is so insidious in how it tries to work around throttling, that forging may be the only way to stop the traffic,” he said.