Monday, January 7, 2008

Daily Report

• USA Today reported that three American Airlines Boeing 767-200s that fly daily roundtrip routes between New York and California will receive anti-missile laser jammers this spring as part of a new government test aimed at thwarting terrorists armed with shoulder fired projectiles. Anti-missile systems have been tested on cargo planes, but this is the first time such systems will be tested on passenger airlines in commercial service. (See item 13)

• According to WZZM 13 Grand Rapids, an explosive device was found in a donation bin at a Goodwill store. The bomb squad and military partners determined the device was a military explosives detonator that was live and armed with about a half pound of explosives. The bomb squad moved the device and detonated it. No one was hurt in the incident. (See item 31)

Information Technology

26. January 4, Computer Weekly – (National) More than one million Facebook users infected by malicious love widget. More than one million Facebook users could be affected by a malicious widget. Researchers from security firm Fortinet have uncovered a malicious widget creating problems within the Facebook social networking community. The widget displays in the form of a “Secret Crush” request inviting users to find out who of their friends might be interested in them. But the widget acts as a social worm, prompting users to unwittingly download the infamous Zango adware/spyware application, and to recommend the contact details of five further friends to do the same. Those who have seeded the program within Facebook are cashing in, getting rewarded “per click”, said Fortinet. The widget is already being used by three percent of the Facebook community, Fortinet said, which amounts to more than one million users.

27. January 4, IDG News Service – (National) A Wi-Fi virus outbreak? Researchers say it’s possible. If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York, according to researchers at Indiana University. The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York within a two-week period, with most of the infections occurring within the first day. “The issue is that most of these routers are installed out of the box very insecurely,” said an assistant professor at Indiana University who published the paper in November, along with researchers from the Institute for Scientific Interchange in Torino, Italy. The researchers theorize the attack would work by guessing administrative passwords and then instructing the routers to install new worm-like firmware that would in turn cause the infected router to attack other devices in its range. Because there are so many closely connected Wi-Fi networks in most urban areas, the attack could hop from router to router for many miles in some cities. Although the researchers did not develop the attack code that would be used to carry out this type of infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the routers, and then trying a list of 1 million commonly used passwords, one after the other. They said 36 percent of passwords can be guessed using this technique. Even some routers that use encryption could be cracked, if they use the popular WEP (Wired Equivalent Privacy) algorithm, which security experts have been able to crack for years. Routers that are encrypted using the more secure WPA (Wi-Fi Protected Access) standard are considered impossible to infect, he said.

28. January 3, Mercury News – (California) California opens office to fight ID theft. California’s governor opened a new office Wednesday to fight high-tech identity theft --a move activists said will help, as firms fail to meet California’s landmark consumer privacy laws. The governor’s administration merged separate departments into the single California Office of Information Security and Privacy Protection, which officials said will be unique among states as it helps guide law enforcement, businesses, advocacy groups, and consumers. The governor, who signed legislation carrying out the merger, has convened two summits so far against identity theft, which experts say is escalating as the Internet opens up new opportunities for criminals. Government and business groups have vowed to work together more closely, while urging consumers to protect themselves against data theft with computer firewalls and other software programs that protect against online intrusions. The new agency combines the former Office of Privacy Protection in the Department of Consumer Affairs, which opened in 2001, with the state Information Security Office, formerly part of the Department of Finance. “This union will strengthen the efforts of both offices,” said the secretary of the State and Consumer Services Agency.
Source: (log-in required)

Communications Sector

29. January 4, Associated Press – (National) Congestion causes text message slowdown. So many people tried to send text messages on New Year’s Eve that networks got jam packed and many of the missives arrived hours later -- or not at all. “Think of any traffic artery during rush hour: You have a large number of people who are trying to access it at the same time,” said the assistant vice president of public affairs for CTIA-The Wireless Association, a wireless industry group. “It’s really no different with regard to wireless networks.” There have been multiple occasions in recent years when getting in touch with loved ones was more vital -- the September 11 attacks, the 2003 blackout, Hurricane Katrina. “What happens where there is an emergency?” asked a professor of electrical and computer engineering at Virginia Tech. “This has been a big problem with the voice cellular system. It will probably become more of a problem with text messaging.” The cell phone carriers say they are working to expand their systems’ capacity. A Verizon Wireless spokesman said the company invests almost $6 billion annually in the wireless network. But the number of cell phone subscribers in the U.S. nearly doubled between the end of 2001 and the end of 2006, the professor said. Text messages already use a different transmission system from cell phone calls. There may be a way to differentiate among types of information or to create a separate system for people to use in emergencies. The professor said emergency networks in place are now being expanded to allow emergency service personnel to maintain voice cell phone service in times of need. The next step may be some consumer education, he said, adding that if possible users should stay off their pones during an emergency situation.

30. January 4, IDG News Service – (California) Wi-Fi start-up to pick up where Google left off in SF. Wireless networking start-up Meraki Networks Inc. plans to deliver free wireless Internet access, supported by advertising, across San Francisco by the end of the year, it announced Friday. An earlier attempt by Google Inc. and EarthLink Inc. to offer free citywide Wi-Fi access in San Francisco foundered in August when EarthLink pulled out. The companies had planned a two-tier service, with faster, paid access provided by EarthLink and a more limited, advertising-funded service to be offered by Google. The search engine giant is also an investor in Meraki. Meraki will base the service on an existing project covering parts of the city, called Free the Net, which has signed up 40,000 users over an area of 5 square kilometers since it began last March. To avoid the need for extensive cabling, Meraki will build the backbone of the network using a mesh network of solar-powered wireless repeaters installed on rooftops. The nodes will use some of their wireless capacity to offer Internet access to those nearby, and the rest to haul traffic back, via adjacent nodes, to the network’s core. The company is looking for city residents willing to put repeaters on their roofs. Those hosting a repeater will get free access to the service, and so will their neighbors -- although for them, the signal may not be as strong. Although devices are shared, Meraki aims to deliver data rates of around 1Mbit/second to each user. Meraki will pay the cost of rolling out the service, and no public funds will be involved, it said. Investors have offered the company an additional $20 million in venture capital to fund the move, it announced Friday.