Tuesday, February 12, 2008

Daily Report

• The Guardian reports that the U.S. is pressing the 27 governments of the European Union to sign up for a range of new security measures for transatlantic travel, including allowing armed guards on all transatlantic flights by U.S. airlines. The new American demands go well beyond what is agreed under the existing U.S.-EU Passenger Name Record Agreement. Brussels is pressing European governments not to sign bilateral deals with the U.S. to avoid weakening the EU bargaining position. (See item 14)

• According to Computer Weekly, research by security software house McAfee shows that mobile phone users are increasingly worried that PC-based information security risks are threatening their phones. A security analyst at McAfee said 58 percent of respondents worried about spam, fraudulent use of subscribed services, and theft of data stored on their phones. (See item 36)

Information Technology

33. February 11, Network World – (National) Powerful new antiphishing weapon DKIM emerges. There is a new gun in town, and some of the Internet’s most powerful companies – including Yahoo, Google, PayPal, and AOL – are brandishing it in the ongoing battle against e-mail fraud. The new weapon is called DKIM, an emerging email authentication standard developed by the Internet Engineering Task Force. DKIM, which stands for DomainKeys Identified Mail, allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message. DKIM addresses one of the Internet’s biggest threats: e-mail fraud. As much as 80 percent of email from leading brands, banks, and Internet service providers is spoofed, according to a report released in late January by the Authentication and Online Trust Alliance (AOTA). AOTA analyzed more than 100 million e-mails from Fortune 500 brands sent over a five-month period. “It’s a critical need that IT professionals look at e-mail authentication as a competitive advantage to protect their brands and their customers from these exploits as well as to protect their employees from spoofed or forged e-mail coming into their networks,” says the chairman of AOTA. DKIM proponents say the standard is an important step in rebuilding consumer confidence in e-mail. Under development since 2004, DKIM is finally reaching a critical mass.

34. February 11, IDG News Service – (National) Attacks aimed at Adobe Reader, Acrobat flaws intensify. The flaws disclosed last week in Adobe System’s Reader and Acrobat programs have been used to exploit computers since at least January via malicious banner advertisements, security analysts are reporting. Adobe issued patches last Wednesday for Reader and Acrobat, but the company did not detail the flaws. Problems with Adobe’s software can potentially affect millions of PC users, since the company’s software is widely used to read PDF (Portable Document Format) files. Most people regard PDFs as harmless. “From our standpoint, it appears that this PDFbased attack has been quite successful, affecting many thousands of users throughout the world,” read a post on Symantec’s Security Response Weblog. The flaws in the programs allow a hacker to create a malicious PDF document. If opened by a victim, that document downloads a malicious Trojan that Symantec calls “Zonebac.” Zonebac was first detected in 2006. It shuts off a user’s security software as well as downloads other bad software. The latest version also appears to taint search engine results, according to Symnatec. In January, iDefense noticed that the malicious PDF document was being delivered through malicious banner advertisements. Symantec wrote that it is not immediately clear how the PDF file is delivered, but that the banner ads could be redirecting people to other harmful Web sites with the file. Also, spam messages may be carrying the bad file as an attachment. Malicious banner ads can be particularly dangerous since the ads can show up on legitimate Web sites.

Communications Sector

35. February 11, New York Times – (National) Many obstacles to digital TV reception, study says. Nearly six million people with digital receivers may still lose TV signals when digital-only broadcasts begin next February, a new study says. The study by Centris, a market research firm in Los Angeles, found gaps in broadcast signals that may leave an estimated 5.9 million TV sets unable to receive as many channels as they did before the changeover. It may affect even those who bought the government-approved converter boxes or a new digital TV. To keep broadcast reception, many viewers may have to buy new outdoor antennas, the study found. The Centris study predicts greater disruption of service than government agencies like the Federal Communications Commission have acknowledged. The federal government estimates that 21 million American households have primary TV sets that receive only over-the-air signals. But it says most will continue to get a digital signal by means of a digital-to-analog converter box, which costs about $50 to $70. It is helping to underwrite the cost of a converter box by issuing $40 coupons. Centris said it looked at a more detailed method for predicting the coverage pattern of TV signals than the government had used. However, the problems with reception could be far worse, according to engineers who have taken signal measurements. One study of the first HDTV station by the consultant hired to replace the broadcast antennas on the Empire State Building, found that digital signals did not travel as far as either model had predicted. Digital reception is more affected by hills, trees, buildings, and other interference than analog has been. An analog TV picture degrades gradually, getting more snow or ghosting as a signal becomes weaker. But digital TV is subject to the “cliff effect” – the picture is excellent until the signal gets weak and the picture suddenly drops out. The number of sets that the Centris study projects will fail varies from city to city, based largely on the landscape.

36. February 11, Computer Weekly – (International) Data security fears increase among mobile phone users. Mobile phone users are increasingly worried that PC-based information security risks are threatening their phones, leaving network operators with a choice: protect customers against malware and other threats or lose their business. This emerged from research in the UK, the U.S., and Japan by security software house McAfee. The firm looked into mobile phone users’ attitudes to information security threats from mobile networks. The research follows a similar study last year among the operators themselves. A security analyst at McAfee said the risks to mobile phone users compared to those faced by PC users connected to the internet are one to 100. But mobile phone users are increasingly concerned that as applications such as micropayments and banking move onto their phones, they will attract criminals. The analyst said while their immediate concern was loss of cash, more dangerous was the loss of data, especially personal data that could be used to clone the user’s identity or to harass them. He said 58 percent of respondents worried about spam, fraudulent use of subscribed services, and theft of data stored on their phones. He warned of “smishing” attacks, where a criminal tried to induce insecure behavior using an SMS text message.

37. February 10, Associated Press – (International) Wireless industry meets in Barcelona. Wireless industry players place their bets on the future during the four-day Mobile World Congress opening Monday in Barcelona, laying stakes on the next big thing with new product launches, services, and alliances. Is wireless broadband beamed into your home in the future? Will advertisers be invading your mobile phone with location-based advertising? Exactly how personalized will your mobile phone become? And is the time ripe for the Internet’s migration into your handset? While more than 50,000 industry officials from major cell phone makers, telecommunications companies, and high technology firms stake out their next move at the world’s largest communications conference, the winners ultimately will be decided by consumers. One of the big challenges facing the industry is the poor adoption and usage of new services despite millions of dollars spent in marketing. A number of initiatives using mobile technology to improve lives in poor, rural areas will be rolled out.