Wednesday, February 13, 2008

Daily Report

• The New York Times reports an audit by the Government Accountability Office shows that the U.S. Nuclear Regulatory Commission has underestimated the risk of a terrorist attack on a nuclear research reactor on a college campus and the potential consequences of such an attack. The NRC’s executive director says the GAO audit “lacks a sound technical basis.” (See item 8)

• According to the Washington Post, the European Commission will propose on Wednesday that all foreign travelers entering and exiting Europe, including American citizens, should be fingerprinted. If approved by the European Parliament, the proposal would mean that information on tens of millions of citizens will be added in coming years to databases that could be shared by friendly governments worldwide. (See item 14)

Information Technology

26. February 11, InfoWorld – (International) Mapping out Web apps attacks. Attackers continue to use well-worn techniques, such as SQL injection, to exploit holes in popular Web applications, but have also moved on to other targets, including government sites, and newer exploit methods, such as cross-site request forgery, according to the latest report filed by the Web Applications Security Consortium (WASC). The nonprofit industry group released the findings of its annual Hacking Incidents Database report this week. Despite the fact that cyber-criminals are still capable of using familiar means like SQL injection to victimize e-commerce sites and other transactional systems, a growing number of assailants are broadening their efforts and capabilities and going after new sets of targets, the research contends. Based on WASC’s in-depth investigations into roughly 80 individual attacks carried out during the calendar year of 2007, the group concludes that data theft remains the primary goal of most incidents, representing 42 percent of all the events. Surprisingly, site defacement – thought to be a dying art in the world of profit-driven hacking – actually still accounted for 23 percent of the attacks covered in the report, followed by exploits aimed at planting malware on sites at roughly 15 percent. And while the lion’s share of the incidents studied by the group revolved around the attempted theft of sensitive data that could be sold on the underground market or used to carry out fraud, the phishing threats of years past are increasingly outnumbered by attacks that utilize malware code hidden on legitimate Web applications to victimize unsuspecting end-users, the group said.

Communications Sector

27. February 12, Associated Press – (National) BlackBerry outage frustrates users again. BlackBerry outages are rare, but when they do hit, like one did Monday that wiped out service across the U.S. and Canada, subscribers who have become addicted to the smart phones are quick to unleash their fury. It was not immediately clear late Monday what caused the outage – the second widespread disruption in less than a year. Some users reported being able to access their service normally. Research in Motion Ltd., the Waterloo, Ontario-based company that makes the mobile device, said late Monday that customers “experienced intermittent delays” beginning around 3:30 p.m., but data service was restored about three hours later. The company said voice and text messaging services were not affected. “No messages were lost and message queues began to be cleared after normal service levels were restored,” RIM said, apologizing to customers for the inconvenience. The company did not say how many customers were affected, though officials with AT&T Inc. and Verizon Wireless said RIM told them the outage hit customers of all wireless carriers. Bell Canada’s spokesman said the majority of its BlackBerry customers were affected. RIM has 12 million subscribers worldwide and has deals with scores of wireless carriers to offer the BlackBerry service around the world.

28. February 11, Associated Press – (National) White-space converter fizzles, again. Technology companies eager to grab vacant airwaves and use them for high-speed Internet service first have to develop a gizmo that makes the conversion possible. Last week, a prototype device broke down again – the second time in seven months – in the hands of the Federal Communications Commission (FCC). Regulators there must be convinced that the airwaves can be used for broadband service in a way that does not interfere with other television programming and wireless microphone signals. An FCC spokesman declined to comment on the matter. The director of wireless incubation for Microsoft Corp., one of the companies developing the prototype, said the device lost power after continual testing. Technical glitches are not the only power issues facing the high-tech coalition, whose members also include Google Inc., Dell Inc., Hewlett- Packard Co., Intel Corp., EarthLink Inc., and Philips Electronics North America Corp. The coalition is in a public relations squabble with TV broadcasters, who fear such technology will interfere with their programming. The fight over so-called “white spaces” is heating up in anticipation of the February 2009 switch from analog to digital signals. Broadcasters quickly channeled the device’s break down as evidence of interference risks. The FCC in late July said the coalition’s first device did not reliably detect unoccupied spectrum and could interfere with other TV programming and wireless microphone signals. In that case, Microsoft said the device was simply broken and failed to work. This time, the company said the device lost power after continual testing and insists it is not a setback.