Monday, April 7, 2008

Daily Report

According to KING 5 Seattle, Puget Sound Energy, Washington’s largest natural gas and electricity utility, was fined a record $1.25 million by state regulators Thursday for fraudulent natural gas pipeline records that span over four years. The record-keeping violations were committed by PSE’s subcontractor, Pilchuck Contractors, Inc. (See item 3)

• The Times reports Woolwich Crown Court was told Thursday that a British terrorist cell planned to detonate homicide bombs on seven transatlantic flights over North America, causing catastrophic loss of life. A lawyer, opening the prosecution’s case, said that the eight defendants shared a common interest in “inflicting heavy casualties upon an innocent civilian population.” The jury was told that the alleged plot was thwarted when police made a series of arrests on August 9, 2006. (See item 12)

Information Technology

28. April 4, IDG News Service – (National) Intel to release anti-theft technology for laptops. Intel plans to release anti-theft technology for laptops during the fourth quarter of this year, but the company is not offering many details yet. Called Intel Anti-Theft Technology, the new capability will be added to Intel’s Active Management Technology, which is part of Centrino vPro and allows IT managers to remotely access and configure computers. In the event of theft, the technology will “basically lock the system, lock the disk, so people cannot be maliciously using and getting the data,” said the executive vice president and general manager of Intel’s Mobility Group, according to a transcript (PDF format) of his presentation (PDF format) at the Intel Developer Forum (IDF) in Shanghai. The technology, which appears to render both the processorand storage inaccessible, aims to ease concerns over valuable corporate or personal data falling into the wrong hands when laptops are lost or stolen. The problem of lost data on stolen and missing laptops is a long-standing problem and a growing concern, because of its impact on personal data. Source:

29. April 4, Web User News – (National) Anti-virus giants fail Vista test. Anti-virus companies including McAfee, Trend Micro, and Sophos, have come under fire for failing to detect known threats to Windows Vista Service Pack One. According to independent testing body Virus Bulletin, 17 out of 37 anti-virus products all failed to secure Windows Vista SP1 during its VB100 certification testing. To earn VB100 certification, products must be able to detect 100 per cent of viruses and must not generate any false alarms when scanning a set of clean files. Virus Bulletin said McAfee VirusScan, Trend Micro Internet Security, and Sophos Anti-Virus all failed to detect threats known to be circulating in the real world. Microsoft released the SP1 update for all versions of its Windows Vista operating system last month. Virus Bulletin claims that the results of its latest VB100 tests should help people decide which products are best suited to the task of providing solid protection for Vista. However, a senior analyst at the 451 Group questioned in his blog whether the Virus Bulletin results mattered. He said: “With all respect to the folks at VB, who provide a valuable service to the anti-malware industry, part of this is marketing.” Source:

Communications Sector

30. April 3, Washington Post – (International) Reach out and hack someone. Ottawa-based VoIPshield Systems, a company that makes products to help secure voice-over-IP (VoIP) networks, said it located more than 100 security holes in Internet-based phones made by the biggest players in the business, including Avaya, Cisco, and Nortel. The company currently displays information on 44 of the vulnerabilities on its Web site, and it says many of the flaws are medium- to high-risk, meaning they could be used to intercept, redirect, or initiate phone calls, or to simply disable phone service for the targeted user or company. The chief executive of VoIPshield said the company’s internal researchers uncovered the flaws over the past two years, and that all affected vendors have been notified. So far, vendor patches are available to address 17 of the vulnerabilities listed on its site. Asked to name the most galling vulnerability of the lot,he said one vendor (Cisco) decided it was a good idea to hard-code a password for a management interface into the VoIP device that could not be changed by the user. He said Cisco told him it planned to correct that decision in future versions of the product. Source:

31. April 3, CNET – (International) Bluefire plans a new cell phone security app. Bluefire Security plans to enter the consumer market with Mobile Defender. Bluefire’s bid joins them to the ranks of other security vendors who have created mobile versions of their desktop apps. The application, currently available in private beta for Windows Mobile phones, has a simple four-button interface, with each button corresponding to an element of protection--firewall, SMS and MMS spam-blocking, an application protection shield that guards against auto-installing malware, and a feature to remotely wipe the contents of the handheld should it get stolen or irreversibly corrupted. Mobile Defender is of the “set and forget” variety, which means that after you install it, it pretty much runs on its own. While security compromises from mobile phones have been small in scale and mostly isolated incidents, Bluefire’s chief executive believes that cell phones dangle attractive lures for hackers along three vector – as mobile messaging becomes ubiquitous and malware authors propagate poisonous code in links; as mobile phone commerce takes off, and as the mobile Web becomes easier to surf from devices like the iPhone. Source: