Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, January 12, 2010

Complete DHS Daily Report for January 12, 2010

Daily Report

Top Stories

 The Associated Press reports that a powerful offshore earthquake rattled communities in far northern California over the weekend, cutting power to 36,000 customers, causing minor damage to homes and businesses, and sending about 30 people to emergency rooms to seek treatment for cuts and bruises from falling debris. (See items 4 and 56)


4. January 11, Associated Press – (California) Eureka damage at $14.3M from quake. The city of Eureka says it has racked up at least $14.3 million in damages from a powerful earthquake that struck over the weekend off the coast of Northern California. Damage estimates are still being tallied Monday. The temblor, which hit offshore about 27 miles southwest of Eureka, sent about 30 people to emergency rooms but only one was seriously injured. Power outages were widespread, affecting about 36,000 customers initially, but a quick response restored electricity to all by early Sunday, said a spokeswoman for Pacific Gas & Electric Co. The utility company was surveying gas lines by helicopter and on foot. Ten problems with gas pipes were reported; by Sunday afternoon, two had been repaired, and crews were working on the rest. The company’s former nuclear power plant outside Eureka suffered no damage. “Our crews worked very quickly,” said a PG&E spokesman. “We practice for this type of event, this type of emergency. We have earthquake plans; they were put in place and went very smoothly.” Source: http://www.chron.com/disp/story.mpl/ap/nation/6809613.html


See items 56 and 59 below


56. January 10, Associated Press – (California) N. California rocked by quake. A powerful offshore earthquake rattled communities in far northern California, cutting power to thousands of customers, causing minor damage to homes and businesses, and forcing many people to seek treatment for cuts and bruises from falling debris. The 6.5 magnitude temblor hit at about 4:27 p.m. Saturday and was centered in the Pacific Ocean about 22 miles west of Ferndale. Dozens of people suffered minor injuries. In Eureka, north of Ferndale, residents of an apartment building were evacuated, and an office building and two other commercial structures in the town of about 26,000 people were declared unsafe for occupancy, according to a Humboldt County spokesman. Several people received minor cuts and scrapes from broken glass at the Bayshore Mall in Eureka, and an elderly person fell and broke a hip, authorities said. Source: http://www.caycompass.com/cgi-bin/CFPnews.cgi?ID=10388551


See items 4 above and 59 below


59. January 9, Bay City News Service – (California) Utility crews say earthquakes didn’t appear to damage Calaveras Dam. Utilities crews say two recent earthquakes have not caused any detectable damage to the Calaveras Dam, a 75-year-old structure holding back a reservoir that straddles Santa Clara and Alameda counties. A 4.1-magnitude earthquake Thursday and a 3.7-magnitude quake Friday were both centered along the Calaveras Fault near the Calaveras Reservoir, according to the U.S. Geological Survey. The San Francisco Public Utilities Commission dispatched workers and found no signs of damage to the reservoir infrastructure, including Calaveras Dam, an earth-filled structure built in 1925. Water in the reservoir is currently lowered by 60 percent of full capacity due to concerns about the seismic stability of the dam. Source: http://www.contracostatimes.com/news/ci_14157183


See items 4 and 56 above


 According to the Army Times, test versions of the Army’s new plastic helmet have failed to protect against bullets and blunt force attacks. Officials would say only that all five of the test helmets, made by four companies, failed in either ballistic or nonballistic testing. (See item 12)


12. January 10, Army Times – (National) New plastic Army helmets fail tests. Test versions of the Army’s new plastic helmet have failed to protect against bullets and blunt force attacks. Some prototypes could not stop bullets, others could not withstand blunt force, and some failed on both counts. Officials would say only that all five of the test helmets, made by four companies, failed in either ballistic or nonballistic testing. The nonballistic tests examined the impact of blunt force trauma to the helmets from blast waves, rolled-over vehicles and fragmentation. The failures have set the program back, postponing Army plans to field the new helmet this year. The plastic helmets, which the Army also plans to field, are made with an ultrahigh molecular weight polyethylene, which is used commercially in everything from artificial hip replacements to police body armor. The heavy-duty plastic works well in body armor, because the armor is relatively flat. It becomes vulnerable when molded into a more circular, helmet shape and is also harder to manipulate, a spokesman said. He declined to detail the prototypes’ failures any further, citing “operational security” and “acquisition sensitive” material. However, he said all the companies will have to do “enormously better” to meet the requirements laid out by the Army and Marines. Once the plastic helmet is developed, the services plan to initially purchase 238,500 of them; the Army expects to field 200,000 of them. Source: http://www.13wmaz.com/news/local/story.aspx?storyid=73425&catid=28


Details

Banking and Finance Sector

14. January 11, Wall Street Journal – (Washington; California) Regulators seize bank, credit union. Regulators seized a small bank and a tiny credit union, the first two failures in a year that is expected to bring the collapse of many more financial

institutions reeling from the economic downturn and other woes. The Washington State Department of Financial Institutions closed Horizon Bank, an 18-branch bank based in Bellingham, Washington. Its $1.1 billion of deposits and nearly all of its $1.3 billion assets were assumed by Washington Federal Savings and Loan Association, of Seattle. Washington Federal didn’t pay a premium to assume the deposits. It also entered into a loss-sharing agreement with the Federal Insurance Deposit Corp. on roughly $1 billion of Horizon’s assets. The FDIC estimates that the collapse of Horizon will cost the agency’s deposit-insurance fund $539.1 million. Like many small U.S. banks, Horizon was hobbled by bad real-estate loans. Separately, regulators seized Kern Central Credit Union, Bakersfield, California, a three-branch institution that served farm workers and had a large concentration of auto loans. Self-Help Federal Credit Union of Durham, North Carolina, assumed Kern’s $34.9 million in assets and all its liabilities. Self-Help has $75.2 million in assets and targets low-income, female, rural and minority borrowers. Source: http://online.wsj.com/article/SB10001424052748703535104574647141197555718.html


15. January 11, Bank Info Security – (National) Phishing scheme spread to 3 more states. Financial institutions in Georgia, Iowa and Indiana report being hit by the automated phone phishing attacks that have been striking institutions across the U.S. since early last fall. These latest attacks represent only some of the various fraud scams that increased more than 600 percent last year, according to the Anti Phishing Working Group’s report. In Chickamauga, GA, a phishing scam targeted random residents on the day after Christmas. Calls made by an overseas scam artist told some Bank of Chickamauga customers that “Your debit card has been restricted” and directed them to call a 1-888 number to lift the restrictions on their card. Nevada, Iowa residents began getting calls on December 28 from a scammer posing as a credit union. Local police say a scheme to get people to give out banking or credit card information is making its way through every phone number in Nevada, Iowa. River Valley Credit Union alerted its members to the scam with a fraud notice on its home page. The phone scam also hit a credit union and a bank in Indiana over New Year’s weekend. The phone phishing scam began on New Year ‘s Eve in the Hagerstown and Greens Fork areas, and bank executives predicted it could spread east. The Perfect Circle Credit Union, Hagerstown, IN says the scam was hitting 489 and 886 area prefixes. West End Bank, Richmond, IN and Perfect Circle customers are being asked in the phone call to enter their debit card numbers because they are being cancelled. The credit union has more than 8000 members and assets of $47 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=2058


16. January 11, Bank Info Security – (North Carolina; Florida) ATM skimming incidents increase. Reports of ATM fraud incidents continue to rise. Criminals hit ATMs in two states over the recent holidays to skim account numbers and PINs from customers in North Carolina and Florida, according to police. In Raleigh, North Carolina, 300 members of State Employees Credit Union had money skimmed from their accounts. The skimmer may have been placed at a gas station, say police. SECU is second largest credit union in the U.S., with $18.4 billion in assets. Skimming devices are often color coordinated, making them difficult to spot on ATMs. Finding the skimming device on a gas pump is virtually impossible as it is often hidden on the inside. SECU officials say the recent thefts likely happened at gas stations — not by using ATMs. It is not yet clear if other banks or customers in the Raleigh area were affected. Police in Naples, Florida say a man who was suspected of placing a skimming device on an ATM at a Naples bank struck again at another Sun Trust Bank location. The same man is suspected of placing a skimming device on a Sun Trust Bank on November 12, then another one at a different Sun Bank on November 27, and then again on December 12. It is not known how many card numbers the man may have taken in the three acts, but several customers later reported fraudulent charges on their debit cards on the east coast of Florida. Sun Trust Bank is headquartered in Atlanta, Georgia and has assets of $189 billion. Source: http://www.bankinfosecurity.com/articles.php?art_id=2059


17. January 11, The Register – (International) Rogue phishing app smuggled onto Android Marketplace. A phisher hoping to harvest bank login details managed to smuggle his app onto the Android app store. Malicious apps posted by Droid09 were quickly identified, prompting a warning to legitimate users and a ban for the VXer. The incident raises questions about whether a tighter vetting process is needed for the Android Marketplace. The rogue Android application posed as a legitimate banking applet, but was actually designed to trick users into handing over bank login details to fraudsters, an alert by credit union First Tech warns. The credit union, which said it was not targeted by the attack, doesn’t even have an app for Android as yet. Android fans who downloaded any of Droid09’s apps are advised to purge them from their phones before consulting their mobile phone firm for further advice. The incident happened in December, but became public after news outlets picked up on First Tech Credit Union’s fraud alert on January 11. Source: http://www.theregister.co.uk/2010/01/11/android_phishing_app/


18. January 8, Reuters – (National) Task force to target bankers who crashed economy. The U.S. attorney general said on January 8 a newly created interagency task force was focusing on financial fraud and targeting for possible prosecution bankers whose actions contributed to the financial crisis. Speaking at a civic group meeting in West Palm Beach, Florida, the attorney general said the task force, which was created by the U.S. President in November and met for the first time last month, would focus on fraud in mortgages, securities, economic stimulus programs and government bailouts. He said the Justice Department and the task force also were investigating banks and other financial institutions whose failure to follow laws and regulations were in part to blame for the most serious financial crisis the United States has faced since the Great Depression. The attorney general said the Justice Department was moving forward on more than 5,000 pending financial institution fraud cases and the FBI was investigating more than 2,800 mortgage fraud cases — up nearly 400 percent from five years ago. The purpose of the task force, led by the Justice Department, is to investigate and prosecute financial crimes and to try to deter future fraud. The task force replaced a similar one established by the last Administration in 2002 after corporate scandals such as the collapse of Enron Corp. Source: http://www.reuters.com/article/idUSTRE6073P220100108


19. January 8, IDG News Service – (International) Mobile banking faces uphill battle in mature markets. The mobile phone is turning into the platform of choice for banking in emerging markets. In developed markets, however, the phone has struggled to compete with existing payment methods, and the challenges aren’t going away in 2010. Mobile banking services gained momentum in 2009 with rollouts in dozens of countries in emerging markets, including Brazil, Cambodia and Malaysia, and the pace will continue this year, according to a research director at Gartner’s Mobile Devices and Consumer Services group. “[The rollout of services] will help the unbanked people of the world to get access to financial services and help improve their quality of living,” said the director. For people in emerging markets, the mobile phone is in many cases their only means of access to financial services, the director said. Developed markets, on the other hand, have well-established banking and payment infrastructures, so the advantage of using the phone isn’t that obvious, she said. Still, mobile banking services are rolling out in developed markets as well. For example, mobile phone retailer The Carphone Warehouse and Monitise, which has developed a platform for mobile banking services, have joined forces to launch the Mobile Money Network in the U.K. in the first half of the year. The network will then be rolled out in Europe and the U.S., according to Monitise. Carphone Warehouse will use the network to let consumers send money to friends and family, top up their prepaid mobile phones and use text messages to buy goods, the chief strategy officer at Monitise said. Source: http://www.computerworld.com/s/article/9143503/Mobile_banking_faces_uphill_battle_in_mature_markets


20. January 8, IDG News Service – (International) Money for nothing? Virtual goods market takes off. Social networking and multiplayer online games are fueling dramatic growth in hard cash earned from goods that exist only in the world of online make-believe, according to companies in that market gathered at the Consumer Electronics Show in Las Vegas. The hugely popular Farmville game on Facebook may be the killer app opening up the virtual goods market to a new and more adult demographic, the members of social networking communities. Indeed, in the fourth quarter of 2009 the percentage of Americans who had purchased a virtual good or service doubled to 20 percent, according to a survey by Playspan, which provides a digital goods commerce and micropayment platform. The bottom line for the virtual goods and services business, though, is making it easy to extract real-world money from a market where most transactions have a cash value too low for credit-card use to be practical. In many cases, users spend around $12 to load up on virtual currency, which they spend in increments of less than a dollar. The infrastructure to support micropayments is now maturing, said the marketing director of Offerpal. His company helps game and virtual world sites monetize an audience that ignores conventional banner ads. They craft offers where users engage with an advertiser online in exchange for virtual currency to spend in the game. Source: http://www.computerworld.com/s/article/9143538/Money_for_nothing_Virtual_goods_market_takes_off


21. January 8, U.S. Department of Justice – (Texas) Nineteen indicted in massive cybercrime conspiracy. A federal grand jury in Dallas returned a superseding indictment charging 19 defendants in a massive cybercrime conspiracy, announced the U.S. attorney of the Northern District of Texas. This indictment supersedes a September 2, 2009, indictment that charged nine of the defendants in the conspiracy. The following 19 defendants are each charged with one count of conspiracy to commit wire and mail fraud. The eight-count indictment also charges 15 of the defendants with fraud and related activity in connection with electronic mail and aiding and abetting. The indictment alleges that from March 2003 through July 2009, the defendants conspired to defraud various telecommunications companies, including AT&T; Verizon; XO Communications; SMARTnet VOIP; Waymark Communications; the lessors of properties at 2020 Live Oak, 2323 Bryan Street and 1950 Stemmons Freeway, in Dallas; various financial institutions; leasing companies and creditors, including Wells Fargo, AT&T Capital Services, and the credit reporting agencies; and various other service providers, such as power companies, insurance companies, air-conditioning companies, website developers, and others for goods and services amounting to more than $15 million. Source: http://dallas.fbi.gov/dojpressrel/pressrel10/dl010810.htm


Information Technology


42. January 11, SC Magazine – (International) Pakistani cyber crime website hit by hacker who is able to access database. Details of a political website being hacked has been reported when a sensitive site was hit by a hacker who managed to gain access to the email database. After two political websites were hit last week, the Pakistani National Response Center for Cyber Crimes, part of the Federal Investigation Authority, was also hit last week. A senior security adviser at Trend Micro said that the hacker ‘zombie_ksa’ states on the defaced page: ‘your whole database and emails are leaked รข_¦. I was really excited to read, see what the f__k is private in here lOl’. The hacker then boasted in a forum posting about the hit, saying: “I was browsing Propakistani.pk, so I saw [a] post about how to register [a] complaint with [the] FIA cyber crime. So I feel to check [their] security, and I started [a] penetration test on their web server, unfortunately I got access! And they got Pwned! That sounds crazy! I got [the] whole database! And email backup! Everything!” The adviser said that zombie_ksa posted two screen shots, one of the hacked site and a second one demonstrating his access to their email database. Source: http://www.scmagazineuk.com/pakistani-cyber-crime-website-hit-by-hacker-who-is-able-to-access-database/article/160969/


43. January 11, ComputerWorld – (International) Microsoft will patch Mac Word to comply with court order. Microsoft will patch Word on the Mac to comply with a federal court’s ruling requiring it to remove custom XML technology from its popular word processing software, the company confirmed last week. On January 9, Microsoft issued an update for Word 2003 for Windows to abide by the same ruling. In late December, a federal appeals court affirmed a lower court’s injunction that barred Microsoft from selling Word 2007 and Word 2003 starting Monday, January 11 unless it dumped custom XML features from the software. In May 2009, a Texas court also ordered Microsoft to pay developer i4i nearly $300 million in damages, court costs and interest for allegedly violating the Canadian company’s custom XML patent. According to a Microsoft spokesman, Word 2003, which was also named in the injunction, must be modified because customers purchasing or licensing Word 2007 have “downgrade” rights to the older edition. Microsoft posted an update for Word 2003 for Windows on its download center on January 9. Source: http://www.computerworld.com/s/article/9143658/Microsoft_will_patch_Mac_Word_to_comply_with_court_order


44. January 10, United Press International – (International) Philippine government web sites hacked. Hackers in the Philippines have defaced a government Web site, the fifth such attack on such sites in a month, officials said. Hackers left a message on the government’s Technical Education and Skills Development Authority site mocking the country’s upcoming automated elections, GMANews.tv reported on January 10. “What is going to be used in the elections? Blade server? Juniper firewall?” the message read. The hackers had previously victimized the Web sites of the Department of Health, Department of Social Welfare and Development, National Disaster Coordinating Council, and Department of Labor and Employment, GMANews said. Philippine government officials expressed worry over the security of the May automated elections. Source: http://www.upi.com/Top_News/International/2010/01/10/Philippine-government-Web-sites-hacked/UPI-77471263162325/


45. January 8, DarkReading – (International) Red Condor warns of highly personalized spear-phishing campaign. Email security experts at Red Condor today issued a warning for an aggressive spear phishing email campaign inviting recipients to “apply a new set of settings” to their mailboxes because of a recent “security upgrade” of their mailing service. An embedded link in the email connects users to a web site that appears to be a Microsoft’ Office Outlook’ Web Access page, including official Microsoft’ and Microsoft Office logos. On the page, users are directed to “download and launch a file with a new set of settings for your e-mail account.” The executable is actually a Zbot Trojan virus similar to Trojans distributed in recent H1N1 and Facebook phishing attacks. Initially identified and blocked by Red Condor’s Zero Minute Defense System early the morning of January 7, the campaign has still only been detected by a few virus scanners. “This spear phishing campaign is unusual in that it is highly personalized and is targeting a very large number of domains with a customized message for each domain,” said the president and CEO of Red Condor. “Spear phishing campaigns usually target a single organization or domain, but this

attack broke the mold as the volume and targets are very high.” Source: http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=222300161&subSection=Application+Security


46. January 8, SC Magazine – (International) Major flaws in USB stick software leads to secure drives being unlocked easily. Reports claiming that hardware-encrypted USB flash drives were hacked earlier this week have revealed a major flaw in the products’ design. German security firm SySS published reports detailing the vulnerabilities in Kingston, SanDisk and Verbatim flash drives, and detailed how they can be hacked. It claimed that the vulnerability lies in a major flaw in the design of the affected products. It said that there was an inherent design error in the software that runs on the host PC to verify the correctness of a user’s password, and is not secure. SySS said it was equivalent to a single shared backdoor password for all of these devices, as security analysts were able to write a program that sent the ‘unlock’ code regardless of the password entered, and gain immediate access to the flash drive’s entire contents. SanDisk has issued a security bulletin, saying it had ‘recently identified a potential vulnerability in the access control mechanism and has provided a product update to address the issue’. It said that the issue is only applicable to the application running on the host and does not apply to the device hardware or firmware, and all Enterprise USB flash drives being shipped to customers as of today contain the product update. Source: http://www.scmagazineuk.com/major-flaws-in-usb-stick-software-leads-to-secure-drives-being-unlocked-easily/article/160898/


47. January 8, PC World – (International) Hacking takes lead as top cause of data breaches. Hacking has topped human error as the top cause of reported data breaches for the first time since such tracking began in 2007, according to the Identity Theft Resource Center’s 2009 Breach Report. In its report, titled “Data Breaches: The Insanity Continues,” the non-profit ITRC found that 19.5 percent of reported breaches were due to hacking, with insider theft as the second most common cause at 16.9 percent. For the past two years, “data on the move,” a typically human-error loss of a portable devices such as laptops or even briefcases, was the most common reported cause. The ITRC is careful to note that its statistics are based on incomplete data, as differing laws and practices among different states mean that some breaches are not reported publicly, and the cause of the breach is not listed for about one third of those that are reported. But according to the data available, the number of reported data breaches dropped since 2008, but was still more than in 2007. Last year, there were 498 breaches recorded by the ITRC, with 657 in 2008 and 446 in 2007. Source: http://www.networkworld.com/news/2010/010810-hacking-takes-lead-as-top.html?hpg1=bn


48. January 8, V3.co.uk – (International) Microsoft set for small Patch Tuesday. IT administrators will be relieved to hear that next week’s Microsoft Patch Tuesday will see just one bulletin addressing a single vulnerability in Windows. A Microsoft security spokesman announced the news in a blog posting on January 7, explaining that the single vulnerability is rated as ‘critical’ on Windows 2000 and ‘low’ for all other platforms. “Customers with Windows 2000 systems will want to review and deploy this update as soon as possible but, as we will show in our release guidance next week, the Exploitability Index rating for this issue will not be high, which lowers the overall risk,” he wrote. The news will come as something of a relief to IT staff, who have recently had to cope with mammoth security updates from Microsoft. In October, the firm released 13 bulletins addressing a whopping 34 vulnerabilities. But there was also cause for concern among security professionals, as the spokeman pointed out that Microsoft’s security team is not addressing a known flaw in its Server Message Block protocol which could enable denial-of-service attacks. Source: http://www.v3.co.uk/v3/news/2255836/microsoft-set-fix-patch-tuesday


49. January 8, The Register – (International) Fix finalized for SSL protocol hole. Engineers have signed off on a fix for a potentially serious vulnerability in the SSL, or secure sockets layer, protocol that secures email, web transactions and other types of sensitive internet traffic. The final draft updates the industry-wide specifications for SSL, which is also referred to as TLS, or transport layer security. Now that the Internet Engineering Task Force has approved it for publishing as a formal standard, it will update RFC 5246, the most recent request for comments that maps out the current SSL protocol. The new protocol overhauls the way SSL-enabled software renegotiates encrypted sessions so it is no longer possible for attackers to inject malicious payloads into encrypted traffic passing between two endpoints. The vulnerability violated one of the core guarantees provided by SSL by making it possible to perform man-in-the-middle attacks that could steal sensitive data or tamper with secure transactions. Since the flaw was disclosed in November 2009, many software makers have disabled the renegotiation feature in their programs, a tweak that meant their applications were technically not compliant with official specifications laid out in RFCs that govern SSL. The new protocol provides a longer-term fix by restoring renegotiation capabilities without putting SSL sessions at risk. Source: http://www.theregister.co.uk/2010/01/08/ssl_fix/


50. December 8, eWeek – (International) Oracle preps critical update with 24 security fixes. Oracle is planning to release an update that includes 24 security patches affecting numerous products, including the Oracle Database and Oracle E-Business Suite. The update addresses 10 security vulnerabilities related to the database, including one in Oracle Secure Backup. Two of the vulnerabilities can be exploited remotely without authentication, Oracle said in a pre-patch advisory. Oracle BEA products are the subject of five security fixes, all of which are remotely exploitable over a network without a user name and password. One of the security holes plugged by the update is a flaw in Oracle JRockit with a CVSS base score of 10.0, the highest score possible. The update plugs three remotely exploitable security holes in Oracle’s application server, as well as providing a fix for the PeopleSoft and JD Edwards Suite. The update also has two new security fixes for the Oracle Primavera Products Suite and three for Oracle Application Server. Source: http://www.eweek.com/c/a/Database/Oracle-Preps-Critical-Update-With-24-Security-Fixes-581367/

For more stories, see items 17 above, and 53 and 55 below

Communications Sector

51. January 11, Data Center Knowledge – (National) New data centers: DHS, Peak 10, more. Last week saw a flurry of news about new data centers being planned, built or finished. General Dynamics Information Technology (GD) said last week that it has opened an enterprise data center in Westminster, Colorado, to support the Department of Homeland Security’s U.S. Citizenship and Immigration Services (USCIS). The new data center, which is certified under the Leadership in Energy and Environmental Design (LEED) standard for energy efficient buildings, will provide centralized, round-the-clock support for USCIS and employ approximately 100 IT workers when fully staffed. Peak 10 Inc., a provider of data center and managed services, announced the addition of a second facility on its Atlanta campus. The completion of the 10,000 square foot facility will bring the company’s Atlanta’s total footprint to more than 33,000 square feet. This expansion comes on the heels of Peak 10’s recent $95 million credit facility expansion led by RBC Capital Markets. Ground will be broken on the state of Massachusetts’ new $110 million state data center in Springfield this spring, with the 115,000-square-foot facility scheduled to be up and running in May 2012, according to local media reports. The Cleveland Clinic has purchased 14 acres of land in Brecksville, Ohio and plans to use the site to build an 80,000 square foot data center, Cleveland Business News reported. Source: http://www.datacenterknowledge.com/archives/2010/01/11/new-data-centers-dhs-peak-10-more/


52. January 11, Network World – (International) Half of all data centers understaffed, Symantec survey finds. Fifty percent of IT executives say their data centers are understaffed, and companies are still looking for more ways to cut costs, according to Symantec’s latest “State of the Data Center” report. Sixteen percent of survey respondents said their data centers are extremely understaffed, and another 34 percent called their data centers somewhat understaffed. At the same time, data centers are becoming more complex and harder to manage, with more applications, data and increasingly demanding service-level agreements. For its third annual data center report, Symantec commissioned Applied Research to survey data center specialists in 1,780 enterprises worldwide, each with at least 1,000 employees. The vast majority of companies said they are having trouble finding enough money and enough qualified applicants to keep their data center staff at healthy levels. Nonetheless, 45 percent of companies say their data centers are appropriately staffed, and 5 percent reported being overstaffed. Source: http://www.networkworld.com/news/2010/111110-data-centers-understaffed.html?hpg1=bn


53. January 11, eWeek – (International) McAfee: spammers turn to free web hosting services. Spammers are increasingly turning to free-hosting Web sites to provide spam URLs, according to a new report from McAfee. In its “January 2010 Spam Report”, McAfee notes the trend is turning into an “all-out gold rush” as dozens of these free-hosting sites have sprung up to provide Web space for anyone who requests it. According to the report, all of the sites most heavily abused by spammers seem to be related to 0catch.com, which serves up a number of free-hosting sites to anonymous users. These types of services are good for spammers because such sites may have been around for awhile and have legitimate traffic associated with them, the report explained. That edge could give spammers a few hours worth of an edge against anti-spam vendors before they can blacklist the host, the report warns. Just what should be done about these services is a difficult question, opined the anti-spam technology lead for McAfee labs and co-author of the report. The researcher said he would like to see more security technologies brought to bear within free hosting sites to fight spam and viruses. Spam volumes shot up December 14 after trending downward for more than a month, according to the McAfee report, with much of that boost coming in the form of Chinese pharmacy spam. The resurgence of spam from China came at a time when the country tightened its domain registration process, which some researchers predicted will actually help combat malicious activity. Source: http://www.eweek.com/c/a/Security/McAfee-Spammers-Turn-to-Free-Web-Hosting-Services-371651/


54. January 8, IDG News Service – (National) FCC warns of impending wireless spectrum shortage. The U.S. Federal Communications Commission chairman said an impending shortage of wireless spectrum in the U.S. will dampen future economic growth unless action is taken to fix the problem. “Our data shows there’s a looming crisis, not tomorrow, not next week, not next year, but at some point in the future,” the chairman told attendees at the International Consumer Electronics Show (CES) in Las Vegas on on January 8. “The record is pretty clear that we need to find more spectrum,” he said. The FCC has identified the limited supply of wireless spectrum as one of the factors that could limit the growth of broadband Internet services in the U.S., which could result in slower economic growth and job creation. Wireless spectrum will be addressed, along with other factors affecting broadband access and services, in a national broadband plan that the FCC is now assembling. The plan was originally due to be completed next month, but the FCC received a 30-day extension from the U.S. Congress. Given the urgency of the problem, the FCC will have to move quickly to avoid demand for wireless broadband outstripping the supply of available spectrum, the chairman said, adding that other measures are needed to ensure that wireless networks are used as efficiently as possible. Source: http://www.computerworld.com/s/article/9143579/FCC_warns_of_impending_wireless_spectrum_shortage


55. January 8, The Register – (International) Brit ISP knocked offline by Latvian DDOS. About 30,000 customers of the Cheshire-based ISP Vispa were forced offline for almost 12 hours today by a DDOS attack traced to the Baltic state of Latvia. Broadband service has now been restored, a spokesman said, but customers are unable to call customer service because the firm’s phone system was also crippled by the attack. “As a result of a major denial of service attack on our network we suffered a severe outage between 1am and 12.30pm Friday January 8,” Vispa’s commercial director said. “All services have now been restored except for our phone system which has been affected as part of the problem. We are currently working with suppliers to have the main numbers diverted to other lines within the office but expect to restore the system by the end of today.” DDOS attacks on British ISPs apparently from inside former Soviet bloc countries are common, but it is rare for them to have such a paralyzing effect. Source: http://www.theregister.co.uk/2010/01/08/vispa_ddoa/