Tuesday, November 30, 2004

Microsoft - Security360 Monthly Webcasts: Learn Best Practices to Guide Your Security Strategy Security360 is a monthly webcast series. Each webcast focuses on a specific security topic and includes commentary from industry experts outside of Microsoft. Security360 also features a checklist of recommendations and resources to help guide your security strategy. 5:15:56 PM  PermaLink   / trackback []

Flaw opens crack in Windows servers. Microsoft suggests work-around to fix hole in popular server software, as it blasts the company that disclosed it. [CNET News.com] 5:13:36 PM  PermaLink   / trackback []

New strain of Skulls Trojan hits smart phones. Mobile phones running Symbian's Series 60 operating system are the target of a new strain of the Skulls Trojan horse program. The new Trojan comes with the Cabir.B worm, which, unlike the first version of the virus, can spread to other phones within reach of Bluetooth broadcasting range. [InfoWorld: Top News] 5:12:24 PM  PermaLink   / trackback []

Universities struggling with SSL-busting spyware. U.S. universities are struggling with a flare-up of dangerous spyware that can snoop on information encrypted using SSL (Secure Sockets Layer). Experts are warning that the stealthy software, called Marketscore, could be used to intercept a wide range of sensitive information, including passwords and health and financial data.[InfoWorld: Top News] 5:11:06 PM  PermaLink   / trackback []

Anti-RFID outfit deflates Mexican VeriChip hype. Only 18 volunteers to date [The Register] 5:06:05 PM  PermaLink   / trackback []

Lycos Offers Program to Attack Spammers. At the risk of breaching Internet civility, Lycos Europe is offering computer-users a weapon against spam-spewing servers: a screen-saver program that automatically hits the offenders with data to slow them down. By APOnline. [washingtonpost.com - Technology] 4:59:47 PM  PermaLink   / trackback []

Clean System to Zombie Bot in Four Minutes. Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems. [Slashdot] 4:57:04 PM  PermaLink   / trackback []

BBC NEWS | UK | Judge calls for UK DNA database Everyone who lives in Britain should have their DNA stored on a national database, a top judge has said. Lord Justice Sedley is well known for his support of human rights, including upholding a ruling over the government denying rights to asylum seekers. The law lord said the potential gain from a national base was considerable. "The risks, so long as they are confronted, are controllable," he said during a Leicester University Law School lecture. Lord Justice Sedley said he made no case for or against the introduction of compulsory identity cards. "But a society that feels able, as ours does, to give serious consideration to such a step, ought not to turn its face away from the case for a universal DNA register." He said that DNA analysis had transformed the process, not only of detection work by police, but proof in court. 4:51:31 PM  PermaLink   / trackback []

FCW - Passport privacy questioned In their latest salvo against the way Bush administration officials want to use technology to track travelers, American Civil Liberties Union officials are accusing them of disregarding privacy and security warnings about remotely readable biometric passports. ACLU officials say that State Department documents show that e-passports would broadcast personal information via radio frequency identification (RFID) chips to anyone within 30 feet who has an RFID reader. The State reports include warnings from experts about the passports' vulnerabilities, union officials say. "Someone with one of those readers could pick up all the information in the area," ACLU spokesperson Will Potter said. "It's becoming the Holy Grail of an identity thief." He added that precautions such as covering passports with foil are "pretty laughable" considering everything that is at stake. 4:47:57 PM  PermaLink   / trackback []

Susan Crawford blog :: Does the White House know? The FCC has filed a remarkable brief in the broadcast flag challenge pending before the DC Circuit.  (Public Knowledge is leading the plaintiffs in this matter.) Some background:  Back in November 2003, the FCC issued an order (the broadcast flag rule) saying that all devices capable of receiving a digital TV signal (or storing DTV files) would have to comply by July 2005 with a set of technical mandates.  The broadcast flag rule, distilled to its essence, is a mandate that all consumer electronics manufacturers and information technology companies ensure that any device that touches digital television content encrypt that content and protect it against unauthorized onward distribution.   In order to make this happen, the FCC has established a new and extraordinarily broadregulatory regime that mandates the use of "authorized" content protection technologies by virtually every consumer electronics product and computer product -- including digital television sets, digital cable set-top boxes, direct broadcast satellite receivers, personal video recorders (PVRs), DVD recorders, D-VHS recorders, and computers with tuner cards.   In the context of both the flag rule and the IP-enabled services proceeding that was the subject of Bellhead/Nethead earlier this fall, the FCC has said that it has "ancillary" jurisdiction to act.  Translation:  "Congress hasn't said that we DON'T have the power to do this, so we're going to go ahead on the assumption that we do."    The FCC's brief, filed in response to PK's challenge to FCC's jurisdiction in the flag matter, is breathtaking.  FCC's position is that its Act gives it regulatory power over all instrumentalities, facilities, and apparatus "associated with the overall circuit of messages sent and received" via all interstate radio and wire communication.  That's quite a claim.   FCC believes that it has simply been restraining itself up until now.  Since 1934 (or 1927, depending on how you count), FCC has had power over all equipment used in connection with radio and wire transmissions.  When the need arises, it can exercise its authority -- including its authority over PCs, PVRs, and any new gizmo that has something to do with a communication of some sort. 1:52:33 PM  PermaLink   / trackback []

The Power of Wal-Mart. How much is Wal-Mart driving the adoption of RFID? When it makes its way into "Dilbert," it must have achieved a certain weight in the zeitgeist, at least.... [Surpriv: RFID Surveillance and Privacy] 10:38:02 AM  PermaLink   / trackback []

RFID might bring 'extreme marketing' Businesses are nearing a time when they will be able to track just about everything they make, sell and distribute. This opens up potential for "extreme marketing." As relatively new tracking technologies become more widely adopted, companies will be able to "tag" their entire inventories. This tracking capability is being enabled by RFID, which stands for radio frequency identification tags. One potential use of the technology is on medicine bottle labels to cut down on counterfeiting and fraud. That program started last summer, with the Food and Drug Administration recommending widespread adoption of RFID on the most commonly counterfeited drugs. A year ago, Delta Air Lines tested the chips on 40,000 pieces of luggage from check-in to loading. Boeing and Airbus have announced plans to work together to require more than 2,000 suppliers to tag aircraft and engine parts with the chips. Organizations from Wal-Mart to the U.S. government are moving to require suppliers to use RFID tags on products and parts shipped to them. Most of the focus on RFID is to use the technology to track things. But with these chips embedded in your clothing, car and cell phone, extreme marketing could work this way: You might have been shopping on the Web for a particular item and decided at that time not to purchase it, though you registered with that site to notify you of future sales. Later, when walking by the retailer that carries that product, your cell phone signals you to stop and look to your right. There, in the window, is the product you were seeking on the Web. The retailer knows the location of the product and the location of you. Through global positioning tracking in your phone, the retailer guides you to the counter where the product is displayed. The salesperson has been sent an instant message authorizing a discount. For extreme marketing to succeed, sellers of the goods tracked will have to provide significant and tangible value to potential consumers. Otherwise, the first thing consumers will do after a purchase is remove all tags and strive to make themselves "invisible." 10:35:16 AM  PermaLink   / trackback []

Surpriv: RFID Surveillance and Privacy: "Extreme Marketing" A bit of fantasy speculation (retailers won't know where you are, at least through GPS, without either your assistance, or the phone company ratting you out), but raising the vision of more-than-chance encounters between people and things. If you could be "painted" with an aura signaling various wants/desires (e.g., I know you're carrying a copy of a Hemingway book, so might be more inclined than not to consider a vacation in Spain), your surroundings could cue off of that. 10:33:04 AM  PermaLink   / trackback []

Sidebar: Groups Grapple With Grid Security. Several groups are addressing the security challenges of grid computing infrastructures. [Computerworld Security News] 10:29:27 AM  PermaLink   / trackback []

Cisco updates Ethernet switches. Networking giant also extends security and reliability to the access portion of the network. [CNET News.com] 10:25:50 AM  PermaLink   / trackback []

Brain scans show difference between truth and lies. Lies, damned lies and electronics [The Register] 10:23:23 AM  PermaLink   / trackback []

United Press International: Bush orders massive CIA recruitment drive President Bush has ordered the CIA to embark on a massive recruiting drive to boost by 50 percent the numbers of analysts and spies with the language and other skills needed to improve intelligence about terrorist groups and rogue nations seeking weapons of mass destruction. Some reformers praised the directive in the form of a memorandum sent to CIA Director Porter Goss last week and released by the White House late Tuesday. But others worried it plays a numbers game that might lead to a reduction in standards. "It will be extremely difficult to increase the numbers of people like that, especially because you cannot afford to let standards slip," Rep. C.A. "Dutch" Ruppersberger, D-Md., a member of both the Intelligence and Homeland Security committees, told United Press International. 10:19:47 AM  PermaLink   / trackback []

UPI - Bush orders massive CIA recruitment drive. Bush orders a massive recruitment wave for CIA. If done correctly, they could radically upgrade the agency with new talent (totally opposite the tales of woe over quantity vs. quality mentioned in the article). There are lots of super qualified people out there but they need to be actively recruited (which won't happen). An expansion of the executive service plus a targeted recruitment drive would work wonders (particularly for the financial and technical talent they need but don't know they need). [John Robb's Weblog] 10:18:06 AM  PermaLink   / trackback []

Unprotected PCs can be hijacked in minutes (USATODAY.com). USATODAY.com - Surfing the Web has never been more risky. Simply connecting to the Internet - and doing nothing else - exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously. [Yahoo! News: Technology] 10:10:01 AM  PermaLink   / trackback []

Canadian Inventor Lets Everyone Be an Armchair Spy (washingtonpost.com) TORONTO-- New Internet-based technology could soon turn regular computer users into armchair spies, a Canadian inventor said on Monday. Vincent Tao, an engineer at Toronto's York University said he has invented a mapping and surveillance tool called SAME (see anywhere, map anywhere), that produces images so sharp that geographic co-ordinates typed into a Web site can reveal the make of a car parked on the street. 10:08:40 AM  PermaLink   / trackback []

Wired News: Lying Makes Brain Work Harder Brain scans show that the brains of people who are lying look very different from those of people who are telling the truth, U.S. researchers said on Monday. The study, using functional magnetic resonance imaging, or fMRI, not only sheds light on what goes on when people lie but may also provide new technology for lie detecting, the researchers said. [...] There were clear differences between the liars and the truth tellers, Faro's team told a meeting in Chicago of the Radiological Society of North America. "We found a total of seven areas of activation in the deception (group)," he said. "We found four areas of activity in the truth-telling arm." Overall, it seemed to take more brain effort to tell the lie than to tell the truth, Faro found. Lying caused activity in the frontal part of the brain --- the medial inferior and pre-central areas, as well as the hippocampus and middle temporal regions and the limbic areas. Some of these are involved in emotional responses, Faro said. During a truthful response, the fMRI showed activation of parts of the brain's frontal lobe, temporal lobe and cingulate gyrus. 10:01:37 AM  PermaLink   / trackback []

Lying Makes The Brain Work Harder. Ant writes "This Wired News article says it seems to take more brain effort to tell a lie than to tell the truth according to functional magnetic resonance imaging (fMRI) scans. Lying caused activity in the frontal part of the brain -- the medial inferior and pre-central areas, as well as the hippocampus and middle temporal regions and the limbic areas. Some of these are involved in emotional responses. During a truthful response, the fMRI showed activation of parts of the brain's frontal lobe, temporal lobe and cingulate gyrus." [Slashdot] 9:59:30 AM  PermaLink   / trackback []

E-commerce Single Sign-On Not Dead Yet. FullyIonized writes "A few years ago Microsoft's Passport technology made headlines as Microsoft predicted e-commerce nirvana and conspiracists predicted a new Big Brother. Not to be outdone, Sun spearheaded the Liberty Alliance . Years later, I still don't have a single sign-on, not that that's a bad thing. Enter Andre Durand who started his first business with BBS software, then headed up Jabber, and now has started Ping Identity. The big distinction: the federated identity software is open-source. The Denver Post has the story." [Slashdot] 9:49:37 AM  PermaLink   / trackback []

Internet Week > News > Computer Firms Score Poorly In Privacy, Customer Response > November 29, 2004 On privacy, 95 percent of the companies had policies on their sites explaining how customers' personal data is being used, the study found. However, 37 percent didn't ask customers for permission before sharing personal data with affiliates, subsidiaries, or business partners. Sharing data can get companies into trouble with online customers, given that more than half of the latter say protecting personal information is their greatest concern, Terry Golesworthy, president of the CRG, said. When Web users are considering making an online purchase, that number jumps to two-thirds. "Privacy is already the number 1 issue among consumers, and its becoming the paramount concern," Golesworthy said. The industry is increasingly divided between companies that are taking privacy issues very seriously--even naming chief privacy officers--and those that are not addressing the issue at all, Golesworthy said. Hewlett-Packard Co., IBM, and Symantec Corp. are examples of companies that have exceptional privacy polices, while others, such as Brightpoint, Graybar Electric, and Safeguard Scientifics fail to even adequately list their privacy policies online. 9:46:41 AM  PermaLink   / trackback []

Study: High-tech firms praised for online customer respect. While many high-tech firms scored well in a new study of how they treat customers online, more than a third of the surveyed companies still share personal data without permission. [Computerworld Privacy News] 9:41:40 AM  PermaLink   / trackback []

U.K.'s Blair tries to allay fears over ID card database. U.K. Prime Minster Tony Blair attempted to quell growing concern over the security of the country's national identity program by threatening jail time for anyone caught tampering with the project's massive database. [Identity mangement news] 9:25:20 AM  PermaLink   / trackback []