Thursday, March 1, 2007

PC World - Vista's UAC Warnings Can't Be Trusted, Symantec Says Windows Vista's User Account Control (UAC), a system that Microsoft says makes the new operating system safer from attack, can be spoofed and shouldn't be completely trusted, a Symantec researcher said on Wednesday. Ollie Whitehouse, an architect at Symantec's advanced threats research team, first used a blog entry Tuesday to point out how a hacker could use a file included with Vista to disguise the UAC warning dialog in the color associated with alerts generated by Windows itself. 10:19:06 PM

Tricking Vista's UAC To Hide Malware. Tricking Vista's UAC To Hide Malware. Vista's User Account Control, love it or hate it, represents a barrier against unwanted software getting run on users' computers. A Symantec researcher has found a simple way to spoof UAC and says that it shouldn't be completely trusted. The trick is to disguise the UAC warning dialog in the color associated with alerts generated by Windows itself.  [Slashdot] 10:14:53 PM

Windows for Warships nears frontline service | The Register The Type 45 destroyers now being launched will run Windows for Warships: and that's not all. The attack submarine Torbay has been retrofitted with Microsoft-based command systems, and as time goes by the rest of the British submarine fleet will get the same treatment, including the Vanguard class (V class). The V boats carry the UK's nuclear weapons and are armed with Trident ICBMs, tipped with multiple H-bomb warheads. All this raises a number of worrying issues. First up is basic reliability and usability. Most of us have stared in helpless despair at the dreaded blue screen; how much worse would you feel if that wasn't just your desktop gone but your combat display, and it really was the screen of death? 10:07:50 PM

TIA becomes ADVISE | Free Government Information (FGI) Congress killed the Total Information Awareness (TIA) program in 2003 and several new programs have been reported to take its place. (See Total Information Awareness just changed its name FGI, 2006-02-26.) A forthcoming GAO report looks at the use of the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE) system. 9:13:23 PM

NGA Praises Congressional Movement to Correct Real ID. NGA Praises Congressional Movement to Correct Real ID. "The substantial costs and looming implementation deadline make Real ID unworkable and unreasonable." [GT: Security and Privacy] 9:07:42 PM

DHS Proposal for State Driver License Enhancements Posted for Public Comment. DHS Proposal for State Driver License Enhancements Posted for Public Comment. DHS will grant states an extension of the compliance deadline until December 31, 2009. [GT: Security and Privacy] 9:04:53 PM

Malware Adopts Disguises in Attempt to Dupe IT Defenses. Malware Adopts Disguises in Attempt to Dupe IT Defenses. Top ten threats and hoaxes reported in February 2007. [GT: Security and Privacy] 8:55:38 PM

Real ID Act Deadline Pushed Back to 2009. Real ID Act Deadline Pushed Back to 2009. "We will work closely with states to implement these standards and protect American's privacy against identity theft and the use of fraudulent documents." [GT: Security and Privacy] 8:53:08 PM

Legislation eyes nightclubs - Greenwich Time  Pending the mayor's signature, which is expected, all clubs where dancing is permitted will be required to install surveillance cameras at entrances and exits. While some Council members raised privacy concerns, the overwhelming majority agreed the surveillance tapes would be an invaluable deterrent and aid police if a crime is committed. All surveillance tapes must be securely stored, and clubs could be fined up to $50,000 if the footage makes its way onto TV or gossip Web sites. Industry representatives welcomed the surveillance camera vote, but pointed out that 90 percent of clubs with dancing already have such cameras installed. 8:50:56 PM

National ID Card Rules Unveiled. National ID Card Rules Unveiled. The DHS chief reveals how he'll turn state driver's licenses into internal passports. By Ryan Singel. [Wired News: Security Blanket] 7:48:35 PM

DOD, Microsoft sign deal to data mine health records The Defense Department has signed an agreement with Microsoft under which the software vendor will help develop tools and methods for analyzing the department's 9.1 million electronic patient records to find better ways to manage the health of DOD beneficiaries. Under the cooperative research and development agreement, Microsoft will work with the Army's Telemedicine and Advanced Technology Research Center to extract, store and analyze data stored in DOD's Armed Forces Health Longitudinal Technology Application (AHLTA) electronic health record system. The AHLTA clinical data repository (CDR) is "an untapped goldmine of health information, and the ability to draw upon and efficiently use this data will allow us to unleash the true power of AHLTA," said Dr. William Winkenwerder Jr., assistant secretary of Defense for health affairs. "This project has the potential to vastly improve our ability to provide both force health protection and population health improvement activities for every soldier, sailor, airman and Marine." Microsoft and the Army center aim to develop a clinical data warehouse (CDW) that provides predefined queries of interest to clinicians and analysts. The warehouse also will support data mining, which uses clustering and pattern recognition techniques to discover previously unknown correlations in the data. Intel and HP are providing support on security, sizing, and scalability testing of the CDW architecture, Microsoft said. Dr. Deborah Peel, chairwoman of the Patient Privacy Rights Foundation, views the patient information not as a goldmine ripe for exploitation but as a collection of personal and sensitive health information that needs to be zealously guarded and only accessed with express consent by the patient. 7:46:58 PM

War of Words Erupts Between HP Scandal Players. War of Words Erupts Between HP Scandal Players. The attorney for the ousted HP chairman fired back at public comments made by board rival about the HP pretexting scandal. [PC World: Latest Technology News] 7:20:30 PM

U.S. Bill Proposes E-Health Records Incentives. U.S. Bill Proposes E-Health Records Incentives. Doctors would get $3 for every patient signed up to use an electronic health record under terms of a new House bill introduced today. [PC World: Latest Technology News] 7:19:07 PM

DHS Issues REAL ID Regulations; CDT Urges Repeal of Law. DHS Issues REAL ID Regulations; CDT Urges Repeal of Law. The Department of Homeland Security has issued proposed regulations implementing the REAL ID Act, which would require states to adopt tighter standards and create a networked system for driver's license issuance. Given the Act's fundamental flaws, CDT has joined other civil liberties groups in supporting legislation introduced in recent days in the House and Senate to repeal the hastily-enacted 2005 law and return to the driver's license reform process begun by the previous Congress. CDT is especially concerned that the Act would result in the creation of a linked network of government databases of personal information, without standards or limits on access and use. [Center for Democracy and Technology] 7:17:49 PM

© Copyright 2007 Paul Hardwick. Last update: 3/4/07; 9:37:46 AM.