mark hess | BEHIND THE LINES

One Former Employee + Zero Revoked Passwords = 88 Less Servers

2011-08-18T10:20:00.000-07:00

Fired techie created virtual chaos at pharma company.

Logging in from a Smyrna, Georgia, McDonald's restaurant, a former U.S. pharmaceutical company employee was able to wipe out most of the company's computer infrastructure earlier this year. The ex-worker, age 37, formerly an IT staffer at the U.S. subsidiary of Japanese drug-maker Shionogi, pleaded guilty August 16 to computer intrusion charges in connection with the February 3 attack. He wiped out 15 VMware host systems running e-mail, order tracking, financial, and other services for the Florham Park, New Jersey firm.

"The February 3 attack effectively froze Shionogi's operations for a number of days, leaving company employees unable to ship product, to cut checks, or even to communicate via e-mail," the U.S. Department of Justice said in court filings. Total cost to Shionogi: $800,000.
The man resigned from the company in July 2010 after getting into a dispute with management, but was kept on as a consultant for 2 more months. Then, in September 2010, the drug-maker laid off the man and other employees, but it not revoke all passwords to the network. Using a Shionogi account, the man was able to log into the network from a public McDonald's Internet connection, and fire up a vSphere VMware management console he had secretly installed on the network a few weeks earlier. Using vSphere, he deleted 88 company servers from the VMware host systems, one by one. He was charged in July. He faces a maximum of 10 years in prison when he is sentenced November 10.

This post contains excerpts from the Department of Homeland Security Daily Open Source Infrastructure Report, 18 August 2011. For more information, visit: http://www.computerworld.com/s/article/9219260/Fired_techie_created_virtual_chaos_at_pharma_company

Google+ Spyware

2011-08-16T06:52:00.000-07:00

New Android spyware threat disguises itself as Google+ app.

Security researchers from Trend Micro warn of a new information stealing Android trojan that disguises itself as an app for Google's new social product Google+. This latest threat is a variant of a recently discovered trojan called ANDROIDOS_NICKISPY which is able to record phone calls. This new version stands apart from the rest because it is capable of answering incoming calls if the phone's screen is turned off and if the calls originate from a number predefined by the attackers.

"From the looks of it, the developer of this app went for the more real-time kind of eavesdropping as well, apart from the one ANDROIDOS_NICKISPY.A used, which involved recording calls," the Trend Micro researchers wrote. "The 'auto-answering' function of this malicious Android app works only on Android 2.2 and below since the MODIFY_PHONE_STATE permission was disabled in Android 2.3," they added. In addition to phone call answering and recording, the trojan has a full set of spyware features, such as stealing text messages and call logs or monitoring the GPS location. The increasing sophistication and prevalence of Android malware reinforces the need of antivirus products for such devices. There are several free solutions from vendors such as Lookout, BitDefender, or Symantec.

This post contains excerpt from the Homeland Security Daily Open Source Infrastructure Report, 16 August 2011. More information available at source: http://news.softpedia.com/news/New-Android-Spyware-Threat-Disguises-Itself-as-Google-App-216757.shtml

The Death of Anonymity

2011-08-02T11:35:00.000-07:00

Facebook will reach likely reach one billion users this year or next.

The privacy and security implications of this astonishing amassing of personal information are mind-boggling.

Imagine having access to the political views, sexual preferences, relationships, tastes, foibles, emotional states, workplace attitudes, etc. of a billion people.

An effort to collect such data on behalf of a government, or a corporation, or a geopolitical alliance, or an industrial sector, or even a seemingly benign world organization, would meet with fierce opposition. It would be difficult if not impossible; it would require lawyers, money and yes maybe even guns.

But in the era of social media, a extraordinary and rapidly growing number of us have been willingly posting such sensitive information (or at least the keys to unlocking it) online and accessible either directly or indirectly to marketers, stalkers, reporters, law enforcement, private investigators, human resource personnel, and rivals in love, business or politics, whether by subterfuge or inference or subpoena, whether legally or illegally, whether ethically or unethically.

It is all out there now, not just spread all across cyberspace in fragmented segments; no, happily, willfully offered up in an organized way.

Consider for example the Facebook profile photo.

No matter how tightly you zip up your Facebook account, people who you have not "friended" are going to come across your profile photo. And isn't that the point for most of us, not just to share status updates, photos, videos "likes" and comments with our current circle of friends and colleagues, but to expand that circle?

Indeed. But what if a stranger on the street could snap a smartphone photo of you, and then run it against profile photos in FB, and then learn not only your name, and your date of birth, your circle of friends and other such data, but was then able to take some of that data and "guess" your Social Security number from it, and then, of course with that Social Security number that stranger would have unrestricted access to the most sensitive details of your financial and medical information.

Well, it is possible, as The Economist (which broke this story) recounts:

"By mining public sources, including Facebook profiles and government databases, the researchers could identify at least one personal interest of each student and, in a few cases, the first five digits of a social security number. All this helps to explain concerns over the use of face-recognition software by the likes of Google and Facebook, which have been acquiring firms that specialise in that technology, or licensing software from them. (Google recently snapped up Pittsburgh Pattern Recognition, the firm which owns the programme the researchers used for their tests.) Privacy officials in Europe have said they will scrutinise Facebook's use of face-recognition software to help people 'tag', or identify, friends in photos they upload. And privacy campaigners in America have made a formal complaint to regulators. (Facebook notes that people can opt out of the photo-tagging service by altering their privacy settings.)" The Economist, 7-28-11

This post is excerpted from the Economist article, Anonymous no more, and the CSO Online article, Facial recognition and social media meet in the shadows, by Richard Power, July 28th, 2011.

Lockheed Martin Confirms RSA SecureID Hack

2011-06-08T08:48:00.000-07:00

June 6, The Register – (International)

Stolen RSA data used to hack defense contractor. Defense contractor Lockheed Martin has confirmed that a recent attack on its network was aided by the theft of confidential data relating to RSA SecurID tokens employees use to access sensitive corporate and government computer systems. According to an e-mail the company sent to reporters, theft of the data for the RSA tokens was "a direct contributing factor" in May’s intrusion into its network.

New York Times, which reported on the e-mail earlier, cited government and industry officials, who said the hackers used some of the purloined information and other techniques to "piece together the coded password of a Lockheed contractor who had access to Lockheed’s system." Lockheed said it detected the attack soon enough to prevent those responsible from accessing important data. The company is in the process of replacing 45,000 SecurID tokens used by its workers when logging in corporate networks from outside the office. The contractor, which makes fighter planes, spy satellites, and other gear related to national security, is also requiring workers to change their passwords.

Source: http://www.theregister.co.uk/2011/06/06/lockheed_martin_securid_hack/

This post is excerpted from the Homeland Security Daily Open Source Infrastructure Report for 8 June 2011.

Follow The Money: The Spam Ecosystem

2011-05-26T14:26:00.000-07:00

Stopping spam is an almost futile effort if the focus continues to be on spam filtering and botnet takedown, according to a research team from the University of California, San Diego, the University of California, Berkeley, The International Computer Science Institute and Budapest University. These measures are simply like cutting the head off of a hydra monster, because spammers quickly find ways to replace lost resources.

Instead, combating the in-box clogging, and frequently malware-laden, messages spammers deliver should be done by cutting off the spammer's payment processors so they can't get their money, the researchers conclude. The research, titled Click Trajectories: End-to-End Analysis of the Spam Value Chain, was presented this week at the IEEE Symposium on Security and Privacy 2011 in Oakland, California. The researchers looked at the ecosystem of a spam operation by setting up a network to receive spam and examine the supply chain involved.

"It is the banking component of the spam value chain that is both the least studied and, we believe, the most critical," researchers state in the paper. "Without an effective mechanism to transfer consumer payments, it would be difficult to finance the rest of the spam ecosystem."

The research notes that only a small number of banks are willing to knowingly process what the industry calls "high-risk" transactions. In fact, just three banks, which are located in Azerbaijan, Denmark and the Caribbean island of Nevis, provided the payment servicing for over 95 percent of the spam-advertised goods in the study. The researchers even went as far as to purchase spam-advertised goods in order to find out who the payment processors are. Finding a way to stifle the operations of a payment processor would be a much more disruptive action than domain blocking, the researchers note.

"The replacement cost for new banks is high, both in setup fees and more importantly in time and overhead," the paper states. "Acquiring a legitimate merchant account directly with a bank requires coordination with the bank, with the card association, with a payment processor and typically involves a great deal of due diligence and delay."

The onus to stop payments would ultimately be on Western banks, the researchers conclude.

"If U.S. issuing banks (i.e.,banks that provide credit cards to U.S. consumers) were to refuse to settle certain transactions (e.g., card-not-present transactions for a subset of Merchant Category Codes) with the banks identified as supporting spam-advertised goods, then the underlying enterprise would be dramatically demonetized. Furthermore, it appears plausible that such a "financial blacklist" could be updated very quickly (driven by modest numbers of undercover buys, as in our study) and far more rapidly than the turn-around time to acquire new banking resources —a rare asymmetry favoring the anti-spam community. "

This above is excerpted from the CSO article, Want to stop junk email, stop payments to spammers study says, by Joan Goodchilde, May 25h, 2011.

Now, here's the other side of that theory: what happens to the multi-billion dollar business of combatting spam enjoyed by internet security firms? Do these firms really have any incentive to end spam, effectively putting an end to multiple, and very lucrative, revenue streams?

Eric Holder at The Next Door

2011-05-25T13:52:00.000-07:00

Attorney General Eric Holder Speaks at the Grand Opening of the Next Door Chattanooga Release Center, Chattanooga, Tenn. ~ Wednesday, May 25, 2011

Thank you, Commissioner Charles Traughber. It’s a pleasure to join you – and Director Gil Kerlikowske, Commissioners Derrick Scofield and Doug Varney, and so many other critical partners – in celebrating the grand opening of The Next Door Chattanooga, and looking forward to the new beginnings, the second chances, and the hope and healing that this release center will provide.

I’d also like to recognize Linda Leathers for her leadership, and her commitment to serving women and communities in need. And I especially want to thank Angela Miller and Laticka Burgins for courageously sharing their story with us, and reminding us why this new facility and the work we’ve gathered to strengthen are so important. Today marks an important step forward in expanding the reach and critical impact of The Next Door’s work – and I have no doubt that, here in Chattanooga, this innovative center will build on the success that’s been achieved across Tennessee to assist women in crisis.

For nearly a decade now, since a small group of women began meeting in a vacant building in Nashville – the transitional housing opportunities and essential services that The Next Door provides have touched hundreds of lives across this state. And its growing network of supporters has helped our nation honor its commitment to strive – not only for justice, but for healing; and to help those whose lives have been devastated by crime, shattered by substance abuse, and plagued by addiction find the strength to recover and to overcome past mistakes by building healthy, hopeful futures.

Today, we know that these public safety challenges cannot be addressed through enforcement alone – but instead must be met by a comprehensive approach that includes prevention, intervention, enforcement, and reentry. By engaging stakeholders at every level of government and law enforcement – as you’ve done here in Tennessee – and by strengthening our partnerships with, across, and beyond the nonprofit sector, you’ve shown that we can help women to break the cycle of addiction; to rise above the effects of poverty, crime, and violence; and to take new ownership of their lives. This is the type of innovative work that The Next Door is leading each day and, now, brings to the Chattanooga community. Here, residents will be able to seek counseling for addiction and mental health issues, learn parenting skills, and acquire essential job training.

In the coming months and years, as we work to fill these rooms, and to help scores of women return to their families and communities, we also must rededicate ourselves to expanding these efforts – and broadening their reach – to include cities and towns throughout Tennessee and across the country.

Every year, nearly three quarters of a million people are released from jails and prisons across America. To help address the unique needs and challenges that they face – and to more effectively reduce recidivism, save taxpayer dollars, and protect our communities – I have convened a Cabinet-level “Reentry Council” to help identify best practices; leverage resources; and support reentry programs, substance abuse treatment, employment assistance, housing, mentoring, and other reentry services.

Today, I am proud to report that – thanks to the tireless advocacy of leaders like Director Kerlikowske, organizations like The Next Door, and key partners like each of you – our commitment to this work has never been stronger, and our potential for future progress has never been greater.

Programs like this release center form the cornerstone of these efforts. They provide not only a critical path to successful reentry, but a promising model that can be replicated in communities across America.

Let me assure you today that supporting and advancing this work will continue to be a priority – not only for our nation’s Department of Justice – but for this Administration.

Once again, thank you all for your tireless efforts, and for your enduring commitment to providing help – and healing – to so many of our most vulnerable neighbors. I am proud to join you in celebrating the grand opening of The Next Door Chattanooga Release Center – and I look forward to all we will accomplish together.

Albert Gonzalez, Special Agent

2011-04-11T07:27:00.000-07:00

Convicted hacker Albert Gonzalez, who is currently serving a 20-year prison sentence after pleading guilty to the massive hacks at TJX, Heartland and numerous retailers, now claims that he thought he was authorized and directed by the government to carry out the illegal activities.

In a petition filed last month, first reported by Wired , Gonzalez informed the U.S. District Court for the District of Massachusetts that he would like to withdraw his guilty plea and asked the court to vacate its sentence.

In his 25-page petition, Gonzalez blamed his attorneys Martin Weinberg and Rene Palomino for not properly representing him or informing him about his defense options. Gonzalez also claimed that his lawyers did not appeal his sentence as he had asked them to.

Gonzalez was arrested in Miami in 2008 along with 10 other individuals on charges relating to the thefts at TJX, Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

Later he was also charged with the break-ins at Heartland Payment Systems, Hannaford, 7-Eleven and two other unnamed retailers. Gonzalez was indicted in three different states, New York, Massachusetts and New Jersey for his crimes. Prosecutors alleged that Gonzalez and his international gang of cyber criminals stole data on more than 130 million debit and credit cards over a multi-year period.

In Sept. 2009, Gonzalez, pleaded guilty to 20 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft. He was sentenced to two concurrent 20 year terms by federal courts in Massachusetts and NJ.

In his petition, Gonzalez claims that all of the criminal activities that he admitted to in court were actually done with the full knowledge and the direction of the United States Secret Service.

As previously known, Gonzalez noted that he had begun working as a confidential informant for the Secret Service back in 2003 soon after he was busted in connection with a series of ATM thefts. Gonzalez claims that over the next several years, he helped the Secret Service infiltrate various carder gangs and hacking groups, leading to the arrests of many of them.

Gonzalez' petition details his interactions with two of his Secret Service handlers, who he claims treated him almost like another member of the agency and took him to different parts of the country for undercover work.

"The Agents had me infiltrating chat rooms setting people up and then the Agents would bust them," he offers as one example of the work he claims to have done for the government. "On one occasion I was taken to California for a week to help Agents there with undercover operation that resulted in arrests and convictions," Gonzalez said in his petition.

At the time of his arrest, Gonzalez said he firmly believed he was "authorized to engage in the cyber crimes I was participating in, in order to gather intelligence on National and International cyber criminals and I was doing my job to the best of my abilities," Gonzalez said. He said he was being paid $1,200 a month for his work.

According to Gonzalez, his illegal activities were done to establish trust with other cybercriminals so he could make contact with more of them and expose their acitivities to law enforcement.

Gonzalez said Palomino did not advise him of the availability of the "Public Authority" defense that he could have used to defend his actions. Under the public authority defense, any individual who is "acting under the actual or believed exercise of public authority on behalf of a law enforcement agency" can claim immunity against illegal conduct arising from his actions, Gonzalez said in his petition.

Gonzalez also asked for his guilty pleas to be withdrawn. According to him, the only reason he pleaded guilty to the indictments in all three states was because his attorney and prosecutors told him he would benefit by doing so. Gonzalez claims in his petition that he was informed if he agreed to plead guilty to all three cases, all of the cases would be transferred to Boston, where it would go before one judge and he would receive just one sentence.

However, all three cases could not be transferred as promised, resulting in two separate convictions, Gonzalez said. He contends in his petition that he would not have agreed to plead guilty if he had known his cases could not be consolidated as promised.

"I gained absolutely nothing by accepting the plea agreement," he said. "Because I relied on the promises of my attorney and the government that could not be carried out, I did not knowingly and voluntarily enter into the plea agreement," he said.

The only reason that he was even arrested in the first place was because of evidence found on a computer owned by Maksym Yastremskiy, a Ukrainian gang member who had previously been arrested in Turkey, Gonzalez said.

Yastremskiy was tortured into decrypting the data on his computer by Turkish authorities, so the information gathered from his computer should have been suppressed, he claimed.

But Palomino in a conversation with Wired is quoted as saying that Gonzalez has no ground for appeal because it was a negotiated plea agreement and that his former client knew what he was getting into when he accepted it.

This post is excerpted from the CSO Online article, TJX Hacker: Government made me do it, by Jaikumar Vijayan, April 8th, 2011.

Xian, Hong Xian

2011-04-04T12:27:00.000-07:00

Two Chinese nationals have been indicted by a federal grand jury in Alexandria, Va., for attempting to obtain radiation-hardened microchips, which are prohibited defense items used in the military and aerospace industry.

Neil H. MacBride, U.S. Attorney for the Eastern District of Virginia; Todd Hinnen, Acting Assistant Attorney General for National Security; John P. Torres, Special Agent in Charge for U.S. Immigration and Customs Enforcement (ICE), Office of Homeland Security Investigations (HSI) in Washington, D.C.; and Robert E. Craig, Special Agent in Charge of the Defense Criminal Investigative Service’s (DCIS) Mid-Atlantic Field Office, made the announcement after the indictment was unsealed.

Hong Wei Xian, aka “Harry Zan,” 32, and Li Li, aka “Lea Li,” 33, both from the People’s Republic of China (PRC), were charged in a two-count indictment accusing them of conspiring to violate the Arms Export Control Act and to smuggle goods from the United States and the attempted export of U.S. Munitions List items in violation of the Arms Export Control Act. If convicted, they face a maximum penalty of five years in prison for the conspiracy charge and 20 years in prison on the export violation charge. Xian and Li will make their initial appearance at 2:00 p.m. at the Alexandria federal courthouse.

According to the indictment, Xian is the president of Beijing Starcreates Space Science and Technology Development Company Limited (Beijing Starcreates), and Li is the company’s vice president. Among other things, Beijing Starcreates engages in the business of importing and selling programmable read-only memory microchips to China Aerospace Science and Technology Corporation, which is controlled by the PRC government and plays a substantial role in the research, design, development and production of strategic and tactical missile systems and launch vehicles for the PRC.

Since 1990, the U.S. government has maintained an arms embargo against the PRC that prohibits the export, re-export, or re-transfer of any defense article to the PRC. Prohibited defense articles are placed on the U.S. Munitions List, which includes spacecraft systems and associated equipment. A programmable read-only memory microchip (PROM) serves to store the initial start-up program for a computer system and is built to withstand the conditions present in outer space.

According to the indictment, neither Xian nor Li applied for nor received a license from the United States to export defense articles of any description; however, from April 2009 to Sept. 1, 2010, the two are charged with contacting a company in the Eastern District of Virginia and seeking to export thousands of radiation-hardened PROMs from that company.

The indictment states that Xian and Li knew a license was required, but did not seek to obtain one because it was difficult, time-consuming, and would require them to identify the end user and describe the end use. They are accused of conspiring to break up orders into multiple shipments and designate countries outside of the PRC for delivery to avoid drawing attention to the orders.

On Sept. 1, 2010, the defendants were arrested in Hungary pursuant to a U.S. provisional arrest warrant and were transferred into the custody of U.S. Marshals on April 1, 2011, after they waived extradition. They arrived in the Eastern District of Virginia late April 1, 2011.

This case was investigated by ICE HSI and DCIS, with assistance from ICE HSI Office of International Affairs and the Department of Justice’s Office of International Affairs. Assistant U.S. Attorney James P. Gillis of the Office’s National Security and International Crime Unit, and Trial Attorney Brandon L. Van Grack of the Justice Department’s National Security Division are prosecuting the case on behalf of the United States.

Criminal indictments are only charges and not evidence of guilt. A defendant is presumed to be innocent until and unless proven guilty.

This post contains excerpts from the Department of Justice National Security Division press release, Two Chinese Nationals Charged with Illegally Attempting to Export Military Satellite Components to the PRC, April 4th, 2011.

Run A Brisk Meeting

2011-03-10T19:16:00.000-08:00

Strike Early
Schedule your meeting for first thing in the morning to lessen the chance of interrupting tasks. Task switching consumes up to 30 percent of the average worker's day. And always include an end time.

Stay Focused
Have a clear agenda, and appoint someone to "run" the meeting and help avoid time-consuming digressions. If you get stuck on one area, jump in and say, "Hey all, not to interrupt, but to respect everyone's time, let's move on to the next topic." Then restate the abandoned issue as concisely as possible, and identify one person to continue pushing for resolution after the meeting.

Bring It Home
Go over the commitments people have made for each item on the agenda, and recap every point in an email to the group.

For more insight on how to cut the blabber and wrap things up fast, take a look at Tim Ferris' The 4-Hour Workweek.

Cisco Diet Plan

2011-03-04T12:52:00.000-08:00

Cisco Systems competes with Juniper Networks and Alcatel-Lucent in the network equipment business. The company has been the leading global vendor in several router and switches markets, commanding substantial market share.

Is it time for Cisco to shed weight and sell off some key business units? A recent article by Reuters suggested that, after years of acquisition, this is one path the company might need to consider. According to a Morningstar analyst quoted in the report: “What investors would like is to see them more focused on their core market, like routers, switches and data centers, and de-emphasize or even exit some of these consumer businesses”

This idea echoes our previously cited concern as to whether Cisco’s core business is in trouble. In a previous analysis, we discussed the slowing growth for Cisco’s main business segments, mainly routers and switches.
Our price estimate for Cisco stands at $24.20, which is about 30% above the current market price. Cisco’s stock has fallen significantly since the company reported a weaker outlook for business for 2011. This has led many analysts to consider new directions for Cisco, given that rivals like Juniper are seeing soaring stock growth and gathering increased investor confidence.

Time to Sell Consumer Product Businesses?

The Reuters article comments: “A sale of Linksys and Scientific Atlanta would have been unthinkable until recently. A key part of Chambers’ strategy has been to sell consumer products that help drive Internet traffic, and thus, boost demand for its routers and switches.”

Orders for these products have weakened in recent quarters. Besides, the consumer products market is far from being short on competition. There are plenty of other companies that can make the road ahead a bumpy one for Cisco in this space.

To give an example, Cisco might be better off divesting its “Flip” video camera business. Companies more focused on consumer products may be more adept at managing such products that require continuous evolution of style and technology to remain competitive.

We’re not talking about dramatic shifts to the company’s structure, but rather minor refocusing efforts. While these ideas are intriguing, the potential sale candidates represent small portions of Cisco’s total company value.

Looking at a Few Sale Candidates

We estimate that digital TV boxes (through Scientific Atlanta) constitute about 3.7% of Cisco’s equity value, while Linksys & “Flip” video cameras represent roughly 1.3%. Together, this represents about 5% of Cisco’s equity value by our estimates. Translated, 5% of the company’s stock value is at stake through these product segments.

While this 5% may not be much, the hidden value of shedding this weight could be the re-alignment of Cisco’s resources towards core businesses like routers and switches. This could provide a timely tailwind to Cisco as rivals have eaten into the company’s market share in the recent past. Given that some enterprises may be looking to take a multi-vendor approach, Cisco may have to sweat more than usual to maintain its share.

This post contains excerpts from the Forbes article, Cisco Should Consider Losing Linksys, Selling Scientific Atlanta, March 4th, 2011.

Juniper Networks

2011-02-28T15:40:00.000-08:00

The early days at Juniper Networks were not for the faint of heart. Joining during the hiring rush of early 1997, I found that the cubes and offices of the small office in Santa Clara, California were already packed with experienced old handspeople whom I knew had been around the block once before and would not be shy of expressing themselves. Everyone had strong views on nearly every aspect of building a router from scratch. If you had the misfortune to sit next to a busy conference room, a good pair of headphones and large CD collection were required to drown out the arguments. Design meetings often became heated, and egos were occasionally bruised. Our friends from previous employers taunted us with predictions of doom.

Despite the arguments, we were all united and driven by one solitary goal: to win the competition to build the best Internet core router available. This was a serious challenge, considering the primary competition was a 300-pound gorilla in the form of Cisco Systems. Beating Cisco would require us to produce a router that tackled the perceived weaknesses in its core router platform. A Juniper Networks core router would have to provide line-rate performance (which, for the M40 router meant forwarding around 40 million packets per second), robust core routing protocols, and stable control software. In short, it had to make customers really want to use it.

The performance requirements meant that the network traffic had to be forwarded entirely in hardware. This was something that had never before been attempted for a core network router. As a result, the hardware design of the M40 looked like science fiction to Juniper recruits who had worked on other networking products. The entire forwarding path of the router was constructed from four Application Specific Integrated Circuits (ASICs), designed entirely by Juniper. These four ASICs (called A, B, C, and D to prevent loose lips from revealing their function) were huge, intricate, and enormously ambitious. A large design team of experienced engineers was assembled to implement the ASICs and partnered with another large verification team to check that the designs were functionally correct. Since Silicon Valley was littered with networking startups that had failed because of silicon design problems, there was enormous pressure on the ASIC teams to get it right first time. We all knew that a failed ASIC would probably sink the company.

Not that there was any less pressure on the software teams. Convincing customers to deploy a brand newand essentially untriedcore router into the very heart of their networks is an enormous task. A new router that crashes, forwards packets erratically, or just basically behaves weirdly won't make any friends in the network operations team and will find itself unceremoniously removed from the network. The problem is that designing and implementing a core router that works completely reliably is a feat that has defeated many companies. And those were "simple" routers where the packets had been forwarded by software. In contrast, not only did the Juniper router require robust routing protocols that could scale to the largest networks, but it also had to have a robust software infrastructure on the CPU-based control boards that managed the fiendishly complicated packet-forwarding ASICs. Just like the ASIC team, the software team had to get it right the first time.

The JUNOS team started from a basic FreeBSD software base and reworked much of the network software in the kernel. New user daemons were written, and a carrier-grade routing protocol suite was implemented. The routing protocols had to be designed to scale to the largest networks and be robust enough to withstand wild fluctuations in the networks around them, something that the competing routers often struggled with. Thankfully, Juniper had a deep well of routing protocol talent available that could pool its cumulative knowledge to design high-quality routing protocol implementations. Potential customers still had to be convinced that the new protocol implementations would interoperate safely within their existing networks. To allow early evaluation, a fledgling JUNOS system appeared in the form of Olive, which was a standard rackmount PC pretending to be a JUNOS routing engine board. This prototype system was delivered to potential customers to give them a feel for the current state of the system and to allow the routing protocols to be debugged.

Juniper had outgrown the offices it occupied in Santa Clara and moved to Mountain View, just off of Highway 237. We didn't trust the movers to shift the servers between sites and decided to move all the systems ourselves. At one point, we realized that all of Juniper's primary software servers were loaded into just one car; paranoia dictated that we split them between two cars just in case something happened on the short drive to the new office. We drove gingerly to the new site once the rush hour had finished and breathed a huge sigh of relief when all the servers powered up again. We also got a surprise bonus when we arrived at the new site. The previous occupants of our new office block had left a huge rat's nest of network cables in their old data center; they'd obviously decided that it was just too much work to untangle it. However, since money was tight, we refused to throw the huge bundle of cables out and spent the next couple of weeks teasing CAT5 cables out of the jumble during quiet moments. There were enough cables from the bundle to let us completely rewire the first software engineering lab for free.

Throughout 1997 and early 1998, all the Juniper engineering teams worked pretty much flat-out to finish the M40. The engineering labs were seldom quiet, and it was hard to tell the weekends from the weekdays by counting cars in the parking lot. The software teams designed and implemented a truly astonishing amount of code in a very short period of time. FreeBSD kernel extensions were added to provide support for chassis management and new Juniper network interfaces. A clean user interface was designed and implemented to provide a seamless interface to the system and prevent users from having to edit raw configuration files by hand. An entire embedded microkernel was written to manage the packet-forwarding engine boards in the system (a fully-loaded M40 would have nine PFE-related boards), which would allow users to exchange configuration and status messages with the routing engine and each other. Drivers for the embedded microkernel were written to manage the ASICs and to allow the route engine to configure the PFE. The size and complexity of the software required to manage just the various control boards eventually grew to rival the route engine itself.

The real headache for the software team was that the hardware wasn't available to test with. It can take many months after a system is assembled in the engineering lab to get it to a usable state as a complete system. But Juniper couldn't afford for us to spend six months in the lab; there just wasn't enough money or time. The solution was to get extremely creative with test equipment, evaluation boards, and generic PCs before the final hardware was available. All sorts of emulation environments were developed to allow the new routing engine and embedded software to be debugged ahead of the actual hardware. For months, we used a motley collection of machines cobbled together from parts and equipment that emulated the final hardware. We didn't really have to disguise the lab for external visitorsthey wouldn't have been able to guess that each ratty bundle of machines was a virtual M40.

The payback from this approach was enormous. When the hardware finally arrived, it took just one week in the engineering lab for the first network packets to be forwarded successfully! Considering the complexity of the routing engine and PFE interaction, this was a monumental achievement and meant that we could quickly verify that the hardware worked before shipping the systems to our early test customers in September of 1998.

Designing and implementing the first release of the JUNOS software was an unforgettable time. Although the reader may think I've concentrated way too much on the hardware, the JUNOS software is intrinsically the way it is because of the hardware. That it has gone through so many iterations since then, and continues to evolve with the advancement of Juniper routers, is the first item you should learn in this book.

The second thing that you should know is that although creating the JUNOS software really was a team effort, Aviva Garrett had the dubious task of documenting our efforts. In fact, she wrote the first manual. And then, as the manager of Juniper Networks technical publications, she led the effort from Version 1.0 until very recently, somewhere after 7.x. Now she has come back and worked on this marvelous book for an entire year, revisiting everything we once did and everything that has evolved since those early days. JUNOS Cookbook represents a full circle for the JUNOS software suite somehow, looping from those early, midday conference room marathons to today's ability to route a large portion of the world's network traffic. Aviva and her team of reviewers and technical experts have broken it all down into bite-size recipes and discussions that make today's complex array of features seem like that simple, erudite version we created back in 1998. Enjoy it, and cheers.

Scott Mackie, Former Distinguished Engineer, Juniper Networks, February 2006, from the JUNOS Cookbook.

Lockheed Martin Ships First Orion Spacecraft

2011-02-22T12:36:00.000-08:00

Last week on February 10th, 2011 the Lockheed Martin Orion team shipped out the first Orion crew module spacecraft structure today from NASA’s Michoud Assembly Facility in New Orleans, La. The spacecraft is headed to Lockheed Martin’s Denver, Colo., facilities where it will undergo a series of rigorous tests to confirm Orion’s ability to safely fly astronauts through all the harsh environments of deep space exploration missions.

Soon after the spacecraft arrives in Denver, it will be integrated with the heat shield and thermal protection backshell before undergoing environmental testing. This crew module will also go through a series of simulated landing scenarios at Langley’s new Hydro Impact Basin. The Langley facility will be used to test, validate and certify water landings for all human-rated spacecraft for NASA.

“This is a significant milestone for the Orion project and puts us on the right path toward achieving the President’s objective of Orion’s first crewed mission by 2016,” said Cleon Lacefield, Lockheed Martin vice president and Orion program manager. “Orion’s upcoming performance tests will demonstrate how the spacecraft meets the challenges of deep-space mission environments such as ascent, launch abort, on-orbit operations, high-speed return trajectory, parachute deployment, and water landings in a variety of sea states.”

Built to spaceflight specifications, this Orion ground test vehicle has already validated advanced production processes, equipment and tools required to manufacture the Orion crew module space flight hardware. Data collected from the testing and pathfinding operations will be incorporated to enhance design, requirements, tooling, processes, inspection and test that will ultimately result in a safe, reliable and affordable human-rated space exploration vehicle.

Orion has passed critical human-rating milestones, including Orion’s flawless flight test of its launch abort system and the successful phase one safety review that validated Orion meets many of NASA’s stringent requirements for safe human spaceflight.

Lockheed Martin is the prime contractor to NASA for the Orion crew exploration vehicle – the nation’s next generation spacecraft that features advanced technologies for more complex and challenging human space exploration missions throughout our solar system. The Orion spacecraft will be comprised of a crew module for crew and cargo transport; a service module for propulsion, electrical power and fluids storage; a spacecraft adapter for securing it to a launch vehicle, and a launch abort system that will significantly improve crew safety.

Lockheed Martin leads the Orion industry team which includes major subcontractors as well as a nationwide network of minor subcontractors and small businesses. In addition, Lockheed Martin contracts with hundreds of small and disadvantaged business suppliers across the United States through an expansive supply chain network.

Headquartered in Bethesda, Md., Lockheed Martin is a global security company that employs about 132,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services. The Corporation’s 2010 sales from continuing operations were $45.8 billion.

Department of Cyber?

2011-02-17T07:59:00.000-08:00

Michael McConnell, former director of national intelligence, suggested United States leaders could create a Department of Cyber to address cyber threats the nation faces. But before the idea could set in, McConnell said he had second thoughts.

His comments came Wednesday during a panel discussion entitled Cyberwar, Cybersecurity and the Challenges Ahead at the RSA 2011 IT security conference, as he responded to a question from moderator James Lewis of the Center for Strategic and International Studies on how cyber threats can be treated differently.

McConnell compared a possible Cyber Department to the Department of Energy, created in 1977 when the United States faced an energy crisis. Today, he said, executive branch leaders recognizes the significance of information technology and its potential vulnerabilities. "What is it that we need to mitigate that? McConnell asked. "Do we go as far as creating a Department of Cyber? Maybe that's a stretch too far." But he said citizens needs to have informed conversations about how best to address cyber threats. "Please do it before we have this catastrophic event," McConnell said.

Former Homeland Security Secretary Michael Chertoff said the United States must define legally and strategically how to defend against cyber attacks, especially when the best defense could come from business and not the government. "I'm not an advocate of having a kill switch, if you could do such a thing, but we need to understand who has the responsibility to do what, how is that going to transpire over time, and you need to have, perhaps, some declared policies that we as a country would allow private entities to defend themselves."

Another panelist, security expert and author Bruce Schneier, said the cyber threat's best defense is through international cooperation.

"The more countries talk to each other, trust each other, the more we can deal with the inevitability of these tactics being democratize moving down to non-state actors,' Schneier said. "Even a hotline from the U.S. to China: 'Hey, is that you?' 'No, that's not us.' 'OK, so we know that's someone else.'

"I worry a lot of this is happening at too low a level in the command chains, and we're in the brink of a cyberwar arms race. And, it's very similar to the nuclear war arms race. 'We don't know what you're doing, so we're going to respond accordingly.' And, they say the same, and it just blows up, and there too much of a chance for these things going off accidently."

This post contains excerpts from the GovInfoSecurity article, A fleeting idea: department of cyber, by Eric Chabrow, February 16th, 2011.

China Targets Western Energy

2011-02-11T13:33:00.000-08:00

Hackers working in China broke into the computer systems of five multinational oil and gas companies to steal bidding plans and other critical proprietary information, the computer security firm McAfee Inc said in a report.
The report, which named the attacks Night Dragon, declined to identify the five known companies that had been hacked and said that another seven or so had also been broken into but could not be identified.

"It ... speaks to quite a sad state of our critical infrastructure security. These were not sophisticated attacks ... yet they were very successful in achieving their goals," said Dmitri Alperovitch, McAfee's vice president for threat research.

The three largest U.S.-based oil companies, Exxon Mobil, Chevron and ConocoPhillips, all declined to comment on whether they had been targeted, citing policies not to speak about their security measures.

The attacks are the latest computer-based invasions directed at western companies, and come a year after Internet giant Google and more than 100 companies were targeted by hackers that were traced to China.

Stock market owner NASDAQ OMX reported over the weekend that hackers appeared to have breached its systems, and new legislation was introduced in the U.S. Senate that would strengthen cyber security.

In the attacks against the oil companies, the hackers got into the computers either through their public websites or through infected emails sent to company executives.

During the last two years -- and up to four years -- the hackers had access to the computer networks, focusing on financial documents related to oil and gas field exploration and bidding contracts, said Alperovitch.

They also copied proprietary industrial processes.

"That information is tremendously sensitive and would be worth a huge amount of money to competitors," said Alperovitch.

The hack was traced back to China via a server leasing company in Shandong Province that hosted the malware, another term for malicious software, and to Beijing IP addresses that were active from 9 a.m. to 5 p.m. Beijing time (0100-0900 GMT).

McAfee's report did not identify who was behind the hacking.

"We have no evidence that this is government sponsored in any way," said Alperovitch.

McAfee provided the data to the Federal Bureau of Investigation, which did not respond to requests for comment.

"This is normal business practice in China. It's not always state sponsored. And they do it to each other," said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank.

Asked if Beijing normally agreed to arrest hackers, Lewis responded: "It's not impossible, but it hasn't happened very often."

The Chinese government often says their country is also a victim of hacking. But Foreign Ministry spokesman Ma Zhaoxu told reporters at a regular press briefing on Thursday in Beijing that he was unaware of this case.

"I really have no grasp of this situation, but we frequently hear about these types of reports," Ma said.

Western governments and companies have long been concerned about corporate espionage based in China.

"We are aware of these types of threats, but we can't comment specifically about what's in the Night Dragon report," said FBI spokeswoman Jenny Shearer.

Washington believes that hacking attacks on Google Inc that briefly prompted the company to pull out of China were orchestrated by two members of the country's ruling body, according to U.S. diplomatic cables released by WikiLeaks.

The French government is looking into a possible Chinese role in spying on carmaker Renault SA's and Nissan's electric vehicle program.

In 2007, a Chinese student working at car parts maker Valeo was sentenced to prison for obtaining confidential documents from the automaker. A French tribunal stopped short of an industrial espionage verdict, instead finding that she had "abused trust."

This post contains excerpts from the YahooNews article, Chinese Hackers Infiltrated Five Energy Firms: McAfee, February 11, 2011, the AFP article, Chinese Hackers Target Oil Companies, February 11, 2011, and the Associated Press article, Hackers in China Hit Western Oil Companies, February 11, 2011.

Mubarak IP Space Hijacked

2011-02-01T07:48:00.000-08:00

Egyptian citizens calling for besieged President Hosni Mubarak to step down may have been cut off from using the Web, but spammers have been busy cutting the government off from its own Internet address space: Earlier this month, junk e-mail artists hijacked a large swath of Internet addresses assigned to Mubarak’s wife.

According to Spamhaus.org, well known spammers commandeered a chunk of more than 5,000 IP addresses that were assigned years ago to Suzanne Mubarak and the Suzanne Mubarak Science Exploration Center. Spamhaus reports that those addresses have been used recently to promote a variety of dodgy Web businesses, and that the hijacked block is under the control of an organization that has ties to alleged spammer Michael Lindsay and iMedia Networks. iMedia did not respond to requests for comment.

The high profile land grab is the latest example of how spammers are becoming more brazen in their quest for non-blacklisted Internet address space from which to send spam, said Rod Rasmussen, president and chief technology officer of Internet Identity.

Rasmussen said Internet address space hijackers tend to target chunks of addresses assigned to governments and defense contractors, because those allocations are less likely to be reported missing, and very few of them are blocked by anti-spam tools.

“The spammers doing this look for chunks of [Internet] space that are dormant, but most of all blocks of IP addresses that are whitelisted,” by anti-spam groups, Rasmussen said. “Their spam gets through anti-spam filters nicely after that, or least until the hijacking is detected.”

Sometimes, the scammers are able to hijack IP space by snatching up expired domain names that were used to register the addresses years earlier. The attackers then send an e-mail from that domain to the regional Internet registry that assigned the block of IP, requesting whatever changes they need to assume control over the addresses.In other cases, spammers use forged letters and bogus corporate fronts to impersonate the rightful owner of the addresses.

Another chunk of addresses that Spamhaus found were recently hijacked by spammers — 255 IPs originally assigned in 1994 to an organization called the now defunct Claremont Technology Group — appears to have been stolen sometime after the organization let its domain claretech.com lapse. That domain now redirects to Falls Church, Va. based government contractor Computer Sciences Corp (CSC), which acquired Claremont in 1998.

Rasmussen believes we are likely to see a spike in this type hijacking activity as global supply of unassigned IPv4 addresses continues to dwindle and unallocated blocks become more valuable. Experts disagree on exactly when the pool of IPv4 addresses will be drained: Some says as mid- to late 2011, and others claim it’s only a few more days.

This post contains excerpts from the KrebsOnSecurity article, Spammers Hijack Internet Space Assigned to Egyptian President’s Wife, by Brian Krebs, February 1st, 2011. For more of the article, visit KrebsOnSecurity.

Mr. Soghoian Goes To Washington

2011-01-20T03:34:00.000-08:00

Given his history, Chris Soghoian was surprised when the Federal Trade Commission offered him a job in 2008. Soghoian, 29, was the first of a handful of techs the agency recruited to investigate corporations for violating consumers' privacy. The FTC needed tech geeks to help understand privacy on the Web, and Soghoian, an Indiana University Ph.D. candidate, off a Harvard law and technology fellowship, accepted the offer. "We have one privacy regulator at the federal level--the FTC," he says.

In 2006, Soghoian built an app that let you print fake boarding passes for Northwest Airlines. Unamused, the FBI raided his house. A year later he mapped where California company Biofilm shipped tubes of its sexual lubricant Astroglide using online data. Authorities declined to investigate, as no financial data was exposed. Soghoian grumped.

Protesting his requirement to undergo a fingerprint scan on his first day, avoiding a background check by ignoring email requests, and secretly recording Sprint executives security conferences using his FTC credentials and posting them to his blog were a few of the headaches Soghoian caused for his bosses. Once the Inspector General investigated the stunts, the FTC declined to renew his contract--although it part-timed him to finish up his cases.

This post contains excerpts from the Forbes article, Agent Provocateur, by Kashmir Hill, December 6, 2010.

Something You Don't See Everyday...

2011-01-17T20:27:00.000-08:00

Carly Fiorina is now following you on Twitter!

Carly Fiorina (born Cara Carleton Sneed; September 6, 1954) is an American businesswoman and a former Republican nominee for the United States Senate representing California. Fiorina served as chief executive officer of Hewlett-Packard from 1999 to 2005 and previously was an executive at AT&T and its equipment and technology spinoff, Lucent. She currently serves on the boards of several organizations.

Fiorina was considered one of the most powerful women in business during her tenure at Lucent and Hewlett-Packard. The spinoff, from HP, of Agilent Technologies – which had been initiated by her predecessor, Lew Platt – was completed shortly after she joined the company in 1999. Under her leadership, in 2002, the company completed a contentious merger with rival computer company Compaq. In 2005, Fiorina resigned as CEO of Hewlett-Packard.

In 2008, Fiorina served as an advisor to Republican presidential candidate John McCain. In November 2009, Fiorina announced she would challenge incumbent Democrat Barbara Boxer for her United States Senate seat representing California.^[1] On June 8, 2010, Fiorina won the Republican primary election, but lost the general election on November 2, 2010 to Boxer.^[2]

Check out Carly online at http://www.carlyfiorina.com/.

RIM Under Pressure

2011-01-11T09:48:00.000-08:00

Research in Motion said Monday it will work with Indonesia's carriers to filter out pornography websites as soon as possible for BlackBerry subscribers.

Internet service providers are required by law to block pornographic content, said Heru Sutadi, commissioner of Badan Regulasi Telekomunikasi Indonesia (BRTI), the telecommunications regulator in the country. If RIM does not block pornographic sites, Indonesia may consider blocking the service, Sutadi said.

Tifatul Sembiring, Indonesia's minister of communications and information, had warned of legal action if RIM did not filter pornographic web sites, according to media reports.

RIM said in its statement that it shares Sembiring's sense of urgency on the matter and that it is fully committed to working with Indonesia's carriers to put in place "a prompt, compliant filtering solution for BlackBerry subscribers in Indonesia."

A meeting between RIM and the government is scheduled for Jan. 17. “We hope RIM will be compliant by then,” Sutadi said.

The BRTI is also pressing RIM on an earlier demand that RIM should install a server in Jakarta so that domestic communications traffic does not go out of the country, Sutadi said. It also wants access to some of the communications for security reasons.

RIM is already under pressure in India to allow the country's security agencies access to communications on its services. The company has agreed to provide lawful access under certain conditions to traffic in India on the BlackBerry Messenger service, but said that it does not have the technical ability to provide its customers' encryption keys for its corporate service, the BlackBerry Enterprise Server.

This post contains excerpts from the NetworkWorld article, RIM to block access to pxxx on Blackberry in Indonesia, by John Ribero, January 10th, 2011.

HP Beats Lockheed for $2.5B NASA ACES

2011-01-07T12:23:00.000-08:00

HP Enterprise Services won a $2.5 billion NASA contract to manage, secure and maintain its IT infrastructure across all of the agency’s research and flight centers. The program is called Agency Consolidated End-User Services, or ACES, and stretches out over 10 years.

The contract is a firm-fixed-price, task order contract with a four-year base period with two three-year option periods. The contract will be managed at the NASA Shared Services Center (NSSC) in Mississippi.

“The NASA contract is very important for HP and we are honored to have been selected," said Dennis Stolkey, senior vice president, HP Enterprise Services, U.S. Public Sector.

According to a source at NASA, only HP Enterprise Services and Lockheed Martin were in the final stages of the bidding. Lockheed Martin confirmed this to Washington Technology and offered a statement on the bidding.

“Our team is disappointed that NASA selected another solution to perform its consolidated end-user services," a spokesperson for Lockheed Martin said. "We submitted a ‘best-value’ solution based on our knowledge of the program and our understanding of NASA’s mission. We continue to serve NASA on other contracts. "

The ACES contract is NASA’s solution to develop a long-term outsourcing arrangement with the commercial sector to provide and manage most of NASA's personal computing hardware, agency-standard software, mobile IT services, peripherals and accessories, associated end-user services, and supporting infrastructure.

The contract award is part of the final stages of the restructuring of NASA's departmentwide IT infrastructure. ACES is one of five "towers"of the agency's IP3 IT overhaul (the desktop/end user component). With the $2.5 billion award, the project has passed the halfway mark for the reported $4.3 billion dollar project.

Previously, a lot of NASA's managed services had been provided through the Outsourcing Desktop Initiative for NASA (ODIN) contract that was awarded to Lockheed Martin and had been in place for the last 10 years. Most of what was managed through ODIN will now be moved to the ACES project.

"The majority of ODIN will transfer to the ACES project," said Mike Sweigart, director of procurement at NASA's Shared Services Center. "Anything that plugs into a wall, multifunctional devices, mobile, smart phones, virtual seats ... ."

The center opened in 2006 on the grounds of NASA’s Stennis Space Center near Kiln, Miss. It is a public/private initiative between NASA and Computer Sciences Corp. Its purpose is to consolidate NASA activities from all NASA centers in the areas of financial management, human resources, IT and procurement.

This post is excerpted from the Washington Technology article, HP comes up ACES with $2.5B NASA win, January 3rd, 2011.

Veterans Day

2010-11-11T05:25:00.000-08:00

The Veterans Day National Ceremony is held each year on November 11th at Arlington National Cemetery . The ceremony commences precisely at 11:00 a.m. with a wreath laying at the Tomb of the Unknowns and continues inside the Memorial Amphitheater with a parade of colors by veterans’ organizations and remarks from dignitaries. The ceremony is intended to honor and thank all who served in the United States Armed Forces.

The Veterans Day National Committee also selects a number of regional sites for Veterans Day observances throughout the country. From stirring parades and ceremonies to military exhibits and tributes to distinguished veterans, these events serve as models for other communities to follow in planning their own observances.

For questions and more information about Veterans Day Observances, please contact the Veterans Day Coordinator.

Burma Goes Dark: DDos Attack

2010-11-05T09:03:00.000-07:00

Earlier this week, Burma dropped off the internet. A massive Distributed Denial of Service [DDoS] attack on the country's servers brought their network to a halt. Exactly why, no one knows, but many speculate that the outages are intended to prevent news from flowing out of the country during the impending elections, that many have touted as fraudulent. From the AFP:

Internet users in the military-ruled country have reported slow connections and sporadic outages for more than a week, and some suspect the junta may be intentionally disrupting services to block news flowing out.

Web service providers have blamed the troubles on outside attacks.

"Our technicians have been trying to prevent cyber attacks from other countries," a technician from Yatanarpon Teleport Co. told AFP on condition of anonymity.

The country holds general elections this weekend for the first time in 20 years. Elections that many think are a sham. The BBC is one of the few outlets to get a reporter in the country [they've banned journalists] and he spoke with Aung San Suu Kyi's spokesman. She's called for a boycott of the elections.

This election is like a feast which is poisoned, we cannot join the feast because poisoned fruits are served. It is just to prolong military rule. Only by boycotting the elections can we put pressure on the military rulers.

Craig Labovitz at Arbor Networks has done quite a bit of analysis on the attacks. He says the DDoS is more than enough to take down Burma's internet.

While DDoS against e-commerce and commercial sites are common [hundreds per day], large-scale geo-politically motivated attacks — especially ones targeting an entire country — remain rare with a few notable exceptions. At 10-15 Gbps, the Burma attack is also significantly larger than the 2007 Georgia [814 Mbps] and Estonia DDoS. Early this year, Burmese dissident web sites [hosted outside the country] also came under DDoS attacks.

This post contains excepts from Slash-Dot and from the NPR article, Myanmar Internet Under Cyberattack, by JJ Sutherland, November 5th, 2010.

IT Security Leadership: More Than Just Tech

2010-11-04T10:06:00.000-07:00

Retired US Air Force Gen. Harry Raduege, now Chair of the Deloitte Center for Cyber Innovation and co-chair of the Commission on Cybersecurity for the 44th Presidency spoke with Eric Chabrow, Executive Editor at GovInfoSecurity.com on the topic of leadership in IT security.

Especially for managers, infosec pros must know about education, governance, intellectual property, law, policy, privacy and strategy, says Harry Raduege, co-chair of an influential panel on cybersecurity.

Technical skills will get you only so far as an IT security professional. To get ahead, especially for managers, cybersecurity specialists must gain an understanding of governance, intellectual property, law, policy, privacy education and strategy.

"Technical people can find jobs alone in technical areas but certainly, if you want to enhance your opportunities for career advancement, skills and these other multi-disciplines would certainly help you," retired Air Force Gen. Harry Raduege, co-chair of the Commission on Cybersecurity for the 44th Presidency and chairman and director of the Deloitte Center for Cyber Innovation, says in an interview with GovInfoSecurity.com.

"There's always going to be a need for just the technical skills, but as you rise in organization to higher management and leadership positions, I think you going to need to have the general understanding and involvement with the other disciplines involved in cybersecurity," says Raduege, the former director of the Defense Information Systems Agency.

In the interview with GovInfoSecurity.com's Eric Chabrow, which focused on the government IT security workforce, Raduege also discussed the:

Strengths and weaknesses of the federal government's cybersecurity workforce;

Need for agencies to collaborate, to share workers, as evidenced by the recent agreement between the Defense Department's National Security Agency and the Department of Homeland Security; and

Reasons behind the exploding need for cybersecurity professionals. "If there's something involved with bits, bytes and packets, the electronic connectivity that's required in moving that, it's going to require cybersecurity professionals," he says.

Check out the interview at GovInfoSecurity.

Human Quarantine Model

2010-11-01T08:17:00.000-07:00

Eric Chabrow at GovInfoSecurity writes on retired Air Force General Harry Raduege's Commission on Cybersecurity for the 44th Presidency researching how to parallel the way the World Health Organization quarantines human beings and the way a cyberorganization could quarantine products and software in an international information network:

Could methods employed by the World Health Organization to quarantine people to prevent the spread of deadly diseases provide a roadmap on how to prevent virtual viruses from spreading in the cyberworld?

The Commission on Cybersecurity for the 44th Presidency, the group that provided President Barack Obama with a blueprint on how to secure the government's and nation's critical IT infrastructure, is seeking an answer to that question.

"There could be some parallels with the World Health Organization where we would establish an international-type understanding to ensure quarantines of certain ill computer products and software capabilities until they are cleaned for proper use on the international information network of the Internet," retired Air Force Gen. Harry Raduege, commission co-chair and director of the Deloitte Center for Cyber Innovation, said in an interview Friday.

The World Health Organization has developed robust procedures to quarantine people with certain infection so others aren't contaminated. "We just don't allow them to get on an airplane or travel through the metro and spread their infectious disease," Raduege said. Analogous processes could be used to prevent computer viruses from spreading, he said.

Asked whether quarantines would be limited to software, or could be extended to hardware or networks, Raduege answered that's what a commission working group is exploring. Commission recommendations would likely be a start to identifying a solution, not a final resolution. "Certainly, we won't have all the answers," he said, "but perhaps we will be the catalyst that will cause some additional thought process to be established in this area."

Unlike the original report, a comprehensive set of recommendations issued shortly after the presidential election two years ago, future studies from the commission will appear as white papers, such as the one issued in July, A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters.

For more, visit GovInfoSecurity.

Pontiac Passes At 84

2010-10-31T17:49:00.000-07:00

Pontiac, whose muscle cars drag-raced down boulevards, parked at drive-ins and roared across movie screens, is going out of business on Sunday.

The 84-year-old brand, moribund since General Motors decided to kill it last year as it collapsed into bankruptcy, had been in decline for years. It was undone by a combination of poor corporate strategy and changing driver tastes. On Oct. 31, GM's agreements with Pontiac dealers expire.

Even before GM's bankruptcy, Pontiac's sales had fallen from their peak of nearly one million in 1968, when the brand's speedier models were prized for their powerful engines and scowling grills.

At Pontiac's pinnacle, models like the GTO, Trans Am and Catalina 2+2 were packed with horsepower and sported colors like "Tiger Gold." Burt Reynolds and Sally Field fled the law in a Firebird Trans Am which raced through the 1970s hit movie "Smokey and the Bandit."

By the late 1980s, though, Pontiacs were taking off their muscle shirts, putting on suits and trying to act like other cars. The brand had lost its edge.

Bill Hoglund, a retired GM executive who led Pontiac during its "We Build Excitement" ad campaigns in the 1980s, blames the brand's demise on a reorganization under CEO Roger Smith in 1984. That overhaul cut costs by combining Pontiac's manufacturing, engineering and design operations with those of other GM brands.

"There was no passion for the product," says Hoglund. "The product had to fit what was going on in the corporate system."

Although the moves were necessary to fend off competition from Japanese automakers with lower costs, they yielded Pontiacs that looked and drove like other GM cars.

By 2008, the last full year before GM announced Pontiac's shutdown, sales were 267,000, less than a third of those sold in 1968.

Formed in 1926, Pontiac made cars for the working class until a sales slump in the 1950s nearly killed it. GM revived the brand by connecting it to auto racing. From then on, each Pontiac sales boom was driven by speed; each bust generally featured outdated or boring rides.

The brand's most storied muscle car, the GTO, came about when some GM engineers took a small car called the Tempest and put a powerful V8 engine under the hood. The letters stood for "Gran Turismo Omologato," Italian for "ready to race."

Sparked by the GTO, the Pontiac brand thrived, making up 17 percent of the 5.4 million cars and trucks GM sold in the U.S. in 1968. The GTO even spawned its own 1960s hit song.

"C'mon and turn it on, wind it up, blow it out GTO," was the chorus of the tune by Ronny and the Daytonas.
Pontiac's decline stemmed from a lack of a consistent strategy or leadership. Executives rotated through every few years on their way up the corporate ladder, each with a different vision. Some even tried to make Pontiac a luxury brand.

One strategy that eventually hurt the brand was rebadging: putting the guts of less powerful GM cars inside the skins of Pontiacs.

Big economic shifts also damaged the brand. Two gas spikes in the 1970s steered Americans toward smaller cars with more fuel-efficient engines, areas dominated by Japanese automakers in the U.S.

About two dozen unsold Pontiacs now linger at dealerships around the country, including a maroon G5 coupe that sits awkwardly in a no-man's land between used cars and new models next to the showroom at Orr GM Superstore near Little Rock, Ark. The car, which is really just a poky Chevrolet Cobalt gussied up with a spoiler, fancy wheels and the red arrowhead Pontiac logo, has been on the lot for more than 700 days. Sales Manager Alex Valencia has knocked almost $7,000 off the sticker price, down to $16,585.

Despite spells of success during the last 30 years, Pontiac never returned to its supercharged sales of the 1960s.

A low point was the late 1990s, when Pontiac came up with Aztek, an attempt to merge campers with SUVs and win over young, outdoorsy Americans. The vehicle, which seemed more like a cross between a minivan and armored car, flopped.

In the mid-2000s, GM tried to rekindle the brand with powerful sedans, such as the G8, which harkened back to the GTO. But dealers wanted a full model lineup, and GM gave them renamed Chevrolets, diluting Pontiac's performance image, says Bob Lutz, GM's former product guru who headed up the effort to reinvigorate Pontiac.

This year, Pontiac's sales are less than 1 percent of the 2.2 million cars and trucks GM is expected to sell. GM built the last Pontiac in May.

Even after their Pontiac agreements expire, GM dealers will continue to service the cars and honor their warranties. But after this weekend, any new Pontiacs that remain on dealer lots will be considered used cars by GM.

FBI: Abdel Hameed Shehadeh Arrested

2010-10-28T09:35:00.000-07:00

Federal agents in Hawaii on Friday arrested an American born Muslim named Abdel Hameed Shehadeh based on a federal criminal complaint issued in Brooklyn, New York charging him with making false statements to federal officials in a matter involving international terrorism.

The complaint alleges the 21 year old Shehadeh lied to investigators on several occasions about the purpose of his travel to Pakistan, that he claimed he was going to attend a religious school when his real intention was to join the Taliban and fight U.S. military forces. When those efforts failed because he was denied entry into Pakistan, Shehadeh tried to join the U.S. Army with the intention of being deployed to Iraq and deserting and joining the Islamic insurgency there to fight against the American military. Shehadeh, according to the complaint, was denied enlistment into the U.S. military because he lied to the Army recruiter about his previous attempted entry into Pakistan.

The federal charges state Shehadeh constructed jihadist websites that contained postings by wanted American born al-Qaeda operative Anwar al-Awlaki and al-Qaeda leader Ayman al-Zawahiri. Those websites were linked, among others, to Revolution Muslim, described in the charging complaint as “a radical group based in New York that has expressed its agreement with the ideologies of al-Qaeda and other terrorist organizations.”

The complaint identified an email address associated with Shehadeh as “mujahideen@civiljihad.com.” The complaint explained the term “mujahideen” as meaning “Muslim guerrilla warriors engaged in a jihad.” The term “jihad” is referenced numerous times in the complaint in the obvious context of terrorism, or the more commonly known definition of “holy war.” The affiant FBI Special Agent further stated that based on his training, experience and interviews of cooperating witnesses, he knew that fighters for al-Qaeda refer to themselves as “mujahideen.”

The explanation of the jihadist terminology contained within the criminal complaint is noteworthy, as it demonstrates an official recognition by Federal law enforcement engaged in counter-terrorism investigations the true nature of these terms as used and understood by the terrorist enemy, as opposed to the obfuscation of those terms espoused by many of the apologists for those same jihadists.

This post is excerpted from the Counterterrorism Blog article, Feds Nab Suspected Terror Traitor In The Making, by Bill West, October 26th, 2010. For more multi-expert opinions dedicated solely to counterterrorism issues for policymakers and serious researchers providing real-time information about terrorism cases and policy developments, visit CTB.

Who Needs An Office?

2010-10-26T08:12:00.000-07:00

Cisco announced results of an international workplace study last week that reveals three of five workers around the world believe that they do not need to be in the office anymore to be productive. In fact, their desire to be mobile and flexible in accessing corporate information is so strong that the same percentage of workers would choose jobs that were lower-paying but had leniency in accessing information outside of the office over higher salaried jobs that lacked flexibility. These and numerous other findings provide real-life insight into the expectations, demands, and behavior of the global workforce that is influencing the way information is accessed and how business communications are changing.

The study, called The Cisco Connected World Report, was presented by Cisco executives during a live Internet TV broadcast. To view the broadcast, click here: www.ustream.tv/ciscotv

Key Findings

Employee Desire for Mobility, Work Flexibility Very Strong

The study, which involved surveys of 2,600 workers and IT professionals in 13 countries, revealed that three of every five employees (60 percent) believed it was unnecessary to be in the office to be productive. This was especially the case in Asia and Latin America. More than nine of 10 employees in India (93 percent) said they did not need to be in the office to be productive. This sentiment was extremely prevalent in China (81 percent) and Brazil (76 percent) as well.
Two of every three employees surveyed (66 percent) expect IT to allow them to use any device – personal or company-issued – to access corporate networks, applications, and information anywhere at any time, and they expect the types of devices to continue diversifying. In the future, employees expect their choice of network-connected endpoints to broaden to non-traditional work devices like televisions and navigation screens in cars.
For employees who can access corporate networks, applications, and information outside of the office, about half of the respondents (45 percent) admitted working between two to three extra hours a day, and a quarter were putting in four hours or more. However, extra hours do not translate to always-on, on-demand employees. They simply want the flexibility to manage their work-life balance throughout their waking hours.
Employees also feel strongly about having the flexibility to work anywhere that it would dictate their company loyalty (13 percent), choice of jobs (12 percent), and morale (9 percent). For example, two of three employees worldwide (66 percent) said they would take a job with less pay and more flexibility in device usage, access to social media, and mobility than a higher-paying job without such flexibility. This percentage was higher in some countries, such as Spain (78 percent), despite economic woes the past couple years.

Can Businesses Meet Employee Needs?

Almost half of the IT respondents (45 percent) said they are not prepared policy- and technology-wise to support a more borderless, mobile workforce. Not surprisingly, security is the top concern.
Although many of the IT respondents felt security (57 percent), budget (34 percent), and staff expertise (17 percent) were the biggest barriers to enabling a more distributed workforce, employees often felt IT and corporate policies were the obstacles. This perception among employees was extremely prevalent in India, where more than half (58 percent) felt IT was the obstacle to a more flexible work style.

Employee Behavior Indicates Education, Corporate Policies as Important as Technology

About one in five (19 percent) employees globally said they have noticed strangers looking at their computer screens in public, while an additional 19 percent admitted that they never think to check their surroundings.
Nearly one in five (17 percent) employees admitted leaving devices unattended in public.
Almost three of every five employees globally (58 percent) admitted that they have allowed non-employees to use their corporate devices unsupervised.
As workforces become more distributed, the potential for data loss increases. One of four IT respondents (26 percent) said one-fourth of the devices issued to employees in the past 12 months had already been lost or stolen.
As workforces become increasingly mobile, security and risk management concerns inevitably grow. The findings indicate the real need for better corporate policies, end-user education, and stronger, trusted relationships between employees and IT departments. How well IT brokers these relationships impacts a company's growth, productivity, competitive advantage, as well as its risk management.

About the Study

The study was commissioned by Cisco and conducted by InsightExpress, a third-party market research firm based in the United States.
Cisco commissioned the study to maintain its understanding of present-day challenges that companies face as they strive to address employee and business needs amid increasing mobility capabilities, security risks, and technologies that can deliver applications and information more ubiquitously – from virtualized data centers and cloud computing to traditional wired and wireless networks.
The global study focuses on two surveys – one centering on employees, the other on IT professionals. Each survey included 100 respondents from each of the 13 countries, resulting in a survey pool of 2,600 people.
The 13 countries include the United States, Mexico, Brazil, United Kingdom, France, Spain, Germany, Italy, Russia, India, China, Japan, and Australia.

Ten Sins To Get Your Geek Card Revoked

2010-10-22T07:49:00.000-07:00

10. Admitting that you like iTunes
Sure, it’s convenient for buying music and media in one place and syncing it to an iPod or iPhone, but iTunes has a draconian DRM system and it started out as one of the worst pieces of software ever built. And, it hasn’t gotten much better.

9. Not knowing the difference between binary and hexadecimal
Binary is the basis of all computing and is simply composed of zeros and ones. Hexadecimal is a 16-digit numeric system — based on numbers 0-9 and letters A-F — that represents binary in a more friendly way. Know the difference.

8. Not knowing what MMORPG stands for
Even if you don’t play games (or rarely play) you should know that an MMORPG is a “massively multiplayer online role-playing game,” also known as the alternate reality for geeks. The biggest one is World of Warcraft (WoW), a cultural phenomenon with over 12 million subscribers.

7. Loving your cable or telecom company
Geeks built the Internet. Geeks live on the Internet. Geeks love the Internet. However, the companies that bring us the Internet to our homes and offices — the telecoms and cable companies — are doing everything they can to wall it off, manipulate it for their own financial gain, and stop geeks from using it so much. For as long as they do that, they will remain at war with the geekosphere.

6. Not knowing the name of the book that Blade Runner was based on
Blade Runner is one of the greatest sci-fi movies of all time. If you’re a true geek, you’ve seen it multiple times. But, not only that, you also know that it’s based on Philip K. Dick’s “Do Androids Dream of Electric Sheep?” which is one of the best-titled stories in all of literature and an absolute classic in science fiction.

5. Confusing Star Wars and Star Trek
If someone mentions a Wookie and a Klingon and you’re not sure which one was part of the Star Wars universe and which one belongs to the Star Trek milieu, you are definitely not a geek.

4. Believing the “free” in open source refers to price
Repeat after me, “Open source does not mean it doesn’t cost anything.” Sure, some open source software is freely available to download at no cost. But, that’s not a requirement of open source. There is plenty of open source software that requires a fee. When open source talks about “free” software, they are referring to “free” as in “freedom.” It is freedom from overreaching licensing agreements. You’ll also hear this concept referred to as “Gratis verses Libre.”

3. Defending Facebook for its privacy transgressions
Look, Facebook is lucky the entire geekosphere hasn’t dropped it like a bad habit after all of the crap they’ve pulled in changing and violating their own lackluster privacy policies. Leo Laporte nearly led a geek revolt out of Facebook in May 2010. The only thing that prevented it was lack of a viable alternative.

2. Taking something into Geek Squad to get fixed
Best Buy’s Geek Squad has a few legitimate geeks on staff; however, too many of their technicians are completely clueless and can do more harm than good to your equipment. Besides, if you’re geek, just geek-up, open up the case, and fix it yourself. (Exception: It’s acceptable to go to the Geek Squad counter to exchange a DOA device that is still under warranty. Just don’t let us catch you asking for advice.)

1. Buying a paper computer book at Barnes & Noble
In 1999, if you wanted to quickly learn more about HTML or Exchange 5.5 or Apache or how to earn CCNA certification, you’d typically make a quick trip to your nearest book superstore like Barnes & Noble or Borders and comb through the huge selection of computer books. However, this is 2010. Any computer book you find at a bookstore is at least six months out of date. Almost everything you need to know is available on the web for free or in ebook format that you can quickly download to your laptop or tablet. Buying a dead-tree tome about a new technology is an immediate tip-off that your geek credentials are in question.

Jason Hiner is the Editor in Chief of TechRepublic. He writes about mobile computing, emerging technologies, and enterprise IT. He examines the latest trends and asks the big questions. You can also find him on Twitter, Facebook, LinkedIn and at JasonHiner.com.

Windows 7: The Phone

2010-10-21T18:59:00.000-07:00

Microsoft launched the Windows Phone 7 last week [in case you missed it], and Jason Mick at DailyTech had this to say:

Following up on its soft launch of Windows Phone 7 yesterday in New York City [hardware does not ship until November 8 in the U.S.], Microsoft has aired new commercials plugging the platform.

Advertising and Microsoft don't always play nicely together. While Apple was airing its incredibly successful "Get a Mac" commercials, Microsoft was pitching campaigns like "Don't Blame Vista" and the ill-fated, obtuse Jerry Seinfeld-Bill Gates commercials.

Recently, Microsoft showed some signs of improvement with its recent "I'm a PC" and "Laptop Hunters" series of commercials, both of which struck on peoples' populist sensibilities.

For those hits, though, it had another glaring miss, though -- its advertisement for its Kin smartphone. Kin debuted a series of bizarre commercials, which included a man appearing to stalk his ex-lover.

Now, however, Microsoft is back for more with its new Windows Phone 7 ad campaign. The new commercials are by Crispin Porter + Bogusky -- the advertising firm behind both the Seinfeld-Gates commercials and the more successful "I'm a PC"/"Laptop Hunters" commercials.

The first one features a bunch of people who should be paying attention with their heads glued to their phones. There's the guy on the beach among girls in bikinis, a women running, a masseuse, a man sharing an intimate evening with his wife, a surgeon, a father playing catch with his son, and more. All are intently fixed on one thing -- their phones -- when they clearly should be focusing their attention elsewhere.

Friends, loved-ones, lovers, and passerbys all deliver the same punchline -- "Really?!" -- channeling their best inner Seth Meyers/Amy Poehler [who made that phrase famous on Saturday Night Live].

And the commercial wraps up with the line, "It's time for a phone to save us from our phones. New Windows Phone, designed to get you in, out, and back to life."

The text "Be here now." then rolls. The commercial is set to Edvard Grieg's Opus 23 [better known as "In the Hall of the Mountain King"].

A second commercial is set to Donovan's "Season of the Witch" and shows a gathering of people in an urban area all ensorcelled by their smartphones. The commercial concludes with the same lines.

The good thing about Microsoft's new phone commercials is they seem to convey what Microsoft feels is its strongest point -- an easy to use interface. Whether that assertion is valid remains to be seen when it puts its phone in the hands of the masses next month. For now, though, it seems to do the job in driving home the company's opinion on this point.

With Microsoft's market share dropping faster than a phone in a urinal [see the first commercial], the company is looking for a hit.

Staff Sergeant Robert J. Miller

2010-10-08T06:44:00.000-07:00

Official Citation, Staff Sergeant Robert J. Miller, United States Army.

For conspicuous gallantry and intrepidity at the risk of his life above and beyond the call of duty:

Staff Sergeant Robert J. Miller distinguished himself by extraordinary acts of heroism while serving as the Weapons Sergeant in Special Forces Operational Detachment Alpha 3312, Special Operations Task Force-33, Combined Joint Special Operations Task Force-Afghanistan during combat operations against an armed enemy in Konar Province, Afghanistan on January 25, 2008. While conducting a combat reconnaissance patrol through the Gowardesh Valley, Staff Sergeant Miller and his small element of U.S. and Afghan National Army soldiers engaged a force of 15 to 20 insurgents occupying prepared fighting positions. Staff Sergeant Miller initiated the assault by engaging the enemy positions with his vehicle’s turret-mounted Mark-19 40 millimeter automatic grenade launcher while simultaneously providing detailed descriptions of the enemy positions to his command, enabling effective, accurate close air support.

Following the engagement, Staff Sergeant Miller led a small squad forward to conduct a battle damage assessment. As the group neared the small, steep, narrow valley that the enemy had inhabited, a large, well-coordinated insurgent force initiated a near ambush, assaulting from elevated positions with ample cover. Exposed and with little available cover, the patrol was totally vulnerable to enemy rocket propelled grenades and automatic weapon fire. As point man, Staff Sergeant Miller was at the front of the patrol, cut off from supporting elements, and less than 20 meters from enemy forces. Nonetheless, with total disregard for his own safety, he called for his men to quickly move back to covered positions as he charged the enemy over exposed ground and under overwhelming enemy fire in order to provide protective fire for his team.

While maneuvering to engage the enemy, Staff Sergeant Miller was shot in his upper torso. Ignoring the wound, he continued to push the fight, moving to draw fire from over one hundred enemy fighters upon himself. He then again charged forward through an open area in order to allow his teammates to safely reach cover. After killing at least 10 insurgents, wounding dozens more, and repeatedly exposing himself to withering enemy fire while moving from position to position, Staff Sergeant Miller was mortally wounded by enemy fire. His extraordinary valor ultimately saved the lives of seven members of his own team and 15 Afghanistan National Army soldiers. Staff Sergeant Miller’s heroism and selflessness above and beyond the call of duty, and at the cost of his own life, are in keeping with the highest traditions of military service and reflect great credit upon himself and the United States Army.

Congressional Medal of Honor Society

Congressional Medal of Honor Society Donations

Congressional Medal of Honor Society Scholarship Fund

Facebook: TMI

2010-09-28T15:23:00.000-07:00

So, you posted something to Facebook that you now wish you hadn't. Most people have. But how do you remove it? Removing it from view is the simple part.

As you're logged on and viewing your Wall, hover your mouse over the post and you should see a "Remove" button appear on the right-hand side of the post. Left-click on the "Remove" button, and the post immediately disappears from your Wall. Crisis averted.

However, that post forever exists in the Facebook databases. There are 500,000,000 [read: "five hundred million"] Facebook users, all of which have given up personally identifiable information [PII] that gets handed around to marketers, sales folk, and human resources professionals by the microsecond--and, for a price. You don't become a teenage billionaire by not having the goods. Part of your PII is the trending for your visited sites, applications used, friends lists, when you post, from where you post, and the syntax of your posts--just to note a handful.

There is a rather lengthy and arduous process for deleting your Facebook account, if you are so inclined. You can follow the link here for that process--remember, you must be logged in to complete it. However that will not remove the posts, either. The account lives on in cold storage, with all its data intact--that PII with all your posted rantings for 'Eighties hair-bands, your epic Farmtown sheep herd, and the embarrassing pictures from your ex-husband's "private" collection.

This may seem rather obvious: If you don't want people to know it, don't put it on Facebook. For many, it doesn't seem so. Some Facebook members feel the need to vent to friends and family about their job, or their coworkers, and are under the impression their profile is private. This is never the case. Even if you have your privacy settings rock-solid, the next patch [which happens often and at any given time, not just when you log-on] typically resets them back to the default of "public", also known as "show-everything-to-everyone-all-the-time." Although, users need to be more mindful not only about privacy settings, but about keeping work-related rants to themselves.

The CSO article, Six Facebook, Twitter Mistakes That Can Get You Fired, by Joan Goodchild, September 27th, 2010, pleads "just don't do it."

"Often someone will post something and then think, days later, maybe I shouldn't have done that. You can't blame the social network for that. People need to take more personal responsibility for what they post. Even if you have your privacy settings locked down, remember that Facebook redesigns can cause settings to default back to public, making the content available for everyone to see until the user goes in and resets it."

This was the case with a teacher from Cohassett, Massachusetts who was fired from her job in August after posting on Facebook that she wasn't looking forward to another year in the district. June Talvitie-Siple, who also had called the students 'germ bags' in another update, did not realize her settings went public after a recent Facebook change. She serves as a good reminder to check your privacy settings regularly.

Then there are those who are just plain forgetful. Like a woman who sounded off on her boss in a post that has now become internet legend. Unfortunately, that boss was also a Facebook friend who could easily view her posts.

The woman updated her status to read: "OMG I HATE MY JOB!! My boss is a total pervvy (sic) w**ker, always making me do s**t stuff just to p**s me off!! W**ker!"

The boss commented: "I guess you forgot about adding me on here?" and ended with "Don't bother coming in tomorrow. And yes, I'm serious."

Finally, if you don't want people to know it, don't put it on Facebook. If you feel the need to share, call up some friends and head down to the coffee shoppe and all have a laugh there. Those are probably your real friends, and heaven knows the coffee shoppe could use the business.

And call your Mom and Dad. They miss you.

Going Dark

2010-09-27T07:59:00.000-07:00

This is a read from the New York Times article, U.S. Wants to Make It Easier to Wiretap the Internet, by Charles Savage, September 27th, 2010.

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.

Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.

The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally.

James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” — including its decentralized design.

“They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet,” he said. “They basically want to turn back the clock and make Internet services function the way that the telephone system used to function.”

But law enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers.

“We’re talking about lawfully authorized intercepts,” said Valerie E. Caproni, general counsel for the Federal Bureau of Investigation. “We’re not talking expanding authority. We’re talking about preserving our ability to execute our existing authority in order to protect the public safety and national security.”

Investigators have been concerned for years that changing communications technology could damage their ability to conduct surveillance. In recent months, officials from the F.B.I., the Justice Department, the National Security Agency, the White House and other agencies have been meeting to develop a proposed solution.

There is not yet agreement on important elements, like how to word statutory language defining who counts as a communications service provider, according to several officials familiar with the deliberations.

But they want it to apply broadly, including to companies that operate from servers abroad, like Research in Motion, the Canadian maker of BlackBerry devices. In recent months, that company has come into conflict with the governments of Dubai and India over their inability to conduct surveillance of messages sent via its encrypted service.

In the United States, phone and broadband networks are already required to have interception capabilities, under a 1994 law called the Communications Assistance to Law Enforcement Act. It aimed to ensure that government surveillance abilities would remain intact during the evolution from a copper-wire phone system to digital networks and cellphones.

Often, investigators can intercept communications at a switch operated by the network company. But sometimes — like when the target uses a service that encrypts messages between his computer and its servers — they must instead serve the order on a service provider to get unscrambled versions.

Like phone companies, communication service providers are subject to wiretap orders. But the 1994 law does not apply to them. While some maintain interception capacities, others wait until they are served with orders to try to develop them.

The F.B.I.’s operational technologies division spent $9.75 million last year helping communication companies — including some subject to the 1994 law that had difficulties — do so. And its 2010 budget included $9 million for a “Going Dark Program” to bolster its electronic surveillance capabilities.

Beyond such costs, Ms. Caproni said, F.B.I. efforts to help retrofit services have a major shortcoming: the process can delay their ability to wiretap a suspect for months.

Moreover, some services encrypt messages between users, so that even the provider cannot unscramble them.

There is no public data about how often court-approved surveillance is frustrated because of a service’s technical design.

But as an example, one official said, an investigation into a drug cartel earlier this year was stymied because smugglers used peer-to-peer software, which is difficult to intercept because it is not routed through a central hub. Agents eventually installed surveillance equipment in a suspect’s office, but that tactic was “risky,” the official said, and the delay “prevented the interception of pertinent communications.”

Moreover, according to several other officials, after the failed Times Square bombing in May, investigators discovered that the suspect, Faisal Shahzad, had been communicating with a service that lacked prebuilt interception capacity. If he had aroused suspicion beforehand, there would have been a delay before he could have been wiretapped.

To counter such problems, officials are coalescing around several of the proposal’s likely requirements:

Communications services that encrypt messages must have a way to unscramble them.

Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.

Developers of software that enables peer-to-peer communication must redesign their service to allow interception.

Providers that failed to comply would face fines or some other penalty. But the proposal is likely to direct companies to come up with their own way to meet the mandates. Writing any statute in “technologically neutral” terms would also help prevent it from becoming obsolete, officials said.

For more of the Times article, visit The New York Times.

Frontline: US Customs and Border Protection

2010-09-09T14:10:00.000-07:00

After a successful debut earlier this year, National Geographic Channel will premiere a second season of the show Border Wars which features the men and women of U.S. Customs and Border Protection.

With CBP as the focus, the producers have captured operations throughout southern California, in Del Rio, Texas, in Miami, in Puerto Rico and in Laredo, Texas. CBP operations in Nogales, Ariz., that made up the first season, garnered the highest ratings of any premiere in the channel's history.

This season features agents on ATVs, drug interdictions at the ports of entry, outbound operations, interdictions in the Caribbean and security operations at Super Bowl XLIV in Miami.

For many Americans and viewers around the world, Border Wars will be an eye-opening experience, illustrated through the lens of one of the most respected names in the information age. For CBP, the series is a reflection of the agency's values of vigilance, integrity and service to country.

In addition, the CBP publishes Frontline, the US Customs and Border Protection magazine, seen above.

More information on the show and upcoming episode air dates are available at National Geographic Channel Border Wars.

British and French Not Sharing Carriers

2010-09-09T12:14:00.000-07:00

USS Enterprise alongside the Charles-de-Gaulle.

News reports surfaced this past week that in a drastic bid to trim government spending Britain and France were discussing sharing aircraft carriers. Britain currently operates two carriers, HMS Ark Royal and HMS Illustrious, with two more under construction, while France operates the large deck carrier Charles de Gaulle.

Today, British and French officials threw cold water on the idea with Britain’s defense secretary Liam Fox calling the carrier time share idea “utterly unrealistic.” The two countries are discussing sharing aerial refueling aircraft and maintenance on the A400M transport aircraft and further industry collaboration, reports the Financial Times.

In a related story, Britain’s Telegraph reports that the Royal Navy may abandon plans to buy the short take off and vertical landing version of the F-35 in favor of the carrier launch version to replace their Harrier jump jets. That would mean fixing catapults on the carriers under construction; the new carriers are not due to enter service until 2014 and 2016.

This post contains excerpts from The Guardian article by Helene Mulholland, on August 31st, 2010, and the DefenseTech article by Greg Grant, September 3rd, 2010.

Four Thousand... And Counting

2010-08-04T08:41:00.000-07:00

Thank you for the 4,000th visit! In celebration, a Safari-friendly remodel.

The Cybersecurity Initiative

2010-07-07T06:18:00.000-07:00

After years of discussions about the nation's vulnerabilities, the debate in Washington has gathered steam in recent months, driven in part by the December cyberattack originating from China on Google and dozens of other companies.

The fundamental worry is this: With so much of the nation's critical infrastructure -- from electricity grids to financial systems -- run by computers over the Internet, there is no coordinated plan in place to monitor cyber threats or respond to a major attack.

Exacerbating the challenge, experts say, is that the vast majority of that infrastructure is controlled by private companies, all having different cybersecurity measures of varying effectiveness.

Amid amplifying alarms that the U.S. is unprepared for a cyberattack that could cripple electricity grids, shut down water and sewage systems or freeze up the financial system, momentum is building in Congress to pass major legislation to boost the country's cyber defenses.

But as lawmakers appear poised to act within months, privacy advocates are concerned about how much control a new law would vest in the federal government to monitor communications over private networks or to control the Internet in the event of an attack. Yet with CIA Director Leon Panetta recently calling a potential cyberattack one of the most underappreciated national security dangers, the need to do something is not in dispute.

"A full-scale cyberattack," Sen. Joe Lieberman, chairman of the Senate Homeland Security and Governmental Affairs Committee, said at a June hearing, "could lead to the death and injury of thousands of people, and could cost our economy billions of dollars."

Counterterrorism experts warn that sophisticated cyberattacks could disable aviation systems, force subways to crash, create massive blackouts and cause dams to fail.

"A lot of the country's assets that used to be just physical are now" controlled by computers "and the government is struggling with how to make that transition," said Kevin Richards, a senior manager for Symantec, the computer security firm.

One of the main bills pending in Congress would establish a cybersecurity chain of command in the federal government and create a clearinghouse for private owners of critical infrastructure to share information about intrusions or threats to their computer networks. A new agency within the federal Department of Homeland Security would implement cybersecurity measures for government agencies and key private sector firms alike.

Sponsored by Sens. Lieberman, Susan Collins, R-Maine, and Thomas Carper, D-Del., and approved in late June by the homeland security panel, the bill, S3480, is one of many cybersecurity measures pending in Congress. Senate Majority Leader Harry Reid, D-Nev., wants the authors to meld their ideas into one bill that could come to the Senate floor possibly this summer or fall.

But controversy is simmering over key issues. Some critics have accused Lieberman of attempting to give the president a "kill switch" to turn off the Internet after a cyberattack. The senator denied the charge, noting that his bill would actually narrow the president's powers over the Internet in the event of a cyberattack compared with what he's authorized to do under current law.

Debates remain about how much control to hand the president and federal government to respond to a cyber emergency, whether that power could threaten privacy and civil liberties, and what information owners of critical infrastructure should be required to share with the government in the name of cybersecurity. Lieberman's bill would allow the president to declare an emergency and compel owners of key infrastructure to take actions -- including shutting off Internet communications if another less intrusive measure was not available -- in response to an attack. The emergency powers would last 120 days at most and would have to be renewed by Congress to extend beyond that.

"The biggest concern is that the government not be put in the middle of private networks so that it monitors private communications for cybersecurity purposes," said Gregory Nojeim, senior director at the Center for Democracy & Technology.

Another key provision focuses on developing cybersecurity expertise, an area in which the U.S. lags far behind countries such as China, said Alan Paller, director of research for the SANS Institute, a cybersecurity training school.

"There's a radical shortage of cybersecurity talent," he said. "It's probably the main ingredient we have not done anything about."

A bill approved in late June by a Senate committee would allow the president to declare an emergency and compel owners of key infrastructure to take actions "" including shutting off Internet communications if another less intrusive measure was not available "" in response to an attack. Debates remain about how much control to hand the president and federal government to respond to a cyber emergency, whether that power could threaten privacy and civil liberties, and what information owners of critical infrastructure should be required to share with the government in the name of cybersecurity.

For more on national cybersecurity initiatives, visit Military.com, The San Jose Mercury News, and The U.S. Senate.

U.S. Senator Robert C. Byrd

2010-06-30T05:52:00.000-07:00

When I met U.S. Senator Robert C. Byrd in 1985, I was on the hunt for sponsorship of my application to the U.S. Military Academy at West Point. I had already interviewed with one of his administrators the week prior, and hadn't yet realized that I would not be one of the two candidates the Honorable Senators were allowed to submit for appointment.

At the time, it was a requirement for application to have the endorsement of either a U.S. Senator or a U.S. Congressman to be considered for appointment to the USMA as a Cadet. I had not yet interviewed with U.S. Senator Jay Rockefeller, or the Honorable Robert "Bob" Wise, who was the U.S. Congressman for my District at the time. I would go on to receive the nomination from the Honorable Robert Wise, but that's a story for another day.

The Senator was working diligently toward establishing a federal merit-based scholarship program, I was told. I believe it was the first of its kind at the time, and came to fruition some time later.

The words stately, reserved and calming do not do justice. He was surrounded by fast-moving intensely-focused individuals that needed him in another place at that particular moment for something immensely important for which he was evidently already late.

I was a high school senior. I needed a haircut. And I may not have even starting shaving, yet. But, the sense of trust engendered by such an individual--stopping a caravan of people whose sole purpose seemed to be getting to the next engagement, in order to speak to one young man--has been inspiring to the present day. I was nobody. The Senator stopped, shook my hand, and seemed to hang on every word I spoke. For that one moment, it was apparent--correction, it was evident--that the man was the sincere and genuine figure that he was touted to be. And it was over as quickly as it had started.

But it would serve to reinforce values I carry throughout my career, my service, and my lifetime. Nothing is not important. Everyone is deserving of having their voice be heard, sincerely and with earnest. No one is left behind.

Thank you for your service and your inspiration, Honorable Senator, from a grateful Nation, a proud State, and a humble Citizen. Montani Semper Liberi.

Please find below the memorial and funeral arrangements schedule for the Honorable United States Senator Robert C. Byrd. The official version is available at the official United States Senate site.

MEMORIAL AND FUNERAL ARRANGEMENTS FOR
U.S. SENATOR ROBERT C. BYRD

THURSDAY, JULY 1, 2010

9:45 a.m.
Hearse arrives at U.S. Capitol, Senate Steps

9:50 a.m.
Honor Guard to proceed with casket up Senate Steps, into U.S. Senate Chamber, where casket will be placed upon the Lincoln Catafalque

10:15 a.m. – 12 noon
Senator Byrd’s family will receive Members of the Senate and House who wish to pay their respects

10:15 a.m. – 3:45 p.m.
U.S. Senate Chamber Public Galleries open to all those who wish to pay their respects
U.S. Capitol restrictions

10:30 a.m.
U.S. Senate Chaplain Dr. Barry Black will offer prayer

5:50 p.m.
Aircraft to arrive at Yeager Airport, Charleston, West Virginia

6:00 p.m.
Casket transported to Robert C. Byrd U.S. Courthouse, 300 Virginia Street, East
Public procession ending at West Virginia State Capitol
Casket moved to Capitol Rotunda

9:00 p.m. – 12:00 midnight
Public viewing in Rotunda of State Capitol

FRIDAY, JULY 2, 2010

12:01 a.m. – 9:00 a.m.
Public Viewing in Rotunda of State Capitol

11:30 a.m.
Memorial Service and Celebration of Life
West Virginia State Capitol
Capitol’s North Plaza

12:30 p.m.
Memorial Service and Celebration of Life concludes

TUESDAY, JULY, 6, 2010

11:00 a.m.
Funeral Service
Memorial Baptist Church
3455 North Glebe Road, Arlington, Virginia

Personality Profiles

2010-06-29T05:44:00.000-07:00

One of the almost accidental advantages of LinkedIn groups, or at least being in the right one at the right time, is that you suddenly become privy to conversations of which you would never have had the opportunity before, whether they be at an intellectual level to which you wouldn't normally subject yourself--oftimes, my brain hurts just reading some of these--or simply because they are so unique you might never have contemplated something at that granularity or grandeur.

From the Friends of Harvard Business School discussion led by Leader Group International Director Barbara Nowak-Rowe:

In the workplace you'll generally meet three kinds of personalities:
Type A, Type B, and Type IT.
The last are a breed apart from the rest.

We're not sure what it is about technology that draws certain types of people while repelling others. In any case we've identified the eight classic personality types you'll find in virtually any reasonably sized IT department.

IT personality type No. 1: The Empty Suit
Job title[s]: Department manager, business analyst
Profile: Hired to be a liaison between top-level management and the techies -- with whom top-level management, or anyone on the business side, would rather not deal directly. Acts as a go-between during client visits to keep the geeks at a safe distance.

IT personality type No. 2: The Scary Sys Admin
Job title[s]: Network administrator, database administrator
Profile: Your company can't run without him -- and he knows it. Fortunately, he likes dealing with machines far more than people, so you can rest easy, confident that he spends way more time keeping your systems up and running than may even be necessary.

IT personality type No. 3: The Human Roadblock
Job title[s]: Software developer, enterprise architect, systems administrator
Profile: No matter what task or project is presented, the Human Roadblock responds in exactly the same manner: It can't be done.

IT personality type No. 4: The Angry Support Drone
Job title[s]: Support tech [what else?]
Profile: Hired to schlep from desk to desk fixing the computers of people deemed unworthy of their time. Will do what you ask, and not one iota more.

IT personality type No. 5: The Übergeek
Job title[s]: Software engineer, senior programmer
Profile: Fiercely intelligent, stubbornly logical, and disturbingly anti-social. In other words, what most people think of when asked to describe a techie. In Myers-Briggs nomenclature, the Übergeek would be classified INTJ -- an introverted, intuitive-thinking, and judging person. If the Übergeek absolutely must communicate with beings of inferior intelligence (i.e., you), she would rather do it by e-mail. But if she can avoid all human contact, that's OK, too.

IT personality type No. 6: The OS Fanboy
Job title[s]: Help desk, support tech, programmervista
Profile: There is only one true path -- and, more important, only one true operating system -- for this person. All nonbelievers are heretics whose tech needs will be quietly ignored. Though most commonly associated with Apple products, often aligned with Windows or, more likely, Linux -- the more obscure the distro, the better. Every conversation ends with a discussion of why their OS of choice is superior, despite the fact that your company doesn't use it.

IT personality type No. 7: The Promiser
Job title[s]: Outbound sales, business development
Profile: There is nothing this person won't say to close a deal. You want features the original product was never designed to deliver? Done. You need it within six months? The Promiser will get it to you in three. Of course, he or she doesn't have to deliver anything -- that's a job for the developers. Delays, cost overruns, and impossible feature-set requirements are all someone else's headache.

IT personality type No. 8: The Shadow
Job title[s]: Unknown
Profile: It's not my problem, it's not my job, it's not my fault -- that's the mantra of the Shadow, who somehow manages to take up space in the IT department [and on the payroll] without actually filling it. No one's sure what the Shadow does, mostly because he or she has become expert at doing as little as possible. Over time, the Shadow may be handed management responsibilities, at which point this individual morphs into the Human Roadblock.

I believe the original version was penned by Dan Tynan, but I appreciate this one as well.

Twitter Privacy Breach Settlement

2010-06-28T06:20:00.000-07:00

Twitter has reached a settlement with US regulators over a privacy breach that allowed hackers to access the accounts of then president-elect Barack Obama and others and send out phony messages.

Under the settlement with the Federal Trade Commission (FTC), the popular San Francisco-based micro-blogging service must establish an independently audited "comprehensive information security program," the FTC said.

Twitter is also barred for 20 years from "misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality" of its users.

"When a company promises consumers that their personal information is secure, it must live up to that promise," said David Vladeck, director of the FTC's bureau of consumer protection.

"Serious lapses in the company's data security allowed hackers to obtain administrative control of Twitter... and the ability to send out phony tweets pretending to be from then-president-elect Barack Obama and Fox News, among others," the FTC said.

It said a hacker used a password-guessing tool to gain administrative control of Twitter in January 2009 and reset numerous user passwords, posting some of them on a website where other people could access them.

"Using these fraudulently reset passwords, other intruders sent phony tweets from approximately nine user accounts," the FTC said.

"One tweet was sent from the account of then-president-elect Barack Obama, offering his more than 150,000 followers a chance to win $500 in free petrol," it said.

In an April 2009 breach, a hacker compromised a Twitter employee's personal email account, gaining access to private user information and messages for any Twitter users.

"Twitter was vulnerable to these attacks because it failed to take reasonable steps to prevent unauthorized administrative control of its system," the FTC said. The FTC said the case was its 30th targeting faulty data security and its first against a social networking service.

The micro-blogging service has exploded in popularity since it was launched in March 2006 and Twitter chief operating officer Dick Costello said recently that it now attracts 190 million visitors a month.

Cybercrime Forum Shutdown By Scotland Yard

2010-06-25T07:09:00.000-07:00

The London Metropolitan Police Central e-Crime Unit has arrested two teenagers who are suspected to have run an £8 million cybercrime forum.

The site, described by Scotland Yard as the “largest international English speaking online cyber criminal forum”, has 8,000 members and offers online instructions on how to steal money. The site’s name was not disclosed.

The pair that were arrested are 17 and 18 years old, and were questioned yesterday, it was reported. They are suspected of encouraging or assisting crime, conspiracy to commit fraud, and breaking the Misuse of Computer Act.

Following an eight month investigation, police recovered over 65,000 credit card numbers that have been compromised, after the forum promoted the sale of personal information and PIN numbers as well as the development of malicious software. The compromised cards could have led to the theft of £7.9 million, it was estimated.

Detective chief inspector, Terry Wilson, said: “Today's arrests are an example of our increasing effort to combat online criminality and reduce national harm to the UK economy and public.”

One of the tools thought to be available was Zeus. British police made their first arrests in Europe of two people using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC, in November of last year.

A man and woman, both 20 years old, were arrested in Manchester by the Metropolitan Police's Central e-Crime Unit (PCeU). The pair, who were almost immediately released on bail, face charges under the 1990 Computer Misuse Act and the 2006 Fraud Act.

Zeus is an advanced piece of malicious software. If installed on a PC, it can send spam, steal financial or other data or conduct a distributed denial-of-service attack against other computers. Machines infected with Zeus are essentially a botnet.

Those who have developed Zeus have also tailored it to be easy-to-use for less technical criminals, according to security vendor Symantec.

Zeus can be bought as a toolkit, which can create a unique Zeus variant. The toolkit also has a control panel for managing where Zeus will be hosted. Zeus will attack computers visiting a certain infected Web site by looking for software vulnerabilities in the victim's computer.

In the case of the two people arrested, Zeus had been configured to steal online bank account details and passwords and send that information to remote servers, according to police.

Police said the two people used Zeus to "harvest millions of lines of data from affected machines - hundreds of thousands per day."

This post contains excerpts from the ComputerWorldUK article, Police nab banking hackers, by Jeremy Kirk, and the article, Police arrest cybercrime forum teenagers: Thousands educated in fraud by 17 and 18 year olds' website, By Leo King, June 24th, 2010.

A Quintillion Calculations Per Second

2010-06-24T10:42:00.000-07:00

Researchers at DARPA this week announced a program aimed at building computers that exceed current peta-scale computers to achieve the mind-altering speed of one quintillion [1,000,000,000,000,000,000] calculations per second. Dubbed extreme scale computing, such machines are needed, DARPA says to "meet the relentlessly increasing demands for greater performance, higher energy efficiency, ease of programmability, system dependability, and security."

In the most recent Top500 List of Fastest Supercomputers a Cray XT5 Supercomputer known as Jaguar achieved a sustained 1.75 petaflop/second, and a theoretical maximum of 2.3 petaflop/second. One petaflop/second is one quadrillion floating point calculations per second - that’s a million billion calculations per second.

While petaflops and linpack are somewhat specific to the solution of a dense N x N system of linear equations, which are a common class of engineering problems, it is worth noting that a single modern PC is now more powerful than a 10-year-old supercomputer. In fact, most of today’s supercomputers are massively parallelized x86 and x86-64 chips, the same chips that run in most of the world’s laptops, desktops and servers.

Petaflops on your desktop and teraflops in your smartphone are not far away.

We all have multi-terabyte data centers these days,--some of us even have multi-terabyte home entertainment collections. But many of these datacenters have graduated to being measured in petabytes. These data centers, whether running in support of The Cloud, data archives, games or other applications are so big and so new that most engineers, administrators and mathematicians don’t even really understand how to work with them.

To give you an idea of the scale, the entirety of the written works of humankind from the beginning of recorded history in every language is only about 50 petabytes.

Now imagine having that library at your finger tips.

It might make you feel like Einstein when he worked at the U.S. Patent Office. Only smarter.

Vishing Incident Response Plan

2010-06-23T09:35:00.000-07:00

Earlier in the year, five financial institutions in Michigan, Wisconsin, Minnesota and Mississippi reported being hit by telephone-based phishing, or "vishing," attacks.

Vishing is a form of phishing, where instead of people receiving an email trying to lure them into giving personal information, the criminal uses a phone call, either live or automated, to attack the bank or credit union customer and get critical information. In response to this spree of attacks, banking/security leaders from one of the impacted states have put together a vishing incident response plan for financial institutions.

Vishing Incident Response Plan

1. Set Procedures to Report Calls

Have procedure for employees to report at the time of first [and subsequent] notification. This should include:

A. Information on originating phone number [if known];
B. Any pertinent details of phone conversation or recorded message;
C. What information was solicited [account numbers, debit card information]?
D. Did customer give out information and, if so, was account closed or debit card inactivated?
E. What was the callback number if the customer was directed to return a call?
F. Was the call made to your customer's cell phone or a landline?
G. If the call was to a cell, who was the carrier [eg ATT, Verizon, Sprint]?

2. Alert Customers

Notify customers as soon as you see a pattern of calls. Specifically:

A. Explain phone phishing [vishing] and text message phishing [smishing] to customers reporting calls. Have a script ready for your call center staff to refer to that describes what it is, and actions that the customer needs to take when they receive such calls.

B. Consider initiating a news article in your local paper or other media. This article needs to make clear that your bank is protecting customers with this information, and you have not suffered a breach. Non-customers will also be getting these calls, and that is proof that the calls are randomly generated to your area and not the result of any breach. This is a great time to reinforce that you will never call, email, or text to have your customer provide an account number or debit card information, as you already have that information available. Encourage anyone receiving these calls to hang up and call their financial institution directly on a number that they obtain themselves. Also provide a reminder that any caller ID is easily "spoofed." Fraudsters can put in the number of any financial institution with a spoofing system and that will be displayed on the customer's phone.

C. Place a banner with news of vishing attempts on your web page to let customers know that it is occurring in your area and you are protecting them through the notification. Consider adding signage and posters for drive-throughs and lobby areas to alert customers to the scam.

3. Run Down the Source

Identify the area code[s] on calls of origination and lines that customers are requested to call [simply Google the area code, "XXX area code"].

If the calls appear to be generated in the U.S., contact your local FBI office and ask for their cybercrime specialists or white collar crime division, which will handle bank fraud. They can help to get the phone line shut down immediately. You will also want to contact your local law enforcement contacts to alert them to the scam because consumers will be calling them to report the attempts.

If the calls are Canadian-based, contact the PhoneBusters in Ontario. This is the Canadian Anti-Fraud Call Center and is staffed by the Royal Canadian Mounted Police. They can be reached at www.phonebusters.com or 888-495-8501. They can assist in shutting down Canadian lines and will provide you with a reference number on your case in the event you secure additional information to report to them.

There are three great options for finding the carrier of a toll-free line. The first is a number that can be called to find out who the Responsible Organization [RespOrg] is for any toll free number, 800-337-4194. This is an IVR where you can enter the number and it will give you the carrier. The second is to search on such sites as www.customtollfree.com, where you often can find the carrier of the line. You [or your chosen law enforcement representative] can then contact the carrier directly to ask them to shut down the line, as it is being used for fraud. The third option is http://www.tollfreenumbers.com/resporg/ and can be used to track down numbers and call centers that handle the calls.

4. Notify Telecomm Carriers

Here's a quick list of email addresses and sample email that get lines shut down:

A. Email addresses: 'QwestFraud@qwest.com'; 'abuse@att.com'; 'abuse@verizon.com'; 'abuse@qwest.com'; 'fraud@qwest.com'; 'abuse@sprint.com'; 'fraud@sprint.com'; 'abuse@level3.com'; 'abuse@alltel.com'; 'fraud@alltel.com'; 'fraud@tmccom.com'.

B. Samples email text: Fraudulent Text messages are being sent to cell phones in Northeastern Oklahoma: "This is an automated message from XXXX National bank. Your ATM card has been suspended. To reactivate call urgent at 18775895978." This is an IVR that attempts to get card numbers and PINs. If this 877 number is yours please shut it down, if not please forward to the responsible organization.

Typically, the words "Criminal Activity" in the subject line help get faster responses.

5. Make Customer Education a Priority

Keep the educational awareness of these types of scams in front of your customers by adding sections on the institution's webpage about the types of crimes that may happen. Add the same messages to your statement stuffers, call waiting feature and newsletters for added impact. Also be sure to tell your customers that no one will ever call them from the institution, soliciting information from them. Always remind your customers to alert you when they receive a call, text, or email from your institution that doesn't seem right.

For a more in-depth look at vishing attacks, visit Bank Info Security.

iPhone 4

2010-06-15T08:38:00.000-07:00

As has been previously rumored, the iPhone is now confirmed to feature a 640×960 display which makes it the highest resolution display on the smartphone market (most high-end Android phones feature an 480×800 display). The actual display size remains unchanged at 3.5-inches and has an 800:1 contrast ratio.

Under the hood, Apple’s new A4 processor - which first made an appearance in the iPad – is running the show. This replaces the 612MHz Cortex A8 processor found in the year-old iPhone 3GS. Interestingly, storage capacity is still capped at 32GB. There is now a larger battery which provides 7 hours talk, 6 hours 3G, 10 hours Wi-Fi, 10 hours video, 40 hours music, and 300 hours of standby.

When it comes to network speeds, the iPhone’s Wi-Fi radio has been bumped up to 802.11n, while 3G download/upload speeds now max out a 7.2Mbps and 5.8Mbps respectively.

Speaking of the network, early during the demo, Steve Jobs was having troubles getting his iPhone 4 to connect to the Wi-Fi network. When he switched to 3G, he was bombarded with even more network errors while trying to pull up the New York Times website. When he deferred to one of his crew on how to correct the problems, an audience member yelled out “Try Verizon!” Ouch!

Another new feature of the iPhone is a built-in 3-axis gyroscope which then provides 6-axis motion sensing when combined with the accelerometer. The gyroscope will make use of new CoreMotion APIs.

The rear camera is now 5MP which is up from 3MP. However, Steve Jobs pointed out that megapixels aren’t everything and that picture quality is king. Apple has thrown in an LED flash, 5x digital zoom, one-click sharing, and 720p (30fps) HD video capture. On the software side, Apple displayed a mobile version of iMovie to handle editing of video although you’ll have to pay $4.99 for it.

IPhone OS 4.0 – now called iOS 4 – was also detailed. IOS 4 features support for multitasking, folders for applications, Mail.app improvements, better enterprise features, iBooks, and iAds capabilities. The Gold Master of iOS 4will be available for download later today – it will be made publicly available for iPhone 3G/3Gs customers on June 21.

For Jobs’ “One more thing”, he unveiled “FaceTime” video calling for the iPhone 4. Jobs demoed the capability by calling up Apple design guru Jony Ive. The feature is obviously limited to iPhone 4 devices and required you to have an active cell connection and Wi-Fi to work. Both the rear and front-facing cameras can be used for video calls – portrait and landscape orientations are supported. Using FaceTime completely over 3G is expected to come next year.

The new iPhone 4 is available in white and black and will be priced at $199 for the 16GB model and $299 for the 32GB model. The phones will be available June 24 (pre-orders start June 15). The iPhone 3GS will drop down to $99 starting on June 24 (for an 8GB model).

Defcon: Social Engineering CTF

2010-06-08T07:25:00.000-07:00

In a twist to the popular "capture the flag" game played by hacking teams every year at Defcon, the hacker conference is hosting a contest that aims to test participants' social engineering skills -- without anyone getting hurt.

The Social Engineering CTF will provide contestants beforehand with the name and URL of their "target" company, and they then must gather any information they can online or via other passive data-gathering methods (no phone calls, email, or direct contact with the targeted firms). They score points for the reconnaissance information gathered as well as for the plan of attack, all of which must be submitted one week prior to Defcon in a dossier format.

Each contestant gets a 20-minute window to perform the attack live at Defcon -- in a phone call to the targeted firm -- plus five minutes to explain to attendees their technique and strategy. They score points based on the designated "flags" they capture and the information they gather from the target. Hacking contests are all the rage at Defcon every year, and social engineering has been among the games in past years.

This year's contest is different in that there are specific ground rules -- participants must legally socially engineer their way into the company, and they are not allowed to get credit card numbers, social security numbers, passwords, involve porn, or make the target feel "at risk."

They can't use government agencies, law enforcement, or legal entities as a ruse to get inside, nor can they contact relatives or family of the targeted firm's employees.

This post is excerpted from the ISN article, Defcon to host 'capture the flag' social engineering contest, by Kelly Jackson Higgins, Jun 4th, 2010.

Amy Hess, SAIC Memphis

2010-06-02T15:03:00.001-07:00

Director Robert S. Mueller, III has named Amy S. Hess special agent in charge of the FBI’s Memphis Division. Ms. Hess most recently served as section chief in the International Operations Division.

Ms. Hess began her career as an FBI special agent in 1991 and was initially assigned to the Kansas City field office. While there, she investigated violent crimes, gangs, and drug trafficking organizations. She was an applicant assessor, a firearms instructor, and was a member of the Evidence Response Team.

In 1999, Ms. Hess transferred to the Louisville Division, where she investigated domestic terrorism. She also served as the division’s principal firearms instructor and Joint Terrorism Task Force coordinator. Ms. Hess was promoted to supervisory special agent of the counterterrorism and counterintelligence squad in 2002. In 2005, she was assigned to FBI Headquarters in Washington, D.C. as a team leader in the Inspection Division.

Ms. Hess was promoted to assistant special agent in charge (ASAC) of the Phoenix Division in 2007. As ASAC, she was assigned to the Tucson Resident Agency, with oversight of nearly 100 employees throughout southern Arizona. During that time, she was temporarily deployed as the on-scene commander for the FBI’s counterterrorism operations in Afghanistan.

Ms. Hess returned to FBI Headquarters in 2008, where she was promoted to chief of the Executive Staff Section in the National Security Branch. She was subsequently named section chief in the International Operations Division, in charge of the operational support of 61 legal attaché offices worldwide.

Ms. Hess is native of Jeffersonville, Indiana and holds a degree in aeronautical/astronautical engineering from Purdue University.

Facebook: Gamers Spend In The Real World

2010-05-25T05:42:00.000-07:00

Zynga, the social gaming firm and leading procrastination enabler, reportedly plans to provide the denizens of 'FarmVille' and the goodfellas of 'Mafia Wars' with tangible, real-world enticements. The approximately 75 million Farmville laborers already spend hundreds of millions of dollars on a variety of nonexistent virtual goods, a sum that some analysts predict will surpass $2 billion by 2012.

Zynga certainly doesn't appear complacent with that massive Facebook success, though, as it continues to expand its brand, particularly through the development of new games like 'PioneerVille' and 'Treasure Isle.' According to the Wall Street Journal, the company's most recent diversification project involves a physical foray into convenience stores. A new venture with 7-Eleven now enables Zynga gamers to purchase in-store products like candy, slurpees and ice cream in order to earn redeemable codes for various in-game goods, like Farmville cash.

This post contains excerpts from the Switched artcles, 7-Eleven to sell "Farmville" Slurpees dishes out worst brain-freeze ever, by Warren Riddle, May 25th, 2010. For more of the article, visit Switched.

Facebook: More Privacy Woes

2010-05-25T05:17:00.000-07:00

Buffeted by privacy snafus and the lingering fallout from a damning, years-old instant messaging thread, Facebook chief exec Mark Zuckerberg switched into full-on damage control Monday, confessing that the sprawling social network had "missed the mark" when it comes to its complex privacy controls — and pledging to do better. In an open letter published Monday in the Washington Post [chairman, Donald E. Graham, just so happens to sit on Facebook's board of directors], Zuckerberg wrote that Facebook has been "growing quickly" and admitted that "sometimes we move too fast."

"Many of you thought our controls were too complex," Zuckerberg's letter reads. "Our intention was to give you lots of granular controls" — uh, you can say that again — "but that may not have been what many of you wanted. We just missed the mark."

Zuckerberg promised, in "coming weeks," privacy controls will be "much simpler to use" — including an "easy way to turn off all third-party services" that can access your account.

But Zuckerberg wasn't just announcing new privacy features in Monday's open letter; he was also clearly trying to bridge a growing trust gap between Facebook and its increasingly suspicious users, especially in light of reports last week that Facebook [and other social networks] had been passing along user name and IDs to advertisers [including Google's DoubleClick and Yahoo!'s own Right Media] without users' consent. Those privacy loopholes have since been plugged, say Facebook, MySpace and other social networks.

But Zuckerberg is also being dogged by an embarrassing IM thread from when he was a 19-year-old Harvard student, bragging that he'd gathered personal information from thousands of users for the now defunct TheFacebook.com. "People just submitted it," Zuckerberg messaged, "I don't know why. They 'trust me.' Dumb [expletive]." [This comes via Silicon Alley Insider.]

Naturally, the indiscreet IM thread has ignited controversy. Some argue that Zuckerberg shouldn't be held accountable for something he'd written when he was still a teenager (all of six years ago, mind you). Others say the remarks illustrate a cavalier attitude toward user privacy.

This post contains excerpts from the Yahoo! News article, Contrite Facebook CEO promises new privacy controls, by Ben Patterson, May 24th, 2010.

Jessica Watson: Youngest ever around the world

2010-05-20T11:41:00.000-07:00

May 15th, 2010. Jessica’s historic solo around-the-world sailing trip is now just hours from completion with the talented teenager less than 40 nautical miles from home. Tens of thousands of well-wishers and fans including a host of VIPs, are expected to line Sydney Harbour this morning to greet the 16-year-old who has spent the last seven months at sea.

Jessica has amassed hundreds of thousands of followers and racked up extraordinary statistics during her time at sea on her yacht Ella’s Pink Lady. She is due to pass through Sydney Heads about 11.20am (AEST) delighting the awaiting crowds.

However, as Jessica covers her final stretch along the NSW coast, the Bureau of Meteorology forecasts winds up to 45 knots and waves up to seven metres offshore. Those conditions are expected to peak on Saturday, making for a bumpy final stretch for Jessica.

It’s not the first time she has faced turbulent conditions during her 23,000 nautical mile odyssey. She battled 40-foot (12-metre) waves and six knockdowns during her journey, which took her northeast through the South Pacific and across the equator, south to Cape Horn at the tip of South America, across the Atlantic Ocean to South Africa, through the Indian Ocean and around Southern Australia.

Jessica’s journey started from Sydney on October 18 last year and today marks day 210. Jessica will be greeted by her parents, relatives, friends, sponsors and her shore team, along with a host of media and Australian Prime Minister Kevin Rudd and NSW Premier Kristina Keneally.

Jessica is excited about her return to land and is just making the most of her last hours on the ocean before stepping foot on the dock of the Sydney Opera House.

"I'm so excited and everyone keeps telling me how big it is going to be. It will be so good to see everyone again. I can't wait," she said.

Jessica’s arrival is expected to rival the Sydney Harbour’s busiest days - the Boxing Day start of the Sydney to Hobart Yacht Race, New Year's Eve and Australia Day.

Today’s Sydney forecast is a mild day of about 22 degrees C and southwesterly winds.

In Australia, Network Ten and One HD are the exclusive broadcast partners and will air Jessica’s return from 11.00am-1.00pm, capturing the first interviews with Jessica. One will also broadcast the press conference.

For all the international fans, we will endeavour to post vision and quotes from Jessica’s arrival as soon as possible. But please be patient with us, as all the shore team will be out greeting Jessica in what is shaping as a monumental day.

Atomic Games' Breach

2010-05-20T10:38:00.000-07:00

There were a lot of announcements at this year's PAX East conference in Boston, but the biggest news story came from a man who tried to steal a prototype of Atomic Games' upcoming title Breach.

20-year-old Justin May was actually able to hack into an Xbox 360 debug system at the Atomic booth and start downloading the beta game file to his laptop.

However, an Atomic employee noticed him and questioned what he was doing. At that moment he ran away with laptop in tow while being chased by other Atomic representatives and security officers.

Some people couldn't believe such a crime could actually take place on the show floor and called it a publicity stunt, but after it was confirmed that he was in fact arraigned at the local police department, no one doubted that it really happened.

Today, Suffolk County, where Boston is located, announced that the District Attorney has officially charged May with the attempted theft.

Atomic says that May downloaded about 14 MB of the game's file before he was caught. "It would have been very harmful if Breach had been posted on the Internet months before its planned release," said Atomic CEO Peter Tamte in a statement.

Gamasutra reports that Atomic Games has brought charges against the 20-year old Delaware resident. Justin May pleaded not guilty, then failed to appear for his court arraignment. May was brought to court yesterday where he was charged with larceny and the buying, selling, or receiving of trade secrets. The larceny charge carry potential penalties of up to five years in prison or a $25,000 fine. Although he originally admitted the would-be crime to police, May has pleaded not guilty again.

This post contains excerpts from the TG Daily article, PAX East expo hacker charged with attempted theft, by Max Luttrell, May 19th, 2010.

Houston, We Have A Problem...

2010-04-29T06:51:00.000-07:00

Built by Lockheed Martin under a DARPA program, the Falcon Hypersonic Technology Vehicle 2 (HTV-2) is designed to attack any target on the Earth within 1 hour. It can reach speeds of Mach 20 and was to make a touch down on the Pacific Ocean 30 minutes after a 4,100 nautical-mile flight on April 24th.

The goal was to develop a weapon that could kill a terrorist like Osama bin Laden anywhere in the world without having to send in special operators or deploy a big ship. The concept, pushed hard by vice chairman of the Joint Chiefs Gen. James "Hoss" Cartwright, is called Prompt Global Strike and the budget contains $240 million for development programs.

But one of the more promising efforts, DARPA’s Falcon Hypersonic Technology Vehicle 2 (HTV-2), made it part way through a test and then vanished. A review board has been formed to find out just what went wrong. No word yet on when their findings might be available.

DARPA said the launch vehicle, known as the Minotaur Lite, got the HTV-2 up. “The launch vehicle executed first of its kind energy management maneuvers, clamshell payload fairing release and HTV-2 deployment. Approximately nine minutes into the mission, telemetry assets experienced a loss of signal from the HTV-2. An engineering team is reviewing available data to understand this event.”

But the test is not a complete failure, as the DARPA release makes clear. “Three test ranges, six sea-based and two airborne telemetry collection assets were employed and operational on the day of launch. Technical data collected during the flight will provide insight into the hypersonic flight characteristics of the HTV-2,” the release said. A congressional aide said HTV-2 is the only PGS alternative anywhere close to the glide path for combat use. What makes the HTV-2 particularly appealing is its hypersonic speed — up to Mach 20 — and its angle of descent, which makes it easily distinguishable from an ICBM.

That angle of ascent and descent was a key factor in why Congress killed the first PGS effort, the conventionally armed Trident missile. Defense Secretary Robert Gates caused a minor stir last Sunday when he appeared to say that the U.S. might possess Trident missiles with conventional warheads. It would certainly have riled a watchful Congress which expressly forbade the department from developing such a strike tool.

“Preliminary review of data indicates the HTV-2 achieved controlled flight within the atmosphere at over Mach 20. Then contact with HTV-2 was lost,” said Johanna Spangenberg Jones, a spokeswoman for DARPA.

Vanished. Lost. Where did it go?

Maybe someone or some thing detected the Falcon and took it down. Not likely. In the words of the newest Montgomery Scott, "that would be like hitting a bullet with a smaller bullet whilst blind-folded and riding a horse." More likely, a hull breach caused it to disintegrate in the atmosphere.

Think $240M sparkler.

Its going to take quite a while for this to clear itself up... classified military space systems, a Congress who denied the weapons be built in the first place, and now we're missing its prototype.

Discuss amongst yourselves. I'm going to get some popcorn and queue up Moonraker.

This post contains excerpts from the DefenseTech article, Osama Killer Missile Fails, No Conventional Tridents, by Colin Clark, DefenseTech's Pentagon correspondent, April 28th, 2010, and the Mobile Magazine article, Hypersonic Air Force Glider traveling Mach 20 disappears in test flight, by Fabrizio Pilato, April 28th, 2010.

CDX: NSA vs. The Academies

2010-04-28T06:14:00.000-07:00

Somewhere on an unnamed island in southeast Asia, a lot of network security specialists were having a very bad day.

They were protecting a patch-work system of computers against a cyberattack by experts from a much larger neighboring country with whom relations had turned hostile.

The host nation had called in NATO help to secure its networks and repel the attackers, who were assisted by a network of computers loaded with viruses and trojans from earlier attacks as well as a "grey team" of ordinary users who relied on the network-- and whose actions showed why the word 'users' is synonymous with 'idiots' to network administrators.

They were inadvertently aiding the attackers by clicking on links they should have left alone, downloading software they shouldn't and otherwise doing their best to circumvent the security.

It's a real-world situation -- look around your office, you're sure to be working with a few people just like them -- but this week was only a lab simulation as Royal Military College participated in the 10th annual Cyber Defense Exercise.

Nine other military colleges and academies in the United States were pitted against the best hackers the secretive National Security Agency can field -- which is to say, the 'A' team in such things.

"A lot of the stuff they're doing is really cool," said Officer Cadet Wil Andersen of the real-life spies who are spending this week attacking the RMC network.

"We've been live since 9 a.m. on Tuesday and they've been throwing interesting stuff at us almost constantly."

Capt. Vincent Roberge, a post-grad student whose web page was a juicy target for the attackers, spoke admiringly of the enemy.

"Up to now, the website has survived, but it's only a matter of time before they destroy it," he said.

"I've built websites for my own interests and I spent more than a month building this one, and the kind of things they're doing to compromise it are impressive to watch."

It is a competitive exercise. The group of security specialists has to keep its network functioning under waves of attack from the hackers, who assault it remotely and through malicious code already implanted in the machines.

A screen at the front shows how RMC and the other schools' networks are surviving in real time, with red and green blocks indicating who has the upper hand, the hackers or the defenders.

From time to time, uniformed and civilian experts shout out that another apparent attack is underway, followed by clipped IP addresses giving the location from where the attack is originating.

Specialists peer at screens to identify the intruder as either an enemy, a malicious software bot or an unaware user who must be allowed to use the network.

The team has to keep the network functioning for authorized users but shut out or destroy malicious visitors before they can damage the communications link, which is an increasingly vital part of both military operations and civilian infrastructure.

RMC Prof. Scott Knight, one of two academics overseeing the exercise, said in the real world, computers -- including military and government networks -- can be attacked by a range of actors, including insurgents, criminals, basement hackers and spies. Though they may have their own motivations, all use similar techniques and they're always coming up with new weapons.

"This is like a classic red-on-blue military exercise, except it is being done on computers," he said.

Attacking computer networks and defending against such attacks has moved from the realm of cheesy movies and science fiction into doctrine. Knight says the computer specialists in the college will essentially form a new element that is used across the branches of the armed forces.

Participating in the exercise gives students an opportunity to view an attack by a skilled and adaptable enemy, do their best to counter it and patch vulnerabilities in the system that they may not even have known were there.

The battlespace is so dynamic and murky that neither attackers nor defenders will know exactly how well they did until the exercise is dissected by specialists at its conclusion.

"Neither side has the complete picture of how things are going at any given time," Knight noted.

This year, participants will spend the final day of the exercise attacking the National Security Agency computer network so they get a sense of how hackers think and act, and how the attack looks from the other side.

This post contains excerpts from the Host Exploit article, Students take on 'hackers' in cyber trenches, by Ian Elliot, April 23rd, 2010.

For more, visit Host Exploit.

ACE: Aggressive Contingent Estimation

2010-04-23T12:08:00.001-07:00

The U.S intelligence community has a long history of blowing big calls — the fall of the Berlin Wall, Saddam’s WMD, 9/11. But in each collective fail, there were individual analysts who got it right. Now, the spy agencies want a better way to sort the accurate from the unsound, by applying principles of mathematics to weigh and rank the input of different experts.

Iarpa, the intelligence community’s way-out research arm, will host a one-day workshop on a new program, called Aggregative Contingent Estimation (ACE). The initiative follows Iarpa’s recent announcement of plans to create a computational model that can enhance human hypotheses and predictions, by catching inevitable biases and accounting for selective memory and stress.

ACE won’t replace flesh-and-blood experts — it’ll just let ‘em know what they’re worth. The intelligence community often relies on small teams of experts to evaluate situations, and then make forecasts and recommendations. But a team is only as strong as its weakest link, and Iarpa wants to fortify team-based outputs, by using mathematical aggregation to “elicit, weigh, and combine the judgments of many intelligence analysts.”

The system Iarpa’s after should be able to collect and evaluate expert opinion based on each expert’s specific expertise, learning style, prior performance and “other attributes predictive of accuracy.” It’ll then parse out the different predictions offered by analysts, and assign them degrees of probability based on where a particular expert sits in the rankings.

If Iarpa is able to master the mathematical art of aggregated probability, the agency’s program would likely be in hot demand. Using probabilistic expert aggregation to make decisions has been toyed with in circles as diverse as big business, climatology and even criminal court. But until Iarpa’s also mastered their plan to nip biases and memory lapses, they’ll still be forced to contend with the inevitability of human imperfection. Notes risk communications expert Professor Morgan Granger in a decades-old paper, “One can only proceed with care, simultaneously remembering that elicited expert judgments may be seriously flawed, but are often the only game in town.”

This post is excerpted from the Wired article, Can Alogrithms Find The Best Intelligence Analysis, by Kate Drummond, April 22nd, 2010.

Senate Confirmation Hearing of Cyber Commander

2010-04-16T10:03:00.001-07:00

The director of the National Security Agency, Army Lt. Gen. Keith Alexander, said at his Senate confirmation hearing to be the first military cyber commander that NSA and the newly created cyber command would provide technical support and warnings of potential virtual attacks on civilian networks but leave the defense of non-military digital assets to the Department of Homeland Security.

President Obama last year nominated Alexander to hold both jobs as the Defense Department, where NSA resides, restructured its cybersecurity governance by creating a military cyber command and place a four-star flag officer in charge of both organizations. If confirmed, Alexander would be promoted to full general.

At the Thursday hearing before the Senate Armed Services Committee, Alexander also addressed the difficulty of how to defend against cyber attacks emanating from neutral nations during a traditional conflict and explained how he conceives a cyberwar could occur but only as part of a kinetic war.

Alexander also testified that Defense Department computers receive hundreds of thousands of probes a day from outsiders, including other nations, with the aim to gain information such as the types of operating systems running on Defense computers and networks, knowledge that could be used to facilitate future attacks.

Alexander spent a good part of the hearing addressing the synergies among the NSA, the cyber command and DHS. The general said it's clear that DHS has the responsibility to defend civilian agencies' computer and communications systems and networks as well as the mostly privately owned national critical IT infrastructure. Still, he said, under the Comprehensive National Cybersecurity Initiative, NSA is charged to furnish technical support to help DHS defend the federal government's civilian and the nation's mostly privately owned critical national IT infrastructure. "We have responsibility to provide the technical information for what the threat is trying to do them, to provide an early warning to that," Alexander said. "But (DHS) would operate and defend that system. Our responsibility would be to provide people and capabilities to help them do that."

The hearing kicked off with Senate Armed Services Committee Chairman Carl Levin, D.-Mich., presenting Alexander with hypothetical scenarios, in which American forces - engaged in a traditional military conflict - found their cyber operations under attack.

Alexander said that if the virtual attack occurs within the combat theater, the cyber command could take the necessary offensive acts to eliminate the threat. However, if the cyber attack originates from a server located in a neutral country, under standard rules of engagement, the cyber command would need to receive additional approval from the defense secretary or president before taking offensive action to silence that server. Unlike a kinetic attack, where the military can see where the assault originates, that's not the case with a cyber attack. Indeed, he said, attribution - knowing who's behind the attack and were it emanates - remains an unsolved dilemma. "When a cyber attacks comes form a neutral country," Alexander said, "therein lies the complexity for this problem."

This post is excerpted from the GovInfoSecurity article, Confirmation hearing for newly created cyber commander post, by Eric Chabrow, April 15th, 2010.

For more on the new Cybercommander, visit GovInfoSecurity.

Career or Job?

2010-04-12T08:14:00.001-07:00

I came across this in my morning Coffee Reads, and thought I'd pass it along. Michael Santarcangelo has just taken up the mantle of Career Catalyst at CSO, and has put in his first installment as a columnist. Here's what he has to say.

Have you ever wondered about the difference between a job and a career? I have.

As a result, I have spent the last decade considering the difference between practitioners and professionals, jobs and careers.

Along the way I have been honored to train thousands for successful careers as Certified Information System Security Professionals, founded the Security Catalyst Community and developed the Catalyst Career Compass program. In fact, I'm working with a group of amazing people right now to re-launch the Security Catalyst Community and incorporate a guild, complete with a mentoring program [ for details in a few months]. Seems a focus on professionalism and career success has always interested me. Now I have the opportunity to share ideas and strategies for career success in this column.

Why me?

I have cultivated a unique blend of skills and abilities: I am a professional speaker [the capability to teach others], a published author and have over a decade of experience forged in the trenches. Over my career, I have contributed time and effort to advancing the profession through service to [ISC]2 and CompTIA. Most importantly, I am human catalyst focused on harnessing the power of people; in fact, I hold a degree in Human Ecology [go Cornell!].

When pressed, I explain the role of a catalyst in three steps:

1. Observe, absorb and actively engage to learn and experience as much as possible
2. Step back to process, distill and probe deeper with questions to uncover what matters
3. Connect with people, where they are, and communicate what counts.

As a catalyst, I am able to guide a journey that goes beyond finding a job and earning a paycheck to a more rewarding path of developing a successful career. While we can explore the finer points of finding a job, I see this as an opportunity to do more: we can seek out examples of career excellence and amplify the good.

We are fortunate to be in a profession of great impact; with that comes great responsibility. As we engage on this journey, I hope to explore the difference between professionals and practitioners as we cultivate the skills and aptitudes the changing landscape demands.

A few years ago, I shared some collected ideas in a keynote and workshop titled Are you making a living, or a life? Adapted to the focus of making a career instead of working a job, allow me to share three concepts from my own experience:

1. Strive for integration over balance

When something is balanced, there is no movement. The concept of balance in the workplace is misguided and creates a false friction and unnecessary stress. Instead of balance, consider the power of integrating the passions, joys and experiences of life into everything you do. In my experience, it is easy to talk to a colleague about digital cameras, golf or motorcycles. When the time comes to explain a key point or ask for a favor, that commonality and shared experience goes a long way toward understanding and action.

For more of Michael's insight, visit CSO Security Leadership.

Reputation

2010-04-09T09:45:00.001-07:00

Everyone today talks about creating an online presence on social media sites such as FaceBook or Twitter. But beyond presence, where does online reputation come into play? And how can one protect and build one's own online rep?

Warren Buffett, the stock market investor, couldn't have said it better: "It takes 20 years to build a reputation, and five minutes to ruin it." Think about it: Our entire lives depend on our reputation -- the image through which we are visible to the world. And this applies to the online world, as well. Even more so, and here's why.

Information security is all about reputation and integrity. If you lose that, you lose everything.

Recently, I spoke with Dena Haritos Tsamitis, director of education, training and outreach at Carnegie Mellon University's CyLab. She emphasized that protecting and building an online reputation is all the more important for security folks. "Information security is all about reputation and integrity," she says. "If you lose that, you lose everything." Also, HR professionals and information security recruiters increasingly rely on "Google search" for getting more information on potential candidates, as well as screening their social media profiles -- including LinkedIn, Twitter and FaceBook -- for additional background information. If security professionals have no "online" presence at all, then so be it. But if they have a questionable reputation, then it may cost them their job.

Imagine searching your name, and finding - on the first page of Google - embarrassing information like your involvement with drugs, links to inappropriate photos or information leading to inconsistency in your employment history. The web breeds an erroneous feeling that "no one can see the real you." But, in fact, online is where everyone can see the real you. Think and consider all of the information that has ever been online about you, both private and public - it is usually only a few clicks away. Security professionals, therefore, should invest in ways to protect and monitor their online reputations. As a first step, they must find out what information is already on the Internet and assess the impression it leaves on people.

Here are 8 tips to monitor and protect one's online reputation:

Search your name.
Type your first and last name within quotation marks into several popular search engines to see where you are mentioned and in what context. Narrow your search and use keywords that apply only to you, such as your city, employer and industry association.

Expand your search.
Use similar techniques to search for your telephone numbers, home address, e-mail addresses, and personal website domain names. You should also search for your social security and credit card numbers to make sure they don't appear anywhere online.

Read blogs.
If any of your friends or coworkers have blogs or personal web pages on social networking sites, check them out to see if they are writing about or posting pictures of you.

Sign up for alerts.
Use the Google alert feature that automatically notifies you of any new mention of your name or other personal information.

Limit your personal information.
Tweet/chat/discuss regarding business and the emerging trends in your industry, but limit posting information on your personal life, which could be a subject of major scrutiny by recruiters and hiring managers. Also, be sure you know how organizations will use your information before you give it to them.

Use privacy settings.
Most social networking and photo-sharing sites allow you to determine who can access and respond to your content. If you're using a site that doesn't offer privacy settings, find another site.

Choose your photos and language thoughtfully.
You need to ensure that information posted online is written professionally without use of swear words and catchy phrases. Also, be very selective in posting photographs, and use your judgment to ensure that these photographs are how you want the world to see you.

Take action.
If you find information about yourself online that is embarrassing or untrue, contact the website owner or administrator and ask them to remove it. Most sites have policies to deal with such requests.

This post is excerpted from the Government Information Security News article, Where Do You Go To Get Back Your Online Reputation, by Upasana Gupta, April 7th, 2010.

For more on maintaining your online presence, visit Government Information Security.

West Point: Best College In America

2010-04-08T08:02:00.000-07:00

The best college in America has an 11:30 p.m. curfew. It doesn't allow alcohol in the dorms, which must be kept meticulously clean. Students have to keep their hair neat, their shoes shined, their clothes crisply pressed. They also receive a world-class education, at no cost, and incur no debt--except for a duty to their country.

The college, of course, is the U.S. Military Academy, or West Point, and it tops our second-annual ranking of America's Best Colleges, compiled by Forbes and the Center for College Affordability and Productivity. In this report, the CCAP ranks 600 undergraduate institutions based on the quality of the education they provide, the experience of the students and how much they achieve.

West Point rose to the top spot on our rankings after placing sixth in 2008. (For more on West Point, see "How West Point Beat The Ivy League.") The move illustrates strong performances on the part of all the service academies, including the U.S. Air Force Academy, which came in seventh, and the U.S. Naval Academy, which came in 30th place. Last year's No. 1 school, Princeton University, moved to No. 2 in the rankings, followed by the California Institute of Technology, Williams College, Harvard and Wellesley.

This post is excerpted from the Forbes article, America's Best Colleges 2009, by Richard Vedder and David M. Ewalt, back on August 5th, 2009.

The "Best" lists are being formulated for the 2010 year as we speak, so let's see how our Black Knights continue to defend against the Ivy Leaguers.

1947: The First We Are Aware Of

2010-04-07T11:40:00.000-07:00

If you’ve ever watched The X-Files or other sci-fi shows like it, you may think that investigating unexplained phenomena is one of the FBI’s investigative responsibilities—right along with terrorism, espionage, white-collar crime, etc.

In fact, the FBI was only occasionally involved in investigating the possibility of UFOs and extraterrestrials over the years. The first Bureau investigations we are aware of began in the summer of 1947—the time of the now well-known incident in Roswell, New Mexico. A rash of reports of flying objects—some shaped like “flapjacks,” saucers, discs, and even a large circular saw blade that supposedly hit a lightning rod on top of a church—started to surface and make headlines across the nation.

Concerned citizens reported many of these strange sightings to the FBI. That wasn't surprising, given that the Bureau had investigated airline crashes such as the Hindenburg disaster in 1937 and aerial dangers like the balloon bombs launched by Japan toward the U.S. Pacific Northwest near the end of World War II. The FBI’s lead role in protecting the homeland during the war was also well known, and the Bureau remained front and center in ensuring national security as the Cold War began to unfold.

Initially, it was not clear how UFO sightings should be handled. FBI Director J. Edgar Hoover recognized that the Air Force—then part of the U.S. Army—clearly had the lead in such issues, but he did want his agents to investigate any “discs” recovered for their potential impact on FBI responsibilities.

The Army did want the FBI’s help—at least at first. On July 30, 1947, the Bureau issued this notice to all of its offices:

(B) Flying Discs – The Bureau, at the request of the Army Air Forces Intelligence, has agreed to cooperate in the investigation of flying discs….You should investigate each instance which is brought to your attention of a sighting of a flying disc in order to ascertain whether or not it is a bona fide sighting, an imaginary one or a prank.

Three years later, that policy changed. A July 1950 FBI statement said that “the jurisdiction and responsibility for investigating flying saucers have been assumed by the United States Air Force. Information received in this matter is immediately turned over to the Air Force, and the FBI does not attempt to investigate these reports or evaluate the information furnished.”

From this point, the FBI’s cases on UFOs dropped off dramatically. Neither the public nor the Air Force sought our expertise as they had during the first few years of the Cold War.

There were a few exceptions. In 1977, for example, the Air Force informed us of the end of their “Project Blue Book” investigation of UFO reports. And in 1988, we were asked to look into the release of what appeared to be a 1952 classified document concerning a UFO-related top secret government group called “Majestic 12”—we determined that the document was a fake.

This post is excerpted from the Federal Bureau of Investigation Archive, Flying Flapjacks, Saucers and Saw Blades, April 6th, 2010.

There Are No Mushroom Clouds In Cyberspace

2010-04-06T06:56:00.000-07:00

The National Academies of Science functions in part to provide independent scientific advice to the US government. In that capacity, the office of the Director of National Intelligence contracted with the NAS to look into the prospects of developing cyberwarfare capabilities that are sufficient to deter an attack on its national infrastructure. The NAS has recently submitted a progress report on its efforts, and the dry text of the introductory letter (the report is termed, "The first deliverable for Contract Number HHM-402-05-D- 0011") obscures a sometimes fascinating look into how the cold-war thinking that drove the development of the concept of nuclear deterrence fails to scale to the networked world.

That may seem like a statement of the obvious, but the report points out that deterrence was actually a fully fleshed-out conceptual framework, and there is a significant parallel between cyber and nuclear weapons that's a major component of this framework: it's much easier to engage in offense than defense. "Passive defensive measures must succeed every time an adversary conducts a hostile action, whereas the adversary’s action need succeed only once," the text notes, and recent history is replete with evidence that hostile actions can easily succeed far more often than once.

So, the prospect of mutually assured cyberdestruction might seem to offer the possibility of a framework that's at least similar to the one that governed the world of nuclear weapons. The body of the report, however, focuses on the various reasons it probably doesn't.

Perhaps the biggest reason is that, for deterrence to work, we and our adversaries have to have a rough idea of each other's offensive capabilities. "Classical deterrence theory bears many similarities to neoclassical economics, especially in its assumptions about the availability of near-perfect information (perfect in the economic sense) about all actors," as the report notes. Leaving aside the shortcomings of these assumptions in neoclassical economics, this simply doesn't describe the current reality.

Right now, the US has chosen to keep its offensive cyber weaponry entirely classified and, since there's no launch infrastructure or physical indications of testing (hallmarks of nuclear weaponry), nobody is likely to develop a complete picture of what we can do. The US is unlikely to disclose its capabilities because, in contrast to nuclear weaponry, knowing these capabilities may help adversaries plan defenses. It may be somewhat effective as a deterrent—it's generally assumed that the US has the most potent capabilities around. But it leaves the US in a situation where it is counting on everyone to assume it has the weapons.

This post is excerpted from the Ars Technica article, Modeling cyberattack deterrence on nuclear deterrence fails, by John Timmer, April 6th, 2010.

For more on cyber attack deterrence, visit Ars Technica.

Cisco Inbox: The Exchange Killer?

2010-04-05T12:45:00.000-07:00

Cisco is sharing its plans to challenge Outlook and Exchange as the company ratchets up its online e-mail service, Cisco WebEx Mail. Today, organizations are adopting SaaS-based e-mail services rather than run Exchange in-house to cut costs and reduce operational burdens. Most of these mail services, including Cisco, support Outlook as the primary mail client for end users. However, Cisco will adopt the Google Apps approach, where customers use a browser-based client instead. Cisco hopes its customers will embrace the WebEx Mail browser client instead of Outlook. To encourage the swap, Cisco is rolling out a new set of features, called Cisco Inbox, for its browser client.

Cisco Inbox, expected to be available at the end of this year, aims to make e-mail easier to organize and more relevant for collaboration. Despite enterprise adoption of corporate and public collaboration tools, e-mail continues to exert a strong gravitational pull in the workplace. Rather than fight e-mail's gravity, or keep it siloed from other collaboration tools, the goal of Cisco Inbox is to make e-mail the control center of a collaboration environment.

For example, Cisco Inbox has a feature called "Topics" that lets users arrange e-mail by topically, such as by team, event, project, or any other criteria. Instead of residing in a folder, live topics are in a bar on the main screen just like individual e-mail messages. Inbox goes a step further by letting users add a variety of content to a topic. Besides e-mail messages, a topic bar can contain IM chats, video files and voicemail. Topics can also be made into virtual public spaces, meaning that a user can invite other employees to access messages and files stored in a particular topic.

Cisco also plans to integrate Inbox with collaboration sites such as LinkedIn, so that users who are logged into their mail client and LinkedIn can post messages to the LinkedIn site by sending e-mail rather than having to surf to the LinkedIn site itself. Cisco says Inbox will initially support Skype and the company's own IM client. It plans to add support for Jabber over time.

Cisco Inbox fits into Cisco's broader strategy to own a customer's entire messaging infrastructure. Other pieces of the puzzle include Cisco WebEx Connect, a cloud-based service that provides IM, presence and online meetings, and its Unified Communications products for VoIP and video. Cisco has a strong advantage in VoIP and video, but if it wants to own the full messaging stack, it will have to dethrone Exchange and Outlook.

This post is excerpted from the Network Computing article, Cisco Inbox Puts Outlook In Its Crosshairs, by Andrew Conry-Murray, April 5th, 2010.

322 TeraBits Per Second

2010-03-12T09:56:00.000-08:00

What can you do with 322 terabits per second? Cisco Systems says it's enough bandwidth to allow every person in China to make a video call--simultaneously. And if that's something you want to do, Cisco says it now has hardware capable of the task.

The company's newest large-scale core router, the CRS-3, is capable of handling such a speed, which Cisco said is 12-times as fast as its closest competitor and three times the speed of its predecessor. It has invested $1.6 billion in the product's design and engineering.

The CRS-3, announced today, is the product that Cisco last month said would "forever change the Internet and its impact on consumers, businesses and governments."

CRS stands for "Carrier Routing System," a reference to the device's use by large telecom providers.

Tbps stands for terabits-per-second and a terabit is a trillion bits. Compare that to the megabits-per-second that today's highest-speed business and consumer broadband connections are measured in.

Among other 322Tbps tasks: Transmitting every motion picture ever made (5 minutes), downloading the entire printed collection of the Library of Congress (1 second), or transmiting the entire DNA sequence of 56,000 people (also 1 second).

Cisco Chairman and CEO John Chambers announced the new router on a Monday conference call, during which he said the CRS-3 would be available before the end of this year. Field testing is underway and pricing for the new router is said to start at $90,000.

This post contains excepts from the Cisco article, The New Cisco CRS-3, from Cisco.com and the PCWorld article, New Cisco Router Supports 322Tbps Designed For Internet Video, by David Coursey, March 9th, 2010.

For more information on the Carrier Routing System, visit Cisco.com.

Jessica Passes Cape of Good Hope

2010-02-26T06:45:00.001-08:00

Jessica has just marked another milestone and passed South Africa's Cape of Good Hope and sailed out of the Atlantic Ocean and into the Indian Ocean.

The Indian Ocean is delineated from the Atlantic Ocean by the 20° east meridian running south from Cape Agulhas.

"I'm really thrilled to have another Cape down and to be in the Indian Ocean. Next target is Australia," said Jessica.

Jessica is also expected to pass the 15,000 nautical mile (nm) mark of her journey later this week, having now sailed over 14,750 nm.

The next sector of Jessica's journey will last more than 4,000 nm, in a direct path to Western Australia.

Jessica will provide a more detailed report in her blog later today.

“Twenty years from now, you will be more disappointed by the things you did not do than by the things you did do. So, throw off the bowlines. Sail away from the safe harbour. Catch the trade winds in your sails. Explore. Dream. Discover.” – Mark Twain

Webcam Lawsuit: Oh, The Robbins' Boy

2010-02-25T09:56:00.000-08:00

A family claims that a suburban Philadelphia school district used school-issued laptop webcams to monitor students at home, potentially catching them and their families in compromising situations, in a federal lawsuit.

The suit states that Lower Merion School District officials can activate the webcams without students’ knowledge or permission. Plaintiffs Michael and Holly Robbins suspect the cameras captured students and family members in embarrassing situations, according to the suit.

Tom Halperin, a 15-year-old sophomore from Wynnewood, said students are “pretty disgusted” and have started putting masking tape over their computer webcams and microphones. He noted that his class recently read “1984,” the George Orwell classic that coined the term “Big Brother.”

"The accusations amount to potentially illegal electronic wiretapping", said Witold J. Walczak, legal director of the ACLU of Pennsylvania, which is not involved in the case. “School officials cannot, any more than police, enter into the home either electronically or physically without an invitation or a warrant,” Walczak said.

The school district could not immediately confirm whether it has the ability to activate the webcams remotely, a spokesman said.

“We can categorically state that we are and have always been committed to protecting the privacy of our students,” said the spokesman, Doug Young.

The affluent district prides itself on its technology initiatives, which include giving laptops to each of the approximately 2,300 students at its two high schools.

“It is no accident that we arrived ahead of the curve; in Lower Merion, our responsibility is to lead,” Superintendent Christopher W. McGinley wrote on the district Web site. McGinley did not immediately return a message left Thursday by The Associated Press.

The Robbinses said they learned of the alleged webcam images when Lindy Matsko, an assistant principal at Harriton High School, told their son that school officials thought he had engaged in improper behavior at home. The behavior was not specified in the suit.

“(Matsko) cited as evidence a photograph from the webcam embedded in minor plaintiff’s personal laptop issued by the school district,” the suit states.

Neither the Robbinses nor their lawyer, Mark S. Haltzman, returned messages left Thursday by The Associated Press.

In 2001, the U.S. Supreme Court reaffirmed the privacy of the home in a case that said police could not permeate a home with infrared lights to see if a suspect was using heat lamps to grow marijuana. Technology or no, Supreme Court precedents “draw a firm line at the entrance to the house,” Justice Antonin Scalia wrote.

This post contains excerpts from the Associated Press article, Report: Philadelphia School Spied on Students via Laptops, by Maryclaire Dale, February 19th, 2010.

Cyber War: Today We Lose

2010-02-24T10:40:00.000-08:00

"If we were in a cyberwar today, the United States would lose," Michael McConnell, former director of national intelligence, testified Tuesday before a hearing of the Senate Commerce, Science and Transportation Committee.

"This is not because we do not have talented people or cutting edge technology; it is because we are simply the most dependent and the most vulnerable," said McConnell, a retired Navy admiral who heads the business consultancy Booz Allen Hamilton's national security business. "It is also because we have not made the national commitment to understanding and securing cyberspace."

McConnell's testimony wasn't the only disturbing words heard at the hearing.

Scott Borg, director and chief economist of the independent and not-for-profit research institute, U.S. Cyber Consequences Unit, testified that the theft of business information via the Internet represents a bigger potential loss than losses due to personal identity theft and associated credit card fraud. Corporations could lose profits as well as long-term viability if its business secrets were stolen by a foreign competitor, he said.

James Lewis, senior fellow at the non-partisan Center for Strategic and International Studies and project lead of the CSIS's Commission on Cybersecurity for the 44th Presidency, said Congress might need to impose some regulations on the private sector - which controls 85 percent of the nation's critical IT infrastructure - to assure its safety. Although Internet pioneers envisioned a largely self-governing environment, he said the Internet has turned into the "wild, wild west" and encouraged Congress to enact legislation to provide closer government scrutiny on key private-sector IT systems. "We do not expect airlines to defend our airspace against enemy fighter planes, and we should not expect private companies to defend cyberspace against foreign governments," he said.

Indeed, kicking off the hearing, panel chairman John Rockefeller, D.-W.Va., suggested the government must be involved in helping safeguard critical privately controlled IT systems and that businesses must cooperate with the government to help protect federal, state and local information assets. "Neither the government nor the private sector can keep cyberspace secure on their own," he said.

Rockefeller and the committee's ranking Republican member, Sen. Olympia Snowe of Maine, are sponsors of the Cybersecurity Act of 2009, which could serve as the instrument to be used to combine other IT security bills before Congress if their measure reaches the Senate floor.

Snowe, in her opening comments, called for the elevation of the White House cybersecurity coordinator - a post held by Howard Schmidt - to a higher-ranking, cabinet-level and Senate-confirmed position. She and Rockefeller have introduced another piece of legislation to do just that.

For more on following the cyberwar, visit GovInfo Security.

Cisco Kicks HP To The Curb

2010-02-19T07:19:00.000-08:00

In a stunning move, Cisco has announced that it will not renew its System Integrator contract with HP. HP will no longer be a Cisco Certified Channel or a Global Service Alliance Partner after April 30th, 2010. If there was any confusion that Cisco and HP were on a crash course, this move by Cisco should clear that up. Cisco's dropping HP follows the rumor, confirmed by Dell, that Cisco has also stopped plans to manufacture the Nexus 4001d Blade Switch for Dell's M1000e chassis.

About HP, Keith Goodwin, SVP of Cisco World Wide Partner Network, said in Cisco's statement that "the relationship [with HP] has evolved from partner to companies with different and conflicting visions of how to deliver value to our customers. Cisco certified channel partners have access to proprietary information such as product roadmaps and partner profitability initiatives. Given the evolution of our relationship, it no longer makes sense to provide these benefits to HP." Goodwin did say they were working with HP on a plan to manage the support of existing owners of Cisco equipment.

Greg Ferro thinks HP took the first shot at Cisco's space by quietly underselling Cisco switches with HP ProCuve switches at the edge. That may be true, but I can't imagine it's more than nipping at Cisco's heels. Cisco came out swinging with their Unified Computing System (UCS) in 2009 which squarely targets the data center and server markets in which channel partners like HP, Dell, and IBM sell.

Subsequently, HP acquired H3C, giving HP a stable of modern and powerful data center and modular core switches to replace what they resold from Cisco. IBM and Dell have been busy partnering with Juniper and Brocade for switching equipment. IBM is still, apparently, holding onto its relationship with Cisco, but it appears that Dell's has soured.

Representatives from Dell confirmed that Cisco has scrapped plans for the Nexus blade switch and responded "At the Blade I/O layer, we lost one choice point when Cisco chose not to make the Nexus 4000d available for the M1000e chassis. Today, Dell offers many alternatives for integrating our blade infrastructure with a variety of network infrastructures including Cisco, and we have plans to expand our offering in the future." One of those alternatives could be Juniper, who is licensing its Junos operating system to Blade Networks for its chassis switches and has articulated a plan to integrate all of its product lines into a cohesive whole.

The one stop shop data center market looks like this: Cisco is building its own servers and has an array of network products for LAN, WAN and storage networking. HP is adding to its own product line with H3C and can offer HP owned and branded products and partners for most everything else, including Brocade's SAN switches as an OEM. IBM makes its own servers, replying on partners and OEMs for the rest, as does Dell (at least in the data center).

For more on the datacenter battleground with Cisco, HP, and IBM, visit Network Computing.

Legal Liability For Faulty Code

2010-02-18T07:45:00.000-08:00

A consortium of 30 international cybersecurity organizations, in releasing Tuesday an update of the 25 most dangerous programming errors, have proposed standard contract language that would hold software vendors liable for programming errors.

"Nearly every attack is enabled by mistakes programmers make that provide a handhold for attackers," Alan Paller, director of research at the SANS Institute, one of the consortium members. "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors. And that can only be done if there is a safe harbor."

A safe harbor provision in a contract reduces or eliminates a party's liability on condition that, in this case, the software develop performs its action in good faith.

But IT security consultant and author Gary McGraw characterized the procurement language as "counterproductive and silly." Said McGraw, chief technology officer at the IT security consultancy Cigital: "My prediction is that there will be zero lawsuits, and that this list will do nothing to provide safe harbor in the case of insecure software. There is much more to building secure software than hunting down 25 bugs."

The standard contract language is based on a draft written for the New York State Office of Cybersecurity and Critical Infrastructure Coordination, headed by long-time CISO Wil Pelgrin. The draft states that the "'highest applicable industry standards' should be defined as the degree of care, skill, efficiency and diligence that a prudent person possessing technical expertise in the subject area and acting in a like capacity would exercise in similar circumstances."

Paller said the use of this contract language helps ensure that buyers aren't held liable for faulty coding. "Software vendors can be held liable for their errors because we now have a definitive minimum standard of due care," he said.

Tuesday's announcement listing the top 25 programming errors mirrors much of last year's report, which was endorsed by the National Security Agency and the Department of Homeland Security's National Cybersecurity Division.

The 2010 list prioritizes its entries using recommendations from 28 different organizations that have evaluated each weakness based on prevalence and importance. The new list introduces focused profiles to allow developers and other users to select the parts of the Top 25 that are most relevant to their concerns. It also provides effective mitigations, to aid in reducing or wiping out entire groups of weaknesses.

This post is excerpted from the GovInfo Security article, Holding Software Vendors Legally Liable for Errors They Create, by Linda McGlassen.

Bank of America Teller Pleads Guilty

2010-02-16T11:20:00.000-08:00

BOSTON, MA—A former Bank of America teller was convicted today in federal court on charges of Bank Fraud and Identity Fraud.

United States Attorney Carmen M. Ortiz and Warren Bamford, Special Agent in Charge of the Federal Bureau of Investigation - Boston Field Division, announced today that JEFFREY C. GAUTREAUX, age 26, of Peabody, Massachusetts, pled guilty before U.S. District Judge Nathaniel M. Gorton to 17 counts of Bank Fraud and 1 count of Identity Fraud.

At today’s plea hearing, the prosecutor told the Court that had the case proceeded to trial the Government’s evidence would have proven that from November 2004 to February 2006, while GAUTREAUX was employed as a teller for the Bank of America, he used his access to bank customer data to steal customer names and account information. The customer information was used to make unauthorized withdrawals from bank customer accounts. More than $330,000 was fraudulently withdrawn from numerous accounts before a bank customer complained and the bank conducted an internal investigation.

Judge Gorton scheduled sentencing for June 1, 2010. On each of the bank fraud counts GAUTREAUX faces up to 30 years imprisonment, to be followed by five years of supervised release, and a $ 1 million fine. The identity fraud count carries up to 10 years in prison, three years of supervised release and a fine of $250,000.

The case was investigated by the Federal Bureau of Investigation, with the assistance from Bank of America. It is being prosecuted by Assistant U.S. Attorney Victor A. Wild of Ortiz’s Economic Crimes Unit.

For more information, visit the Department of Justice, Federal Bureau of Investigation, or the U.S. Attorney's Office District of Massachusetts.

Priorities

2010-01-30T11:24:00.000-08:00

Famed hacker Kevin Mitnick wrote a book called The Art of Deception: Controlling the Human Element of Security [Wiley Publishing, Inc., 2002], in which 14 of the 16 chapters are devoted to social engineering scenarios that have been played out. If nothing else, the fact that one of the most notorious hackers known—who could write on any security subject he wants—chose to write his first book on social engineering should emphasize the importance of the topic to you.

True story. It happened at a high-security government installation. Access to the facility required passing through a series of manned checkpoints. Professionally trained and competent security personnel manned these checkpoints. An employee decided to play a joke on the security department: He took an old employee badge, cut his picture out of it, and pasted in a picture of Mickey Mouse. He was able to gain access to the facility for two weeks before anyone noticed.

Latest Facebook Ruse

2010-01-28T08:05:00.000-08:00

Looks pretty real, doesn't it.

"Dear Facebook user, In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security. Before you are able to use the new login system, you will be required to update your account. Click here to update your account online now. If you have any questions, reference our New User Guide. Thanks, The Facebook Team"

It isn't.

The botnet kids have spoofed a page, just like they did with AOL last year, added a few new name servers -- those domains are being suspended as you read this -- and are serving you up a heaping helping of client-side exploits and crimeware.

Facebook hasn't changed their login system. It's a ruse. Delete the email, text, instant message, or pigeon that brought you the note.

Good hunting.

Delhi Airport Radar Crash: Cyber Attack?

2010-01-21T09:16:00.000-08:00

The two-hour radar failure at IGI Airport on Thursday has sent alarm bells ringing within both aviation and security circles. The Directorate General of Civil Aviation (DGCA) probe into the incident will examine the possibility of a cyber attack -- the kind usually investigated by the Prime Minister's Office (PMO) and cabinet secretariat. It will also determine how secure the vital ATC systems are against cyber threats and look at ways to fortify them.

While the probe is still ongoing, Airports Authority of India (AAI) officials have all but ruled out cyber attack behind the ATC crash.

"We made the mistake of not delinking the radar screen -- that first went blank -- from the others when we were trying to revive it. We should have put the blank radar on simulator mode. Revival always carries the risk of the system crashing," sources said.

DGCA officials said they would comment on the cause only after the probe. In this case, the entire IGI radar system collapsed with hundreds of aircraft controlled by Delhi ATC were in the air. Delhi airport has suffered this recent third disaster -- earlier surface movement radar problems, and the CAT III-B glitches on day-one of the fog and radar failure.

Additionally, problems have been reported of CAT III-B personnel not being adequately trained.

For more on the Delhi IGI Airport radar failure, visit The Times of India.

The Mystery Shopper Scheme

2010-01-20T08:21:00.000-08:00

The IC3 has been alerted to an increase in employment schemes pertaining to mystery/secret shopper positions. Many retail and service corporations hire evaluators to perform secret or random checks on themselves or their competitors, and fraudsters are capitalizing on this employment opportunity.

Victims have reported to the IC3 they were contacted via e-mail and U.S. mail to apply to be a mystery shopper. Applicants are asked to send a resume and are purportedly subject to an extensive background check before being accepted as a mystery shopper. The employees are sent a check with instructions to shop at a specified retailer for a specific length of time and spend a specific amount on merchandise from the store. The employees receive instructions to take note of the store's environment, color, payment procedures, gift items, and shopping/carrier bags and report back to the employer. The second evaluation is the ease and accuracy of wiring money from the retail location. The money to be wired is also included in the check sent to the employee. The remaining balance is the employee's payment for the completion of the assignment. After merchandise is purchased and money is wired, the employees are advised by the bank the check cashed was counterfeit, and they are responsible for the money lost in addition to bank fees incurred.

In other versions of the scheme, applicants are requested to provide bank account information to have money directly deposited into their accounts. The fraudster then has acquired access to these victims' accounts and can withdraw money, which makes the applicant a victim of identity theft.

Tips

Here are some tips you can use to avoid becoming a victim of employment schemes associated with mystery/secret shopping:

Do not respond to unsolicited (spam) e-mail.
Do not click on links contained within an unsolicited e-mail.
Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Virus scan all attachments, if possible.
Avoid filling out forms contained in e-mail messages that ask for personal information.
Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
There are legitimate mystery/secret shopper programs available. Research the legitimacy on companies hiring mystery shoppers. Legitimate companies will not charge an application fee and will accept applications on-line.
No legitimate mystery/secret shopper program will send payment in advance and ask the employee to send a portion of it back.

Individuals who believe they have information pertaining to mystery/secret shopper schemes are encouraged to file a complaint at www.IC3.gov.

Haiti Earthquake Relief Fraud Alert

2010-01-19T07:45:00.000-08:00

Disasters bring out the best in people during tragic events. Many people volunteer to assist victims and others are willing to make contributions to charities. Disasters also bring out the worst in people, particularity those who desire to benefit from the charity of others. The FBI reminds the public they should apply a critical eye and do their due diligence before giving contributions to anyone soliciting on behalf the Haitian victims. Solicitations can originate from e-mails, Internet Websites, door-to-door collections, mailings, telephone calls, and other similar methods.

Therefore, before making a donation of any kind, consumers should adhere to following guidelines:

Do not respond to unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail, in person or social networking sites.
Beware of organizations with copy-cat names that are similar to those of reputable charities, but are not exactly the same.
Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group's existence and its nonprofit status rather than following a purported link to the site.
Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders.
Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
Do not be pressured into giving contributions. Legitimate organizations do not use these methods.
Do not give your personal or financial information to anyone who solicits contributions: providing such information may compromise your identity and make you vulnerable to identity theft.
Avoid cash donations if possible. Pay by a credit card or write a check to the charity.
Do not write checks to individuals.

If you believe you have been a victim of fraud from someone or an organization who was soliciting on behalf Haitian victims, contact the National Center for Disaster Fraud at:
(866) 720-5721, fax
(225) 334-4707 or e-mail disaster@leo.gov.

Anyone who has received an e-mail soliciting donations or is aware of fraudulent charity websites claiming to be collecting for Haitian victims, please notify the IC3 via www.ic3.gov.

This alert was released from the FBI National Press Office.

The Great American Novel

2010-01-13T06:53:00.000-08:00

There was once a man who, in his youth, professed a desire to become a "great" writer.

When asked to define "great" he said "I want to write stuff that the whole world will read, stuff that people will react to on a truly emotional level, stuff that will make them scream, cry, wail, howl in pain, desperation, and anger!"

He now works for Microsoft writing error messages.

Mac OS X Vulnerability Online

2010-01-12T09:12:00.000-08:00

Computer users’ concern for security usually involves something more than the need to protect personal information online; they’re also concerned about the security of files and data stored on their local computers.

Proof of concept code has been posted online that details a vulnerability that can be exploited in some versions of the Mac OS X operating system. The vulnerability is in both versions 10.5 and 10.6 of the Mac OS and is a buffer overflow error that arises from the strtod function in the underlying Unix code used for the Mac OS.

The proof of concept code was posted by a security researcher at a security firm called SecurityReason. This is not the first that has been heard about the vulnerability though. The vulnerability was first announced by Maksymilian Arciemowicz last June.

For more information, visit Security Reason or Information Week.

Heartland To Pay Visa $60M For Data Breach

2010-01-09T06:27:00.000-08:00

Heartland Payment Systems announced yesterday that it will pay Visa-branded credit and debit card issuers up to $60 million to cover losses incurred from the Heartland data breach. It is the largest known settlement amount ever paid to Visa as a result of a breach, eclipsing the TJX settlement of $40.9 million in November 2007.

In a statement, Heartland and Visa say the $60 million payment will be subject to certain conditions, including a specified level of participation by Visa issuers. Visa says it will provide issuers details in the coming days. The data breach involved an estimated 130 million credit and debit cards, although not all of them were Visa branded. This settlement with Visa is over 15 times larger than Heartland's $3.6 million settlement with American Express, which was announced in December.

Keep in mind that Mastercard is still in the mix. For more, visit Credit Union InfoSecurity.

.458 SOCOM

2010-01-08T12:32:00.000-08:00

Ralph Lermayer put together an article for Military.com recently, reviewing the .458 SOCOM and the AR platform from which you can loose it for one-shot stopping power.

There are several ways new cartridges come into the world. One is the military. They put out a request for a set of specs they want, and arsenals and commercial manufacturers go into high gear until the round is created. The .308, .223, 7mm Mauser, and venerable .30-06 were all created this way.

Then, there are the guys in lab jackets at the commercial plants who try to bring out new commercial cartridges with a little more oomph and, hopefully, sales appeal. The recent rush of short and super-short cases that followed the .300 RUM are a perfect example of this, as are the .444 Marlin, .338 Federal along with many others.

Then, of course, you have the "wildcatters" who take everything out there and neck it up and down just to see what happens. Occasionally they hit a home run, and the likes of the .22-250, .257 Roberts, 6.5x284, or .224 TTH are born.

This cartridge, however, the .458 SOCOM (.458 Special Operations Command) was reportedly given birth over a barbeque and some cold brew. It was at an informal gathering of special ops personnel, specifically Task Force Ranger, when the subject of stopping power came up. It seems it took multiple hits to permanently take the opposition "out of the game" in Mogadishu, Somalia. The consensus was a one-shot stop would sure be nice. Marty ter Weeme, founder of a company called Teppo Jutsu, L.L.C., went to work. In 2000 a sledgehammer cartridge that would launch 250- to 600-grain .45 caliber bullets from a standard size AR-15 with a proper barrel and chamber was born — enter the .458 SOCOM.

For more of Ralph's review, visit Military.com.

Taser-Cisco Evidence Database

2009-12-30T12:38:00.000-08:00

Taser International, the supplier of a stun gun device for police forces, is seeking to become the supplier of a video cam that can be worn by police officers as they conduct investigations. At the end of a shift, the camera is locked into a docking device and the video uploaded to an online storage service, Evidence.com.

The cloud-based virtual data warehouse of Evidence.com will need to store video from different police agencies in a reliable, secure manner, with no danger of digital video evidence being lost in the event of a system failure. The warehouse is being powered by new blade server and network fabric, and Cisco's Unified Computing System. Taser Chairman Tom Smith foresees thousands of global law enforcement agencies making use of it.

Smith said state highway patrols and other agencies already make use of video systems in their patrol cars. The system is only good for recording events directly in front of the patrol car, such as during a traffic stop. But when disputes over an officer's conduct arise, the officer "is acquitted 96% of the time" when there is in-car video evidence available. Because of that, Smith believes that a more flexible video capture system will be widely used by police officers and come to be relied upon as evidence in court.

"It's almost like an additional shield of safety. It reduces complaints, and when complaints arise, it gives officers a higher degree of vindication," he said in an interview.

The Evidence.com data warehouse captures video in a 30 second loop from a videocam worn over an officer's ear. It starts recording continuously when the wearer pushes a button that tells it to come out of its loop mode. Officers would start filming when they confront a situation to which they have been called or are in the process of apprehending a suspect.

The video cannot be downloaded from the camera device for editing by anyone; it can only be uploaded through the docking station and stored in Evidence.com over an encrypted link. At that point, a backup copy is made. The video can then be accessed by a police evidence officer, who can download a copy, create an edited " director's cut," etc. but the raw footage remains unchanged and under lock and key as a primary source.

For more, visit Information Week.

Bombing Attempt of Detroit Flight 253

2009-12-28T07:35:00.000-08:00

WASHINGTON—A 23-year-old Nigerian man was charged in a federal criminal complaint today with attempting to destroy a Northwest Airlines aircraft on its final approach to Detroit Metropolitan Airport on Christmas Day and with placing a destructive device on the aircraft.

According to an affidavit filed in support of the criminal complaint, Umar Farouk Abdulmutallab, 23, a Nigerian national, boarded Northwest Flight 253 in Amsterdam, Netherlands on December 24, 2009 and had a device attached to his body. As the flight was approaching Detroit Metropolitan Airport, Abdulmutallab set off the device, which resulted in a fire and what appears to have been an explosion. Abdulmutallab was then subdued and restrained by the passengers and flight crew. The airplane landed shortly thereafter, and he was taken into custody by Customs and Border Patrol officers.

A preliminary FBI analysis found that the device contained PETN, also known as pentaerythritol, a high explosive. Further analysis is ongoing. In addition, FBI agents recovered what appear to be the remnants of the syringe from the vicinity of Abdulmutallab’s seat, believed to have been part of the device.

“This alleged attack on a U.S. airplane on Christmas Day shows that we must remain vigilant in the fight against terrorism at all times,” Attorney General Eric Holder said. “Had this alleged plot to destroy an airplane been successful, scores of innocent people would have been killed or injured. We will continue to investigate this matter vigorously, and we will use all measures available to our government to ensure that anyone responsible for this attempted attack is brought to justice

Abdulmutallab required medical treatment and was transported to the University of Michigan Medical Center after the plane landed. He will make his initial court appearance later today.

Interviews of all of the passengers and crew of Flight 253 revealed that prior to the incident, Abdulmutallab went to the bathroom for approximately 20 minutes, according to the affidavit. Upon returning to his seat, Abdulmutallab stated that his stomach was upset, and he pulled a blanket over himself. Passengers then heard popping noises similar to firecrackers, smelled an odor, and some observed Abdulmutallab’s pants leg and the wall of the airplane on fire. Passengers and crew then subdued Abdulmutallab and used blankets and fire extinguishers to put out the flames. Passengers reported that Abdulmutallab was calm and lucid throughout. One flight attendant asked him what he had had in his pocket, and he replied “explosive device.”

These prosecutions are being handled by the U.S. Attorney’s Office for the Eastern District of Michigan, with assistance from the Counterterrorism Section of the Justice Department’s National Security Division.

The investigation is being conducted by the Federal Bureau of Investigation, U.S. Customs and Border Protection, and the Joint Terrorism Task Force. The public is reminded that criminal complaints contain mere allegations, and a defendant is presumed innocent until proven guilty.

Blackberry Down Again

2009-12-27T08:37:00.000-08:00

Reaserch in Motion (RIM) just can't seem to catch a break. Just five short days after the BlackBerry Internet Service went down for several hours, North and South American users found themselves again without e-mail. This time, the outage lasted for nearly eight hours and, according to some reports, even caused problems for some European and Asian customers.

In a statement e-mailed to some users and news services, RIM said that "based on preliminary analysis, it currently appears that the issue stemmed from a flaw in two recently released versions of BlackBerry Messenger." RIM has issued a fix for the versions believed to have caused the issue -- 5.0.0.55 and 5.0.0.56 -- but the company was careful to explain it was still investigating the root cause.

RIM apologized for the inconvenience, but refused to comment further, leaving plenty of questions unanswered. For one, with outages becoming more and more frequent (Is this the third or fourth in the last two months?), does the company have an actionable plan to prevent future disruptions? Are the recent spate of outages connected in any way? And how does it plan to stave off pressure from Apple and Google when it can't even keep its mobile e-mail service (its supposed strong suit) up and running?

For more information visit RIM, PC World, Canada.com, Wall Street Journal, or PC Magazine.

Heartland To Pay Amex $3.6M For Data Breach

2009-12-23T09:23:00.000-08:00

Heartland Payment Systems will pay $3.6 million to American Express to settle charges relating to Heartland's landmark data breach.

The payment, Heartland says in a press release announcing the settlement, resolves "all intrusion-related issues between the two parties" regarding the breach of an estimated 130 million credit and debit cards.

"We are pleased to have reached an equitable settlement with American Express," says Bob Carr, Heartland's chairman and chief executive officer. "This settlement marks the first agreement with a card brand related to the intrusion."

The U.S. Department of Justice has charged Albert Gonzalez and other accomplices with the Heartland attack, and says that it was only one of several other companies that Gonzalez and the other hackers targeted with SQL injection attacks.

The other companies hacked include 7-Eleven and Hannaford Brothers. Credit card companies, including American Express, Visa and MasterCard, were forced to cancel and reissue credit cards because of the Heartland data breach. Banks and credit unions have also sued the payments processor to recoup the costs of reissuing cards and to cover the cost of fraud that resulted from the breach.

Earlier this year, Heartland said it had put aside more than $12 million to cover the charges related to the breach. Heartland is expected to be sued by other brands, including Visa and MasterCard.

For more details, visit Credit Union Information Security.

Business Background Investigation

2009-12-07T06:39:00.000-08:00

In many ways, a business is like an individual. It has a past, a culture and it interacts with many others each day. Like some people, what you see may not represent what that business is really all about. Oftimes, it takes an objective third party to investigate a company or corporation which you are interested in purchasing, considering a merger, are involved in litigation with, or are just plain questioning who they may be hiring or how they're doing business.

Knowledge is the crucial factor in staying ahead of the competition. Contrary to popular belief, what you don’t know can hurt you. Many businesses have hidden liabilities and hidden histories or illicit behavior that few other than a private third party investigator can uncover.

Due Diligence is an examination of a company's investment banking and accounts of the company's management, operations, financial condition, competitive position, performance, and business objectives and plan, as well as information regarding the company's labor force, suppliers, customers, and industry. Another common definition of due diligence (also known as due care) is the effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Failure to make this effort is considered negligence. For those who are involved in making the purchase decision for a group of investors, keep the potential ramifications of not hiring an expert to assist with due diligence in mind. More and more people involved in facilitating a business deal end up in court over a lack of proper due diligence.

There are several reasons for conducting due diligence, including confirming a business is what it appears to be, identifying potential "deal killer" defects in the target business to avoid a bad business transaction, gaining information for valuing assets, defining representations and negotiating pricing, or just plain verifying that the transaction complies with the investment or acquisition criteria.

Searching for undisclosed litigation or regulatory problems, verifying transactions and terms with vendors, interviewing former employees about the true condition of the company and the roles of key staff in the business, verifying receivables are from non-related and legitimate sources capable and willing to make payment and verifying ownership of property, plant and equipment.

The trick is to engage the third party for the due diligence, even though you could do it yourself. Engaging the third party ensures that the research and findings stay objective, aren't diluted by day-to-day operational bias, and ensure that you get the "effort made by an ordinarily prudent or reasonable party to avoid harm." That way, when that nasty little deal-breaker does show up, it doesn't become a personal issue for the personalities involved.

It is what it is.

Starwood Moving to Connecticut

2009-12-01T07:18:00.000-08:00

Lured by government incentives worth as much as $89.5 million, Starwood Hotels & Resorts Worldwide Inc. will move its corporate headquarters to Stamford, Conn., from New York's Westchester County, Connecticut Gov. M. Jodi Rell said Wednesday.

The relocation, slated to be completed in 2012, will bring an estimated 800 jobs to the state, Ms. Rell said. The incentives include a $9.5 million loan, as much as $5 million in sales tax relief and up to $75 million in tax credits.

State and local governments in the New York City region have regularly used these types of incentives to woo each others businesses. New Jersey earlier this fall used an $89 million incentive package to convince the Depository Trust & Clearing Corp. to move 1,600 employees from New York City to Jersey City.

For more, visit The Wall Street Journal.

XM-25 Smart Weapon

2009-11-19T07:11:00.000-08:00

FORT BELVOIR, Va. - A Soldier successfully shoulder-fired a "smart" High Explosive Airburst, or HEAB round for the first time Aug. 11 from the XM-25 weapon system at Aberdeen Test Center, Md.

The Army plans on purchasing more than 12,500 XM-25 systems starting in 2012, which will be enough to put one in each Infantry squad and Special Forces team, according to officials at Program Executive Office-Soldier.

At first glance, the XM-25 looks like something out of a Sci-Fi movie. It features an array of sights, sensors and lasers housed in a Target Acquisition Fire Control unit on top, an oversized magazine behind the trigger mechanism, and a short, ominous barrel wrapped by a recoil dampening sleeve.

Unlike a Hollywood prop, however, this weapon is very real and designed to accurately deliver an explosive round that neutralizes targets at distances of up to 700 meters - well past the range of the rifles and carbines that most Soldiers carry today.

"What makes this weapon system truly revolutionary is the ability to target the enemy, pass on this information to the sensors and microchips of its 25mm HEAB round, and have that round detonate over the target," explained Maj. Shawn Murray, a Soldier Weapons assistant product manager in PEO Soldier, the organization responsible for developing the XM-25.

To read more on the XM-25, visit Military.com.

ATT Service Downed By Cut Fiber Cable

2009-11-18T07:30:00.000-08:00

Access to AT&T’s webmail was interrupted Monday morning because a fiber optic cable was disabled. The service was working again by 10:15 a.m. E.S.T.

“Due to a fiber cut, access to www.att.net was temporarily impacted earlier this morning,” company spokesman Mark Siegel wrote in an e-mail. “Access to the att.net site has been restored.”

The outage cut off users from their AT&T Web-based e-mail and other services for several hours. Some AT&T users reported difficulties last night as well, according to a news report.

AT&T, the largest US telecom company, has seen a surge of users to its wireless service because of the popularity of Apple’s iPhone.

How 'Bout Them Cowboys!

2009-11-10T09:30:00.001-08:00

Facebook: 750K Fake Password Resets

2009-10-28T21:59:00.000-07:00

A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.

The attack, which began Monday afternoon, according to e-mail security vendor Cloudmark, targets Facebook users with a spoofed message that claims recipients' Facebook passwords have been reset as a security measure. The messages, which come bearing subject lines such as "Facebook Password Reset Confirmation," include a file attachment that supposedly contains the new password.

In fact, the attached .zip file includes a Trojan downloader, dubbed "Bredlab" by some antivirus companies, "Bredolab" by others. The downloader grabs a variety of malware from hacker servers, including fake security software , or "scareware," and installs attack code and rogue antivirus applications on the compromised PCs.

Multiple security companies, including Symantec, Trend Micro, MX Lab and Websense, have put out warnings about the attack campaign. "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet," said Shunichi Imano, a security researcher at Symantec, in a post to the firm's security blog.

To read more of the article, visit ComputerWorld, The Voice of IT Management.

Remember Your Regiment

2009-10-21T14:23:00.000-07:00

I met with a trio of very smart guys a few days ago, and I had forgotten how difficult it is to steer the conversation away from the military experience once its out in the open that you're former special forces. Yes. It is the coolest, most difficult, most fulfilling, most damgerous and most demanding job you will never get to talk about.

It will take you from the marbled lobbies of Washington, D.C., to the desolate sands [just throw a dart at the map] of the Middle East. It will teach you anything from how to order another round in Japanese [ah no, san pai kudasai yo], to how to disable a SCUD mobile transporter erector launcher without everything going boom-hiss-gurgle [good luck with that one].

The saving grace was that one of my inquisitors was an old Eleven-Bravo, and he quickly overcame the natural curiousity to pursue his line of questioning, realising that there are still some things that you just don't talk about outside iso'. Things like where you've been outside our borders and what you've done there are still very much verboten. It doesn't matter if you took the fatigues off twenty years ago or yesterday.

The first rule of Fight Club is you do not talk about Fight Club.

Yes, there are very eloquent paragraphs of verbiage inserted smartly in the resumes of a good many former shooters and operators and collectors. None of them will answer those questions.

"Senior enlisted intelligence manager for army special forces group dedicated to United States Joint Chiefs for strategic and tactical operations. Managed organization’s intelligence collection, production and reporting. Organization’s national-level intelligence liaison for all disciplines. Developed operations plans and estimates for UNPROFOR, U.S. forces commanders and civilian administration dignitaries. Additional duties: Airborne Operations Manager, Command Inspection Program Manager, Multi-Discipline Counter-Intelligence [MDCI] Senior Advisor, Security Inspection Program Manager"

See what I mean?

Here's good stuff, if you don't already have a dog-ear'd copy of your own. Mark Lonsdale published the Bible of CQB back in 1991, and it remains the baseline for close quarters battle tactics to this day. I wore out my first copy back in the day, ever-present in my cargo pocket, when it wasn't competing for space with my Ranger Handbook. Or getting "lost" in the teamhouse.

Remember Your Regiment!

Hot Standby Router Protocol

2009-10-20T13:54:00.000-07:00

One way to achieve near-100 percent network uptime is to use the Cisco proprietary HSRP, which provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop failures in network edge devices or access circuits.

By sharing an IP address and a MAC (Layer 2) address, two or more routers can act as a single "virtual" router. The members of the virtual router group continually exchange status messages. This way, one router can assume the routing responsibility of another, should it go out of commission for either planned or unplanned reasons. Hosts continue to forward IP packets to a consistent IP and MAC address, and the changeover of devices doing the routing is transparent.

Using HSRP, a set of routers works in concert to present the illusion of a single virtual router to the hosts on the LAN. This set is known as an HSRP group or a standby group. A single router elected from the group is responsible for forwarding the packets that hosts send to the virtual router. This router is known as the Active router. Another router is elected as the Standby router. In the event that the Active router fails, the Standby assumes the packet-forwarding duties of the Active router. Although an arbitrary number of routers may run HSRP, only the Active router forwards the packets sent to the virtual router.

To minimize network traffic, only the Active and Standby routers send periodic HSRP messages once the protocol has completed the election process. If the Active router fails, the Standby router takes over as the Active router. If the Standby router fails or becomes the Active router, then another router is elected as the Standby router.

For a step-by-step walkthru-talkthru, visit HSRP Configuration.

To read more about HSRP, including command line and interface tracking, visit Cisco.com.

Do Something Incredible

2009-10-18T08:54:00.000-07:00

''Tomorrow I'm going to get up and sail around the world!"

I'll keep this update even shorter but just letting you all know, if you havent already heard, that tomorrow is finally the big day. I'll be leaving the marina at around 0845 in the morning and clearing the Sydney heads soon after. The forecast is looking pretty positive and I'm just itching to get out there. I've had a nice final day fiddling round on Ellas Pink Lady and doing a little last minute packing with family and friends. Its hard to believe that the big day is almost here!!

Jesse

“Twenty years from now, you will be more disappointed by the things you did not do than by the things you did do. So, throw off the bowlines. Sail away from the safe harbour. Catch the trade winds in your sails. Explore. Dream. Discover.” – MARK TWAIN

“Today, I am going to sail around the world."

If you haven't already seen or heard about it, sixteen-year-old Jessica Watson set out today from Sydney, Australia, on her 34-foot yacht The Pink Lady to become the youngest person to ever sail solo, non-stop and unassisted around the world. To follow the trek and show your support, visit Jessica Watson.

What did you do this weekend?

SSL: Social Engineering

2009-10-13T07:40:00.000-07:00

This post is excerpted from the Internet Storm Center update, Some interesting SSL spam, by Mark H., October 12th, 2009.

A few people have mentioned (Thanks Luke, Anon, et all) that they have started receiving SPAM messages along the following lines:

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.

http://evil-link/evil-file

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

Not sure what the evil is, as the links I received have been dead, so if you do receive one of these messages please let us know. If you follow the link, be prepared for surprises and do it on a system that you do not care about (and that does not mean the computer belonging to the annoying fellow/gal sitting two desk away.)

One of the reasons I like this is that the reason to many people it would seem quite plausible, especially if they are running an internal CA at the site. They may have received messages like this from their own support desk. So in a targeted attack this could work quite nicely. The English isn't bad either.

UPDATE
the sample file we received was named patch.exe MD5=9abc553703f4e4fedb3ed975502a2c7aZBOT characteristics, so trojan, keylogger, disables AV. http://www.threatexpert.com/report.aspx?md5=9abc553703f4e4fedb3ed975502a2c7aIf you have a sample with a different hash please upload it through the contact form.

UPDATE 2
In the samples received the URL used in the message typically has a component relating to the organisation itself. e.g. http://something..thehostingdomain/somefile.aspx Embedding the company domain will make it look a little bit more legit to the user.

To continue following this stream visit The Internet Storm Center.

Most Sincere Thanks, For The Long Run

2009-10-12T10:29:00.000-07:00

There is no vacation so treasured than one spent with closest family. Thank you so much for allowing me to visit you all at Chateau de Hess. It was an outstanding visit for me, enjoyed every moment, and look forward to the opportunity when we can do it again.

Many will agree with me when I say that you can still learn a lot from family. But you may be surprised where that wisdowm comes from. It's not just from your close confidantes, and mentors, and sponsors of your business enterprises. You'll learn that you have nephews that are brilliant and insightful beyond their years, in the moment it takes to digest an update from Bloomberg. You'll learn that you have neices that are courageous and compassionate, driven as strong as any captain of industry, in the simple act of finding a lost kitten in all the nooks and crannies of an immense house. You'll also learn that behind every succesful man is the fount from which he draws his strength, sometimes in sips as often as buckets, the unshakeable lady of the house.

I also learned that there is no better way to cap an outstanding event than that which I learned from my younger sibling, another individual that I found over the course of my visit that enjoys a wisdom far beyond his thirty-some years. At the end of the return drive home that he shared with me, before the car returned him, we shared a cigar on the lawn.

But it wasn't just any cigar. The Hoyo de Monterey Excalibur 1066 has always been my favorite. Suffice it to say that The Excalibur and I have a long history with occassions of personal and professional importance.

I'm not necessarily talking about those zen-like moments of the cutting and lighting and perfect burn. I'm talking about the moment that happens, almost by accident, when two gentlemen stand on the lawn over a good cigar--okay, an outstanding cigar--taking in the quiet suburban neighborhood, looking back on the events of recent note, and looking forward to the challenges ahead. In that moment, something magical happens.

Conversation. Realisation.

In the long run, you may not think it even mattered what you talked about. But it will. In the long run, you may not even realise that you've discovered the strengths and weaknesses of the gentleman in front of you and subconciously committted to sharing those strengths and championing those weaknesses. But you will. In the long run, you'll realise that it doesn't matter who the President is this term, or how the economy is doing this month, or how your landscaper is the best there is.

What matters, in the long run, is the relationship you share with the gentleman, the brother, the comrade in arms. For it is in these moments that you realise all of these things. And it is moments like these, in the long run, that you remember always.

And maybe, just perhaps, your choice of cigar.