The four people arrested two days ago for allegedly planning to blow up fuel tanks and terminals at New York’s JFK Airport used Google Earth to help plan their attacks, reports the New York Times and others. That leads to the inevitable question: Does Google Earth help terrorists plan their actions?
The answer is an unequivocal no. Detailed satellite maps have long been available to anyone with enough money to pay for them. They’re used in every kind of commerce imaginable, from forest management to weather forecasting, and far more. If a would-be terrorist wanted to get a satellite map of an area, he’d be able to easily get it, Google Earth or no.
Popularity: unranked [?]
Read more at rcbarnett
Networking security
Government/Regulations, Networking security
Zulfikar Ramzan is right on in his demolition of Mikko Hypponen’s idea for a ".bank" top-level domain.
Writing on Symantec’s Security Response weblog, Zully basically… uhhh… urinates all over Mikko’s plan (although he’s a lot more diplomatic than that). Some choice cuts:
Phishers don’t have to use the .bank extension and most users will fail to notice … if you look at almost every phishing site these days, the URL itself is a blatant giveaway that you’re not at an authentic site
Read more at rcbarnett
Government IT security
Government/Regulations
The FBI doesn’t use even the most basic network security techniques, such as protecting against insider threats, patching its servers, or using strong encryption techniques, according to a report from the federal Government Accounting Office (GAO). In fact, if the report is to be believed, the FBI’s network appears to be less secure than your corporate network.
The GAO conducted a security assessment for one of the FBI’s critical networks, and the results weren’t pretty. The FBI, it found, didn’t properly authenticate users, log and audit security-related events, protect the physical network, use strong encryption, or patch servers and workstations in a timely way.
Popularity: unranked [?]
Read more at rcbarnett
Networking security
Government/Regulations, Networking security
I guess it’s OK to call Robert Soloway a spammer — he’s already been convicted in U.S. civil charges of spamming in 2003.
This time though, he’s been arrested on criminal charges, brought by the FTC. The list of laws he’s alleged to have broken is extensive:
10 counts of mail fraud
5 counts of wire fraud
5 counts of identity theft (aggravated)
13 counts of money laundering
2 counts of email fraud (the only counts related to the CAN-SPAM Act)
If convicted, the possible penalties add up to a very long time in jail. Aunty BBC thinks 65 years, but that estimate might be on the high side…
Popularity: 3% [?]
Read more at rcbarnett
Government IT security
Enterprise-Applications, Government/Regulations
If you’re not frightened by the Chinese economic juggernaut, this may give you pause: China has been developing sophisticated tools for international cyberwarfare, starting as far back as 2000.
The U.S. Department of Defense recently reported that the Chinese military "has established information warfare units to develop viruses to attack enemy computer systems and networks," according to the IDG News Service.
The Department of Defense also said that since at least 2000, "China has the capability to penetrate poorly protected U.S. computer systems and potentially could use CNA [computer network attacks] to attack specific U.S. civilian and military infrastructures."
Popularity: unranked [?]
Read more at rcbarnett
Networking security
Government/Regulations, Networking security
Another Monday, another IT Blogwatch: in which we return to last Monday’s story about Aunty Beeb’s Wi-Fi "radiation" fears. Not to mention how to barcode yourself…
Glenn "WiFi News" Fleishman reminds us what this is all about:
The BBC recently ran a terrible half-hour program on the risks from Wi-Fi to ‘the children.’ While there’s no reason to not study the matter further, the report relied on measurements taken by a lobbyist who also sells tinfoil hats and measurement devices to those afraid of wireless signals. The report also seemed to systematically avoid using the scientific method, instead relying on vagueness and analogy. There’s no reliable [evidence] (peer reviewed, etc.) that shows any risk from Wi-Fi, and the cell phones studies performed on real populations (instead of lab conditions with high signal strength and rats and such) show no increased risk for specific cancers.
The Grauniad’s Ben Goldacre spits blood:
This show was on the suppressed dangers of radiation from Wi-Fi networks, and how they are harming children. There was no science in it, just some “experiments” they did for themselves, and some conflicting experts. Panorama disagreed with the WHO expert, so he was smeared for not being “independent” enough, and working for a phone company in the past. I don’t do personal smear. But Panorama started it. How independent were they, and the “experiments” they did?
Popularity: 84% [?]
Read more at rcbarnett
Mobile/Wireless
Government/Regulations, Mobile/Wireless, SMB
This article in Computerworld discusses some of the changes happening in the encryption environment and also addresses some possible options, such as selective encryption, or newer processes that perform encryption "on the fly", but again I’m not convinced that it isn’t another case of someone trying to throw a "solution" at an under researched "problem".
I guess there’s only so many topics to talk about, and every time there’s another data loss publicized, this one comes up. While there is no doubt some information needs to be protected through the use of encryption based on its sensitivity, or the manner in which its used, it isn’t a requirement for ALL information. Even personally identifiable information (PII) only needs to be encrypted if it’s handled in a manner that could potentially expose it to others, while in transit, in storage by a third party, or on a system that could potentially be exposed to unauthorized sources. It’s important to do an assessment of the information you have and how it’s managed to determine the need for encryption.
Read more at rcbarnett
Data Security, IT security Management
Data Security, Government/Regulations, IT security Management, Storage
Won’t somebody think of the children? It’s Monday’s IT Blogwatch: in which Aunty Beeb scares us all over Wi-Fi "radiation". Not to mention a Disney parody explanation of copyright law and fair use…
BBC TV’s Panorama series speaks of, "a Wi-Fi revolution…":
…with offices, homes and classrooms going wireless – but there is concern the technology could carry health risks. The Government insists Wi-Fi is safe, but a Panorama investigation shows that radio frequency radiation levels in some schools are up to three times the level found in the main beam of intensity from mobile phone masts. There have been no studies on the health effects of Wi-Fi equipment, but thousands on mobile phones and masts.
The radiation Wi-Fi emits is similar to that from mobile phone masts. It is an unavoidable by-product of going wireless … In 2000, Sir William Stewart … headed the government’s inquiry into the safety of mobile phone masts and health. He felt the scientific research was sufficient to apply a precautionary approach when siting masts near schools … But what about Wi-Fi? The technology is similar to mobile phone masts and in use in 70 per cent of secondary schools and 50 per cent of primary schools.
…
Readings … showed the … signal strength to be three times higher in the school classroom using Wi-Fi than [that of] a mobile phone mast. The findings are particularly significant because children’s skulls are thinner and still forming and tests have shown they absorb more radiation than adults.
Read more at rcbarnett
Mobile/Wireless
Government/Regulations, Mobile/Wireless, SMB
The once-warm relations between the U.S. and Russia have turned decidedly cool — so much that a new Cold War may be on the way. This time around, though, the war may be fought with bytes rather than bullets.
In fact, it appears that Russia may have already launched a small cyberwar against Estonia, previously part of the Soviet Union. Russia has never been happy that the Baltic states became independent, and has had a tense relationship with them ever since they broke away.
Russia was particularly displeased when Estonia planned to move a Soviet statue away from the city center and out to a military cemetery. The Russian minority rioted, and at the same time, Estonia was hit by a massive cyber attack.
Read more at rcbarnett
Networking security
Government/Regulations, Networking security
It just became much, much easier for the FBI to tap your Internet connection or listen in on your VoIP call. This past Monday was the deadline for all ISPs, VoIP providers, and some universities to comply with the Communications Assistance for Law Enforcement Act (CALEA).
CALEA requires that "telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities."
In other words, they have to provide an easy way for the FBI and other law enforcement agencies to be able to tap your Internet connection, phone, VoIP call, and more.
Read more at rcbarnett
Networking security
Government/Regulations, Networking security
As happens now and then, the following ran in Thursday’s Security newsletter.
So help me, I will send a shiny quarter to anyone who can promise me that for a week… heck, for a BUSINESS week… they will personally see to and vouch for Florida’s good behavior. As of today they’re batting .500 for leading the security newsletter this week. People are going to talk.
Yesterday it was a machine that, lacking five years’ worth of assorted patches, exposed Florida’s voter database system to Slammer infection. Today it’s another Sunshine State problem that, like Wednesday’s elderly PC, isn’t getting addressed ’til officials get darn good and ready.
Read more at rcbarnett
Government IT security
Government/Regulations
If Congress gets its way, the NSA’s massive, unauthorized wiretapping and Web-tapping program will be banned. The House of Representatives just passed a law saying that the NSA cannot perform any electronic surveillance except under an existing law — a law that the NSA, with President Bush’s approval, has ignored.
The House just passed HR 2082, which authorizes funding for intelligence activities. It also explicitly states that the the Foreign Intelligence Surveillance Act of 1978 is "the exclusive means by which electronic surveillance may be conducted for gathering foreign intelligence information."
Read more at rcbarnett
Networking security
Government/Regulations, Networking security