Monday, October 11, 2010

In the rush for “Free phone calls” are we forgetting to secure the systems?

In Australia, Rising VoIP Attacks Mean Huge Bills For Victims

Posted by timothy on Sunday October 10, @07:12PM

"Australian network companies have told of clients receiving phone bills including $100,000 worth of unauthorised calls placed over compromised VoIP servers. Smaller attacks have netted criminals tens of thousands of dollars worth of calls. A Perth business was hit with a $120,000 bill after hackers exploited its VoIP server to place some 11,000 calls over 46 hours last year. ... Local network providers and the SANs Institute have reported recent spikes in Session Initiation Protocol (SIP) scanning — a process to identify poorly configured VoIP systems — and brute-force attacks against publicly-accessible SIP systems, notably on UDP port 5060."

Update: But it still seems like a personal (or at least ill-considered) reaction. Otherwise, I suspect you could make this argument at all levels of the organization.

NC: Researcher Yankaskas appeals pay cut, demotion

October 10, 2010 by admin

More details are emerging about why the breach involving the UNC-Chapel Hill Carolina Mammography Registry led to consequences for the researcher.

C. Ryan Barber reports:


School of Medicine Office of Information Systems officials first alerted the University to the breach in July 2009 after uncovering a virus and potential security breach on the Carolina Mammography Registry’s FTP server.

As the registry’s principal investigator, Yankaskas has been blamed for the breach, which also compromised about 114,000 Social Security numbers. She has since claimed that the University is using her as a scapegoat for systemic data security weaknesses.

On Oct. 27, Yankaskas received an intention to discharge letter from Executive Vice Chancellor and Provost Bruce Carney, who said Yankaskas exhibited “deliberate neglect” in her oversight of the project’s data security.

“I was appalled,” said Carney, who held his current position on an interim basis in July 2009. “The first question you have to ask is, ‘How does this happen?’”

In the intention to discharge notice, Carney wrote that Yankaskas was negligent in assigning security duties without granting additional training to Melinda Boyd, whom he deemed to be underqualified. Carney later became aware that his wife’s Social Security number was exposed and said his personal connection to the breach has not clouded his judgment.

“At the time, Ms. Boyd had no certification or experience as a server administrator,” Carney wrote. “She has stated that she requested that you provide additional training for her in server administration but that you declined to do so.”


Read more on Daily Tar Heel.

Any technology can be used for evil as easily as for good. This is an old debate. I suggest we apply the old solutions.

Next Version of Web Design May Increase Privacy Threats

October 10, 2010 by Dissent

Tanzina Vega reports:

Worries over Internet privacy have spurred lawsuits, conspiracy theories and consumer anxiety as marketers and others invent new ways to track computer users on the Internet. But the alarmists have not seen anything yet.

Over the next few years, a powerful new suite of capabilities will become available to Web developers that could give marketers and advertisers access to many more details about computer users’ online activities. [Easier collection of data for Behavioral Advertising. Bob] Nearly everyone who surfs the Internet will face the privacy risks that come with those capabilities, which are an integral part of the Web language that will soon power the Internet: HTML 5

Read more in the New York Times.

Via @PrivacyMemes.

(Related) Is Google looking to automate the collection of data for “Street View” or will we be seeing auto-driving like the Sci-Fi novels have predicted for years? (With ads for the businesses you pass by?)

October 10, 2010

Google announces development of technology for cars that can drive themselves

Official Google Blog: Our automated cars, manned by trained operators, just drove from our Mountain View campus to our Santa Monica office and on to Hollywood Boulevard. They’ve driven down Lombard Street, crossed the Golden Gate bridge, navigated the Pacific Coast Highway, and even made it all the way around Lake Tahoe. All in all, our self-driving cars have logged over 140,000 miles. We think this is a first in robotics research. Our automated cars use video cameras, radar sensors and a laser range finder to “see” other traffic, as well as detailed maps (which we collect using manually driven vehicles) to navigate the road ahead. This is all made possible by Google’s data centers, [Your chauffeur in the Cloud? Bob] which can process the enormous amounts of information gathered by our cars when mapping their terrain. To develop this technology, we gathered some of the very best engineers from the DARPA Challenges, a series of autonomous vehicle races organized by the U.S. Government. Chris Urmson was the technical team leader of the CMU team that won the 2007 Urban Challenge. Mike Montemerlo was the software lead for the Stanford team that won the 2005 Grand Challenge. Also on the team is Anthony Levandowski, who built the world’s first autonomous motorcycle that participated in a DARPA Grand Challenge, and who also built a modified Prius that delivered pizza without a person inside. The work of these and other engineers on the team is on display in the National Museum of American History."

(Related) Is this because existing Operating Systems can't be secured, or because they can't be compromised by the government? (e.g. India's request to tap BlackBerry encryption.)

Indian Military Organization To Develop Its Own OS

Posted by timothy on Sunday October 10, @10:20PM

"Several newspapers have reported that DRDO (the defence R&D organization of the Indian military) is planning to create an OS. The need for this arose due to the cyber security concerns facing India and that all [conventional] operating systems are made outside India. About 50 professionals in Bangalore and New Delhi are expected to start work on this operating system."

At least one of the linked articles says the new OS, though home-grown, would run Windows software.

It's rare for Pogo to include an editorial cartoon, but this one from the Denver Post is is likely to make it into my Computer Security handouts.

Government surveillance plans

Aren't we doing this already?

October 09, 2010

Can We Create a National Digital Library?

New York Review of Books: Can We Create a National Digital Library? Robert Darnton - "The following talk was given at the opening of a conference at Harvard on October 1 to discuss the possibility of creating a National Digital Library."

  • "Despite the complexities, the fundamental idea of a National Digital Library (or NDL) is, at its core, straightforward. The NDL would make the cultural patrimony of this country freely available to all of its citizens. It would be the digital equivalent of the Library of Congress, but instead of being confined to Capitol Hill, it would exist everywhere, bringing millions of books and other digitized material within clicking distance of public libraries, high schools, junior colleges, universities, retirement communities, and any person with access to the Internet." See also:

For my students

Get The Best Retail Software For FREE As A Student

No comments: