Another case of the “We don't know's”
http://www.databreaches.net/?p=3361
Hackers may have gotten to Virginia health professions computers
May 1, 2009 by admin Filed under: Government Sector, Hack, U.S.
Tammie Smith of The Richmond Times-Dispatch reports that Virginia Department of Health Professions servers containing licensing information on all licensed health professionals may have been hacked. All 36 computer servers were shut down “after a midday message popped up on some computer screens that implied the system was being hacked.” The department is investigating and also trying to determine if the servers were hacked, and if so, if any licensees’ information such as Social Security numbers was compromised. The state has about 300,000 licensees.
[From the article:
That shutdown meant employees could not send or receive e-mail or use their Web browsers, and for a time some telephones were not working.
A local case of the “We don't think's” No, its not computer related – just an illustration of the mindset that will specify computer (in)security in the future.
http://www.databreaches.net/?p=3372
CO: Sensitive documents were not secure?
May 1, 2009 by admin Filed under: Exposure, Government Sector, Paper, U.S.
Peter Marcus of The Denver Daily News reports:
City employees and officials are in the midst of a blame game over unsecured juvenile court records and sensitive personnel files.
Denver Auditor Dennis Gallagher yesterday issued an alert warning of security concerns over unsecured juvenile court records, as well as sensitive personnel files, left open to the public in a basement storage room of the City and County Building.
[Correct link: http://www.thedenverdailynews.com/article.php?aID=4110
Interesting. The article suggests that a “man in the middle” attack was used. If true, the password cracker program was not needed.
http://www.baylor.edu/lariat/news.php?action=story&story=58561
Online systems hacked; two students arrested
April 30, 2009 By Nick Dean Staff writer
Two Baylor students were arrested Tuesday in connection with compromised e-mail and Facebook accounts.
One Baylor e-mail and two Facebook accounts were hacked during the weekend starting March 27. Two victims filed reports to the Baylor Police Department [Is this common? I wonder if the Help Desk suggested contacting the Police? Bob] citing they had been locked out of their accounts. Of the two victims, one had both e-mail and Facebook account compromised and the other only a Facebook account.
… After receiving two complaints, the Baylor Police Department contacted Facebook investigators and received subpoenas that gave officers access to IP addresses.
"IP addresses are like fingerprints," [True. But they are machine fingerprints, not people fingerprints. Bob] Baylor police Lt. Kevin Helpert said. "Facebook was able to figure out [No figuring involved. This information is in a log. Bob] what IP address was at the specific Web site."
… The McLennan County District Attorney granted search warrants to Baylor police for Lukashevich's room that provided officers the ability to seize anything that could store electronic information. [Because overkill is better than a flesh wound? Bob] Baylor police reported that they confiscated two laptops, several compact discs, thumb-drives and an Apple iPhone.
Officers found 42 account names and passwords saved that were linked to accounts on Web sites such as Myspace, Yahoo, Gmail, Facebook and Baylor. No bank account information was found, according to Baylor police.
Forensic investigators discovered that the hacker had used a program to get usernames and passwords. The Baylor police department declined to say which program was used, though they said Lukashevich did not create the program.
[A simple Google search yields: Results 1 - 10 of about 2,970,000 for "password cracker". (0.19 seconds) (I would start with the first one on the list, “John the Ripper” Bob]
… Another suspect, Baylor Georgetown freshman Nicholas Batts came to the attention of Baylor police when subpoenas on Facebook information brought forth Facebook-chat messages between Lukashevich and Batts. The chats contained a conversation between the two suspects about the number of accounts they had information for, Baylor police said.
A bit of a follow-up.
http://www.atthebreach.com/blog/pentagon-fighter-jet-breach/
April 30, 2009
Pentagon Fighter-Jet Breach
There has been a lot of discussion about the recently disclosed Pentagon breach where classified plans regarding the 300 Billion Joint Strike Fighter Project were compromised. Most of the posts and articles I have been reading have discussed this in terms of the risk around those specific plans getting into the wrong hands. In my opinion, that is somewhat a sub-story. To me, the bigger points that we should be talking about are these:
1) This breach happened in 2007 and we are just learning about this now?
2) Similar incidents have also breached the Air Force’s air-traffic-control system.
3) They say the criminals got away with “several terabytes of data”. Are they sure that the only thing that was taken were these fighter plans?
4) The system “had been repeatedly broken into”
5) The breach occured through more than one 3rd party network. They also mention that Lockheed Martin is the primary contractor on the project without specifically saying that the breach occured through them.
One point the article makes that I completely agree with is that things do seem to be heating up in a Cyberspace war between nations, groups, and individuals.
Related?
http://www.wired.com/threatlevel/2009/04/air-force-windows/
Microsoft Offers Secure Windows … But Only to the Government
By Kim Zetter Email Author April 30, 2009
It’s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it.
… At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as an template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us.
Security experts have been arguing for this “trickle-down” model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the Air Force case is a good judge, however, things might be changing.
… Gilligan, who served as CIO of the Air Force from 2001 to 2005 and now runs a consulting firm, said it all began in 2003 after the NSA conducted penetration tests on the Air Force network as part of its regular testing of Pentagon cybersecurity.
NSA pen-testers made Swiss cheese of the network, and found that more than two-thirds of their intrusions were possible because of poorly configured software that created vulnerabilities.
At least Big Brother did his censoring himself... The specified URLs are easily blocked. Blocking access is something else entirely.
http://news.cnet.com/8301-13578_3-10231683-38.html?part=rss&subj=news&tag=2547-1_3-0-5
Minnesota orders ISPs to blacklist gambling sites
by Declan McCullagh May 1, 2009 4:45 AM PDT
The state of Minnesota has handed Internet providers a 7-page blacklist [plus all the letters to the ISPs Bob] of gambling Web sites that they're supposed to prevent customers from accessing, a move that raises First Amendment and technical concerns.
"We are putting site operators and Minnesota online gamblers on notice and in advance," said John Willems, a Minnesota Department of Public Safety official, in a statement. Companies that received the list of off-limits Web sites -- which was made public on Thursday -- include AT&T, Comcast, Qwest, and Sprint/Nextel.
Is this the result of “bandwidth overcapacity” followed by the dot.com crash, followed by an economic downturn? Or is the author simply nuts?
http://tech.slashdot.org/article.pl?sid=09/04/30/1712251&from=rss
Think-Tank Warns of Internet "Brownouts" Starting Next Year
Posted by timothy on Thursday April 30, @01:24PM from the malthus-was-right dept. The Internet Networking
JacobSteelsmith writes
"A respected American think-tank, Nemertes Research, reports the Web has reached a critical point. For many reasons, Internet usage continues to rise (imagine that), and bandwidth usage is increasing due to traffic heavy sites such as YouTube. The article goes on to describe the perils Internet users will face including 'brownouts that will freeze their computers as capacity runs out in cyberspace,' and constant network 'traffic jams,' similar to 'how home computers slow down when the kids get back from school and start playing games.' ... 'Monthly traffic across the internet is running at about eight exabytes. A recent study by the University of Minnesota estimated that traffic was growing by at least 60 per cent a year, although that did not take into account plans for greater internet access in China and India. ... While the net itself will ultimately survive, Ritter said that waves of disruption would begin to emerge next year, when computers would jitter and freeze. This would be followed by brownouts — a combination of temporary freezing and computers being reduced to a slow speed.'"
For the Forensic file...
http://it.slashdot.org/article.pl?sid=09/04/30/201222&from=rss
Forensics Tool Finds Headerless Encrypted Files
Posted by timothy on Thursday April 30, @04:17PM from the sir-there's-an-anomaly-here dept. Encryption Data Storage
gurps_npc writes
"Forensics Innovations claims to have for sale a product that detects headerless encrypted files, such as TrueCrypt Dynamic files. It does not decrypt the file, just tells you that it is in fact an encrypted file. It works by detecting hidden patterns that don't exist in a random file. It does not mention steganography, but if their claim is true, it seems that it should be capable of detecting stenographic information as well."
Attention Osama! Want you own UAVs? (With maybe a small camera in the nose sending targeting information scenic pictures to your cell phone?) “Terrorism! There's an app for that!”
http://hardware.slashdot.org/article.pl?sid=09/05/01/0156253&from=rss
Fly An R/C Plane With an iPhone
Posted by timothy on Friday May 01, @01:45AM from the dive-dive-dive dept. Hardware Hacking Portables (Apple) Toys
An anonymous reader writes
"Ever wished your iPhone could do more than just play some cool games? How about using it as a spread spectrum transmitter to fly your R/C Toys around, complete with using a Linksys router as a receiver?"
This looks like one of my favorite papers (Paul David's “The Dynamo and the Computer” http://ideas.repec.org/a/aea/aecrev/v80y1990i2p355-61.html ) providing an historical perspective on current issued.
http://yro.slashdot.org/article.pl?sid=09/04/30/1748212&from=rss
The Sewing Machine War
Posted by timothy on Thursday April 30, @02:14PM from the gmu-rockin'-in-the-free-world dept. Patents
lousyd writes
"Volokh has hosted a paper by George Mason University law professor Adam Mossoff on the patent fracas a century and a half ago surrounding the sewing machine. A Stitch in Time: The Rise and Fall of the Sewing Machine Patent Thicket challenges assumptions by courts and scholars today about the alleged efficiency-choking complexities of the modern patent system. Mossoff says that complementary inventions, extensive patent litigation, so-called 'patent trolls,' patent thickets, and privately formed patent pools have long been features of the American patent system reaching back to the antebellum era."
Related
http://yro.slashdot.org/article.pl?sid=09/05/01/1138225&from=rss
Canadian Pirates Sell Spurious Songs — In 1897
Posted by kdawson on Friday May 01, @08:45AM from the stopping-it-at-the-border dept. Music
Reservoir Hill writes
"The NYTimes reported in their June 13, 1897 edition that 'Canadian pirates' were flooding the country with spurious editions of the latest copyrighted popular songs. 'They use the mails to reach purchasers, so members of the American Music Publishers Association assert, and as a result the legitimate music publishing business of the United States has fallen off 50 per cent in the past twelve months' while the pirates published 5,000,000 copies of songs in just one month. The Times added that pirates were publishing sheet music at 2 cents to 5 cents per copy although the original compositions sold for 20 to 40 cents per copy. But 'American publishers had held a conference' and a 'committee had been appointed to fight the pirates' by getting the 'Post Office authorities to stop such mail matter because it infringes the copyright law.' Interestingly enough the pirates of 1897 worked in league with Canadian newspapers that published lists of songs to be sold, with a post office box address belonging to the newspaper itself. Half the money went to pay the newspapers' advertising while the other half went to the pirates who sent the music by mail." The AMPA never dreamed of suing their customers, though.
Microsoft acting like Microsoft. No doubt this violates all kinds of “we won't act like a monopoly” agreements.
http://tech.slashdot.org/article.pl?sid=09/05/01/002237&from=rss
IE8 Update Forces IE As Default Browser
Posted by timothy on Friday May 01, @08:07AM from the how-awfullly-polite dept.
We discussed Microsoft making IE8 a critical update a while back; but then the indication was that the update gave users a chance to choose whether or not to install it. Now I Don't Believe in Imaginary Property writes in with word that the update not only does not ask, but it makes IE the default browser.
"Microsoft has a new tactic in the browser wars. They're having the 'critical' IE8 update make IE the default browser without asking. Yes, you can change it back, but it doesn't ask you if you want IE8 or if you want it as the default browser, it makes the decisions for you. Opera might have a few more complaints to make to the EU antitrust board after this, but Microsoft will probably be able to drag out the proceedings for years, only to end up paying a small fine. If you have anyone you've set up with a more secure alternative browser, you might want to help check their settings after this."
Related. Yes, it is a big deal. (Because you never get fired for choosing the default settings?
http://news.cnet.com/8301-17939_109-10231713-2.html?part=rss&subj=news&tag=2547-1_3-0-5
Despite browser wars, the enterprise still loves IE 6
by Larry Dignan May 1, 2009 6:03 AM PDT
This was originally posted at ZDNet's Between the Lines.
This news may come as a shocker to the tech-savvy folks in the house, but 60 percent of companies use Internet Explorer 6 as their default browser, according to Forrester Research. Meanwhile, your IT department spends a decent amount of time erecting barriers to prevent browser upgrades. Bottom line: companies need a browser policy, or they will risk productivity losses.
Interesting. We could have started the panic much earlier! Something for my Statistics and Data Analysis classes.
http://www.wired.com/wiredscience/2009/04/google-could-have-caught-swine-flu-early/
Google Could Have Caught Swine Flu Early
By Alexis Madrigal Email Author April 29, 2009 3:40 pm
Google’s search data may have been able to provide an early warning of the swine flu outbreak — if the company had been looking in the right place.
… “We did see a small increase in many parts of Mexico before major news coverage began last week,” said Jeremy Ginsberg, lead engineer for Google.org’s Flu Trends.
But the Google Flu Trends team, which aggregates and analyzes search queries to estimate how many people are sick, wasn’t watching Mexican flu data until after the outbreak had already begun. That highlights the problem with tech-heavy disease-detection systems: Often, we don’t know what internet data to look at until after a problem starts.
… You can check out the data yourself at the site, Experimental Flu Trends for Mexico, launched today.
If you want your message to be understood, use a table. (Is that why so many don't?)
http://www.pogowasright.org/article.php?story=20090430063000397
Privacy notices work best in tables, says US gov research
Thursday, April 30 2009 @ 06:30 AM EDT Contributed by: PrivacyNews
Bank customers best understand privacy and information sharing policies when they are structured as a table rather than as solid text, a study for the US government has found.
Source - Out-Law.com, via The Register Related - FTC Report (pdf)
We were discussing the rise of the Pirate Party at lunch yesterday. Having a voice in the EU Parliament will allow them to point out the laws designed to strengthen the status quo. Should be interesting. Wonder what would happen if it came to the US? Perhaps a replacement for the Republicans?
http://torrentfreak.com/swedish-pirate-party-heading-for-eu-parliament-090430/
Swedish Pirate Party Heading for EU Parliament
Written by enigmax on April 30, 2009
A poll carried out by a major Swedish newspaper predicts that the Pirate Party will grab around 5.1% of the votes in the upcoming European Union elections. This means that the movement, which has gathered huge momentum due to the Pirate Bay ‘guilty’ verdict, will get a seat in the EU Parliament.
Support for the Swedish Pirate Party really began to surge with the introduction of the IPRED anti-piracy legislation. Its membership already surpassed that of the Green Party, [and we know what a pain in the butt they were... Bob] with more than half of men under 30 reportedly considering voting for them in the 2009 European Parliament elections.
Google looking at the 22nd Century?
http://www.newscientist.com/article/dn17050-innovation-how-your-search-queries-can-predict-the-future.html
Innovation: How your search queries can predict the future
08:09 30 April 2009 by Jim Giles
Real-time web search – which scours only the latest updates to services like Twitter – is currently generating quite a buzz because it can provide a glimpse of what people around the world are thinking or doing at any given moment. Interest in this kind of search is so great that, according to recent leaks, Google is considering buying Twitter.
The latest research from the internet search giant, though, suggests that real-time results could be even more powerful – they may reveal the future as well as the present.
Almost the model I proposed. (video)
http://fora.tv/2009/04/15/Empowering_Internet_Users_Two_Ideas_to_Reshape_Broadband#Coming_Soon_Privately_Owned_Fiber_Optics_to_the_Home
Empowering Internet Users: Two Ideas to Reshape Broadband
The Association for Computing Machinery
Coming Soon: Privately Owned Fiber Optics to the Home
Related This is how ISPs are abusing their monopolies (cable) and acting like monopolies even when they aren't.
http://www.savetheinternet.com/blog/2009/04/29/att-quietly-updates-its-wireless-plans-again/
AT&T Quietly Updates its Wireless Plans (Again)
April 29th, 2009 by Robb Topolski
Quietly, last night, AT&T revised its wireless plans. In the latest changes to the company’s service terms, it looks like AT&T is trying to exempt its own video services while prohibiting competing services like the Slingbox.
Sound familiar? I wrote about it on April 3rd. iPhone and PDA users literally felt their significant investment get less valuable. They complained, and AT&T removed the offending language by the next day, calling the language a mistake.
Guess what? It’s back!
Sometime in the past 24 hours, AT&T changed the TOS again:
This means, by way of example only, that checking email, surfing the Internet, downloading legally acquired songs, and/or visiting corporate intranets is permitted, but downloading movies using P2P file sharing services, redirecting television signals for viewing on Personal Computers, web broadcasting, and/or for the operation of servers, telemetry devices and/or Supervisory Control and Data Acquisition devices is prohibited.
This is a company that already limits users’ consumption of bandwidth (it has a 5 GB cap). As I said in my previous post, it’s not very “Internet” when the ISP is picking and choosing what legal activities you may and may not do with your connection. With AT&T prohibiting you from watching your TV, they figure that you’re much more likely to subscribe to their “AT&T Mobile TV” service.
Related Why ISPs are changing their terms of service?
http://www.wired.com/epicenter/2009/04/disney-scores-sweetheart-hulu-deal/
Disney Scores Sweetheart Hulu Deal
By Eliot Van Buskirk Email Author April 30, 2009 2:48 pm
Disney announced earlier today that it intends to acquire an approximate 30 percent stake in Hulu, the online video site launched by NBC/Universal and Fox network owner News Corp, a move that will let Hulu users watch full-length ABC TV shows for free.