Thursday, 26 November 2009

Cyber breaches kept secret

By Reuters
25 Nov 2009

Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI's top Internet crimes investigator.

For every break-in like the highly publicised attacks against TJX and Heartland Payment, where hacker rings stole millions of credit card numbers, there are many more that never make the news.

"Of the thousands of cases that we've investigated, the public knows about a handful," said Shawn Henry, assistant director for the Federal Bureau of Investigation's Cyber Division. "There are million-dollar cases that nobody knows about."

Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don't report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence.

"Keeping your head in the sand on filing a report means the bad guys are out there hitting the next guy, and the next guy after that," Henry said.

He said the cybercrime problem has gotten bigger over the past three years because hackers have changed their attack methods as companies have tightened up security.

"It's absolutely gotten bigger, yes, absolutely," he said.

NIST Director Sees Key Role In Emerging Technologies

By J. Nicholas Hoover
InformationWeek
November 25, 2009

As it takes on research and standardization in the areas of healthcare IT, smart grid, and cybersecurity, the National Institute of Standards and technology has a "critically important" role to play, according to NIST's new director, Patrick Gallagher.

A 16-year NIST veteran and former deputy director, Gallagher's appointment as confirmed by the Senate earlier this month. "What you're going to see is a small parade of things that will become critically important to solving government or national problems where we'll have to tackle them," Gallagher said in an interview.

IT has become an important focus of NIST's efforts. While better known for its work in physics and science -- the agency sets official time in the United States -- NIST's IT work is every bit as significant, Gallagher says. The agency's IT Laboratory accounts for much of the institute's overall lab budget.

NIST, which was given some authority over smart grid standards in 2007, in September released a framework and road map for smart grid interoperability. NIST recently held the first meeting of the Smart Grid Interoperability Panel, which will help set standards. It's a pressing, and challenging, task given that government and private utilities are expected to spend $8.1 billion on smart grid projects over the next three years as part of the American Recovery and Reinvestment Act.

Security Is Chief Obstacle To Cloud Computing Adoption, Study Says

By Tim Wilson
DarkReading
Nov 25, 2009

Nearly half of organizations say they have no plans to use any cloud computing technologies in the next year -- and security concerns are the chief reason why.

That's the conclusion of a survey that will be published next month by Launchpad Europe, a company that helps emerging firms with global business expansion.

In the survey, 49.5 percent of businesses said they are not using or planning to use any cloud technologies within the next 12 months. Of that group, 50 percent cited "security concerns" as the primary reason.

"Budgetary restraints" was the second-biggest reason for avoiding the cloud -- 21.4 percent of respondents said tight budgets precluded them from migrating to cloud-based services. Less than 5 percent cited a lack of available cloud technology to meet their particular needs.

The results suggest security eclipses most other criteria when organizations are considering cloud services vendors, Launchpad Europe said. Thirty-eight percent of respondents said their top priority when considering cloud vendors was "security of the cloud infrastructure."

Metasploit releases IE attack, but it's unreliable

By Robert McMillan
IDG News Service
November 25, 2009

Developers of the open-source Metasploit penetration testing toolkit have released code that can compromise Microsoft's Internet Explorer browser, but the software is not as reliable as first thought.

The code exploits an Internet Explorer bug that was disclosed last Friday in a proof-of-concept attack posted to the Bugtraq mailing list.
That first code was unreliable, but security experts worried that someone would soon develop a better version that would be adopted by cyber-criminals.

The original attack used a "heap-spray" technique to exploit the vulnerability in IE. But for a while Wednesday, it looked as though the Metasploit team had released a more reliable exploit.

They used a different technique to exploit the flaw, one pioneered by researchers Alexander Sotirov and Marc Dowd, but Metasploit eventually pulled its code

Man guilty of selling fake chips to US Navy

By John Oates
The Register
25th November 2009

A 32-year-old California man has pleaded guilty to selling thousands of counterfeit computer processors to the US Navy.

Neil Felahy of Newport Coast, California pleaded guilty to conspiracy and trafficking in counterfeit goods charges. As part of a plea bargain Felahy has agreed to co-operate with the US authorities.

He faces a possible five year prison sentence and a $250,000 fine for the conspiracy charge and 10 years and $2m for the counterfeiting offences. In reality he is more likely to receive a 30 to 51 month sentence.

Felahy's wife and brother-in-law face related charges. They are accused of importing counterfeit chips from China and selling them to the public via a website. They are also accused of grinding off existing trademarks or grades on chips and regrading them - processors are typically marked commercial grade, industrial-grade or military-grade depending on quality and testing.

Surprise "Housewives" dinner guests not invited, White House says

By The Reliable Source
The Washington Post
November 25, 2009

A couple of aspiring reality-TV stars from Northern Virginia appear to have crashed the White House's state dinner Tuesday night, penetrating layers of security with no invitation to mingle with the likes of Vice President Biden and White House Chief of Staff Rahm Emanuel.

Tareq and Michaele Salahi -- polo-playing socialites known for a bitter family feud over a Fauquier County winery and their possible roles in the forthcoming "The Real Housewives of Washington" -- were seen arriving at the White House and later posted on Facebook photos of themselves with VIPs at the elite gathering.

"Honored to be at the White House for the state dinner in honor of India with President Obama and our First Lady!" one of them wrote on their joint Facebook page at 9:08 p.m.

But a White House official said the couple was not invited to the dinner, not included on the official guest list and never seated at a table in the South Lawn tent.

A woman describing herself as a publicist for the Salahis denied that they were interlopers. Pressed for details, Mahogany Jones sent a statement saying simply: "The Salahis were honored to be a part of such a prestigious event.... They both had a wonderful time."

While the White House offered no official explanation, it appears to be the first time in modern history that anyone has crashed a White House state dinner. The uninvited guests were in the same room as President Obama, first lady Michelle Obama and Indian Prime Minister Manmohan Singh, although it is unknown whether they met the Obamas and the guest of honor.

"Everyone who enters the White House grounds goes through magnetometers and several other levels of screenings," said Ed Donovan, a spokesman for the Secret Service. "That was the case with the state dinner last night. No one was under any risk or threat."

Donovan said a preliminary internal investigation Wednesday identified "a Secret Service checkpoint which did not follow proper procedure to ensure these two individuals were on the invited guest list." He declined to give further details. An administration official said the White House will conduct its own review.

The Salahis, both in their 40s, showed up about halfway through the guest arrivals. A Marine announced their names, and the couple -- he in a tux, she in a striking red and gold lehenga (traditional Indian
formalwear) -- swept pass reporters and photographers, stopping several times to pose for pictures. They then walked into the White House lower hallway, where they mingled with guests on the red carpet before heading up to the cocktail reception in the East Room.

Later, they posted pictures that seem to chart their course through the
night: Michaele posing with Marines outside near the White House doors, and with Katie Couric and Rep. Ed Royce (R-Calif.) inside the mansion.
In the East Room, the Salahis both cozied up to D.C. Mayor Adrian Fenty and his wife, Michelle.

But the best was yet to come: Once inside the dinner tent, they got pictures that appeared to show them with ABC's Robin Roberts, Bollywood composer AR Rahman, PepsiCo CEO Indra Nooyi, Obama Chief of Staff Emanuel (identified as "Ron" in the couple's Facebook photo caption) and two with a grinning vice president. The photos end there -- no shots of the Salahis sitting at a table, their seatmates or the post-dinner entertainment.

In this May 2007 photo, Tareq (left) and Michaele Salahi talk to Prince Charles at a polo match. (Courtesy of the America's Cup of Polo)

How could it happen? A former White House senior staffer -- who more than a decade ago encountered a crasher at one of the executive mansion's less-fancy parties -- offered this theory:

A savvy pair of crashers, dressed to the nines, might arrive on foot at the visitors' entrance, announce their names -- then express shock and concern when the security detail at the gate failed to find them on the guest list. On a rainy night like Tuesday, with a crowd of 300-plus arriving, security might have lost track of or granted a modicum of sympathy to a pair who certainly looked like they belonged there. If their IDs didn't send up any red flags in the screening process, they would be sent through the magnetometers and into the White House.

And yet, the former staffer noted: Someone from the White House social office should have been posted at the guest entrance with the guards.

Once visitors were in, no one necessarily would ask them for further identification. They could check their coats, give their names to the Marine on duty, walk past reporters and into the lower hallway where guests picked up their table assignments. They would pass the junior staffers handing out seating cards and walk on up the stairs for cocktails in the East Room.

Later, all guests were directed to head for the dinner tent on the South Lawn. Facebook photos suggest that the Salahis walked into the tent; it's unclear when they left. Reporters were cleared from the entryway by the time dinner seating got under way. There is no security checkpoint to leave the grounds.

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News