Greetings NetHappenings,

Happy reading for today.

<Karen>



GAO: IRS has fixed only 30 percent of security gaps
The Internal Revenue Service has fixed only 29 of 98 weaknesses in its
information security controls, threatening the confidentiality and
availability of its financial processing systems and information and
limiting the reliability of its taxpayer and financial data.
IRS has been slow to correct the weaknesses because it has not fully
implemented an agencywide information security program to make sure that
controls are effectively established and maintained, the Government
Accountability Office said in a report released today.
As a result, IRS is at increased risk of unauthorized disclosure,
modification or destruction of financial and taxpayer information, said
Gregory Wilshusen, director of GAOs information security issues.


www.whitepages.com
has started delivering not only addresses and phone numbers but ages of the subjects of queries,
typically in five year ranges (60-64, 65-69, etc.).  The site does allow you to
remove your listing from their site (rather subtly and easily overlooked) -- understanding that it doesn't touch their sources.

Australia to Require Mandatory ISP Filtering of "Inappropriate" Content
Australian government's plan to require ISPs to perform
Chinese-style blocking of Internet sites that the government
considers to be "inappropriate" for children -- based on a
government blacklist.



F.C.C. to Look at Complaints Comcast Interferes With Net
The Federal Communications Commission will investigate complaints that Comcast actively interferes with
Internet traffic as its subscribers try to share files online, the commissions chairman, Kevin J. Martin, said Tuesday.
Mr. Martin confirmed the investigation in comments at the Consumer Electronics Show.
In an investigation last year, The Associated Press found that Comcast in some cases hindered file sharing
by subscribers who used BitTorrent, a popular file-sharing program. The findings, first reported Oct. 19,
confirmed claims by users who also noticed interference with other file-sharing applications.
We look forward to responding to any F.C.C. inquiries regarding our broadband network management, said
David L. Cohen, executive vice president at Comcast.
Comcast denies that it blocks file sharing, but acknowledged after The A.P. article that it was delaying
some traffic between computers that share files. The company said the intervention was necessary to
improve the surfing experience for the majority of its subscribers.
Peer-to-peer file sharing is a common way to exchange copyright files illegally, but companies are also
rushing to use it for legal distribution of video and game content. If Internet providers hinder or control
that traffic, it makes them gatekeepers of Internet content.
The F.C.C.s response will be an important test of its willingness to enforce net neutrality, the principle
that Internet traffic be treated equally by carriers. The agency has a broadly stated policy supporting
the concept, but its position has not been tested in a real-world case.

In a recent article for The Register: 'Dismantling a Religion: The EFF's Faith-Based Internet'
Engineer Tichard Bennett digs into the technical details of Comcast's activity with BitTorrent which, after a
certain amount of connections have been reached, is to spoof connection resets to BT clients. According to
Bennett, particularly in the DOCSIS system used on cable networks, the actual number of packets transmitted
is as crucial to network performance as the bandwidth used. Cutting the number of connections that a BitTorrent
client uses can actually improve throughput without impeding access.
Apparently it is a growing mood at the IETF that the the bandwidth based principle of 'flow rate fairness'-
implicitly governed in TCP by dropped packets - is being abused by clients that make huge numbers ofconnections.
Something will have to be done, perhaps by rejiggering the packet-dropping aspect.

Congress opens probe in to FCC's openness
U.S. House panel launches probe of FCC practices
WASHINGTON (Reuters) - Worsening friction between Congress and the head of
the U.S. Federal Communications Commission escalated on Tuesday into a
formal investigation of agency rule-making procedures and management
practices.
The U.S. House Energy and Commerce Committee said it launched the probe to
determine if the agency had been fair, open, efficient and transparent
when crafting regulations.

Green
At the heart of the Green movement is the concept of sustainability .  A good explanation of  this concept as it
relates historically to our production/consumption cycle can be found in the
animated short at: http://storyofstuff.com/  Also see "Blue Vinyl":  (available through Netflix and others)



Critical TCP/IP Worm Hole Dings Windows Vista
Microsoft has issued a high-priority security update to fix a pair of
"critical" flaws that expose Windows users to remote code execution
attacks.
The Redmond, Wash. software giant's first batch of patches for 2008
includes a fix for at least two vulnerabilities in TCP/IP (Transmission
Control Protocol/Internet Protocol) processing.
The bugs, rated critical for all supported versions of Windows XP and
Windows Vista, could be exploited by remote attackers to "take complete
control of an affected system," Microsoft warned in its MS08-001
bulletin.
In worst-case scenarios, Microsoft said attackers could hijack Windows
XP and Vista systems to install programs; view, change, or delete data;
or create new accounts with full user rights.


Rockies tix probe fails to round bases
Nearly three months after the World Series online-ticketing fiasco,
federal authorities have yet to identify anyone who perpetrated what the
Colorado Rockies called a "malicious attack" on ticket-sales computers,
and a state investigation has ended before it began.
"The Rockies never actually provided us with any complaint" about the
system collapse, said Nate Strauch, spokesman for Colorado Attorney
General John Suthers. "They didn't provide us with any information to
initiate any investigation."
The FBI in Southern California is still investigating the overload of
ticketing computer servers that prematurely shut down the first day of
online sales. But no one has been identified as responsible for trying
to defeat the technology restricting the number of tickets any one
person could buy.

Chinese dissident site hacked again
WASHINGTON, Jan. 7 (UPI) -- A U.S.-based Web site that hosts Chinese
dissidents' blogs is being hacked again, days after an attack took it
offline and nearly destroyed its archives.
The Web site, Boxun.com, which hosts some 2000 blogs, was the target of
a "very strong" distributed denial of service, or DDOS, attack last
week, its editor, Watson Meng, told United Press International.
He added that hackers probing the Web sites of several U.S. government
agencies had "spoofed" or forged their Internet addresses to make it
seem as if the probes came from his site.


Sears Data Breach Draws Lawsuit
Following revelations that Sears' ManageMyHome.com site exposed customer
purchase data to any online visitor who asked about it, a New Jersey
resident has filed a $5 million class action lawsuit against the
retailer.


DOE IG reviews security at Oak Ridge
http://www.gcn.com/online/vol1_no1/45646-1.html
Additional security protocol training for employees, better information
sharing with local counterintelligence officials and periodic review of
laptop PC security procedures are among the recommendations made by the
Energy Departments inspector general after an investigation into a
security breach at the departments Y-12 National Security Complex in Oak
Ridge, Tenn.
According to the IGs report [1], in 2006 an unauthorized laptop with
wireless capability was taken into a "limited area at the Y-12 nuclear
weapons plant. Limited areas are defined as "secure work areas that
employ physical controls to prevent unauthorized access to classified
matter or special nuclear material," the report states.
DOE prohibits any equipment capable of transmitting data wirelessly.
Posted at the entrance to the Y-12 limited area is a large sign that
lists the items prohibited from the area without prior approval. Second
on that list, after firearms, is "Electronic equipment with data
exchange port capable of being connected to automate information systems
equipment (i.e., personal computers, PDAs)."


LayerOne 2008 Information Technology Conference
Call for Papers May 17 & 18, 2008
Los Angeles, California (Pasadena Hilton)
http://layerone.info/
The fifth annual LayerOne information technology conference is now
accepting submissions for topic and speaker selection. As always, we
are interested seeing a broad range of pertinent topics, and encourage
all submissions. Some of our past presentations have included:
- Hacking FedEx/Kinkos Smart Cards
- Anti-Forensics Techniques
- RFID Hacking
- Proximity Card Hacking
- Cryptographic Cracking Using FPGA Technology