Educational CyberPlayGround NetHappenings Headlines and Resources

Happy reading for today

<Karen>


1)
Those entering online dating forums risk having more than their hearts stolen.
The artificial intelligence of CyberLover's automated chats is good enough that victims have a tough time distinguishing the "bot" from a real potential suitor . .

2)
Ministry of Defence leaks counter terrorism traffic
http://www.theregister.co.uk/2007/12/10/mod_usage_statistics/
For the past 20 months, the Ministry of Defence has been generous enough
to provide detailed information about visits to its Counter Terrorism
Science & Technology [1] site.
We're not sure, exactly, what to make of the logs showing some of the
site's most popular pages and most prolific visitors. On the one hand,
such details aren't exactly state secrets. Then again, what possible
benefit can come from volunteering statistics that show that the
Bulgarian IP address 85.187.138.185 was the top visitor for the month of
March, having accessed 668 files for a total of 3.5 MB worth of data?

3)
Yale U. Puts Complete Courses Online
Modern poetry, as well as introductory courses in physics, psychology, and political science, are four of seven classes from Yale U. that the institution put online today. Not only are the courses free for anyone who is interested, but they are as close to being there as online technology allows. "These are gavel-to-gavel presentations," Tom Conroy, a university spokesman, told The Chronicle. "We've put everything online that we could, and I think that's what makes this different." Lectures can be downloaded and run in streaming video or in audio only. There are searchable transcripts of each lecture, as well as course syllabi, reading assignments, problem sets, and other materials. Diana E.E. Kleiner, a professor of the history of art and classics and director of the project, which is called Open Yale Courses, said in a written statement that the project's leaders "wanted everyone to be able to see and hear each lecture as if they were sitting in the classroom."  - More Open Learning Resources

4)
This year's Nobel Prize in Literature, went to Doris Lessing who complained aboutrich schools and even universities where she is told that some students don't read books at all, and that the library is half-used. "We are in a fragmenting culture," she wrote, "where our certainties of even a few decades ago are questioned and where it is common for young men and women who have had years of education to know nothing about the world, to have read nothing, knowing only some speciality or other, for instance, computers." She goes on to lay the blame on the Internet, which she said "has seduced a whole generation into its inanities so that even quite reasonable people will confess that once they are hooked, it is hard to cut free, and they may find a whole day has passed in blogging and blogging etc."


5)
Munger: DOE incinerator down as waste concerns go up
http://www.knoxnews.com/news/2007/dec/12/doe-incinerator-down-as-waste-concerns-go-up/
Following last week's revelations about a computer hacking that
potentially exposed the personal data of thousands of lab visitors, Oak
Ridge National Laboratory is saying little about the event and the
ongoing investigation.
Lab spokesman Billy Stair said he couldn't comment about a report in The
New York Times that the hacking may have had a link to China. The Times
referred to a memo from the Department of Homeland Security that
suggested "phishing" e-mails were sent to ORNL from Web locations with
links to China, although that didn't necessarily mean the Chinese
government or any of its citizens were behind the hacking efforts.
Stair also declined comment on what agencies are involved in the
investigation and wouldn't say if ORNL is collaborating with Los Alamos
National Laboratory, which experienced a similar event in the same time
frame.

6)
TJX Lawsuit Transferred
http://online.wsj.com/article/SB119743288731823035.html
BOSTON -- A lawsuit by a group of New England and Alabama banks against
TJX Cos. over a data breach that resulted in the theft of millions of
credit-card numbers was transferred to a Massachusetts state court by a
federal judge.

7)
'We're all at risk' of attack, cyber chief says
http://www.govexec.com/story_page.cfm?articleid=38798
NEW YORK -- Private industry and governments need to make cyber security
a priority, no matter what the cost, in order to defeat hackers and
terrorists and to keep operations running during a crisis, a federal
official said here Tuesday.
Private industry owns and operates more than 85 percent of the country's
critical infrastructures. "That means the federal government cannot
address these cyber threats alone," said Greg Garcia, the Homeland
Security assistant secretary who heads the national cyber-security
division.
Garcia addressed the New York City Metro InfraGard Alliance blocks from
the World Trade Center site attacked by terrorists Sept. 11, 2001.
InfraGard is a partnership between the FBI, local law enforcement and
the private sector aimed at protecting critical infrastructures,
including technology systems.


8)
Employees care little for corporate data
http://www.techworld.com/security/news/index.cfm?newsID=10899
Employees have a careless and even negligent attitude to corporate data
and infrastructure, finds a survey from online backup service provider
Databarracks.
The survey of more than 100 UK office workers found that 84 percent of
workers felt they could not do their job for more than half a day if
they lost access to corporate data. Meanwhile, 43 percent of respondents
said they could not cope for any period without access.
Yet despite this obvious high dependency on access to corporate data,
many staff have an apathetic attitude to their corporate infrastructure.
More than half (57 percent) said they had at some point lost an office
laptop, Blackberry or USB stick. It seems that the favourite places to
lose these devices are in the pub, bar or restaurant.

9)
Document & Media Exploitation: The DOMEX challenge is to turn digital bits into actionable intelligence.
http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=512
By Simson L. Garfinkel, Ph.D.
ACM Queue vol. 5, no. 7
November/December 2007
A computer used by Al Qaeda ends up in the hands of a Wall Street
Journal reporter. A laptop from Iran is discovered that contains details
of that country's nuclear weapons program. Photographs and videos are
downloaded from terrorist Web sites.
As evidenced by these and countless other cases, digital documents and
storage devices hold the key to many ongoing military and criminal
investigations. The most straightforward approach to using these media
and documents is to explore them with ordinary tools - open the word
files with Microsoft Word, view the Web pages with Internet Explorer,
and so on.
Although this straightforward approach is easy to understand, it can
miss a lot. Deleted and invisible files can be made visible using basic
forensic tools. Programs called carvers can locate information that
isn't even a complete file and turn it into a form that can be readily
processed. Detailed examination of e-mail headers and log files can
reveal where a computer was used and other computers with which it came
into contact. Linguistic tools can discover multiple documents that
refer to the same individuals, even though names in the different
documents have different spellings and are in different human languages.
Data-mining techniques such as cross-drive analysis can reconstruct
social networks - automatically determining, for example, if the
computer's previous user was in contact with known terrorists. This sort
of advanced analysis is the stuff of DOMEX, the little-known
intelligence practice of document and media exploitation.

10)
Energy companies face costly upgrades to secure electric grid
http://www.networkworld.com/news/2007/121007-energy-companies.html

In an effort to improve security in the nations electric power grid, the
Washington-based Federal Energy Regulatory Commission is poised to issue
new rules to compel energy companies to use practices such as patch
management and strong authentication to secure their industrial control
systems against attackers, sabotage and unauthorized use.
If FERC at its Dec. 20 meeting approves the so-called Critical
Infrastructure Protection (CIP) standards for physical and cybersecurity
of the electric power grid, it will flip the switch on a regulatory
regime where electric-power companies have to ensure the most critical
parts of their system control and data-acquisition (SCADA) systems meet
security requirements more associated with corporate computer best
practices.
But because many SCADA systems in place today to control the bulk-power
grid may not be readily adapted for cybersecurity protection, IT
managers at energy companies say they face the prospect of a wholesale
replacement of their SCADA systems to meet regulatory goals.

11)
Downing St responds to silicon.com's Full Disclosure campaign
http://software.silicon.com/security/0,39024655,39169411,00.htm
Organisations are to get guidance from data protection watchdog the
Information Commissioner on notifying their customers of a security
breach.
The plans have been revealed by the government in response to
silicon.com's Full Disclosure campaign [1], which calls for a review of
the data breach notification laws in the UK.

12)
How to Wage Cyber War
http://blog.wired.com/defense/2007/12/how-to-wage-cyb.html
Pentagon types are spending God-knows-how-much to wage battle online. 
Brave New War [1] author John Robb [2] offers 'em some tips on how to
put their dough to the best use [3] .
Over the few years, the Defense Department has morphed the nuclear
weaponeers of U.S. Strategic Command [4] into network warriors, and
turned the 8th Air Force into a new "Cyberspace Command."  Not to
mention plowing countless billions into the National Security Agency [5]
and all kinds of digital combat cadres [6], scattered throughout the
armed services.  And from the interviews I've done, at least, the roles
and expectations for each of these agencies is, um, evolving, at best.
Robb's advice, to his former Air Force colleagues now putting Cyberspace
Command together:

13)
Remarks of Assistant Secretary of Cybersecurity and Communications
Greg Garcia at the New York Metro Infragard Alliance Security Summit
http://www.dhs.gov/xnews/releases/pr_1197409593155.shtm
Today's professional hackers develop and sell malware toolkits to other
criminals on the black market. In turn, the buyers of these toolkits can
conduct online scams and spread malware more proficiently than ever
before.
Why do they do this? Because cyber crime is big business. The number of
hackers attacking banks worldwide jumped 81 percent over the past year.
Botnets, spear phishing, key loggers, and other attacks make up the
more-than-$100 billion global market for cyber-crime ­Â¬ surpasssing drug
trafficking from a monetary perspective. Worst of all, the money
obtained through cyber crime can be used to finance terrorism.
The numbers don't lie. From October 1, 2006, through September 30, 2007,
our US-CERT— which I'll describe in more detail in a moment ”handled more
than 37,000 incidents, compared with almost 24,000 the year before. This
increase can be attributed to not only more attacks on our public and
private networks, but also better situational awareness levels and
reporting rates.

14)
Fewer connections could limit cyber attacks, agency official says
http://www.govexec.com/story_page.cfm?articleid=38817
A Justice Department cyber-security official on Wednesday touted the
government's strategy of reducing its number of Internet connections to
50 by June in order to reduce cyber vulnerabilities.
The government's "Trusted Internet Connections" initiative, which was
announced last month, will help protect information by shrinking the
attack surface area -- or the number of access gateways that must be
monitored, Mischel Kwon, the department's chief information technology
security specialist, told a group of federal government IT
professionals.
"This is an absolutely great, great program," Kwon said.

15)
Man makes toaster hack computer
http://www.expressindia.com/latest-news/Man-makes-toaster-hack-computer/249695/
Pune - Can you imagine a toaster hacking a computer? That's true. In
fact any kitchen appliance can be used for attacking your computer
system, said Dror Shalev, a hacker from Israel, during the international
convention of hackers Clubhack 2007 held recently.
In his demonstration at the convention, Shalev left the audience amazed
by actually hacking a computer with a toaster. Shalev, who is a security
expert at Check Point Software Technologies in Israel, was one of the
foreign speakers at the international convention.
He said that any home device could be connected with a software
prototype to hack a computer. “I read a senior scientist from Google
saying there was no need to be afraid of a toaster at home, Shalev told
The Indian Express. “But as a hacker I came up with a toaster that could
actually hack a computer. I call it a Crazy Toaster.
Simplifying the functions of Crazy Toaster, Shavel said he developed a
software and networked it with the toaster.
As soon as the toaster is plugged, the software is activated before it
breaks into the users computer system.

16)
iPhone to be target of hackers in 2008
http://www.macworld.com/news/2007/12/11/hackiphone/index.php
According to Arbors Security and Engineering Response Team (ASERT) the
attacks will likely to be in the form of drive by attacks  malware
embedded into seemingly harmless information, images or other media that
actually perform dangerous actions when rendered on the iPhones Web
browser.
With the scrutiny the iPhone has received since its launch earlier this
year over network lock-in, ASERT believes that hackers will be enticed
by the possibility of attacking Apple users and the opportunity to be
the first to hack a new platform, the report said.
Apple has been involved in an ongoing battle with hackers for months.
While the hacks have not been malicious, the process of unlocking the
phone and allowing it to work with networks other than AT&T has caused
Apple to react. An update that did, in fact, disable unlocked
iPhones.