InformationWeek Daily Archives
It's Security Deja Vu All Over Again
In This Issue:
1. Editor's Note: VoIP: It's Security Deja Vu All Over Again
2. Today's Top Story
- VA To Recall All Laptops After Data Breach
3. Breaking News
- Microsoft's Anti-Piracy Tool Draws Criticism, Changes Planned
- Witness: Angry PaineWebber Defendant Said 'God Only Knows What I Could Do'
- Ex-Boss Describes Sys Admin's Anger During PaineWebber Sabotage Trial
- U.S. Court Backs Government Broadband Wiretap Access
- Negroponte Demos $100 Laptop
- 'Grand Theft Auto' Maker Settles With FTC
- U.S. Drops Plan To Restrict Foreign Researchers
- Sacramento Wi-Fi Deployment Hits A Wall
- VoIP Security Alert: Hackers Start Attacking For Cash
- iPods More 'In' Than Beer On College Campuses: Survey
- New HP Tool Assesses Disaster Preparedness
- Cisco Gobbles Up Two Communications Software Development Companies
- Software Lets Users Catch Sports Highlights
- IBM Lets Loose Viper Hybrid Database
- Florida's Pharma Deadline Puts Spotlight On Item-Level RFID
- Google In European Row Over Book Search
4. Grab Bag
- Geek To Live: Introduction To Cygwin, Part I (Lifehacker)
- Have @It: A History Of The @ Sign (Hewlett-Packard)
- Pentagon Sets Its Sights On Social Networking Web Sites (New Scientist)
5. In Depth
- High-Powered Windows System Could Rank Among The World's Fastest
- Microsoft Launches Windows Compute Cluster Server 2003
- Microsoft Wades Into Wiki Waters
- Microsoft Won't Patch Bug For Windows 98/Me
- Microsoft Plans 12 Security Updates For Tuesday
6. Voice Of Authority
- How Will Tagged Drugs, RFID On Clothing, And Human Chips Affect Your Privacy?
7. White Papers
- Telework: A Critical Component Of Continuity Of Operations Planning
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription
Quote of the day:
"If you think you are too small to be effective, you have never been in bed with a mosquito." -- Betty Reese
1. Editor's Note: VoIP: It's Security Deja Vu All Over Again
Our report on Voice over IP security hazards should send a chill through any business or consumer relying on the technology.
The owner of two Miami VoIP companies was arrested recently and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines. Prosecutors say Edward Pena was able to collect fees from customers while stealing the infrastructure from other companies. It was the electronic equivalent of eating at a restaurant and sticking somebody else with the check. But the victim companies were stuck paying for some big meal—they were charged more than $300,000 for connectivity to the Internet backbone.
Researchers at security companies describe how attackers might use VoIP to hijack calls made by customers to companies and trick customers into giving up their credit card numbers.
The VoIP Security Alliance warns that VoIP networks are susceptible to denial-of-service attacks the way IP networks are and traditional phone networks aren't. Unencrypted VoIP calls can easily be eavesdropped on. VoIPSA warns about spam over IP telephony (new acronym for your files: SPIT). And VoIP permits callers to easily change their Caller ID information, so criminals can identify themselves as being from legitimate companies and trick consumers into giving out credit card numbers and account numbers.
VoIPSA also provides tips on how to secure your VoIP network.
Security vendor Cloudmark warned in April about a scheme whereby grifters sent e-mail spam asking users to call a bank switchboard. The attackers used a computer and VoIP service to set up a voice line that sounded like the bank's normal voice-operated service.
So far, these attacks have been coming in at a trickle, by onesies and twosies. But longtime Internet users will remember that's how spam, phishing, and e-mail viruses started—a little at a time. Now we get hundreds of spam, phishing messages, and e-mail viruses every day, and these attacks have created huge problems on the Internet a couple of times. As VoIP grows more popular among both consumers and businesses, the threat has the potential to grow as large as e-mail-borne attacks.
Let's take precautions now so that the threat stays small.
What do you think? Are VoIP threats significant? What should we do about them? Visit the InformationWeek Weblog and let us know.
VA To Recall All Laptops After Data Breach
During the week of June 26, all laptops will be returned to the Veterans Administration for a security review. The agency will also change its VPN settings every 30 days, so every laptop has to come back to be reinspected.
Microsoft's Anti-Piracy Tool Draws Criticism, Changes Planned
In addition, the software maker has come under fire for failing to make it clear to people installing Windows Genuine Advantage that the application communicates with Microsoft on a daily basis to do things like ensure that the Windows copy being used isn't pirated.
Witness: Angry PaineWebber Defendant Said 'God Only Knows What I Could Do'
A financial advisor testified that the defendant bet heavily on "put" contracts that would pay off if the company's stock crashed quickly. Soon afterwards, prosecutors say, the defendant's logic bomb took down much of the company network.
Ex-Boss Describes Sys Admin's Anger During PaineWebber Sabotage Trial
Defendant Roger Duronio was "visibly upset" and red-faced and delivered an ultimatum: Give him a bigger bonus or he'd walk, said Duronio's ex-boss, testifying against him in a criminal hacking trial.
U.S. Court Backs Government Broadband Wiretap Access
The court concluded that the FCC requirement is a "reasonable policy choice," even though information services are exempted from the government's wiretapping authority.
Negroponte Demos $100 Laptop
The model didn't have a hand crank for power, but the production version might.
'Grand Theft Auto' Maker Settles With FTC
The settlement calls for the video game maker to prominently display content relevant to a game's rating on all future packaging.
U.S. Drops Plan To Restrict Foreign Researchers
New rules requested by the Pentagon would have limited foreign researchers' access to sensitive U.S. technologies.
Sacramento Wi-Fi Deployment Hits A Wall
MobilePro, which has been deploying Wi-Fi in several U.S. communities, is dropping out of the project because new demands by the California capital city led the firm to believe the network was no longer "financially sustainable."
VoIP Security Alert: Hackers Start Attacking For Cash
VoIP could become the newest opportunity for cyberthieves, with the recent arrest of a Miamian only the beginning.
iPods More 'In' Than Beer On College Campuses: Survey
It's the first time in a decade that the sudsy stuff hasn't topped the list of undergrad favorites, according to a new survey.
New HP Tool Assesses Disaster Preparedness
The software allows companies to conduct baseline risk assessments of potential failures and provides recommendations if a score is low enough.
Cisco Gobbles Up Two Communications Software Development Companies
Their products will be integrated into a common application development platform so customers and partners can build customized communications apps that will work with Cisco's Unified Communications platform.
Software Lets Users Catch Sports Highlights
The package, which applies an algorithm to try to "catch" goals and other highlights in sporting matches from recorded TV events, could prove helpful for people who can't watch sports scheduled in the wee hours, but want to catch up before dashing off to work in the morning.
IBM Lets Loose Viper Hybrid Database
Viper, also known as DB2 version 9, vastly improves on handling techniques for XML data as well as resulting application performance, IBM promises.
Florida's Pharma Deadline Puts Spotlight On Item-Level RFID
A new law requires pharmaceutical firms to safeguard their wares as medications move through the pipeline. There's a debate raging over how best to do that.
Google In European Row Over Book Search
La Martiniere is suing Google for counterfeiting and breach of rights by scanning about 100 books into its Google Book Search. Other European publishers are also threatening to sue.
In the current episode:
Eric Chabrow With 'That's News To Me'
Eric looks at iPods surpassing beer in popularity on campuses, robotic surgeons, and guarding the border with Web cams.
Alex Wolfe With 'Vista Alternative'
Suse Linux Enterprise 10 tries to win market share from Vista.
Sacha Lecca With 'DVD Olfactory'
Dogs are the latest weapon in the war against pirated DVDs.
----- The latest research, polls, and tools -----
Download PDFs Of InformationWeek's Top Stories
Visit InformationWeek Downloads to get InformationWeek's biggest and best articles all in one place. Presented in an easy-to-read PDF format, they'll help you analyze and make purchase decisions for today's technology solutions.
Call For Submissions—InformationWeek 500
Participate in the InformationWeek 500! If your company has $500 million or higher in annual revenue, register today for this year's InformationWeek 500.
Geek To Live: Introduction To Cygwin, Part I (Lifehacker)
Here's the deal, Windows users: The command line is your friend. But the Windows command line? It's a really bad friend. You know, the kind that would ditch you in a minute if he got an offer to hang out with someone cooler, the kind who regifted that Chia pet from Cousin Jeb for your birthday, the kind who sticks you with the bill every time. With friends like that, who needs enemies? If you want to overclock your computing experience at a command prompt on your Windows PC, you need Cygwin.
Have @It: A History Of The @ Sign (Hewlett-Packard)
One day in late 1971, computer engineer Ray Tomlinson grappled with how to properly address what would be history's very first e-mail. After 30 seconds of intense thought, he decided to separate the name of his intended recipient and their location by using the "@" symbol. He needed something that wouldn't appear in anyone's name and settled on the ubiquitous symbol, with the added bonus of the character representing the word "at."
Pentagon Sets Its Sights On Social Networking Web Sites (New Scientist)
New Scientist has discovered that the Pentagon's National Security Agency, which specializes in eavesdropping and code breaking, is funding research into the mass harvesting of information that people post about themselves on social networks. And it could harness advances in Internet technology to combine data from social networking Web sites with details such as banking, retail, and property records, allowing the NSA to build extensive, all-embracing personal profiles of individuals.
High-Powered Windows System Could Rank Among The World's Fastest
A computer cluster running a new high-performance version of Windows operates at nearly double the previous Windows speed record.
Microsoft Launches Windows Compute Cluster Server 2003
Targeting high-performance computing applications, the software aims to bring technical computing to the masses.
Microsoft Wades Into Wiki Waters
Customers are invited to submit their own tips about Visual Studio and .Net to be on par with Microsoft's own documentation.
Microsoft Won't Patch Bug For Windows 98/Me
The company is backtracking on its earlier promise of the patch because it's "not feasible" to make the extensive changes necessary, especially since technical support is ending for the two operating systems as of July, a spokesman says.
Microsoft Plans 12 Security Updates For Tuesday
It's the largest one-month total of bulletins since February 2005, and at least one is tagged "critical."
How Will Tagged Drugs, RFID On Clothing, And Human Chips Affect Your Privacy?
Elena Malykhina says: With Florida about to pass a new law on July 1 that requires pharmaceutical distributors to document who takes possession of prescription drugs as they travel from manufacturer to retailer, item-level RFID tagging is fresh on everyone's minds. With instances of item-level tagging also appearing in the retail industry, concerns about violation of people's privacy are once again a hot topic.
Telework: A Critical Component Of Continuity Of Operations Planning
The following guide provides a basic layout of a continuity of operations plan and details why it makes good business sense for organizations to prepare such contingency plans in order to deal with those scenarios that often disable operations.
8. Get More Out Of InformationWeek
Try InformationWeek's RSS Feed
Discover all InformationWeek's sites and newsletters
To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.