In This Issue: 1. Editor's Note: VoIP: It's Security Deja Vu All Over Again 2. Today's Top Story - VA To Recall All Laptops After Data Breach 3. Breaking News - Microsoft's Anti-Piracy Tool Draws Criticism, Changes Planned - Witness: Angry PaineWebber Defendant Said 'God Only Knows What I Could Do' - Ex-Boss Describes Sys Admin's Anger During PaineWebber Sabotage Trial - U.S. Court Backs Government Broadband Wiretap Access - Negroponte Demos $100 Laptop - 'Grand Theft Auto' Maker Settles With FTC - U.S. Drops Plan To Restrict Foreign Researchers - Sacramento Wi-Fi Deployment Hits A Wall - VoIP Security Alert: Hackers Start Attacking For Cash - iPods More 'In' Than Beer On College Campuses: Survey - New HP Tool Assesses Disaster Preparedness - Cisco Gobbles Up Two Communications Software Development Companies - Software Lets Users Catch Sports Highlights - IBM Lets Loose Viper Hybrid Database - Florida's Pharma Deadline Puts Spotlight On Item-Level RFID - Google In European Row Over Book Search 4. Grab Bag - Geek To Live: Introduction To Cygwin, Part I (Lifehacker) - Have @It: A History Of The @ Sign (Hewlett-Packard) - Pentagon Sets Its Sights On Social Networking Web Sites (New Scientist) 5. In Depth - High-Powered Windows System Could Rank Among The World's Fastest - Microsoft Launches Windows Compute Cluster Server 2003 - Microsoft Wades Into Wiki Waters - Microsoft Won't Patch Bug For Windows 98/Me - Microsoft Plans 12 Security Updates For Tuesday 6. Voice Of Authority - How Will Tagged Drugs, RFID On Clothing, And Human Chips Affect Your Privacy? 7. White Papers - Telework: A Critical Component Of Continuity Of Operations Planning 8. Get More Out Of InformationWeek 9. Manage Your Newsletter Subscription
Quote of the day: "If you think you are too small to be effective, you have never been in bed with a mosquito." -- Betty Reese
1. Editor's Note: VoIP: It's Security Deja Vu All Over Again Our report on Voice over IP security hazards should send a chill through any business or consumer relying on the technology.
The owner of two Miami VoIP companies was arrested recently and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines. Prosecutors say Edward Pena was able to collect fees from customers while stealing the infrastructure from other companies. It was the electronic equivalent of eating at a restaurant and sticking somebody else with the check. But the victim companies were stuck paying for some big meal—they were charged more than $300,000 for connectivity to the Internet backbone.
Researchers at security companies describe how attackers might use VoIP to hijack calls made by customers to companies and trick customers into giving up their credit card numbers.
The VoIP Security Alliance warns that VoIP networks are susceptible to denial-of-service attacks the way IP networks are and traditional phone networks aren't. Unencrypted VoIP calls can easily be eavesdropped on. VoIPSA warns about spam over IP telephony (new acronym for your files: SPIT). And VoIP permits callers to easily change their Caller ID information, so criminals can identify themselves as being from legitimate companies and trick consumers into giving out credit card numbers and account numbers.
VoIPSA also provides tips on how to secure your VoIP network.
So far, these attacks have been coming in at a trickle, by onesies and twosies. But longtime Internet users will remember that's how spam, phishing, and e-mail viruses started—a little at a time. Now we get hundreds of spam, phishing messages, and e-mail viruses every day, and these attacks have created huge problems on the Internet a couple of times. As VoIP grows more popular among both consumers and businesses, the threat has the potential to grow as large as e-mail-borne attacks.
Let's take precautions now so that the threat stays small.
What do you think? Are VoIP threats significant? What should we do about them? Visit the InformationWeek Weblog and let us know.
VA To Recall All Laptops After Data Breach During the week of June 26, all laptops will be returned to the Veterans Administration for a security review. The agency will also change its VPN settings every 30 days, so every laptop has to come back to be reinspected.
3. Breaking News
Microsoft's Anti-Piracy Tool Draws Criticism, Changes Planned In addition, the software maker has come under fire for failing to make it clear to people installing Windows Genuine Advantage that the application communicates with Microsoft on a daily basis to do things like ensure that the Windows copy being used isn't pirated.
Sacramento Wi-Fi Deployment Hits A Wall MobilePro, which has been deploying Wi-Fi in several U.S. communities, is dropping out of the project because new demands by the California capital city led the firm to believe the network was no longer "financially sustainable."
Software Lets Users Catch Sports Highlights The package, which applies an algorithm to try to "catch" goals and other highlights in sporting matches from recorded TV events, could prove helpful for people who can't watch sports scheduled in the wee hours, but want to catch up before dashing off to work in the morning.
IBM Lets Loose Viper Hybrid Database Viper, also known as DB2 version 9, vastly improves on handling techniques for XML data as well as resulting application performance, IBM promises.
Google In European Row Over Book Search La Martiniere is suing Google for counterfeiting and breach of rights by scanning about 100 books into its Google Book Search. Other European publishers are also threatening to sue.
----- The latest research, polls, and tools ----- Download PDFs Of InformationWeek's Top Stories Visit InformationWeek Downloads to get InformationWeek's biggest and best articles all in one place. Presented in an easy-to-read PDF format, they'll help you analyze and make purchase decisions for today's technology solutions.
Call For Submissions—InformationWeek 500 Participate in the InformationWeek 500! If your company has $500 million or higher in annual revenue, register today for this year's InformationWeek 500. -----------------------------------------
4. Grab Bag
Geek To Live: Introduction To Cygwin, Part I (Lifehacker) Here's the deal, Windows users: The command line is your friend. But the Windows command line? It's a really bad friend. You know, the kind that would ditch you in a minute if he got an offer to hang out with someone cooler, the kind who regifted that Chia pet from Cousin Jeb for your birthday, the kind who sticks you with the bill every time. With friends like that, who needs enemies? If you want to overclock your computing experience at a command prompt on your Windows PC, you need Cygwin.
Have @It: A History Of The @ Sign (Hewlett-Packard) One day in late 1971, computer engineer Ray Tomlinson grappled with how to properly address what would be history's very first e-mail. After 30 seconds of intense thought, he decided to separate the name of his intended recipient and their location by using the "@" symbol. He needed something that wouldn't appear in anyone's name and settled on the ubiquitous symbol, with the added bonus of the character representing the word "at."
Pentagon Sets Its Sights On Social Networking Web Sites (New Scientist) New Scientist has discovered that the Pentagon's National Security Agency, which specializes in eavesdropping and code breaking, is funding research into the mass harvesting of information that people post about themselves on social networks. And it could harness advances in Internet technology to combine data from social networking Web sites with details such as banking, retail, and property records, allowing the NSA to build extensive, all-embracing personal profiles of individuals.
Microsoft Won't Patch Bug For Windows 98/Me The company is backtracking on its earlier promise of the patch because it's "not feasible" to make the extensive changes necessary, especially since technical support is ending for the two operating systems as of July, a spokesman says.
How Will Tagged Drugs, RFID On Clothing, And Human Chips Affect Your Privacy? Elena Malykhina says: With Florida about to pass a new law on July 1 that requires pharmaceutical distributors to document who takes possession of prescription drugs as they travel from manufacturer to retailer, item-level RFID tagging is fresh on everyone's minds. With instances of item-level tagging also appearing in the retail industry, concerns about violation of people's privacy are once again a hot topic.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list: InfoWeek@update.informationweek.com
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.