February 2005 – Page 7 – CyberSecurity Institute

CSC wins $762 million Navy contract

Posted on February 4, 2005December 30, 2021 by admini

The contract, which has a three-year base period and four three-year options, has an estimated value of $762 million if all options are exercised.

The contract was awarded to CSC’s DynCorp Technical Services, a unit that is not being divested under a previously announced Dec. 12, 2004 agreement to sell selected DynCorp business units.

Under the contract, CSC’s Federal Sector business unit will support AUTEC through services that include the scheduling and conduct of test programs; operation of range instrumentation and test support systems; and performance of all base operations functions. Work will be performed at locations including Andros Island, the Bahamas, West Palm Beach and Cape Canaveral, Fla., and Yorktown, Va.

AUTEC is a major range and test facility base that provides both deep and shallow water test and training environments for the US Navy.

CSC will subcontract portions of the contract to KIRA, Inc. for Bahamian base operations support, and Gulfstream International Airlines for airline service.

http://news.zdnet.com/2110-9589_22-5563616.html?part=rss&tag=feed&subj=zdnet

Microsoft to confide security woes to governments

Posted on February 3, 2005December 30, 2021 by admini

Under the Security Cooperation Program, Microsoft will advise participating government agencies on network security issues in an effort to try to anticipate or mitigate security lapses, said Gerri Elliott, corporate vice president of Microsoft’s worldwide public-sector unit. Giving a government agency advance notice of security problems for free derives from the role government agencies play, Elliot said.

Government agencies, however, have also been some of the most active in promoting open source software, both as a way to cut costs and promote local companies. In Europe, the local government of Vienna is moving forward with a voluntary open source program aimed at cutting software acquisition costs. Although announcements by governments to embrace open source software have grabbed headlines and have given the open source movement momentum, some have stalled.

http://www.zdnetindia.com/news/international/stories/116434.html

Spammers ‘tricking ISPs’ into sending junk mail

Posted on February 2, 2005December 30, 2021 by admini

Previously, these zombie PCs have been used as mail servers to send spam emails directly to recipients. “The Trojan is able to order proxies to send spam upstream to the ISP,” said Steve Linford, director of SpamHaus. Reports suggest that ISPs in the US have already been hit.

Linford predicts that ISPs will see a growth in the volume of bulk mail they send and receive over the next two months, with spam levels rising from75 percent of all email to around 95 percent within a year.

Linford said that ISPs need to act fast to take control of the problem.

“This ups the ante in the need for filters,” said Mark Sunner, chief technology officer for MessageLabs.

http://news.zdnet.co.uk/internet/security/0,39020375,39186364,00.htm

Joint venture to exploit Rolls-Royce security IP

Posted on February 2, 2005December 30, 2021 by admini

Loughborough-based electronics manufacturer Datalink Electronics is setting a joint venture with Rolls-Royce and private investors to develop an signature verification device.

Sign Assured is being set up to develop, manufacture and market the signature verification device using intellectual property from Rolls-Royce and Datalink’s research, development and manufacturing resources. Datalink has a 25 per cent stake in Sign Assured alongside Rolls-Royce and private investors Charlie Ding and Professor David Auckland, both from Manchester University and Tony Endfield, managing director of housewares company Rayware.

Signature verification could be used is systems for employees to clock on and off as it removes the ability of a colleague to clock someone else in. Building security is another area of application and financial institutions may use the system when dealing with internal transfers.

The technology could eventually be used to supplement chip and PIN security for credit and debit cards.

Eric Luckwell, managing director of Datalink and director of Sign Assured, said, This is an exciting development for Datalink as it sees us potentially having our own product range. Growing competition in the global manufacturing services market makes this diversification necessary. Professor Auckland and Charlie Ding will be chairman and managing director of Sign Assured respectively.

The device arose from technology developed by Rolls-Royce to measure acoustic emissions from aircraft engines. When people sign their names they write with different amounts of pressure and speed, resulting in an acoustic signature that is as distinctive as a traditional signature but much more difficult to replicate. The new device will listen to how people sign their name and store this information in a database. Current verification systems are image-based, with inherent higher costs.

Paul Harris, corporate development manager at Rolls-Royce, said “The technology has already undergone extensive testing and development”.

http://www.eetimes.com/showArticle.jhtml?articleID=59300908

FTC: At least $548 million lost to identity theft

Posted on February 1, 2005December 30, 2021 by admini

The U.S. Federal Trade Commission said it received 635,000 consumer complaints in 2004 as criminals sold nonexistent products through online auction sites like eBay Inc. or went shopping with stolen credit cards.

Internet-related fraud accounted for more than half of the remaining complaints as scammers found victims through Web sites or unsolicited e-mail, the FTC said.

Auction fraud was the most common Internet scam, the FTC said in its annual fraud report, followed by complaints about online shopping and Internet access service.

The number of incidents was up across nearly every category from 2003, but it was unclear whether that represented an actual increase in fraud or simply a greater awareness of the FTC’s Consumer Sentinel fraud program.

Consumers likely lost significantly more than the amount reported, as fewer than half were able to pin a dollar figure on their losses.

A recent report by the Better Business Bureau found that most cases of identity theft occurred through the theft of a checkbook or other offline methods.

http://www.cnn.com/2005/TECH/02/01/id.theft.scams.reut/index.html

NIST Report Urges Caution For Switch To VOIP

Posted on February 1, 2005December 30, 2021 by admini

The 93 page report, written by D. Richard Kuhn, Thomas J. Walsh and Steffen Fries, details the “significant” security and quality of service issues in implementing VOIP telephony and makes extensive recommendations in securing a VOIP implementation.

“Administrators may mistakenly assume that since digitized voice travels in packets, they can simply plug VOIP components into their already-secured networks and remain secure. However, the process is not that simple.”

NIST emphasizes that VOIP plans should include separate voice and data networks where practical, regular security testing, frequent software updates and avoiding PC based implementations of VOIP, as the platform is so difficult to secure.

The full paper, Security Considerations for Voice Over IP Systems, NIST Special Publication 800-58 is available for free in an Adobe Acrobat file.

Click here for NIST, the National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf

http://www.extremetech.com/article2/0,1558,1758174,00.asp?kc=ETRSS02129TX1K0000532