Author: admini

US-VISIT uses biometric information from photos and fingerprints taken from non-Canadians at border crossings to track residents from other countries who enter the U.S. Travellers required to use the technology include landed immigrants living in Canada, Canadian citizens who are either engaged to a U.S. citizen or who have applied for a special business visa. They’ll have to carry the wireless devices as a way for border guards to access the electronic information stored inside a document about the size of a large index card. Visitors to the U.S. will get the card the first time they cross the border and will be required the carry the document on subsequent crossings to and from the States.

Border guards will be able to access the information electronically from 12 metres away to enable those carrying the devices to be processed more quickly.

Kimberly Weissman, spokeswoman for the US-VISIT program at the U.S. Department of Homeland Security told The Whig-Standard yesterday that the new devices can’t be tracked outside the border crossing area. “The UHF frequency that we’ve chosen makes it impossible to locate a specific person.”

But the use of the wireless technology raises alarm bells for Queen’s University law professor and privacy expert Art Cockfield. “Often these technologies are introduced in a fairly minor form and then the technology is extended.What would be very troubling to me would be the tracking of visitors after they’ve crossed the border.” Cockfield, who’s part of a Queen’s research group called the Globalization of Personal Data Team, said he’s so alarmed by these new devices that his team will likely investigate them further after learning about them yesterday.

Though the new devices don’t violate Canadian law, because visitors are under the jurisdiction of American law once inside the U.S., Cockfield said their use raises disturbing questions about how the technology may be used in the future. “If we think we’re subject to government surveillance, that immediately changes our behaviour,” he said. Sam Laldin of Kingston and District Immigrant Services also agrees that requiring non-Canadians to carry such electronic devices may deter some people from travelling to the U.S.

http://www.thewhig.com/webapp/sitepages/content.asp?contentID=119603&catname=Local+News

More than 422 significant new Internet security vulnerabilities emerged in the second quarter of 2005, the cybersecurity research organization found, an increase of 11 percent from the first three months of the year.

Particularly troubling are holes in backup software made by Computer Associates International Inc. and Veritas Software Corp., which together account for nearly one-third of the backup-software market, said Ed Skoudis, founder of the security company Intelguardians. Fixes are available for all the problems outlined in the SANS report, but many of the new flaws aren’t fixed as quickly as older ones.

Administrators take an average of 62 days to fix backup software and other software inside their firewall, compared to an average of 21 days for e-mail servers and other products that deal directly with the Internet, said Gerhard Eschelbeck, chief technical officer of business-software maker Qualsys.

Home users typically take even longer to fix problems, said SANS chief executive Allan Paller. Many of the new flaws were found on products popular with home users. Flaws in media players like Apple Computer Inc.’s iTunes and RealNetworks Inc.’s RealPlayer could enable a hacker to get into a user’s computer through a poisoned MP3 file. Users of Microsoft’s Internet Explorer Web browser could be compromised simply by visiting a malicious Web site, SANS said. Even the open-source Mozilla and Firefox Web browsers, which has gained in popularity thanks to security concerns, had flaws as well, Paller said.

http://www.eweek.com/article2/0,1895,1840577,00.asp

This represents an increase of 10.8 percent compared with the number found in the first quarter, and a jump of 20 percent compared with the second quarter of last year, the institute said in its quarterly report.

If companies and individuals don’t take corrective action, the agency warned, their systems could be used by remote hackers for identity theft, industrial espionage, and distribution of spam and pornography.

In order to be included on the quarterly list, the vulnerabilities must affect a large number of users, the SANS Institute said. Additionally, they must allow an attacker to take control of a PC remotely, and they must remain unpatched on a substantial number of systems. Information sufficient to let people exploit the flaws must be available on the Net.

Among the flaws are serious vulnerabilities in popular data backup products used by enterprises, while home users face increased risk from holes in iTunes and RealPlayer, as well as Internet Explorer. “These include backup software, management software, licensing software, etc. Flaws in these programs put critical resources at risk, as well as having a potential to compromise the entire enterprise.”

http://news.zdnet.com/Security+holes+add+up+in+second+quarter/2100-1009_22-5803078.html?part=rss&tag=feed&subj=zdnn

The buffer-overflow flaw is in device drivers that Windows loads whenever USB devices are inserted into computers running Windows 32-bit operating systems, including Windows XP and Windows 2000, said Caleb Sima, chief technology officer and founder of SPI Dynamics. The company will be demonstrating the vulnerability at this week’s Black Hat Briefings hacker conference in Las Vegas, but will not release details of the security hole, Sima said.

A spokesperson for Microsoft’s Security Response Center confirmed that the company has not received a vulnerability report from SPI.

For example, an attacker who knows of a vulnerability in a USB device driver can program one USB device—say a portable memory stick—to pose as the kind of device that uses the vulnerable driver, then plug the device into the host system and trigger the exploit when the host system loads the flawed driver, said Darrin Barrall, another SPI researcher.

Companies like Microsoft are just beginning to consider the security threat from peripheral devices, even as developments like the USBIF’s Wireless USB standard will make it possible to remotely connect to PCs using high-speed, USB-based technology, Sever said.

At Baptist Memorial Healthcare Corp., in Memphis, Tenn., IT administrators turned to Safend after some departments in the hospital network, such as Human Resources and Risk Management, started using portable USB “jump” drives to make backup copies of sensitive data after the hospital introduced new desktop systems that did not have floppy drives, said Lenny Goodman, director of the desktop management group at Baptist.

http://www.eweek.com/article2/0,1895,1840141,00.asp