Data Storage Today

Tech Expert: Nagin E-Mails Disappeared

Fri, 03 Jul 2009 06:51:09 -0500

A technology expert said Wednesday that potentially years' worth of Mayor Ray Nagin's e-mails have been deleted.

Christopher Reade, a partner in a tech firm who assisted the Louisiana Technology Council in efforts to recover data for the mayor's office, said the mailbox was removed between June 2008 and May 2009. He said 22 gigabytes of data vanished from a defunct server on May 5 -- the day of a conference call with the city on the work the outside technology experts would do -- but he did not know if the mailbox was among that data.

City technology chief M. Harrison Boyd, who came on board last summer, said he was shocked. He said controls put in place in March would have made it "virtually impossible" to delete any information in May.

Boyd questioned whether the job was too big for the group to handle, adding, "Until I have the opportunity to review their methodology, I would strongly encourage them to step back."

The city blamed a faulty server for not being able to produce more records sought by WWL-TV. The station sued earlier this year over its request for Nagin's 2008 calendar and e-mails from July-through-December 2008. An attorney for WWL-TV, Mary Ellen Roy, said the calendar was turned over, and about 150 e-mails were discovered.

The mayor, as part of the lawsuit, was said to receive 50 to 100 e-mails a day and to send up to five.

The Technology Council, according to city spokesman James Ross, was hired to determine if there were additional e-mails. Boyd said the group was brought in at his suggestion to provide an independent, third-party review -- and given full access to city servers.

The Technology Council hopes to finish its work -- including trying to recover the mayor's mailbox -- within the next week or two, said...

Creating Order from Chaos with Evernote

Fri, 03 Jul 2009 06:59:20 -0500

When he parks his car, author Timothy Ferriss snaps a photo of the nearest cross streets with his camera phone. In business meetings, he'll often take pictures of sketches and notes made on a whiteboard. When he's out for dinner, he'll whip out the phone again to capture an image of the label on the wine he's drinking. He never knows when he'll want to recall the data later.

Ferriss, a productivity expert, blogger, and author of the best-selling book The 4-Hour Workweek, then ships those photos to what he calls his "augmented brain," which exists not in his head, but on the Web.

He is one of a growing number of people using a Web-based service and software application running on smartphones and PCs called Evernote that is quickly becoming a receptacle for much of the ephemera that otherwise gets cluttered and sometimes lost in a person's busy life.

At first, Ferriss resisted the suggestion from readers of his blog that he try the application. "I have this philosophical stance where I tend to avoid accumulating new gadgets and software because usually they create more work than they are meant to prevent," Ferriss says. But when a few reader suggestions turned into dozens, he decided to try it. "At first it wasn't clear what the appeal was. But the more I used it, it became really clear why they liked it."

Word Recognition in Photos

Founded by Stepan Pachikov, who co-founded handwriting recognition software company Parascript and is a former vice-president of Silicon Graphics, Evernote is designed for people struggling to become more organized. A February survey by the National Association of Professional Organizers, a trade group, found that 96 percent of some 400 adults said they could save time every day if they were better organized. "No one remembers everything as well as...

Celebrity Deaths Drive Spam, with Jackson Pervasive

Thu, 02 Jul 2009 08:11:24 -0500

With recent celebrity deaths, spammers are shifting strategies in hopes of cashing in on the misfortunes of others. Although several celebrities have passed away in the last few weeks, pop star Michael Jackson's death is driving the greatest spam volume.

Less than eight hours after Jackson's untimely death, Sophos began to intercept spam campaigns using the singer's name. Sophos also discovered cybercriminals taking advantage of 1970s TV icon Farrah Fawcett's death to spread fake antivirus software.

Mass Mailing Worms

Since then, Sophos reports large volumes of more spam, malware and other scams. For example, Sophos reports a mass-mailing worm that spams out messages with subject lines such as "Remembering Michael Jackson" with an attached file called "Michael songs and pictures.zip."

The e-mail, which claims to come from sarah@michaeljackson.com, says the attached ZIP file contains secret songs and photos of Michael Jackson. However, the reality is that opening the attachment exposes recipients to infection -- and if a computer is victimized, it spreads the worm to other Internet users.

Attackers have also set up a bogus Italian YouTube site link in an e-mail. When users click on the e-mail they get an error message indicating a Flash player upgrade is required in order to view the video. The download link ushers the victim to a fake codec that downloads a Trojan.

Exploiting Human Misery

How does the rash of celebrity deaths compare with other major world events? It's not at all unusual for the bad guys to try and take advantage of big international news stories in their attempts to infect computers and steal money, according to Graham Cluley, a senior security consultant at Sophos.

Cluley points to hackers in the past taking advantage of the death of the pope, the incarceration of Saddam Hussein, the death of kung-fu actor David Carradine, a Concorde crash in Paris,...

Cyberspace Shapes Up To Be Next Battleground

Fri, 03 Jul 2009 07:02:57 -0500

Congressional computers have been penetrated, probably by the Chinese. The avionics system of the F-22 fighter may be compromised. Computers of our presidential candidates were hacked into --- and probably not by teenagers on a lark.

Last year's advance of Russian tanks into Georgia was accompanied by the disruption of Georgian government computer systems.

These are only public manifestations of a new reality: Attacks on computer systems will be an integral element of future conflict, and the United States is more dependent on computer networks than any other nation.

Both policy-makers and the military are in the early stages of coming to grips with this threat. We need to take some important first steps to strengthen our national capability to defend ourselves in cyberspace.

First, we must abandon the notion that static defenses will help us against sophisticated threats.

One bipartisan Senate bill proposes to establish a government committee to set standards for all computer systems and software.

This is the electronic equivalent of building a Maginot Line of concrete fortifications against a mobile enemy.

It may keep common criminals at bay, but it will be no defense against a mobile and adaptable top-tier adversary.

American government and private computer systems operate on an interconnected global network that is constantly changing like a biological organism.

It operates at light speed, and both friends and adversaries are connected to the same network.

We must anticipate that the most dangerous players will stay quiet until a time of national tension.

Our cyber-defense capabilities must be inherently dynamic, with a close connection between system operators, intelligence analysts, and the researchers who can rapidly build and deploy tools to protect or restore vital capabilities.

Second, our intelligence on other countries' cyber capabilities must be strengthened.

We have scores of trained experts who know the ins and outs of foreign radars and missile systems and almost none who...

Jackson's Death Unleashes Barrage of Online Scams

Wed, 01 Jul 2009 07:13:29 -0500

Minutes after any big celebrity dies, Internet swindlers get to work. They pump out specially created spam e-mails and throw up malicious Web sites to infect victims' computers, hoping to capitalize on the sudden high demand for information.

Michael Jackson's death was no different, and security experts say the fraud artists are just getting started.

The scams started cropping up almost instantaneously as Jackson's death was still hitting the news. As days have gone by, they've gotten more sophisticated -- and dangerous.

Jackson's death "took a lot of people by surprise -- the spammers, too," said Dermot Harnett, principal analyst for anti-spam engineering at Symantec Corp., a security software maker. "It might take them some time to really pounce on this issue. They are catching up pretty quickly, though."

Any major world event, such as the recent protests in Iran, triggers a barrage of Internet attacks. Security experts say the malicious traffic associated with Jackson's death will likely match and perhaps exceed those of other big spamming campaigns, such as those connected with the swine flu outbreak and Saddam Hussein's execution.

Spam is the most common way for fraudsters to find victims after these types of events. They can use a shotgun approach with a boilerplate message about Jackson, taking advantage of people's interests in the topic to improve their batting average over their usual spam campaigns.

By enticing users with such messages and tricking them into clicking on e-mail attachments, scammers can easily infect victims' computers and take command of them for more nefarious activities.

The spam about Jackson's death gets more convincing every day.

One message promises a YouTube video showing the exclusive "last work of Michael Jackson." Instead, victims get a malicious program that steals their passwords. Another promises to show the "latest unpublished photos" of Jackson if you click on a link -- one...

Va. Lawmakers Drill In on Hacker Attack, IT Delays

Wed, 01 Jul 2009 07:13:12 -0500

Some doctors are holding off prescribing painkillers after a hacker accessed more than 35.5 million of Virginia's most sensitive prescription drug records two months ago, a state official told a legislative panel Monday.

Lawmakers probing the state's computer services bureaucracy, the Virginia Information Technologies Agency, also learned that its former director was dismissed earlier this month after refusing to pay VITA's contracted partner, which had missed key deadlines.

Hearings Monday by the House Science and Technology Committee and a Senate Finance technology subcommittee focused on VITA and its $10-year, $2.4 billion contract with Northrop Grumman after years worth of state agencies' complaints over high costs and long service delays they have experienced from the partnership.

Lawmakers intensified their scrutiny of the six-year-old agency created to consolidate the state's diverse and far-flung computer systems after the Prescription Monitoring Program was hacked on April 30 and after the dismissal of former VITA chief Lemuel Stewart.

With the prescription database still offline two months after it was accessed because of FBI and state criminal investigations and work to upgrade the system, some doctors are reluctant to prescribe highly addictive painkillers such as Oxycodone, Vicodin, morphine and Valium, said Sandra Whitley Ryals, director of the Department of Health Professions.

"I do not have any indication, however, of how many that might be," she told the panel.

Later, she downplayed the magnitude, describing calling the reports sparse and anecdotal. She said the department has gotten no complaints from patients being denied needed drugs.

"I do know that our prescribers, mostly physicians, have grave concerns about not being able to access the information," she said. They were being asked "to use their best judgment," she said.

The database was established for professionals who prescribe painkillers, the pharmacists who fill the prescriptions and police to flag abuse and theft.

Among the information accessed were names, birth...

Vordel Provides Cloud-Computing Interoperability

Tue, 30 Jun 2009 09:28:17 -0500

Herndon, VA and Dublin, Ireland, June 30, 2009 -- Vordel, the XML networking management company, today announced the Vordel Gateway Cloud Edition which provides interoperability for Cloud Computing platforms including Amazon, Force.com, and Google.

Interoperability is particularly important for Cloud Computing since organizations wish to take advantage of the great cost-savings on offer, but without becoming locked-in to a single Cloud Computing vendor. In particular, it is of interest to the U.S. Government, with its focus on cloud computing as a key "cross-cutting" saving across government departments and agencies.

The Vordel Gateway Cloud Edition can be deployed on the local network, acting as the pivot point between applications and Cloud-based services. Deployed in this way, it provides an on-ramp from local applications to the Cloud. Even a single application can leverage multiple Cloud Computing services, without coding.

It can also be deployed "cloud-side" to link Cloud-based services together. Due to its lack of proprietary hardware, it enables users to benefit from the "elasticity" of the Cloud in order to scale, whereby capacity is added automatically as traffic grows.

Phil Schacter, Vice President and Service Director with Burton Group said "The cloud services market is immature with few standards on how customers establish and control access by their users, and how providers protect information and report activity back to the customer. The concept of an enterprise gateway that connects to all internal and public cloud services accessed by various departments and users is an important innovation that allows a focal point for enforcing policy and auditing usage of services, and that is independent and transparent to specific cloud providers."

"Low capital and operating costs make Cloud Computing very attractive. However, security and interoperability are key concerns. At Vordel we saw that a way to leverage Cloud Computing services in a controlled, secure manner was required. The...

CORE IMPACT Pro v9 Improves Security Testing

Tue, 30 Jun 2009 08:28:43 -0500

BOSTON - June 29, 2009 - Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced CORE IMPACT Pro v9, the latest installment of its flagship penetration testing software solution. The new version of CORE IMPACT Pro provides IT security managers with an unmatched level of visibility into their enterprise IT risks, allowing them to replicate real-world cyber attacks that reveal critical exposures on a regular basis.

Get Actionable Data on Real-World Risk

With IMPACT Pro v9 penetration testing software, organizations can assess their vulnerability to data breaches and many other attacks in a way that is comprehensive, realistic and safe. Software-based penetration testing also offers tremendous value by enabling organizations to effectively perform internal security self-assessment as frequently as their environments demand, creating a repeatable process that allows them to actively measure and benchmark security posture on an ongoing basis, while providing actionable data for effective remediation.

The new release specifically extends the world's leading commercial-grade penetration testing software solution by adding new enterprise management functionality and expanding the depth and breadth of the product's real-world security testing capabilities.

"IT managers are expanding the use of risk assessment within their enterprise security programs. To make risk assessment work they must create metrics by which to measure their progress over time and actively test their defenses against real-world attacks," said Charles Kolodgy, research director at IDC. "By performing penetration testing, security teams can better monitor, benchmark and remediate exploitable weaknesses. In fact, the US Federal Government and Payment Card Industry (PCI) standards mandate frequent penetration testing."

New Enterprise Management Capabilities Enhance Reporting and Compliance

IMPACT Pro v9 provides top-level visibility into organizations' IT-based risks, as well as the actionable data needed to address those issues. New capabilities for managing and reporting on penetration testing processes and...

Cyberwar Defenders Reach an Impasse

Wed, 01 Jul 2009 07:12:52 -0500

The United States and Russia are locked in a fundamental dispute over how to counter the growing threat of cyberwar attacks that could wreak havoc on computer systems and the Internet.

Both nations agree that cyberspace is an emerging battleground. The two sides are expected to address the subject when President Barack Obama visits Russia next week and at the General Assembly of the United Nations in November, according to a senior U.S. State Department official.

But there the agreement ends.

Russia favors an international treaty along the lines of those negotiated for chemical weapons and has pushed for that approach at a series of meetings this year and in public statements by a high-ranking official.

The United States argues that a treaty is unnecessary. It instead advocates improved cooperation among international law enforcement groups. If these groups cooperate to make cyberspace more secure against criminal intrusions, their work will also make cyberspace more secure against military campaigns, U.S. officials say.

"We really believe it's defense, defense, defense," said the State Department official, who asked not to be identified because authorization had not been given to speak on the record. "They want to constrain offense. We needed to be able to criminalize these horrible 50,000 attacks we were getting a day."

Any agreement on cyberspace presents special difficulties because the matter touches on issues like censorship of the Internet, sovereignty and rogue actors who might not be subject to a treaty.

U.S. officials say the disagreement has hindered international law enforcement cooperation, particularly given that a significant proportion of the attacks against American government targets are coming from China and Russia.

And from the Russian perspective, the absence of a treaty is permitting a kind of arms race with potentially dangerous consequences.

Officials around the world recognize the need to deal with the growing threat of cyberwar. Many countries,...

Unclear What Happens to Personal Info With Clear

Wed, 01 Jul 2009 07:12:24 -0500

More than a quarter million people are wondering what will happen to their fingerprints, Social Security numbers, home addresses and other personal information now that a company that sped them through airport security is out of business.

Government officials are wondering too.

The sudden shutdown of the Clear program, run by Verified Identity Pass Inc., this week has raised more concerns about who keeps our personal information, how well it's protected from theft and whether it could be sold to the highest bidder.

If Verified files for bankruptcy protection or is taken over by another company, security experts say it's unlikely customers' private data would be handed over to creditors or new owners. But they -- as well as some members of Congress -- are starting to trace the data trail.

Worries about protecting personal information and the danger of identity theft cover many areas of life in the 21st century beyond travel -- from drawing cash out of an ATM to handing a credit card over to a store or restaurant.

On Tuesday, the parent company of retailers T.J. Maxx and Marshall's said it will pay $9.75 million in a settlement with a number of states related to massive data theft that exposed tens of millions of payment card numbers.

Clear said it will secure the personal information it gathered, which it says it handled according to Transportation Security Administration standards, and will "take appropriate steps to delete the information." Clear only provided information to TSA when it was part of the agency's pilot program, Registered Traveler, which ended in July 2008.

In a statement on its Web site Friday, Verified Identity Pass said that all of its Clear airport kiosks have been wiped clean of data. Employees' laptops are in the process of being cleared.

Although it was a private company, Clear had to follow TSA...