Search This Blog

Saturday, February 28, 2009


A new listing with title SSC 2009 PREPARATORY EXAM has just been submitted.


Additional message:
Unsubscribe from our newsletters



You will recieive a auto notify alert mail of all the classifieds one in a day.

Click here to Confirm Your Subscription for Newsletter

Goa Contact
Pramod Mane
Cell: 9822701307

Pune Office:
Prasad Mane
A-218, Mega Center,
Magarpatta Pune-solapur HW,
Hapdapsar Pune- 411028
Cell: 9011092509



Wishing all the people HAPPY & PROSPEROUS NEW YEAR 2009

goaclassifieds. com - started on 14-Feb-2007. A classifieds portal for Goa state. Today its most popular online classifieds portal having 400 unique visitors per day accessing more then 1500 classifieds/Pages in a day. Our aim is to get 1000 visitors per day. We are trying to get more PIAD ads for the site.

Our charges are 100 Rs. Per classifieds for 30 days and

Banner ads on top of each page we charge 1200 per month in respective category. On the Home page this banners are show randomly each time the page is viewed

You will recieive a auto notify alert mail of all the classifieds one in a day.

Click here to Confirm Your Subscription for Newsletter

Goa Contact
Pramod Mane
Cell: 9822701307

Pune Office:
Prasad Mane
A-218, Mega Center,
Magarpatta Pune-solapur HW,
Hapdapsar Pune- 411028
Cell: 9011092509

[SECURITY] [DSA 1719-2] New GNUTLS packages fix regression

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1719-2 Florian Weimer
February 28, 2009
- ------------------------------------------------------------------------

Package : gnutls13, gnutls26
Vulnerability : design flaw
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-4989
Debian Bug : 505360

Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as
CA root certificates by default, as originally described in the
documentation. However, it turned out that there is still significant
use of historic X.509v1 CA root certificates, so this constitutes an
unacceptable regression. This update reverses this part of the
changes in DSA-1719-1. Note that the X.509v1 certificate format does
not distinguish between server and CA certificates, which means that
an X.509v1 server certificates is implicitly converted into a CA
certificate when added to the trust store (which was the reason for
the change in DSA-1719-1).

The current stable distribution (lenny) was released with the changes
in DSA-1719-1 already applied, and this update reverses the changes
concerning X.509v1 CA certificates for this distribution, too.

For the old stable distribution (etch), this problem has been fixed in
version 1.4.4-3+etch4.

For the stable distribution (lenny), this problem has been fixed in
version 2.4.2-6+lenny1.

We recommend that you upgrade your GNUTLS packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2
Size/MD5 checksum: 21337 fd8b423c5f4a11af2c60eda979df9b00
Size/MD5 checksum: 1259 229287edc239349b5014f2d31890912a

Architecture independent packages:
Size/MD5 checksum: 2305134 4809b5a15fa8554dbf0cc7331ed0128a

amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 389308 c6aa74857be44068f4e0d1f1322e30af
Size/MD5 checksum: 314864 9ea77f3b9e6fb21d899786f0f14d714c
Size/MD5 checksum: 183034 8e1dae14f9ea57b112fe260b1b0d4133
Size/MD5 checksum: 539598 223f5f50236b96400405a7c2ea4af3b9

arm architecture (ARM)
Size/MD5 checksum: 353164 9f47a15eb353836c9f02bc7621c8ee2f
Size/MD5 checksum: 281742 977162dcbafd9a88bb5715d1295c7cab
Size/MD5 checksum: 509214 d64fac5c2a6aeaaf47ae8aa0f99aa841
Size/MD5 checksum: 169820 ace0fc294e2f61d61a163ebf6ea98af9

i386 architecture (Intel ia32)
Size/MD5 checksum: 525750 944d1f780c8ea773d8d01d1839d0f8cd
Size/MD5 checksum: 281910 5b2168a10c343bb48d7ff6b063f90b26
Size/MD5 checksum: 173350 5cd3104555a852ed354265c3d4921924
Size/MD5 checksum: 359610 8ca01d76b60baa1164782aacfa7f12da

ia64 architecture (Intel ia64)
Size/MD5 checksum: 229280 3de3e4fad552e820d9b62b4a161b6807
Size/MD5 checksum: 550354 c66467b0a8ea04ff8695f0f51dc23fa0
Size/MD5 checksum: 394816 c7e52cfc951d1395eafc88d600be8082
Size/MD5 checksum: 528264 0c5a00e683ed44c8e70bd7788fa544f3

mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 418556 517105132650631d491e16951f50f4ea
Size/MD5 checksum: 182930 1dd9d1855f0a76002afa0283859be901
Size/MD5 checksum: 279350 ad784dd6ef0a0225c3cb05a123899109
Size/MD5 checksum: 553722 8775869e9a8c161ac775484fb4266412

mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 277854 c918ae14c6f090db47d8524bb960da86
Size/MD5 checksum: 182814 2fac3eef97e8d358133428efc41be2a8
Size/MD5 checksum: 417234 9bf2baa3edb0f726eb712182c76255d8
Size/MD5 checksum: 542104 c332743916f758cd9ab65ac0d6acf835

powerpc architecture (PowerPC)
Size/MD5 checksum: 184706 6ab0e02d76e0e399379601cd8017ee5a
Size/MD5 checksum: 538836 d6c1e636a1cfebfa39013abc8f7de22a
Size/MD5 checksum: 289006 3a5f173773e21f77e5c361c7c83cad95
Size/MD5 checksum: 388930 e784341c5933f4bd1e6e6ebd07f6fee4

s390 architecture (IBM S/390)
Size/MD5 checksum: 184614 c7587959cdf1216f4bdea48a9a637152
Size/MD5 checksum: 311684 f5716c1530abed02d290464f7cada72c
Size/MD5 checksum: 537542 4fadf059fb5875cc990de83a79a1b7a3
Size/MD5 checksum: 380358 8bc9700e54e895947bc4ee2b399dfee3

sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 491496 e24ea4ca4cbc14f35791523c4f955932
Size/MD5 checksum: 169438 c872e4a810ab75450b90c79e3ea7fe3f
Size/MD5 checksum: 271296 7fe33d25598be79b4bd58d5ea5e0258f
Size/MD5 checksum: 380138 10c4452d13237bda8e15c5ee5be878c6

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:
Size/MD5 checksum: 20298 e6bb02c6522cf6b6842e0b38c633a087
Size/MD5 checksum: 1904 3410a16fe6f7dcce25f1c55946357dc6
Size/MD5 checksum: 5984345 8fea7c57f4badcafcd31eb0f981f169a

Architecture independent packages:
Size/MD5 checksum: 2751582 9c920495e79d03f377d96ed94915a378

alpha architecture (DEC Alpha)
Size/MD5 checksum: 746956 6ba68bc991abcd886314ca52fb301f0d
Size/MD5 checksum: 516830 6db84226b03e84bdd6e143b9c372f6ff
Size/MD5 checksum: 301862 13e22f528ab7a5f196111d187889e8d7
Size/MD5 checksum: 1141862 fc33865426c76c54994c076aa4dc55ec
Size/MD5 checksum: 217774 aa5c315542532f504fa0f40e6756d3ee

amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 285624 48f7e580aed0f99e92eeee384c97cc21
Size/MD5 checksum: 215802 2ed45e368aabeb938f90fee4b3cf4668
Size/MD5 checksum: 1136770 db82f80deb858958e98ff3fd1422dd2c
Size/MD5 checksum: 586148 c95ef6b6b2af28fc7a8bfebe60703092
Size/MD5 checksum: 505908 e560d1c33d60f9b8c9748d6f70a2ccbc

arm architecture (ARM)
Size/MD5 checksum: 527790 87252e8649cdf5f317a3ac193c68c70d
Size/MD5 checksum: 269682 250998601126d1a5ae82be7db086a0f7
Size/MD5 checksum: 1070766 59d90bba4d2287794ed753021ecbbf02
Size/MD5 checksum: 445782 e31938233bab678b943a3f4c2dd1ea56
Size/MD5 checksum: 206486 4b388bbcc3c79008786c8aac9c387376

armel architecture (ARM EABI)
Size/MD5 checksum: 206812 1f067f477dd0408255ee75810107c8c0
Size/MD5 checksum: 452356 908efc56e9b571d0f2ba965566924064
Size/MD5 checksum: 1076694 25ddb450f16240a9ef522b9cf8e0b176
Size/MD5 checksum: 530178 e314774bf8163d3ab38693798eba8718
Size/MD5 checksum: 271192 6fe14120a5ecf84cce73420a58306f3f

i386 architecture (Intel ia32)
Size/MD5 checksum: 1093972 e84fc62e663d53231d7238b97a75cb2e
Size/MD5 checksum: 538250 f68cc41f9e9b90901a5e8e73ae83de68
Size/MD5 checksum: 457306 2b4ce30e59d0d9f0924ca5952cd03035
Size/MD5 checksum: 211152 87efd0f0aec95b071881f3e3540c3afa
Size/MD5 checksum: 270274 61bad9c03e790afb18e4a938cbe2446f

ia64 architecture (Intel ia64)
Size/MD5 checksum: 782620 95712b24bb1114caa021729297664601
Size/MD5 checksum: 933118 ba4cf6d4ccbb1701f30f3a875a77615a
Size/MD5 checksum: 341822 553a30423b78eb84b76168e825b13bea
Size/MD5 checksum: 607420 29f719a5c0fee969d968753bdd17d92d

mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 450090 9e8b0b237b372fb9564367513b5f6ffb
Size/MD5 checksum: 204034 9bb1b622aa462a4db4e2f1472a507bd0
Size/MD5 checksum: 611794 1d9e8fec47f7a68b64d57c4d67a8dfa9
Size/MD5 checksum: 1155814 6dd48f5c93110588df75719fe1da4d99
Size/MD5 checksum: 277060 ed80ff11b8463272c89d70efa295b8bb

mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 276744 b6b3ccdfa730e35c4feda7a0787ece43
Size/MD5 checksum: 1134448 4a3265f360fafa7454e5377091efff7d
Size/MD5 checksum: 608204 255d5a1d3e84c596ba4f5cf9debfb8a6
Size/MD5 checksum: 203572 c06441ed377c6e1c4baf8c73bdfc4baf
Size/MD5 checksum: 447520 dd41ed0007cb4e3385746f0e289532a4

powerpc architecture (PowerPC)
Size/MD5 checksum: 487814 01f1da9942a0e77ac35d39566a22771a
Size/MD5 checksum: 218270 62e9e476659217bb4028bd9a87b19047
Size/MD5 checksum: 1134278 4f8242f3dae43f6f9211857739775b01
Size/MD5 checksum: 305018 b91fd4b4f92b83f70c9e7d6c578d3353
Size/MD5 checksum: 578388 ccb884fa2239186f1e71f6dc07c409fc

s390 architecture (IBM S/390)
Size/MD5 checksum: 566204 e62bf4f8d31b18a1b8c8342e19bc3ad2
Size/MD5 checksum: 289806 e51ed7c4ff9f68882f4a15fcdca96071
Size/MD5 checksum: 1130046 a1ac3b9c196f7e75bc289a3b22f493d2
Size/MD5 checksum: 216206 1ce8f67ca2b9f739394f10724f420923
Size/MD5 checksum: 495762 5455f27aaaeba4f915c926a30cab67b7

sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 275976 36ce4af3d5cc465dbde5f5a2aae79412
Size/MD5 checksum: 209024 fa624b91e2aaace19fd3e8811c58db93
Size/MD5 checksum: 555742 73d68d4ca103be6606211447453d7c1f
Size/MD5 checksum: 437112 afcefdffc5735c5e3c7560e18b0cf993
Size/MD5 checksum: 1021176 0736c346230146549d5871a4572bec13

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.9 (GNU/Linux)


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Friday, February 27, 2009

Innovation shines at TechFest; CCNA Wireless Home Lab: What should I buy?

Network World logo

Daily News PM Alert | LANs & WANs Research Center | Update Your Profile

Sponsored by HP

HP Everything you need to know about servers
Visit the Masters of Enterprise Servers microsite to expand your server knowledge by reading the latest industry news and downloading from our collection of IDC white papers, webcasts, and more. This resource center is updated daily with the latest server news, acquisitions and contains a weekly blog from Deni Connor.


Spotlight Story

Innovation shines at TechFest
By Nancy Gohring
Hundreds of researchers from Microsoft's worldwide labs in China, England, India and the United States gather at the company's headquarters in Redmond to exchange ideas with colleagues, show off their latest innovations, and shine a light into the future of computing. Here we'll take a sneak peak at some of the hottest work from Microsoft's research labs around the world. View slideshow

Related News:

News podcast: Network World 360
For the ninth year in a row identity theft - particularly in Arizona and California -- was the number one consumer complaint filed with the Federal Trade Commission in 2008. Also, a study of 57 Web site hacks from last year showed that 24% were aimed at defacing a site rather than financial gain. (5:58)

CCNA Wireless Home Lab: What should I buy?
Carroll: In this post I’ve been asked to discuss what equipment you could use to perform CCNA Wireless lab exercises. The following list will allow you to perform all the tasks discussed in the CCNA Wireless outline with only a few exceptions.

Tech crime blotter: February's top 15 stories
A look back at the month’s biggest technology stories involving alleged and actual crimes, including Microsoft putting a bounty on the head of the Conficker worm authors and...

Most Oracle database shops don't mandate security patch use
A continuing lack of corporate mandates to quickly install Oracle's security patches may be leaving many Oracle database installations exposed to vulnerabilities for extended periods of time, according to survey results released on Wednesday.

WiMAX equipment market growing, but vendors’ commitment to be tested
The market for WiMAX equipment and devices grew to $275 million worldwide in 2008, according to a new study by Infonetics Research.

Cebit sees sharp decline in vendors
Europe's largest IT fair, Cebit, will see its lowest number of exhibitors in a decade as companies slash marketing expenditures due to the global recession.

5 Facebook Scams: Protect Your Profile
Beny Rubinstein knows computer security. An employee of a Seattle-area tech giant with 20 years of IT experience under his belt, Rubinstein has seen a side of the industry that most people will never know. He holds a degree in computer engineering, and - oh yeah - he just got scammed out of $1100 on Facebook.

Best of the Tests 2009
Best of the Tests 2009Out of the more than 150 products tested, a baker's dozen rise to the top of the list.

Fave Raves
2009 Fave RavesSix readers dish on their must-have network products, from desktop systems to wireless access points.

Sponsored by HP

HP Everything you need to know about servers
Visit the Masters of Enterprise Servers microsite to expand your server knowledge by reading the latest industry news and downloading from our collection of IDC white papers, webcasts, and more. This resource center is updated daily with the latest server news, acquisitions and contains a weekly blog from Deni Connor.


Preparing for the Next Cyber Attack.
Ensure you are up-to-speed on the latest security technologies available to keep your network safe. Get a thorough assessment of the corporate security threat landscape. Protect your network with data leakage protection, NAC and other technologies.
Download this Executive Guide now.

Webcast: Data center server selection.
Forrester Research's Brad Day helps IT professionals refine their server selection criteria in this informative Webcast, "Beyond Systems Performance." Ensure you will make the right decision for your next-generation data center. Get Day's tips on creating a cost-efficient environment that delivers the performance and long-term resiliency you require.
Watch this Webcast now.



Today's most-read stories:

  1. Verizon Wireless takes aim at pesky 'Rabbit'
  2. Best Mac mod ever
  3. Cisco unleashes a dozen security updates
  4. Commerce chief faces five Internet emergencies
  5. $100 PS3 price drop coming by June 'at the latest'
  6. Turning 5,000 discarded cell phones into art
  7. Economic downturn not taking the fight out of Microsoft
  8. The 25 most dangerous cities for offshore outsourcing
  9. 40% of geeks surveyed really work fewer than ... say what?
  10. Obama's broadband stimulus: Will wireless fit the bill?
  11. Microsoft TechFest: Commute UX dialog system for in-car infotainment

Network World on Twitter: Get our tweets and stay plugged in to networking news

A Simplified Data Center - Live March 12
Contain costs and improve efficiency and reliability by simplifying your data center architecture. On March 12, data center design and implementation experts share in-depth advice on new approaches and examples of deployments - including price, performance and savings.
Register today for this Live Webcast.

IT Buyers guide


This email was sent to

Complimentary Subscriptions Available
for newsletter subscribers. Receive 50 issues
of Network World Magazines, in print or
electronic format, free of charge, Apply here.

Terms of Service/Privacy


Subscription Services Update your profile
To subscribe or unsubscribe to any Network
World newsletter, change your e-mail
address or contact us, click here.


Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701
Copyright Network World, Inc., 2009



Security Management Weekly - February 27, 2009


  Learn more! ->   sm professional  

February 27, 2009
  1. " Now You Can Track Colleagues and Students on Your Laptop" Carnegie Mellon Researchers Looking Into Ways Tracking Services Like Google Latitude Can be Used on Campuses
  2. " TMI Safety Questioned" Pennsylvania
  3. " SEC, FTC Investigating Heartland After Data Theft"
  4. " New Visa Cards Come With Hefty Price for Retailers" Canada
  5. " More Than Half of Booted Workers Steal Data on Way Out, Survey Finds" Ponemon Institute

  6. " Report: More Agents Needed to Secure Mass Transit" DHS Inspector General Says 102 Additional Inspectors Not Enough to Protect Rail And Mass Transit From Terrorists
  7. " Recession, Bailout, Stimulus: US Security Threats"
  8. " Napolitano Cites Mexican Drug Cartels as Major Threat"
  9. " Crisis Sharpens Scrutiny of Security Spending"
  10. " Taliban Extend Cease Fire in Pakistani Valley"

  11. " New Version of Malicious Computer Program Is Released"
  12. " The Tigger Trojan: Icky, Sticky Stuff"
  13. " Survey: Security Is CIOs' Top Challenge" Grant Thornton Also Finds IT Infrastructure and IT Management are Major Concerns
  14. " Cybersecurity Chiefs Unveil Plan to Lock Out Intruders" A Dozen Security Experts Publish List of Steps Federal Agencies and Contractors Must Take to Protect IT Networks
  15. " Guidelines Released for Secure Use of Digital Signatures, Hashing"



"Now You Can Track Colleagues and Students on Your Laptop"
Chronicle of Higher Education (02/27/09) Vol. 55, No. 25, P. A15 ; Young, Jeffrey R.

Researchers such as Carnegie Mellon University professor Norman M. Sadeh are exploring the possible campus applications of new location-tracking services, whose adoption depends on whether scholars are willing to accept a certain degree of privacy infringement. Google's recently announced Latitude service utilizes information from the user's cell phone or laptop Internet connection to zero in on the user's location and allow them to share it with friends. Meanwhile, Sadeh's Locaccino system has various settings that allow users to control when they can be tracked, as well as access a list of every moment when another system user saw their location. For professors, the killer location-tracking application could be during academic conferences, which could enhance dialog and engagement between colleagues. Such tools also carry an appeal for students, who like to know who is in close proximity and are less conservative than their professors when it comes to privacy. The technology could be used by parents to determine whether their kids are showing up to class on time, assuming students permit such monitoring. Still, the takeup of location-tracking services on campuses is expected to be slow because the technology's advantages are less obvious, while its disadvantages are apparent. Nevertheless, a new Educause study lists location tagging as one of the leading technology trends to keep an eye on in the next several years.
(go to web site)

"TMI Safety Questioned"
Chambersburg Public Opinion (Pa.) (02/25/09)

Residents near the Three Mile Island nuclear plant are questioning whether it is safe and secure as federal officials decide whether to renew the license for the nuclear plant. The U.S. Nuclear Regulatory Commission is gathering public comment on a draft report that is part of the relicensing process for TMI's Unit 1. The unit is the only one that has operated at TMI since Unit 2 was crippled in the 1979 meltdown. TMI owner Exelon Nuclear is seeking a 20-year extension of its license for Unit 1. A public meeting was held on Feb. 24 as part of the relicensing process. One resident urged the NRC to require more security measures to guard against a terrorist attack or an accidental plane crash from nearby Harrisburg International Airport, while Scott Portzline of the citizen watchdog group Three Mile Island Alert questioned if the plant is safe from an earthquake or a water-bound attack through the Susquehanna River. An NRC official said the plant is solid and subject to regular security evaluations. NRC projects branch chief Ronald Bellamy said TMI's shell is not the only structure protecting the facility from aircraft. He said there are more physical impediments inside that would provide extra protection. Exelon spokesman Ralph DeSantis said the plant has made $17 million in security upgrades since 2001, and is in the process of spending another $5 million. The upgrades include barriers, surveillance equipment and razor-wire fencing. The plant has also roughly doubled the size of its heavily armed security force, he said. "Security experts call Three Mile Island a hardened facility," DeSantis said.
(go to web site)

"SEC, FTC Investigating Heartland After Data Theft"
IDG News Service (02/25/09) ; McMillan, Robert

The massive data breach of Heartland Payment Systems has prompted inquiries from the U.S. Federal Trade Commission (FTC) and the Securities and Exchange Commission and an investigation from the Treasury Department's Office of the Comptroller of the Currency (OCC). Gartner analyst Avivah Litan says the OCC's interest may stem from the Heartland breach implying a larger overarching problem for the banking industry. "I think that the criminal gang that targeted Heartland is targeting multiple payment processors and it's a serious threat to the integrity of the payment systems," she warns. A FTC probe into data breaches is normal, as is its assertion of authority to seek penalties or consumer reparation following such breaches. The Open Security Foundation's David Shettler says government inquiries will help Heartland's business partners and customers find answers to "a lot of unanswered questions," noting that "bankers around the country are getting frustrated because they're having to incur the costs of reissuing these cards, and they're not getting a lot of information."
(go to web site)

"New Visa Cards Come With Hefty Price for Retailers"
Canadian Press (02/25/09)

Visa and MasterCard are rolling out new chip-and-PIN credit cards that could be expensive for small Canadian merchants, as one of the terms of acceptance is upgrading to expensive chip-reading terminals or compatible processing systems. Retailers who have not upgraded will be responsible for fraudulent transactions made through swipe technology after October 2010. "The move to chip is part of Visa's ongoing commitment to providing secure payment products and services," says Visa Canada's Mike Bradley. Bradley says the transition to chip-and-PIN systems will save merchants money in the long term, as the technology shields retailers from fraud, lowers the costs of operational paperwork, and saves time during transactions. About 225,000 retailers—over one-third of Visa's base—were accepting chip cards as of 2008, and Bradley projects that 14 million cards will be in circulation by the end of 2009.
(go to web site)

"More Than Half of Booted Workers Steal Data on Way Out, Survey Finds"
Network World (02/23/09) ; Messmer, Ellen

Nearly 60 percent of 945 people who left their jobs in the past 12 months stole sensitive data from their former employers, reveals a new Ponemon Institute survey. The survey found that 67 percent used this data, which was typically contained in emails and hardcopy files, to get a new job. In addition to asking employees how they used the data they stole, the survey also asked them how they managed to get the information out of their company's offices. The survey found that the theft of company information was typically carried out by simply walking out with paper documents, transferring data onto a CD or portable data storage device, or by sending documents as an attachment to a personal email account. The survey also found that employees often continued to have access to company data even after they quit or were fired. Nearly a quarter of the employees surveyed said they still had access to their former employer's computer systems after they left. About half of these employees said they still had access between one day and one week after leaving their companies, while 20 percent continued to have access after more than a week.
(go to web site)

"Report: More Agents Needed to Secure Mass Transit"
Associated Press (02/27/09) ; Sullivan, Eileen

The Homeland Security Department's inspector general will release a report on Friday that says that the Transportation Security Administration's request for an additional 102 inspectors to ensure rail and mass transit employees are doing enough to protect against terrorist attacks is insufficient to get the job done. The report also noted that the TSA has just 175 inspectors who are assigned to assess transportation security for bus and mass transit systems, compared with 1,350 safety inspectors at the Transportation Department and 1,000 inspectors at the Coast Guard. In addition, the report noted that many of these inspectors were hired without having any experience with mass transit systems and that they will soon have to take on additional responsibilities, including enforcing regulations and monitoring grants. Finally, the report faulted the TSA for having rail, transit, and highway safety inspectors report to aviation security supervisors. House Homeland Security Committee Chairman Rep. Bennie Thompson (D-Miss.) noted that the report raises serious concerns, though he added that he was confident President Obama and Homeland Security Secretary Janet Napolitano would work to ensure that the TSA has enough inspectors.
(go to web site)

"Recession, Bailout, Stimulus: US Security Threats"
Associated Press (02/26/09) ; Apuzzo, Matt; Sullivan, Eileen

The economic turmoil that is sweeping the globe could create a number of security problems for the U.S., experts say. For instance, analysts say that terrorists or countries could take advantage of the uncertainty on Wall Street by setting up several overseas hedge funds and dumping U.S. stocks, either by short-selling a major financial index or by selling the stocks of important U.S. companies. Such an attack would begin slowly and pick up speed over several hours, and would result in panic and confusion in the market. James Rickards, a financial consultant at the McLean, Va.-based research firm Omnis Inc., noted that the U.S. is particularly vulnerable to such an attack now because the shaky banking industry is unable to jump in and prop up the markets the way it did after the September 11, 2001 attacks. Other threats could come in the form of growing extremism and anger at the U.S., which is seen as being responsible for the global economic problems, said Director of National Intelligence Dennis Blair.
(go to web site)

"Napolitano Cites Mexican Drug Cartels as Major Threat"
Washington Post (02/26/09) P. A4 ; Hsu, Spencer S.

Homeland Security Secretary Janet Napolitano has told Congress that assisting the Mexican government in the fight against drug cartels must be a top priority for the United States. Testifying before the House Homeland Security Committee, Napolitano outlined new steps designed to prevent drug-related violence from bleeding over into the U.S. She said the measures were inspired by Mexico's tough crackdown on narco-traffickers, which has generated violence "of a different degree and level than we've ever seen before. It is something that deserves our utmost attention right now." Napolitano has consulted with Attorney General Eric H. Holder Jr., national security adviser James L. Jones and local and state law enforcement officials on ways to provide assistance to Mexican law enforcement; to stem the flow of guns, assault rifles and cash from the United States into Mexico; and pinpoint areas in which more resources might be needed.
(go to web site)

"Crisis Sharpens Scrutiny of Security Spending"
Reuters (02/25/09) ; Maclean, William

Security experts predict governments around the world will start delivering more streamlined and cost-effective homeland security amid deepening economic uncertainty. Former senior U.S. Central Intelligence Agency official Henry Crumpton believes governments will continue to spend on security technology, but instead of investing millions of dollars in expensive gadgetry, they will look for more cost-efficient ways of shoring up security. "People often think there's a need for pervasive Orwellian surveillance, but in fact networks built on trust can provide the effective intelligence require," Crumpton says. While counter-terrorism will continue to be an integral part of economic confidence, security specialists are less certain of the need for scale of spending governments have committed to over the last few years. "We must ask ourselves in all seriousness how long we can continue to drain our economies in a futile attempt to secure everyone and everything at all times," says Raphael Perl, chief of the Action Against Terrorism Unit at the Organization for Security and Cooperation in Europe.
(go to web site)

"Taliban Extend Cease Fire in Pakistani Valley" (02/24/09) ; Graham, Stephen

Taliban militants indefinitely extended a cease-fire on Feb. 23 in a northwestern Pakistani valley, granting more time for peace talks that the U.S. worries could create an insurgent haven in the nuclear-armed country. Troops and insurgents have been observing a truce in the Swat valley since Feb. 15, when Pakistani authorities offered to introduce Islamic law in the region if militants lay down their arms. A hard-line cleric is negotiating a possible deal with the militants on behalf of the government. Pakistani officials say the offer to introduce Islamic law in Swat and surrounding areas addresses long-standing demands for speedy justice that have been exploited by the Taliban, which residents say now control much of the region. NATO and the United States have expressed concern that any peace accord could effectively cede the valley to militants who have defied a yearlong military operation, beheaded opponents and bombed girls' schools. Many analysts doubt the Taliban will accept the mild version of Islamic law on offer or that they will loosen their grip on the valley, which lies just 100 miles from the capital, Islamabad. A deal last year collapsed after several months.
(go to web site)

"New Version of Malicious Computer Program Is Released"
New York Times (02/24/09) P. D2 ; Markoff, John

The authors of the Conficker virus, which has infected more than 12 million computers since its release last fall, have released a new version of the malware. Security researchers at SRI International, who recently identified the new version of the software, known as Conficker B++, say the latest version gives the virus new ways to communicate with the authors after it infects a computer. Security groups were recently able to discover how the virus was able to direct infected machines to new Internet addresses where they could get software instructions. However, the new version of the virus does not update computers that have already been infected, which means that it must repeat the process of spreading itself. The release of the new version of Conficker—which, like its predecessor, aims to create a botnet and download code that could be used to steal passwords and send spam to other infected machines—comes on the heels of an offer of a $250,000 reward for any information leading to the arrest of the virus' creators.
(go to web site)

"The Tigger Trojan: Icky, Sticky Stuff"
Washington Post (02/24/09) ; Krebs, Brian

Researchers at the Sterling, Va.-based security intelligence company iDefense spotted the "Tigger.A" trojan in November 2008, but none of their 37 anti-virus solutions picked up on it. By December, AntiVir began detecting the trojan, but its invisibility to other virus detection software allowed the data-stealing trojan to infect more than 250,000 machines in only a few months, according to a data log recovered from a Tigger-infected Web server. The trojan is directed mainly toward customers and employees of stock trading companies, according to iDefense's Michael Ligh. Included on a selective list of prime targets are E-Trade, Scottrade, TD Ameritrade, Options XPress, Vanguard, and ING ShareBuilder. Trojan is the only malware known to exploit the since-patched "privilege escalation" vulnerability in Windows, which allows the hacker to access administrative privileges on a machine. Unlike most information-stealing trojans, Tigger removes other predacious software. "The scary part is, none of us are really sure how Tigger is even being distributed," Ligh says. "I look at a lot at info-stealing malware, and this is the first one I've seen in a while that goes to the trouble of removing other pieces of malware."
(go to web site)

"Survey: Security Is CIOs' Top Challenge"
Federal Computer Week (02/24/09) ; Mosquera, Mary

Information security is the biggest priority and the greatest challenge for federal CIOs, concludes a new Grant Thornton survey. The survey also found that federal CIOs are deeply concerned about IT infrastructure and IT management. Some of the CIOs who participated in the survey said they measured their IT security progress by the number of vulnerabilities they patched, while others said they used a strategic response to enterprise security that required consolidated and standardized IT infrastructure and good IT management. Finally, the survey found that CIOs believe that efforts to correct vulnerabilities are too scattered. Grant Thornton's Paul Wohlleben says this finding underscores the need for the Obama administration to establish a broad, comprehensive government response to ensure that security monitoring and operational activities are performed effectively. A report accompanying the survey also suggested that CIOs use industry best practices—such as having strong leadership to bring about change, demanding results, and verifying results—in order to work toward achieving their goals.
(go to web site)

"Cybersecurity Chiefs Unveil Plan to Lock Out Intruders"
Federal Times (02/23/09) Vol. 45, No. 1, P. 1 ; Carlstrom, Gregg; Eisler, Peter

More than a dozen security experts have introduced a list of 20 steps that they say federal agencies and contractors should take to protect their networks from being attacked. The group recommends that all federal agencies and contractors take basic security precautions such as setting secure configurations, controlling the use of administrative privileges by employees, and closing inactive accounts. The group notes that although these measures are basic rules for cybersecurity, the government often fails to take them, which has resulted in a more than 40 percent increase in the number of cyberattacks on government networks in the past two years. The recommendations also address some of the complaints about the government's current cybersecurity guidance. For example, the recommendations contain actions that agencies can perform immediately to boost the security on their networks, as well as approaches that will help them track compliance in the long term. That will help address the complaint that the government's current cybersecurity strategy is difficult to enforce. The recommendations have been posted on the Web site of the SANS Institute, and will remain there for the next 30 days so the public can comment on them. Additional recommendations could come in the future after federal agencies implement the current 20 guidelines and the group of experts re-evaluates security threats to federal networks.
(go to web site)

"Guidelines Released for Secure Use of Digital Signatures, Hashing"
Government Computer News (02/23/09) ; Jackson, William

The National Institute of Standards and Technology (NIST) has updated its guidelines for proper use of approved hash algorithms. Special Publication 800-107, named "Recommendations for Applications Using Approved Hash Algorithms," lists steps for maintaining optimal security when utilizing algorithms authorized in Federal Information Processing Standards 180-3. NIST also issued Special Publication 800-106, or "Randomized Hashing for Digital Signatures," which explains how to protect digitally signed statements from third-party interference by scrambling the message. "A cryptographic hash function that is not suitable for one application might be suitable for other cryptographic applications that do not require the same security properties," NIST writes in SP 800-107. The special document explains how each approved algorithm has strengths when utilized for different purposes, such as collision resistance, preimage protection, and second preimage resistance.
(go to web site)

Abstracts Copyright © 2009 Information, Inc. Bethesda, MD

  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online