Friday, September 30, 2005

[SECURITY] [DSA 834-1] New prozilla packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 834-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 1st, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : prozilla
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2961

Tavis Ormandy discovered a buffer overflow in prozilla, a
multi-threaded download accelerator, which may be exploited to execute
arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 1.3.6-3woody3.

The stable distribution (sarge) does not contain prozilla packages.

The unstable distribution (sid) does not contain prozilla packages.

We recommend that you upgrade your prozilla package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3.dsc
Size/MD5 checksum: 612 66c3a184d2185a18a2e20b173c6835c7
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3.diff.gz
Size/MD5 checksum: 9891 32d706f874d8c4fba1c1eed7111cd292
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6.orig.tar.gz
Size/MD5 checksum: 152755 65864dfe72f5cb7d7e595ca6f34fc7d7

Alpha architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_alpha.deb
Size/MD5 checksum: 78514 6183e73c5841beee0d8e9cc450a6c702

ARM architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_arm.deb
Size/MD5 checksum: 65506 595b0c25a968731fc39dd9644cccf9ba

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_i386.deb
Size/MD5 checksum: 64514 8c4c382318cb97f659736dc1ea017335

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_ia64.deb
Size/MD5 checksum: 93574 ab60cc2fc3cac11774217fec4fe9da56

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_hppa.deb
Size/MD5 checksum: 74560 a3443807a553e685573f9f34aa2cbe71

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_m68k.deb
Size/MD5 checksum: 61492 e295c8293423298836b5ea829ccd2f18

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_mips.deb
Size/MD5 checksum: 73168 16ebff4a693d9fb1b96c1814045edd22

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_mipsel.deb
Size/MD5 checksum: 73234 85e2da96f32feb26af7600faeac69820

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_powerpc.deb
Size/MD5 checksum: 68628 b95100d9ef36bd36649118b2dee08a0c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_s390.deb
Size/MD5 checksum: 65556 bf4165b94d5a28e591d5fdc10b46d94d

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_sparc.deb
Size/MD5 checksum: 68174 3ff8ca31ef5d0e124a1e8714506a861f

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPjKPW5ql+IAeqTIRAjjjAKCttOHMYIm7abGHMw/qgGVe42yCEACglBP+
CLRej6Sf5AEj1hZvM+mx588=
=kD0Y
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[SECURITY] [DSA 833-1] New mysql-dfsg-4.1 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 833-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 1st, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mysql-dfsg-4.1
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2558
BugTraq ID : 14509

A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field. The ability to create user-defined
functions is not typically granted to untrusted users.

The following vulnerability matrix explains which version of MySQL in
which distribution has this problem fixed:

woody sarge sid
mysql 3.23.49-8.14 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1
mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2
mysql-dfsg-5.0 n/a n/a 5.0.11beta-3

We recommend that you upgrade your mysql-dfsg-4.1 packages.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge2.dsc
Size/MD5 checksum: 1021 ef5b7f754fd69c6ddf96185a9ea99d8c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge2.diff.gz
Size/MD5 checksum: 163217 c22faa82cad1a38568146d03a316b4c3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge2_all.deb
Size/MD5 checksum: 35758 f4c17c57aaed4aba0d06b22391a443ff

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_alpha.deb
Size/MD5 checksum: 1589626 326e06854e8cc7b4df3ca853a8776e6f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_alpha.deb
Size/MD5 checksum: 7963496 4da7672c7e6ce497cc6c2b72c2438c5f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_alpha.deb
Size/MD5 checksum: 1000022 a8edacbc3c87b781c4aae6772c42f2c9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_alpha.deb
Size/MD5 checksum: 17484824 d0e8f9bfebd9c492d0ed336c236050ad

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_amd64.deb
Size/MD5 checksum: 1450438 8e3eca09ae3044bc15d7332a97eaadb3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_amd64.deb
Size/MD5 checksum: 5549144 3b9308fd3c89158b20ae75ab4835d333
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_amd64.deb
Size/MD5 checksum: 848676 0cdc8e7e48e1821fcbab39aee1c6b22b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_amd64.deb
Size/MD5 checksum: 14709814 b602e0bff5fda27efbc2bf52c0b46e32

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_arm.deb
Size/MD5 checksum: 1388184 ba83a61338a7b6198754c22e134bdabd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_arm.deb
Size/MD5 checksum: 5557760 54ac64644fe2897b5c2554f5332bf402
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_arm.deb
Size/MD5 checksum: 835900 a29f9b8bfe41d70e24cb6eef94b43bc9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_arm.deb
Size/MD5 checksum: 14555832 a482f115a2f27abee4ad2a79dfbd6cd1

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_i386.deb
Size/MD5 checksum: 1416570 e49242dae5f45b947a47ea1fe728d128
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_i386.deb
Size/MD5 checksum: 5641688 b3eb7e254df56c09ada9c1fa61fab946
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_i386.deb
Size/MD5 checksum: 829688 f3cdde3f2a6698f394ba0edfdbd29446
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_i386.deb
Size/MD5 checksum: 14556498 45421b845326a2e40a720dc44b64985d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_ia64.deb
Size/MD5 checksum: 1711912 475cfa72891c402d1c948be09e6a98f7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_ia64.deb
Size/MD5 checksum: 7780996 03bd4ba1db9460ef9d9be5b01d880453
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_ia64.deb
Size/MD5 checksum: 1049796 b8253e96506666bc4a3b659994bdd48a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_ia64.deb
Size/MD5 checksum: 18474740 4a483fc2350bda7a6eb2599c7fbf9e0d

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_hppa.deb
Size/MD5 checksum: 1550304 aadb8f7fbda0ef84b8afcf7baf76dffb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_hppa.deb
Size/MD5 checksum: 6249354 21f0e228f658552c1ecb4d05975e3921
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_hppa.deb
Size/MD5 checksum: 909194 235968a78d019efc6be2e1df68fb4cb3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_hppa.deb
Size/MD5 checksum: 15786932 aee2e68c3f7938d0ba7292289f032bda

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_m68k.deb
Size/MD5 checksum: 1396882 3ef005165d935a0089c42b9dca782125
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_m68k.deb
Size/MD5 checksum: 5282906 9becdb0b18c3c42b5211739e9f5f5f46
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_m68k.deb
Size/MD5 checksum: 803022 43eb1fdfe29144e10d1730f1dcc45507
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_m68k.deb
Size/MD5 checksum: 14070110 51c9d88be73414000742c7c2961307a1

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_mips.deb
Size/MD5 checksum: 1477766 fb7a8d1fb9d4607d7172c36032ebcbbb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_mips.deb
Size/MD5 checksum: 6051760 6e97430bc9b02e866e04414e627f9f4c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_mips.deb
Size/MD5 checksum: 903542 f99636d7c17d9b9647c34d3dd3379c2d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_mips.deb
Size/MD5 checksum: 15407442 36eaf9d65e7c4dcaeff920389c6bd890

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_mipsel.deb
Size/MD5 checksum: 1445350 539eadf9ac7e9b384825c944759ec6b4
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_mipsel.deb
Size/MD5 checksum: 5969562 bdf9697878b6a439d079528660a67fbc
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_mipsel.deb
Size/MD5 checksum: 889260 07d1f0071ce62ce433c9c924544fe5fc
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_mipsel.deb
Size/MD5 checksum: 15103284 5be83f139ae6ac41ffad5a2a7a52ce49

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_powerpc.deb
Size/MD5 checksum: 1475432 2fc2f711fd16172952db58a59c17f9cb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_powerpc.deb
Size/MD5 checksum: 6025146 f230533abfce5f92e7ee95d0966ea984
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_powerpc.deb
Size/MD5 checksum: 906432 d566b964257453976d7c36e309b705de
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_powerpc.deb
Size/MD5 checksum: 15402508 dc78398b45128bc2d2f6881427ff044d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_s390.deb
Size/MD5 checksum: 1537572 fc84f1f6e3f72bf3e62ae6d09fd29ed5
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_s390.deb
Size/MD5 checksum: 5460800 94db267d9e373a8490a0067257ae14a4
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_s390.deb
Size/MD5 checksum: 883408 9f613cb6264d5fd7da0c216301e34af1
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_s390.deb
Size/MD5 checksum: 15053922 3d90c52ba65c7550da1558bb7d5ab346

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_sparc.deb
Size/MD5 checksum: 1459496 478640727168f01c3832f53ada90b8d9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_sparc.deb
Size/MD5 checksum: 6205444 427316f73787f388a361c76124e59cb5
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_sparc.deb
Size/MD5 checksum: 867394 9e2217f00d72fa652b5e45fae5829eb8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_sparc.deb
Size/MD5 checksum: 15390434 e79df4002a1dfb61f2253030e8cb1033

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPiEoW5ql+IAeqTIRAl2AAJ42+ox3ZvYLrxf7+o89BeG4RDYk/ACgrvXu
0RUppTfZcSGpQzYWiiFxfmE=
=t2xX
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

UWB: It's Not Just for the U.S. Anymore

All newsletters are sent from the domain "internet.com." Please use this domain name (not the entire "from" address, which varies) when configuring e-mail or spam filter rules, if you use them.


Search
Search internet.com
News Reviews Insights Tutorials WiMax VoIP HotSpots Forums Events Research Products Glossary About




Subscribe Now!
Wi-Fi Planet.com's Daily Newsletter
html * text
More Free Newsletters


Wi-Fi Glossary
Find a Wi-Fi Term


Find a Hotspot
by city
by State

Wi-Fi® is a registered certification mark of the Wi-Fi Alliance

internet.com
wireless channel
internet.com wireless channel
Wi-Fi Planet
HotSpotList.com
Palm Boulevard
PDAStreet
PocketPCcity
PocketPCWire
PracticallyNetworked.com
Psion Place
RIM Road
Ultrawideband Planet
Visor Village
WirelessAdWatch
Events
Research


internet.com
Developer
Downloads
International
Internet Lists
Internet News
Internet Resources
IT
Linux/Open Source
Personal Technology
Small Business
Windows Technology
xSP Resources

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers




Wi-FiPlanet News
NEW!   UWB: It's Not Just for the U.S. Anymore
[September 30, 2005]   News from Japan, where the Wireless USB developers have a conference and the government is laying the groundwork to allow UWB.

NEW!   Katrina May Blow Broadcasters Out of Analog
[September 30, 2005]   Lawmakers say additional spectrum key to creating interoperability for first responders.

NEW!   Wi-Fi Product Watch
[September 30, 2005]   The latest updates and new products in wireless networking: Persona updates FMC software; Siemens buys Garderos; AuraOne and 5G Wireless offer different kinds of extenders; and more.

NEW!   Hotspot Hits
[September 30, 2005]   The latest in public access Wi-Fi: Century City Doctors Hosptial provides patient Wi-Fi; Boingo available to Tatara customers; NY State to get major wireless network; and more.

NEW!   Meru Launches Alliance for VoWi-Fi
[September 28, 2005]   The Wi-Fi infrastructure equipment maker's new program includes interoperability testing and co-marketing efforts for partners in the "VoIP ecosystem."

More News >>

Xirrus has developed the next generation in high-performance enterprise
Wi-Fi networking equipment.
At the heart of the Xirrus solution is the
Wireless LAN Array - combining a wireless LAN switch and up to 16
Integrated Access Points to deliver 864Mbps of Wi-Fi bandwidth over
a large coverage area. This revolutionary approach simplifies the
deployment and management of Wi-Fi networks while maximizing the
amount of bandwidth available for users. Download a free White Paper
or learn more about our new Evaluation Program - Try it FREE - Buy
it for LESS.
Click Here

Interested in placing your TEXT AD HERE? Click Here

Wi-FiPlanet Insights
NEW!   Air Force Adds Wi-Fi to Arsenal
[September 29, 2005]   WLANs are replacing the paper that flight technicians and engineers previously relied on to support our flying military.

NEW!   NYC GUARD Project Boosts Pre-WiMax Promoters
[September 28, 2005]   Cranite will be locking down the NYC GUARD project, which could become a template for how cities use wireless broadband.

Senator, That's Not The Issue
[September 23, 2005]  WISPs eager to use the 700 MHz band will be disappointed to hear that Senator McCain's proposed spectrum law is just politics as usual.

The Hotel Internet Access Nightmare
[September 21, 2005]   Not enough hotels catering to business travelers treat Internet access as the critical service it is, columnist George Spafford writes.

More Insights >>

Wi-FiPlanet Reviews
NEW!   Iogear Bluetooth USB/Parallel Wireless Printing Kit
[September 29, 2005]  The kit includes everything you need to make any printer a wireless printer. While we hit a few connection snags, some small office / home office users will find this an ideal way to unwire their printer.

NEW!   TRENDnet 802.11g Wireless USB 2.0 Adapter with HotSpot Detector (All-in-1)
[September 26, 2005]   Why limit your USB adapter to simply connecting you to a network? This product will give you info on networks before you even boot up the laptop.

Wireless Network Ignition 2.0
[September 16, 2005]   Though far from perfect, this WLAN configuration software could do the trick to help those with the right setup and needs.

Sony Vaio T350P
[September 2, 2005]  It's no surprise that Sony's new mini notebook can go online at 802.11 hotspots -- but also does so without WiFi, tapping Cingular's EDGE network.

More Reviews >>

Ekahau, Inc. provides the most accurate positioning software
for WiFi networks. The Ekahau Positioning Engine(TM) allows
positioning of 802.11 wireless client devices, such as PDAs
and laptops, with an impressive accuracy of 3 ft on average.
Ekahau's cost effective positioning solution can be utilized in
various industries like retail, warehouses, logistics, healthcare,
museums and public events. Check us at: http://www.ekahau.com

Interested in placing your TEXT AD HERE? Click Here

Wi-FiPlanet Tutorials
NEW!   WPA-PSK: Step-by-Step
[September 30, 2005]   Not sure how to implement security on your home or small office network? Here's instructions to get you secured.

NEW!   Deciphering the Latest Wireless Acronyms
[September 29, 2005]   Stumped by acronyms such as WPA2 and WMM? You're not alone. We define these new terms and, more importantly, explain why you need to care about them.

WiMax/802.16 Revealed
[September 21, 2005]   A look at the various standards behind WiMax, fixed and mobile, and where WiMax might be heading in the future.

More Tutorials >>



JupiterWeb networks:

internet.comearthweb.comDevx.comGraphics.com

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
JupiterImages, JupiterWeb and JupiterResearch

Copyright 2005 Jupitermedia Corporation All Rights Reserved.
Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | Shopping | E-mail Offers

Business Resources From Business.com
» Computer Networking

» Fixed Wireless Network Equipment

» Access Points

» Wireless Telecommunications Equipment and Supplies

» Bluetooth Wireless Telecommunications

Destructive power of mobile viruses could rise fast

All the week's news and views about Security, 09/30/05
_______________________________________________________________
This newsletter is sponsored by Xerox

Need to reduce operating costs, get quicker ROI, and increase
productivity? Learn about how "The Efficient Office" shares IT
business strategies for achieving maximum results from document
management tools. Also, discover the four efficient-office
constituencies and how their differing needs must be considered
to deploy an effective solution in any organization.
http://www.fattail.com/redir/redirect.asp?CID=115908
_______________________________________________________________
This newsletter is sponsored by Trend Micro

The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=115830
_______________________________________________________________

Network World's Security News Alert

Destructive power of mobile viruses could rise fast, 09/28/05

The dream of a connected world where PCs and mobile phones can
communicate with the digital home and other devices is supposed
to make life easier. But it could instead make life far more
dangerous if malware developers have their way.
<http://www.networkworld.com/nlsecuritynewsal7910>

Microsoft gets hacker feedback on IE7 Beta 2, 09/29/05

Microsoft showed off the preliminary work it has done on the
second beta version of its popular Internet Explorer, Version 7,
at the Hack in the Box Security Conference in Kuala Lumpur,
Malaysia, and came away with some good feedback, managers at the
company said Thursday.
<http://www.networkworld.com/nlsecuritynewsal7911>

World soccer body warns of phishing scam, 09/28/05

The world's governing soccer body, Fédération Internationale de
Football Association (FIFA), is warning fans and others that its
name is being abused in a global phishing scam.
<http://www.networkworld.com/nlsecuritynewsal7912>

Novell server hacked, 09/28/05

A company server that some workers at Novell apparently used for
gaming purposes was hacked into and then used to scan for
vulnerable ports on potentially millions of computers worldwide,
according to an Internet security consultant.
<http://www.networkworld.com/nlsecuritynewsal7913>

GAO report knocks FAA info security efforts, 09/29/05

The U.S. Federal Aviation Administration lacks security controls
for its IT networks and in some cases hasn't installed software
patches that are several years old, according to a report made
public Monday by the U.S. Government Accountability Office.
<http://www.networkworld.com/nlsecuritynewsal7914>

Via offers $5,000 reward to break its StrongBox, 09/28/05

Taiwanese microprocessor vendor Via Technologies is offering a
$5,000 prize to the hacker that can break its StrongBox security
application during a hacking contest at the Hack in the Box
Security Conference being held in Kuala Lumpur, Malaysia, this
week.
<http://www.networkworld.com/nlsecuritynewsal7915>

F-Secure integrates anti-spyware into new releases, 09/28/05

F-Secure Tuesday announced the launch of F-Secure Internet
Security 2006, consumer-oriented software that can also manage
Internet use by children.
<http://www.networkworld.com/nlsecuritynewsal7916>

New service authenticates campaign sites, 09/28/05

New technology designed to ensure that the political campaign
Web pages you visit are what they claim to be is being
implemented in at least two states.
<http://www.networkworld.com/nlsecuritynewsal7917>

The top 5: Today's most-read stories

1. How to solve Windows system crashes in minutes
<http://www.networkworld.com/nlsecuritynewsal7602>
2. IPTV will trip up Bells, analysts say
<http://www.networkworld.com/nlsecuritynewsal7918>
3. McAfee, Omniquad top anti-spyware test
<http://www.networkworld.com/nlsecuritynewsal6949>
4. Skype: Hazardous to network health?
<http://www.networkworld.com/nlsecuritynewsal7851>
5. The rise of the IT architect
<http://www.networkworld.com/nlsecuritynewsal7052>

_______________________________________________________________
To contact:

Senior Editor Ellen Messmer covers security for Network World.
Contact her at <mailto:emessmer@nww.com>.
_______________________________________________________________
This newsletter is sponsored by Xerox

Need to reduce operating costs, get quicker ROI, and increase
productivity? Learn about how "The Efficient Office" shares IT
business strategies for achieving maximum results from document
management tools. Also, discover the four efficient-office
constituencies and how their differing needs must be considered
to deploy an effective solution in any organization.
http://www.fattail.com/redir/redirect.asp?CID=115907
_______________________________________________________________
ARCHIVE LINKS

Security research center
Latest security news, analysis, newsletters and resource links.
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE

The Trend Micro Threat Map

The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.

<http://www.networkworld.com/go/trendmicro/trend_frr>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Espion automates e-mail encryption

All the week's news and views about fighting spam, 09/30/05
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise

Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=115973
_______________________________________________________________
REVISTING SPYWARE

Spyware can kill your business quicker than spam or viruses.
Spyware insidiously logs your keystrokes, rifles through your
files for password and credit card data, peppers your screen
with ads and slows your PCs to a crawl. So how do you stop it?
Network World reviews 16 spyware stopping products. Click here:

http://www.fattail.com/redir/redirect.asp?CID=115651
_______________________________________________________________

Network World's Anti-spam News Alert

Espion automates e-mail encryption, 09/27/05

E-mail security vendor Espion International recently released a
dual-key system for encrypting e-mail that works with the
company's gateway appliance or as a stand-alone appliance.
<http://www.networkworld.com/news/2005/092705-espion.html?nl>

Vendor pumps up anti-virus, anti-spam, 09/26/05

Proofpoint is planning an upgrade to its e-mail security
platform that includes a new anti-virus module and enhancements
to its anti-spam filtering techniques.

<http://www.networkworld.com/news/2005/092605-proofpoint.html?nl>

The top 5: Today's most-read stories

1. How to solve Windows system crashes in minutes
<http://www.networkworld.com/nlantispamnewsal7923>
2. IPTV will trip up Bells, analysts say
<http://www.networkworld.com/nlantispamnewsal7924>
3. McAfee, Omniquad top anti-spyware test
<http://www.networkworld.com/nlantispamnewsal7154>
4. Skype: Hazardous to network health?
<http://www.networkworld.com/nlantispamnewsal7925>
5. The rise of the IT architect
<http://www.networkworld.com/nlantispamnewsal7155>

_______________________________________________________________
To contact:

Contact Online News Editor Jeff Caruso at
<mailto:jcaruso@nww.com>
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise

Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=115972
_______________________________________________________________
ARCHIVE LINKS

Spam/Phishing news page
Latest anti-spam news, analysis and newsletters
http://www.networkworld.com/topics/spam.html
_______________________________________________________________
FEATURED READER RESOURCE

The Trend Micro Threat Map

The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.

<http://www.networkworld.com/go/trendmicro/trend_frr>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Security Management Weekly - September 30, 2005

header

  Learn more! ->   sm professional  

September 30, 2005
 
 
CORPORATE SECURITY  
  1. " Local Retailers Get Tips for Stopping Thieves" Lessons Learned From Retail Theft Ring in Virginia
  2. " China a 'Central' Spying Threat" China Is Spying on U.S. Businesses, Intelligence Official Says
  3. " New Trackers Help Truckers Foil Hijackings" High-Tech Tracking Devices Combat Cargo Theft
  4. " Real Estate Firms Need Solid Disaster Recovery Plan"
  5. " Sarbox: Year 2" Complying With Sarbanes-Oxley Act in Year 2 of Its Enforcement Will Not Get Any Easier
  6. " How Not to Look Like a Phish" Steps Companies Can Take to Avert 'Phishing' Scams

HOMELAND SECURITY   sponsored by  
  7. " Houston Has 'Better Plan' Than Most Cities" U.S. Cities' Ability to Evacuate Comes Under Scrutiny After Recent Hurricanes
  8. " U.S. Sends Dogs Into Subways, But New York Declines Offer" DHS to Provide Bomb-Sniffing Dogs for Transit Systems in 10 Cities
  9. " Registered Traveler Test Is Ending Inconclusively" TSA's Test of Airport Security Program Will End This Week
  10. " Woman Suicide Bomber Marks Possible New Insurgent Tactic in Iraq"
  11. " Talking in the Dark" Wi-Fi Mesh Offers a Self-Correcting Communication System Capable of Surviving Hurricanes and Other Disasters
  12. " Advancing Airport Security" The Trend in Airport Security Technology Moves Toward Integrated Systems

CYBER SECURITY  
  13. " Brazilians Blazing Trails With Internet Technology" Some of the World's Most Sophisticated Hackers Live in Brazil
  14. " Lawmaker Doesn't Rule Out Cybersecurity Regulation" Government and Private Sector Not Giving Cybersecurity Enough Attention, Congressman Says
  15. " Bring on the Security Gateway" Some of the Most Severe Threats Emerge From Within a Firewall


   







 

"Local Retailers Get Tips for Stopping Thieves"
Hampton Roads News (09/28/05) ; Shapiro, Carolyn

Earlier this year, authorities in Hampton Roads, Va., broke up a retail theft ring that stole an estimated $1 million in merchandise. The ring was composed of local, independent truck drivers who worked under contract for a Virginia transport company. The truck drivers diverted merchandise that was bound for stores like Wal-Mart and Kmart and sold it themselves, with some of the merchandise sold on eBay. The stolen goods included men's suits, tools, chain saws, and pool supplies. Sgt. Bruce Razey of the Virginia Beach Police Department said that the retailers that lost merchandise to the trucker ring could have reduced their losses with stronger oversight of their employees. For example, the retail stores' receiver employees, who received deliveries of merchandise from the truckers, were lulled into a false sense of security by the friendly nature of the drivers. The drivers became friendly with the receivers and earned their trust so that in many instances the receivers simply signed off on the truck deliveries without bothering to check that all the merchandise had arrived. Many of the retailers were completely unaware that their merchandise was being stolen until they were approached by law enforcement.
(go to web site)

"China a 'Central' Spying Threat"
Washington Times (09/29/05) ; Gertz, Bill

China is engaging in a broad espionage effort to procure U.S. technology, and this threat includes the targeting of private businesses, businessmen, and scientists, according to Michelle Van Cleave, one of the top U.S. counterintelligence officials. The spying poses the most severe threat to sensitive national security technology secrets, but private-sector spies are also a problem. The Chinese spies use a number of simple methods to acquire information, including by sending spies to visit U.S. businesses, private defense contractors, and national laboratories. The methods also include telephone solicitations, in-person requests, email, and facsimile. The Chinese agents are "adept at exploiting front companies" and are "very aggressive" in business and at eliciting information, Van Cleave said. Chinese students, scientists, and other specialists in the United States are also providing the Chinese government with information.
(go to web site)

"New Trackers Help Truckers Foil Hijackings"
Wall Street Journal (09/29/05) P. B1 ; DeWeese, Chelsea

Shippers and trucking companies are combating a steep rise in cargo theft by planting high-tech tracking devices inside crates and vehicles. This new breed of tracking devices allows companies and law enforcement agents to remotely monitor the whereabouts of valuable cargo while the cargo is being transported on trucks and even after it is unloaded. Cargo theft is often an inside job, and opportunistic insiders can easily thwart the more traditional satellite-based tracking systems that have been used to track trucks. The retail industry loses up to $15 billion per year due to the theft of semitrailer trucks and their cargo in the United States, and hundreds of semitrailers are stolen each day. Rep. Cliff Stearns (R-Fla.) says that officials are concerned that the profits from some cargo thefts are being used to finance Middle East terrorist groups. Stearns introduced a bill that would strengthen the penalties for cargo theft and create a law enforcement reporting system for cargo theft incidents. In February of this year, FBI agents used tracking devices to break up an inside-job retail theft ring that targeted the route between Memphis and Chicago. During that bust, FBI agents viewing computer monitors were able to track the progress of a semitrailer carrying DVDs, and as the truck stopped to allow the thieves to unload cargo, plainclothes officers moved in to arrest the culprits, including the truck driver, a warehouse employee, and two deputy jailers from a local police department.
(go to web site)

"Real Estate Firms Need Solid Disaster Recovery Plan"
Banker & Tradesman (09/19/05) ; Ferrara, Matthew

Hurricane Katrina taught many businesses that disaster recovery plans for their operations and their technology are necessary to survive when catastrophes strike. The three main areas to incorporate into these plans are communications, data, and hardware and whether these elements can be protected or replaced quickly. Hardware is easy to replace during a small scale disaster; but larger disasters, like hurricanes, can wipe out local supplies of computers, laptops, digital cameras, and other equipment--which is why realty agents and others should have old or relatively new equipment on hand. Moreover, backup generators are helpful to provide power to systems when power is out for a long period of time, and are better than battery backups that only last a few hours. Data restoration is easier if backup copies of data are made on a regular basis and kept offsite, and offices need to place certain people in charge of backing up the data and they should be trained as to when and how it should be done properly. Finally, communications should be operational at all times in one form or another in order to keep workers abreast of what is going on with the firm and what they should be doing. Communications strategies should take into account that operations may be interrupted and for a significant period of time, so workers should be trained on how to contact one another and their clients. Staff can use email, phones, cell phones, text messaging, and other forms of communication to check with clients and supervisors as well as maintaining the flow of data from offsite locations.
(go to web site)

"Sarbox: Year 2"
CFO-IT (09/05) Vol. 21, No. 13, P. 17 ; Violino, Bob

While many companies are relieved that the initial rush to comply with the 2002 Sarbanes-Oxley Act is over, continuing the compliance process in the second year of the act's enforcement will take just as much effort, perhaps even more. However, implementing a number of programs to assure the most efficient compliance effort may cut down on the stress associated with Sarbanes-Oxley. First, a formal group tasked with overseeing compliance should be created; this group should include high-ranking members of the organization in finance, accounting, technology, and business operations, and should be able to act quickly in order to maximize efficiency. The group should evaluate the controls the company established during the first-year rush to compliance; while many may be effective, some may have been put in place simply to comply with the act and may not be strictly necessary. Implementing automation of many compliance tasks should also be a goal in the second year; now that the company knows what needs to be done, it can design more efficient processes for doing it. The makeup of the compliance chain of command may also need to be re-evaluated; both the finance and information-technology departments have a huge stake in compliance issues, so their roles should be balanced according to the company's needs. The role of IT in particular may have to be expanded, going beyond the traditional areas under its control and focusing instead on broader issues of strategy.
(go to web site)

"How Not to Look Like a Phish"
Security Products (08/05) Vol. 9, No. 8, P. 30 ; Maier, Fran

Companies should use industry best practices for email communications to protect themselves and their customers from the online identity theft technique known as "phishing." Many phishing scams involve the use of emails that mimic official email communications from some of the most trusted brands known, including financial institutions, online retailers, and Internet service providers. These fraudulent emails ask customers to share some of their most sensitive personal data, which often leads to identity theft, financial loss, and credit card fraud for the consumer. Businesses also face indirect losses from these scams because when a company's official email communications are mimicked the results can include customer dissatisfaction, loss of brand equity, and wasted resources. Businesses can take several steps to protect their brands from being hijacked during phishing scams, and these steps include communicating with customers and employees about the dangers of phishing and communicating across all divisions and units of the business. Companies should evaluate the technologies they are using and implement new technologies where needed, and they should also either conduct an email best practice review themselves or register with an accreditation program that will support and verify their email practices. When communicating with customers by email, companies should never use "click here" hyperlinks or request personal data from customers via email hyperlinks, and they should also refrain from using instant messages and pop-up windows for data collection. When communicating with customers, companies should always personalize their emails, proofread and spell-check communications, use clear and consistent branding, and use simple and clean URLs and links.
(go to web site)

"Houston Has 'Better Plan' Than Most Cities"
Houston Chronicle (09/27/05) ; Hedges, Michael

Houston's ability to evacuate its residents as Hurricane Rita approached was severely tested, but the city is better prepared to respond to disasters than most big cities in the United States, according to experts. New York University's Paul Light, an emergency response expert, says that Houston's evacuation plan worked as well as could be expected under the circumstances, though improvements can be made. Many other cities just improvise their responses to disasters, says homeland security expert James Carafano. Light explains that Chicago lacks a real response plan, Los Angeles is still attempting to figure out how to evacuate its residents, evacuating New York would be hampered by the city's many "choke points," and evacuating Washington, D.C., "would be a mess." Officials on Monday said that the Homeland Security Department and Federal Emergency Management Agency will examine the emergency plans for hurricanes Rita and Katrina and learn from those experiences. President Bush is calling for a "robust discussion" about whether the Department of Defense should be placed in charge of responding to natural disasters. Carafano, for one, supports the idea of making the Defense Department the lead responder to disasters. "It would be counterproductive and ruinously expensive for other federal agencies, local governments, or the private sector to maintain the excess capacity and resources needed for immediate catastrophic response," he says.
(go to web site)

"U.S. Sends Dogs Into Subways, But New York Declines Offer"
New York Times (09/29/05) P. A30 ; Chan, Sewell; Wald, Matthew L.

The transit agencies in 10 U.S. cities, including Los Angeles, Chicago, San Francisco, Philadelphia, and Washington, D.C., will receive three bomb-sniffing dogs apiece under a $2.7 million Department of Homeland Security (DHS) program. Each city's transit agency must apply for the program, and the program's other terms specify that each agency allocate three police officers to attend a 10-week training course to become a canine handler. Agencies that participate in the program will receive funding from the DHS to cover the costs of the dogs and the training, including $120,000 per year to pay for veterinary care, police vehicles, and food and uniforms. New York's Metropolitan Transportation Authority has chosen not to apply for the program due to the program's stipulation that, during crisis situations, each city make the dogs available for the needs of the federal government. A spokesman for New York's authority explained that the agency already has 25 bomb-sniffing dogs and plans to double that number in 2007. The DHS program also stipulates that the canine units spend a minimum of 80 percent of their patrolling time in city transit systems. A DHS spokesman explained that local authorities would almost always have control of the canines, which would only be reassigned during a national emergency.
(go to web site)

"Registered Traveler Test Is Ending Inconclusively"
Washington Post (09/27/05) P. A15 ; Goo, Sara Kehaulani

The Transportation Security Administration (TSA) will end its Registered Traveler airport security program this week and will refrain from expanding the program as it is currently construed, according to government and industry sources. The test program, introduced last summer, is operating at half a dozen U.S. airports. The program works by allowing airport travelers to go to the front of security lines if they register in the program, provide personal data, and allow their irises and index fingers to be scanned. "We are concluding the pilot program and we are going to review the results to determine how Registered Traveler would fit as a link in the security chain," says TSA spokeswoman Yolanda Clark. Several companies have contracts to operate the program, but those contracts will be allowed to expire this week, Clark said. A limiting factor to the program's effectiveness is that it is only useful to users at the airport where they registered, industry officials said, adding that the registration must work at all participating airports if the program is to be expanded.
(go to web site)

"Woman Suicide Bomber Marks Possible New Insurgent Tactic in Iraq"
Associated Press (09/28/05) ; Keath, Lee

A female suicide bomber killed six people and wounded 35 others in Tal Afar, Iraq, on Wednesday, by bypassing security checkpoints where women are not searched due to Islamic cultural sensitivities about close contact between men and women. Once in the city, the woman, who had explosives strapped to her body, disguised herself in traditional male attire and joined a group of men applying for jobs, where she blew herself up. U.S. and Iraqi officials are concerned that insurgents could begin deploying more female suicide bombers, which would present security challenges because there are not nearly enough female security officers to conduct searches of women passing through security checkpoints. Iraqi officials said that new techniques will be needed to combat female bombers, and they announced that from now on, women and children will be searched at Tal Afar checkpoints.
(go to web site)

"Talking in the Dark"
New York Times Magazine (09/18/05) P. 24 ; Thompson, Clive

The recent experience of Hurricane Katrina was an excruciating lesson in the utter dependence we have on our communications systems: The panic and chaos that followed the storm were exacerbated by the failure of our communications networks, as the only devices that still worked for the week after Katrina hit were satellite phones and two-way radios. Wi-Fi mesh offers a self-correcting communication system capable of surviving a disaster of Katrina's magnitude. Conventional phone systems are centrally operated, meaning that the disruption of a small cache of switches affects service for a large portion of users; also, they are frequently overwhelmed in times of disaster, as they are only designed to allow 10 percent of customers to talk at once. Wi-Fi mesh systems are inexpensive and decentralized, and can easily support a phone system impervious to disaster. Meshed Wi-Fi can be thought of as a widescale bucket brigade, as each node transmits data to the next, located only a few hundred feet away; Wi-Fi also supports VoIP, and enables widespread connectivity to the Internet if just one user is logged on. Mesh networks are ideal for disaster situations, as the removal of a given node does nothing to disrupt a widely implemented Wi-Fi network. They are also remarkably efficient and inexpensive, as each node only consumes about 10 watts, and carries an implementation cost of around $350, a figure that increases to $650 with the addition of an emergency battery. Though Wi-Fi nodes do require a clear line of sight to communicate with each other, their marginal cost makes their widespread implementation in densely clustered urban areas eminently viable.
(go to web site)

"Advancing Airport Security"
Security Products (09/05) Vol. 9, No. 9, P. 52 ; McChesney, Brooks

Technology is one of the key underpinnings of airport security, and the trend in this area has moved toward integrated systems that provide situational awareness in real time, as opposed to passive restraints and independent sensors and alarms. The methods that airport surveillance and response systems use to manage data are becoming more like those used by corporate enterprise-level information technology systems. "Network-based security systems, video management software, intelligent video surveillance software, emerging access control technologies, and biometric indices-based security technologies are among the technologies that will strengthen airport security in the future," predicts Frost & Sullivan research analyst Soumilya Banerjee. Numerous agencies and teams are involved in airport security, and coordinating this effort can be problematic. Automated security workflow technology, which enforces and supports airport security disaster plans, can resolve this problem by identifying threats, notifying the correct type of responders, providing updates on changing needs as an incident unfolds, and providing detailed situation analysis after the event. For example, if the workflow technology identifies a threat along the airport perimeter, it might respond by sending a text message to police officers to use their handhelds to view specific security camera footage. Meanwhile, the workflow technology might contact airport personnel and order them to implement crowd control processes and contact medical responders to guide them to the incident location. In the future, airport security technology will likely take the form of an integrated national security system that quickly determines whether suspicious activity at one airport is an isolated incident or part of a greater threat facing multiple airports.
(go to web site)

"Brazilians Blazing Trails With Internet Technology"
Knight-Ridder Wire Services (09/26/05) ; Chang, Jack

Despite crippling levels of poverty and violence, Brazil is home to some of the world's most innovative technology, and plays host to some of the most sophisticated hackers. Brazil often finds itself the locus of international debates over intellectual property rights and private media controls, and though it does not have in place the infrastructure that other developing nations do, Brazil has made significant advances in open access technology that place it at the forefront of the Third World. Brazil received a major economic boost when Google acquired the native firm Akwan Information Technologies and established an office in Sao Paolo. There is still a wide gulf between rich and poor in Brazil, and while its 22 million-plus residents with Internet access rank it in the top 10 worldwide, that number still only represents 12 percent of the population. Piracy is also a major issue, as roughly 60 percent of the software and 70 percent of the hardware in use in Brazil infringes on copyright laws; Brazil is also a notorious haven for cyber criminals, as it is estimated that approximately 80 percent of the world's hackers are based in Brazil. The country's emerging IT industry has reached the $10 billion mark in annual sales. The spirit of unfettered access has led to the widespread implementation of the Linux platform in government and private industry, along with a host of other open-source applications. Throughout Brazil, open access movements are seeking to provide free Internet capability to computer users, and its vibrant open-source community draws on innovation from all over the country to maintain Web sites, provide tech support, and develop new technologies.
(go to web site)

"Lawmaker Doesn't Rule Out Cybersecurity Regulation"
IDG News Service (09/27/05) ; Gross, Grant

The U.S. government and the private sector have not given cybersecurity adequate emphasis, said Rep. Dan Lungren (R-Calif.), speaking at a Sept. 26 cybersecurity policy forum hosted by Nortel Networks. Although his preference is for companies to voluntarily patch vulnerabilities, Lungren, chairman of the House Economic Security, Infrastructure Protection, and Cybersecurity Subcommittee, did not dismiss the possibility of the government imposing cybersecurity regulations, which he fears would "stifle the kind of innovation that's available to the private sector to come up with their own fixes." Lungren also said the government must gain a better comprehension of cybersecurity risk, especially as it pertains to Internet-powered supervisory control and data acquisition (SCADA) systems responsible for much of the country's critical infrastructure. He urged the government to make a stronger effort to anticipate cyberattacks, particularly those that threaten to cause the worst damage, and channel its resources into preventing such incidents. Nortel CEO Bill Owens noted at the same forum that the likelihood of cyberattacks will rise as increasing numbers of devices transmit information via Internet Protocol. Acting director of the Homeland Security Department's National Cybersecurity Division Andy Purdy claimed his agency is attempting to raise the profile of the cybersecurity issue, citing the creation of a new assistant secretary for cybersecurity as a step in the right direction. But he agreed with Lungren that private companies bear a significant measure of responsibility in the assurance of Internet safety.
(go to web site)

"Bring on the Security Gateway"
Communications News (09/05) Vol. 42, No. 9, P. 20 ; Hardof, Tamir

Although antivirus software and firewalls are still integral components of any network security system, they fail to adequately guard against today's cyber threats. In today's network environment, some of the most severe threats emerge from within a firewall. Any laptop that is connected to a network remotely offers access to a host of threats the firewall will never have a chance to protect against. Most organizations have workers who connect to their networks in cafes or airports, or employ the services of contractors and temporary workers who might also connect remotely. Intrusion-detection systems (IDSes) scan a network for traffic and notify administrators about activity based on signatures, but are incapable of actually responding to a threat. Intrusion-prevention systems (IPSes) improve on IDSes by offering a far more responsive attack protection. IPSes still occasionally produce false positives, and they still depend on signatures. Freestanding IPSes also frequently overlook the activity within a network. Comprehensive security must be intricately layered, integrating both internal and perimeter security tools and working in tandem to provide central management, logging, reporting, and event correlation. Internal security gateways monitor all traffic within a network, and provide several sophisticated methods of response to suspect activity. They also offer updated signatures, advisories, and thorough descriptions of potential threats. Zone segmentation also helps by providing varying levels of security based on the needs of a particular area. Quarantining helps to keep attacks localized. Forensic methods are needed to observe the logging and reporting of gateway devices. Quality reporting tools help funnel relevant information to administrators more quickly, such as automated aggregation and correlation devices.
(go to web site)

Abstracts Copyright © 2005 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online