Link: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133687

Obama’s cybersecurity plan gets cautious praise
The challenge will be to get various interests working together

Jaikumar Vijayan | http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133687

May 29, 2009 (Computerworld) President Obama’s plan for securing cyberspace and his creation of a new White House cybersecurity coordinator are being greeted with cautious optimism within the security industry.

Many see the strategy as a sign of the administration’s willingness to recognize cyber threats as a national security issue. But until details are fleshed out, it’s hard to know just how far it will go in bolstering the nation’s ability to deal with cyber attacks, they said.

At a White House briefing, Obama described a five-pronged cybersecurity strategy for defending government, military and private sector networks against threats from what he said is a growing number of bad actors. He noted that the new cybersecurity coordinator will be responsible for pulling together a national strategy for securing American interests in cyberspace and stressed that the government would safeguard privacy concerns. (The new office will include a privacy officer.)

Obama’s proposals had been widely expected and are based on the recommendations from a government-wide review of cybersecurity undertaken at his behest by Melissa Hathaway, a former Bush administration aide who he appointed as acting senior director for cyberspace earlier this year.

“I was encouraged see that the [Hathaway] report got presidential support today — that’s critical to the success of any program,” said Patricia Titus, the one-time chief information security officer at the Transportation Security Administration (TSA) who now holds a similar job at Unisys Corp.

The challenge for the Obama Administration is to actually implement the proposals in a meaningful way, Titus said. A lot will depend on the relationships the new cybersecurity coordinator can build and the kind of influence he or she can exert across government and the private sector, she said.

While centralizing authority for cybersecurity matters in the White House can have benefits, care needs to be taken to maintain a balance of power, she said. “We need to make sure that no one is pushing the red panic button without making sure there are other individuals in the decision-making process and at the appropriate levels to get input from,” she said.

Obama did a “great job” of summarizing the cybersecurity threats the nation faces and the approach that’s needed to resolve them, said Scott Charbo, former deputy undersecretary of the National Protection and Programs Directorate at the Department of Homeland Security (DHS).

Especially encouraging is the president’s focus on setting specific milestones and on ensuring accountability within government, said Charbo, who is currently director of cybersecurity at Accenture. Obama’s apparent plan to give the new cybersecurity coordinator a greater say in ensuring that federal agencies are investing adequate resources on cybersecurity is also a very positive step, he said. But successfully moving forward on a White House-led cybersecurity effort will require a “cultural transformation” by government agencies.

“I think everyone is anxious to understand who the cybersecurity coordinator will be,” Charbo said. “It needs to be someone who can listen to new ideas. It needs to be someone who is focused on outcomes and on metrics.”

Ensuring that all of the right players are at the table when developing a national cybersecurity strategy will be key, added Billy O’Brien, former White House director of cybersecurity and communications systems policy. O’Brien is now an analyst at Deloitte.

To date, government officials, defense organizations and the DHS have all been working on disparate missions when it comes to cybersecurity. Getting everyone working together can be a challenge, he said.

The mission of the intelligence community, for instance, is to intercept an attack using the cyber infrastructure; the DHS is supposed to protect critical infrastructure; the Department of Defense has defense-and-attack authority; and the White House has coordination authority. The question that will need to be asked is whether “all of the right players are at the table or if there is a need to add more,” O’Brien said.

Also key: figuring out how to ensure that the private sector is “holding up [its] end of the deal” when it comes to the critical infrastructure in private hands, he said.

Enrique Salem, the CEO of Symantec Corp. , said in a statement that the decision to re-establish a strong White House role for cybersecurity is “gratifying.” The last executive to have a cybersecurity role in the executive offices of the president was Richard Clarke, who was special advisor on cybersecurity to President George W. Bush when he retired in 2003.

In the six years since, cyber security oversight and involvement has moved from the White House to other government agencies, even as cyber attacks have grown to the point where they are now a “full-blown threat to national security and commerce,” Salem said.

“The coordination must come from the White House level to address the situation and to provide focus on the global nature of this problem,” he said.

Link: http://secunia.com/advisories/35274/

TITLE:
Xvid Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA35274

VERIFY ADVISORY:
http://secunia.com/advisories/35274/

DESCRIPTION:
Some vulnerabilities have been reported in Xvid, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerabilities are caused due to boundary errors within the “decoder_iframe()", “decoder_pframe()", and “decoder_bframe()”
functions in src/decoder.c. These can be exploited to potentially corrupt memory via specially crafted video files.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 1.2.2.

SOLUTION:
Update to version 1.2.2.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits John McDonald and Christopher Valasek of IBM X-Force.

ORIGINAL ADVISORY:
Xvid:
http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7
http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81

———————————————————————-

About:
This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Link: http://blogs.zdnet.com/BTL/?p=16082&tag=nl.e019

Conficker wakes up, updates, drops payload
April 9th, 2009
Posted by Andrew Nusca @ 4:09 am | http://blogs.zdnet.com/BTL/?p=16082&tag=nl.e019
Categories: Security

The Conficker worm is finally active, updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.

CNET’s Elinor Mills reports that researchers are analyzing the code of the software that is being dropped onto infected computers and suspect that it is a keystroke logger or some other program designed to steal data from the machine.

The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.

Just yesterday, Zero Day blogger Dancho Danchev noted that a Conficker copycat was already making its rounds.

According to a post on the TrendLabs Malware blog, the awakened worm tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity. It then deletes all traces of itself in the host machine, and is scheduled to shut down on May 3.

Mills reports:

Because infected computers are receiving the new component in a staggered manner rather than all at once there should be no disruption to the Web sites the computers visit, said Paul Ferguson, advanced threats researcher for Trend Micro.

“After May 3, it shuts down and won’t do any replication,” Perry said. However, infected computers could still be remotely controlled to do something else, he added.

The development was found when Trend Micro researchers noticed a new file in the Windows Temp folder and a large encrypted TCP response from a known Conficker P2P IP node hosted in Korea:

Two things can be summed up from the events that transpired:

1. As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP. The Conficker/Downad P2P communications is now running in full swing!

2. Conficker-Waledac connection? Possible, but we still have to dig deeper into this…

As for the second point, researchers said the worm tries to access a known Waledac domain and download another encrypted file, but they’re still trying to examine the connection.

More Conficker news on ZDNet:

· Dancho Danchev: Conficker worm’s copycat Neeris spreading over IM
· Adrian Kingsley-Hughes: Friday Rant - Conficker worm hype
· Ryan Naraine: Eyeballing Conficker with eye-charts and maps
· Tom Espiner: Conficker an April Fool’s joke? Maybe not

Andrew J. Nusca is an assistant editor for ZDNet.com. See his full profile and disclosure of his industry affiliations.

Link: http://theitsecurityattache.com/blogs/2009/04/01/govt-may-track-all-uk-facebook-traffic/

Gov’t may track all UK Facebook traffic
18 Mar 2009 13:41 | http://news.zdnet.co.uk/security/0,1000000189,39629479,00.htm

Home Office minister Vernon Coaker has said the government is considering recording the traffic data of all UK citizens on social-networking sites, including Facebook, MySpace and Bebo

The UK government is considering the mass surveillance and retention of all user communications on social-networking sites including Facebook, MySpace, and Bebo.

Home Office security minister Vernon Coaker said on Monday that the EU Data Retention Directive, under which ISPs must store communications data for 12 months, does not go far enough. Communications such as those on social networking sites and instant messaging could also be monitored, he said.

“Social-networking sites, such as MySpace or Bebo, are not covered by the directive,” said Coaker, speaking at a meeting of the House of Commons Fourth Delegated Legislation Committee. “That is one reason why the government are looking at what we should do about the Intercept Modernisation Programme, because there are certain aspects of communications which are not covered by the directive.”

Under the EU Data Retention Directive, from the 15 March, 2009, all UK internet service providers (ISPs) are required to store customer traffic data for a year. The Intercept Modernisation Programme (IMP) is a government proposal, introduced last year, for legislation to use mass monitoring of traffic data as an anti-terrorism tool. The IMP has two strands: that the government use deep packet inspection to monitor the web communications of all UK citizens; and that all of the traffic data relating to those communications are stored in a centralised government database.

The UK government has previously said that communications interception was “vital”, and has hinted that social-networking sites may be put under surveillance. However, responding to a question from Liberal Democrat MP Tom Brake, Coaker said that all traffic data on social-networking sites and through instant messaging may be harvested and stored.

“The honourable member for Carshalton and Wallington will also know the controversy that currently surrounds the Intercept Modernisation Programme,” said Coaker. “I look forward to his support when we present Intercept Modernisation Programme proposals, which may include requiring the retention of data on Facebook, Bebo, MySpace and all other similar sites.”

Deep packet inspection, the second strand of the IMP, involves intercepting and examining the contents of all data packets that flow over a network. In Monday’s meeting, Coaker said the government still intends to have a consultation on whether to inspect and then store all internet traffic data in a centralised government database.

“What is the point of having a consultation if, as the honourable gentleman implies, the government have already made up their mind to have a central database?” said Coaker. “We have not made up our mind. We have said we will consult on a variety of options.”
Opposition to the government’s IMP proposal has been fierce. Cambridge University computer security expert Richard Clayton told ZDNet UK on Wednesday that the government proposal to monitor social-networking traffic was “extremely intrusive”.

“The question is whether it’s necessary or proportionate, and the short answer is no, it doesn’t look that way,” said Clayton. “If the government wants to make us safer, having a few more police on the electronic beat would be a good idea.”

Clayton said that the problem for the government is that the Data Retention Directive only applies to data held by internet service providers, but that a large number of people don’t use ISPs’ systems to communicate, instead using online services including webmail and social-networking sites. Servers may be located in different jurisdictions, said Clayton, and data-retention times may be short.

“The government wants to collect all of this data on everybody, just in case,” said Clayton. “Suppose you use hotmail.pk, and you blow up the Houses of Parliament. The government would have to persuade the Pakistani authorities to turn over the logs, which may then turn out only to have been retained for three days.”

However, Clayton believes that the cost of harvesting this information, which would involve all UK internet infrastructure providers and ISPs having ‘black boxes’ to monitor data, would be prohibitively expensive. Clayton said that taxpayers’ money would be better spent on the police, who could target investigations to those they suspect of criminal activity, rather than on performing blanket surveillance of everybody.

“To deploy deep packet inspection equipment isn’t cheap — the word ‘billion’ is appropriate,” said Clayton. “It took the Home Office the best part of a year to find £3m for the Police e-Crime Unit. That’s what is wrong with this picture.”

Web inventor Sir Tim Berners-Lee also opposes the use of deep packet inspection to inspect people’s data. Berners-Lee told ZDNet UK last week that the internet should not be “snooped” upon.

“If [third parties] are using the data for political ends or commercial interest, there we have to draw the line,” Berners-Lee said. “There’s a gap between running a successful internet service and looking inside data packets.”

Story URL: http://news.zdnet.co.uk/security/0,1000000189,39629479,00.htm

Copyright © 1995-2009 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.

Link: http://theitsecurityattache.com/blogs

FYI…

Original URL: http://www.channelregister.co.uk/2009/03/30/conficker_signature_discovery/

Busted! Conficker’s tell-tale heart uncovered
Researchers find super worm cure, just in time
By Dan Goodin in San Francisco
Posted in Software & Security, 30th March 2009 11:02 GMT
————————–

My thoughts, feedback and input.

You have a few hours to work on this and I know you’re going to be vigilant about it. Let’s save what and who we can with our best efforts. Time is of the essence so get to it. I will be a bit busy for the next few hours checking on new vendor signature releases and info about this, dealing with my internal network and doing some last minute checking and changes so please pardon any delays in my responses for a while.

So now that signatures are being released for it is it over?

No it’s not. This is a staged effort. The signatures will be created, disseminated throughout the various security scanners, anti-virus and anti-malware vendor products but then comes the updating and patching of the systems.

If you are running an older version of a vendor product I strongly suggest you upgrade it now.

If you are running any definitions other than March 31st 2009 for your anti-virus and anti-malware solution then you’re not fully protected yet.

If you are still missing Microsoft Windows patches (any and all of them) then there’s still some level of risk for you.

If you’re running vulnerable applications like Adobe Reader, Acrobat, Firefox, iTunes, QuickTime, web browsers, media players and other applications check to make sure you’re not missing any vendor patches. The developers have released secure versions recently.

I still stick to my original take on this which is, if you are already infected just wipe and start over. There’s no real guarantee that you will fully get rid of the infection and the various pieces it comes with. If not, you have a good set of protective layers to work with.

Keep in mind that a signature based solution works off detecting via signature and not anomaly based threats. As Conficker is a blended threat, I expect to see some aspects of it still evading some security solutions if not configured properly for effective use. Some people have their solutions configured with out of the box settings which may not be optimally configured for a critical threat like this with such a rapid change effect rate.

I know this is short timing but it is good timing to get the word out and get people to act quickly. Be kind and help to spread the word to your family, friends, partners, associates, peers and anyone you converse with. This is critical info that needs to be shared.

Let’s get to it people. I’ve been up since Saturday helping people with their systems and talking about this and I plan to get some sleep over the next day or two.

Good luck and please keep me posted on any new developments and happenings around this once April 1st kicks in.

~Brett A. Scudder~
The IT Security Attaché

Link: http://theitsecurityattache.com/blogs

Hi all,

I have more coverage of the Conficker worm on my blogs for you to read. It’s been very busy tracking and helping people with the threat and I haven’t been able to update all the sites. I still have a few things to take care of before April 1st so please check on The IT Security Attaché’s blogs for more updates.

http://theitsecurityattache.com/blogs

Thank you,

~Brett A. Scudder~

Link: http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx

FYI…

Internet Explorer 8 empowers content providers to create the richest, most dynamic experiences on the Web, extending the reach and value of online services. Whether you’re a developer, a systems integrator, or a sales and marketing professional, Internet Explorer 8 offers new possibilities for increasing revenue by building out solid solutions and service practice offerings.
Download Internet Explorer 8 and discover innovative features that help people browse faster easier, and safer than ever before.

https://partner.microsoft.com/us/40074178
http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx#

Add Value with Web Slices

Web Slices enable users to subscribe to content directly within a page and monitor information as they browse the Web. Web Slices integrate rich, real-time online services and content into the browsing experience.

Add Functionality with Accelerators

Accelerators allow you to enhance selected text on your Web pages, enabling you to map addresses, define words, add blog functionality, and share website data across the Web and e-mail.

Enable Quicker Results with Instant Search

With Instant Search users can leverage suggested search terms to help find the data they need—without typing the entire word or phrase. Visual search functionality adds images and graphics to search results.

Protect Customers’ Critical Data with Built-In Functionality

Inspire your customers’ confidence by helping to reduce risk and protect their IT environments—on premises or hosted—from security and privacy threats. Identify malicious sites and blocks malware downloads.

Internet Explorer 8 Videos

View videos demonstrating new features and functionality within Internet Explorer 8.

Windows Internet Explorer 8 FAQ

Find answers to frequently asked questions about Internet Explorer 8 features and functions.

Thank you very much and have a great day. We apprecilove your business and support and look forward to serving you more.

~Brett A. Scudder~

Link: http://titssn.net

Good day to you,

First I want to say many thanks to Mr. Hamlett for coming out and spending the evening with us to take an in-depth look at the Microsoft world of Virtualization. Thank you sir.

I also wanted to say thank you to those who came out to the meeting as
well.

I wanted to send a follow up of our meeting last week and share two presentations that were offered. It was an awesome session and Mr. Hamlett gave us a good look at the Microsoft virtualization/Hypervisor setup, config, security infrastructure and why this is becoming a major adoption for many organizations.

Mr. Hamlett also linked up with Steve Riley who is a world renowned security guru at Microsoft and we had the opportunity to have him on the phone to talk more about any questions or issues we may have in understanding securing Virtualization. The timing was a bit off as he was travelling and the planned time of his availability was thrown off and so we’re going to schedule a conference call with him do any questions/concerns/issues will be addressed for you.

I will be posting a thank you on his blog here http://blogs.technet.com/steriley/ and i’m asking for a few comments of thanks from the group as well. I want him to realize that we apprecilove his time and effort to work with us and to be a resource for us if/when needed. Please take a minute to say thank you from TITSSN.

Here is the video of his TechEd presentation on virtualization and security http://titssn.net/events-archive/Jan-2009-Virtualization/. I decided to share this with everyone as it is a major topic of interest across the board. I am sure you’ll see and learn a lot of interesting things from it. We had an awesome discussion around the presentation that Mr. Hamlett did an awesome job of sharing some insight, recommendations and guidelines on. The Virtualization_SCVMM PPT is one that Mr. Hamlett presented at another location and he decided the content was appropriate to share with us as well.

We will have a follow up hands-on workshop where we’ll be building out a virtualization infrastructure from the ground up so please stay tuned for that update. I’m working on that for our February training and development workshop so as you can see, were putting a lot of quick time and attention to this. This year we’re focusing very heavily on this area of technology and you’ll be seeing a lot more on it.

So, please remember to say a little thank you to Mr. Riley ok.

Thank you very much and have a great day. We apprecilove your business and support and look forward to serving you more.

~Brett A. Scudder~
The IT Security Attaché | http://theitsecurityattache.com | Blogs http://theitsecurityattache.com/blogs

Link: http://titssn.net

Good day to you,

Over the past few years we have seen a significant increase in the use messaging and with this use comes the threats of spoofing "Messaging Identity Theft", oh yes, your messaging identity is a major risk factor as well). With messaging now available on mobile devices allowing us to be anywhere and accessible at anytime, the risks associated with losing that identity is a major concern (at least for me it is).

As a security professional that provides guidance, counsel, education and awareness, I always have a very keen eye on my email messaging config and setup so as to provide authentication and validation of myself as the original sender of my messages. People turn to me for guidance and counsel in many areas of technology and if/when they receive an email message from me they believe this is valid and useful information to use. They “trust” my knowledge, recommendations and guidance and as such will use the information provided for themselves or share it with others. As one can never tell the live and trail of a message when it is sent one can only ensure that its content and information is not tampered with (or hope so).

Imagine if someone was to send an email from my (or your) address with a link pointing to a website that has malicious codes in it and the recipient’s system crashes and/or data is lost?
Or, an email with an executable file attached stating that you should rename the file by adding .exe to the end and then running it.

What would happen to my (or your) reputation and the trust of that recipient if that happened?
They wouldn’t know how to trust my (or your) messages or even me again. This could also lead to legal issues if the recipient was in a company that was impacted by the treat(s) in a major way. There could be a network wide attack, worm outbreak or some viral infection that took the company’s infrastructure down or created a SPAM relay in their system at which point that message will be used as proof of it being the cause of the problem(s).

Oh yes, I know what you’re saying, anyone can spoof your addy (email address) from anywhere but what if the message really came from your network/PC because you had a trojan/worm that you were not aware of, aha, now you’re getting the gist of what i’m saying. You’re also a risk to yourself without the proper protection and configurations in place. Sometimes it is the simple things that have the biggest impacts and effects on us as we never looked into it properly.

Now I need you to understand what i’m saying as it doesn’t only apply to me or IT/Security professionals. What I am saying to you is, no matter what field of work, study or professional you’re in, the delivery of an unplanned, unwanted or unknown message can present many challenges, it’s a matter of how you want to protect yourself from the impacts and effects. Think about privacy, think about security, and think about wrongful information/data and the dissemination of the message and contents to others outside of your intended recipients list.

This ID can be added to your mobile devices as well, thus extending the same functions and features to your device while in transit.

In 2004/5 I saw the highest spoof rates of 30-40% of my primary email address and became even more serious about protecting that identity and what it meant to me and my recipients (customers, clients, associates, partners, friends, etc.).

In 2004 I amended TITSSN’s membership and messaging policies to make it mandatory that every member must have a valid digital ID and for it to be used in all group messaging communications. The purpose was to create a better way of validation and authentication of incoming messages and allows the encryption of sensitive data/information. It also required that all documents (PDF, Microsoft Office, etc.) being created by us is digitally signed. As IT/Security professionals we must ensure that the information being sent from us is valid, accountable and does not present a threat/risk to the recipient(s) (intended or non-intended).

If you receive a direct message from me and it is not signed I advise not opening it. I will not send a message without it being signed and the beautiful thing about the digital ID is, the special tag/label it adds to the message envelop. A little red (signed) or blue (encrypted) ribbon is now added to the envelop icon. This adds the immediate visibility for the recipient to see that this is a signed message and can have the option of opening it or not. Even though it may be signed, the content within the message can also be malicious and so additional caution must be taken. On my config I have enabled the setting that tells me if the message has been changed/tampered with from sender to me. At this point it is my choice of going further and viewing the contents.

The following figures are from Outlook 2007. Whenever you install a digital ID in Outlook it adds the section with the Sign and Ecrypt options. You will not see these options if you do not have a digital ID installed.

Figure 1.
The signed message icon


Figure 2.
The Sign button


Figure 3.
The Encrypt button


We have a special way of sending/identifying messages that are not signed as circumstances will arise where one may be away from their primary system and is not able to sign it.

Some services like Yahoo groups add contents to the body of the message when collaborating in their groups. This will invalidate the cert and the recipient will get a warning that the cert is invalid. This becomes a known issue for people using certs in such instances and so one must understand the reason why this will happen and if it is worth doing.

Some companies add disclaimers to all outgoing messages and if the PKI infrastructure is not properly configured this will invalidate any cert being used by an individual within the company’s mail system. At this point I recommend using a personal account for collaboration with groups that requires this kind of personal identification. This way you will have control over the sending of the messages.

It is one of my goals in 2009 to create more education, awareness and adoption of this on a global level for people to understand what it means and the benefits it presents. A digital ID is not a security solution, it is a method of securing your messaging identity by creating a method of authentication and validation of the sender.

So where can I get a digital ID and is there a cost?

There are free digital ID providers like Thawte - http://www.thawte.com/secure-email/personal-email-certificates/index.html?click=DoYouNeedTo-SecureMail and Comodo - http://www.comodo.com/products/certificate_services/email_certificate.html. There are other free services if you do a search for them.

As for me, I use the VeriSign cert from here http://www.verisign.com/authentication/individual-authentication/digital-id/index.html and even though they offer a free 60 days trial one I invest in my messaging identity by purchasing one for the $19.95. A small $20 investment for my online messaging identity is nothing of consequence for me as see this as a critical part of my online presence, reputation and ethics.

So my question to you is,

With the growing trend of messaging and the fact that it is now the number one form of collaborating and exchanging of information, how seriously are you about protecting that identity?

Do you know what a digital ID is and its benefits?

Learn more about it here http://www.verisign.com/static/005326.pdf
Tutorial here http://www.verisign.com/static/005327.pdf

Look for more discussion on this as I am focusing on this for 2009.

Thank you and have a great day,

~Brett A. Scudder~
The IT Security Attaché

Link: http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/

FYI…

I don’t know if you guys have encountered this but trust me, this is some good information worth having/knowing. I have been dealing with this at a few clients over the past few months and it is a nasty little bugger. As we all know, Jesper Johansson is an industry renowned security guru and this is an awesome write-up. This was too good not to share/archive.

I hope it helps those who are dealing with this threat to understand the real impact and issues it presents. We should share this with others so they too can learn from it. The bad guys are getting craftier at the game.

Please share the info.

Thank you,

~Brett A. Scudder~

Link: http://news.yahoo.com/s/ap/20080724/ap_on_he_me/cell_phone_warning

Pittsburgh cancer center warns of cell phone risks

by JENNIFER C. YATES and SETH BORENSTEIN, Associated Press WritersThu Jul 24, 7:13 AM ET

Link: http://www.htc.com/us/FAQ_Detail.aspx?p_id=75&act=sd

HTC’s Sprint Mogul 6800 and Touch Windows Mobile v.6.1 Upgrade

So HTC finally released the highly anticipated WM v.6.1 upgrade for the Mogul on Monday July 21st and I couldn’t wait to install it. I was still a little worried about it so I installed it on my primary test Mogul and boy was a happy with it until, until, UNTIL, I saw how much it ate up the battery.

Some of the new features that were added are not of value to me but hey, it’s still good to have as others will benefit from them. I’m not into the TV stuff but it was a nice added compliment. I checked out a few stations and was quite pleased with the reception and service. I tried playing with the GPS but had some issues because I may need to setup an account or something.

One thing is for sure, it is the fastest loading Windows Mobile OS i’ve seen to date. Wow, I was very impressed with the speed of loading up even after I loaded up all my apps and utils on it. Restarting the device took under 30 seconds, WOW. It’s much faster and I no longer had that glitch when creating or responding to new emails where the screen only showed one side of the page.

I love the new text messaging features. It’s like an IM session that runs over the course of the conversation with the same person. It makes it so much easier to track back to previous IMs but I fear the "loading messages" part consumes memory. I do over 4000 (and counting) txt messages per month so managing my txt and txt’g for is critical for me. Yes, but of course I have an unlimited txt messaging plan.

If only the battery life was improved, oh the pain, oh the hurt. Anyway, it could have been worse so thank goodness for the new features, enhancements and well needed speeds.

Why update the ROM on your device?

The software upgrade posted below provides several key enhancements for your Mogul:

Here’s some additional release info for the HTC Touch as well HTC’s Web site.

Here are some screen shots of my Mogul and settings.

















The new Task Manager


I love my Mogul, can you tell?

Thank you HTC and keep up the great work, we apprecilove it.

~Brett A. Scudder~

Link: http://nextelonline.nextel.com/NASApp/onlinestore/en/Action/DisplayPlans

Well now, this is not even funny as this puts such a major issue in front of me with little or no way of getting around it without some additional cost factors.

Yesterday I was at/in a few meetings and promoting the use/fact about the broadband data cards from Sprint and how invaluable it is for me. Whether i’m local or travelling this, data card provides the speed, data and network reliability that keeps me connected and secured. Lo and behold a member of the New York Small Business Server Group pointed out that Sprint is now capping the monthly bandwidth of the data card services. I was like, get the heck outta here (in a jokingly kind of way) but then he showed me in plain text on their website this horrifying info.

Mobile Broadband Connection Plans

Link: http://www.apple.com/itunes/download/

Hi all,

It’s out and it’s available, the new version of iTunes is here ahead of the iPhone 3G and the iPhone 2.0/iPod touch 2.9 software update, expected tomorrow.

I can’t believe this but it’s what I have always said, technology changes so quickly that one minute something may be a ban/not allowed to a complete 360 degree turn into, ok, I have to get one and must adjust/adopt to the changing times and demand for help in getting the devices implemented, supported and working on various platforms/systems.

Oh boy, what sweet joy with this new toy.

So, I haven’t gotten my 3G iPhone yet but already prepped a few of my boxes to start playing with it.

More to come so stay secure until then.

Have a great day,

~Brett A. Scudder~

Link: http://theitsecuritysuite.net/forum/phpBB2/viewtopic.php?t=32007

I saw this article and wanted to share my thoughts on it. It’s been a hell of a day but what can I say.

Researchers ‘poison’ Storm botnet
http://theitsecuritysuite.net/forum/phpBB2/viewtopic.php?t=32007

Here’s what I have a problem with.

Now that they have successfully figured out how the botnet works and poisoned it, why are they disclosing all the information and methods of how they did it?

Isn’t this now allowing the botmaster to change his tactics and create different ways of managing and distributing the bots?

What do you think?
I’d love to hear the thoughts of my feel IT professionals on this. I have always found that this type of disclosure was always a negative effect to the issue at hand and this surely proves it.

You’ve just given the bad guys all the info they need to circumvent what you’ve worked so hard to put in place for the past few months :-(.

~Brett A. Scudder~