Please Scare Us Again or What do you know?

February 2007

Attack by Korean hacker prompts DoD cyber debate

The Department of Defense (DoD) computer networks are probed and attacked hundreds of time each day. But a recent attack on the civilian Internet is causing DoD officials to re_examine whether the policies under which they fight cyber battles are tying their hands. “This is an area where technology has outstripped our ability to make policy,” said Air Force Gen. Ronald Keys, Commander of Air Combat Command. “We need to have a debate and figure out how to defend ourselves.” Unlike in the war on terror, DoD can’t go after cyber attackers who plan or discuss crimes until they act, Keys said. Websites in other countries are beyond DoD's reach, he added. “If they’re not in the United States, you can’t touch 'em.” Keys said it would probably take a cyber version of the 9/11 attacks to make the U.S. realize that barriers to action in cyberspace should be re_evaluated.
Maybe we could all just simply wrap plastic around our systems and then duct tape the edges...
Source: http://www.fcw.com/article97645_02_09_07_Web

Drive By Hits Home

February 2007

Drive_by Web attack could hit home routers

If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious java_script code. For the attack to work, the attackers would need a couple of things to go their way. First, the victim would have to visit a malicious Website that served up thejava_script. Second, the victim's router would have to still use the default password that it's pre_configured with it out of the box. In tests, the researchers were able to do things like change firmware and redirect a D_Link Systems DI_524 wireless router to look up Websites from a Domain Name System server of their choosing. They describe these attacks in a paper, authored by Sid Stamm and Markus Jakobsson of Indiana University, and Symantec's Zulfikar Ramzan. "By visiting a malicious Webpage, a person can inadvertently open up his router for attack," the researchers write. "A Website can attack home routers from the inside and mount sophisticated...attacks that may result in denial_of_service, malware infection, or identity theft."
Source: http://www.infoworld.com/article/07/02/15/HNdrivebywebattack _1.html

Penn State Stops the Worm's Wiggle

February 2007

Penn State researchers develop new worm_stopping technology

Researchers at Penn State University say they have developed anti_malware technology that can identify and contain worms in milliseconds rather than minutes __ greatly limiting how far they spread and how much damage they cause. The new technology focuses on analyzing packet rate and frequency of connections, rather than signature or pattern identification, according to a release from Penn State. "A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the system. Penn State researchers assert that because many security technologies focus on signature or pattern identification for blocking worms, they cannot respond to new attacks fast enough, allowing worms to exploit network vulnerabilities.
Source: http://www.informationweek.com/

Ever Been to Chinatown?

February 2007

China and Russia top list of worst copyright violators

China and Russia are the two worst foreign infringers of U.S. software and music copyrights and they should remain on the U.S. government's priority watch list, a group representing the software, music, books, and movie industries said Monday, February 12. The International Intellectual Property Alliance (IIPA) put out the figures as part of its recommendations to the U.S. Trade Representative. China topped all rivals on the IIPA most_wanted list by pumping out $2.21 billion worth of pirated goods last year, mainly business software, according to IIPA figures. Russia ran a close second at $2.18 billion, it said. They could stop it if they wanted to, same as drugs and other illegal activities. Its all a game to them.
Source: http://www.infoworld.com/article/07/02/12/HNworstcopyrightvi olators_1.html

DHS's Massive Cybersecurity Test

February 2007

U.S. Government readying massive cybersecurity test

The Department of Homeland Security (DHS) is planning a large_scale test of the nation's response to a cyberattack to be held in early 2008. The test will be a follow_up to the February 2006 Cyber Storm test, which was billed as the largest_ever U.S. government online attack simulation. Cyber Storm 2 will be conducted in March 2008, said Gregory Garcia, assistant secretary for cyber security and telecommunications with DHS, speaking at the RSA Conference in San Francisco last week. Like the first Cyber Storm, this exercise will evaluate the ability of the public and private sector to provide a coordinated response to a large_scale cyber event, he said. The second Cyber Storm test, which is in the planning stages right now, will include a greater number of participants than its predecessor. In particular, the number of international participants will be increased.
Source: http://www.infoworld.com/article/07/02/12/HNcyberstorm2_1.html

U.S. Computer Emergency Readiness Team (US_CERT)

February 2007

Companies increasingly reporting attacks

Corporate America is getting better about telling the U.S. government about serious security incidents, according to an official from the Department of Homeland Security (DHS). In 2006, companies, universities and government agencies reported 23,000 incidents to the U.S. Computer Emergency Readiness Team (US_CERT), up from 5,000 reported in 2005, Jerry Dixon, deputy director of the DHS's National Cyber Security Division, said at the RSA Security Conference on Wednesday, February 7. So far, in the first quarter of 2007, more than 19,000 incidents have been reported to US_CERT, Dixon said. "Increasingly, the private sector is reporting these incidents," Dixon said. "We are getting a much better picture than what we use to get at the DHS."
Source: http://www.securityfocus.com/brief/430

Polycom's 220 Mill WiFi Boost

February 2007

Polycom boosts Wi_Fi voice effort with SpectraLink acquisition

Polycom reported that it will acquire SpectraLink for $220 million in cash in a move that will bolster Polycom's drive into the nascent voice over Wi_Fi market. The addition of SpectraLink will boost Polycom's ability to provide fixed and mobile telecommunications products covering voice, video, and data over desktop and mobile environments.
Source: http://www.informationweek.com/

Is Your Password Weak???

February 2007

Study: Weak passwords really do help hackers

Left online for 24 days to see how hackers would attack them, four Linux computers with weak passwords were hit by some 270,000 intrusion attempts __ about one attempt every 39 seconds, according to a study conducted by a researcher at the University of Maryland. Among the key findings: Weak passwords really do make hackers' jobs much easier. The study also found that improved selection of usernames and associated passwords can make a big difference in whether attackers get into someone's computer. The study was led by Michel Cukier, an assistant professor of mechanical engineering and an affiliate of the university's Clark School Center for Risk and Reliability and Institute for Systems Research. His goal was to look at how hackers behave when they attack computer systems __ and what they do once they gain access. Using software tools that help hackers guess usernames and passwords, the study logged the most common words hackers tried to use to log into the systems. Cukier and two graduate students found that most attacks were conducted by hackers using dictionary scripts, which run through lists of common usernames and passwords in attempts to break into a computer.

Root Server Attack!!!

February 2007

Hackers slow Internet root servers with attack

Online attackers have briefly disrupted service on at least two of the 13 "root" servers that are used to direct traffic on the Internet. The attack, which began Tuesday, February 6, at about 5:30 a.m. EST, was the most significant attack against the root servers since an October 2002 DdoS attack, said Ben Petro, senior vice president of services with Internet service provider Neustar. Root servers manage the Internet's DNS, used to translate Web addresses such as Amazon.com into the numerical IP addresses used by machines. The attack appeared to have been launched by a botnet, Petro said. "Two of the root servers suffered badly, although they did not completely crash; some of the others also saw heavy traffic," said John Crain, chief technical officer with the Internet Corporation for Assigned Names and Numbers (ICANN). The two hardest_hit servers are maintained by the Department of Defense and ICANN. The botnet briefly overwhelmed these servers with useless requests, but did not disrupt Internet service, Petro said. By 10:30 a.m. EST, Internet service providers were able to filter enough of the traffic from the botnet machines that traffic to and from the root servers was essentially back to normal.
Source: http://www.infoworld.com/article/07/02/06/HNrootserverattack _1.html

Tycoon Slim, Silent Mexican Chatter

February 2007

Cell phones silent as Mexico's biggest network fails

Millions o fMexicans had their cell phone conversations put on hold for much of Tuesday, February 6, after a wireless network belonging to the world's third richest man, tycoon Carlos Slim, temporarily crashed. A technical fault in western Mexico City saturated the Telcel cell phone network, Mexico's largest and owned by Slim's telecommunications giant America Movil, the company said on Tuesday. Telcel has 40 million users across the country. Worst affected were those in the vast capital and its surroundings, where most of the company's customers are located. Service began returning hours later and was 90 percent functional by late afternoon.
Source: http://www.eweek.com/article2/0,1895,2091424,00.asp

No Spying On German PCs

February 2007

German court bans police from spying on PCs

Germany's High Court has handed down a landmark decision banning police from installing spyware on computers of suspected criminals without their knowledge. The decision, announced Monday, February 5, is a blow to the plans of the German Interior Minister Wolfgang Schäuble to give the Federal Criminal Police Office greater power to monitor terrorists and other criminals online, and peek inside their computers. The High Court in Karlsruhe argued that searching computers is similar to searching homes, a practice in Germany that requires police to follow certain procedures. The judges also argued that hacking computers by the police is not permitted under Germany's strict phone_tapping laws and that legislation would be needed to enable covert surveillance.
Source: http://www.infoworld.com/article/07/02/05/HNbanpolicefromspy ing_1.html

Romanian Pirates...Arhhhh

February 2007

Piracy worked for us, Romania president tells Gates

Pirated Microsoft Corp. software helped Romania to build a vibrant technology industry, Romanian President Traian Basescu told the company's co_founder Bill Gates on Thursday, February 1. Basescu was meeting the software giant's chairman in Bucharest to celebrate the opening of a Microsoft global technical center in the Romanian capital. "Piracy helped the young generation discover computers. It set off the development of the IT industry in Romania," Basescu said during a joint news conference with Gates. Former communist Romania, which has just joined the European Union, introduced anti_piracy legislation 10 years ago but copyright infringements are still rampant. Experts say some 70 percent of software used in Romania is pirated.
Source: http://www.informationweek.com/showArticle.jhtml

Shout Hacking Vista

February 2007

Vista hole opens door to shout hacking

The honeymoon ended early for Microsoft's Vista operating system, after word spread Wednesday, January 31, about a flaw that could allow remote attackers to take advantage of the new operating system's speech recognition feature. Microsoft researchers are investigating the reports of a vulnerability that could allow an attacker to use the speech recognition feature to run malicious programs on Vista systems using prerecorded verbal commands. The potential security hole was discovered after an online discussion prompted blogger George Ou to try out a speech_based hack. Ou reported on ZD Net on Tuesday that he was able to access the Vista Start menu and,conceivably, run programs using voice commands played over the system's speakers. The speech recognition flaw is novel and notable for being the first publicized hole in the new operating system since the public launch of Vista on Tuesday. The impact of the flaw, however, is expected to be small. Microsoft recommends that users who are concerned about having their computer shout_hacked disable the speaker or microphone, turn off the speech recognition feature, or shut down Windows Media Player if they encounter a file that tries to execute voice commands on their system.
Source: http://www.infoworld.com/article/07/02/01/HNvistaspeechbug_1 .html

Attack on Experienced Users

January 2007

CA predicts more attacks on experienced users.
The continued rise of IT threats that seek to trick even the most careful PC users ranks among the top issues
highlighted by software maker CA in its latest online security research report. Published on
Thursday, January 25, the 2007 Internet Threat Outlook highlights the most pressing online
security trends projected to have an impact over the next 12 months. According to CA, malware
writers will continue to blend multiple threat formats and utilize new, covert distribution
methods in 2007, making it harder for even the most informed users to discern the difference
between legitimate content and attacks. CA said malware brokers will continue to piece
together threats such as Trojan horse viruses, worms and the many forms of spyware to hide
their attacks and evade technological defenses. With the level of professionalism rising quickly
among the most sophisticated virus distributors, CA predicts that zero_day exploits, drive_by
malware downloads and extremely intricate phishing schemes will continue to become more
dangerous and harder to detect. Of particular danger to PC users will be blended threats that
combine different elements of the various attack models, such as spam_borne Trojans and
cross_site scripting code loaded onto legitimate Websites.
Report: http://www3.ca.com/Files/SecurityAdvisorNews/ca_2007_internet_threat_outlook_final.pdf
Source: http://www.eweek.com/article2/0,1895,2087584,00.asp

Free WiFi for all...Gracias!

January 2007

Spanish start_up promises free Wi_Fi for all.
A small Spanish start_up called Whisher is thumbing its nose at U.S. broadband
providers as it prepares to launch a new service that lets people share their broadband
connections via Wi_Fi. "Either you believe in the user_generated revolution or you believe
ISPs rule the world," said Ferran Moreno, co_founder and CEO of Whisher. "I believe ISPs
don't rule the world and how the Internet works." Of course, there is one small snag in
Moreno's utopian view of free Wi_Fi for everyone. In the U.S., it's illegal.

Time Warner and other broadband providers such as Verizon
Communications said it's rare that they have to take action against subscribers sharing their
broadband service outside their home. But representatives from each company said that if
illegal sharing persists, the company takes action, which could result in users getting their
service cut off or even facing prosecution. So far, broadband providers have not come down
hard on other companies proposing to build free Wi_Fi networks that cobble together networks
using existing Wi_Fi hot spots. But this could be because these networks are still relatively
new, and their service models require additional equipment.
Source: http://news.com.com/Spanish+start_up+Whisher+promises+free+Wi_Fi+for+alltag=nefd.lede

Vista Security

January 2007

Experts: Don't buy Vista for the security.
Windows Vista is a leap forward in terms of security, but few people who
know the operating system say the advances are enough to justify an upgrade.
Microsoft officially launched Vista for consumers Tuesday, January 30.
The software giant promotes the new operating system as the most secure
version of Windows yet. It's a drum Microsoft has been beating for some time. Now that Vista
is finally here, pundits praise the security work Microsoft has done. However, most say that is
no reason to dump a functioning PC running Windows XP with Service Pack 2 and shell out
$200 to upgrade to Vista. "As long as XP users keep their updates current, there's generally no
compelling reason to buy into the hype and purchase Vista right away," said David Milman,
chief executive of Rescuecom, a computer repair and support company. "Upgrading to Vista is
pretty expensive, not only the new software but often new hardware as well," said Gartner
analyst John Pescatore. "If you put IE 7 on a Windows XP SP2 PC, along with the usual
third_party firewall, antiviral and antispyware tools, you can have a perfectly secure PC if you
keep up with the patches."
Source: http://news.com.com/Experts+Dont+buy+Vista+for+the+security

Mysterious Satellite Jam

January 2007

Mysterious source jams satellite communications.

Paris_based satellite company Eutelsat is investigating "unidentified interference"
with its satellite broadcast services that temporarily knocked out several television
and radio stations. The company declined to say whether it thought the interference
was accidental or deliberate. The problem began Tuesday afternoon, January 23,
blocking several European, Middle East and northeast African radio and television
stations, as well as Agence France_Presse's news service. All transferred their satellite
transmissions to another frequency to resume operations. Theresa Hitchens of the
Center for Defense Information think_tank in Washington, DC, says there have
been cases of deliberate satellite jamming in the past, but it is hard to see what motivation there
would be in this instance. "It's really puzzling to me," she said. "If it was accidental, why would
they be so secretive about saying what the source was and if it's deliberate, you've got to
wonder why __ it just seems to me to be an odd target..." she says.
Source: http://space.newscientist.com/article/dn11033_mysterious_source_jams_satellite_communications.html

US Poor Cybersecurity

January 2007

U.S. government does poorly in cybersecurity.

The Cyber Security Industry Alliance (CSIA) has given the U.S. government D grades on
its cybersecurity efforts in 2006, and renewed its call for the Congress to pass a comprehensive
data protection law in 2007. The CSIA, a trade group representing cybersecurity vendors,
gave the U.S. government D grades in three areas: security of sensitive information, security and
reliability ofcritical infrastructure, and federal government information assurance. In addition to a
comprehensive data protection bill, CSIA called for the U.S. government to strengthen the power
of agency chief information officers and called on agencies to increase testing of cybersecurity controls.
Report: https://www.csialliance.org/resources/pdfs/CSIA_06Report_07A genda_US_Govt.pdf
Source: http://www.infoworld.com/article/07/01/31/HNlowcybergrades_1 .html

FCP Express Foundations

Final Cut Express Foundations

We were the training company Apple chose to help launch Final Cut Pro with training on disc, in workshops in over 60 cities and all major trade shows. We have taught alongside Randy Ubillos, the creator of Final Cut Pro (and talked him into adding some cool features to the application!). We've helped hundreds of thousands of FCP editors further their Final Cut Pro knowledge. Most of the people currently writing books and teaching Final Cut Pro are our former students!

Since the release of Final Cut Express, people have been asking for an Express-specific training course. Finally... here it is!

Final Cut Express Foundations is the quintessential Final Cut Express editing course, guiding users through every step of the essential editing process from organizing projects through capture, basic editing and fine-tuning to exporting the final project for delivery in the highest possible quality. Complete with student project files, Final Cut Express Foundations is the only chunkalized™ Final Cut Express training in the world!

During the course, you'll build "Mr. Right", a short comedic tale of revenge and intrigue that steps you through editing a real world project incorporating many editing techniques and challenges that may arise in any project.
Thanks DV Creators