Issue No. 06 - November/December (2007 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2007.116
Survey Shows Security Budgets on the Rise
IT security was a major part of the small- and medium-sized businesses' budgets moving into the last quarter of 2007. In addition, budgeting for IT security created a strong demand for the value-added reseller and reseller communities, according to the results of a global market survey conducted by Astaro Corp., a supplier of security appliances.
Of the 2,800 channel partners, resellers, and end users surveyed, 37 percent plan to allocate up to US $50,000 for security tools and services in the next fiscal year, while 13.6 percent plan to budget between $50,000 and $100,000 for security. Less than 10 percent plan to spend more than $1 million on network security solutions within the next year. The majority of respondents were companies with less than 100 employees.
One quarter of respondents claim that their organizations will spend between 7 and 10 percent of their total IT budget on security. And 13 percent plan to spend more than 15 percent of their total IT budget on security.
Planned investments for the next fiscal year show that nearly 70 percent will increase budgets to prevent unauthorized access to networks and data. Sixty percent expressed concern in vulnerability assessment, leakage of confidential data, and protecting Web applications from worms or hacker attacks (via SQL/command injection) and plan to invest in protection against these threats. Half of the respondents reported desktop security for notebooks and wireless data communications as being priority areas for next year's investments.
Hacker Tells How He Broke into Routers, Stole VoIP Services
Convicted hacker Robert Moore said breaking into 15 telecommunications companies and hundreds of businesses worldwide was extremely simple "because simple IT mistakes left gaping technical holes."
Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to commit computer fraud and began a two-year prison sentence in late September for his part in a scheme to steal voice-over-IP services and sell them through a separate company. While prosecutors call co-conspirator Edwin Pena the mastermind of the operation, Moore acted as the hacker, admittedly scanning and breaking into telecom companies and other corporations around the world.
"It's so easy. It's so easy a caveman can do it," Moore told Information Week (see http://www.informationweek.com/news/showArticle.jhtml?articleID=202101781). "When you've got that many computers at your fingertips, you'd be surprised how many are insecure."
Pena, who is charged with acting as a legitimate wholesaler of Internet-based phone services as part of what the US government called a "sophisticated fraud," fled the country a year ago and is wanted as a fugitive. Assistant US Attorney Erez Liebermann said Pena allegedly stole and then sold more than 10 million minutes of service at deeply discounted rates, netting more than US $1 million from the scheme.
Acting as the operation's technical muscle netted Moore only $20,000 of the haul, according to Moore.
The government identified more than six million computers that Moore scanned just between June and October 2005.
Moore said what made the hacking job so easy was that 70 percent of all the companies he scanned were insecure, and 45 to 50 percent of VoIP providers were insecure. The biggest insecurity? Default passwords.
Kenneth van Wyk, principal consultant with KRvW Associates, said leaving default passwords up is a widespread and dangerous problem. "It's a huge problem, but it's a problem the IT industry has known about for at least two decades and we haven't made much progress in fixing it," he said. "People focus on functionality when they're setting up a system. 'Does the thing work? Yes. Fine, move on.' They don't spend the time doing the housework and cleaning things up."
Moore said it would have been easy for IT and security managers to detect him in their companies' systems if they'd been looking. "If they were just monitoring their boxes and keeping logs, they could easily have seen us logged in there," he said, adding that IT could have run its own scans, checking to see logged-in users. "If they had an intrusion detection system set up, they could have easily seen that these weren't their calls."
The hacker said IT technicians also could have set up access lists, telling the network to only allow their own IP addresses to get in. "We came across only two or three boxes that actually had access lists in place," Moore said. "The telecoms we couldn't get into had access lists or boxes we couldn't get into because of strong passwords."
The case should revive the issue of security among VoIP providers. Many in the VoIP community know of the security perils of running calls over the Internet. "This hacker's approach is certainly not a surprise to those in the Internet community who follow these types of issues," says Brian Lustig, a spokesman for VoIP provider SunRocket Inc. (see http://www.darkreading.com/document.asp?doc_id=96861). "It is just another variation of fraud that can be perpetrated."
Firm Fuses Legal and Technology Disciplines for E-Discovery
With the recent amendments to the Federal Rules of Civil Procedure addressing electronically stored information, the costs of traditional e-discovery services are expected to grow from US $1.4 billion in 2006 to more than $4.8 billion by 2011, according to a press release from Vestige, an electronic-evidence firm. To address the high costs and complexity of traditional "e-evidence" in state and federal cases, Vestige has expanded its Non-Adversarial Discovery Process with what it calls the One-Pass Evidence Discovery Process (EDP), combining expert legal and technical disciplines in one preservation, discovery, and document production methodology.
The One-Pass EDP streamlines e-discovery by using a master-cloning process at the inception of anticipated litigation. One-Pass uses high-powered, cost-efficient search and extraction tools to preserve sources of discoverable information and to drill down and expose only the relevant evidence that Vestige's evidence professionals extract and provide to their attorney clients. The process takes six hours to two days during organizational downtime to complete.
Qualcomm Faces EU Investigation
Qualcomm is the target of an antitrust investigation by the European Commission. The investigation centers around allegations that the company overcharged manufacturers on licensing fees for patents it holds on the Wideband Code Division Multiple Access system, a major a component of the Universal Mobile Telecommunications System, the third generation (3G) standard of mobile carriers for broadband data services.
A complaint regarding the issue was first filed against Qualcomm in 2005 by Ericsson, Texas Instruments, Panasonic, NEC, Broadcom, and Nokia.
The complaint prompted a preliminary investigation by the European Commission, which is now a formal investigation. The commission requires patent holders to keep reasonable and nondiscriminatory guidelines in their licensing.
Developing Better Linux-Based Cell Phones
Chip designer ARM Holdings announced collaboration with six other companies to help make Linux-based smart cell phones and other devices easier to use. ARM, based in the United Kingdom, unveiled the collaboration at its ARM Developers Conference at the McEnery Convention Center in San Jose, California, in October.
The company formed an alliance with Marvell, MontaVista, Movial, Mozilla, Samsung, and Texas Instruments. Together the group will create a platform to help them more quickly develop better mobile software to run on the Linux operating system.
Google, IBM Partner on Software Development
Google and IBM announced in October an initiative to promote new software development methods to help students and researchers address the challenges of Internet-scale applications in the future.
The initiative aims to improve computer science students' knowledge of highly parallel computing practices to better address the emerging paradigm of large-scale distributed computing. IBM and Google are teaming up to provide hardware, software, and services to augment university curricula and expand research horizons. With their combined resources, the companies hope to lower the financial and logistical barriers for the academic community to explore this emerging model of computing.
The University of Washington was the first to join the initiative. A few universities will also pilot the program, including Carnegie Mellon University, Massachusetts Institute of Technology, Stanford University, the University of California at Berkeley, and the University of Maryland. In the future, the program will expand to include additional researchers, educators, and scientists.
Fundamental changes in computer architecture and increases in network capacity are encouraging software developers to take new approaches to computer science problem solving. For Web software such as search, social networking, and mobile commerce to run quickly, computational tasks often need to be broken into hundreds or thousands of smaller pieces to run across many servers simultaneously. Parallel programming techniques are also used for complex scientific analysis such as gene sequencing and climate modeling.
Internet2 Gets Boost
The ultra high-speed Internet2 network is now 10 times faster, partly in anticipation of rising demand for capacity after the world's largest particle collider opens near Geneva next year.
The Internet2 network, run by Level 3 Communications, parallels the regular Internet to let universities, corporations, and researchers share large amounts of information in real time, according to a press release from Level 3 Communications.
Until recently, the Internet2 had a theoretical limit of 10 gigabits per second, which is thousands of times faster than standard home broadband connections. By sending data using 10 different colors, or wavelengths, of light over a single cable, operators are boosting the network's capacity to 100 Gbps.
The new Internet2 network was largely completed in late August and its operators this week made it possible for researchers to temporarily grab an entire 10-Gbps chunk for specific applications, so that they don't slow down normal Internet operations.
Yahoo Kicks off Search Assist
Microsoft rolled out a revamped version of Windows Live Search in late September, and the next month Yahoo followed suit, unveiling Search Assist, a new technology that the company claims is supposed to better understand what users are looking for on the Internet, and which will integrate rich media (such as video, audio, and images) directly into users' search results.
Part of Yahoo Search Assist is implemented as an AJAX-based drop-down pane that can appear beneath Yahoo Search's main query window. Search Assist is designed to "sense" when users need help with their search and will automatically offer links to suggested related searches and concepts.
The revamped search feature also offers Yahoo Search Shortcuts, which point to other Web information contributed by other online users. The links are intended to help users save time when searching for information in popular categories such as movies, current events, music, health, shopping, and restaurants. Yahoo Search Shortcuts integrate items such as reviews, ratings, photos, and official Web sites. Yahoo Search is available on Yahoo sites in the US now, with a rollout expected in the United Kingdom in early 2008.
Both Microsoft's and Yahoo's search services are chasing Google, however, which dominated online search queries in August with a 53.6 percent share of all searches, according to Nielsen/NetRatings. Yahoo had a 19.9 percent share in the same month.
Google Eyes Canada's Streets
Google Street View created a stir among privacy groups in the US when it debuted in May, but because all of the photos were taken on public streets, no legal basis existed for challenging the availability of the information. But the legal issues surrounding the online tool are not so straightforward in Canada. That country has tougher privacy laws that prohibit publishing photos of identifiable people without permission.
According to Reuters United Kingdom, Google may actually have to blur out faces and license plates from its Street View images if it launches the service in Canada. The only legally justified reasons for publishing identifiable images of nonconsenting parties in Canada are for "journalistic, literary, or artistic purposes."
Google currently hosts imagery from nine US cities, but none in Canada. Google's privacy counsel told Reuters that several Canadian cities had approached Google about wanting to be featured for the potential tourism it could bring.
Gartner Warns over Emissions
Power requirements for running and cooling data centers now account for almost 25 percent of global carbon dioxide emissions from information and communications technology, according to analyst firm Gartner. Increasing data center emissions are the operative factor, the firm said in a research advisory.
Despite widespread publicity around the issue, not enough attention has been paid to reducing data center emissions, Gartner research vice president Rakesh Kumar said.
The main reasons for the scale of current emissions are a lack of floor space, a failure to house high-density servers, and increased power consumption and heat generation, according to Kumar.
The analyst also highlighted related cost concerns. "We predict (that) energy consumption of microprocessors alone will rise for the next 10 years," he said.
High Starting Salaries for Computer Science Grads
College graduates with computer science bachelor's degrees received an average salary offer of US $53,051 in 2007, according to survey results from the National Association of Colleges and Employers. As in previous years, this made computer science one of the most well paid among all majors. Many majors saw increases higher than inflation (see Table 1) and the NACE predicts a healthy job market for new graduates in 2008 as well.
Information sciences and systems majors were ranked sixth in the list of 16 majors surveyed with a $49,966 average starting salary.
Chemical engineering majors had the highest average starting salary on the list at $59,218, according to the survey, followed by electrical engineering majors, mechanical engineering majors, and computer science majors. English majors were at the bottom of the list at $31,924. For the full report, see http://naceweb.org/press/display.asp?year=&prid=264.
'Unbreakable' Encryption For Voting Used in Swiss Elections
A new "unbreakable" encryption method was employed to keep votes safe for citizens in the Swiss canton of Geneva during the country's national elections on 21 October, according to the University of Geneva's Nicolas Gisin, the physics professor who led the team that developed the technology.
Election officials used quantum technology to encrypt election results as they were sent to the capital. A computer in Geneva, provided by the company Quantique, fires photons, or particles of light, down a fiber-optic link to a receiver 62 miles away. If people eavesdrop on the line, they would need to intercept the photons in transit, thereby blocking the particles from reaching their destination and tipping off the operators of the line that people are listening in.
"If anyone tries to even read the message it will explode like a soap bubble," Gisin in an Associated Press report. Geneva's secure line is one of the first public uses of quantum cryptography.