Standard Jet DBnb` Ugr@?~1y0̝cßFNvl7Ӝ6(!`{6߱cC?83y[b"|*|wf_Љ$g'DeFx -bT4.0dv Y![S !! Y   Y Y  Y Y  Y  Y  Y   Y u Y o Y n Y z Y 2lY  Y  z Y  pY ConnectDatabaseDateCreateDateUpdate FlagsForeignNameIdLvLvExtraLvModule LvPropName OwnerParentIdRmtInfoLongRmtInfoShortTypenigtluYYIdParentIdName        OYiS Y Y Y  Y 2ACMFInheritableObjectIdSID  AtYObjectId Y  SY  Y Y Y  Y  Y Y  Y EAttributeExpressionFlagLvExtra Name1 Name2ObjectId Order Y"ObjectIdAttribute -Y[SY Y Y  Y  Y  Y  Y  Y ccolumn grbiticolumnszColumnszObject$szReferencedColumn$szReferencedObjectszRelationshipQ> R͂SF HXK Y͂YYYszObject$szReferencedObjectszRelationshipYv1b N  : k & W  C t/  HH@@   @    @@@JLkmiJMmMJmQUdiYQkQbmiYQkJomdQuQMJO`YbOJmJJMMQkkfJUQkOJmJLJkQkSdi`k `dOo^Qk iQ^JmYdbkWYfkiQfdimk kMiYfmk kvkiQ^ mJL^Qk+kh+MMJmQUdiYQk+kh+MJLkmiJMm+kh+SJLkmiJMm+kh+SMJmQUdiYQk+kh+SQbmiYQkMJmJMJmQUdiYQkQbmiYQk`kvkJMMQkkdL[QMmk`kvkJMMQkku`^`kvkJMQk`kvkY`QuMd^o`bk`kvkY`QukfQMk`kvkdL[QMmk`kvkhoQiYQk`kvkiQ^JmYdbkWYfkJMMQkk^Jvdom`kvkOLko``JivYbSdokQiOQSYbQOMJmJMJmQUdiYQkQbmiYQk   @ @ @ @           ]bgo  @ @ @ @ @ @ @ @ @ @ @ @ @ooooooooo o o o ooooooooooooo$o% o& o' o( o) o* o+ o, o- o. o2 o3 o4 o5 o6 o7o8o9o:o;o<o=o>o?o@oAoBoCoDoEoFoGo/o0o1uuuuu u u uuuuuuoHoIoJoKuuuuuu]u]u]u]u bu bubuguguguoooo oo oooo!o"o#  @ @       MJmJMJmQUdiYQkQbmiYQkk@QbmiYQkk @MJmJMJmQUdiYQkk!d _ Z g  ~ ) . :DJ):i@:i@CATA categoriesEntriesyNNNNNNNNNNL g ]r;@,;@MSysAccessXMLy4MR2KeepLocal  T|||<<<<<<<: @W@@MSysAccessObjectsyDDDDDDDDDDB  pT@ @Entriesy @v<<<0000000. @q6g@N@CATA categoriesys@sLLL@@@@@@@> @@@~sq_fEntriesy4MR2KeepLocal Tzzz:::::::8 @9@9@~sq_fCategoriesy4MR2KeepLocal T@@@@@@@> @\@\@~sq_fAbstracty4MR2KeepLocal T|||<<<<<<<: @P@P@~sq_cCategories~sq_cAbstracty4MR2KeepLocal TZZZZZZZX @  `g,6g@ܙi@Adminy@t8,,,,,,,,,*  WtW@|?O@autoexecy22222222220  1wpT@=#E@Entriesy@s<<<0000000. @ fҹ͇@fҹ͇@Categoriesy66666666664  +͇@+͇@Abstracty22222222220  @'2oT@@'2oT@UserDefinedy88888888886  `0oT@[@SummaryInfoy"@sDDD88888886 @ ypT@i$@AccessLayouty4MR2KeepLocal TB'p zz:::::::8 @B?oT@B?oT@SysRely..........,  >oT@ >oT@Scriptsy0000000000.  oT@ >oT@Modulesy0000000000.  O@Y>O@DataAccessPagesy@@@@@@@@@@> @VoT@@VoT@MSysRelationshipsxDDDDDDDDDDB @VoT@@VoT@MSysQueriesx88888888886 @VoT@@VoT@MSysACEsx22222222220 @VoT@@VoT@MSysObjectsx88888888886 @VoT@Yn@MSysDby@s:::......., @@VoT@@VoT@Relationshipsx<<<<<<<<<<: @VoT@@VoT@Databasesx44444444442 @VoT@@VoT@Tablesx.........., ' |<uW9 Y Entries   G  GCATA categories///   G  GEntries   G  G([__Code] = [Select])4 'EntriesCategories33   G__Code O  G+YN Y  Y CodeDescription l@YY.rBPrimaryKeyv1@ <)Rv\AS2 q Q 0  ` ? c B  u L  m B EF">1Z+}Y5tHjO1DLaw Enforcement & Forensics (technology, organizations, proposals, litigation, rulings, judgements)k1C5Phishing1C4Anonymity1C3Pseudonymity1C2Identity theft1C1Impersonation1CIdentity, impersonation, spoofing)1B9Non-virus hoaxes, urban myths'1B8Traffic in women, slavery#1B7Hate groups, speech1B6Auctions1B5Gambling1B4Stalking & harassment1B3Pedophilia, kidnapping, Net-adoption fraud41B2Child pornography1B1Adult pornography1BPornography, Net-harm, cyberstalking, gambling, online auctionsH1A6Criminal hacker psychology$1A5Criminal hacker organizations'1A4Criminal hacker publications&1A3Biographical notes on individual criminals (including arrests, trials)P1A2Criminal hacker testimony in court or committees:1A1Criminal hacker conventions and meetings21ACriminal hacker scene (conventions, meetings, testimony, biographies, publications)[19.9Counterfeit products (hardware, clothing etc.): 19.8Plagiarism & cheating! 19.7Counterfeit legal or business documents3 19.6Counterfeit currency, credit-cards, other negotiable tokensG 19.5Games piracy 19.4Books / e-books piracy" 19.3Movies / TV piracy 19.2Music piracy 19.1Software piracy 19Counterfeits, forgery (including commercial software/music piracy)J18.2Loss of equipment 18.1Theft of equipment 18Theft/loss of equipment (laptops, ATMs, computers, cables, network components)V17.3Phreaking, cramming, uncapping, theft of services= 17.2Web vandalism 17.1Penetration 17Penetration, phreaking, cramming, uncapping (entering systems, stealing telephone or other services)l16.6Disinformation, PSYOPS" 16.5Hacktivism 16.4Military & government perspectives on INFOWAR9 16.3Infrastructure protection & homeland security9 16.2Industrial information systems sabotage3 16.1Industrial espionage 16INFOWAR, industrial espionage, hacktivism115.3Slamming 15.2Extortion 15.1Fraud 15Fraud (not embezzlement), extortion, slamming514.5Virus hoaxes 14.4Trojans & rootkits 14.3Virus/worms 14.2Worms 14.1Viruses 14Viruses, virus-hoaxes, Trojans (assembly level or macro: not ActiveX or Java)V13.4Obsolescence 13.3Embezzlement 13.2Data corruption & destruction) 13.1Data diddling 13Data diddling, data corruption, embezzlement412.3Injection 12.2Interception 12.1Wiretapping 12Wiretapping, interception (not jamming; not govt/law enforcement)I11.4Covert channels 11.3Data theft 11.2Unauthorized disclosure# 11.1Data leakage 11Breaches of confidentiality#10HEADING: Computer Crimes (cases, indictments, convictions, sentences)M08About the Editor07Acknowledgements06The INFOSEC UPDATE Course!05Using IYIR04Copyright03Sources of Information02Taxonomy of INFOSEC Issues"01Introduction0UnclassifiedV<\+ Z :  b F  m G z X = ` 3 w( aBqJc; a0kzP![,34.1Net filters 34Net filters, monitoring (technologies).33.4Risk analysis & management& 33.3Authorization, access controls* 33.2Spam, spim, spit & splogs% 33.1Acceptable use policies# 33Policies, risk analysis, risk management032.2Censorship outside the USA& 32.1Censorship in the USA! 32Censorship, indecency laws, 1st amendment (law)731.4Outsourcing 31.3New technology with security implications5 31.2Estimates, guesses, predictions, forecasts concerning securityJ 31.1Surveys, studies, audits of security0 31The state of information security & technology630HEADING: Management & Policy$29.7Outsourcing 29.6Flash crowds, social e-links( 29.5Online legal proceedings$ 29.4Online & electronic voting& 29.3Digital divide 29.2Cyberdating & cybersex" 29.1Addiction, games & violence' 29Sociology of cyberspace28.6RFID tags 28.5Serial numbers 28.4Cell/mobile phones/GPS/cameras* 28.3Keystroke loggers 28.2Scumware 28.1Spyware, Web bugs & cookies' 28Automated surveillance27.7Anti-malware technology# 27.6Honeynets 27.5Honeypots 27.4Firewalls & other perimeter defenses0 27.3Intrusion detection systems' 27.2Port scans 27.1Vulnerability assessment$ 27Security tools26.4Distraction 26.3Heat 26.2Toxic materials 26.1Radiation 26Health effects of electronic equipment (phones, screens, etc.)F25.3RFI, HERF, EMP/T 25.2Jamming 25.1Remote control, RATs, reprogramming, auto-updates= 25Computer remote control & disruption,24.BRobust systems (hw / sw)$ 24.ASecure processors 24.9Peer-to-peer networking# 24.8MAC OS 24.7SWDR (Software-defined radio)) 24.6WAP, WEP, Wi-Fi, Bluetooth, 802.11, WiMax5 24.5LAN OS 24.4TCP/IP & HTTP 24.3UNIX flavors 24.2Windows NT/2K/XP 24.1Windows 9x/Me 24Operating systems, network operating systems,TCP/IP problems (alerts & improvements)\23.9PERL, CGI scripts 23.8SMS 23.7VoIP 23.6Web-site infrastructure, general Web security issues@ 23.5E-mail & instant messaging or chat. 23.4HTML, XML, browsers 23.3ActiveX 23.2Javascript 23.1Java 23Internet tools22.4Accidental availability disruptions/ 22.3DoS countermeasures 22.2DDoS attacks 22.1DoS attacks 22Availability problems21.5Robots, botnets 21.4SCADA (supervisory control and data acquisition) systems, vehicle controlsV 21.3Embedded processors 21.2Security product QA failures( 21.1General QA failures 21Quality assurance failures including design flaws920HEADING: Emerging Vulnerabilities & Defenses41D4Government funding for law enforcement01D3Litigation, legal rulings, judgements affecting law enforcementI1D2Technology for law enforcement(1D1Organizations, cooperation for law enforcement8JxU/lC i H . i 7 * G  Y  q*Q@$_&h2\qV>' 4BIntellectual property: patents, copyrights (law)84A9Net neutrality4A8Liability4A7Spam4A6Libel4A5Archives4A4Blocking4A3Jurisdiction4A2Pointing, linking, deep linking, metatext34A1Framing4AEvolution of Net law: framing, pointing, linking, jurisdiction, neutralityR49.2Non-US government surveillance of citizens6 49.1US government surveillance of citizens2 49Government surveillance, legislation regulating govt surveillance, case-lawS48.3Non-US intellectual property laws- 48.2Non-US computer-crime laws& 48.1Non-US cryptography laws$ 48Foreign cyberlaws (not cases or sentences)247US computer-crime laws46Cryptography exports from US; Key escrow045.9E-shopping carts 45.8E-commerce laws 45.7Sales taxes on Internet commerce, 45.6Smart cards and other e-commerce security measures> 45.5Digital-rights management (DRM); e.g., copy protection, digital watermarksV 45.4E-payments; e.g., credit-cards, e-brokers5 45.3Micropayments 45.2Digital cash 45.1PKI (Digital signatures / certificates)3 45E-commerce security, digital signature, products, digital cash, e-paymentsR44.3Steganography 44.2Crypto products 44.1Crypto algorithms 44Encryption algorithms, products (including steganography)A43.6E-mail authentication (e.g., SPF & SenderID)8 43.5Single sign-on 43.4Kerberos 43.3Passwords 43.2Biometrics 43.1Tokens 43I&A products (tokens, biometrics, passwords, Kerberos)>42.3Crypto product implementation flaws/ 42.2Brute-force attacks 42.1Crypto algorithm weaknesses' 42Crypto algorithms (weakness, brute-force attacks, implementation flaws)O41Cryptanalysis techniques & tools(40HEADING: Defensive Technology, Law of E-commerce, Intellectual PropertyO38.9Medical information & HIPAA' 38.8Law enforcement & privacy rights, 38.7Other case law, legislation & regulation concerning individual privacy (not govt surveillance)j 38.6US case law, legislation & regulation concerning individual privacy (not govt surveillance)g 38.5EU case law, legislation & regulation concerning individual privacy (not govt surveillance)g 38.4International agreements on security, individual privacy, Net lawM 38.3Industry efforts for individual privacy protection> 38.2Trade in personal information) 38.1Consumer / employee / individual profiling & surveillance (non-governmental)X 38Consumer/employee / individual privacy, profiling & surveillance (non-governmental)[37.ABooks 37.9White papers 37.8Web sites 37.7Conferences 37.6Industry courses 37.5Doctoral programs 37.4Master's programs 37.3Undergraduate programs" 37.2High school programs 37.1Elementary & middle school programs/ 37Education in security & ethics&36Responses to intrusion35.3Politics & management of the DNS, 35.2Trademarks vs DNS 35.1Cybersquatting 35DNS conflicts, trademark violations (Net, Web)634.2Usage monitoring, audit trails (employees, children)@ L  nQ~9 t TTEMPORARY PLACEHOLDER4DFunny / miscellaneous4C5Academic/Industry/Vendor/Govt efforts/4C4Professional certification in security, auditing:4C3Certification of site security, privacy protection<4C2Risk management methodology & tools-4C1Paradigms, security standards'4CSecurity paradigms, risk management, site-security certification, professional certificationd4B5Trademarks4B4EULA (End-user license agreements),4B3Reverse engineering4B2Patents4B1Copyrights @ @  @ @@@  @@   @  @ @ @ @ @@ @ @ @@ @ @@  @  @ @   @ @ @   @  @@6686:6<6>6@6B6D6F86 88 888 88: 88< 88>8:8:88::8:<8<8<88<:8<<8<>8>8>88>:8><8>>8>@8@8@88@: 8@<!8B"8B8#8B:$8B<%8B>&8B@'8BB(8D)8D8*8D:+8D<,8F-8F8.8F:/8H08H818H:28H<38H>48H@58HB68HD78HF88HH98J:8J8;8J:<8J<=8J>>8J@?8JB@8LA8L8B8L:C8L<D8L>E8L@F8LBG8LDH8LFI8LHJ8MK8M8L8M:M8M<N8M>O8M@P8OQ8O88O:8O<8O>:6:8:88:8::8<:8> :8@ :: ::8 ::: ::<::>:<:<8:<::<<:<>:<@:<B:<D:<F:<H:>:>8:>::><:>>:>@:>B :>D!:>F":>H#:>J$:>L%:@&:@8':@:(:@<):B*:B8+:B:,:B<-:B>.:D/:D80:D:1:D<2:D>3:D@4:DB5:DD6:F7:F88:F:9:F<::F>;:F@<:FB=:H>:H8?:H:@:H<A:H>B:H@C:HBD:HDE<6F<8G<88H<8:I<8<J<8>K<:L<:8M<::N<<O<<8P<<:Q<<<R<<>S<>T<>8U<>:<@<@8<@:<@< 6>8>:>:8>::>:< ><!><8"><:#><<$><>%><@&><B'>>(>>8)>>:*>><+>@,>@8->@:.>@</>@>0>@@1>@B2>@D3>@F4>@H5>B6>D7>F8>F89>F::>F<;>H<>H8=>H:>>J?>J8@>J:A>J<B>J>C>J@D>JBE>JDF>JFG>JHH>LI>L8>L:>L<>L>>L@>M>M8>M:>M<>M> >M@ >O m  Y.5x N  .y.'....uY Y  Y  Y  Y  Y  Y  Y  Y IDDate Source Volume NumberAbstractKeyword Select Extra8ˀ;ˀˀˉlˀYYYYY,CATA categoriesEntriesDateKeyword NumberPrimaryKeys v1b pLD$V>{okSs:߿  @! @LVALs  DIGITAL DOOMSDAY CAN BE AVOIDED WITH PREPARATION Bill Brenner began his report in TechTarget's SearchSecurity with the following paragraphs which reflect a scenario long described by Winn Schwartau since the early 1990s: "A common nightmare scenario in the business world is that a hacker will crack a company's digital defenses, steal sensitive data or disable the network. Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit (US-CCU), an independent organization that churns oDIGITAL DOOMSDAY CAN BE AVOIDED WITH PREPARATION Bill Brenner began his report in TechTarget's SearchSecurity with the following paragraphs which reflect a scenario long described by Winn Schwartau since the early 1990s: "A common nightmare scenario in the business world is that a hacker will crack a company's digital defenses, steal sensitive data or disable the network. Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit (US-CCU), an independent organization that churns out information security data on behalf of the government, says enterprises face a darker possibility. Online outlaws could quietly penetrate the network and, over six to eight months, alter critical data so that it's no longer accurate. For instance, an attacker could access a health insurance company's patient records and modify information on a person's prescriptions or surgical history. Or an attacker could access an automotive company's database and tamper with specifications on various car parts."RUSSIAN KEYLOGGERS HIT BANK CUSTOMERS: FRENCH BANKS LOSE 1M John Oates wrote in _The Register_: "Russian scammers used key logging Trojans to steal more than a 1m from French people accessing online bank accounts. The Trojans were sent by email but were not activated until people accessed their online bank accounts. Then the Trojan forwarded on user names and passwords to the crooks. The thieves then used the details to transfer funds to third party *mule* accounts. The worst individual loss was 40,000. French police were told in November 2004 and the scam lasted 11 months. Arrests have been made in Moscow and St Petersburg and several *Ukrainian masterminds* have also had their collars felt." Mr Oates pointed to an article in The Guardian at < http://www.guardian.co.uk/france/story/0,,1703777,00.html > by Kim Willsher with more details.E-VOTING SYSTEMS TESTER SEES  PARTICULARLY BAD SECURITY ISSUES Herbert Thompson tested Diebold AccuVote optical scanning equipment used for vote-counting in Leon County, FL. Marc Songini interviewed Dr Thompson for an article in Computerworld and discussed the issues. Dr Thompson and his colleagues were able to alter voting results by tampering with the device's memory card. The results could twist the vote-count to favor a preselected candidate. Diebold officials strongly criticized the test methodology, saying that the memory cards were normally sealed precisely to prevent such tampering and that the tests were equivalent to complaining about poor security by deliberately disabling protection and then complaining about security breaches. They also complained that the tests themselves may have violated the terms of Diebold's licensing agreements and intellectual property rights.2r ucA M 3@RISKS; Wikipedia http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-20052417@&wiretapping surveillance illegal government ministers espionage49.2xlhd 3@@RISKS2416@%software quality assurance QA textbook37.AWWQ) 3@@RISKS2416@"quality assurance QA spreadsheet errors education awareness training37.8uuo) 3@RISKS; http://tinyurl.com/rq8p82415t@#quality assurance design municipal property tax human user error quality assurance QA plausibility21.1C73/ 3@@RISKS; NYT; http://tinyurl.com/rgh5t2415@$stolen laptop personal data leakage confidentiality control employees customers unencrypted disk18.1H<84 3 @RISKS; http://tinyurl.com/atvlo2415 @$canonical password Joe account access control vulnerability root backdoor21.2C73/ 3 @RISKS; http://tinyurl.com/qy29o2415@#bank tape Social Security Numbers SSN loss data leakage confidentiality privacy11.1C73/ 3@RISKS2415@#criminal hacker penetration military base arrest1A3``[) 3 @RISKS2415@#surveillance privacy law enforcement cell mobile phone records logs38.2ttn) 3@@RISKS; http://tinyurl.com/oy2hz2414 @"privacy confidentiality data leakage quality assurance QA error11.2C73/ 3@RISKS2415@"China government censorship search engine GOOGLE US law32.2hhb) 3 @RISKS2414@!data leakage confidentiality covert channel11.4\\V) 3 @RISKS2414Lavailability airline reservation system business continuity disaster recovery failure22.4) 3@http://www.gao.gov/docdblite/details.php?rptno=GAO-06-425junk fax FCC government enforcement audit report failures problems31.1UIII 3@Newsday < http://www.newsday.com/news/local/longisland/ny-lihack264757084may26,0,7790806.story >@criminal hackers extortion privacy social networking15.2|ppp 3@NEWSFACTOR < http://tinyurl.com/ouefj >@@industrial espionage Trojan horse spyware police investigation arrests harassment data theft copyright violation intellectual property social engineering keystroke logging remote control jail trial conviction prison16.1""C777 3@The Register < http://www.theregister.co.uk/2006/03/22/fidelity_laptop_hp/ >@laptop computer thefts losses compromise customer employee financial tax data identity theft encryption SSN18.2h\\\ 3@The Register < http://www.theregister.co.uk/2006/03/30/ey_nokia_lapop/ >@laptop computer thefts losses compromise customer employee financial tax data identity theft passwords SSN18.2dXXX 3 @The Register < http://www.theregister.co.uk/2006/05/12/wellsfargo_computer_loss/ >@data loss computer sensitive data confidentiality SSN financial information18.2nbbb 3@TechTarget http://tinyurl.com/nnf72@information warfare cyberwar insidious attacks data corruption mole insider employee damage scenarios16.4?333 3@http://www.theregister.co.uk/2006/02/08/france_keylogs_losses/p@keyloggers data leakage data theft fraud scam Trojans bank accounts international criminal hackers arrests28.3ZNNN 3@http://www.computerworld.com/printthis/2006/0,4814,107881,00.html@optical scanner electronic voting machine memory card tampering testing hacking Digital Millennium Copyright Act DMCA29.4]QQQLVAL ERNST & YOUNG LOSES LAPTOP COMPUTER WITH CUSTOMER DATA The international consulting firm Ernst & Young lost a series of laptop computers in 2006. In February, the firm admitted that a laptop with confidential customer data -- including the SSN of Scott McNealy, CEO of Sun Microsystems -- had been lost or stolen in January. McNealy reported that his identity had in fact been compromised. Then a March report in the Miami Herald stated that some Ernst & Young auditors went to lunch on Feb 9 -- leaving their laptop computers in a conference room in the office building where they were working. Two men stole four laptops. E&Y declined to issue a public statement about these breaches of securERNST & YOUNG LOSES LAPTOP COMPUTER WITH CUSTOMER DATA The international consulting firm Ernst & Young lost a series of laptop computers in 2006. In February, the firm admitted that a laptop with confidential customer data -- including the SSN of Scott McNealy, CEO of Sun Microsystems -- had been lost or stolen in January. McNealy reported that his identity had in fact been compromised. Then a March report in the Miami Herald stated that some Ernst & Young auditors went to lunch on Feb 9 -- leaving their laptop computers in a conference room in the office building where they were working. Two men stole four laptops. E&Y declined to issue a public statement about these breaches of security, although they did assure the public that "password protection" sufficed to compensate for loss of control over the data. On March 15, The Register's Ashlee Vance, indomitable reporter that she is, wrote that E&Y lost yet another laptop computer -- this one stolen in January from an employee's car. It contained financial and tax records compromising the security of "thousands" of IBM employees and ex-employees. Once again, the company refused to issue a public statement about the theft and informed the potential victims of identity theft two months after the incident. On March 23, Vance found out that E&Y had admitted to BP that 38,000 employees were included in the January laptop theft.WELLS FARGO LOSES COMPUTER WITH SENSITIVE CUSTOMER DATA Ashlee Vance, writing in The Register, reported that >At least one poor Hewlett Packard employee compromised by Fidelity's March laptop loss has now been told Wells Fargo lost his personal data, too. The staffer received a note this week from Wells Fargo, saying the financial institution had lost a computer packed full of sensitive data such as customers' names, addresses, Social Security numbers and Wells Fargo mortgage loan account numbers, according to a document sent to The Register. Wells Fargo has admitted the loss, telling us that it affected a "relatively small percentage of Wells Fargo customers." The company, however, has millions of customers, so it's pretty tough to tell what a "small percentage" means. The company said that, "a computer - being transported for Wells Fargo Home Mortgage, a division of Wells Fargo Bank, N.A., by a global express shipping company between Wells Fargo facilities - has been reported as missing and may have been stolen. Wells Fargo said there is no indication that the information on the computer equipment has been accessed or misused. The computer has two layers of security, making it difficult to access the information."<LVALC  MYFRIENDSPY WRITERS CHARGED WITH EXTORTION Shaun Harrison and Saverio Mondelli were arrested and charged with attempting to extort $150,000 from MySpace.com by writing a program (MyFriendSpy) to allow "MySpace.com users to see the online identities of anyone who looked at their profiles, undermining the Web site's privacy guarantees," according to "Jeffrey McGrath, an assistant Los AngelesMYFRIENDSPY WRITERS CHARGED WITH EXTORTION Shaun Harrison and Saverio Mondelli were arrested and charged with attempting to extort $150,000 from MySpace.com by writing a program (MyFriendSpy) to allow "MySpace.com users to see the online identities of anyone who looked at their profiles, undermining the Web site's privacy guarantees," according to "Jeffrey McGrath, an assistant Los Angeles district attorney." Joseph Mallia, writing in Newsday, explained in his report that "Harrison, 18, of Ronkonkoma, and Mondelli, 19, of Oakdale, were arrested in Los Angeles Friday when they stumbled into a cross-country Secret Service sting operation, authorities said. They traveled to Los Angeles in the expectation that they would collect the money from MySpace.com employees, McGrath said."INDUSTRIAL ESPIONAGE COUPLE GETS JAIL TIME The perpretrators of the Trojan Horse scandal that rocked Israel in May 2005 were sent to jail in March 2006. The husband-and-wife team installed Trojan horse software that functioned as keystroke loggers and transmitted confidential data for use in industrial espionage. They also had to pay about MU$ in restitution to their victims. Michael Haephrati, who wrote the software, went to prison for four years; Ruth Brier-Haephrati was jailed for two years for her role in selling the code to dishonest private investigators.FIDELITY INVESTMENTS LOSES LAPTOP WITH CLIENT DATA Ashlee Vance, scourge of careless laptop users, reported on March 22 in The Register that Fidelity Investments had announced the loss of a laptop computer containing detailed HP retirement plan data for 196,000 HP employees, including names, addresses, salaries and SSNs. In contrast with the disgraceful performance of Ernst & Young, Fidelity announced the loss relatively quickly and cooperated fully with the trade press. In addition, the data on the laptop were encrypted. The same article reported that Ernst & Young were rolling out encryption software for their corporate computers. At last. On 24 March, Vance reported that the _reason_ a Fidelity employee was carrying 196,000 records about HP employees on a laptop was& wait for it& as part of a demo intended to impress HP executives with some new software. Yep: live, highly sensitive data for a demo on a laptop computer.LVALWEAKNESSES IN PROCEDURES AND PERFORMANCE MANAGEMENT HINDER JUNK FAX ENFORCEMENT The Telephone Consumer Protection Act of 1991 prohibited invasive telemarketing practices, including the faxing of unsolicited advertisements, known as "junk faxes," to individual consumers and businesses. Junk faxes create costs for consumers (paper and toner) and disrupt their fax operations. The Junk Fax Prevention Act of 2005 clarified an established business relationship exemption, specified opt-out procedures for consumers, and requires the Federal Communications Commission (FCC)--the federal agency responsible for junk fax enforcement--to report annually to Congress on junk fax complaints and enforcement. The law also required GAO to report to Congress on FCC's enforcement of the junk fax laws. This report addresses (1) FCC's junk fax procedures and outcomes, (2) the strengths and weaknesses of FCC's procedures, and (3) FCC's junk fax management challenges. FCC has procedures for receiving and acknowledging the rapidly increasing number of junk fax complaints, but the numbers of investigations and enforcement actions have generally remained the same. In 2000, FCC recorded about 2,200 junk fax complaints; in 2005, it recorded over 46,000. Using its procedures to review the complaints, FCC's Enforcement Bureau (EB) issued 261 citations (i.e., warnings) from 2000 through 2005. EB has ordered six companies to pay forfeitures for continuing to violate the junk fax rules after receiving a citation. The six forfeitures totaled over $6.9 million, none of which has been collected by the Department of Justice for various reasons. EB officials cited competing demands, resource constraints, and the rising sophistication of junk faxers in hiding their identities as hindrances to enforcement. An emphasis on customer service, an effort to document consumers' complaints, and an attempt to target enforcement resources efficiently are the strengths of FCC's procedures; however, inefficient data management, resulting in time-conLVALsuming manual data entry, data errors, and--most important--the exclusion of the majority of complaints from decisions about investigations and enforcement, are weaknesses. FCC's guidance to consumers does not provide them with all of the information they need to support FCC's enforcement efforts. FCC faces management challenges in carrying out its junk fax responsibilities. The commission has no clearly articulated long-term or annual goals for junk fax monitoring and enforcement, and it is not analyzing the junk fax data. Without analysis, FCC cannot explore the need for, or implement, changes to its rules, procedures, or consumer guidance that might help deter junk fax violations or give consumers a better understanding of the junk fax rules. Most important, without performance goals and measures and without analysis of complaint and enforcement data, it is not possible to explore the effectiveness of current enforcement measures. Full report at < http://www.gao.gov/new.items/d06425.pdf >.LVAL UNITED AIRLINES RESERVATION COMPUTER SYSTEM OUTAGE According to a RISKS correspondent, the AP and Reuters newswire report describing the United Airlines reservation system outage on the 3rd of January 2006 was wrong. Peter Neumann summarized the reports as follows: "Computer Glitch Delays United Air Flights In US, 3 Jan 2006 United Airlines' domestic flights were delayed up to 90 minutes Tuesday night because of an outage in the computer system controlling United's check-ins and reservations, which went down for about five hours around 5 p.m. CST Wednesday. Passengers were checked manually, and flights were delayed up to 90 minutes." However, the corresepondent personally saw delays of far more than 90 minutes at Los Angeles International Airport (LAX). He described the debacle as follows (quoting directly): * No self-check-in kiosks working, reservationists answering the phone with "our computers are still down", which meant every queue had more than 500 people in it, spilling out on the sidewalk outside the terminal, and they were using "the manual procedure". The people close to the head of the queue had been waiting for more than two hours, they said, and they dispensed with the special queues for premier or 1k, just to spread the pain equally. * They weren't calling out specific flights to try to fill them. * They had most of the check-in desks empty. Obviously they don't have enough people trained in the manual procedure to alleviate the bottleneck. * The woman working the lines (with a megaphone) was apologetic, but wouldn't answer questions, not even frequently asked questions which did not have to with individual problems, such as "if I miss my last flight will you provide a hotel? Or is my ticket now refundable if I fly another carrier? * some reports are they were flying planes half-empty because people couldn't get to the gates. Of co