Triplesourced
Reporting, musing and not to mention some random scribbling on tech issues from green/sustainable IT to security. (http://adonoghue.wordpress.com/)
Thursday 29 January 2009, 3:49 PM
US economy narrowly avoids hacking disaster (fails to avoid self-made one)
Got to love this.
Sophos have just sent out a press release warning about a near miss hack attack on US financial giant Fannie Mae.
Apparently a disgruntled employee planned to set off a "malware timebomb" that would have wiped the organisations databases - potentially triggering an economic meltdown which would have plunged financial markets into a recession which we have not seen the likes of since the great depression. Fear, confusion and chaos would have been widespread.
Phew! Good job that didn't happen then!
Actually Sophos goes on to say that with the markets in turmoil already, the hacking attack would have caused untold miser. I disagree, I think no one would have noticed. I think this could be a new tactic to defeat hackers and even terrorists, let''s just let society and the economy implode and the malcontents won't be able to disrupt anything - self-made scorched-earth policy -it's genius.
Here is the missive in full:
FANNIE MAE EMPLOYEE ACCUSED OF PLANTING MALWARE TIMEBOMB, SOPHOS REPORTS
Disgruntled software engineer attempted to obliterate 4,000 servers with malicious script
IT security and control firm Sophos is reminding businesses of the importance of properly safeguarding IT networks following the news that a federal grand jury in Maryland, US, has indicted a 35-year-old ex-employee of Fannie Mae for planting a malicious script, designed to destroy data on the US financial giant's servers.
According to media reports, Rajendrasinh Babubhai Makwana worked as a software engineer at Fannie Mae's offices in Maryland for three years, where he is said to have had access to all of the company's 4,000 servers.
During this time, Makwana, an Indian citizen who now resides in Virginia, is alleged to have embedded destructive code on the company's server which was due to trigger at 9:00 am on 31 January 2009, wiping out all data across the network by overwriting it with zeroes. According to the prosecution case, anyone trying to log in to the network on 31 January would have received a message saying 'Server Graveyard'.
Documents presented to the court state that, Fannie Mae terminated Makwana's employment in October 2008 - the malicious script was allegedly found the following day. If found guilty, Makwana could face a sentence of up to ten years in prison.
"Obviously this case is ongoing, with charges not yet proven against Makwana, but it should serve as a timely reminder to all companies as to what they should be prepared for," said Graham Cluley, senior technology consultant at Sophos. "Implementing a combination of robust user policies and security measures is crucial in order to safeguard their IT networks - and ultimately their business - against such incidents."
"As the credit crunch forces companies to tighten their belts around the world, more and more firms will be making the difficult decision to make staff redundant. But it's important to remember that a disaffected employee could create havoc inside your organisation," continued Cluley. "We can only imagine the impact if an attack like this hadn't been intercepted and had successfully struck a financial institution - with public confidence in the financial system at an all-time low, coupled with an unstable economy, the consequences would be dire."
"Had this malicious script executed, it would have probably caused millions of dollars of damage and reduced - if not shutdown - operations at Fannie Mae for at least one week," said FBI agent Jessica Nye in a sworn statement. "The total damage would include cleaning out and restoring all 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased."
Sophos have just sent out a press release warning about a near miss hack attack on US financial giant Fannie Mae.
Apparently a disgruntled employee planned to set off a "malware timebomb" that would have wiped the organisations databases - potentially triggering an economic meltdown which would have plunged financial markets into a recession which we have not seen the likes of since the great depression. Fear, confusion and chaos would have been widespread.
Phew! Good job that didn't happen then!
Actually Sophos goes on to say that with the markets in turmoil already, the hacking attack would have caused untold miser. I disagree, I think no one would have noticed. I think this could be a new tactic to defeat hackers and even terrorists, let''s just let society and the economy implode and the malcontents won't be able to disrupt anything - self-made scorched-earth policy -it's genius.
Here is the missive in full:
FANNIE MAE EMPLOYEE ACCUSED OF PLANTING MALWARE TIMEBOMB, SOPHOS REPORTS
Disgruntled software engineer attempted to obliterate 4,000 servers with malicious script
IT security and control firm Sophos is reminding businesses of the importance of properly safeguarding IT networks following the news that a federal grand jury in Maryland, US, has indicted a 35-year-old ex-employee of Fannie Mae for planting a malicious script, designed to destroy data on the US financial giant's servers.
According to media reports, Rajendrasinh Babubhai Makwana worked as a software engineer at Fannie Mae's offices in Maryland for three years, where he is said to have had access to all of the company's 4,000 servers.
During this time, Makwana, an Indian citizen who now resides in Virginia, is alleged to have embedded destructive code on the company's server which was due to trigger at 9:00 am on 31 January 2009, wiping out all data across the network by overwriting it with zeroes. According to the prosecution case, anyone trying to log in to the network on 31 January would have received a message saying 'Server Graveyard'.
Documents presented to the court state that, Fannie Mae terminated Makwana's employment in October 2008 - the malicious script was allegedly found the following day. If found guilty, Makwana could face a sentence of up to ten years in prison.
"Obviously this case is ongoing, with charges not yet proven against Makwana, but it should serve as a timely reminder to all companies as to what they should be prepared for," said Graham Cluley, senior technology consultant at Sophos. "Implementing a combination of robust user policies and security measures is crucial in order to safeguard their IT networks - and ultimately their business - against such incidents."
"As the credit crunch forces companies to tighten their belts around the world, more and more firms will be making the difficult decision to make staff redundant. But it's important to remember that a disaffected employee could create havoc inside your organisation," continued Cluley. "We can only imagine the impact if an attack like this hadn't been intercepted and had successfully struck a financial institution - with public confidence in the financial system at an all-time low, coupled with an unstable economy, the consequences would be dire."
"Had this malicious script executed, it would have probably caused millions of dollars of damage and reduced - if not shutdown - operations at Fannie Mae for at least one week," said FBI agent Jessica Nye in a sworn statement. "The total damage would include cleaning out and restoring all 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased."
Thursday 29 January 2009, 12:05 PM
Government kicks UK when it's down with more ID Card news
Yep - unfortunately it seems that although the country is mortgaged to the hilt, the pound is worth about the same as it was in 1978, and job losses indicate that only PoundStretcher and McDonalds will be employing anyone by the end of the February, the government still thinks we want to hear about the benefits of ID Cards.
Home Secretary, Jacqui Smith, said:
"Those benefits include increased protection against identity fraud for the individual and help in protecting our communities against criminals, illegal immigrants and terrorists trying to exploit multiple identities."
Here's the entire missive from the Ministry of Truth which hit my in-box just now:
(Home Office) Benefits of Identity Cards will be delivered soon, Home Secretary tells Manchester
Work is underway to identify a number of areas across the UK where British nationals can be among the first to apply for an identity card, Home Secretary Jacqui Smith announced when she visited Manchester today.
Further details of plans to introduce the first voluntary identity cards for the general public this autumn were revealed during her visit to meet with young people and the city's business and community leaders.
At a speech in Manchester Town Hall she emphasised the benefits identity cards will bring for the region and the country and set out the progress made in delivering the cards. Building on a commitment made in November she expanded on plans to make a limited number of the cards available early from this autumn.
A brand new website giving the public more information on keeping their identity secure will be launched in the Spring. British nationals interested in getting an identity card will be able to stay up-to-date with developments and can register to be told if the National Identity Service goes live in their region.
While in Manchester the Home Secretary visited Newall Green High School in Wythenshawe to meet young people who could be some of the first to be able to apply for cards from 2010. Together they discussed how identity cards will help young people strike out on their own by opening their first bank account, renting their first flat, or perhaps travelling to Europe for the first time.
Home Secretary, Jacqui Smith, said:
"Identity cards are already a reality and thanks to Manchester Airport's agreement to work with us, the city is leading the way in their roll-out. As the cards become more widely available the whole country will see real benefits for citizens, businesses and the country by giving a convenient and secure proof of identity that locks people to one identity.
"That is why we have brought forward our plans and this year will begin offering identity cards on a voluntary basis, giving British nationals the chance to access the benefits of identity cards as soon as possible.
"Those benefits include increased protection against identity fraud for the individual and help in protecting our communities against criminals, illegal immigrants and terrorists trying to exploit multiple identities."
In her speech she stressed that in those areas where identity cards are delivered first residents, businesses, local authorities and others will reap the rewards the cards bring including:
- a universal and simple proof of identity that brings convenience for organisations and individuals - that means an end to the disorganised use of photocopied bank statements, phone bills and birth certificates;
- the Service will give you control of who can see your personal details - that means an end to revealing details about your finances or personal life just to prove who you are and where you live;
- ensuring that foreign nationals living, working and studying here legally are able to easily prove their identity and prevent those here illegally from benefiting from the privileges of Britain; and
- convenient travel in Europe using the identity card.
Identity cards are already a reality for foreign nationals with work underway to issue more than 50,000 by April this year, helping show clearly whether non-EEA residents have the right to work and live in the UK.
Starting in autumn this year the first identity cards for airside workers will be issued at Manchester and London City airports, which have agreed to take part in an 18 month evaluation of the benefits the Service will bring the aviation industry.
From 2010 young people can apply for the card and from 2012 the National Identity Service will begin to roll-out identity cards for the general population in significant numbers.
Geoff Muirhead CBE, Chief Executive of Manchester Airport Group, said:
"We are committed to working closely with IPS to deliver identity cards to airside workers because we believe they offer real benefits to businesses operating at Manchester Airport.
"Improved identity checks will also provide greater portability for individuals in terms of applying for new jobs within the industry where airside clearance is required without the need to repeat lengthy security checks."
NOTES TO EDITORS
1. Manchester and London City airports have agreed to work with IPS and the Government as part of the first wave of airports under the critical workers identity card service and will help to develop detailed plans for introducing identity cards from autumn 2009.
2. Identity cards issued to airside workers will bring real benefits to employers, employees and the public. They will help:
- improve the portability of reference checks between employers and airports creating greater flexibility for employers and staff;
- kick start joint work to explore opportunities for streamlining airside pass regimes;
- give holders a highly secure and convenient identity document that can be used to prove their identity and as a travel document for UK citizens within the EEA; and
- help ensure all people using airports are confident about their safety whilst there.
3. Introducing the National Identity Scheme, a vision of how the National Identity Scheme will work from 2012, can be found at http://www.ips.gov.uk/identity
4. Delivery schedule
- From 25 November 2008 we began issuing compulsory identity cards to foreign nationals who come here to work or study.
- In the first half of 2009 we expect to award contracts for application and enrolment, biometrics storage systems and the production of identity cards and passports.
- From Autumn 2009 we will start issuing mandatory identity cards for airside workers - starting with an 18 month evaluation at Manchester and London City airports.
- In late 2009 we will offer a small number of volunteers the chance to enrol for the first identity cards.
- From 2010, starting with young people, we will begin offering identity cards on a voluntary basis to anyone who will benefit from them in their daily lives.
- From 2011/12 identity cards will roll out to the wider population on an entirely voluntary basis.
5. Key Facts about the Service:
- The latest (Nov 2008) estimated cost of the Service for the next ten years is £4,785m for UK citizens, including the issue of both passports and identity cards and £326m for foreign nationals.
- The public supports the benefits of identity cards - more than 18 months research shows on average 59 per cent of people support the Service.
- £1 billion has been saved from the Service since 2007.
- Approximately 70 per cent of this cost will need to be spent in any event to implement secure biometric passports. This means contrary to some claims, there is no large sum of money that could be diverted to spend elsewhere if ID cards were cancelled.
- We expect in the region of 50,000 cards to be issued to foreign nationals by the end of April 2009.
- It is intended that the fee for a British citizen's identity card issued in 2009 or 2010 will be £30 or less.
- We are one of the only EU countries not to have ID cards - 24 of the 27 EU member states already have identity cards.
Home Secretary, Jacqui Smith, said:
"Those benefits include increased protection against identity fraud for the individual and help in protecting our communities against criminals, illegal immigrants and terrorists trying to exploit multiple identities."
Here's the entire missive from the Ministry of Truth which hit my in-box just now:
(Home Office) Benefits of Identity Cards will be delivered soon, Home Secretary tells Manchester
Work is underway to identify a number of areas across the UK where British nationals can be among the first to apply for an identity card, Home Secretary Jacqui Smith announced when she visited Manchester today.
Further details of plans to introduce the first voluntary identity cards for the general public this autumn were revealed during her visit to meet with young people and the city's business and community leaders.
At a speech in Manchester Town Hall she emphasised the benefits identity cards will bring for the region and the country and set out the progress made in delivering the cards. Building on a commitment made in November she expanded on plans to make a limited number of the cards available early from this autumn.
A brand new website giving the public more information on keeping their identity secure will be launched in the Spring. British nationals interested in getting an identity card will be able to stay up-to-date with developments and can register to be told if the National Identity Service goes live in their region.
While in Manchester the Home Secretary visited Newall Green High School in Wythenshawe to meet young people who could be some of the first to be able to apply for cards from 2010. Together they discussed how identity cards will help young people strike out on their own by opening their first bank account, renting their first flat, or perhaps travelling to Europe for the first time.
Home Secretary, Jacqui Smith, said:
"Identity cards are already a reality and thanks to Manchester Airport's agreement to work with us, the city is leading the way in their roll-out. As the cards become more widely available the whole country will see real benefits for citizens, businesses and the country by giving a convenient and secure proof of identity that locks people to one identity.
"That is why we have brought forward our plans and this year will begin offering identity cards on a voluntary basis, giving British nationals the chance to access the benefits of identity cards as soon as possible.
"Those benefits include increased protection against identity fraud for the individual and help in protecting our communities against criminals, illegal immigrants and terrorists trying to exploit multiple identities."
In her speech she stressed that in those areas where identity cards are delivered first residents, businesses, local authorities and others will reap the rewards the cards bring including:
- a universal and simple proof of identity that brings convenience for organisations and individuals - that means an end to the disorganised use of photocopied bank statements, phone bills and birth certificates;
- the Service will give you control of who can see your personal details - that means an end to revealing details about your finances or personal life just to prove who you are and where you live;
- ensuring that foreign nationals living, working and studying here legally are able to easily prove their identity and prevent those here illegally from benefiting from the privileges of Britain; and
- convenient travel in Europe using the identity card.
Identity cards are already a reality for foreign nationals with work underway to issue more than 50,000 by April this year, helping show clearly whether non-EEA residents have the right to work and live in the UK.
Starting in autumn this year the first identity cards for airside workers will be issued at Manchester and London City airports, which have agreed to take part in an 18 month evaluation of the benefits the Service will bring the aviation industry.
From 2010 young people can apply for the card and from 2012 the National Identity Service will begin to roll-out identity cards for the general population in significant numbers.
Geoff Muirhead CBE, Chief Executive of Manchester Airport Group, said:
"We are committed to working closely with IPS to deliver identity cards to airside workers because we believe they offer real benefits to businesses operating at Manchester Airport.
"Improved identity checks will also provide greater portability for individuals in terms of applying for new jobs within the industry where airside clearance is required without the need to repeat lengthy security checks."
NOTES TO EDITORS
1. Manchester and London City airports have agreed to work with IPS and the Government as part of the first wave of airports under the critical workers identity card service and will help to develop detailed plans for introducing identity cards from autumn 2009.
2. Identity cards issued to airside workers will bring real benefits to employers, employees and the public. They will help:
- improve the portability of reference checks between employers and airports creating greater flexibility for employers and staff;
- kick start joint work to explore opportunities for streamlining airside pass regimes;
- give holders a highly secure and convenient identity document that can be used to prove their identity and as a travel document for UK citizens within the EEA; and
- help ensure all people using airports are confident about their safety whilst there.
3. Introducing the National Identity Scheme, a vision of how the National Identity Scheme will work from 2012, can be found at http://www.ips.gov.uk/identity
4. Delivery schedule
- From 25 November 2008 we began issuing compulsory identity cards to foreign nationals who come here to work or study.
- In the first half of 2009 we expect to award contracts for application and enrolment, biometrics storage systems and the production of identity cards and passports.
- From Autumn 2009 we will start issuing mandatory identity cards for airside workers - starting with an 18 month evaluation at Manchester and London City airports.
- In late 2009 we will offer a small number of volunteers the chance to enrol for the first identity cards.
- From 2010, starting with young people, we will begin offering identity cards on a voluntary basis to anyone who will benefit from them in their daily lives.
- From 2011/12 identity cards will roll out to the wider population on an entirely voluntary basis.
5. Key Facts about the Service:
- The latest (Nov 2008) estimated cost of the Service for the next ten years is £4,785m for UK citizens, including the issue of both passports and identity cards and £326m for foreign nationals.
- The public supports the benefits of identity cards - more than 18 months research shows on average 59 per cent of people support the Service.
- £1 billion has been saved from the Service since 2007.
- Approximately 70 per cent of this cost will need to be spent in any event to implement secure biometric passports. This means contrary to some claims, there is no large sum of money that could be diverted to spend elsewhere if ID cards were cancelled.
- We expect in the region of 50,000 cards to be issued to foreign nationals by the end of April 2009.
- It is intended that the fee for a British citizen's identity card issued in 2009 or 2010 will be £30 or less.
- We are one of the only EU countries not to have ID cards - 24 of the 27 EU member states already have identity cards.
Friday 23 January 2009, 8:24 AM
Apple loses Front Row dinner-party marketeers with remote move
My girlfriend has just bought a new MacBook, rather than a recession-friendly netbook, but hey. But despite being a couple of hundred quid more than the old style, Apple seem to have done away with the little remote.
After a bit of searching through the box, and a bit more searching online, we realised it wasn't a packaging error at Cupertino, but they buggers have actually stopped including them. Having looked on some forums the consensus is that most people didn't use them and actually Steve is doing us a big favour by not bothering us with this distraction - Steve knows best!.
I guess I am in the minority but I actually like the remote and I think Apple is missing out on a trick here. One sure way to wow your Windows friends when they come around for dinner is to casually use the remote to launch Front Row from across the room - that always goes down well.
Sad I know but it's one of my few party tricks - well that and flicking peanuts into my mouth. Apple has given the option to buy a remote for $19 but most people won't.
I guess judging by the company's results, Apple doesn't need anymore marketing help but doing away with the remote is going to mean a few less Mac owners get to show off Front Row and saying your Mac Book is made from one complete piece of plastic doesn't have the same effect.
After a bit of searching through the box, and a bit more searching online, we realised it wasn't a packaging error at Cupertino, but they buggers have actually stopped including them. Having looked on some forums the consensus is that most people didn't use them and actually Steve is doing us a big favour by not bothering us with this distraction - Steve knows best!.
I guess I am in the minority but I actually like the remote and I think Apple is missing out on a trick here. One sure way to wow your Windows friends when they come around for dinner is to casually use the remote to launch Front Row from across the room - that always goes down well.
Sad I know but it's one of my few party tricks - well that and flicking peanuts into my mouth. Apple has given the option to buy a remote for $19 but most people won't.
I guess judging by the company's results, Apple doesn't need anymore marketing help but doing away with the remote is going to mean a few less Mac owners get to show off Front Row and saying your Mac Book is made from one complete piece of plastic doesn't have the same effect.
Wednesday 21 January 2009, 9:18 AM
Is Bill's philanthropy just another form of control?
On a flight back from LA last week I found myself in that brain limbo that too much air travel can impose. Too wired to sleep but too tired to sit through a whole movie so breaking with my normal obsessive need to watch all the new movies on the plane I opted for some TV and chanced on the BBC Money Programme Interview with Bill Gates which aired last June.
I missed it at the time, probably consciously expecting it to be more glossed over mainstream coverage of Bill. For the most part it was exactly what I expected with presenter Fiona Bruce steering clear of asking Bill too many of the tough questions despite claiming that it had taken the Beeb almost two years of negotiations with Microsoft to secure the interview. The programme delved into the history of MS and went over the usual ground and then tackled Bill's new philanthropic career.
Various talking heads popped up around the issue including US tech journo and super-geek Robert X Cringely who basically claimed that Bill's latest venture is all about securing a nobel peace prize! Well that makes sense but then thinking about another aspect of philanthropy, the tax saving, it struck me that while it might seem on one hand that Bill is being supremely altruistic with giving away billions the fact is that he has to to do that anyway through taxation. So by setting up this huge philanthropic effort he is able to take back some control of that vast chunk of cash that he was previously sending off to the US Treasury and Bill likes control.
I am sure that there is a lot of genuine altruism here but people don't really change that much. The single-minded focus on achieving a goal has characterised Microsoft's rise to to top and the fact that Gates would suddenly shift gift and become some touchy-feely Mother Teresa-like figure just doesn't wash. There is a plan here with a definite end-game, probably the nobel peace prize, with the handy by-product of being able to have more say over the vast swathes of tax dollars.
Gates wasn't given a completely free-ride by the BBC, the parting segment had Fiona Bruce being shown around the MS Campus by Gates. The pair came up against what seemed to be a locked door. Gates assumed that the door was secured by the high-tech security system and search vainly for his swipe card before resigning himself to calling for help. After credulously asking if Bill was locked out of his own building, the BBC presenter simply leant on the door and strolled in. And neat little segment that said it all really.
I missed it at the time, probably consciously expecting it to be more glossed over mainstream coverage of Bill. For the most part it was exactly what I expected with presenter Fiona Bruce steering clear of asking Bill too many of the tough questions despite claiming that it had taken the Beeb almost two years of negotiations with Microsoft to secure the interview. The programme delved into the history of MS and went over the usual ground and then tackled Bill's new philanthropic career.
Various talking heads popped up around the issue including US tech journo and super-geek Robert X Cringely who basically claimed that Bill's latest venture is all about securing a nobel peace prize! Well that makes sense but then thinking about another aspect of philanthropy, the tax saving, it struck me that while it might seem on one hand that Bill is being supremely altruistic with giving away billions the fact is that he has to to do that anyway through taxation. So by setting up this huge philanthropic effort he is able to take back some control of that vast chunk of cash that he was previously sending off to the US Treasury and Bill likes control.
I am sure that there is a lot of genuine altruism here but people don't really change that much. The single-minded focus on achieving a goal has characterised Microsoft's rise to to top and the fact that Gates would suddenly shift gift and become some touchy-feely Mother Teresa-like figure just doesn't wash. There is a plan here with a definite end-game, probably the nobel peace prize, with the handy by-product of being able to have more say over the vast swathes of tax dollars.
Gates wasn't given a completely free-ride by the BBC, the parting segment had Fiona Bruce being shown around the MS Campus by Gates. The pair came up against what seemed to be a locked door. Gates assumed that the door was secured by the high-tech security system and search vainly for his swipe card before resigning himself to calling for help. After credulously asking if Bill was locked out of his own building, the BBC presenter simply leant on the door and strolled in. And neat little segment that said it all really.
