- Email: [email protected]
Cracker Court to Rule on Computer Misuse
Nese October.qxd
10/25/01
9:33 AM
Page 6
reports intelligence sources on terrorism as one of the intelligence community’s highest priorities.” The report also calls for greater reliance by the intelligence community on publicly available information to supplement its other clandestinely-gathered intelligence. The report says the intelligence
community should “incorporate more open source intelligence into analytical products.” Several observers point out that even though the Office of Homeland Security is a Cabinet-level position, Governor Ridge will face an insurmountable task in coordinating the activities of some 40
PDAs At Risk, Says Report Barbara Gengler A new threat exists for malicious code and virus attacks on portable devices, as it has become increasingly common for vendors to introduce the devices before the security has been deployed, according to a research report. Portable devices, such as Personal Digital Assistants, are especially vulnerable to malicious code threats because of their widespread use and the current lack of a security framework, according to experts at a security engineering and research firm @stake. “Many users do not recognize that the information stored on their PDA is open to compromise by unauthorized users,” said Joe Grand, @stake research engineer. The research focused on the Palm operating system, which was designed to be open and modular to support third-party applications, because it dominates the global handheld market. Palm licenses its operating system to vendors such as Handspring, Sony, IBM, Qualcomm, Symbol Technologies, and others.
According to Grand, the Palm operating system, in its current state, should not be trusted to store “any critical or confidential information. It is not possible to employ a secure application on top of an insecure foundation.” “If the Palm device is being used for security purposes, which is becoming prevalent in corporate environments, there are a number of risk areas to be concerned with,” he said. For example, Palm OS offers a built-in security application, which is used for the legitimate user to protect and hide records from unauthorized users by means of a password. In all built-in applications, such as address, date book and to do list, individual records can be
Cracker Court to Rule on Computer Misuse Chloe Palmer The latest in the 'hacker = terrorist' debate in congress is that US enforcement agencies are to set up cybercourts top allow them to go after computer misusers. Current practice is too slow to keep up with the high speed of crime escalation that is synonymous with electronic methods. Specifically, the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving
6
Weapons of Mass Destruction (the Gilmore Commission) wants to issue warrants and wiretap permits.
well-guarded law enforcement and intelligence turfs. These include the Federal Bureau of Investigation, Border Patrol, Customs Service, Bureau of Alcohol, Tobacco and Firearms, and the Federal Aviation Administration, all of which have been historically protective of their authority and budgets. marked as private and should only be accessible if the correct password is entered. The researchers said there should be strong warnings by the vendor that these mechanisms are trivially bypassed so users and developers can plan for and workaround the lack of security. According to the researchers, although well known in the security industry to be insecure, PDAs are ubiquitous in enterprise environments and are being used for such applications as one-time password generation, storage of medical and company confidential information and E-commerce. “We concluded that current stateof-the art portable devices are not equipped for the threat of viruses or other malicious code components,” Grand said. He pointed out that added functionality of wireless technologies, such as in-frared (IR) and radio frequency (RF), advance the threat of compromise as new classes of malicious code attacks exist that cannot be detected.
James Gilmore (Republican-Virginia) heads up the panel. He told the House Science Committee, “A court dedicated to criminal cyber-conduct can develop the needed expertise to act appropriately on investigative activities while ensuring the protection of civil rights and liberties. We envision an electronic, real time and secure method for prosecutors to contact a 'cyberjudge' on short notice.” The move is another example of law enforcement — the likely litmus paper for legislators — feeling their way in dealing with the Internet as a part of our society.
10/25/01
9:33 AM
Page 6
reports intelligence sources on terrorism as one of the intelligence community’s highest priorities.” The report also calls for greater reliance by the intelligence community on publicly available information to supplement its other clandestinely-gathered intelligence. The report says the intelligence
community should “incorporate more open source intelligence into analytical products.” Several observers point out that even though the Office of Homeland Security is a Cabinet-level position, Governor Ridge will face an insurmountable task in coordinating the activities of some 40
PDAs At Risk, Says Report Barbara Gengler A new threat exists for malicious code and virus attacks on portable devices, as it has become increasingly common for vendors to introduce the devices before the security has been deployed, according to a research report. Portable devices, such as Personal Digital Assistants, are especially vulnerable to malicious code threats because of their widespread use and the current lack of a security framework, according to experts at a security engineering and research firm @stake. “Many users do not recognize that the information stored on their PDA is open to compromise by unauthorized users,” said Joe Grand, @stake research engineer. The research focused on the Palm operating system, which was designed to be open and modular to support third-party applications, because it dominates the global handheld market. Palm licenses its operating system to vendors such as Handspring, Sony, IBM, Qualcomm, Symbol Technologies, and others.
According to Grand, the Palm operating system, in its current state, should not be trusted to store “any critical or confidential information. It is not possible to employ a secure application on top of an insecure foundation.” “If the Palm device is being used for security purposes, which is becoming prevalent in corporate environments, there are a number of risk areas to be concerned with,” he said. For example, Palm OS offers a built-in security application, which is used for the legitimate user to protect and hide records from unauthorized users by means of a password. In all built-in applications, such as address, date book and to do list, individual records can be
Cracker Court to Rule on Computer Misuse Chloe Palmer The latest in the 'hacker = terrorist' debate in congress is that US enforcement agencies are to set up cybercourts top allow them to go after computer misusers. Current practice is too slow to keep up with the high speed of crime escalation that is synonymous with electronic methods. Specifically, the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving
6
Weapons of Mass Destruction (the Gilmore Commission) wants to issue warrants and wiretap permits.
well-guarded law enforcement and intelligence turfs. These include the Federal Bureau of Investigation, Border Patrol, Customs Service, Bureau of Alcohol, Tobacco and Firearms, and the Federal Aviation Administration, all of which have been historically protective of their authority and budgets. marked as private and should only be accessible if the correct password is entered. The researchers said there should be strong warnings by the vendor that these mechanisms are trivially bypassed so users and developers can plan for and workaround the lack of security. According to the researchers, although well known in the security industry to be insecure, PDAs are ubiquitous in enterprise environments and are being used for such applications as one-time password generation, storage of medical and company confidential information and E-commerce. “We concluded that current stateof-the art portable devices are not equipped for the threat of viruses or other malicious code components,” Grand said. He pointed out that added functionality of wireless technologies, such as in-frared (IR) and radio frequency (RF), advance the threat of compromise as new classes of malicious code attacks exist that cannot be detected.
James Gilmore (Republican-Virginia) heads up the panel. He told the House Science Committee, “A court dedicated to criminal cyber-conduct can develop the needed expertise to act appropriately on investigative activities while ensuring the protection of civil rights and liberties. We envision an electronic, real time and secure method for prosecutors to contact a 'cyberjudge' on short notice.” The move is another example of law enforcement — the likely litmus paper for legislators — feeling their way in dealing with the Internet as a part of our society.