Quick actions help financial firm avoid security disaster

While most of the IT world has been spared a devastating security attack like Blaster and Sasser for the last few years, the damage wrought by all manner lesser-known computer viruses continues to inflict corporate pain. 10 of the Worst Moments in Network Security History For example, New York City-based investment firm Maxim Group, faced a security ordeal this year when a virus outbreak pummeled the company's Windows-based desktop computers and servers. "On early April 15th, a few people called to say they were having problems with their computers," relates John Michaels, CTO there in describing how the investment firm's IT staff started to get an inkling that morning that something was terribly wrong. "After looking into it, we knew something bad was happening, affecting all our users, and my servers." Malware was disabling applications by corrupting .exe files so they wouldn't open once they were closed, while also making thousands of connections to servers, saturating the network. "It damaged all the .exe files by corrupting them," says Michaels. "People were logging on and getting a blank screen." The virus was altering the registry of the computers. Maxim Group didn't have a centralized antivirus product in place, having allowed various groups to go their own way with differing products. In response, Maxim Group told the approximately 325 computer users not to shut down the computers while Michaels and his team contacted vendors for assistance.

The decision to change that practice was made on the spot. It wasn't easy. "Symantec took about three days to identify what the variant of the virus was," Michaels says. "They said they had never seen a variant of this." The virus was finally identified as a variant on "Sality," an older virus that strikes at .exe and now also will install a backdoor and Trojan. "We asked Symantec, are we the only ones telling you about this? Antimalware vendor Symantec was called in to set up a centralized antivirus server, while also attempting to analyze what the malware was and advise on clean-up. And they said 'We have 3 million infected.'"Cleaning up more than 300 virus-riddled PCs was a huge headache. In the course of beating back Sality, Michaels says he also contacted another vendor, Cymtec Systems, whose product he had demoed, to install the security vendor's Sentry gateway, which monitors traffic and bandwidth usage, enforcing Web site policies and blocking antimalware.

Symantec advised total re-imaging of the computers, which Maxim Group undertook, a process that consumed several weeks. The reason for the Sentry gateway is to prevent employees from going to "Web sites they probably shouldn't," especially as Web surfing raises the risks of malware infection, Michaels says. To this day, Michaels says he's not sure how the Sality variant got into Maxim Group's network to explode in that April 15 outbreak. "Maybe it was a Web site or a USB device, I don't know," Michaels says. But the virus outbreak also showed there was communication from the infected PCs to what might be a botnet. "They were connecting to rogue Internet sites," Michaels says, saying Sentry would help monitor for that kind of activity in the future. But on that day things changed in terms of the investment firm deciding to enforce stricter Internet usage policies. "Before this episode, we allowed social network sites, but we don't now," Michaels says. And are the old Blaster and Sasser worms that struck with such devastation over half a decade ago gone?

Social networking sites are gaining a reputation as places where malware gets distributed, and if there's no clear business reason for using them, they're put off limits. Unfortunately not, says the "Top Cyber Security Risks" report released this week by SANS Institute in collaboration with TippingPoint and Qualys. The report — which examined six months of data related to 6,000 organizations using intrusion-prevention gear and 100 million vulnerability-assessment scans on 9 million computers to get a picture of various attack types — notes "Sasser and Blaster, the infamous worms of 2003 and 2004, continue to infect many networks."

MediaTek app store to serve Chinese mass market

MediaTek has started shipping a new generation of its widely used mobile phone chips with support for an application download store that will first target China's masses of mobile subscribers, the store developer said Tuesday. The download store, now available only with the new MediaTek chips, is planned to launch outside China later as well, said Luo Tianbo, vice president of business development at Vogins, the middleware vendor that developed the platform. Chips from Taiwan-based MediaTek already power most mobile phones in China.

Handset makers, mobile carriers and other companies have announced plans for similar download stores as a way to lure users and boost revenue. The MediaTek download platform will compete for phone buyers' attention with Apple's App Store and the three mobile carriers' stores. Apple's App Store may launch in China when the iPhone formally goes on sale in the country this year, and China's three mobile carriers are all developing download stores. While the App Store may face regulatory obstacles and China Mobile's store, launched last month, has yet to take off, phones that support the MediaTek store could pour quickly into the hands of Chinese users. The MediaTek store will not "absolutely" compete against the download stores from China's carriers, said Luo. China has a huge market for mobile phones and services with over 700 million mobile subscribers, and MediaTek holds over a 50 percent share of China's handset chip market, according to BNP Paribas.

MediaTek is in talks with China Mobile, China Unicom and China Telecom about altering the Vogins platform to support their stores as well, he said. The Vogins store currently has about 100 free or paid applications made by third-party developers, mostly games but also including other content such as e-books, he said. MediaTek began including support for the application download platform in its chipset packages for mobile phone manufacturers last month, and handsets that support it will go on sale in China around November, Luo said. Vogins, which is majority-held by MediaTek, aims to reach at least 400 to 500 applications by the end of next year. The application store can be accessed from a software platform MediaTek modified from the Nucleus kernel, said Luo.

One hugely popular program it may soon offer is a client for the QQ chat service, owned by Chinese portal Tencent, said Luo. Nucleus is a real-time operating system designed by Mentor Graphics for use mainly on embedded devices. A further boost for the store in China could come from its stock of local applications, JP Morgan said. "We think MediaTek is in a strong position to build a far bigger set of China-specific applications than any other vendor," the note said. The retail price for handsets that support the MediaTek store could reach as low as US$100, partly because the company is using its own OS, JP Morgan predicted in a recent research note. MediaTek did not immediately reply to a request for comment.

Oracle breaks silence on Sun plans in ad

Oracle Corp. ended it silence Thursday on its post-merger plans for Sun Microsystems Inc.'s Unix systems in an advertisement aimed at Sun customers to keep them from leaving the Sparc and Solaris platforms. Ever since Oracle announced in April its plans to acquire Sun, its competitors - notably IBM and Hewlett-Packard Co. - have been relentlessly pursuing Sun's core customer base, its Sparc and Solaris users. Oracle's ad to "Sun customers," makes a number of promises that includes spending more "than Sun does now," on developing Sparc and Solaris, as well as boosting service and support by having "more than twice as many hardware specialists than Sun does now." Analysts see Oracle's ad as a defensive move that doesn't answer some of the big questions ahead of the $7.4 billion merger with Sun . In fact, there may be a lot of room for skepticism and parsing of Oracle's claims, despite their apparent black and white assertions. Among the top hardware makers, Sun registered the biggest decline in server revenue in the second quarter, offering evidence that this protracted merger may be eroding Sun's value.

Europe is allowing until mid-January to sort this out, which keeps the merger in limbo for another quarter. Oracle wanted the acquisition completed by now but the European Commission this month said it would delay its antitrust review because of "serious concerns" about its impact on the database market. Analysts point out that Oracle's plans to spend more "than Sun does now," may be a little hallow because Sun's spending on developing Sparc and Solaris is probably at a low. "The ad sounds convincing - but perhaps being a word nitpicker, the Sun does now' might not mean much if Sun has drastically cut back due to plummeting sales," Rich Partridge, an analyst at Ideas International Ltd., said in an e-mail. "I think someone at Oracle suddenly realized that Sun was bleeding so badly that what would be left when Oracle finally got control would be worth a small fraction of what they paid and no one would buy the hardware unit," Rob Enderle, an independent analyst, said in an e-mail. But Enderle said the ad's claims do not preclude Oracle from selling its hardware division, and says the company "will have to support the unit for a short time after taking control; during that short time they can easily outspend Sun's nearly non-existent budgets." Gordon Haff, an analyst at Illuminata Inc., said if it was Oracle's plan to start on day one of the merger to shop the Sparc processor around, "would they have put this ad out? Taken at face value, the ad seems to indicate that Oracle will keep Sun's hardware and microprocessor capability and not spin it off, as some analysts believe possible. Probably not," he said. "Does it preclude Oracle from changing their mind?

Indeed, Oracle's major competitive concern was indicated in the ad in a quote by Oracle CEO Larry Ellison: "IBM, we're looking forward to competing with you in the hardware business." No. Companies change their mind all the time." An erosion of Sun's customer also hurts Oracle, because a lot of Sun customers are also Oracle customers, and Oracle doesn't want its existing customer to go to IBM and move away from Oracle's platform, Haff said.

iTunes gains Automatically Add to iTunes feature

One of the often requested features for iTunes has been the ability to set a folder for it to watch, automatically adding any items you drop in that folder to its library. In typical Apple fashion, it's not exactly what people were asking for, but Apple's interpretation of what they want. In iTunes 9, Apple has quietly added this feature, although I wouldn't blame you for not having noticed its existence.

When you install iTunes 9, it automatically creates an Automatically Add to iTunes folder in your ~/Music/iTunes/iTunes Music folder (or under ~/Music/iTunes/iTunes Media if you created a new library after installing iTunes 9). When you put an iTunes-compatible media file in this folder, it will, as the name suggests, be added to iTunes automatically. Whenever you drop any file into that folder, it's instantly added to iTunes if the application is running. In my limited testing, I've found that it pretty much works as advertised. If not, it gets added the next time iTunes is launched. And if you ever delete or rename the Automatically Add to iTunes folder, iTunes simply creates a new one for you the next time it is launched. It even looks for files in subfolders you create and adds them to the library as well.

However, it does have a lot of caveats. You can be pretty assured that if the video was downloaded from the Internet, it will not be supported by iTunes. For one thing, iTunes's list of supported formats, especially in the video department, is comically short. In such a case, iTunes will move it to a Not Added subfolder within the Automatically Add to iTunes folder. Still, there are other problems.

But that's to be expected because iTunes has never exactly supported a host of media formats. When users asked for an option to direct iTunes to a folder, they really wanted an option to direct iTunes to any folder. So if you have a huge collection of media in your Movies folder or on an external hard disk drive containing files that you'd like to automatically add to iTunes, you'll still have to move them to that particular folder. What Apple has done, on the other hand, is created a pre-designated folder for the task and not given an option to change it to any other location. What's the point, then?

Well, you say, we can just use the Automatically Add to iTunes folder as our primary movies folder, then-maybe even move it to a location of our choosing, and leave behind an alias to take its place. You can just drag and drop them onto the iTunes icon in the Dock and be done with it. Wouldn't that work? Not only does iTunes not accept anything added to that folder if you move it, but the presence of the alias prevents iTunes from creating a new version of the folder either. Not so much.

And when iTunes does add media files from the Automatically Add to iTunes folder, it moves them into its media folder and organizes them as it normally would, even if you have the option to do so disabled under iTunes's advanced preferences. The only possible use I can see if for you to set it as the default download location for media files you purchase/download off the Internet, so that they can automatically be added to iTunes without your having to do so (and even there, Apple has recommended you don't use it for incomplete files). I hope Apple rethinks this and gives users the freedom to use any folder they want and makes iTunes stop moving the media files around if the user doesn't want it to. It also deletes any subfolders you create within that folder (although that's a logical conclusion, given that they're useless if the media files you put in them never stay there). In short, I don't think the feature is very useful in the form Apple chose to implement it. It's still a (very small) step in the right direction though.

ACLU files lawsuit on border laptop searches

The American Civil Liberties Union (ACLU) has filed a lawsuit demanding that U.S. Customs and Border Protection (CBP) release details of its policy that allows the agency to search travelers' laptops at U.S. borders without suspicion of wrongdoing.

The ACLU's lawsuit, filed Wednesday in the U.S. District Court for the Southern District of New York, is an effort to get CBP to respond to a Freedom of Information Act (FOIA) request that the civil liberties group filed in June about the laptop-search policy. The agency has not supplied any information, although the FOIA law requires it to give a response within 30 days, said Catherine Crump, staff attorney with the ACLU First Amendment Working Group.

The FOIA request and the lawsuit seek details about the laptop search policy, including how many laptops have been searched since the CBP instituted its search policy last year, Crump said. "Traveling with a laptop shouldn't mean the government gets a free pass to rifle through your personal papers," she said.

The ACLU and other civil liberties groups have complained that the CBP policy violates the Fourth Amendment to the U.S. Constitution, protecting U.S. citizens against unreasonable search and seizure.

The ACLU also wants to know how many laptops and electronic devices CBP has seized, how long CBP has kept those devices, and statistics about the race and ethnicity of the people whose laptops have been seized, according to the ACLU's FOIA request.

One Muslim group complained in April that CBP has unfairly targeted Muslim, Arab and South Asian Americans for laptop searches.

"The goal is that the public should have enough information to evaluate the risks of crossing the border with a laptop," Crump said. "It would be helpful to the public if they could evaluate whether this policy makes Americans any safer."

The press office of the U.S. Department of Homeland Security, CBP's parent agency, didn't immediately respond to a request for comments on the ACLU lawsuit.

CBP has asserted that it can search all files, including financial documents and Web browsing history, on travelers' laptops and electronic devices "absent individualized suspicion." The agency does need probable cause that a crime has been committed to seize a device.

The CBP policy also allows the agency to conduct searches of "documents, books, pamphlets and other printed material, as well as computers, disks, hard drives and other electronic or digital storage devices," without suspicion of a crime.

Several Democratic members of the U.S. Congress have pushed for a change in the policy. The requested documents would be "enormously useful" for lawmakers debating the CBP policy, Crump said.