blog.rbach.net

According to the Consumers Electronics Association, the questions of what will happen to millions of analog TVs following next year’s transition to DTV have been answered. According to their report “Trends in Consumer Electronics: Afterlife” there is good news fro the environment. According to the April 2008 study , households receiving broadcast signals only over-the-air (OTA) expect to remove fewer than 15 million televisions from their homes through 2010. Additionally it is reported that 95% of which will be sold, donated or recycled. Most OTA-only households expect to buy a digital converter box (48%) and continue using the same TV.

The CEA website, www.myGreenElectronics.org includes a zip-code searchable database of electronics recyclers.

Where is this market for analog TV’s going to come from?

According an article on NewScientist an industrial chemical being used in ever larger quantities to make flat-screen TVs may be making global warming worse.  The gas is nitrogen trifluoride (NF₃).

NF₃ was developed an alternative to perfluorocarbons (PFCs) gases subject to the Kyoto protocol as a measure to cut greenhouse gas emissions .  As a greenhouse gas NF₃ is 17,000 times as potent as carbon dioxide, yet is not covered by Kyoto because it was made in tiy amounts when the protocol was agreed in 1997. The electronics industry uses NF₃ mainly to flush out the by-products of chemical vapour deposition, a process which deposits thin films onto glass surfaces for liquid crystal displays (LCDs), and onto silicon wafers for semiconductors.

Michael Prather of the University of California, Irvine, calculates that NF₃ has a half-life in the atmosphere of 550 years. Prather puts the first global estimate of NF₃ production at about 4000 tons this year, and double that for next year. The potential warming effect of currently manufactured NF₃ is greater than both sulphur hexafluoride and PFCs individually.

Prather agrees that switching to NF₃ “probably was an improvement” for this reason, but he warns that NF₃ is twice as potent as perfluorocarbons.  At least one manufacturer of LCDs is concerned about the greenhouse effect of its NF₃ emissions. Toshiba Matsushita Display Technology says it has developed a process that uses pure fluorine instead of NF₃, resulting in “zero greenhouse gas emissions”.

Arbor Networks has issued its fourth Worldwide Infrastructure Security Report. The global report is based on responses from 70 lead security engineers worldwide. Some of the report’s findings are that DDoS attacks have grown a hundredfold since 2000 and the newest threat is increasing service-level attacks

Respondents to the survey said the main threat vectors for attacks experienced during the period of August 2007 to July 2008, were:

• external, brute force attacks (61%)
• known vulnerabilities (12 %)
• social engineering (3%)
• misconfiguration (3%)
• none from zero-day threats.

Brute force attacks, such as DDoS, jumped 67 percent over the last year.
ISPs reportedly spent most of their available security resources combating distributed denial of service (DDoS) attacks. Flood-based attacks represented 42 percent of the attacks reported and protocol exhaustion-based attacks at 24 percent last year. DDoS attacks have grown from megabit levels in 2000 to 40 gigabit attacks this year. Nearly 60 percent of ISPs worldwide say they experienced DDoS attacks larger than 1 gigabit-per-second (Gbps) to a record 40 Gbps, according to Arbor’s report. Arbor also indicates the growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and ISP infrastructure investment according to Danny McPherson, chief security officer for Arbor Networks.
The report indicates that the ISPs surveyed are less worried about DDoS attacks than they were a year ago. This year ISPs describe a far more diversified range of threats, more than half are battling an increase in service-level attacks which accounted for 17 percent of all attacks, that attempt to exploit vulnerabilities and limitations of computing resources. New attacks are being directed at new services, as ISP’s work to diversify their income sources by expanding into content distribution, VoIP or other managed services. These new threats include:

• domain name system (DNS) spoofing
• border gateway protocol (BGP) hijacking
• spam.

Almost half of the surveyed ISPs now consider their DNS services vulnerable. Others expressed concern over related service delivery infrastructure, including voice over IP (VoIP) session border controllers (SBCs) and load balancers. Several ISPs reported multi-hour outages of prominent Internet services during the last year due to application-level attacks.

Botnets are still a big problem for ISPs. Botnets continue their expansion across the Internet. ISP’s report that botnet used for:

• SPAM (36%)
• DDoS (31%)
• phishing (28%)
• ID fraud (>5%)
• click fraud (>5%)

Rob Malan, founder and chief technology officer of Arbor Networks explained that, with application-based attacks, bot-infected computers worldwide make connections to a targeted site, then “use an application protocol to deliver a perfectly valid request, not a vulnerability, not something that an IDS or other type of firewall would necessarily flag”. For example, a botnet might instruct its zombie computers worldwide to do a back-end query off a database. “By itself it’s not bad but, if you have multiple such requests, then you tie up the application - in this case database - resources on the back end,” he said.

Even the newest technologies are not secure, 55 percent of ISPs see the scale and frequency of IPv6 attacks increasing. “They are asked to deploy V6, but they don’t feel they can have security [with it],” Dr. Craig Labovitz chief scientist for Arbor Networks says. Today’s IPS/IDS, firewall, and other tools don’t have the proper visibility into IPv6 networks to secure them, he says. Arbor Networks released an earlier study in August 2008 which revealed negligible IPv6 usage.

The response capability of the respondents is mixed. The majority of ISPs report that they can detect DDoS attacks using tools. This year also shows significant adoption of inline mitigation infrastructure and a migration away from less discriminate techniques like blocking all customer traffic (including legitimate traffic) via routing announcements. Many ISPs also report deploying walled-garden and quarantine infrastructure to combat botnets.

Despite the tools on-hand only a few of the surveyed ISPs said they have the capability to mitigate DDoS attacks in 10 minutes or less. Even fewer providers have the infrastructure to defend against service-level attacks or this year’s reported peak of a 40 gigabit flood attack.

Even less of an emphasis is placed on finding the criminals responsible for these attacks. Arbor Networks found that ISPs have faith in law-enforcement bodies. Nearly two thirds of respondents indicated that they do not believe law enforcement has the means to act upon information they provide about attacks or other security incidents. “It’s hard on carriers,” said Malan. “They get paid on traffic, not to do forensic analysis. So it’s hard from their perspective to make the economics work.”

The Arbor Networks 2008 Worldwide Infrastructure Security Report describes a networked world where DDoS attacks growth has out-paced the ability of firms to respond to them and new service level attacks are driven by botnet’s are matching the firms efforts to diversify their service offerings to customers. These facts when combined with the current economic recession, the networked world still appears to be a difficult place to do business.

http://news.zdnet.co.uk/security/0,1000000189,39549409,00.htm

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212001807

DSLReports.com has an article citing the death of Broadband Over Powerline. Apparently the first US city to see a non-trial launch of BPL in Manassas, Virginia is shutting down. Comtek, the company who originally built the network, is giving up on the instillation after a planned sale to Smart Grid LLC fell though and the city has taken control of the network.

BPL has had difficulty gaining traction for several reasons. First, its relatively slow throughput in the face of next-generation speeds and its potential for interference with amateur and emergency radio. Finally many utilities simply didn’t want to be broadband providers.

Last May, a BPL trial operated by DirecTV and Current Communications in Dallas, Texas had hoped would offer BPL service to 2 million residents was sold to the local utility.

The FBI reports that, for the first time ever, revenues from cybercrime have exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping in more than $1 trillion annually in illegal profits.

According to an article, The New Face Of Cybercrime  from ChannelWeb It didn’t happen overnight. According to the Q2 2008 Web Security Trends Report by Finjan, a San Jose, CA based security company, these cybercrime organizations—some claiming up to tens of thousands of members—have all emerged over the past two years to create a viable shadow economy. “It’s a contemporary economy mediated by Internet workings. It just happens to be illegal,” said Peter Cassidy, secretary general of the APWG, a nonprofit organization dedicated to counteracting cybercrime.

“What we’ve seen is really a deep stratification of electronic crime into a growing, prosperous and responsive economy, with a number of specialty organizations, syndication and deepening organization of peers, both within a vertical skillset and across the entire enterprise of electronic crime,” said Cassidy, “Increasingly, we see this is turning into big business.”

Just like a Mafia family, they’re organized into strict hierarchies. They’re headed by a criminal boss, who is seconded by an underboss, providing Trojans for attacks while acting as the command and control center of the operation. Spearheading the malware attacks against businesses and individuals are the campaign managers, who direct their drones in affiliation networks further down the chain of command to actively steal the data from users’ computers.

The stolen data—generally users’ credit cards and social security numbers—is often sold by cyber resellers, who specialize solely in buying and selling the stolen data.

“This is definitely an area of growing concern,” said Dave Marcus, security research and communications manager for McAfee. “Instead of accessing and stealing information, they’ll sell account information for a premium.” Marcus said that the resellers typically post the stolen information onto Web sites, then it is offered for sale to hackers based on brand, location and additional value-added features. Marcus said that one Web site discovered by McAfee Avert Labs offered stolen bank accounts for sale with significantly higher prices from U.S. financial institutions such as Citibank and Bank of America than for smaller credit unions and more obscure foreign banks. Criminals who want to use the information can then contact the resellers to negotiate a price.

Driven by the laws of supply and demand, the price of an average identity has dropped in recent years from $100 to somewhere between $10 and $20 apiece, with the commoditization of data such as credit card and bank account numbers with pins.

However, other information is deemed more valuable. Experts say that prime real estate for cybercriminals surrounding health-related data, internal corporate notes and Outlook and FTP accounts that can provide access to intellectual property go for much higher prices on the black market. As a result, attackers will increasingly be targeting health and government organizations, as well as corporate intellectual property, security experts say.

Intel demonstrated a wireless electric power system that could revolutionize modern life by eliminating chargers, wall outlets and eventually batteries all together by 2050. Intel chief technology officer Justin Rattner demonstrated a Wireless Energy Resonant Link at Intel’s 2008 developer’s forum.

During the demo electricity was sent wirelessly to a lamp on stage, lighting a 60 watt bulb that uses more power than a typical laptop computer. Most importantly, the electricity was transmitted without zapping anything or anyone that got between the sending and receiving units. “The trick with wireless power is not can you do it; it’s can you do it safely and efficiently,” according to Intel researcher Josh Smith. “It turns out the human body is not affected by magnetic fields; it is affected by elective fields. So what we are doing is transmitting energy using the magnetic field not the electric field.”

Examples of potential applications include airports, offices or other buildings that could be rigged to supply power to laptops, mobile telephones or other devices toted into them. The technology could also be built into plugged in computer components, such as monitors, to enable them to broadcast power to devices left on desks or carried into rooms, according to Smith.

Slashdot has a post about employee use and abuse of corporate Internet access, from Voco, an IT consultancy. While network abuse is not a new issue, I was involved in writing Acceptable Use Polices (AUPs) in 2000, some of the firms findings show the change in magnitude of AUP violations. According to Voco’s data, for example, many of the pre-release downloads of the movie Hellboy: The Golden Army were over corporate networks. Voco points out that not only does this consume bandwidth meant for business; it also opens up corporate networks to spyware, adware, and other challenges for network security. And, of course, it could pose a legal issue for the company in question as well. “If investigators were tracking who was downloading, then the company address would turn up and the company would be the one facing legal implications,” Voco consultant Paul Hortop said in a statement.

The age old challenge for firms is to balance staff “personal” and “corporate” use of the resources. Hortop asks, “Is it more time-efficient to let staff do their banking online than having them leave the office for half an hour?”

This is not a new issue, a CNN poll in 2005 found that, 93 percent of all US employees admitted to using their employer’s Internet access for personal reasons as well as business ones, and 52 percent said they would rather give up coffee than their Internet connections at work.