STE WILLIAMS

A one-billion-pound contract is up for grabs as three London councils hunt for IT hotshots to streamline their back-office systems – handling everything from criminal record checks and financial accounts to the payroll and psychometric testing.

Westminster Council is spearheading the search for an IT provider that will service its needs and those of Kensington Chelsea and Hammersmith Fulham councils. A further 17 local authorities, including Islington, Camden and Hackney, have signed up to use the procurement process.

The job, which could be worth up to £1.2bn, was advertised last week in the Official Journal of the European Union, and Westminster expects to have chosen a provider by the end of 2012.

The councils are seeking to make big spending cuts by outsourcing a slew of their backend admin services. Under the new contract the external provider would perform everything from Criminal Record Bureau checks to HR and sorting out staff wages. Simple tasks, such as help desks and document scanning, would be outsourced too.

The work will be advertised in four separate lots: HR and finance; e-sourcing; property asset data management; and business intelligence. The framework will last for four years and the contract, once procured, will last for five years with an option for a three-year extension. Back in June, Westminster CIO David Wilde explained that the separate lots would not necessarily all go to the same provider.

The business intelligence lot involves storing, crunching and manipulating council data. E-sourcing seems to involve the management of council websites and online help services.

Currently London councils use a patchwork of services – both in-house and external – to maintain their IT and admin work: under the new move, codenamed Programme Athena, the bevy of 20 councils hope to save money by rationalising their services and creating a London-wide ICT framework. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/24/council_contract/

The office of US Senator Chuck Grassley has confirmed that his Twitter account was taken over and used to launch anti-SOPA messages on Monday, US time.

According to Reuters, at least eight messages were sent by someone claiming to be part of Anonymous while the Senator was flying from Iowa to Washington.

In this video, the attacker apparently shows nearly ten minutes of tweeting-as-@ChuckGrassley:

The main message was “Dear Iowans, vote against ACTA, SOPA, and PIPA, because this man, Chuck Grassley, wants YOUR internet censored and all of that BS” – noted in many headlines as offering better grammar than the Senator typically uses.

Senator Grassley has since regained control over his account and had the password changed. While among sponsors of SOPA’s counterpart in the Senate, the Protect IP Act (PIPA), he withdrew his support last week. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/senator_grassley_twitter_crack/

Sourcefire, the security biz behind the commercial versions of the open-source Snort intrusion-detection software, is bowling itself at enterprises and touting tech designed to quickly detect and block malware outbreaks.

FireAMP offers a malware discovery and analysis tool that offers visibility of threats and outbreak control. The technology offers a means to limit the damage from virus infections, which Sourcefire argues are more or less inevitable, especially in the face of ever more sophisticated and numerous threats.

Oliver Friedrichs, senior vice president of Sourcefire’s Cloud Technology Group, told El Reg that “threats are getting by existing defences”. Sourcefire has positioned FireAMP to cover for the shortcomings of endpoint protection technology, rather than offering a replacement, at least with the first iteration of the technology.

“We’re not necessarily interested in replacing anti-virus or building better mousetraps,” explained Friedrichs, an ex-staffer at both Symantec and McAfe. “FireAmp could replace anti-virus, but it’s not going to replace it immediately, especially because firms have invested in conventional security software. We’re offering FireAMP as a way to shore up defences.”

“We don’t pretend our tool can detect 100 per cent of malware – nothing can,” he added.

FireAMP uses data analytics to analyse and block malware. Security analysts can write their own signatures for digital nasties in much the same way that they create Snort attack signatures, albeit in a slightly different context. Sourcefire claims the cloud-based approach the technology uses is capable of identifying and scoring threats missed by other security layers.

Whitelisting

The technology can be used to block particular strains of malware without running system scans. It can equally be used to whitelist benign apps, an approach that helps to reduce the possibility of false positives.

Deploying the technology involves deploying a “flight-recorder”-like client agent on PCs, which allows firms to quickly figure out which process introduced malware into their environment and how malicious files subsequently spread on their network. This agent communicates with a cloud-based analysis engine and is designed to co-exist with any anti-virus or security software running on computers (so it unlike running two anti-virus clients on the same PC, a set-up that would always ends in tears).

Sourcefire’s technology allows the “patient zero” of outbreaks that get missed to be later identified, Friedrichs explained, adding that this saves time on computer forensics. File trajectory technology bundled within FireAmp shows how malware spread across a firm, he said. Once problems are identified, remedial actions can be carried out from the FireAMP console.

FireAMP, which is based on technology Sourcefire acquired from Immunet last year, comes only a month after it released a next-generation application-aware firewall, twin moves designed to allow it to sell kit outside its traditional IDS niche.

FireAMP is been positioned against gateway technology designed to thwart botnets from the likes of FireEye or Damballa as well as malware/based analysis and forensics tools from HB Gary and Guidance Software. All these technologies aim to cover for the security shortcomings of anti-malware suites in one way or another. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/sourcefire_anti_malware/

Computing pioneer and Enigma codebreaker Alan Turing is to be commemorated next month in a series of limited edition first day covers for stamps designed to celebrate the centenary of his birth and help raise some more funds for the renovation of Bletchley Park.

The covers, essentially snazzy envelopes specifically designed to carry a new set of stamps on their first day of issue, will be released on 23 February in four different designs.

Restricted to 500 copies each, the covers are going for £9.99 each and can be previewed here.

The first is a design created by Rebecca Peacock of Firecatcher Design which features a portrait of Turing himself. The other three are paintings by artists Steve Williams depicting the buildings which Turing and his fellow codebreakers lived in during the Second World War.

All four covers will also feature a first-class stamp depicting the Turing Bombe – the machine built to decipher the German Engima code – as well as a first day of issue postmark illustrating one of the bombe’s 36 rotor wheels.

The stamp-related tribute is all part of the centenary year of mathematical genius Turing, who has been credited with pioneering the development of everything from artificial intelligence to the modern computer.

More importantly, his work with colleagues at Bletchley unpicking Enigma and other German and Japanese codes is believed to have shortened the war by as many as two years.

Turing was also famously persecuted by the British government, and even forced to undergo chemical castration after being convicted of homosexuality in 1952. He committed suicide two years later, aged just 41.

In 2009, then Prime Minister Gordon Brown finally broke the establishment’s silence over Turing’s treatment, with a public apology for the “appalling” persecution he had suffered in the years following the war.

The money raised from the stamp sale will go straight into the coffers of Bletchley Park, which received an early Christmas present last month when Google pledged £500,000 to help restore the site. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/turing_first_day_covers/

Stringent proposals for the revision of Europe’s outdated 1995 data protection law are to be revealed by officials this coming Wednesday.

The European Commission’s vice-president Viviane Reding said in a speech in Germany on Saturday that the new regulation on handling sensitive data will, among other things, require internet firms to admit breaches of the rules within 24 hours of their occurrences.

The justice commissioner previously told this reporter that the so-called “right to be forgotten” would form a central part of the proposed reform of the DP law, which is expected to be policed on a national level by relevant data protection authorities if the bill is passed in Brussels.

Reding said that internet outfits that collect and retain data about their customers will be required to explain why it is necessary to hold such information on their databases.

As The Register has previously reported, the proposed revision to Europe’s 17-year-old data protection regulation will include the “right to ‘data portability'”, which Reding described as “an essential element of the legislative reform”.

According to the Financial Times, which has seen a draft of the proposals, internet companies could be fined up to 2 per cent of their global turnover if they are found to have violated the new data protection rules.

However, legislative reform of the EU’s current data protection rules could take more than a year to complete – the proposed bill must wind its way through the European Parliament and the Council of Ministers before the union’s 27 nations are required to splice the regulations into their own law books, which could yet meet fierce opposition.

In the UK, for example, the reform has been seen by Justice Secretary Ken Clarke as a dangerous move with the potential to compromise freedoms and security. Last year he lambasted Reding’s “one size fits all” approach and said that “imposing a single, inflexible, codified data protection regime on the whole of the European Union, regardless of the different cultures and different legal systems, carries with it serious risks”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/europe_data_protection_proposed_revision/

A Romanian hacker who admitted breaking into NASA’s network has avoided jail, receiving a three-year suspended prison sentence instead.

Robert Butyka, 26, from Cluj-Napoca, Romania, still faces a civil lawsuit over disputed damages of $500,000 against the space agency’s computer systems in a case due to be heard in March. Butyka, who was arrested by Romanian cyber-cops back in November, admitted hacking into NASA’s network in December 2010 at a hearing earlier this month prior to a sentencing hearing this week where he was put on probation for seven years.

Local reports of the sentencing hearing (in Romanian) can be found here. Commentary on the arguably lenient punishment received by Butyka, and how a how US hacker convicted of similar charges might fare, can be found in post of Sophos’ Naked Security blog here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/romanian_nasa_hacker_jailed/

The tit for tat between pro-Palestinian and pro-Israel hackers escalated at the weekend after a hacker called Hannibal claimed to have leaked the Facebook login details of “100,000 Arabs”.

Pro-Israel Hannibal warned on 13 January that he had access to “about 30 million e-mail [accounts] of Arabs”, adding that he would leak their login credentials over the next 55 years in retaliation for previous “Arab” hacks of Israeli websites. He then released, via Pastebin, what he claimed to be the login details of close to 85,000 Facebook accounts, although the actual figure appears to be far less.

But in his latest missive, issued on Saturday, he announced an even bigger data dump.

“I published until now hundreds of thousands of emails and Facebook accounts of Arabs … Today I published another 100,00 [sic] accounts of Arabs,” he wrote. “I post this 100k accounts list because I want show the my huge strength. The Arabs should learn a lesson and know not to mess with me.”

The text file links to what’s claimed to be 100,000 Facebook logins details spread across 14 file-sharing sites.

The hacker, who modestly reckons that people of the Jewish nation named him “general of Israel’s hackers”, then unexpectedly called a halt to the “cyber war” that has flared in the virtual Middle East in recent weeks.

“Israeli hackers, stop! Cyber war stops until further notice I will post again if they attack the State of Israel,” he wrote. “If they appear again, I again come to save Israel. Trust me. I’ll always be around.”

This particular cyber-spat kicked off at the start of January, when hacker OxOmar – who said he belongs to Saudi hacking gang Group-XP – claimed to have leaked the banking details of 400,000 Israelis.

Israel’s banks hit back, however, arguing that most of the data was either out-of-date or duplicate and that only 14,000 card records were exposed.

Israeli deputy foreign minister Danny Ayalon then drew the ire of Anonymous and others by comparing the hack to an act of terrorism and warning that there would be retaliatory action. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/israeli_hacking_followup/

US-based hosting firm DreamHost is advising customers to change their passwords following a database breach.

The firm warned on late on Friday that hackers had compromised customer FTP/shell access passwords. DreamHost began the process of resetting customer passwords over the weekend, a process that hit a few hiccups along the way (if entries on its status update page are any guide). Web panel passwords, email passwords and billing data were not affected by the breach, the company said. These passwords have also been reset as a precaution.

Compromised passwords could potentially be used to change the content of hosted sites or to (more likely) insert malicious code. The motives of the hackers – much less their identity – remains unclear.

In a blog post, DreamHost chief exec Simon Anderson said the company had been hit by a “previously unknown” attack. He attempted to allay fears by saying nothing bad had happened to customers as a result of the breach, possibly because DreamHost reacted quickly once a breach was detected.

“The bad news is that we detected access to one of our databases and took rapid action to protect customer accounts and passwords,” it said. “The good news is that it does not appear that any significant malicious activity has occurred on any customer accounts as a result of the illegal access.

“Early yesterday, one of DreamHost’s database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place. Our intrusion detection systems alerted our Security team to the potential hack, and we rapidly identified the means of illegal access and blocked it,” he added. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/dreamhost_breach/

SharePoint admins are abusing their privileged status to sneak a peak at classified documents according to a poll that shows consistent abuse of security in Microsoft’s business collaboration server.

A third of IT administrators or somebody they know with admin rights have read documents hosted in Microsoft’s collaboration server that they are not meant to read.

Most popular documents eyeballed were those containing the details of their fellow employees, 34 per cent, followed by salary – 23 per cent – and 30 per cent said “other.”

Ironically, the poll found the jury almost split on whether the authors of documents themselves could be trusted to control the security privilege settings on their work.

IT admins are firmly in control of setting access rights within SharePoint; 69 per cent set the permission levels that say who reads what, by individual or by group.

The data comes from a Cryptzone SharePoint security survey of 100 individuals running or using SharePoint systems, which has just been released. Respondents worked for a range of companies of varying size.

The poll reveals a consistently healthy disregard for the security supposedly afforded to company documents by SharePoint. Forty-five per cent of respondents said they’d copied sensitive information to the drive of a local PC or to a USB stick; 43 per cent did it because of the need to work from home; while 55 per cent said they’d done it because the docs were needed by somebody who didn’t have access to SharePoint.

Ninety-two per cent of admins said they realised their actions made the material less secure while 30 per cent said they weren’t bothered because taking the information had helped them get their job done. ®

You can download a copy of the report here (warning: PDF). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/sharepoint_leaky_security/

ITV has escaped a fine for using video game footage to illustrate IRA activities, and portraying the wrong riot, but will tighten up procedures to stop it happening again.

The offending footage was supposed to show the IRA successfully shooting down a British Army helicopter, and was captioned “IRA Film 1988”, but actually came from the first-person shooter called Arma 2. ITV accepted the mistake, and said it was an error of process – similar to the one that led to the same programme illustrating the Belfast riot that occurred in July 2011 with scenes from a much earlier outbreak of civil unrest.

Here’s how ITV bungled: the video game footage was thought to be an uncut version of film used in an episode of The Cook Report from 1989, and wasn’t properly checked as it should have been. The riot footage was supplied by a trusted local historian, but a miscommunication resulted in the wrong footage being shipped.

The process by which video game footage ended up in a broadcast documentary is examined in detail in Ofcom’s report [PDF, details start on page 7], but basically ITV had a very short scene from The Cook Report and was delighted to find something better on YouTube. The YouTube video was labelled as real, and it’s easy to believe something when it says just what you’d like it to.

That’ll cost ITV an Arma and a leg: the video game footage

ITV reckons there was “no watermark or copy protection marked on the internet footage to indicate its source as being a video game” and the failure to check was down to “the pressure [the production team] were under in meeting the deadline for the programme’s completion, delivery and broadcast”.

So basically they rushed things to get the programme in the can, and got caught out. This time Ofcom has let them off with a slap on the wrist and an assurance that the broadcaster will try harder in future. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/itv_slapped/