Trust No One

Security company Symantec is warning about a crafty new Trojan Horse that takes advantage of Microsoft’s questionable customer-relations image.

When you restart your PC after the Trojan is installed, a professional and legitimate-appearing Microsoft window appears that warns, “Your copy of Windows was activated by another user.” It asks you if you want to “activate” your Windows copy, for which the spoofers will need your credit card information.

According to Symantec: “You can only choose only 'Yes' or 'No.' You can't run Task Manager or any other applications. If you choose 'No' your PC will be shut down immediately.” If you choose “Yes” you'll see this image.

Piracy of Windows is a real problem that Microsoft has responded to by ordering onto computers a practically-mandatory verification application. (Going on general principals, Tech Insider avoided running it for a while, but eventually succumbed to Microsoft’s insistence that the application be done.)

“This Trojan teaches us all a good lesson - Trust No One,” Symantec concludes.

By David Perera    Link | Comments (0)

State to Foreign Visitors: Gimme 10

The State Department today issued its final rule requiring anyone applying for a U.S. visa to provide 10 electronically scanned fingerprints instead of the two it previously required.

The State Department began last month delivering the fingerprint scan systems to all visa issuing posts and expects to complete roll out of the hardware by the end of this year as part of its Biometric Visa program.

In March, Tony Edson, deputy assistant secretary of State for Visa Services, told the Senate Subcommittee on Interstate Commerce, Trade and Tourism that 10 fingerprints provide a greater number of data points and more accurate identification than the two fingerprint system.

Edson added that two fingerprint scans provide a limited amount of data, and yield a large number of “false positive” results, which can delay the visa process and inconvenience legitimate travelers.

James Ziglar, president of Cross Match Technologies, the company that is providing the department with the fingerprint scanning gizmos, told Tech Insider that it will not take any longer to scan 10 fingerprints than two fingerprints – about 15 seconds – thanks to improvements in the underlying software.

That may not provide much solace to foreign visitors to the United States, who view the fingerprinting process as an intrusion on their privacy. Thomas Hartung, editor of German travel magazine Travel One told the Los Angeles Times last month that he did not know of any other country that requires a 10 fingerprint scan and asked, "How would you feel as an American if you came to Germany and the first thing you were asked is to give all 10 fingerprints?"

Ziglar said his company has already delivered 200 of its 10 fingerprint scanners to the State Department, has another 400 on order and expects more. Edson said the department tested the 10 fingerprint scanners this year in London; San Salvador; Riyadh and Dhahran, Saudi Arabia; and Asuncion, Paraguay. -- Bob Brewin

By Allan Holmes    Link | Comments (0)

Forget Golf in Phoenix, Army Cancels IT Conference -- Again

Kevin Carroll, Army Program Executive Officer for Enterprise Information Systems, said sharp restrictions on travel for all DOD personnel has resulted in cancellation of the 2007 Army IT Conference sponsored by PEO-EIS and the Army Small Computer Program. The conference was scheduled to be held in Phoenix June 11-14.

This is the second consecutive year the conference has been canceled due to an unexpected budget crunch, and Carroll said he has learned his lesson. “Next year we’re going to do it in February,” when the cash is still flowing, he said. -- Bob Brewin

By Allan Holmes    Link | Comments (0)

Army Clarifies Soldier-Blog Policy

In a May 2 Tech Insider post, we linked to a Wired article on the Army's new policy of requiring soldiers (as well as contractors and soldier's family members) to have any blog material approved before posting. Some speculated it would effectively end all soldiers' blogs from Iraq.

It looks like soldiers' (and others') blogs may be around for awhile.

Wired today posted a response to the article from David Axe, the military editor of Defense Technology International magazine and a correspondent who has reported from Iraq and Lebanon since 2005, according to his bio page on his personal web site, War is Boring. Axe quotes from a memo the Army issued after Wired posted its original article:

In no way will every blog post/update a soldier makes on his or her blog need to be monitored or first approved by an immediate supervisor and operations security (OPSEC) officer. After receiving guidance and awareness training from the appointed OPSEC officer, that soldier blogger is entrusted to practice OPSEC when posting in a public forum.

And this from the same memo:

Soldiers may also have a blog without needing to consult with their immediate supervisor and OPSEC officer if the following conditions are met: 1. The blog’s topic is not military-related (i.e., Sgt. Doe publishes a blog about his favorite basketball team). 2. The soldier doesn’t represent or act on behalf of the Army in any way. 3. The soldier doesn’t use government equipment when on his or her personal blog.

By Allan Holmes    Link | Comments (0)

Study: IT Does Matter After All

Information technology has a measurable impact on businesses’ growth and competitive edge, a handful of MIT and Harvard researchers conclude in an article printed by the Wall Street Journal.

If that seems obvious, consider that there exist competing schools of thought. Nicholas Carr started the debate on whether IT matters or not with his 2003 article "IT Doesn't Matter." Others later joined Carr, postulating that IT affects everyone equally. Others believe that it decreases competition because software homogenizes business processes.

But, according to the latest researchers, industries that have adopted IT have experienced greater concentration (“a smaller number of firms holding a high proportion of sales and market value”) and turbulence, which means that the market position of one firm could vary greatly from one year to the next. Both conclusions apply to “services and manufacturing sectors—publishers and insurers, as well as makers of autos and machinery, for example.”

The federal government, of course, doesn't have competitors. But federal technologists, and the IT contractors who sell to them, often struggle to explain why IT matters in government, as if the benefits of technology were self-apparent. The benefits aren't self-apparent. But these researchers present evidence that federal IT managers can draw on: IT changes things; it’s not neutral.

Hat tip: Joe McKendrick

By David Perera    Link | Comments (0)

Cell Phones to Pack More Apps

Scheduler, camera, music player – oh, and a telephone. Mobile phones increasingly are every gadget possible rolled into one. The next frontier, reports Reuters, is GPS navigation.

Finnish handset manufacturer Nokia already sells a mobile phone with an integrated navigation device (for a hefty 700 euros – about $950), but “other top vendors are expected to follow shortly, hoping to make 2007 the breakthrough year for cell phone navigation,” Reuters reports. “Nokia, which bought into the navigation industry last year with the acquisition of German firm Gate5, rolled out a free Nokia Maps service in February, giving away maps and routing data while charging consumers for a turn-by-turn navigation service.”

By David Perera    Link | Comments (0)

What's Up With Oracle?

Is Oracle taking over the world? It’s not so much a stretch to think so. Oracle has bought application competitors such as PeopleSoft and Siebel during a buying spree that ended last year.

But the database, middleware and application company is out to reassure customers, and investors, that the purchases were worth it. The company plans to launch in 2008 a new Java-based application suite called “Fusion” (from which it is taking the best of Oracle, Siebel, PeopleSoft and JD Edwards functionality). But it won’t stop supporting the other brands’ software as stand-alone entities. That’s what Mark Johnson, Oracle Public Sector senior vice president, tells Tech Insider. He also promises no forced upgrades, a continued stream of enhancements, and no internally-competing application development teams.

Johnson says Oracle sees the most growth potential in selling middleware – application servers, service-oriented architecture and such. Applications come second, and databases, the technology that launched Oracle in the late 1970s, in third place. It makes sense – databases are a mature product.

But what about the big question: Who’s going to replace Oracle chief Larry Ellison, whenever he chooses to step down? Johnson notes that the Ellison has two co-presidents reporting to him, Safra Catz (also the chief financial officer) and Charles Phillips. Johnson has been at Oracle for 19 years.

By David Perera    Link | Comments (0)

Iraq: The Movie Set

The following item was posted by Editor at Large Bob Brewin.

The Marines have contracted with an outfit called Strategic Operations Inc. to train in an “Iraqi town” set up on a 20-acre movie set owned by Stu Segall Productions in San Diego, according to the April 2007 Marine Corps Center for Lessons Learned newsletter, which made its way to our inbox.

Strategic Ops also has set up an Afghanistan/Iraq village at the Marine Corps Air Station in Miramar, just north of San Diego, and the newsletter reports both sites “incorporate special effects that are designed to realistically replicate combat conditions, including simulated Improvised Explosive Devices (IEDs) and Rocket-Propelled Grenade (RPG) explosions, gunfire, and role players with realistic wounds. Digital audio and visual systems are used to capture the training scenarios for later analysis."

The whole operation definitely is far more advanced than the “Combat Town” I trained in during the 1960s at Camp Pendleton, which consisted of a bunch of dilapidated buildings with the only role players being my fellow Marines, who could not believe they had to attack Combat Town one more time.

The Segall set in San Diego was originally built for production of the 1991 TV detective series “Silk Stalkings” and was supposed to represent Palm Beach, Fla. Only the movie business could recycle a place in California that was supposed to look like Florida into an Iraqi village.

By Allan Holmes    Link | Comments (0)

Army Tells IT Contractors: Check Is In the Mail

The following item was posted by Editor at Large Bob Brewin.

Kevin Carroll, the Army's Program Executive Officer for Enterprise Information Systems, (PEO-EIS) told Tech Insider that due to the fracas over the Defense Department's 2007 supplemental spending bill – an issue way above his pay grade and ours – he has put his contractors on a “slow pay” schedule, either on a quarterly or monthly basis.

Spending on PEO-EIS programs, which provide the Army with all kinds of widgets and gizmos, ranging from computers to tactical network gear, is focused primarily on supporting deployed or about to be deployed units, such as the Maryland National Guard, Carroll said. “Stay back forces”, Carroll said, are going to have to wait for equipment until a supplemental budget is approved.

Carroll's grand plans to develop and field Enterprise Resource Planning systems to support the tactical Army have been put on hold due to the funding crunch, he added. But that might be a blessing in disguise. Commercial enterprises find that it sometimes takes almost as long to field an ERP system as DOD has been working on the Joint Tactical Radio System.

By Allan Holmes    Link | Comments (0)

Army Employees Charged With Contract Fraud

Two civilians working in an Army depot in Pennsylvania were charged yesterday with providing "inside information and no-bid contracts in exchange for cash and merchandise" to a computer supplier, the Associated Press reports.

Federal prosecutors charged Leo John Yesvetz and Charles Marsala, who worked at the Tobyhanna Army Depot, an electronics maintenance facility in northeast Pennsylvania, with steering $7.8 million worth of work to Computer Giants during a four-year period ending in April 2005.

Marsala sometimes used government credit cards to make purchases from Computer Giants to avoid the bidding process.

Prosecutors did not say how much Yesvetz and Marsala received in bribes but said other contract fraud occurred at several other Defense Department facilities, including Fort Bragg, N.C., and Ft. Belvoir, Va.

By Allan Holmes    Link | Comments (0)

Feds Could Face Own Breach Notification Demand

If a hacker gains access to a company's database of customers' personal information, that company is required by many state laws to inform those customers that their personal information was exposed. Now federal agencies may be required to do the same, if a bill introduced today is eventually passed.

Rep. Tom Davis, R-Va., ranking member on the House Committee on Oversight and Government Reform, introduced The Federal Agency Data Breach Protection Act (HR 2124), which would amend the Federal Information Security Management Act of 2002 to require "the executive branch establish procedures to be followed in the event of a data breach," according to a press release from Davis' office. The bill also would:

-- clarify the authority that an agency head could delegate to the CIO;
-- require agencies to establish data breach notification procedures consistent with OMB policies, procedures and standards;
-- authorize agencies to establish polices and procedures for accounting for all federal personal property assigned to departing employees; and
-- define sensitive personal information.

The bill is identical to one Davis introduced last year (HR 6163), which was incorporated into The Veterans Identity and Credit Protection Act and passed in September. That law requires the Veterans Affairs Department to promptly notify vets of data breaches, to centralize IT management and to report VA's adherence to federal information security standards.

By Allan Holmes    Link | Comments (0)

Blog Ribs NASA Scientist

Predictions of the future can turn into embarrassing documents. Paleo-Future, a blog dedicated solely to unearthing past prognostications about, as its motto states, “the future that never was," makes a living off such documents.

This week, it puts NASA luminary Jesco Freiherr von Puttkamer (who has worked on everything from Apollo 11 to President Bush's Moon/Mars Exploration Vision) on the hot seat. A Nov.2, 1979, Christian Science Monitor article summarized his vision of the future:

By the late '80s or early '90s, a huge solar power satellite may be constructed to beam microwave energy to Earth. And after that, a natural step as Mr. Von Puttkamer sees it, will be space colonies built with nonterrestial material and using solar energy.

By David Perera    Link | Comments (0)

Ontario Blocks Access to Facebook

The United States isn't the only government struggling with what to allow employees to view on their government-issued computers during work hours. Ontario's provincial government is too.

When Ontario government employees tried yesterday to call up the social-networking site Facebook, they were presented with an "access denied" message, the Toronto Star reports. "'The Internet web site that you have requested has been deemed unacceptable for use for government business purposes,'" the warning reads," according to the article.

However, Ontario has not blocked the other popular social-networking site MySpace. The Star reports about Facebook:

"The staff determined it's not as directly related to the workplace as we'd like it to be so we're restricting access to it," Phillips told the Toronto Star.

"Our IT ... people are pretty broadly familiar with the marketplace and they said, 'Here's a website that's going to be increasingly more popular for the OPS (Ontario public service). Is this an appropriate website to be spending time on?'" he said.

"It's the ministry making these decisions on trying to ... restrict access to ones that are inappropriate and then to anticipate where one may grow in popularity and we may end up with a lot of OPS time being taken (up) on it."

As a reminder, the Office of Management and Budget requires agencies to create a personal use policy for government equipment, including computers. It refers agencies to a document issued by the federal CIO Council, which states:

Federal employees are permitted limited use of government office equipment for personal needs if the use does not interfere with official business and involves minimal additional expense to the government. This limited personal use of government office equipment should take place during the employee’s non-work time. This privilege to use government office equipment for nongovernment purposes may be revoked or limited at any time by appropriate federal agency or department officials.

By Allan Holmes    Link | Comments (0)

Laptop Battery Makers Look for Alternatives

Don’t expect an upsurge in the lifespan of your current laptop battery, warns a CNET article.

The laptop battery industry, now more safety conscious after reports last year of Sony-battery powered laptops exploding into flames, can’t pack much more power into their products, the article quotes industry experts. The laptop battery industry can increase battery power by about 7 percent a year, but “that's hard to stomach for an industry that has grown up with Moore's Law,” the article notes. Moore’s law states that computing power doubles about every 2 years.

The industry is trying to come up with alternative metals to the lithium battery, but the new batteries bring their own set of problems.

By David Perera    Link | Comments (0)

Tip Thursday - Checking Windows Security

Welcome to Tech Insider’s Tip Thursday, in which we bring you practical computing tips and information.

This week: Check your computer for Windows vulnerabilities.

In all likelihood, you have some version of Microsoft Windows as your computer’s operating system. Windows, of course, requires regular security upgrades and it’s possible that you might have fallen behind. There’s no reason to, however. Windows should be set to automatically download daily updates. Go to Start, Command Panel, and click Security Center. Click on the Automatic Updates icon, and check the white box that says automatic.

But, it’s not a bad idea to check your current status, for which Microsoft has a handy analyzer that will scan your computer for vulnerabilities. You might want to check other computers’ vulnerabilities, too, for which you’ll need a machine’s Internet protocol address. The Microsoft Baseline Analyzer does require a software download.

By David Perera    Link | Comments (0)

DOD Finds Instant Chat Netcentric

During the overthrow of the Taliban in Afghanistan, a Naval carrier battle group found instant messaging software improved their communications, according to a recent Defense Department case study.

The group, from the Navy’s Fifth Fleet, deployed Web-like technologies to become more netcentric. The chat room got special hosannas from this sailor: “‘Chat was awesome. Chat [was] like getting 20 new radios and being able to work all at once.’”

The carrier group created chat rooms for particular communities of interest, such as Tomahawk missile targeting, logistics or oceanographic conditions. The Navy used voice communication for really time sensitive information like air defense data and orders, but could still rely on chat rooms to diffuse tactical information. Besides moving information quicker and with greater fidelity (voice communications can be like playing a child’s game of telephone), chat provided an unexpected bonus: It dramatically decreased the chatter, so when something came across a squawk box, people really listened.

Some of the other Web-like technologies included an information sharing portal and a bulletin board.

By David Perera    Link | Comments (0)

Army Cracks Down on Soldiers' Blogs

The Army has issued stricter rules on soldiers writing blogs, requiring them to first have their superior officer clear the content before it is posted, Wired news reports.

The rules, obtained by Wired, also apply to civilians working for the Army, contractors and soldiers' families. The Army fears that soldiers may inadvertently give away military secrets and strategy in their blogs.

Wired quotes experts saying the new rules may end soldiers' blogs, some of which have been considered fresh and insightful looks into the Iraq War. According to Wired:

Military officials have been wrestling for years with how to handle troops who publish blogs. Officers have weighed the need for wartime discretion against the opportunities for the public to personally connect with some of the most effective advocates for the operations in Afghanistan and Iraq -- the troops themselves. The secret-keepers have generally won the argument, and the once-permissive atmosphere has slowly grown more tightly regulated. Soldier-bloggers have dropped offline as a result.

By Allan Holmes    Link | Comments (0)

Security Expert to Show Vista Weaknesses

A top security researcher known for finding security holes in Microsoft's Windows operating system plans to show how hackers can invade the recently released Vista, which Microsoft has boasted as having more hardened security features, ComputerWorld reports.

Security vulnerabilities for Microsoft's Vista have particular import for the federal government. In March, the Office of Management and Budget mandated agencies follow a standard Microsoft Windows operating system configuration to improve information security across government. Some worry that mandate will not make government systems substantially safer, while others do.

Joanna Rutkowska plans to hold a training session called "Understanding Stealth Malware" at this summer's Black Hat Briefings and Training event in Las Vegas. "The training session, which will be co-presented by researcher Alex Tereshkin, promises to demonstrate new rootkits developed for Vista, ways of defeating hardware-based forensics systems, and other techniques Microsoft would probably prefer the world didn't know," ComputerWorld reports.

Rutkowska "recently uncovered a number of flaws in Vista's much-hyped User Account Control (UAC) feature, which led Microsoft to declare that the feature wasn't really intended for security after all," according to ComputerWorld.

By Allan Holmes    Link | Comments (0)

Colo. Fights IT Project Failure

When it comes to IT projects frequently failing, Colorado is no exception. The state's troubled $223 million welfare benefit system is just one example.

But the state legislature is trying to do something about it, according to an article posted by the Rocky Mountain News. The Colorado Senate passed Senate Bill 254 abolishing the Colorado Commission on Information Management, which was compromised of lawmakers, private-sector experts and department heads who oversaw IT projects.

Taking over those duties will be the Colorado Governor's Office of Innovation and Technology, comprised of much of the same individuals: tech specialists and department heads, who will draw "on outside experts," according to the article. "The idea is for the governor's respected Chief Information Officer Michael Locatis to forge better collaboration and expertise-sharing among information technology teams now scattered across 20 agencies, said Rep. Bernie Buescher, D-Grand Junction," the newspaper reports. "An executive with strong private- and public-sector IT expertise, Locatis won praise as Denver's technology czar for forging the city's fragmented technology offices into a strong team."

The Rocky Mountain News quotes Buescher:

This is an effort to say: Let's get our very best minds together. Let's concentrate our effort. Let's make sure that when we do a new technology program that it's driven from within one department.

Is creating another office to oversee IT projects enterprisewide the answer for failed technology projects? Or is the key to IT project success a strong central leader? Or is it something else? Let us hear how you feel by clicking the "comment" link below.

By Allan Holmes    Link | Comments (0)

GAO: Census' Temp IT Training Lax

The U.S. Census Bureau has not developed an effective computer-training program for the thousands of temporary workers it plans to hire to interview citizens who may not send in census forms for the upcoming 2010 census, according to a report released last week by the General Accountability Office.

Census officials plan to outfit an estimated 525,000 enumerators with handheld computers. Census hires enumerators as temporary employees to track down individuals who have not filled out census forms. The enumerators will use the handheld computers to input answers to census questions and then later download the data to Census databases. The handheld computers, provided by contractor Harris Corp., will replace the paper-and-pencil process enumerators have used for decades.

But the GAO warns that the Census Bureau's hiring procedures do not look for candidates who have computer skills. For example, crew leaders, those in charge of supervising enumerators, will be in charge of troubleshooting any problems with the handheld computers. But the Census does not plan to ask candidates for crew leader positions if they have computer experience and skills that would allow them to be effective in fixing any problems that may arise with the handheld computers. The GAO concludes:

The bureau is providing some computer-based training on using the handheld computers for the nonresponse follow-up and address canvassing operations and will include visual aids to enhance training on using the handheld computers. Nonetheless, the bureau’s standardized approach to delivering training, including reading training scripts word-for-word over the course of several days, has remained largely unchanged. The bureau has not evaluated alternate training delivery approaches, such as providing video segments, as has been recommended by us and the [Office of Inspector general].

By Allan Holmes    Link | Comments (0)

CSC Part of Verizon Networx team

Computer Sciences Corp. announced today that it is part of the Verizon Business team that won one of three contracts under the federal government's Networx Universal telecommunications program, according to an article posted by TMCnet. CSC says it will provide "customer-specific network design support and engineering services, managed tiered security services and anti-virus managed services, which provide detection and removal of system viruses," according to the article.

By Allan Holmes    Link | Comments (0)

4 States Make Docs Easier to Find

Google and four state governments have teamed up to make public documents more easily retrievable when citizens conduct online searches, according to an article by the Associated Press.

"Google plans to announce Monday that it has already partnered with four states - Arizona, California, Utah and Virginia - to remove technical barriers that had prevented its search engine, as well as those of Microsoft Corp. and Yahoo Inc., from accessing tens of thousands of public records dealing with education, real estate, health care and the environment," the newswire reports.

The way state government computer networks are programmed has made it difficult for users to find public documents stored in state databases, but Google, working with state technology officers, have built "virtual road maps" to the databases where the documents are stored, the AP reports.

But privacy experts are worried that better access to public documents runs the risk of exposing private information, such as Social Security numbers. Many public documents in state databases contain Americans' Social Security numbers and other personal information.

By Allan Holmes    Link | Comments (0)