Saturday, March 14, 2009

Bribery case creates possible IT security nightmare in D.C.

Arrest of security exec leaves district officials facing 'huge mess' over potential security issues

After being arrested on bribery chargesyesterday, the District of Columbia's top information security official is being held without bail, partly because of uncertainty about whether he still has the ability to access the district's IT systems.

That's just one of many potential security issues facing D.C. government officials after the FBI raided the district's IT offices and arrested Yusuf Acar, its acting chief security officer, and a second man in connection with an alleged bribery scheme.

For instance, Acar had access to personnel data and other confidential information in the district's systems as part of his job. Court documents submitted by the FBI claim that several other district employees were also involved in the bribery scheme. Security analysts warn that Acar and his alleged accomplices could have created backdoors into systems. And since the alleged scheme included misdoings on a purchase of security software, there may be questions about the quality of the district's security tools.

From an IT security standpoint, municipal officials in Washington have a nightmare on their hands, said Johannes Ullrich, chief technology officer at the SANS Institute's Internet Storm Center in Bethesda, Md.

As a security official in the IT department, Acar would have had widespread access to the district's networks and probably also its databases and password files, Ullrich said. In addition, he would have been privy to details about its user-access-control procedures. That level of access and knowledge could have enabled him to do a variety of things, virtually undetected, if he so chose, according to Ullrich.

Without a thorough forensics investigation, there's no telling whether anything nefarious was actually done to the district's systems, Ullrich noted. He said some of the classic rogue-insider actions that D.C. officials should look for include installing backdoors, stealing data andplanting logic bombs designed to destroy data after a specified period of time has elapsed. Another is tricking other users into installing malware or compromised devices on their systems.

At Acar's arraignment in U.S. District Court yesterday, Assistant U.S. Attorney Thomas Hibarger cited a number of reasons why the IT worker should be held in jail pending a bond hearing scheduled for next Tuesday. First and foremost, Hibarger said there was a "serious risk" that Acar, who has relatives in Turkey, would try to flee the country. But Hibarger also pointed to Acar's broad system-access privileges and said prosecutors didn't know for sure that he would be blocked from accessing the district's network.

Federal investigators haven't said whether they think any of the data in the district's systems was compromised as part of the alleged bribery scheme. A spokesman for the U.S. attorney's office said today that he couldn't comment on the investigative steps being taken.

Wednesday, March 4, 2009

Asus soups up Lamborghini laptop with 1TB SSD

Lamborghini VX5 also sports a Blu-ray drive

March 3, 2009 (Computerworld) Asustek Computer Inc. unveiled a new laptop at the CeBIT show in Hannover, Germany, today that comes equipped with a 1TB solid-state disk (SSD) drive, a 16-in. high-definition display, a Blu-ray drive and leather-covered panel rests.

The Asus Lamborghini VX5 laptop comes with an LCD cover designed to remind users of the Lamborghini Reventon sports car's aluminum-alloy fuselage.

Its piano-painted mirror surface is also supposed to mimic the car's finish. The notebook comes with a 1TB SSD from pureSilicon Inc., which launched the compact flash-memory drive in January.

The purSilicon SSD boasts a data-transfer burst speed of 300MB/sec., a sustained read speed of 240MB/sec. and a sustained write speed of 215MB/sec.
Asus' new Lamborghini VX5. Pricing and release date have yet to be determined.

The pureSilicon SSD boasts a data-transfer burst speed of 300MB/sec., a sustained read speed of 240MB/sec. and a sustained write speed of 215MB/sec.

The Lamborghini VX5 will also come with an Intel Core 2 Quad CPU and 4GB of RAM. "It features a 'twin turbo' mode that users can utilize to accelerate CPU and GPU performance via a speed key," Asus said.

The notebook also has an illuminated "chiclet" keyboard that automatically lights up in low light conditions.

The laptop's display is a 16-in. "full HD" screen -- 1080p, or 1920 by 1080 pixels -- along with a dedicated Nvidia GeForce GT 130M graphics chip with 1GB of GDDR 3 video RAM.

The laptop's Blu-ray drive and the onboard HDMI socket allow output to an HDTV for watching movies.

Asus has not yet set a release data or price for the new laptop.

iPhone apps that foretell the future page 2

NumberKey Connect makes a perfect companion to Apple's wireless Bluetooth and laptop keyboards, which lack number keys. It even offers four different themes, and its behind-the-scenes use of Bonjour translates to an automatic and reliable connection for your Macs running 10.5.5 and above, with an iPhone 2.1 or later. Simple in form and execution, this solution is both infinitely useful and potentially prophetic concerning future device interaction.

Of course, there's always full-on computer control, and for that you can use the free Mocha VNC Lite. As long as there's a wireless network connection -- including 3G signal -- and a properly configured Mac or PC, you can access your computer and control it as if you were in front of it, all from your iPhone.

The software provides support for all sorts of interaction using gestures and taps, including different input modes for controlling the screen or for manipulating icons on the computer.

Mocha VNC Lite
Use Mocha VNC Lite to control either a Mac or a PC remotely.
Click to view larger image

For my part, I've used Mocha a few times to access mission-critical servers, allowing me to input commands via Mocha's on-screen keyboard remotely and helping me avoid a very bad day. At home, I use the software for accessing the Mac that controls my optical disk carousels. With Mocha and some not-so-fancy AppleScript, I can access the Mac to pick one of several hundred movie titles without having to interrupt the current program on screen.

My own examples are just scratching the surface as to what can be done with the ability to control a computer from anywhere you are.

Clearly, these are the first steps for the iPhone in device interactivity. Although the pairing of two wholly different devices to perform a specific task isn't anything new to the computer scene, the iPhone's software platform and wireless connectivity options portend an almost endless array of possibilities.

Note to Apple: For this to truly become the future, you need to open up hardware accessibility to third parties! (Although logic dictates you may already be working on this.)

iPhone + home automation

Apps: iPhone Home Controller 2.0, Smarthome

Imagine being able to read the contents of your fridge by glancing at a list stored on your iPhone; dimming the kitchen lights with a gesture on the touch screen; and finally being able to determine beyond all doubt that you did, in fact, turn the iron off.

As we march into the future, there is an emerging marketplace for mainstream hardware that bridges the gap between the iPhone and household appliances. While direct-connectivity options built into appliances are the next logical step, there are currently third-party options that enable home automation for existing homes.

Be warned, however; home automation is getting better, but it's still all rather geeky and niche-y, complete with dedicated online forums run mostly by ├╝ber nerds who are to regular nerds what nerds are to normal people. If you're still curious after that caveat, there are a few sites that offer complete solutions, including Smarthome.com and the iPhone Home Controller 2.0.

For examples of home automation via the iPhone, the Smarthome site even offers a Web video that demonstrates dimming lights, turning on and off sprinklers and adjusting temperature. It also shows the ability to monitor all of the actions remotely using an IP-based Web camera.

If you still want more, check out this list of home automation software, compiled specifically for the iPhone, including many more options than I'm able to cover here.

iPhone apps that foretell the future

More than just useful or fun, these iPhone apps point the way toward the future -- of the iPhone and smartphones in general.

Ah, the Apple App Store. Since July 2008, the month when Apple opened its wildly popular library of applications for the iPhone and iPod Touch, the world has been treated to more than 20,000 apps, with some 500 million downloaded as of February 2009.

Programs run the gamut from necessary, useful and a ton of fun all the way through to "none of the above."

And then there's another class of software -- iPhone apps that foretell the future.

These are the applications that offer clues as to how mobile users are likely to use their smartphones -- whether it's an iPhone or one of the iPhone's rivals -- in the months and years to come. (Just today,Amazon.com released a Kindle e-reader app for the iPhone.) While I focus specifically on the iPhone here, it's likely that other smartphone platforms will take a similar course as well.

iphone

With an eye on what's out there now in the App Store -- and what that inventory indicates about what could be coming next -- I've sorted through thousands of programs to pick a few apps that indicate the direction we could see the iPhone and other future mobile devices take.

Ready for a little reading of the tea leaves? Here's my personal list of iPhone apps that best exemplify the future of mobile applications.

iPhone + computer

Apps: Remote, NumberKey Connect, Mocha VNC Lite

In the future, we will definitely see a higher degree of interaction between the iPhone and the computer, and there a few popular products out right now that point the way.

Remote from Apple
Use Remote to access your tunes from afar, particularly if your computer or AirPort Express station is hooked up to a sound system.

Since the beginning, Apple has offered Remote, which has become a very popular app (and the price is right -- it's free). For the two of you who have never tried it, Remote allows the iPhone to access and control, via local Wi-Fi, iTunes content stored on a computer, which is incredibly useful if your computer or AirPort Express station is hooked up to a sound system.

The app offers an impressive amount of control, supporting nearly as many features remotely as you'd get if the content were stored on the iPhone itself.

In fact, the single thing that I found missing is the inability to view lyrics within music tracks.

Despite that one shortcoming, it's simple to set up, simple to manage and extraordinarily useful. This free app is a perfect example of cross-device interactivity.

NumberKey Connect from Balmuda
NumberKey Connect lets your iPhone act as the Mac's number pad.
Click to view larger image

Another excellent example of computer-to-iPhone interaction is NumberKey Connect ($1.99) from Balmuda, which allows the iPhone to act as a Mac's number pad.

The software works in tandem with a small program running on your Mac (this computer-specific software is Mac-only as of press time, supporting both Intel- and PPC-based Macs) and like Remote, it utilizes Apple's Bonjour service-discovery networking protocol.