It would also speed up booking and flight scheduling for if use din conjunction with their automated booking and ticketing system it would indeed lessen the length of lines at airports. The most significant problem with RFID is that it is an active system that can be accessed, re-programmed and cloned into a number of identical copies, defeating the security purpose it was said to defeat. RFID tags unlike passive tags are easier to re-program for a user with the right tool can detect the needed information from a passport, encode it onto a new one and then be off on his way without anybody knowing about it. Tools and methods are widely available to programmers and hackers so the high-tech passport is truly just another waste of taxpayer money.

Europe has started to issue RFID passports that have unique codes that identify it as a fingerprint. The only problem is that the technology also opens a whole new avenue for hackers for a well-equipped person can remotely detect a passport with the right equipment from a distance without that person even knowing the data exchange. The move by the UK to move into high-tech passports was to lessen eh time it took to verify the true identity of the holders and of the passport itself. Fake passports would have none of the pre-set information encoded from the issuing office so they can easily be detected and security does the rest.

Four employees of a private Israeli Investigation Agency were found guilty to have employed Spyware to steal information from companies. The investigation firm, Modi’in Ezrahi has three of its employees were convicted and given jail terms from 9 months to one and a half year due to industrial espionage the authorities have been monitoring since 2005. This is a common practice of investigation agencies who regularly conduct espionage on rival firms of customers, selling the information they gather to the highest bidder. Corporate espionage is increasing as much as Cybercrime and is forcing many governments to take notice. This incident highlights the need for better protection from cyber criminals in the form of intrusion prevention systems and antivirus software. The authors of the Trojan horse program were sentenced to two and four years of jail time plus hefty fines.

They also report that the amount of malware has increased significantly with them growing ever complex making it harder for industry to cope unless there is mass infections. The initial detection of a threat mobilizes emergency centers that these software company’s have who work against the clock to provide updates to their many registered subscribers which they send updates to once they have the cure. They also send out updates to virus signature databases which allows the anti-virus, Intrusion detection and Prevention Systems to counter attacks by letting them recognize them hopefully in time to prevent mass infection.

Symantec Inc., one of the industry’s leaders in virus and internet protection software has released their analyses of malware activities that wanted to steal personal information for the year 2007. It shows that from Jan to Jun last year, there were almost 7,000 incidents of attacks on the internet and systems their software are protecting while almost double for the next half year. This trend is quite alarming for cyber attacks have grown considerably that more and more people are falling victim to such attacks. The company conducts their own hacker communications analyses and other intelligence by analyzing information they set in honey-pots (purposely set traps to track hacker activities) and the results their software sends in to them for analyses.

Previously we discussed the importance of having an intrusion detection system to handle the growing number of attacks on corporate networks with Intrusion Detection Systems. A better solution would be to give some form of control to the detection system giving it teeth to execute actions that would prevent intrusion such as denying access or deleting errant file attachments. This comes in the form of Intrusion Prevention Systems which have the ability to detect, analyze and take appropriate action as programmed to do so by the systems administrators who then gets a detailed report on what was done. This allows them to review and take further action if the file was simply quarantined and not deleted by the system. They can then be submitted to the software vendor so they can analyze and formulate a solution to the threat providing feedback to prevent further infections.

Network Intrusion Detection Systems have a sole purpose which is to analyze data packets entering a network while looking for signatures of known malware. These signatures are constantly updated as new threats are detected so they are always on the lookout for a growing number of threats that keep on getting better and better at what they do. A detection system checks for any suspicious activity and then notifies the right people who then do the desired actions that have been laid out. Much like a citizen who calls the cops to report a criminal, it works the same way with the system being the caller and the dispatcher in detection side, and the cops on the System Administration side who takes action and apprehends the suspected criminal. They are however quite dependent on the ability of their handlers (System Administrator’s) to handle the threat as it should be. Miscalculations or lack of action can render it useless defeating its purpose. A better solution will be discussed in the next post that is more pro-active in the quest to protect the corporate network.

The Sans Institute has been monitoring activity of a Trojan that has been using seemingly valid PDF files as a propagation method. Thought the risk is very low and no major incident has been seen, it may be signs of a new frontier malware authors are trying out. The Trojan installs itself as you open the infected Trojan and then opens the PDF as if nothing happened. The SANS institute has issued warnings that even though there are no major incidents of attacks, people should update their Adobe readers to the latest versions. They also advise users to turn off Adobe’s JavaScript facility. More detailed explanation of the incident from the Sans Institute Storm Center Diary entry.