• United States



by CSO Contributor

Security Lax at Animal Research Station; No Effect Seen in U.S. Hack Disclosure Law; Microsoft Offers Early Look at Longhorn; Sober Worm Causes Headaches

Oct 28, 20033 mins
CSO and CISOData and Information Security

Security Lax at Animal Research Station

According to an article in Chemical & Engineering News, Congressional security auditors at Plum Island Animal Disease Center on Long Island, N.Y., have found some improvements but they also note security breaches that could result in the loss of pathogens that can be made into weapons. The audit came at the prompting of Sen. Tom Harken (D-Iowa), the ranking member of the Committee on Agriculture, Nutrition & Forestry. Concerns were raised about the facility in the wake of Sept. 11, 2001, and were boosted by a strike in the summer of 2002 by workers of the contractor that then operated and maintained the center, all of which highlighted the opportunity for sabotage. The Chemical & Engineering News reports that the GAO uncovered “incomplete and limited” physical security. Door sensors and alarms were not fully functional, outside lighting was poor, and armed guards didn’t have the authority to use their weapons. More disturbing was that “officials have not adequately controlled access to the pathogens.” Such control is important, the report says, because theft of small amounts of pathogens that can rapidly multiply are likely to go undetected. The GAO also found that background checks had not been done on foreign students and foreign scientists who recently were given access to biocontainment labs. No Effect Seen in U.S. Hack Disclosure LawThe Register, nearly four months after it took effect, California’s unique security breach disclosure law has yet to see any enforcement action. The law, which took effect July 1, obligates companies doing business online to warn their customers in “the most expedient time possible” about any security breach that exposes certain types of information: specifically, customers’ names in association with their social security number, drivers license number, or a credit card or bank account number. Observers say that the law hasn’t opened a floodgate of security breach disclosures.

According to

Microsoft Offers Early Look at LonghornThe Washington Post today, Bill Gates offered a peek yesterday at the next incarnation of Microsoft Windows, promising it will offer computer users robust security and let them more easily search for files spread across varying programs. Gates began showing the new operating system, code-named Longhorn, to outside software developers so they can begin writing new programs that will work with it. The Post story outlines improvements offered by Longhorn, which is billed as the biggest operating system upgrade by Microsoft since Windows 95.

According to a story in

Sober Worm Causes Headaches reports that a new virus threat called Sober could be causing a few headaches today. The worm, spotted yesterday, is a traditional attachment-based piece of malware that hides its code in an HTML e-mail and uses social engineering to trick people into activating its payload. Microsoft Outlook users can activate the payload just by opening the e-mail. Once activated, the malware installs itself as drv.exe, similare.exe or systemchk.exe. It then mails itself to any found addresses using its own SMTP engine. The outgoing e-mails have spoofed headers, which makes backtracking the virus source more difficult.