CBC Online Regional News

TCS Forensics, Subject Matter Expert: British Columbia Lottery Corporation Data Breach

Excerpt from “Campbell confident in BCLC after breach“:

Meanwhile, a local security expert is warning that hackers and cyber-thieves will be on the alert when B.C.’s virtual casino goes back online.

Ryan Mattinson, a forensic examiner and computer security consultant, said the troubles are far from over for the lottery corporation.

“In this day and age, there’s a baseline level of activity just from being online,” he said.

“Everyone’s having their systems probed and having automated attacks … run against them to see if there’s anything that can be easily taken advantage of out there. And after something like this happens, then BCLC is going to be getting a little bit of extra attention.”

Mattinson doesn’t want to see the website running again anytime soon.

He said the lottery corporation needs to go back to the drawing board to beef up its security and quality control.

CBC Radio 1, Vancouver, Early Edition – Anthony Germain

TCS Forensics, Subject Matter Expert: British Columbia Lottery Corporation Data Breach

Contributor: Wireless Encryption Vulnerabilities

By Alan Zisman

Life in the high-tech office rarely pauses to let you catch your breath.

Install a piece of software and, almost immediately, there’s an update, with bug fixes and maybe a new feature or two. It’s the same thing with this column. No sooner is a column in print than it needs an update.

Microsoft periodically rolls a bunch of Windows updates into a service pack. Here’s the High Tech Office 2010 – Service Pack 1: bug fixes and new additions to some of this season’s column.

BIV’s issue 1068 (April 13-19) column looked at HP’s TouchSmart tm2 – a nice laptop with touchscreen features. HP was promising an iPad-like Slate for the second half of 2010. My fear: if the Slate were to run Windows 7, its touch features would be awkward at best.

Soon after publication, HP bought Palm, whose Pre smartphone had failed to make much of a dent in iPhone sales.

HP has now announced that the Slate will run Palm’s very nice WebOS system rather than Windows. If HP can get software-makers developing apps for WebOS – something Palm wasn’t very successful at – it could have a solid iPad alternative.

The following week’s column (issue 1069; April 20-26)looked at the “threatscape” – the evolving perils that face online users. Since then, there has been some good security news. The first concerns phishing scams – e-mail tempting users to visit websites masquerading as banks or other financial institutions in order to steal log-in passwords. According to the Anti-Phishing Working Group, while phishing scams continue to multiply, financial institutions and Internet services and providers are responding quicker. According to the report, the average phishing website remained online for only 32 hours in 2009, down from about 50 the year before.

More good news: a Microsoft report released in late April notes that in the second half of 2009, Canada had 2.5 infected computers out of every 1,000 surveyed. That’s down from 8.1 per 1,000 two years previously.

The global infection rate, according to the report, was 7.0 per 1,000. Microsoft’s report agrees with Fortinet’s Derek Manky, quoted in issue 1069’s column, that fake security software is now the biggest threat to Windows computer users.

A week later, we looked at Motorola’s Milestone smartphone, one of a number of phones using Google’s Android operating system, a credible iPhone alternative. Recently, Android beat out iPhone sales, at least in the U.S. I haven’t seen equivalent Canadian statistics, but I suspect that’s not the case here. The U.S. has a wider variety of Android-powered phones to choose from and, down there, Apple’s iPhone is available only on the AT&T network, while in Canada you can get iPhone contracts with all three of the major mobile providers: Bell, Telus and Rogers/Fido.

Shortly after the column appeared, Motorola announced that the Milestone was the first Android phone in Canada to be updated to the new Android 2.1 version. Because it’s impossible to really remain technologically up to date, a few days later Google announced an even newer Android 2.2 version. So stay tuned.

The column in issue 1071 (May 4-10) looked at a pair of devices that allow home and small-business users to put multiple computers online and connect to a mobile phone company’s data network. Ryan Mattinson, a Computer Forensics and Security Consultant with Vancouver’s TCS Forensics, e-mailed with a potential concern. While Wi-Fi wireless connections can be easily setup to use strong encryption, Mattinson noted that the encryption standards used on mobile data networks “do not offer anywhere near this level of security.”

He pointed out that while providers are touting the increased security of their 3G networks, the first paper documenting a successful attack against encryption used by these networks has already been published.

Moreover, when 3G networks are not available, mobile devices drop down to the slower but more common 2G networks – and the encryption used on these widely used GSM networks was broken years ago. The result, according to Mattinson, is that “someone with $1500 worth of hardware … can passively monitor and record cellular data undetected.”

Those are my updates so far. Of course, by the time you get to read them – like Motorola’s Android 2.1 announcement – my updates will probably need updating.\

Original Source: “High Tech Office Service Pack 1: updates and information-bug fixes