If you are going to hack a phone system, do you really want to hack the Department of Homeland Security?

That’s what happened this weekend when someone made hundreds of illegal calls from a FEMA PBX to the Middle East and Asia.

It appears that it was the usual culprits of poor change control and misconfigurations left FEMA’s digital doors open.

All of this is according to an Associated Press story I read on MSNBC.com last night.

According to the AP’s Eileen Sullivan and Ted Bridis, the attacker placed more than 400 calls on the hacked FEMA phone system to places such as Afghanistan, Saudi Arabia, India and Yemen.

Here’s the kicker, from an IT security perspective, from the AP story quoting a FEMA spokesperson:

FEMA’s chief information officer is investigating who hacked into the system and where exactly the calls were placed to. At this point it appears a “hole” was left open by the contractor when the voicemail system was being upgraded, Olshanski said. Olshanski did not know who the contractor was or what hole specifically was left open, but he assured the hole has since been closed.

This illustrates an excellent, yet often overlooked, point. Despite all of the attention we spend focusing on zero-day vulnerabilities and exotic exploits and attacks – many times it’s simply poor change control procedures, lack of urgency to patch, or carelessness that gets an organization bitten.

Fortunately, in this case, it only appears to have been $12,000 in illegal calls to the Middle East and Asia, and some egg of the face of FEMA and the DHS.

Source: MSNBC: Hacker breaks into FEMA phone system

In case there was any doubt that the company is still stuck in the 1990s, Microsoft hired Jerry Seinfeld as the face of its $300 million USD advertising campaign to hawk Windows Vista.

Here’s the incomprehensible part: The 54-year-old washed-up has-been was chosen because Microsoft is “weary of being cast as a stodgy oldster by Apple Inc.’s advertising,” according to the Wall Street Journal.

Seinfeld is most famous for his 90s-era sitcom, which always prominently displayed a Macintosh in his TV apartment. Microsoft will pay Seinfeld $10 million.

After a large amount of internal changes and restructuring, release day is finally here.

Grab MAME 0.127 from the Latest MAME Release page.

Palm accidentally uploaded a presentation about the Palm Treo 850 — aka Treo Pro — to a public Palm Web site, where it was spotted by bloggers and posted just about everywhere.

It is probably the best looking Treo ever but is that really saying all that much? It sure looks nice:

You can see additional pictures of it here and here.

Looks to have either a black or gun-metal finish to it, with nice sharp lines and clean buttons. My one issue is that it still looks chubby.

Palm Treos, even the latest 800w, are a lot thicker than the competition. Motorola, Samsung, Apple, and even RIM seem to know how to make thinner smartphones.

Other details that can be discerned from the presentation are that it will have a full 3.5mm headset jack for headphones, Wi-Fi and of course a touch screen, which all Palms have.

It also looks like it will run the Windows Mobile 6.1 platform and will have a micro-USB jack for transferring data.

When this device will launch is unknown, but it will be with a carrier such as T-Mobile or AT&T, because the first version of it will have GSM / UMTS radios.

This phone is a nice improvement for Palm in the looks department.

Since the next generation of Palm’s own operating system is not going to be available for a while, Palm needs to do its best with Windows Mobile phones if it is to remain relevant in the competitive smartphone market.

On its enterprise blog this afternoon, Google reported that it saw more infectious spam messages in July than any month so far this year.

According to data gathered by Google’s Postini corporate e-mail security service, the volume of e-mail virus attacks peaked at almost 10 million on a single day, July 24.

That kind of volume, six to seven times what’s typical, means spam messages are getting through someone’s defenses and turning recipient’s machines into zombies, said Sundar Raghavan, a product marketing manager with the Google Apps Security & Compliance team.

“The summer of spam has caught up with us this time,” said Raghavan.

Raghavan suggests that in contrast to the message protection Google delivers from the Internet cloud, anti-spam hardware appliances that don’t update fast enough may allow malicious e-mail attacks to succeed.

Much of the spam that Google is seeing aims to exploit not browser or operating system vulnerabilities but user curiosity. Thus, explained Raghavan, spam now takes the form of spoofed CNN newsletters with link descriptions designed to bait the user, such as “Microsoft Bribes Chinese Officials.” Clicking such links in spam messages, however, generally leads to malware.

Raghavan also said that Google has seen an increase in e-mail messages with viruses concealed as encrypted .RAR attachments, despite an overall decrease in malicious attachments.

Marshal, an e-mail security company, this morning issued its security report covering the first half of 2008. In the first six months of 2008, the company says that spam volume doubled.

Marshal said that because of unpatched browsers, 45% of Internet users are at risk when they visit legitimate Web sites hosting malicious code. And there are many such sites. In May, the company identified 1.5 million Web sites infected with malware as a result of a botnet attack.

It may not come as a shock that Marshal, as a maker of e-mail security hardware, has more faith in e-mail security hardware than Google.

“We are now in the situation where spam accounts for almost 90 percent of all e-mail and increasingly contains links to infected sites,” said Bradley Anstis, VP of products, in a statement. “Companies really need to employ a combination of e-mail security gateways that have anti-spam protection using multiple techniques to block malicious content and secure Web gateway products that do not just rely on URL filtering but also scan the content that end users are downloading and uploading in real-time.”

E-mail users may also want to consider in-brain message filtering (no purchase required). Just as one might be skeptical of offers of wealth from a mysterious Nigerian benefactor, one might also refrain from clicking on links to suspect news stories along the lines of “Steve Jobs Uses Windows Vista At Home” or “Google Provides NSA With Real-Time Search Data.”

I’m always on the look out for new and exciting web applications and today I was introduced to a really cool one called Fuelly.
So what is Fuelly you might be wondering? Fuelly is a site that tracks your gas mileage over time, helping you save fuel and expenses as you drive.

If you want to stalk my MPG, you can find me over at my Fuelly profile.

It’s pretty easy to use the site as well.

Basically you sign up for a free account, add a car to your profile, then either keep track of miles driven between fuel-ups (using your car’s tripometer) or record your odometer at each fuel-up (you can choose in your settings which way to record mileage).

For technology geeks like myself who are always connected, you should check out the mobile version of Fuelly for adding data right from the gas pump. I checked it out on my BlackBerry. It looked really nice.

As an added bonus, they even have a blogtastic development blog to keep everyone up-to-date on the upcoming changes, features, bug fixes, etc.

The service is still really new… barely live 24 hours but I see this application really taking off. If you end up registering account, let me know so we can be gas mileage stalking buddies