Group items tagged

The key points of the plan closely mirror recommendations offered late last year by a bipartisan commission of computer security experts, which urged then president-elect Obama to set up a high-level post to tackle cyber security, consider new regulations to combat cyber crime and shore up the security of the nation's most sensitive computer networks. The strategy, as outlined in a broader policy document on homeland security priorities posted on the Whitehouse.gov Web site Wednesday, states the following goals: * Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy. * Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure. * Protect the IT Infrastructure That Keeps America's Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience. * Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate. * Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime. *

GoogleApps is an upgade to the Los Angeles computer systems security? Doesn't that explain a lot?! Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

Government Information Security Podcasts As a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info Probing Federal IT Security Programs: Gregory Wilshusen, GAO February 23, 2009 Government Accountability Office auditors will have a busy spring, examining a number of federal government programs aimed at securing government information systems and data. In an interview with GovInfoSecurity.com, Gregory Wilshusen discusses how the GAO is looking at how private industry and two dozen federal agencies employ metrics to measure the effectiveness of information security control activities. Other current GAO information security investigations he discusses include: Federal Desktop Core Configuration intended to standardize security features on personal computers purchased by the government. Trusted Internet Connection initiative aimed at slashing government Internet connections to fewer than 100 from more than 2,000. Einstein automated networking monitoring program run by U.S Computer Emergency Readiness Team. Gregory Wilshusen is director of information security issues at GAO, where he leads information security-related studies and audits of the federal government. He has more than 26 years of auditing, financial management and information systems experience. Before joining GAO in 1997, Wilshusen served as a senior systems analyst at the Department of Education as well as the controller for the North Carolina Department of Environment, Health and Natural Resources.

IT directors are adding multiple layers of protection to their networks and constantly upgrade those measures to adjust for new threats. Is this good? Is the Internet too broken to fix? Is there a better path to enterprise network security? One option is a new "gated community" Internet, where users give up their freedoms and anonymity for safety. My initiation to the Internet and the World Wide Web occurred in 1994 in a large meeting room at an Atlanta hotel. Most of the 100 or so seats were empty. Those in attendance seemed fairly rabid about this new network and took exception to one speaker's prediction that the Web would become a major marketing vehicle. "Not gonna happen," said one attendee. "We'll spam them into submission if they try. We won't let this become commercialized." I kind of chuckled to myself. Those early adopters were mainly concerned with protecting the Internet from commercialization and marketing. Security was not even part of the discussion. Now, it is threatening to dismantle the Internet as a communication and commerce tool. Cyber attacks on U.S. government computer networks increased a reported 40 percent in 2008, according to data from the U.S. Computer Emergency Readiness Team. More than 100 million credit card accounts at Heartland Payment Systems were compromised last year. In November, the Pentagon suffered from a cyber attack in the form of a global virus or worm that spread rapidly throughout a number of military networks, and caused the agency to ban the use of external storage devices, such as flash drives and DVDs. And this is just the tip of the Internet security Relevant Products/Services iceberg. Enterprise networks are being used to launch phishing Relevant Products/Services and other Internet scams, such as the Conficker worm that infected 12 million computers late last year. IT directors everywhere are adding multiple layers of protection to their networks and constantly having to upgrade those measures to adjust fo

Netbook web surfers beware. That low-cost netbook you're using could be a high-speed gateway into your life, bank accounts, passwords and other personal data. Netbooks have made headlines since their 2007 launch, making PCs accessible to millions of non-traditional users. But their cheap cost could also carry a steep price tag due to lax security that makes them easier prey for viruses and hackers. Since their introduction less than two years ago by Taiwan's Asustek, nearly all major PC makers, including Hewlett-Packard, Dell, Acer and Lenovo, have jumped on the netbook bandwagon. But their no frills nature, combined with low computing power and relative lack of sophistication among their users could combine to create the perfect storm for hackers and virus creators looking for easy targets, analysts say. "The Internet is full of dangers, regardless of what computer you are using," said Sam Yen, greater China marketing manager at anti-virus software maker Symantec. "But keeping in mind that the netbook is primarily used to surf the Internet, those dangers are possibly multiplied many-fold, especially if there is no anti-virus software installed in the machine." Price tags as low as $300 mean that netbooks often lack such standard gear as firewalls and other anti-virus software typically found in other computers, leaving them highly vulnerable to attacks. "Frankly, netbook security is not there yet," said Pranab Sarmah, an analyst at the Daiwa Institute of Research. "The positioning of the netbook means PC brands are going to do whatever it takes to make the price point attractive to consumers, which means keeping costs low." Many netbook users are relative Internet newcomers, and may not be aware of precautions they can take to protect themselves. Low computing power also means savvy netbook users may shut down critical security programs to boost speed. "It's a Catch-22 situation," said Gartner analyst Lillian Tay. "If you're running too many security prog

In Deloitte's sixth annual Global Security Survey, people are the problem. "[P]eople continue to be an organization's greatest asset as well as its greatest worry," Adel Melek, global leader of security and privacy services at Deloitte Touche Tohmatsu, said in the report. "That has not changed from 2007. What has changed is the environment. The economic meltdown was not at its peak when respondents took this survey. If there was ever an environment more likely to facilitate an organization's people being distracted, nervous, fearful, or disgruntled, this is it. To state that security vigilance is even more important at a time like this is an understatement." On one level, that couldn't be more obvious: It's not as if anyone worries about squirrels hacking servers; security has always been about people. (Robots, the report says, are unlikely to replace the human workforce during the lifetime of anyone reading the report. Finally, some good employment news.) Yet despite the obviousness of the problem, the obvious solution -- complete denial of access -- doesn't work. People use computers and computers are more useful when connected and it just gets worse from there. That may explain why identity and access management remained top of mind for survey respondents. Deloitte's survey, drawn from major financial companies around the globe, focuses on governance, investment, risk, use of security technologies, quality of operations, and privacy. It includes some good news -- external breaches have declined sharply over the past year -- and troublesome news -- fewer companies say they have the commitment and funding to address regulatory compliance. In terms of risk, specifically information systems failure, people are identified as the most significant vulnerability. "Human error is overwhelmingly stated as the greatest weakness this year (86%), followed by technology (a distant 63%)," the report states. It attributes the rising risk to increased adoption of new techno

The Electronic Privacy Information Center formally asked the Federal Trade Commission on Tuesday to investigate the privacy and security safeguards of Gmail, Google Docs and other so-called cloud computing services offered by Google to consumers. The filing points to a security breach earlier this month that may have improperly exposed the files of Google Docs users to others. It asks the F.T.C. to look into the adequacy of privacy and security safeguards of Google's services and to require Google to be accountable for breaches. It also asks the agency to force Google to make its security policies more transparent and to disclose any breaches. It also asks the F.T.C. to enjoin Google from offering cloud computing services until it establishes verifiable safeguards. The full filing is available here. Marc Rotenberg, EPIC's executive director, said he was concerned about all cloud computing services, which encourage users to store a growing number of documents on the servers of companies like Google, Yahoo, Microsoft and others. But he said that EPIC focused on Google because it is the primary provider of cloud computing services to consumers.

Hackers broke into the Federal Aviation Administration's computer system last week, accessing the names and national identification numbers of 45,000 employees and retirees, a union leader says. Tom Waters, president of American Federation of State, County and Municipal Employees Local 3290, said FAA officials briefed union leaders Monday about the security breach. FAA spokeswoman Laura Brown confirmed the agency's computers were hacked last week. Story continues below ↓advertisement | your ad here Waters said union leaders were told hackers gained access to two files. One file had the names and Social Security numbers of 45,000 employees and retirees on the FAA's rolls as of February 2006. Social Security is the U.S. government-directed pension system, and in the absence of a national identity card, other people's social security numbers can be used to steal identities for illicit purposes. Waters said the other file contained medical information that was encrypted. "These government systems should be the best in the world, and apparently they are able to be compromised," said Waters, an FAA contracts attorney. "Our information technology systems people need to take a long hard look at themselves and their capabilities. This is malpractice in their world." FAA officials told union leaders the incident was the first of its kind at the agency. But Waters said his union complained about three or four years ago about an incident in which employees received anti-union mail that used names and addresses that appeared to be generated from FAA computer files.

Reports on Tuesday of a New Zealand man who purchased a secondhand MP3 player containing the personal information of U.S. soldiers highlighted the federal government's continuing inability to protect private information on unauthorized, third-party storage devices. New Zealander Chris Ogle bought a used MP3 player in Oklahoma about a year ago, according to New Zealand's public television station, ONE News. A few weeks ago, when he plugged the player into his computer to download a song, Ogle found 60 military files stored on the device, which included names, addresses, and phone and Social Security numbers of U.S. soldiers. The files also contained what appears to be a mission briefing and lists of equipment deployed to Iraq and Afghanistan. Most of the files are dated 2005. ONE News reported that some of the phone numbers on the player are still active. "The more I look at it, the more I see and the less I think I should be," Ogle told ONE News. Ogle offered to return the MP3 player to U.S. officials if requested. Privacy experts say the breach is just the latest example of the federal government's inability to manage the security risk posed by removable storage devices. In November the Defense Department banned the use of removable storage devices after reports that hardware that can be inserted into a USB drive could infect the computer with viruses and worms. A Pentagon spokesman said the military is aware of the latest report form New Zealand, but does not know of any action the department has taken. Michael Maloof, chief technology officer for the information security firm TriGeo Network Security in Post Falls, Idaho, said individuals do not view devices like MP3 players as computers that can store large amounts of private data. "Myself and security experts have been saying for some time that phones and MP3 players are really mass storage devices," he said. The military should "ban all mass storage devices. It may make some people unhappy, but you see the

The U.S. government's director for cybersecurity resigned on Friday, criticizing the excessive role of the National Security Agency in countering threats to the country's computer systems. "He has tendered his resignation," Amy Kudwa, a Department of Homeland Security spokeswoman told Reuters. Former Silicon Valley entrepreneur Rod Beckstrom said in a resignation letter published by the Wall Street Journal it was a "bad strategy" to have the National Security Agency, which is part of the Department of Defense, play a major role in cybersecurity. Beckstrom headed the National Cybersecurity Center, which was created last March to coordinate all government cybersecurity efforts and answers to the Department of Homeland Security. Homeland Security said in a statement that it has a strong relationship with the NSA and continues to work closely with all of its partners to protect the country's cyber networks. Beckstrom wrote to Homeland Security Secretary Janet Napolitano on Thursday in his resignation letter that the NSA currently dominates most national cyber efforts. "While acknowledging the critical importance of NSA to our intelligence efforts, I believe this is a bad strategy on multiple grounds," he wrote in the letter posted by the Wall Street Journal on its website. National Security Agency officials could not immediately be reached for comment. Beckstrom said in his letter that the cybersecurity group did not receive adequate support to accomplish its role during the previous administration of President George W. Bush, which only provided the center with five weeks of funding in the last year. His resignation will be effective March 13, the letter said. The newspaper said the Obama administration was conducting a 60-day review of the cybersecurity program started by Bush last year to protect government networks.

Further proof that LA has it head in the clouds - A plan to overhaul the city of Los Angeles' computer system is raising concerns about the security of confidential information. The nation's second-largest city is considering dumping its in-house computer network for Google Inc. e-mail and office programs that are accessed over the Internet. But the city police union says it doesn't have enough information to determine if sensitive witness and investigation files will be secure from hackers. Google spokeswoman Aviva Gilbert says security "is built into the DNA of our products."

A plan to overhaul the city of Los Angeles' computer system is raising concerns about the security of confidential information. The nation's second-largest city is considering dumping its in-house computer network for Google Inc. e-mail and office programs that are accessed over the Internet. But the city police union says it doesn't have enough information to determine if sensitive witness and investigation files will be secure from hackers. Google spokeswoman Aviva Gilbert says security "is built into the DNA of our products."

Will there be one major catastrophe, or just smaller disasters? Panelists discuss what security issues we should be watching out for, where the threat might come from, and the difficulties in predicting the unpredictable. Panelists include: Whitfield Diffie, vice president and chief security officer for Sun Microsystems; Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science at MIT; Adi Shamir, professor of computer science at the Weizmann Institute of Science in Israel; and Bruce Schneier, chief security technology officer for BT Counterpane. Moderating the panel is Ari Juels, chief scientist and director of RSA Laboratories.

Incident demonstrates that even agencies that put in security controls are still vulnerable The Federal Aviation Administration was doing such a good job at protecting data in its computer systems that the Office of Management and Budget chose it in January to be one of four agencies to guide other federal agencies in their cybersecurity efforts. Just a month later, FAA officials had to admit that hackers breached one of the agency's servers, stealing 48 files. Two of the files contained information on 45,000 current and former FAA employees, including sensitive information that could potentially make them vulnerable to identity theft. The security breach, although significant and potentially far reaching, is not necessarily a reflection on FAA's security measures. Rather, it demonstrates the problems of securing federal computer systems and difficulty in evading every potential attack. "Every agency is living through the same problems," but most are being less forthcoming about reporting them, said Alan Paller, director of the SANS institute. "FAA should get kudos for rapid action. Slamming them shows a complete lack of understanding about the state of security in federal agencies."

One of the more interesting panel discussions at the IDC Cloud Computing Forum on Feb 18th in San Francisco was about managing the complexities of security, privacy and compliance in the Cloud. The simple answer according to panelists Carolyn Lawson, CIO of California Public Utilities Commission, and Michael Mucha, CISO of Stanford Hospital and Clinics is "it ain't easy!" "Both of us, in government and in health, are on the front-lines," Lawson proclaimed. "Article 1 of the California Constitution guarantees an individual's right to privacy and if I violate that I've violated a public trust. That's a level of responsibility that most computer security people don't have to face. If I violate that trust I can end up in jail or hauled before the legislature," she said. "Of course, these days with the turmoil in the legislature, she joked, "the former may be preferable to the later." Stanford's Mucha said that his security infrastructure was built on a two-tiered approach using identity management and enterprise access control. Mucha said that the movement to computerize heath records nationwide was moving along in fits and starts, as shown by proposed systems likeMicrosoft (NSDQ: MSFT)'s Health Vault and Google (NSDQ: GOOG)'s Personal Health Record. "The key problem is who is going to pay for the computerized of health records. It's not as much of a problem at Stanford as it is at a lot of smaller hospitals, but it's still a huge problem." Mucha said that from his perspective security service providers in the cloud and elsewhere are dealing with a shrinking security parameter or fence, which is progressing from filing cabinets, to devices, to files, and finally to the individual, who under the latest Health Insurance Portability and Accountability Act (HIPAA) privacy rules has certain rights, including rights to access and amend their health information and to obtain a record of when and why their Protected Health Information (PHI) record has bee

Federal regulators on Tuesday met to hear about whether the benefits of cloud computing justify increased regulation, as privacy activists claim, or whether such an approach would do more harm than good. "We need to be smarter about dealing with technology, and cloud computing is posing (a) risk for us," said Hugh Stephenson, deputy director for international consumer protection at the Federal Trade Commission's Office of International Affairs. The FTC convened the two-day meeting in its offices here, which follows a series of similar workshops held in previous years on topics like spam, privacy, and behavioral advertising. The agency may file lawsuits to halt "unfair or deceptive acts or practices," meaning that if cloud computing is not unfair or deceptive, the FTC would likely not have jurisdiction. To secure personal information on the cloud, regulators may have to answer questions such as which entities have jurisdiction over data as it flows across borders, whether governments can access that information as it changes jurisdiction, and whether there is more risk in storing personal information in data centers that belong to a single entity rather than multiple data centers. The current panoply of laws at the state, national, and international level have had insufficient results; FTC Commissioner Pamela Jones Harbour cited a 2008 PricewaterhouseCoopers information security survey (PDF) in which 71 percent of organizations queried said they did not have an accurate inventory of where personal data for employees and customers is stored. With data management practices that are not always clear and are subject to change, companies that offer cloud-computing services are steering consumers into dangerous territory, said Marc Rotenberg, executive director of the Electronic Privacy Information Center. Already, problems of identity theft are skyrocketing, he said, and without more regulation, data management services may experience a collapse analogous to that

A group of federal agencies and private organizations, including the National Security Agency and the Department of Homeland Security, has released a set of guidelines defining the top 20 things organizations should do to prevent cyberattacks. The Consensus Audit Guidelines (CAG) describe the 20 key actions, referred to as security controls, that organizations should take to defend their computer systems. The controls are expected to become baseline best practices for computer security, following further public- and private-sector review. CAG is being led by John Gilligan, formerly the CIO for both the U.S. Air Force and the U.S. Department of Energy, and a member of the Obama transition team dealing with IT in the Department of Defense and various intelligence agencies. "We are in a war, a cyberwar," Gilligan said on a media conference call. "And the federal government is one of many large organizations that are being targeted. Our ability at present to detect and defend against these attacks is really quite weak in many cases." Borrowing an analogy he attributed to an unnamed federal CIO, Gilligan said, "We're bleeding badly and we really need triage and we need to focus on things that will keep this patient alive." The CAG initiative represents part of a larger effort, backed by the Center for Strategic and International Studies (CSIS) in Washington, D.C., to implement recommendations from the CSIS Commission report on Cybersecurity for the 44th Presidency.

This tip is part of Mitigating Web 2.0 threats, a lesson in SearchSecurity.com's Data Protection Security School. Visit the lesson page or our Security School Course Catalog for additional learning resources. Social networking, a term relatively new to the computing vernacular, has already become part of the cultural norm for a great proportion of Internet users. Even more recently, the use of online communities to establish and build connections among those with shared interests has become part of the corporate world as well. As professional social networks such as LinkedIn and Blue Chip Expert continue to grow, and professional groups gain in popularity on once-personal sites like Facebook and MySpace, enterprise security and risk management professionals must face the reality that these sites are emerging conduits for the unauthorized disclosure of confidential corperate information. Add the use of public social networking tools to the list of concerns, and the effectiveness of the traditional corporate security perimeter is further diminished. However, a robust set of policy, process and architecture aids in mitigating the risks of being social. Broadly, social networking is described as software that lets people interact, rendezvous, connect, play or collaborate by use of a computer network. This definition covers the popular social networking sites, including those mentioned above, as well as blogs, wikis, RSS, podcasts, tags, and more recently, search engines. While there are numerous benefits to social network solutions, including reducing costs and increasing collaboration, we'll focus on addressing the risks.

Most Americans believe the world financial crisis has increased their risk of identity theft or related crimes, according to the latest Unisys Security Index. The biannual survey of consumers in nine countries found that more than two-thirds of Americans are "extremely or very concerned" about other people obtaining and using their credit or debit card details -- with 90 percent at least "somewhat concerned." In addition, computer security remains a major concern. More than 40 percent of Americans are extremely or very concerned about security in relation to viruses or unsolicited emails. Three-quarters of Americans believe that the world financial crisis will increase the risk that they will personally experience identity theft or related crimes. More than one-quarter believe that the risk will increase substantially. "Financial security for Americans has moved from third place to front and center, number one," Tim Kelleher, vice president of enterprise security at Unisys, provider of information technology consulting services, told SCMagazineUS.com Monday. "People feel they are much more financially at risk." This has major implications for banks and other financial institutions, as well as internet businesses, he said. "Banks and businesses need to understand that customers are more wary than ever about using services that may compromise their personal data," Kelleher said. "If economic concerns increase these fears, companies need new strategies to strengthen customer confidence through accountability and transparency, which also plays to part of the Obama administration's call to action for government and business." The U.S. Security Index is based on a random telephone survey of 1,004 persons ages 18 and over. The first wave of the study was conducted in August 2007.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

A national security panic spread through the Internet yesterday after a report by The Wall Street Journal suggested "terabytes" of classified data on the F-35 Lightning II had been stolen by hackers. Today the Pentagon and Lockheed Martin responded to the allegations saying they are untrue, and I believe them. Defense Department spokesman Bryan Whitman said, "I'm not aware of any specific concerns." That's a key phrase. Lockheed Martin--the F-35 superjet's primary contractor--also commented "We actually believe The Wall Street Journal was incorrect in its representation of successful cyber attacks on the F-35 program." And the company's CFO Bruce Tanner added "I've not heard of that, and to our knowledge there's never been any classified information breach." While it's easy to argue that these responses are merely a smokescreen to save political face, the language is much more direct than a plain old "no comment." Typically, companies protect themselves in this sort of situation by denying the existing or potential hackers any public information on the success or failure of hack attempts, obscuring the level of secrecy of any stolen data. In the F-35 case it looks like the denials are much firmer, and that suggests the developers of the JSF are confident in their security systems. It's an echo of alleged data leaks via F-35 contractor BAE Systems last year, that were later withdrawn due to lack of evidence that leaks had occurred. Government and defense contractor computer networks face a pretty continuous rate of hack attempts. As a result such companies have even more stringent data security protocols in place than normal organizations. They're still not absolutely impervious to hacking, of course, as no such system ever is. So that's why the most highly classified data--critical to the super-secret offensive and defensive capabilities of hardware like the F-35--is typically stored on computers that have an extremely low-tech "air gap firewall". They're not co

A company that monitors P2P networks says it found details about the president's helicopter, Marine One, on a computer in Tehran. Pittsburgh station WPXI reports. Bob Boback, CEO of Tiversa, said, "We found a file containing entire blueprints and avionics package for Marine One. … What appears to be a defense contractor in Bethesda, MD had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One," Boback said. Retired Gen. Wesley Clark, an adviser to Tiversa, added: We found where this information came from. We know exactly what computer it came from. I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went. It's no accident the information wound up in Iran, the company said. Countries like Iran, Pakistan, Yemen, Qatar and China are "actively searching for information that is disclosed in this fashion because it is a great source of intelligence," Boback said. Rep. Jason Altmire said he will ask Congress to investigate the risk to national security of this sort of exposure. Cnet's Charles Cooper interviewed the Tiversa's Sam Hopkins (Cooper says he's the CEO but the original report said Boback is CEO; the company website doesn't list executives), who said someone at the company was running a Gnutella client - possible a buggy one. Hopkins said it's hardly an unusual occurence - although presumably the usual breaches aren't so closely connected to the President. Everybody uses (P2P). Everybody. We see classified information leaking all the time. When the Iraq war got started, we knew what U.S. troops were doing because G.I.'s who wanted to listen to music would install software on secure computers and it got compromised. … We see information flying out there to Iran, China, Syria, Qatar-you name it. There's so much out there that sometimes we can't keep up with it. Bottom line: P2P is the big