[ISN] Oliver North ridicules Spitzer, calls on IT to hire war vets

http://www.networkworld.com/news/2008/031108-infosec-oliver-north.html

By Ellen Messmer
Network World
03/11/2008

ORLANDO -- At a security conference in Orlando Tuesday, Col. Oliver
North mocked the plight of New York Gov. Eliot Spitzer, caught up in a
prostitution-ring scandal that may end his political career.

North, who first gained the national spotlight because of his
involvement in the Reagan Administration-era Iran-Contra affair and who
is now a news commentator for Fox News, told security managers attending
the Infosec World Conference that Spitzer "apparently forgot everything
he knows about information security." As has been widely reported,
Spitzer is under federal investigation linking him to a high-priced
prostitute service called Emperors Club VIP through wiretaps, text
messages, e-mail and wired money transfers.

In his keynote address, North said Spitzer -- a zealous investigator as
attorney general of New York before becoming governor -- is being
investigated by federal authorities using the same technologies he has
used to crack crime cases. North poked fun at Spitzer's alleged link to
prostitution, saying "it helps to have an electronic warning on your
belt before you take off your pants."

North also lambasted newspaper and television media that he thinks
portray an inaccurate, negative picture of the War on Terrorism,
particularly in Iraq and Afghanistan.

Chiding in particular Newsweek and the Washington Post, which he called
"Washington Compost," North said, "I've made a dozen trips to the war.
The information being given to the American people is not fairly
presented." He said he knew of instances where networks in America are
buying videotape from Arab news media, such as Al-Jazeera, a practice he
condemned.

The American troops today are smart, capable and "operate and maintain
the most sophisticated weapons ever created. That information hasn't
been communicated to the American people," North told attendees at the
conference, which has attracted 1,800 people.

Although the American military today displays "competence, courage,
integrity, loyalty, tenacity and situational awareness," North said,
the "unemployment rate for veterans of this war is nearly 20%. This is
inconceivable."

He noted the national unemployment rate in general hovers around 5%.
North encouraged the information security managers attending Infosec to
hire the nation's war veterans. "This is 225,000 young Americans today
that served in the military." "They're coming out, looking for jobs," he
said. "For the good of your business and security of this nation, put
out the help-wanted signs for veterans."

When asked by an audience member whether he supported the idea voiced by
some presidential candidates about a quick withdrawal from Iraq, North
replied, "It would be an unmitigated disaster" for several reasons, one
being that it would result in the "collapse of what has become one of
our best allies in the War on Terror."

He also said the United States needs to find alternatives to petroleum
to meet its energy needs because oil money is a big factor in funding
"the jihad against America."

All contents copyright 1995-2008 Network World, Inc.


___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

[ISN] U.Va. student claims to have cracked smartcard encryption

http://www.inrich.com/cva/ric/news.apx.-content-articles-RTD-2008-03-09-0127.html

By Brian McNeill
MEDIA GENERAL NEWS SERVICE
March 09, 2008

A University of Virginia graduate student and two fellow hackers say
they have cracked the encryption code used to protect millions of
wireless "smartcards" in use across the globe.

With readily available equipment that cost under $1,000, Karsten Nohl,
26, and his two Germany-based partners say they dismantled a tiny chip
found inside many smartcards and mapped out its secret security
algorithm.

With the cryptographic formula in hand, the hackers were then able to
run it through a computer program that tried out every possible key. It
broke the encryption after a few hours. If they were to try again, Nohl
said, it would take a matter of minutes.

"I don't want to help attackers, but I want to inform people about the
vulnerabilities of these cards," said Nohl, a doctoral candidate in
computer engineering at U.Va. who is originally from Germany.

Wireless chips, which employ technology known as radio-frequency
identification, or RFID, are found inside most modern credit cards, car
keys, security keycards and subway passes. The chips send an encoded
numeric signal to the reading device, which allows the user to wave
their card to gain access to secure buildings, remotely unlock a car,
pay for public transportation and much more.

The popular chip that the trio "dissected" is called the MiFare Classic
RFID chip and is manufactured by NXP Semiconductors, a Netherlands-based
company.

Nohl and his colleagues found that it was fairly easy to crack the RFID
chip's code.

The three computer whizzes announced their findings at the Chaos
Communications Congress in Berlin, an annual worldwide convention of
hackers. They are not releasing the details of how they beat the chip's
security code. But, Nohl added, it is possible that criminals might also
have done so.

Manuel Albers, director of regional marketing for North and South
America for NXP, disputed that Nohl and his compatriots breached the
chip's security, as they obtained only a portion of the cryptographic
algorithm. In fact, he said, the company's chips have multiple layers of
security and are not in danger of being totally compromised.

The company has been in contact with Nohl and his team and is reviewing
their findings, he said.

"We constantly improve and review our products to make sure it's up to
snuff with the latest security threats," he said.

Moreover, Albers said, NXP manufactures chips with a range of security
levels from zero to substantial protection. The chip examined by Nohl
was a relatively simple version with little security, he said.

In a statement, NXP added that the MiFare Classic "is not used in
banking, payment, nor automotive security applications anywhere in the
world. The MiFare Classic is predominately used in automatic fare
collection applications and access control applications."

Projects such as hacking the security code of an RFID chip are the "evil
twin" of Nohl's regular research, he said, which focuses on the
development of cryptographic algorithms for computer security. Nohl's
faculty advisor, David Evans, an associate professor in U.Va.'s School
of Engineering and Applied Science, said in a statement that exposing
security flaws through hacking helps ensure that future products are
more secure.

Hacking, Nohl said, refers to the practice of investigating the internal
processes of computing technology. It is often mistaken for "cracking,"
he said, which means to break into computer processes for fun, vandalism
or profit.

Nohl said that a more secure option for RFID security codes would be to
rely on publicly known and time-tested security algorithms. NXP's secret
code, he said, is an example of "security by obscurity," or the practice
of keeping the code private and hoping hackers do not figure it out.
Private algorithms, Nohl said, are more likely to have flaws and
vulnerabilities.

"We found significant vulnerabilities in their algorithm," he said. "By
keeping it secret, they hurt themselves in the end." Brian McNeill
writes for The Daily Progress in Charlottesville.


___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

[ISN] US, UK and friends have cyber-war party

http://www.theregister.co.uk/2008/03/10/cyber_storm_ii_exercises/

By Dan Goodin in San Francisco
The Register
10th March 2008

Business and government leaders from the US, UK and three other
countries will spend much of this week simulating and defending against
a large-scale cyber attack in an exercise designed to strengthen
coordinated responses to what many perceive as a growing threat.

Participants of Cyber Storm II, which also include about 40
private-sector companies, will enact a scenario in which "persistent,
fictitious adversaries" launch an extended attack using websites, email,
phones, faxes and other communications systems. Other countries involved
are Australia, New Zealand and Canada.

Cyber Storm II comes two weeks after the Pentagon released an assessment
of China's military might, warning the People's Liberation Army was
intent on expanding its capabilities for cyber warfare. It also comes
amid intelligence reports that utilities in several countries have
sustained cyber attacks that caused power outages.

This week's exercises are a follow up to Cyber Storm I, which was
completed two years ago. They are mandated by an act of Congress that
requires the public and private sectors to strengthen cyber
preparedness.

Companies including Cisco, Juniper Networks, Dow Chemical, Air Products
& Chemical and Wachovia are participating. Nine US states and at least
18 federal agencies are also involved. They represent the chemical,
information technology, communications and transportation industries,
which are considered ctritical parts of the infrastructure. The US
Department of Homeland Security is hosting the event - no doubt with
danishes and plenty of Starbucks coffee.

The exercises are designed to sharpen and assess participants' ability
to respond to a multi-day, coordinated attack and better understand the
"cascading effects" such attacks can have.

Results of Cyber Storm I pointed the the need for better coordination
between various agencies and for a common framework for communicating
among different parties.

While it's not necessarily a bad idea to simulate imagined threats,
there's no indication that participants will delve into actual practices
that are known to put national security at risk. For example, last week
came word that a private website operator regularly received official
Air Force communications containing sensitive information because his
email address was similar to those of military leaders. Additionally, a
Pentagon official has now confirmed that an attack last year on a
network belonging to the Department of Defense involved a Windows
vulnerability and allowed the intruders to steal "an amazing amount" of
data.

As these episodes make clear, sometimes we can be our own worst enemy,
no simulation necessary. ®



___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

[ISN] Chinese 'hacker' denies CNN report

http://www.china.org.cn/china/national/2008-03/11/content_12264393.htm

Shanghai Daily
March 11, 2008

The founder of a domestic hacker website has criticized a CNN report
that claimed he was employed by the Chinese government to attack a
United States government website, a Beijing newspaper reported today.

CNN claimed the central government has employed and paid several young
operators of a website to "attack the world's most sensitive sites,
including the Pentagon" in a report named "Chinese hackers: No site is
safe" on March 7, Global Times said.

The CNN report said the interviewees, identified as Xiao Chen, admitted
"they have hacked into the Pentagon and downloaded information," and was
"paid secretly by the Chinese government" after doing so.

Xiao, the co-founder of Zhejiang-based website Hacker4.com for computer
fans to exchange information, said he never said this to the journalist,
said the Global Times, which is affiliated to People's Daily.

Shanghai Daily checked Hacker4.com and found most of its information
concentrates on providing tips on how to prevent hacker attacks. It
publicizes the loopholes of operating systems and teaches users how to
recover from cyber viruses.

"The whole CNN report was groundless," Xiao Chen told the Global Times.
They apparently wrote that for certain purposes, Xiao added. He spoke to
Global Times to "clarify the case" after seeing the CNN report.

A journalsit from CNN sent more than 20 e-mails to set up an interview
with Xiao, saying he just wanted to introduce his website, said Xiao in
the report.

But the journalist kept asking whether he had accessed the Pentagon's
website and if the Chinese government paid them.

He denied answering any questions like that, the Global Times report
said.

"I have never had access to any overseas website, let alone attacked
one," Xiao told the newspaper.

The US Department of Defense claimed Chinese hackers always attacked its
government website in the Chinese Military Report on March 4. However,
US-based information security system company Symantec reported that most
hackers were in the United States and China is one of the victim
countries, the Global Times report said.


___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

[ISN] U.S. unprepared for ongoing cyberwar, say top military and intelligence officials

http://www.govexec.com/story_page.cfm?articleid=39466

By Bob Brewin
Govexec.com
March 6, 2008

The United States is in the midst of a cyberwar and is not prepared to
deal with it, top Defense Department and intelligence officials
acknowledged this week.

"Cyberwarfare is already here.... It's one of our major challenges,"
said Defense Deputy Secretary Gordon England on Monday at the annual
National Community Service and Legislative Conference of the Veterans of
Foreign Wars.

"I think cyberattacks are probably analogous to the first time, way back
when people had bows and arrows and spears," he said. "And somebody
showed up with gunpowder and everybody said, 'Wow. What was that?'"

England made his comments the same day that the Pentagon released a
report saying that the 2007 cyberattacks against its networks and those
operated by other governments around the world "appear" to come from
China.

During a Senate Armed Services Committee hearing last week, Sen. John
Thune, D-S.D., asked National Intelligence Director Michael McConnell if
the United States was prepared to deal with threats against military and
civil networks and information systems. "We're not prepared to deal with
it," said McConnell, identifying both China and Russia as adversaries
who are attempting to penetrate U.S. information systems.

Army Lt. Gen. Michael Maples, director of the Defense Intelligence
Agency, agreed with McConnell and told the panel that a key threat
facing this country is the "sophisticated ability of select nations and
nonstate groups to exploit and perhaps target for attack our computer
networks."

Security experts had warned earlier about the cyberthreats that England
and McConnell publicly acknowledged this week. In November 2007, Andrew
Palowitch, a former CIA official who is now an industry consultant to
the commander of U.S. Strategic Command, declared that the United States
was "in the midst of a cyberwar" and said there were 37,000 reported
penetrations of government and private systems in fiscal 2007.

McConnell also told the Senate Armed Services Committee that the ability
of an enemy to enter information into systems and destroy data in
financial, power distribution and transportation networks is the other
threat that "concerns us a great deal."

According to McConnell, U.S. military systems are better protected than
those operated by civilian agencies or in the private sector. "So the
question is, how do we take some of the things that we've developed for
the military side, [and] scale them across the federal government? And
the key question will be, how do we interact with the private sector?"

The military's capability against cyberattacks and network penetration
reflects the substantial investment the Defense Information Systems
Agency has made in information systems security.

DISA has spent $493.3 million from its operations and maintenance
account on information systems security and assurance in 2007 and 2008,
including Defensewide secure network access card systems. The agency has
asked for $316.6 million in its fiscal 2009 budget. In addition, DISA
spent $69.9 million in procurement funds over the past two years, and
has asked for an information systems security procurement budget of
$45.8 million in 2009.

These funds include support for a Computer Emergency Readiness Team
Coordination Center, and computer systems that include firewalls for
both classified and unclassified military networks, demilitarized zones
to isolate Defense systems from the Internet and "honeypot" systems to
lure attackers to fake networks away from real ones.

The Bush administration plans a $6 billion Comprehensive National
Cybersecurity Initiative which McConnell testified will beef up network
and information systems defenses against cyberattacks. DISA requested
$36 million in its fiscal 2009 budget for the initiative.

The White House has released little information about this cybersecurity
master plan, but President Bush revealed some details in a Nov. 6, 2007,
letter to House Speaker Nancy Pelosi, D-Calif., for amendments to his
fiscal 2008 budgets related to the Homeland Security and Justice
Departments "which will enhance the security of the government's
civilian cyber networks and will further address emerging threats."

This request included a $115 million increase in Homeland Security's
budget for infrastructure protection and information security, from
$538.2 million to $653.2 million, to enhance cybersecurity
governmentwide. Bush said the extra money will fund accelerated network
monitoring for civil agency networks and increased analytical operations
by computer readiness teams.

Bush also asked for an increase of $39 million in the FBI's 2008 budget
to support investigation of incursions into government computer
networks.


___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

[ISN] How great IT security leaders succeed

http://www.infoworld.com/article/08/03/10/11NF-how-IT-security-leaders-succeed_1.html

By Matt Hines
InfoWorld.com
March 10, 2008

As the threat of attack, both external and internal, continues to take
root and as data-handling regulations continue to proliferate, the role
of a chief information security officer appears to be growing more
complex by the day. Many CISOs are doing an admirable job of stemming
the tide of data loss and keeping their heads above water around
compliance. But some IT security leaders are doing it better than the
rest, according to a recent Forrester Research report, which has
identified several characteristics that make these top CISOs more
successful than their peers.

Beyond predictable recommendations such as having a close relationship
with their employer's business leaders and making security a pervasive
issue across their entire organizations, several unexpected practices
arose during Forrester's discussions with users, vendors, and
regulators.


A moral compass is the key to success

The top finding was that truly effective CISOs must have a strong moral
compass that allows them to lead as much by example as they command
respect via mandate. "CISOs are expected to have a certain level of
technical skill, but the character of the person really drives a lot of
the success that they might have in this position," said Khalid Kark, a
Forrester analyst and the report's chief author.

"Having the integrity, the visibility, and letting people know that you
as an individual will always do the right thing is of great importance
when you are being trusted to protect a lot of sensitive information."
Other C-level executives may be able to get away with taking sides in
corporate standoffs or going behind people's backs to accomplish their
goals, but CISOs who expect to garner the level of respect needed to
carry out their jobs most effectively must emit a persona of undeniable
trustworthiness.

"Before doing the research, I wouldn't have guessed how important this
aspect might have been, even having managed security operations myself,"
said Kark. "But it became clear that this is a characteristic that many
people really value in a CISO. One of the issues that these executives
face is that it takes time to build trust, and if you have that [moral]
compass where you instinctively know what [is right] to do, you can
achieve that [trust] in a shorter timeframe."

Also important to gaining that trust and executive buy-in is an ability
to work with "the corporate psyche," as well as balancing the CISO
position's political and policing roles.


Flexibility, patience, business acumen, and mentoring are other keys

Other key attributes of the most successful CISOs include having the
flexibility to look for creative solutions to problems and move quickly
from one project to the next, remaining patient whenever possible, and
running security as if it were a business unit. That latter talent
requires the ability to gather important security and compliance data,
plus knowing how to use it to defend related budget items and project
work.

One of the most important assets for any CISO, Kark said, is to behave
as a "kingmaker," someone who helps other people improve their own
skills by acting as a mentor, rather than as a draconian ruler who
merely gives commands and expects them to be followed. "CISOs need to
help other people succeed and take over different responsibilities. This
should be part of their overall security strategy," he said.

A related talent is not playing the blame game. "CISOs also have to be
willing to take on a lot of the blame when things go wrong, even if it
was someone else's fault. You don't want to take the blame for
everything, but if you can stand up for someone else's mistake and use
that to work on issues that improve the overall position of the
organization, that's a great thing to do."


Value of deep technical skills is questioned

One aspect that the Forrester report did not cite as critical to a
CISO's success was having a high level of technical skills. "Some people
said yes, and others said no. This is an old debate," Kark said. "I
think the key is that you absolutely need to have the ability to
comprehend technical data, but you don't necessarily need the hands-on
skills. Many successful CISOs don't focus on operational issues like
managing firewalls, but they do need to be aligned with defining
security policies and crafting the risk posture of their organization."

In fact, many CISOs who do have technical skills contend that the
knowledge often leads to them getting tied down in too many operational
decisions and projects, he said.

Regardless of a CISO's technical abilities, Kark said that it will
become increasingly important for security leaders to move away from a
bottom-up approach to security, where the focus is what tools to use, to
a top-down approach driven by risk management and governance concepts.
"These executives need to move from operational expertise into more of a
role of a strategic thinker, from a policeman to a trusted adviser," he
said. "They need to see themselves more as a consultant, as opposed to
an auditor, and transition from a specialist in IT security to a
generalist in overall business risk."


___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

Take Precautions When Getting Help With Debt

Last July, I wrote a column that introduced my DOLP method for paying down debt. (DOLP stands for Dead On Last Payment.)

I receive success stories on a regular basis from readers who have turned their lives around by using the DOLP method. The road to success isn't an easy one. It takes discipline and sacrifice, but with the right tools, coaching, mindset, and commitment to changing your behavior, it can be done.

Buried in Debt

But what if your mountain of debt is so high that it's literally unmanageable? Last week, the New York Times reported that with our slowing economy, a growing number of consumers are finding that they can't even pay the minimum on their credit card bills.

According to the article, the Federal Reserve reported that revolving debt -- an estimated 95 percent from credit cards -- reached a record high of almost $944 billion in December 2007. The amount of debt that's delinquent (where minimum payments are late but the accounts are still open) also appears to be on the rise.

The Federal Reserve also found that 4.34 percent of the credit card portfolios of the 100 largest banks that issue credit cards were delinquent in the third quarter of last year. Charge-offs (accounts closed for non-payment) also grew in that period, and banks expect charge-offs to keep rising in 2008.

Getting Professional Help

If you have massive amounts of debt, you may need professional help. Consider this: Serious debt problems that are out of control will cripple your spirit, break your courage, threaten your marriage, and even ruin your health. For those overwhelmed by credit card debt, there are credit counseling agencies you can turn to for help. Of course, there are scams out there, too, so "buyer beware" applies at all times.

Legitimate credit counseling agencies basically do two things. First, they help you sort out your current problems by negotiating with your creditors to get you lower interest rates and more bearable payment plans. Second, they try to prevent future problems by teaching you financial management skills.

Depending on your situation, a good credit counseling agency should be able to offer you everything from simple advice about handling your money to (worst-case scenario) helping you decide if it's in your best interest to talk to a bankruptcy lawyer. One service virtually all of them offer is something called a "debt management plan," or DMP.

How DMPs Work

DMPs can be lifesavers when your situation is dire -- for instance, if you're completely unable to make your minimum payments or are unable to renegotiate your interest rates. Under a DMP, the agency works out a payment plan with all creditors, often getting late fees waived and interest rates lowered in the process. Once the DMP has been set up, you make one consolidated monthly payment to the agency, which then parcels out the money to all your creditors.

DMPs can be great for the debt-strapped, but they must be used appropriately and run properly. Unfortunately, the new breed of rip-off artist that's infiltrated the credit counseling industry over the last decade rarely does either. To the scammers, DMPs are just another way to separate unwary consumers from their hard-earned money.

Legitimate credit counseling agencies cover their expenses by charging clients small fees to set up and administer DMPs. These fees shouldn't run much more than $50 up front and $25 a month thereafter. Agencies also receive what are called "fair share" payments from your creditors, who pay them a percentage of the money the agency collects from you and passes along to them -- the idea being that if the agency hadn't set up the DMP for you, your creditor might not be getting anything.

Vetting Credit Counseling Agencies

Unfortunately, because DMPs generate revenue, unscrupulous credit counseling agencies try to pressure everyone who comes through their doors into enrolling in one whether it makes sense or not. They also charge unconscionably high fees, pressure clients into making "voluntary" donations, and even deduct money from consumers' payments without letting them know.

Be suspicious of "experts" who claim they can solve all your credit problems with some magical quick fix. Your problems won't be solved overnight. In addition, the National Consumer Law Center and the Consumer Federation of America (CFA) suggest that you look for the following red flags when you're considering signing on with a credit counseling agency:

• High fees: If an agency charges more than $50 up front and $25 a month to set up and maintain a DMP, they're probably ripping you off. An equally bad sign is if they're vague or reluctant to talk about specific fees.

• The hard sell: A counselor who answers your phone call shouldn't be reading from a script. If he or she aggressively pushes the idea of debt "savings" or the possibility of a future consolidation loan, simply hang up.

• Commission-paid employees: The best credit counseling agencies are nonprofit organizations whose only motivation is what's best for you. Employees who earn commissions for signing up clients are likely to care more about their own paychecks than your debt problems.

• The 20-minute test: Whether you do it in person or over the phone, effective credit counseling generally takes a fair amount of time -- often as much as an hour and a half. An agency that offers you a DMP after a consultation of just 20 minutes or less can't possibly know enough about you and your situation to be making an informed recommendation.

• Aggressive ads: Don't be fooled by hard-sell pitches on TV or the Internet that promise to solve all your debt problems. Before signing up with a credit counseling agency, get referrals from friends or family. Also check with the Better Business Bureau to see if the agency has had any complaints lodged against it and, more important, how those complaints were handled.

Trustworthy Referrals

Consumers looking for a counselor to help them solve their debt problems face a real challenge. As the CFA points out, it's virtually impossible to tell the honest, caring agencies from the rip-off artists simply by looking at an ad or making a phone call. So how do you find a good one?

By far the best way is through a referral. As I noted above, if you have any friends or relatives who've used a credit counseling agency, ask them how they fared. Nothing beats personal experience and a recommendation from a satisfied client. In addition, the Federal Trade Commission web site features some great information, including specific questions to ask when choosing a credit counseling organization.

Probably the most highly regarded referral service in the country is Consumer Credit Counseling Services. The CCCS is an offshoot of the National Foundation for Credit Counseling (NFCC), the nation's oldest national nonprofit organization for consumer counseling and education on budgeting, credit, and debt resolution. The NFCC has 113 nonprofit, community-based member agencies and more than 900 local offices throughout the country.

According to Gail Cunningham, senior director of public relations for the NFCC, over 2.2 million consumers were helped last year by member agencies across the country. You can find an affiliate near you by calling (800) 388-2227 toll-free, or by visiting their web site.

Protect Yourself

Though the NFCC is extremely reliable, that doesn't mean you shouldn't do some research of your own. Ms. Cunningham emphasizes the importance of shopping around for the right credit counselor for you: "It's up to the consumers to do their due diligence when choosing whom to work with."

For a complete listing of questions you should ask prospective agencies, see the NFCC's credit counseling page.

Finally, if you've been victimized by a fraudulent or unethical credit counseling agency, file a complaint with the Federal Trade Commission by calling (877) 382-4357 toll-free, or by going to the FTC's web site. Then contact your local state Attorney General's office.

Middle-class Millionaires Are Nervous About Their Futures

Housing has imploded, the market's a yo-yo, recession's in the air. And the "working rich" are learning to do without. So says Russ Alan Prince, president of a private wealth-research firm and author of the book The Middle-Class Millionaire. What does that mean?

"They have certain middle-class values," says Prince. "They will continue giving to charity and to send their kids to get the best education, because those are important components to them. They will still buy the high-end luxury car, but not the sports car."

Prince's latest research shows that 78% of the "working rich," or "middle-class millionaires," defined having a net worth of between $1 million and $10 million and still working for a living, consider themselves "very or extremely concerned about their ability to maintain their current financial position." He also estimates that 21% of them have already begun pulling back on spending.

Unity Marketing's Luxury Consumption Index tumbled 27% in January to its lowest level since the firm started the survey in 2004. During the just-ended fourth quarter of 2007, 24% of luxury consumers said they felt their economic situations were worse than they were a year ago, double the 12% who said so in the third quarter. Sure enough, spending on luxury goods dropped 20% during the second half of 2007 from the first half. The company polled 1,281 mass affluent consumers whose income averaged $155,000 per year.

"Luxury consumers have never expressed such a dismal view of their financial status," says Pam Danziger, Unity Marketing's president.

Compounding the problem, says Prince: Middle-class millionaires network like crazy, influencing each other's buying behavior. Two-thirds say they get asked for buying advice from others in their peer group (compared to 15% of those in the middle class), most commonly for cars, hotels, medical care and investments. Almost 80% say their buying decisions are much more influenced by other middle-class millionaires or their own past experiences than by Consumer Reports or the Internet.

But few are trading down to Target. They're just buying fewer expensive items than they used to. Middle-class millionaires won't stop shopping anytime soon. They'll still be grabbing the tech gadgets they love so much, like BlackBerrys, iPhones, GPS systems, computer accessories and software. Why? Those products, in addition to exuding status, also serve practical needs. They will also go ahead and get nice things for the home, like that big-screen television set or top-grade appliance. And they won't pinch pennies on education and health care, things they consider to be of prime importance.

Golf lessons and personal trainers are still a go, too, since they cost relatively little compared with other luxuries. So are family vacations to Europe. Government figures show a 2.5% rise in travel to the Continent from the U.S. through November 2007 from a year ago, better than the 2006 growth rate. But that may not last forever. "If the dollar keeps falling, they're not going to Europe," Prince says.

Don't expect the luxury-car market to come to a halt either. Porsche Cars North America, for example, said in January that it rode a 19% sales increase of its Cayenne SUV to a record 34,693 vehicle sales in 2007. Take away the SUV line, and Porsche's North American sales dropped 6.4%. The luxury-practicality combo is hot; pure hot rodding isn't.

The second-home market isn't falling apart either--at least not yet. Prices have dipped in several tony markets, according to the Office of Federal Housing Enterprise Oversight. During the third quarter of 2007, prices in Barnstable, Mass., on Cape Cod, were down 3% from a year earlier. In Reno, Nev., near Lake Tahoe, they dropped 6%.

One group that is getting hit: luxury retailers. December sales at Nordstrom were down 3.8% from a year earlier. In January, they dropped 6.6%. Saks managed just a 0.8% gain after a robust November. Sales growth slowed to 2.9% at Neiman Marcus, half the pace of November, while Tiffany needed foreign shoppers taking advantage of a weak dollar to eek out a 3% gain. Tiffany also trimmed its 2008 outlook, causing its stock to tank.

Overall, sales in the luxury segment dropped 4.1% in December from 2006, led by jewelry, according to industry researcher SpendingPulse. It's not that the rich have stopped spending money--they've just stopped spending so much of it on themselves

Source : www.yahoo.com

The Ultimate Adobe After Effects Plug in Collection FREE Rapidshare Links for Download

The Ultimate Adobe After Effects Plug-in Collection

This is the best thing that could happen to all you Adobe After Effects users. Download 100 of the best plug-ins in very easy formats: files are uploaded without being split into smaller files, one download link for each plug-in, and no passwords!

Plug-ins uploaded are the following:

2D3_SteadyMove_Pro_1.0.

Adobe_Bonus_Plugin_Pack_for_AE_6.0.

Advantedge.
AIST_ProFX_1.0.

Atmorex_Fluids_1.1.

Automasker_v1.5.1.2.

Automatic_Composition_Import_DV_v1.0

Automatic_Duck_Automatic_Composition_Import_DV_1.0.

BigFX_FilmFX_2.35i
Boris_Final_Effects.

Boris_FX_Title_Toolkit_1.0.

Buena_Software_Au_Naturel_1.1.1.

Buena_Software_Depth_Cue_1.1.

Buena_Software_Effect_Essentials_1.6.1

Buena_Swatch_Buckler_1.0.1.
Conoa_Superpak_1.9.

Cycore_Cult_FX_v1.5.

Cycore_Effects_1.0.1.

Cycore_FX_HD_1.0

DigiEffects_Aurorix_2.9.

DigiEffects_Berserk_1.9.
DigiEffects_CineLook_2.0

DigiEffects_CineLook_Broadcast_1.7.

Digieffects_Cinelook_Filmres_v1.1.

DigiEffects_CineMotion_1.10.

DigiEffects_Delirium_1.7.

DigiEffects_Fantazm.
Digimation_Fractal_Flow_1.1.

Digital_Anarchy_3d_Assistants.

Digital_Anarchy_Anarchy_Toolbox.

Digital_Anarchy_Aurora_Sky_1.01.

Digital_Anarchy_Data_Animator_1.0.

Digital_Anarchy_Elements_of_Anarchy_1.2.
Digital_Anarchy_Geomancy_1.2.1.

Digital_Anarchy_Gradient_1.1.

Digital_Anarchy_Psunami_Water_1.0.

Digital_Anarchy_Text_Anarchy_2.1.3.

Digital_Element_Aurora_Water_1.1.

Digital_Film_Tools_55mm_6.0.
Digital_Film_Tools_Composite_Suite_3.0.

Digital_Film_Tools_Digital_Film_Lab_2.0.

Digital_Film_Tools_ZMatte_2.0.

ElectricFX_Pyro_v1.0×24.

FAN_BikiniDots_1.0.

FAN_Grader_1.5.
FAN_Supressor_1.7.

Film_Magic_Pro.

Fnordware_PowerPicker_1.01.

Forge_FreeForm__2.0.

Forge_Freeform_1.0.rar

Frischluft_Flair_1.01.
Frischluft_Lenscare_1.21.

Frischluft_Lensfeed_1.01.

GenArts_Sapphire_1.04.

Gridiron_Nucleo_1.0.3.

Knoll_Custom_Flares

Knoll_Lens_Flare_Pro_1.0
Light_Factory_2.0.

Magic_Bullet_Suite_2.0.

Mattenee.

Metacreations_Final_Effects

ObviousFX_MilkyWay_1.1.3

Panopticum_Animatext_2.0.
Panopticum_Animatext_3D

Panopticum_AreaFX_1.0.

Panopticum_Array_1.6.

Panopticum_Curtains_1.02

Panopticum_Custom_Speed.

Panopticum_Engraver_1.2.
Panopticum_Figure_1.0

Panopticum_Fire_3.0.

Panopticum_Grid_1.1

Panopticum_Grid_1.1

Panopticum_IcePattern_1.0

Panopticum_Lens_Pro_3.
Panopticum_New_Year_Toy_1.0

Panopticum_Plugin_Galaxy_1.5

Panopticum_Rich_Typing_1.31.

Panopticum_Rulers_1.0

Panopticum_Tools_1.1.

Panopticum_Water_1.0.
Pete_Warden_Plug-Ins

Red_Giant_Software_Commotion_RotoImport_1.0

Red_Giant_Software_Composite_Wizard_1.2

Red_Giant_Software_Film_Fix_1.0

Red_Giant_Software_Image_Lounge_1.2.

Red_Giant_Software_Key_Correct_Pro_1.0.
ReelSmart_Fields_Kit_v1.0.3

ReelSmart_Motion_Blur_Pro_1.82

ReelSmart_Twixtor_Pro_v2.0.

2D3_SteadyMove_Pro_1.0.

Adobe_Bonus_Plugin_Pack_for_AE_6.0.

Advantedge.
AIST_ProFX_1.0.

Atmorex_Fluids_1.1.

Automasker_v1.5.1.2.

Automatic_Composition_Import_DV_v1.0

Automatic_Duck_Automatic_Composition_Import_DV_1.0.

BigFX_FilmFX_2.35i
Boris_Final_Effects.

Boris_FX_Title_Toolkit_1.0.

Buena_Software_Au_Naturel_1.1.1.

Buena_Software_Depth_Cue_1.1.

Buena_Software_Effect_Essentials_1.6.1

Buena_Swatch_Buckler_1.0.1.
Conoa_Superpak_1.9.

Cycore_Cult_FX_v1.5.

Cycore_Effects_1.0.1.

Cycore_FX_HD_1.0

DigiEffects_Aurorix_2.9.

DigiEffects_Berserk_1.9.
DigiEffects_CineLook_2.0

DigiEffects_CineLook_Broadcast_1.7.

Digieffects_Cinelook_Filmres_v1.1.

DigiEffects_CineMotion_1.10.

DigiEffects_Delirium_1.7.

DigiEffects_Fantazm.
Digimation_Fractal_Flow_1.1.

Digital_Anarchy_3d_Assistants.

Digital_Anarchy_Anarchy_Toolbox.

Digital_Anarchy_Aurora_Sky_1.01.

Digital_Anarchy_Data_Animator_1.0.

Digital_Anarchy_Elements_of_Anarchy_1.2.
Digital_Anarchy_Geomancy_1.2.1.

Digital_Anarchy_Gradient_1.1.

Digital_Anarchy_Psunami_Water_1.0.

Digital_Anarchy_Text_Anarchy_2.1.3.

Digital_Element_Aurora_Water_1.1.

Digital_Film_Tools_55mm_6.0.
Digital_Film_Tools_Composite_Suite_3.0.

Digital_Film_Tools_Digital_Film_Lab_2.0.

Digital_Film_Tools_ZMatte_2.0.

ElectricFX_Pyro_v1.0×24.

FAN_BikiniDots_1.0.

FAN_Grader_1.5.
FAN_Supressor_1.7.

Film_Magic_Pro.

Fnordware_PowerPicker_1.01.

Forge_FreeForm__2.0.

Forge_Freeform_1.0.rar

Frischluft_Flair_1.01.
Frischluft_Lenscare_1.21.

Frischluft_Lensfeed_1.01.

GenArts_Sapphire_1.04.

Gridiron_Nucleo_1.0.3.

Knoll_Custom_Flares

Knoll_Lens_Flare_Pro_1.0
Light_Factory_2.0.

Magic_Bullet_Suite_2.0.

Mattenee.

Metacreations_Final_Effects

ObviousFX_MilkyWay_1.1.3

Panopticum_Animatext_2.0.
Panopticum_Animatext_3D

Panopticum_AreaFX_1.0.

Panopticum_Array_1.6.

Panopticum_Curtains_1.02

Panopticum_Custom_Speed.

Panopticum_Engraver_1.2.
Panopticum_Figure_1.0

Panopticum_Fire_3.0.

Panopticum_Grid_1.1

Panopticum_Grid_1.1

Panopticum_IcePattern_1.0

Panopticum_Lens_Pro_3.
Panopticum_New_Year_Toy_1.0

Panopticum_Plugin_Galaxy_1.5

Panopticum_Rich_Typing_1.31.

Panopticum_Rulers_1.0

Panopticum_Tools_1.1.

Panopticum_Water_1.0.
Pete_Warden_Plug-Ins

Red_Giant_Software_Commotion_RotoImport_1.0

Red_Giant_Software_Composite_Wizard_1.2

Red_Giant_Software_Film_Fix_1.0

Red_Giant_Software_Image_Lounge_1.2.

Red_Giant_Software_Key_Correct_Pro_1.0.
ReelSmart_Fields_Kit_v1.0.3

ReelSmart_Motion_Blur_Pro_1.82

ReelSmart_Twixtor_Pro_v2.0.

Sapphire_Effects_v1.0

Trapcode_Echospace_1.0.1

The_Foundry_Keylight_1.0_v.4
The_Foundry_Furnace_1.0_v.2

Tinderbox 1

Tinderbox 2

Tinderbox 3

Tinderbox 4

Walker_Effects_v2.1_Pro
ViviClip_Video_Filters_3.01

Zbig_3.0.

Download link:

http://rapidshare.com/users/B5SIYD
[/CODE]

Windows Home Server: Re Upped FREE Rapidshare Links for Download

Book Description
* Windows Home Server (WHS) simplifies the process of backing up PCs, and this complete reference brings the power of WHS to everyday PCs users
* Windows and networking expert Rick Hallihan shows readers how to develop a strategy for organizing a digital lifestyle, including their documents, photos, movies, and music
* Walks readers through the process of selecting a pre-built hardware solution and setting up the WHS software package
* Provides step-by-step instructions for creating user accounts, installing the connector software, configuring backups, and making use of WHS’s recovery features
* Covers setting up and using the remote access features as well as how third party applications (backup, home automation, and integration with security systems) can enhance and extend the abilities of WHS

From the Back Cover

Secure and share your digital f iles at home.

Access them from virtually anywhere.

Photos. Tax records. Personal correspondence. Music and movies. Your home network contains much of what’s vital to your life in today’s digital world. You need to secure and back up those files. You need to be able to access them from anywhere

Out of Nowhere: A History of the Military Sniper FREE Rapidshare Links for Download

Mark A Keefe IV, Editor-In-Chief, American Rifleman
This is the best book of its type to be published so far. –This text refers to an out of print or unavailable edition of this title.

Review

‘Accurate and informative, a must-read to understand the evolution of the modern sniper.’
Carey Fabian, Master Sergeant, Anti-Terrorism Training Branch, USMC

‘This is the best book of its type to be published so far… The outstanding chapters on World War I and World War II are remarkably detailed.’ American Rifleman

See all Editorial Reviews
Product Details

* Paperback: 352 pages
* Publisher: Osprey Publishing (October 31, 2006)
* Language: English
* ISBN-10: 1846031400
* ISBN-13: 978-1846031403
http://rapidshare.com/files/98132269/Out_of_Nowhere.pdf

How To Get Ahead In Your Career By Using Your Name

Discover how a dotcom version of your name can bring you more opportunities, money and fame than your clueless peers.

A Brief History Of E-Lottery

A quick look at how lotteries in general and in particular the popular E-lottery came into existence and the thinking behind the popular syndicate system which has now been going for over 5 years.