DHS Daily Open Source Infrastructure Report

Daily Report Friday, December 22, 2006

Daily Highlights

The Associated Press reports a man who told Kansas City International Airport security that the $70,000 in cash causing his pants pockets to bulge were Muslim "prayer books" could soon face charges of mortgage fraud. (See item 11)
·
University of Kansas researchers say many water reservoirs across Kansas are shrinking, leading to taste and odor problems in drinking water for communities dependent upon them. (See item 24)
·
The Federal Communications Commission wants to set aside radio frequencies for a nationwide radio system for various public safety agencies that would be based on advanced Internet Protocol broadband technologies and built in partnership with a private company. (See item 32)

Information Technology and Telecommunications Sector

34. December 21, IDG News Service — Seagate buys backup services company. Hard drive maker Seagate Technology LLC will buy EVault Inc. for $185 million in an acquisition designed to bolster Seagate's managed services business, the company said on Thursday, December 21. EVault, based in Emeryville, CA, provides online network backup, recovery and data protection products for small.to.medium size businesses.
Source: http://www.infoworld.com/article/06/12/21/Hnseagatebuysevaul t_1.html

35. December 21, VNUNet — Apple fixes QuickTime spyware flaw. The latest security patch for Mac OS X fixes a QuickTime vulnerability that could let attackers capture images from a user's screen and upload them to a remote site. Apple said that the vulnerability does not affect Windows users or versions of Mac OS prior to 10.4. The vulnerability is not related to the QuickTime flaw that spread through social networking site MySpace last week. The new flaw involves QuickTime for Java, a component that lets Java applets display QuickTime movies, and Quartz Composer, a software tool used to render images in Mac OS. According to Apple, an attacker could place JavaScript code on a Website that would use the QuickTime for Java component to obtain screen images and send them to a remote location, possibly allowing the attacker to obtain sensitive information displayed on the screen.
Source: http://www.vnunet.com/vnunet/news/2171378/mac.users.delivere d.quicktime

36. December 20, U.S. Computer Emergency Readiness Team — US.CERT Technical Cyber Security Alert TA06.354A: Mozilla addresses multiple vulnerabilities. Mozilla has released new versions of Firefox, Thunderbird, and SeaMonkey to address several vulnerabilities. While the impacts of the individual vulnerabilities vary, the most severe could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial.of.service. Systems affected: Mozilla Firefox; Mozilla Thunderbird; Mozilla SeaMonkey; Netscape Browser. Other products based on Mozilla components may also be affected.
Solution: These vulnerabilities are addressed in Mozilla Firefox 1.5.0.9, Mozilla Firefox 2.0.0.1, Mozilla Thunderbird 1.5.0.9, and SeaMonkey 1.0.7. Mozilla Firefox, Thunderbird, and SeaMonkey automatically check for updates by default. Support for Firefox 1.5 is scheduled to end in April 2007. All users are strongly encouraged to upgrade to Firefox 2.
Firefox 1.5.0.9: http://www.mozilla.com/en.US/firefox/releases/1.5.0.9.html
Firefox 2.0.0.1: http://www.mozilla.com/en.US/firefox/