Daily Report Thursday, November 30, 2006

Daily Highlights

Kaiser Permanente Colorado began notifying approximately 38,000 members Tuesday, November 28, of a possible breach of their private health information including names, member ID numbers, date of birth, age, gender, and provider/physician information. (See item 6)
A study released Wednesday, November 29, concludes that billions of liters of untreated urban sewage and toxic effluents that flow into the Great Lakes each year are threatening a critical ecosystem that supplies drinking water to millions of people. (See item 21)
The Bureau of Alcohol, Tobacco, Firearms and Explosives is investigating the theft of two packages containing 110 pounds of explosives, stolen over the weekend from a construction site in Menifee, California. (See item 38)

Information Technology and Telecommunications Sector

33. November 29, New Zealand Herald — New Zealand broadband users face 100 attacks a day. New Zealand broadband computer users are being attacked by would−be intruders more than a hundred times a day, a study released Wednesday, November 29, says. The study by NetSafe and IBM New Zealand shows computers in New Zealand, connected to the Internet, were targeted more than a hundred times a day by a variety of worms, viruses, Trojans and hackers. The threats were monitored by intrusion detection software running on a computer equipped with an updated firewall and operating system that automatically downloads system updates and security patches. The first suspicious activity was detected within 20 seconds of being connected to the Internet. More than 4500 suspicious or malicious events were recorded when the computer was protected with an updated firewall for the first 27 days of the study. The number of attacks per day soared dramatically when the firewall was disabled for three 12 days at the end of the experiment, to approximately 538 per day.
Source: http://www.nzherald.co.nz/section/story.cfm?c_id=1&ObjectID= 10413035

34. November 28, eWeek — Apple mega−patch fixes 22 flaws. Apple Computer has shipped a monster security update to correct a total of 22 vulnerabilities in its Mac OS X operating system. The Cupertino, CA, company's patch batch includes a fix for a critical Wi−Fi flaw affecting eMac, iBook, iMac, PowerBook G3, PowerBook G4 and Power Mac G4 systems. The Wi−Fi flaw, first exposed at the beginning of the Month of Kernel Bugs project, was discovered and reported by Metasploit's HD Moore. Apple confirmed that the issue is a heap buffer overflow that exists in the AirPort wireless driver's handling of probe response frames.
Security Update: http://docs.info.apple.com/article.html?artnum=304829
Source: http://www.eweek.com/article2/0,1895,2064969,00.asp

35. November 28, Information Week — New bot exploits months−old Symantec bug. Symantec on Tuesday, November 28, warned of a new bot exploiting multiple months−old bugs, including one in its own anti−virus scanning engine, and said that it's collected evidence of an attack in progress. The bot, dubbed Spybot.acyr, includes exploits for seven different vulnerabilities, including five already patched flaws in Microsoft Windows and one within Symantec's enterprise anti−virus products. The Symantec bug was reported and patched in May. Of the five Microsoft vulnerabilities leveraged by Spybot.acyr, the oldest harks to 2003, while the most recent was disclosed in August 2006. All have been patched.
Source: http://www.informationweek.com/news/showArticle.jhtml?articleID=196513728&subSection=All+Stories