Daily Report Tuesday, March 13 , 2007

Daily Highlights

The Associated Press reports a train carrying liquefied propane derailed Monday morning, March 12, setting off an explosion and fire that forced evacuations from a small central New York city and shut down a section of highway. (See item 2)
·
The South Florida Sun−Sentinel reports the Orlando security problem suggests airports may be vulnerable against employee threats, and that strong security measures are needed for employees as well as passengers. (See item 14)
·
The North Central Texas Council of Governments has announced the launch of its Law Enforcement Analysis Portal, a statewide multi−jurisdictional crime analysis system designed to concurrently analyze incident and offender information from the more than 2,500 law enforcement agencies across the state of Texas. (See item 28)

Banking and Finance Sector

7. March 09, Department of Homeland Security National Computer Forensic Institute unveiled. The Department of Homeland Security and Alabama state officials unveiled, Friday, March 9, the National Computer Forensic Institute in Hoover, AL, that will assist in the field of computer forensics and digital evidence analysis. The institute will be developed by the U.S Secret Service and is partially funded by the department’s National Cyber Security Division. It will serve as a national cyber crimes training facility where state and local police officers, as well as prosecutors and judges, will be offered training and equipment. Law enforcement agencies routinely encounter computer or digital evidence and the level of training for state and local police departments is diverse. The facility will include classrooms, a computer forensic lab with an advanced research and development area, an evidence vault, storage and server rooms, public education exhibit space, and a conference room. Training will be based on the current U.S. Secret Service curriculum and include: basic electronic crimes investigation, network intrusion investigation and computer forensics.
Source:
http://www.dhs.gov/xnews/releases/pr_1173477460607.shtm

Information Technology and Telecommunications Sector

29. March 12, Federal Computer Week — Intelligence community embraces Web 2.0 tools. The Information Sharing Environment (ISE) that the country’s 2004 terrorism prevention act mandated is beginning to take shape in a loose policy framework established by the Office of the Director of National Intelligence. But intelligence experts say social−networking technologies for sharing intelligence information−−wikis, blogs and mashups, for example−−are developing faster than the policies governing their use. The gap is real, said Ambassador Thomas McNamara, who leads 25 employees at ODNI headquarters and works with the Information Sharing Council, a representative board of federal departments that hold intelligence assets. “The technology is sitting there waiting to be used, but a whole series of decisions have to be made at the policy level.” In November 2006, McNamara released a long−awaited implementation plan for the ISE that reveals how the government will implement the intelligence−sharing provision of the 2004 law. McNamara said that information sharing is fairly well−established within intelligence agencies but less so among agencies. “What we’re doing is adding the next level,” he said. That requires creating standards for broader cooperation and managing access to various levels of classified information. The ISE’s information technology architecture will conform to the Office of Management and Budget’s federal enterprise architecture, McNamara said.
Source: http://www.fcw.com/article97883−03−12−07−Print
Daily Report Monday, March 12 , 2007

Daily Highlights

Reuters reports the Nuclear Regulatory Commission approved Thursday, March 8, the first site in over 30 years that could eventually house a new nuclear power plant, in Clinton, Illinois. (See item 2)
·
The Boston Globe reports scientists have discovered that a new strain of norovirus is responsible for the wave of intense gastrointestinal infections that have overwhelmed hospitals, nursing homes, and college dormitories across the nation this winter. (See item 23)

Information Technology and Telecommunications Sector

28. March 09, SC Magazine — Apple issues AirPort Extreme patch. Apple has issued a fix for its wireless networking solution, AirPort Extreme, to complement a similar patch delivered
earlier this year. The update, released Thursday, March 8, corrects a vulnerability involving an out−of−bounds memory read error that could occur when processing wireless frames. "An attacker in local proximity may be able to trigger a system crash by sending a maliciously crafted frame to an affected system," according to an Apple advisory. The flaw impacts the Core Duo version of Mac mini, MacBook and MacBook Prop computers that run on a wireless connection. Core 2 Duo versions are not affected.
Apple advisory: http://docs.info.apple.com/article.html?artnum=305031
Source: http://scmagazine.com/us/news/article/642893/apple−issues−ai rport−extreme−patch/
Daily Report Friday, March 9 , 2007

Daily Highlights

The Associated Press reports gasoline prices have jumped above $3 a gallon in some parts of California and Hawaii, and may hit that level in other parts of the country when the busy summer driving season approaches. (See item 1)
·
The Los Angeles Times reports the Department of Homeland Security has announced that it will fill in seven cross−border tunnels along the California−Mexico border that critics say pose a national security risk because they could be reused by smugglers. (See item 11)
·
Digital Communities reports that although the administration has warned repeatedly about the threat of a terrorist nuclear attack and spent more than $300 billion to protect the country, the U.S. remains ill−prepared to respond to a nuclear catastrophe. (See item 28)

Information Technology and Telecommunications Sector

29. March 09, — Trojan Bayrob targets eBay users. Named Trojan.Bayrob, the malware changes user hosts files to redirect traffic destined to numerous eBay sites, including eBay Motors, to a local proxy server and listens on localhost port 80. From there, Bayrob downloads configuration data from the eBay servers, including a number of php scripts. A spokesperson from eBay confirmed today that the auction company is aware of the problem. “We strongly encourage eBay buyers and sellers to never click on or download a link or file that is unfamiliar to them and always ensure your anti−virus software is up−to−date,” the spokesperson said.
Source: http://scmagazine.com/us/news/article/642361/trojan−bayrob−t argets−ebay−users/

30. March 07, CNET News — Bug may expose encrypted e−mail. A problem related to a widely used open−source cryptography technology could let miscreants tamper with digitally signed and encrypted e−mails. The problem lies in how certain e−mail applications display messages signed using the GNU Privacy Guard, also known as GnuPG and GPG, the GnuPG group said in a security alert Tuesday, March 6. It may not be possible to identify which part of a message is actually signed if GPG is not used correctly, it said. This poses a risk to those who use the cryptographic technology to authenticate or encrypt e−mail messages. According to security company Core Security Technologies, the affected applications include KDE's KMail, Novell's Evolution, Sylpheed, Mutt and GnuMail.org, and Enigmail. The GnuPG group has issued updates to prevent tampering with signed or encrypted messages, but it notes that individual e−mail applications might need updating as well, to correctly display signed messages after applying the GPG update. Enigmail software has already been updated.
Source: http://news.com.com/Bug+may+expose+encrypted+e−mail/2100−1002_3−6165277.html?tag=cd.lede
Daily Report Thursday, March 8 , 2007

Daily Highlights

The Boston Globe reports Southern New England's two biggest utilities are developing plans to spend potentially $1 billion constructing 80 to 100 miles of high−voltage electric transmission lines to make the regional power grid more reliable and keep up with steadily growing energy demand. (See item 1)
·
The Orlando Sentinel reports an airline employee at Orlando International Airport used his security privileges on Monday, March 5, to sneak a duffle bag containing 13 handguns, an assault rifle, and eight pounds of marijuana aboard a Delta flight to San Juan. (See item 19)


Information Technology and Telecommunications Sector

33. March 07, SC Magazine — IRC bot a growing threat to enterprise networks. A new Internet relay chat (IRC) bot is building an even larger zombie family that could pose a significant threat to enterprise networks, security researchers said Wednesday, March 7. The Nirbot family is based on relatively new code and spreads after receiving instructions from the botmaster inside an IRC channel, said Jose Nazario, of Arbor Networks. The bot attempts to exploit patched vulnerabilities in Symantec anti−virus programs and the Microsoft server service function. More dangerous for enterprises, though, is that the bot preys on password weaknesses in Windows file−sharing networks, researchers said. Once launched, the bot joins the IRC server and can download arbitrary code, unleash DDoS attacks or launch an HTTP or FTP server to browse an infected PC for sensitive files, he said.
Source: http://scmagazine.com/us/news/article/642351/irc−bot−growing−threat−enterprise−networks/

34. March 06, Federal Computer Week — VA to control, restrict use of mobile storage devices. In the next month, the Department of Veterans Affairs (VA) will let employees plug into its network only those mobile storage devices issued by the chief information officer’s office. Robert Howard, the department’s CIO, said Tuesday, March 6, he will issue only 1G and 2G thumb drives and will not allow anything larger onto the network unless he approves it. The mobile storage devices also must be certified under the National Institute of Standards and Technology’s Federal Information Processing Standard 140−2, he added. Besides controlling thumb drives, Howard aims to have a standard configuration for smart phones and personal digital assistants, eliminate unencrypted messages that travel on the VA’s network and reduce the number of virtual private networks by the end of fiscal 2007. The department also is relying more on public−key infrastructure (PKI) and Microsoft’s rights management system (RMS) in its Outlook e−mail system to do a better job of securing e−mail and documents.
Source: http://www.fcw.com/article97837−03−06−07−Web
Daily Report Wednesday, March 7 , 2007

Daily Highlights


The Associated Press reports the white supremacist gang Public Enemy No. 1 that began as a group of teenage punk−rock fans from Southern California, now deals in drugs, guns, and identity theft and is gaining clout across the West after forging an alliance with the notorious Aryan Brotherhood. (See item 6)
·
The Palladium Times reports the fishing industry in Upstate New York is in jeopardy because of a newly discovered Viral Hemorrhagic Septicemia virus that has made its way into the water systems. (See item 18)


Information Technology and Telecommunications Sector

30. March 07, Government Computer News — CRS: Terrorists find fertile environment in cyberspace. Finding proof that terrorists plan to launch cyberattacks against the United States is difficult, but the accessibility and vulnerability of the Internet to attack makes it a growing threat. “The time may be approaching when a cyberattack may offer advantages that cause terrorists to act, even if the probability of success or level of effectiveness is unknown,” according to the Congressional Research Service (CRS). This and other conclusions are included in a recent CRS report, titled Terrorist Capabilities for Cyberattack: Overview and Policy Issues, released by the Federation of American Scientists. Terrorists are using the Internet today to recruit new members, the report states. While it is highly likely that terrorist organizations are using cybercrime to finance their activities, the threat is expanding beyond credit card fraud and identity theft. The CRS report outlines the fragmented nature of the federal response to potential cyberattacks, pointing to responsibilities dispersed among the Homeland Security and Defense departments, the FBI and the intelligence community. CRS refers to international efforts to prevent cybercrime as one way to address the terrorist threat. It cites the Convention on Cybercrime, which the United States has signed but not yet ratified.
Report: http://www.fas.org/sgp/crs/terror/RL33123.pdf
Source: http://www.gcn.com/online/vol1_no1/43263−1.html

31. March 06, US−CERT — Technical Cyber Security Alert TA07−065A: Apple Releases Security Updates for QuickTime. Apple QuickTime 7.1.5 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most Web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a Web page. US−CERT Vulnerability Notes Database:
http://www.kb.cert.org/vuls/byid?searchview&query=VU%23568689,VU%23861817,VU%23642433
An upgrade to QuickTime 7.1.5 is available via Apple Update:
http://docs.info.apple.com/article.html?artnum=106704
Source: http://www.us−cert.gov/cas/techalerts/TA07−065A.html

32. March 06, Government Computer News — DoD intertwines data security, interoperability challenges. The Department of Defense (DoD) is spending $2.5 billion on information assurance in fiscal 2007, and a good portion of those funds are to ensure the military can share data safely and more easily with the intelligence community. John Grimes, DOD CIO, said Monday, March 5, the key to information sharing is security. “We are looking at those two areas in our architecture and in the next generation of security technology, and how we may change the nonclassified IP router network,” he said in Orlando, FL, at the Information Processing Interagency Conference, sponsored by the Government IT Executive Conference. “The only way to get to net−centricity is to ensure we can share information and it is interoperable.” One program DoD is working on with the Department of Homeland Security (DHS) and other agencies is the National Command Coordination Center, which will improve information sharing among federal, state and local agencies. To ensure data interoperability, DoD is moving more toward communities of interest, including one recently set up in the maritime community with the Coast Guard, Navy and other agencies. Grimes said the Office of Management and Budget is paying close attention to how these communities succeed.
Conference Website: http://www.ipicconference.org/
Source: http://www.gcn.com/online/vol1_no1/43260−1.html

33. March 06, CNET News.com — Security flaws found in fix for Firefox, SeaMonkey. Mozilla Foundation on Monday, March 5, issued a critical fix designed to address vulnerabilities in a recent security update for the Firefox browser and SeaMonkey application suite. The security flaws were discovered in Firefox 1.5.0.9 and 2.0.0.1, as well as in SeaMonkey 1.0.7, according to a security advisory posted by Mozilla. Security researchers say the initial fix, issued in mid−December, was designed to address vulnerabilities in Firefox, SeaMonkey and Mozilla's Thunderbird e−mail client. But that particular fix introduced a flaw that could allow JavaScript code from Web content to be exploited, then lead to the execution of arbitrary code. Mozilla advises Firefox users to upgrade to version 1.5.0.10 and 2.0.0.2, and SeaMonkey users to update to version 1.1.1 and 1.0.8.
Mozilla Foundation Security Advisory 2007−09:
http://www.mozilla.org/security/announce/2007/mfsa2007−09.ht ml
Source: http://news.com.com/Security+flaws+found+in+fix+for+Firefox%2C+SeaMonkey/2100−1002_3−6164702.html?tag=nefd.top

34. March 05, Federal Computer Week — OMB analyzing architecture of agency business lines. The Office of Management and Budget (OMB) is reviewing agency enterprise architectures with a keen eye toward how the blueprints will change mission−critical business lines. Dick Burk, OMB’s chief architect, said Monday, March 5, that his office has been meeting weekly with agency chief architects to have them focus on specific business segments, and to get the owner of that business line to sign off on the architecture. “We want the architecture to be a reflection of their business because in the past we’ve seen it be a reflection of their” information technology, Burk said here at the 2007 Information Processing Interagency Conference sponsored by the Government Information Technology Executive Conference. “If we are going to solve the problems of the agency, we need the architecture to reflect where the business wants to be in three to five years.” Burk said 25 of 26 agencies submitted their enterprise architectures for review, and OMB will have them analyzed by early April. With 93 percent of all development, modernization and enhancement funding going toward mission−critical systems, OMB thought segment architecture would be a valuable tool to improve the use of enterprise architecture, he said.
Source: http://fcw.com/article97820−03−05−07−Web
Daily Report Tuesday, March 6 , 2007

Daily Highlights


Reuters reports US Airways Group on Monday, March 5, said it has sent extra workers to its Charlotte, North Carolina, hub after a glitch in its self−service reservation system on Sunday forced thousands to wait in lines for up to three hours. (See item 10)
·
The U.S. Food and Drug Administration is investigating an outbreak of norovirus−associated illness linked to eating raw oysters harvested from San Antonio Bay, Texas; oyster beds in the Bay have been closed by the Texas Department of Health Services. (See item 19)

Information Technology and Telecommunications Sector

29. March 05, SC Magazine — Windows Vista firewall weakness can be corrupted by attackers. The firewall in Microsoft's Windows Vista operating system (OS) can be compromised to perform prohibited functions, according to new research by Symantec. Researcher Orlando Padilla said the problem concerns the unblock button, which can be accessed by an attacker with the same privilege level as a standard user. This configuration of privileges creates a vulnerability in the firewall’s policy that can be exploited by an attacker. "[The firewall] poses a great limitation for malicious code looking to back−door a host. In effect, malicious code can automate the unblock process by simply sending a message to the firewall pop−up dialog box via the SendMessage API call," Padilla said in the Web entry.
Source: http://scmagazine.com/us/news/article/637102/windows−vista−firewall−weakness−corrupted−attackers/

30. March 02, US−CERT — Vulnerability in Citrix Presentation Server Client. US−CERT is aware of an unspecified vulnerability in Citrix Presentation Server Client for Windows. The vulnerability exists in the way ICA connections are handled through proxy servers. By persuading a user to access a specially crafted HTML document (e.g., a Web page or an HTML email message), a remote, unauthenticated attacker may be able to execute arbitrary code with privileges in the context of the client process. US−CERT recommends that administrators upgrade to version 10.0 and later to mitigate the security risks.
Vulnerability Note VU#798364 − Citrix Presentation Server Client vulnerable to arbitrary code
execution: http://www.kb.cert.org/vuls/id/798364
Citrix Advisory CTX112589 − Vulnerability in Citrix Presentation Server Client for Windows
could result in arbitrary code: http://support.citrix.com/article/CTX112589
Source: http://www.us−cert.gov/current/current_activity.html#citrix
Daily Report Monday, March 5 , 2007

Daily Highlights

The Better Business Bureau System is warning all businesses across the U.S. and Canada of a spoofing scam using the BBB name and a false BBB e−mail address to entice recipients to access potentially damaging hyperlinks. (See item 11)
·
USA TODAY reports United Airlines is reviewing why a California−bound flight sat full of passengers for more than seven hours at Chicago O'Hare last weekend during an ice storm. (See item 14)
·
Reuters reports rates of diabetes in Ontario −− Canada's most populous, most ethnically diverse province −− have already zoomed past what was predicted for 2030, which suggests the emerging global diabetes epidemic will be far worse than feared. (See item 28)

Information Technology and Telecommunications Sector

35. March 02, Reuters — Sanyo to share battery recall cost with Lenovo. Troubled Japanese electronics maker Sanyo Electric Co. said on Friday, March 2, it would shoulder with China's Lenovo Group the cost of recalling 205,000 Sanyo−made laptop battery packs that can overheat. The ThinkPad battery recall comes during an investigation of loss−making Sanyo by Japan's securities watchdog the Securities Exchange and Surveillance Commission. The lithium−ion extended−life battery packs, jointly designed by Lenovo and Sanyo and tested by Lenovo, can overheat and spark if dropped hard on to the ground, the two companies said.
Source: http://www.eweek.com/article2/0,1895,2099929,00.asp

36. March 02, CNET News — FCC: Local phone companies must connect Net calls. In a boost to Internet phone providers, federal regulators have ruled that local telephone companies must connect Net−based calls shuttled over broadband lines owned by wholesalers like Sprint Nextel and Verizon Communications. In a 16−page order to local telephony providers issued Thursday, March 1, the Federal Communications Commission (FCC) effectively overturned decisions by state regulators in South Carolina and Nebraska that had prevented Time Warner Cable from deploying its voice−over Internet Protocol (VoIP) service there. FCC Chairman Kevin Martin said the states had misinterpreted federal telecommunications law. "Our decision will enhance consumers' choice for phone service by making clear that cable and other VoIP providers must be able to use local phone numbers and be allowed to put calls through to other phone networks," Martin said in a statement Thursday. Time Warner Cable, the nation's second−largest cable operator, had petitioned the FCC for relief about a year ago.
FCC's order: http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA−07−709A 1.pdf
Source: http://news.com.com/FCC+Local+phone+companies+must+connect+Net+calls/2100−7352_3−6163789.html?tag=nefd.top

37. March 02, ComputerWorld — Feds hope to boost business role in slowing cyberattacks. As reports of cybersecurity incidents grow, Department of Homeland Security (DHS) officials plan to improve their ability to work on the problem face to face with private−sector experts. The DHS plans to co−locate private−sector employees from the communications and IT industries with government workers at the U.S. Computer Emergency Readiness Team (US−CERT) facility, said Gregory Garcia, assistant secretary of cybersecurity and telecommunications at DHS. The teams will work jointly on improving US−CERT's information hub for cybersecurity, Garcia said. The agency didn't specify a starting date for the program but said it will begin soon. US−CERT is a four−year−old DHS−run joint effort of the public and private sectors to protect the nation's Internet infrastructure. "It's through this co−location that we are going to build a strong trust relationship, an information−sharing relationship," said Garcia.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9012132&source=rss_topic85

38. March 01, eWeek — Month of PHP bugs begins. Security expert Stefan Esser has declared war on vulnerabilities in the PHP core with the "Month of PHP Bugs." PHP is an open−source HTML embedded scripting language used to create dynamic Webpages. The month−long effort is an attempt to improve the security of PHP. It follows his contentious departure in December from the PHP Security Response Team, which he founded, after he accused The PHP Group of being too slow to fix problems. Esser stressed, however, that he is not striking back at his old colleagues but is addressing legitimate security issues.
Source: http://www.eweek.com/article2/0,1895,2099735,00.asp

39. March 01, eWeek — March Madness expected to threaten network security. March Madness may be a great time for college basketball fans, but it can be a nightmare for enterprises when it comes to network security. Earlier in 2007, Super Bowl fans logging on to the Dolphins Stadium site faced an unwelcome surprise −− malicious code embedded in the header on the front page that when downloaded initiated a keylogging program. Researchers at Websense are warning enterprises to expect more of the same, while other security specialists urged companies to be mindful of the Web surfing habits of their employees. "Using current events as a means of deception in order to get people to visit a Website, in itself, is not anything new," said Dan Hubbard, vice president of security research at San Diego−based Websense. "What is compelling here is the potential for another Super Bowl incident, where attackers combine a special event with a compromise. In that case there is no need for the deception lure."
Source: http://www.eweek.com/article2/0,1895,2099714,00.asp

40. March 01, Information Week — Worm attack: A grudge match with Symantec? A worm is getting an awful lot of attention for a piece of malware that several anti−virus vendors have rated as a "low" threat. The Rinbot worm, which also is known as the Delbot worm, hit the computer network at the Turner Broadcasting System, a division of Time Warner and parent of CNN and CNNMoney.com, according to a company spokesperson. A story on the CNN.com Website said the network was hit on Thursday, March 1. It's not clear how much the worm impacted the network. The worm, which is trying to build a botnet, also was getting quite a bit of play because it targets Symantec, a leading anti−virus software vendor. While the worm does exploit a vulnerability in Symantec client security, it also goes after Microsoft's Windows Server Service remote buffer overflow vulnerability and Microsoft's SQL Server user authentication remote buffer overflow vulnerability. Paul Moriarty, director of Internet content security at TrendMicro, notes that all three vulnerabilities have been patched. The worm can only get a foothold in company networks or individual machines if they have not been updated.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=DPMJVDEPAX0MOQSNDLRCKHSCJUNN2JVN?articleID=197700611

41. March 01, SecurityFocus — Maynor reveals missing Apple flaw. Security researcher David Maynor got some measure of vindication at the Black Hat DC Conference this year. Six months after the security researcher and his colleague Jon Ellch claimed that Mac OS X wireless drivers were vulnerable to attack, Maynor on Wednesday, February 28, revealed the code he used to exploit a native flaw in the platform as well as e−mails showing he notified Apple as to the danger. Maynor said the flaw was in the driver for the Broadcom wireless chip. The flaw affected not only Mac OS X, but any platform that used drivers based on the Broadcom reference driver, he said. While MacBooks and PowerBooks were affected, so were Dell laptops running Windows XP. Apple fixed the flaw on September 21, but did not give Maynor or Ellch credit. The flaw could have allowed a remote attacker to compromise a vulnerable MacBook or PowerBook remotely via an overly long service set identifier.
Source: http://www.securityfocus.com/news/11445
Daily Report Friday, March 2 , 2007

Daily Highlights

The Boston Globe reports that in response to credit− and debit−card theft from retailers, American financial institutions are starting to offer "smart cards" with microprocessor chips that store encrypted customer information and require a personal identification number, or PIN. (See item 10)
·
The Department of Homeland Security announced on Thursday, March 1, its proposal to establish minimum standards for state−issued driver’s licenses and identification cards, in compliance with the REAL ID Act of 2005, to enhance the security and integrity of driver’s licenses. (See item 16)
·
The Associated Press reports heavy, wet snow and blizzard conditions hit the Plains and Midwest on Thursday, March 1, shutting down hundreds of miles of interstate highways, closing schools, and canceling flights. (See item 39)

Transportation and Border Security Sector

16. March 01, Department of Homeland Security — DHS issues proposal for states to enhance driver’s licenses. The Department of Homeland Security (DHS) announced on Thursday, March 1, its proposal to establish minimum standards for state−issued driver’s licenses and identification cards in compliance with the REAL ID Act of 2005. The REAL ID requirements are a result of recommendations made by the 9/11 Commission, which Congress passed into law, and will enhance the security and integrity of driver’s licenses. “Raising the security standards on driver’s licenses establishes another layer of protection to prevent terrorists from obtaining and using fake documents to plan or carry out an attack. These standards correct glaring vulnerabilities exploited by some of the 9/11 hijackers who used fraudulently obtained drivers licenses to board the airplanes in their attack against America,” said DHS Secretary Michael Chertoff. The department’s proposed regulations set standards for states to meet the requirements of the REAL ID Act, including: security features that must be incorporated into each card; verification of information provided by applicants to establish their identity and lawful status in the United States; and physical security standards for locations where licenses and identification cards are issued. As proposed, a REAL ID driver’s license will be required in order to access a federal facility, board federally−regulated commercial aircraft, and enter nuclear power plants.
To view the proposed regulations, go to http://www.dhs.gov/
Source: http://www.dhs.gov/xnews/releases/pr_1172765989904.shtm

Information Technology and Telecommunications Sector

32.
March 01, eWeek — Black Hat demonstrations shatter hardware hacking myths. At the Black Hat Briefings, two breakthrough hardware hacks were demonstrated. One shocker was Coseinc Senior Security Researcher Joanna Rutkowska's demonstration of a way to subvert system memory through software −− in essence, the shattering of the long−held belief that "going to hardware" to secure incident response is a security failsafe. Security professionals at the show called it the "attainment of the holy grail," particularly since the only way to fix the system's memory corruption is to reboot −− thus erasing all tracks of the subversion. It's a digital forensic team's worst nightmare. John Heasman from NGSS proved that rootkits can persist on a device −− on firmware −− rather than on disk, and can thus survive a machine being reimaged. These hacks are esoteric, but they're proving that much of what we thought of as hardware unassailability is pure folklore.
Source: http://www.eweek.com/article2/0,1895,2099603,00.asp

33. March 01, IDG News Service — Lenovo recalls 205,000 notebook batteries. Months after joining other PC vendors in a massive recall of faulty notebook batteries, Lenovo Group has found a different problem with some models, and will recall 205,000 notebook batteries worldwide, the company said Thursday, March 1. Lenovo made the move after four customers complained their batteries overheated after they had dropped or hit the notebooks. The defect caused minor eye irritation for one user, and damaged the property and computers of the others, according to the U.S. Consumer Product Safety Commission. The recall affects the nine−cell, extended−life version of a battery pack manufactured by Sanyo Electric, of Japan.
Source: http://www.infoworld.com/article/07/03/01/HNlenovorecallsbat teries_1.html

34. March 01, IDG News Service — Oracle to buy Hyperion for $3 billion. Oracle has agreed to acquire business intelligence software vendor Hyperion Solutions for $3.3 billion in cash, it said Thursday, March 1. Oracle said it will combine Hyperion's software with its own business intelligence and analytics tools to offer customers a broad range of performance management capabilities, including planning, budgeting and operational analytics.
Source: http://www.infoworld.com/article/07/03/01/HNoraclehyperion_1 .html

35. March 01, Sophos — Malware adopts disguises in attempt to dupe IT defenses. Sophos has revealed the most prevalent malware threats and e−mail hoaxes causing problems for computer users around the world during February 2007. The figures, compiled by Sophos' global network of monitoring stations, show that the HckPk family has had the greatest impact on computer users this month, accounting for more than half of malware seen during February. Hackers are increasingly using encryption and packer tools −− such as those belonging to the HckPk family −− to camouflage their malicious code. January's hardest−hitting worm, Dorf, plus the prevalent Dref mass−mailing worms are just two examples of the malware currently being hidden within HckPk programs. Sophos has also found that cybercriminals are constantly modifying their HckPk disguises in an attempt to bypass IT defenses.
Source: http://www.sophos.com/pressoffice/news/articles/2007/03/topt enfeb07.html

36. February 28, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−059A: Sun Solaris Telnet Worm. A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges. Further details about the vulnerability are available in Vulnerability Note VU#881872:
http://www.kb.cert.org/vuls/id/881872
Because VU#881872 is trivial to exploit and sufficient technical detail is publicly available, any attacker, not just this worm, could exploit vulnerable systems. Sun has published information about the worm in the Security Sun Alert Feed including an inoculation script that disables the telnet daemon and reverses known changes made by the worm:
http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_ seen
Solution: To address VU#881872, apply the appropriate patches referenced in Sun Alert Notification 102802: http://sunsolve.sun.com/search/document.do?assetkey=1−26−102 802−1
To recover compromised systems, Sun has provided an inoculation script that disables the telnet daemon and reverses known changes made by the worm:
http://blogs.sun.com/security/resource/inoculate.local
Note that the inoculation script only recovers from this particular worm. Running the inoculation script does not guarantee system integrity. To fully recover, it may be necessary to rebuild a compromised system using trusted software sources. For more information, see Recovering from an Incident: http://www.cert.org/nav/recovering.html
Source: http://www.uscert.gov/cas/techalerts/TA07−059A.html

37. February 28, CNET News — Symantec incorrectly flags Yahoo Mail as a virus. Yahoo's e−mail service is not infected with a computer virus, despite a warning from Symantec that says it is. Starting sometime on Tuesday, February 27, accessing the beta version of Yahoo Mail on a PC with Symantec's updated antivirus software caused alarm bells to go off. The security software reported finding the "Feebs" worm on the Yahoo Webpages. That warning was in error, Symantec said Wednesday. "Symantec antivirus products...triggered a false−positive alert with Yahoo Mail beta," said Vincent Weafer, a senior director at Symantec Security Response.
Source: http://news.com.com/Symantec+incorrectly+flags+Yahoo+Mail+as+a+virus/2100−1002_3−6163068.html
Daily Report Thursday, March 1 , 2007

Daily Highlights

The Federal Energy Regulatory Commission on Monday, February 26, endorsed a plan to allow competitive bidding for rights to build a long−envisioned Alaska North Slope natural gas pipeline. (See item 4)
·
The Los Angeles Times reports aircraft came too close to one another at Los Angeles International Airport twice last weekend, the first such incidents at the facility since September; a ground radar system alerted controllers to impending collisions in each case. (See item 12)
·
The Department of Homeland Security has released $194 million to help states and local governments prepare and implement emergency management activities through the Emergency Management Performance Grant program. (See item 33)
·
Information Technology and Telecommunications Sector

34.
February 28, US−CERT — Worm actively exploits vulnerability in Sun Solaris Telnet Daemon. US−CERT is aware of public reports of a worm that is actively exploiting a known vulnerability in the Sun Solaris telnet daemon (in.telnetd). The worm targets Solaris 10 (SunOS 5.10) systems that are not patched to address this vulnerability and have enabled the telnet daemon. More information about this vulnerability is located in the following: Vulnerability Note VU#881872 − Sun Solaris telnet authentication bypass vulnerability:
http://www.kb.cert.org/vuls/id/881872
Sun Alert 102802 − Security Vulnerability in the in.telnetd (1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris Host:
http://sunsolve.sun.com/search/document.do?assetkey=1−26−102 802−1
Source: http://www.us−cert.gov/current/current_activity.html#sunwrme xinet

35. February 28, CNET News — PC hardware can pose rootkit threat. PC hardware components can provide a way for hackers to sneak malicious code onto a computer, a security researcher warned Wednesday, February 28. Every component in a PC, such as graphics cards, DVD drives and batteries, has some memory space for the software that runs it, called firmware. Miscreants could use this space to hide malicious code that would load the next time the PC boots, John Heasman, research director at NGS Software, said in a presentation at this week's Black Hat event. "This is an important area and people should be concerned about this," Heasman said. "Software security is getting better, yet we run increasingly complicated hardware. Unless we address hardware security, we're leaving an interesting avenue for attack." Malicious code delivered via the memory on hardware components poses a rootkit threat since it will run on the PC before the operating system loads, Heasman said. This likely will hide it from security software and other protection mechanisms, he added. Such low−level malicious code is known as a rootkit.
Source: http://news.com.com/PC+hardware+can+pose+rootkit+threat/2100−7349_3−6162924.html?tag=nefd.top

36. February 28, Register (UK) — Warezov worm fiends target Skype. The authors of the prolific Warezov worm are targeting users of Skype. Instead of arriving via an e−mail attachment, the latest variant of the worm spreads using a bogus Skype chat message asking users to click on a link, which points to a hacker−controlled Website hosting malicious codes. The plausibility of the attack is increased because infected messages likely come from a target's list of known contacts, though the abrupt dialogue it generates might trigger a few alarm bells. Some older Warezov variants used other Instant Messaging clients in a similar fashion, but this variant (Warezov−LY) is the first to use Skype, anti−virus firm F−secure reports.
Source: http://www.theregister.co.uk/2007/02/28/warezov_skype_im_wor m/

37. February 28, Sophos — Graphic Japanese Trojan attacks P2P file−sharing pirates. Sophos has warned of a bizarre Trojan horse that has been distributed on Japanese peer−to−peer (P2P) file−sharing networks. The Troj/Pirlames−A Trojan horse has been distributed on the controversial Winny file−sharing network in Japan, posing as a screensaver. However, if P2P users download and run the program their files are overwritten by pictures of a popular comic book star who abuses them for using Winny. Programs, music files and e−mail mailboxes are amongst the files targeted by the Trojan horse.
Source: http://www.sophos.com/pressoffice/news/articles/2007/02/pirl ames.html

38. February 27, InfoWorld — Researchers: Worms not heading underground. During the past two years, security experts and software vendors have downplayed the threat of so−called worm viruses, but new evidence suggests that the attacks are still as dangerous, if not more so, than ever. While the enormous mass−mailing worm viruses of years past −− such as the well−known MyDoom, Sobig, and Slammer attacks −− that were aimed at crippling IT infrastructure have all but disappeared, smaller outbreaks that aim to load financially−motivated malware onto end users' computers −− such as the recent Storm Worm −− will continue to menace the Internet, according to researchers. Consensus opinion among security experts has been that as businesses and consumers improved their desktop security tools and computing habits, it became harder for malware writers to lure the same volumes of people with worms. This trend pushed the attackers away from creation of the self−propagating threats and further into financially−motivated crimeware, market watchers observed. However, the continued spread and modification of Storm Worm, which first surfaced in mid−January 2007, could illustrate an emerging breed of the attacks that is likely to trouble users in years to come.
Source: http://www.infoworld.com/article/07/02/27/HNwormtrender_1.ht ml

39. February 27, ComputerWorld — Researcher charts new, more dangerous Oracle attack. In a paper discussed Wednesday, February 28, at the Black Hat DC 2007 conference, noted database security researcher David Litchfield outlined a new attack method against Oracle databases that boosts the danger to unpatched systems. Litchfield, the managing director of UK−based NGS Software has found a way to exploit Oracle vulnerabilities without requiring system privileges. The new tactic, which he spelled out in "Cursor Injection: A New Method for Exploiting PL/SQL Injection and Potential Defenses," increases the threat risk of many Oracle−disclosed bugs. "On occasion, Oracle in their alerts state that the ability to create a procedure or a function is required for an attacker to be able to exploit a flaw," Litchfield said in the paper. "This is not the case. All SQL injection flaws can be fully exploited without any system privilege other than CREATE SESSION and, accordingly, the risk should never be 'marked down' [in an alert]," he said. The new technique doesn't rely on a vulnerability and applies to all versions of Oracle.
Litchfield's report: http://www.databasesecurity.com/dbsec/cursor−injection.pdf
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9011942&source=rss_topic85

40. February 27, ComputerWorld — Firefox, IE7 open to URL spoof. Although Mozilla Corp. patched one more Firefox bug last week than first reported, the researcher whose work has plagued the open−source browser for weeks has released details about another flaw. Firefox does not properly handle JavaScript "onUnload" events and can be tricked into taking the user to an unintended destination, said security researcher Michal Zalewski. "This flaw allows the attacker to track your footsteps and either redirect you to the URL you wanted to visit, which wouldn't be noticed at all, or to a similarly named phishing Website when you choose to visit a target of some significance," Zalewski said. The bug affects the just−released Firefox 2.0.0.2 and 1.5.0.10 updates, as well as Microsoft's Internet Explorer 7. JavaScript can be disabled in the browsers to block such redirects.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9011939&source=rss_topic85