Friday, May 18, 2007
Daily Highlights
The Indianapolis Star reports in what appears to be one of the broadest online school security failures ever in the U.S., thousands of confidential Indianapolis Public Schools student records were available to the public through Google searches. (See item 11)
·
The Los Angeles Daily News reports travelers were evacuated from Terminal 2 at Los Angeles International Airport Wednesday night, May 16, after baggage screening equipment detected two inactive World War II−era mortar shells inside luggage at a security checkpoint. (See item 19)
Information Technology and Telecommunications Sector
32. May 17, IDG News Service — Estonia recovers from massive denial−of−service attack. A spree of denial−of−service attacks against Websites in Estonia appears to be subsiding, as the government calls for greater response mechanisms to cyber attacks within the European Union. The attacks, which started around April 27, have crippled Websites for Estonia's prime minister, banks, and less−trafficked sites run by small schools, said Hillar Aarelaid, chief security officer for Estonia's Computer Emergency Response Team, on Thursday, May 17. But most of the affected Websites have been able to restore service. "Yes, it's serious problem, but we are up and running," Aarelaid said. Aarelaid said analysts have found postings on Websites indicating Russian hackers may be involved in the attacks. However, analysis of the malicious traffic shows that computers from the U.S., Canada, Brazil, Vietnam, and others have been used in the attacks, he said. Experts from the North Atlantic Treaty Organization are helping Estonia investigate the attacks, Aarelaid said.
Source: http://www.infoworld.com/article/07/05/17/estonia−denial−of− service−attack_1.html
33. May 17, IDG News Service — Investment firms to buy Acxiom for $3 billion. Customer information management company Acxiom has agreed to be acquired by two private equity firms for $3 billion in cash. Acxiom has signed a definitive agreement to be acquired by the equity firms Silver Lake and ValueAct Capital. The price tag includes the assumption of about $756 million in debt, the companies announced Wednesday, May 16. They expect to close the deal in three to four months.
Source: http://www.infoworld.com/article/07/05/17/investment−firms−b uy−acxiom_1.html
34. May 16, eWeek — Researcher reveals two−step Vista UAC hack. A Web application developer has uncovered a two−step process for exploiting Windows Vista's User Account Control (UAC), essentially by having a Trojan piggyback on what could be a legitimate download. Robert Paveza, a senior Web application developer with Terralever, published details of the vulnerability in a paper titled, "User−Prompted Elevation of Unintended Code in Windows Vista." Paveza said in the paper that the vulnerability uses a two−part attack vector against a default Vista installation. The first step requires that malware called a proxy infection tool be downloaded and run without elevation. That software can behave as the victim expects it to while it sets up a second malicious payload in the background.
White paper: http://www.robpaveza.net/VistaUACExploit/UACExploitWhitepape r.pdf
Source: http://www.eweek.com/article2/0,1895,2131595,00.asp
35. May 16, SecurityFocus — Microsoft to give more early data on flaws. Microsoft announced on Wednesday, May 16, that the company will release more information on coming patches through its Advanced Notification Service and modify the layout of its security bulletins starting in June. Under the changes, Microsoft's Security Response Center will release advanced notifications and security bulletins under the same URLs, adding in−depth vulnerability information on the second Tuesday each month to the summary of information released five days before as part of its Advanced Notification Service. The summarized information will include maximum severity and impact of the flaws, detection information and the names of affected software.
Source: http://www.securityfocus.com/brief/502
skip to main |
skip to sidebar
Subscription to the full report on a daily basis can be obtained: Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe. To obtain a complete copy of the current report proceed to the DHS link below. To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.
Blog Archive
- ► 2016 (256)
- ► 2015 (254)
- ► 2014 (255)
- ► 2013 (244)
- ► 2012 (260)
- ► 2011 (250)
- ► 2010 (248)
- ► 2009 (254)
- ► 2008 (252)
- ▼ 2007 (233)
Links
About Me
- BobJ
- U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions. Motto: "When entrusted to process, you are obligated to safeguard"
No comments:
Post a Comment