Wednesday, June 27, 2007

Daily Highlights

IDG News reports that using a credit card at a gas station could pose more of a risk for data theft than shopping online, since point−of−sale terminals have emerged as a weak link in the security chain. (See item 6)
·
The Christian Science Monitor reports the American aviation system may be in danger with repair and maintenance systems increasingly being outsourced to foreign and non−Federal Aviation Administration−certified repair stations. (See item 10)
·
The Orlando Sentinel reports Central Florida's Lynx bus system is spending nearly $1 million from the Department of Homeland Security to train its drivers and staff on how to spot terrorists and other criminals. (See item 16)

Information Technology and Telecommunications Sector

30. June 26, eWeek — Analyst: WinSafari hole still open. The vulnerabilities Errata Security found in Apple's Safari beta for Windows −− within hours of the browser's June 11 launch −− are still open, CTO Dave Maynor said in a blog on Monday, June 25. The Safari bugs are proof positive of Maynor's assertion that client−side vulnerabilities are easy as pie to find in Apple code, he said. "I basically just ran the OSX version of Safari through a fuzzer, and it crashed in a few seconds," he wrote in the June 25 post. Errata made test results public back on April 23 in this blog post after finding one particular exploit. The reason Apple hasn't jumped on fixing it, Maynor charges, is that the press has ignored this exploit.
Source: http://www.eweek.com/article2/0,1895,2150911,00.asp

31. June 26, Sophos — Duo found guilty of operating spam business. Experts at IT security and control firm Sophos have welcomed news that two men have been found guilty for their part in an international spam gang which bombarded innocent Internet users with graphic pornographic images. A federal jury has convicted James R. Schaffer, of Paradise Valley, AZ, and Jeffrey A. Kilbride, of Venice, CA, on charges including conspiracy, money laundering, fraud and transportation of obscene materials. Spam sent by Schaffer and Kilbride is said to have resulted in America Online receiving more than 600,000 complaints from users between 30 January and 9 June 2004.
Source: http://www.sophos.com/pressoffice/news/articles/2007/06/porn −spammers.html

32. June 26, Sophos — Shockwave as Trojan horse uses animated disguise. Experts at Sophos have discovered a Trojan horse that disguises its malicious intent by playing a humorous animation. The Troj/Agent−FWO Trojan horse plays the popular "Yes & No" Shockwave video created by the Italian animator Bruno Bozzetto, but only after embedding itself on users' computers and downloading further malicious code from the Internet. "Yes & No," which was published on the Internet by Bozzetto in 2001, is a humorous video about how obeying the rules of the road does not always make sense. Hundreds of thousands of people are believed to have watched the online animation. According to Sophos experts, the Trojan horse is playing the animation as a smokescreen as it silently infects Windows computers.
Source: http://www.sophos.com/pressoffice/news/articles/2007/06/yesn o.html

33. June 25, ComputerWorld — Hackers use 'construction kit' to unleash Trojan variants. Multiple hacker groups are using a "construction kit" supplied by the author of a Trojan horse program discovered last October to develop and unleash more dangerous variants of the original malware. Already such variants have stolen sensitive information belonging to at least 10,000 individuals and sent the data to rogue servers in China, Russia and the United States, according to Don Jackson, a security researcher at SecureWorks Inc. The Prg Trojan, as it has been dubbed by SecureWorks, is a variant of another Trojan called wnspoem that was unearthed in October. Like its predecessor, the Prg Trojan and its variants, are designed to sniff sensitive data from Windows internal memory buffers before the data is encrypted and sent to SSL−protected Websites. What makes the threat from the Prg Trojan especially potent is the availability of a construction tool kit that allows hackers to develop and release new versions of the code faster than antivirus vendors can devise solutions, Jackson said. The toolkit allows hackers to recompile and pack the malicious code in countless subtly different ways so as to evade detection by antivirus engines typically looking for specific signatures to identify and block threats, Jackson said.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025735&intsrc=hm_list
Tuesday, June 26, 2007

Daily Highlights

Aero−News Network reports the National Transportation Safety Board recommends the Federal Aviation Administration should keep a close watch for possible medical and criminal issues with pilots as they undergo medical evaluations. (See item 10)
·
The Associated Press reports railroads and federal security officials want to build a complex of above−ground tunnels at a Colorado test center to experiment with ways to protect trains and subway stations from terrorist attacks and accidents. (See item 12)

Information Technology and Telecommunications Sector

27. June 25, Security Focus — Spanish police arrest alleged phone−virus creator. Authorities in Spain charged a 28−year−old man with creating more than 20 different variants of the Cabir and CommWarrior viruses, which could infect mobile phones based on the Symbian operating system, antivirus firms stated on Sunday, June 24. Law enforcement officers arrested the man in Valencia, Spain, after a seven−month investigation into the viruses, which infected an estimated 115,000 phones, according to a police statement cited by antivirus firm Sophos. The viruses reportedly contain a reference to "Leslie," which Sophos claims is the name of the suspect's fiancée.
Source: http://www.securityfocus.com/brief/534
Monday, June 25, 2007

Daily Highlights

The Associated Press reports an off−duty sheriff's deputy stopped an out−of−control passenger who tried to open an emergency exit during a flight from Phoenix to Seattle. (See item 12)
·
Information Week reports the third annual Government Forum of Incident Response and Security Teams Conference will be held June 25–29, at the Buena Vista Palace Hotel in Orlando, Florida. (See item 30)

Information Technology and Telecommunications Sector

30. June 22, Information Week — Cybercrime fighters to gather this week. Dealing with cybercrime requires companies, law enforcement, and prosecutors to communicate frequently and adjust their tactics accordingly in order to catch the criminals and put them away. Thus the need for this week's third annual Government Forum of Incident Response and Security Teams Conference, held June 25–29, at the Buena Vista Palace Hotel in Orlando, FL, where law enforcement officials at all levels will meet with more than 200 attorneys and prosecutors, including all 92 assistant U.S. attorneys. "Back when we started the conference, our focus was on information sharing at the technical level," Rob Pate, deputy director of outreach and awareness for the Department of Homeland Security's National Cyber Security Division, told Information Week. "Now we're bringing in law enforcement and prosecutors to share our information." Communication among private−sector businesses, government, and law enforcement is especially important as zero−day vulnerabilities −− those for which there is no patch −− proliferate and attackers adopt new tactics for breaking into systems. "We have to rapidly share information about what we're seeing because cybertime moves in seconds," Jerry Dixon, director of the National Cyber Security Division, told InformationWeek.
Source: http://www.informationweek.com/management/showArticle.jhtml;jsessionid=YLRFVL13MI2GIQSNDLPSKH0CJUNN2JVN?articleID=200000120

31. June 22, Computer World — Apple patches Safari beta browser a second time. Apple Inc. Friday, June 22, issued security updates to patch four vulnerabilities in Mac OS X and the Safari beta, marking the second time in eight days that the company has had to fix its newest browser, which runs on both Mac and Windows XP and Vista machines. The 2007−006 update for Mac OS X 10.3, "Panther" and 10.4 "Tiger," fixes a pair of problems in Safari −− the production−quality versions bundled with the operating system −− including a memory corruption vulnerability that could end with an attacker in control of the Mac. "Visiting a maliciously crafted Webpage may lead to an unexpected application termination or arbitrary code execution," Apple said in its alert. The second bug, and to Apple, the less serious of the two, is a cross−site scripting flaw (XSS) in Safari that could be used by phishing sites to steal usernames and passwords. Apple Friday also updated the Safari beta, first released June 11, to version 3.0.2 for both Mac and Windows. Mac Safari 3.0.2 patches another XSS bug, while the Windows edition fixes that, plus a separate vulnerability that could let an attacker disguise the browser's address bar.
Apple Security Update 2007−006: http://docs.info.apple.com/article.html?artnum=305759
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025638&intsrc=hm_list

32. June 22, Computer World — Porn sites serve up Mpack attacks. Several hundred pornography sites are surprising unwitting users with a smorgasbord of exploits via Mpack, the already notorious hacker tool kit that launched massive attacks earlier last week from a network of more than 10,000 compromised domains. Trend Micro Inc. has spotted nearly 200 porn domains −− most dealing in incestuous content −− that have either been hacked or are purposefully redirecting users to servers hosting Mpack, a professional, Russian−made collection of exploits that comes complete with a management console. Even though there are far fewer porn sites in this newly discovered infection chain than in last Monday's "Italian Job" attack −− called that because most of the 10,000+ hijacked sites were legitimate Italian domains −− they've managed to infect twice as many end users' PCs, said Trend Micro, in a posting to its malware blog. "Right now, we are not sure whether the porn sites are compromised to host the IFRAMES, are created to do so or are being paid to host the IFRAMES," acknowledged Trend Micro. The attack probably began June 17, the company said.
Trend Micro Malware Blog: http://blog.trendmicro.com/pornography−is−bad−for−you21/
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025578&intsrc=hm_list

33. June 21, Information Week — iPhone frenzy will tempt hackers to break Apple's security. With so many people anxiously holding their breath while simultaneously counting their pennies till Apple's iPhone ships this week, some researchers −− and probably many IT managers −− are wondering how secure this latest smart phone is going to be. Well, according to IBM's security division, Internet Security Systems, the iPhone will have one thing going for it, at the same time it has one thing going against it, making for what should be an interesting product to track. The plus side is that it should take a pretty sophisticated hacker to break into the phone's system, but the negative is that all the frenzy that has been building up around the iPhone's release means many hackers will be inspired to try.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=YLRFVL13MI2GIQSNDLPSKH0CJUNN2JVN?articleID=199906108
Friday, June 22, 2007

Daily Highlights

The Associated Press reports a missing computer backup tape containing personal information on Ohio state employees also holds the names and Social Security numbers of 225,000 taxpayers. (See item 9)
·
United Airlines officials still don't know what caused their flight dispatch system to shut down Wednesday, June 20, grounding takeoffs all over the world; the dispatch system's backup also malfunctioned, raising questions about whether the computer meltdown could happen again. (See item 13)
·
WBAY reports the owners of the Log Den restaurant in Egg Harbor, Wisconsin, shut down by bad water, continue to explore all possible means that could have contaminated their water, including deliberate tampering. (See item 23)

Information Technology and Telecommunications Sector

30. June 21, eWeek — Apple shuts down IPv6 security hole. Apple has slammed the door shut on denial−of−service (DoS) attacks and a security bypass that Type 0 routing headers in IPv6 let in. The company on Wednesday, June 20, put out an update, Mac OS X 10.4.10, that addresses the problem by disabling support for the headers. This vulnerability has been left wide open in IPv6 even though it was well−known and shut down in IPv4; by default, all routing engines now turn it off. This particular type of packet header can be used to crazily bounce network packets back and forth between hops on their route, clogging up bandwidth and potentially causing a DoS. Apple said in its security advisory that the issue doesn't affect systems prior to Mac OS X 10.4. The update is available for Mac OS X 10.4 through Mac OS X 10.4.9 and Mac OS X Server 10.4 through Mac OS X Server 10.4.9. It can be obtained from Mac OS X's Software Update pane under System Preferences or via Apple's Software Downloads site.
Apple's Software Downloads site: http://www.apple.com/support/downloads/
Source: http://www.eweek.com/article2/0,1895,2148908,00.asp

31. June 21, VNUNet — China publishes spammers blacklist. Internet authorities in China have published a blacklist of more than 100,000 Web addresses which have been used to send spam. The online list is intended to help service providers and e−mail recipients filter out spam. China has been ranked as one of the world's most prolific sources of unsolicited commercial e−mail by various sources, including online security firms. The latest official action appears to have been prompted by complaints from inside China, particularly from users troubled by email−borne viruses.
Source: http://www.vnunet.com/vnunet/news/2192526/china−rejects−spam −diet

32. June 20, IDG News Service — McAfee: Infrastructure, digital home attacks coming. Online criminals looking for new areas to attack in the next few years will find green fields in the Internet infrastructure and the digital home, researchers with McAfee's Anti−Virus Emergency Response Team (AVERT) labs said Tuesday, June 19. McAfee offered its take on the top security trends for 2007, at a press event in San Francisco, saying that well−known problems such as phishing, spam, bots, and rootkits are on the rise. But in the years ahead, new areas will be top concerns, said Craig Schmugar, virus research manager at McAfee's AVERT labs. "In the short term, it will be the infrastructure side of things," he said. "In the long term, it will be digital entertainment." Schmugar said that the recent flaw in Windows DNS servers, which was exploited in a small number of online attacks, is a good example of things to come. These servers are a critical part of the Internet's infrastructure, used to convert the domain names users type into their browsers into the IP addresses that identify computers on the Internet. McAfee also expects to see hackers focus more on Wi−Fi attacks as PC users become accustomed to connecting to wireless networks wherever they go.
Source: http://news.yahoo.com/s/infoworld/20070620/tc_infoworld/89510;_ylt=Al9vDkVOQVjAhtiXSm6BAKYjtBAF

33. June 20, VNUNet — USB Flash drive worm spreads AIDS info. Security experts have disclosed details of a worm that copies itself onto removable drives, such as USB Flash drives, in an attempt to spread information about AIDS and HIV. The LiarVB−A worm hunts for removable drives such as floppy disks and USB memory sticks, as well as spreading via network shares. It creates a hidden file called 'autorun.inf' to ensure that a copy of the worm is run the next time the drive is connected to a Windows PC. "Much of the malware we see is designed to generate income for the hackers, but this worm is different in that it spreads information about AIDS instead," said Graham Cluley, senior technology consultant at Sophos.
Source: http://www.vnunet.com/vnunet/news/2192450/usb−flash−drive−wo rm−spreads

34. June 20, PC Pro (UK) — Hacking of Internet−delivered broadcast reveals security vulnerability. A Czech Webcam was streaming lovely pastoral pictures of a local beauty spot, until hackers gained access and inserted pictures of the area being "nuked." Unfortunately, the video was also then broadcast live on television. The incident occurred on Sunday morning, June 17, on Czech TV program Panorama. Hackers interrupted the regular Webcam transmission with video "footage" of a nuclear explosion. The stunt was pulled by a group of "artists" known as Ztohoven. Their Website promptly went offline as massive numbers of users investigated the pranksters. Security experts warned that this type of hacking demonstrates the security vulnerabilities involved when transmitting information across the Internet. "Internet−delivered broadcasts and Internet TV transmissions are still in their infancy, but this doesn't stop hackers from attacking weak points in the transmission infrastructure," says Geoff Sweeney, chief technology officer of behavioral analysis software company Tier−3.
Source: http://www.pcpro.co.uk/news/116024/hackers−nuke−czech−beauty −spot.html
Thursday, June 21, 2007

Daily Highlights

The Associated Press reports a massive computer failure, causing a two−hour outage at United Airlines, halted all flights systemwide for the carrier on Wednesday, June 20. (See item 14)
·
The Department of Homeland Security and the Department of State announced on Wednesday, June 20, the Notice of Proposed Rulemaking for the land and sea portion of the Western Hemisphere Travel Initiative, a core 9/11 Commission recommendation. (See item 17)

Information Technology and Telecommunications Sector

27. June 20, eWeek — Gateway recalls faulty battery packs. Gateway announced Tuesday, June 19, that it is voluntarily recalling about 14,000 laptop battery packs that were sold during a three−month period in 2003. The PC vendor is working with the U.S. Consumer Product Safety Commission and the company will replace the faulty battery packs for free. The lithium−ion battery packs can overheat and possibly cause a fire, although the internal battery cell is not defective, says Gateway.
Source: http://www.eweek.com/article2/0,1895,2148484,00.asp

28. June 20, IDG News Service — National security risks prompt French BlackBerry ban. French government members and their advisors have been told not to use BlackBerry smartphones, for national security reasons. The ban on BlackBerry devices is just one of the IT challenges facing new National Assembly members as they take their seats following Sunday's elections. The smartphones, developed by Canadian company Research in Motion, send and receive e−mail through just a handful of servers in the United Kingdom and in North America −− a reality brought home when a failed software upgrade to the North American servers in April abruptly halted service to BlackBerry users there. This concentration of data poses a threat to national security, according to Alain Juillet, senior economic intelligence advisor to the French Prime Minister, because of the risk of data interception.
Source: http://news.yahoo.com/s/infoworld/20070620/tc_infoworld/89501;_ylt=AgNkMr2txzndp3JSobvwbG4jtBAF

29. June 20, Information Week — Trojans lurking in fake video postings on YouTube. Malware authors have a new trick up their sleeves that targets the YouTube nation. Within the past week, cybercriminals have hidden Trojan horses in fake video postings on the wildly popular YouTube site, according to Paul Henry, vice president of technologies with Secure Computing. While YouTube techies were quick to pull down both postings, Henry said in an interview Wednesday, June 20, that the two incidents could sound the bell for a new means of attack. Henry said that when users tried to view the fake video posting, they were infected with the zlob Trojan, which then begin spitting out pop−ups ads for pornographic sites onto the infected computer. As bad as that may be for users, Henry said his concern is that it's simply a prelude to the Trojans downloading other pieces of malware, like keyloggers. It also would be an easy way to turn infected computers into bots and then have them join the growing wave of botnets that are plaguing the Internet with spam and denial−of−service attacks. Another concern is that users don't expect to fend off malware attacks when they're cruising around YouTube. And that's part of the cybercriminals' plan, noted Henry.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=1DGM0QGIM5EG2QSNDLRCKHSCJUNN2JVN?articleID=199905685

30. June 20, Government Accountability Office — GAO−07−1003T: Information Security: Homeland Security Needs to Enhance Effectiveness of Its Program (Testimony). To protect and mitigate threats and attacks against the United States, 22 federal agencies and organizations were merged to form the Department of Homeland Security (DHS) in 2002. One of the department’s components, U.S. Customs and Border Protection (CBP), is responsible for securing the nation’s borders. DHS and CBP rely on a variety of computerized information systems to support their operations and assets. The Government Accountability Office (GAO) has reported for many years that poor information security is a widespread problem with potentially devastating consequences. In reports to Congress since 1997, GAO has identified information security as a governmentwide high−risk issue. In this testimony, GAO discusses DHS’ information security program and computer security controls for key information systems. GAO based its testimony on agency, inspector general, and GAO issued and draft reports on DHS information security. To enhance departmental security, GAO has previously made recommendations to DHS in implementing its information security program and is making additional recommendations in two draft reports currently being reviewed by the department.
Highlights: http://www.gao.gov/highlights/d071003thigh.pdf
Source: http://www.gao.gov/cgi−bin/getrpt?GAO−07−1003T
Wednesday, June 20, 2007

Daily Highlights

Computerworld reports a security breach at Los Alamos National Laboratory in January may have exposed classified data on nuclear weapons when several officials at the company that manages security used unprotected e−mail networks to share highly classified information. (See item 3)
·
The U.S. Naval Academy in Annapolis, Maryland, held a security drill on Monday, June 18, to gauge the school's readiness in case of a terrorist attack or an incident such as the Virginia Tech shootings. (See item 25)

Information Technology and Telecommunications Sector

30. June 19, Associated Press — Toshiba: Recalled battery sparked fire. A Toshiba Corp. laptop with a recalled Sony battery pack that hadn't been replaced burst into flames last month in Great Britain. It was the third Toshiba laptop blaze suspected of being linked to the defective batteries. Sony Corp. announced the massive recall last year after it was found that the lithium−ion batteries could overheat and catch fire. More than 10 million notebook batteries were affected, including those used by Dell Inc., Lenovo Inc., Apple Inc. and Acer Inc. Given the recent fires, Japanese electronics maker Toshiba said it will step up efforts to reach all customers who may own a laptop with the recalled battery pack.
Source: http://news.yahoo.com/s/ap/20070619/ap_on_hi_te/battery_recall_toshiba;_ylt=AhaLP2x.R9gHAVkorExyyg8jtBAF

31. June 19, IDG News Service — Analysts: Microsoft flaw opened door to scammers. Microsoft on Tuesday, June 19, fixed a bug in its Windows Live ID registration that let users deceptively register a false e−mail address. The false e−mail address could then be used as an ID for Microsoft's Live Messenger program, which could trick a user into thinking they are chatting with someone who is not whom they appear to be, such as steveballmer@microsoft.nl. Erik Duindam, a Web developer in Leiderdorp, the Netherlands, reported the problem to Microsoft on Monday. Microsoft acknowledged it had fixed the bug but did not have further information on the flaw's impact. It's unclear how long the flaw may have existed or how many accounts with deceptive instant messenger IDs could have been created.
Source: http://www.infoworld.com/article/07/06/19/Microsoft−opens−door−to−scammers_1.html

32. June 19, IDG News Service — HP buys Web app security specialist SPI. Hewlett−Packard (HP) has agreed to buy Web application security specialist SPI Dynamics, just two weeks after IBM announced plans to buy SPI's rival Watchfire. SPI, like Watchfire, develops software for finding vulnerabilities in Web applications, and for auditing their compliance with regulations on corporate governance such as the Sarbanes−Oxley Act.
Source: http://www.infoworld.com/article/07/06/19/HP−buys−SPI_1.html

33. June 19, IDG News Service — Google security API spots dangerous URLs. Google has released an API that enables other applications to access its blacklist of URLs of Websites that may have malicious programs. Developers can incorporate the API (application programming interface) into their applications that deal with user−generated links, Google said on its security blog. Hackers often create Websites designed to infect computers with malware and spread links to those sites in forums and through spam, among other methods. The release of the API adds to Google's noteworthy moves of late in the security field.
Source: http://news.yahoo.com/s/pcworld/20070619/tc_pcworld/133069;_ylt=Avi6MFlgBuSl2Jdblrxp9LEjtBAF

34. June 19, CNET News — Trillian critical security update released. Cerulean Studios on Monday, June 18, released a "highly critical" security update for its Trillian multi−protocol chat software. Attackers could exploit vulnerabilities in the character encoding for Trillian 3.1.5.1 −− specifically, the word−wrapping handling of UTF−8, the Unicode Transformation Format used for encoding characters in e−mail, instant messages and Webpages, iDefense Labs warned in its security advisory. The vulnerabilities potentially could affect earlier versions of the Trillian software as well, iDefense said. Trillian, which supports Yahoo's Instant Messenger, AOL's AIM, MSN Messenger, and Internet−relay chat and ICQ instant−messaging protocols, could be exploited if users view a malicious message containing an unusually long UTF−8 string.
iDefense Labs security advisory: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545
Source: http://news.com.com/Trillian+critical+security+update+released/2100−1002_3−6191893.html?tag=nefd.top
Tuesday, June 19, 2007

Daily Highlights

The Associated Press reports the push from Congress and the White House for huge increases in biofuels such as ethanol, is prompting the oil industry to scale back its plans for refinery expansions −− which could keep gasoline prices high, possibly for years to come. (See item 2)
·
The Washington Post reports the U.S. Food and Drug Administration has little control −− conducting only about 200 inspections of overseas plants −− as generic and over−the−counter drugs are imported into U.S. from India and China. (See item 23)

Banking and Finance Sector

29.
June 18, VNUNet — Crippling malware attack strikes in Italy. Italy is suffering from a barrage of remote attacks launched from hundreds of compromised Websites, security experts have warned. Researchers at Symantec reported that attackers have injected 'iframe' tags within the HTML files on compromised sites. The tags redirect users to a site that runs MPack, a utility that attempts multiple exploits and malware installations. More than 65,000 users had been redirected to the malicious page since Friday afternoon, June 15, and more than 7,000 successful exploits had been carried out.
Source: http://www.vnunet.com/vnunet/news/2192236/massive−malware−at tack−breaks

30. June 18, Kable (UK) — Humans, not tech, are the greatest security risk. The UK's Department of Trade and Industry (DTI) has made roughly $7.9 million available for four research projects aimed at reducing the IT risk created by human error. The program, which is part of its Network Security Innovation Platform, reflects the fact that human error is by far the biggest risk to network security, the DTI said. It cited the results of a survey it conducted, involving over 1,800 people, on the use of passwords. It found that: a) Just over one third recorded their password or security information by either writing it down or storing it somewhere on their computer; b) Nearly two thirds never changed their password; c) One in five people used the same password for non−banking Websites as well as their online bank. The projects will use behavioral science in a bid to tackle the human risk element in network security.
Source: http://www.kablenet.com/kd.nsf/Frontpage/C3AEB7E8641F7CF0802572FB004DC9D4?OpenDocument

31. June 16, Information Week — In fight against botnets, warning victims is half the battle. The Feds have caught some of the alleged "bot herders" it says are spamming the world from botnets they've created. Now they'd like to warn more than 1 million computer owners whose machines have been infected, but doing so will be an inexact and tedious undertaking. The FBI has begun notifying ISPs from which the IP addresses of infected computers originated. "If they choose to, they can contact their customers," says Shawn Henry, deputy assistant director of the FBI's Cyber Division. If the FBI determines that a large company or organization is among the botnet victims, it will notify them directly, he adds. Combing through the IP addresses of zombie computers and notifying ISPs will be one of the biggest jobs the FBI has ever undertaken, says special agent Richard Kolko. Because botnets are widely distributed, the FBI considers them a growing threat to national security, the national information infrastructure, and the economy.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=DDQGQAGD3WLKKQSNDLOSKH0CJUNN2JVN?articleID=199904855
Monday, June 18, 2007

Daily Highlights

USA TODAY reports data thieves and con artists are increasingly targeting military personnel, at risk since the Department of Defense uses Social Security numbers for everything from dog tags to chow−line rosters. (See item 10)
·
MyFox Colorado reports Longmont, Colorado, police found a small bomb factory of chemicals, explosives, and compounds in a home and believe they may have solved a year−long investigation into small explosions. (See item 33)

Banking and Finance Sector

7.
June 15, InfoWorld — PayPal, eBay offer Security Key to U.S. customers. PayPal unveiled a new Security Key on Friday that will add an additional layer of security to user accounts and help prevent online criminals from gaining access to them. The PayPal Security Key is a small electronic token that generates a unique code that can be used in addition to a user name and password when users sign in to their PayPal account. The company announced the news as part of eBay's week−long Developer Conference in Boston. It provides PayPal customers with so−called "two factor" authentication that makes it harder for online criminals to raid accounts, even if they do trick users into giving up their user name and password using online "phishing" scams, according to Michael Barrett, chief information security officer at PayPal. "This is something that will help the community to be more secure," Barrett told InfoWorld. PayPal and parent company eBay are top targets for online scam artists, who use dummy Websites in so−called "phishing" attacks that attempt to trick users into revealing their user name and password. Those accounts can then be raided or used to fraudulently purchase goods.
Source: http://www.infoworld.com/article/07/06/15/paypal-using-verisign-tokens_1.html?source=rss&url=http://www.infoworld.com/article/07/06/15/paypal-using-verisign-tokens_1.html

10. June 14, USA TODAY — Military personnel prime targets for ID theft. The Department of Defense since the late '60s has used Social Security numbers for everything from dog tags to chow−line rosters. Now, data thieves and con artists have begun to increasingly target military personnel, data security experts say. Data thieves in the past year have grabbed computers containing sensitive data for nearly 30 million active and retired service members from four Veterans Affairs offices. That's a big portion of the more than 100 million personal records reported lost or stolen in the U.S. since 2006, based on a USA TODAY analysis of data compiled by the Privacy Rights Clearinghouse. Statistics on financial fraud as a result of these breaches are hard to pin down, but defense officials acknowledge the rising risk. The Defense Department has made it a priority to tighten data−handling policies and has increased training on theft prevention, department spokesperson Maj. Stewart Upton said. ID cards are being upgraded as they expire, using bar codes, magnetic stripes and other electronic authentication tools. No cost estimate is available; a complete overhaul will take years.
Source: http://www.usatoday.com/tech/news/computersecurity/infotheft/2007−06−14−military−id−thefts_N.htm

Information Technology and Telecommunications Sector

28. June 15, eWeek — Botnet battle a game of Whack−a−Mole. Officials at Sunnyvale, CA−based Mi5 Networks reported seeing bots that connect to multiple command and control servers as well as bots that scan internal networks for different vulnerabilities and then only deliver the exploit payload for which the specific machine is vulnerable. Battling botnets, said Mi5 CEO Doug Camplejohn, has officially turned into a "game of Whack−a−mole." "Our findings show that we've entered the second phase of botnet evolution in that there's no longer just a single C&C [command and control] head to cut off," he said. "Even if you do cut off all the C&C heads, bots keep collecting data and distributing it via peer−to−peer networks." Finjan Chief Technology Officer Yuval Ben−Itzhak said botnet operators are utilizing a new technique he called "evasive attack" to infect users while keeping their profiles low. "Basically, the hacker stores the IP address of search engine crawlers and URL filtering crawlers in their databases, so when they visit the hacker's site for classification, the hacker server presents legitimate content," he said. As a result, malicious sites are misclassified as normal, Ben−Itzhak explained. But when users visit the site, malicious code is served.
Source: http://www.eweek.com/article2/0,1895,2146554,00.asp

29. June 14, IDG News Service — After hacker dissection, Safari beta is patched. Three days after releasing Safari 3.0, Apple has issued its first patch of the beta software. The 3.0.1 update, released early Thursday morning, June 14, fixes three flaws in the browser including bugs that were discovered earlier last week by researchers Thor Larholm and Aviv Raff. Apple released the 3.0 beta on Monday, and hackers started digging up bugs within hours. In fact, some researchers suggested that Apple should have done a better job of checking the browser for vulnerabilities before releasing the beta code. But even Apple's critics give the company credit for pushing out a quick update to its browser.
Source: http://www.infoworld.com/article/07/06/14/After−hacker−dissection−Safari−beta−is−patched_1.html

30. June 14, Information Week — Global co−op feeds FBI's botnet fight. Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer−borne crimes. Security researchers have long maintained that one of the most significant obstacles to shutting down botnets is the distributed global nature of the individuals responsible for operating the networks of zombie PCs. The conventional wisdom has been that U.S. law enforcement officials have struggled to find the budget and manpower necessary to track down cyber−criminals operating on their own turf, let alone find a way to identify and arrest people distributing malware code or operating botnets who are based in foreign nations. However, FBI officials said that international cooperation is playing an increasingly important role in helping it stomp out cyber−crime. "We've been successful in building relationships with foreign law enforcement officials and have agents in 60 countries around the globe working full time on cyber−crime along with police departments and other agencies," said Shawn Henry, deputy assistant director of the Cyber Division at the FBI.
Source: http://www.infoworld.com/article/07/06/14/Global−co−op−feeds−FBI−botnet−fight_1.html
Friday, June 15, 2007

Daily Highlights

Department of Homeland Security Secretary Michael Chertoff on Tuesday, June 12, urged operators of water and waste treatment plants to secure chemicals such as chlorine from terrorists, although they're not required to do so. (See item 24)
·
Reuters reports U.S. officials asked business, health, and religious groups on Wednesday, June 13, to urge Americans to prepare for a possible flu pandemic with steps like storing food and supplies and staying home if ill. (See item 26)

Information Technology and Telecommunications Sector

32. June 14, USA TODAY — FBI cracks down on bot herders. The tech security world cheered the FBI's announcement Wednesday, June 13, of a crackdown on cybercrooks who control networks of compromised computers, called botnets, to spread spam and carry out scams. But the arrests in recent weeks of accused bot controllers James Brewer of Arlington, TX; Jason Michael Downey of Covington, KY; and Robert Alan Soloway of Seattle will barely make a ripple, security analysts say. "We applaud the government's involvement in stopping cybercrime," says Tom Gillis, senior marketing vice president at messaging security firm IronPort Systems. "But these arrests are a tiny drop in the bucket." Soloway made a name for himself selling spamming kits and botnet access to fledgling spammers, according to a civil case he lost to Microsoft in 2005. Downey and Brewer controlled smaller botnets, federal district court documents in Michigan and Illinois say. "Botnets are increasing, but we've just scratched the surface of what botnets are going to do," says Doug Camplejohn, CEO of security firm Mi5 Networks.
Source: http://www.usatoday.com/tech/news/computersecurity/2007−06−13−fbi−arrests_N.htm

33. June 14, SecurityFocus — Government group may be needed to keep the Internet healthy. One researcher believes that the government needs to step in to assure the Internet stays healthy. Spam and phishing researcher Joe St. Sauver argued during a panel discussion at the Anti−Phishing Working Group (APWG) Counter E−Crime Summit in San Francisco last month that most consumers are not up to the task of securing their own systems. With Internet service providers refusing to block infected systems because of the support costs and potential liability such an action would entail, and software makers unable to rout out all the bugs in their applications, the government may be the Internet's best bet, St. Sauver says. Attackers from other nations, especially China, appear to be involved in compromising U.S. computers, with infected systems becoming weapons in the hands of bot masters. And this week, the FBI announced that it had arrested three people on charges of using bot nets consisting of nearly a million PCs to send spam and attack online businesses. Like the Center for Disease Control, which prepared for and manages real−world health emergencies, St. Sauver's proposed agency would handle digital outbreaks and attempt to improve the overall health of the Internet.
Source: http://www.securityfocus.com/brief/526

34. June 14, Reuters — NATO says urgent need to tackle cyber attack. NATO defense ministers agreed on Thursday, June 14, that fast action was needed to tackle the threat of "cyber attacks" on key Internet sites after Estonia suffered a wave of assaults on its computer networks last month. "There was sentiment round the table that urgent work is needed to enhance the ability to protect information systems of critical importance," NATO spokesperson James Appathurai told a news conference at a two−day meeting in Brussels. "They (the attacks on Estonia) were sustained, coordinated and focused. They had clear national security and economic implications," he said. "That will be the subject of work here." Estonia suffered an onslaught of cyber attacks on private and government Internet sites, peaking in May after a decision to move a Soviet−era statue from a square in Tallinn prompted outrage from Russian nationals in Estonia and a diplomatic row with Moscow. The attacks appeared to have stemmed initially from Russia although the Kremlin denied it was behind the assaults.
Source: http://www.washingtonpost.com/wp−dyn/content/article/2007/06/14/AR2007061400618.html

35. June 13, InformationWeek — Hackers launching attacks against Yahoo Messenger bugs. Malware writers have latched on to the exploit code for the critical bugs in Yahoo Messenger, setting up 40 to 50 malicious Websites to attack unsuspecting, and unpatched, users. "This threat is critical," said Stephan Chenette, manager of Websense Security Labs, in an interview. "The use of [the exploit] has been increasing since its public disclosure." Chenette said malware writers have picked up the exploit code, which was first publicly posted last week, and have quickly gone to work with it. The malicious code takes advantage of buffer overflow security
issues in two ActiveX controls used in the instant messenger's Webcam image upload and viewing. Chenette said virus writers have taken the initial exploit code and come up with a variety of different pieces of malware. The code is embedded in 40 to 50 Websites. When someone who uses Yahoo Messenger visits one of these sites, the exploit drops down into the machine and then downloads either a Trojan backdoor or a keylogger, according to Websense. Both the keyloggers and downloaders mainly are looking for passwords and banking information to send back to the hacker.
Source: http://www.informationweek.com/software/showArticle.jhtml;jsessionid=OPL4ABLRRU3B0QSNDLRCKH0CJUNN2JVN?articleID=199903905

36. June 13, ComputerWorld — Exploits hot on the heels of Microsoft's patches. Exploits appeared within hours for two of the bugs that Microsoft Corp. fixed Tuesday, June 12. Microsoft's June set of security updates patched 15 separate vulnerabilities. Exploit code for two of the bugs −− one in Internet Explorer (IE), the other in Windows XP, Windows 2000 and Windows Server 2003 −− have been posted to the Bugtraq and Full−disclosure mailing lists by researchers. A. Micalizzi went public with a pair of exploits −− one successful against Windows 2000, the other against Windows XP −− that leverage one of the six IE bugs patched Tuesday. A bug −− actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed −− was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. Wednesday, June 13, another researcher posted proof−of−concept exploit code on Full Disclosure for the critical SChannel (Security Channel) vulnerability patched in MS07−031. Thomas Lim, CEO of Singapore−based COSEINC, said his exploit "may lead to an unrecoverable heap corruption condition, causing the application to terminate," or in some cases, repeatedly crash an application to cause a system reboot.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9024640&intsrc=hm_list

37. June 13, Reuters — China trying to unseat U.S. as lead cyberpower. China is seeking to unseat the United States as the dominant power in cyberspace, a U.S. Air Force general leading a new push in this area said Wednesday, June 13. "They're the only nation that has been quite that blatant about saying, 'We're looking to do that,'" 8th Air Force Commander Lt. Gen. Robert Elder told reporters. Elder is to head a new three−star cybercommand being set up at Barksdale Air Force Base in Louisiana, already home to about 25,000 military personnel involved in everything from electronic warfare to network defense. The command's focus is to control the cyberdomain, critical to everything from communications to surveillance to infrastructure security. Elder described the bulk of current alleged Chinese cyberoperations as industrial espionage aimed at stealing trade secrets to save years of high−tech development. He attributed the espionage to a mix of criminals, hackers and "nation−state" forces. Virtually all potential U.S. foes also were scanning U.S. networks for trade and defense secrets, he added.
Source: http://news.com.com/China+trying+to+unseat+U.S.+as+lead+cyberpower/2100−7349_3−6190819.html?tag=cd.lede
Thursday, June 14, 2007

Daily Highlights

The Department of Homeland Security has released a Fact Sheet: Securing Our Nation's Chemical Facilities, stating that chemical security is not solely a federal responsibility; it is a shared responsibility among federal, state, and local governments, and also with the private sector. (See item 8)
·
The Associated Press reports the head of the FBI's Boston office is warning the region's top universities to be on the lookout for foreign spies or potential terrorists who might be trying to steal unclassified, yet sensitive, research. (See item 27)
·
The St. Louis Post−Dispatch reports explosives, including dynamite and C−4, capable of causing extensive damage have been stolen from a St. Charles County, Missouri, firing range used by the sheriff's office and the FBI. (See item 35)

Information Technology and Telecommunications Sector

29. June 12, US−CERT — Technical Cyber Security Alert TA07−163A: Microsoft Updates for Multiple Vulnerabilities. Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Secure Channel, Internet Explorer, Win32 API, Visio, Outlook Express and Windows Mail as part of the Microsoft Security Bulletin Summary for June 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Microsoft has provided updates for these vulnerabilities in the June 2007 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the Bulletins and test for any potentially adverse effects. System administrators may wish to consider using an automated patch distribution system such as Windows Server Update Services (WSUS).
June 2007 Security Bulletins: http://www.microsoft.com/technet/security/bulletin/ms07−jun.mspx
Source: http://www.us−cert.gov/cas/techalerts/TA07−163A.html

30. June 12, Federal Computer Week — Air Force moves to populate Cyberspace Command. The Air Force is developing plans for a dedicated force to populate the ranks of the service’s new Cyberspace Command, its commanding general said Tuesday, June 12. Lt. Gen. Robert Elder, commander of the 8th Air Force and chief of the new command, said the service will finish deliberations on a force structure for the command within a year and then start filling those positions. Once service officials have laid out career paths and training guidelines for the jobs, Elder said, recruits will be able to join what he called the Air Force’s cyberforce just as they could opt to become fighter pilots or navigators. He estimated there are now 40,000 men and women in the service conducting cyberoperations in one form or another. He said the question will be defining which of those service members would fall under the ranks of the new Cyberspace Command.
Source: http://www.fcw.com/article102972−06−12−07−Web

31. June 12, Security Focus — Flaw hunters go off on Safari. Less than a day after Apple released a beta version of its Safari Web browser for Windows, three vulnerability researchers have already found a handful of bugs, many which appear to work against the currently shipping version of the browser for Mac OS X. Security researcher David Maynor, infamous for his row with Apple over three wireless flaws he presented at the Black Hat Security Briefings in 2006, claims to have found six vulnerabilities in Safari. Four of the vulnerabilities are simple denial−of−service bugs that crash the browser, but two of the flaws allow remote execution, he said. Two other researchers have found bugs as well. Thor Larholm, a well−known Danish security researcher, claims to have discovered another remotely exploitable flaw, while Israeli researcher Aviv Raff described a memory corruption that may be exploitable.
Source: http://www.securityfocus.com/brief/523

32. June 11, Government Computer News — Standard for Web−based digital signatures completed. A standard to enable digital signing of electronic documents via a Web application has been finalized by the Organization for the Advancement of Structured Information Standards (OASIS). Digital Signature Services Version 1.0 (DSS), approved by OASIS this month, defines an Extensible Markup Language interface to process digital signatures for Web services and other applications without complex client software. The Web−based scheme should simplify the creation and verification of digital signatures and could improve security by centralizing storage and management of cryptographic signing keys. A digital signature uses cryptography to bind the creator’s signature or assertion to an electronic document or other form of data, which in turn can be used by others to authenticate the source of the data and ensure that it has not been tampered with since its creation. This serves much the same purpose as a traditional written signature and enables electronic transactions at a level of trust and assurance similar to paper−based transactions. Because digital signatures require creation and management of cryptographic keys, implementation can be complex, especially in large enterprises. The goal of DSS is to help overcome the complexity.
Source: http://www.gcn.com/online/vol1_no1/44444−1.html

33. June 11, TechWorld (UK) — Law puts damper on Web security research. Web security research is being seriously hampered by laws that punish researchers for even attempting to locate flaws in Web software, much less disclosing those flaws, according to a new study. The report is the first by the Computer Security Institute, a research and training organization under the aegis of CMP Technology. It draws on discussions by a broad working group, including security researchers and representatives of U.S. law enforcement agencies. The upshot is that current legal frameworks designed to allow prosecution of Web attackers also make it next to impossible to legally spot security flaws in the "Web 2.0" applications quickly becoming ubiquitous on the Internet. Those researchers who do feel safe probing Web software for flaws are probably not aware of their real legal position, the report said.
Free PDF of the report is available (registration required): http://www.gocsi.com/forms/fbi/csi_workinggroup.jhtml
Source: http://www.techworld.com/security/news/index.cfm?newsID=9113 &pagtype=all
Wednesday, June 13, 2007

Daily Highlights

The National Institute for Standards and Technology has released a 387−page draft of its new guide designed to help federal agency technical teams evaluate whether the security controls they have actually work as intended to protect information systems from being compromised. (See item 9)
·
The Associated Press reports the New York Police Department is concerned that the commercial trucks rumbling through the city each day could be instruments of terror, and in response, has stepped up inspections and introduced an array of new technology to thwart possible plots. (See item 14)
·
Representatives from nearly 30 countries have gathered to discuss how to combat nuclear terrorism in a first−of−its−kind international conference led by the FBI and its Weapons of Mass Destruction Directorate. (See item 40)

Information Technology and Telecommunications Sector

35. June 12, IDG News Service — AOL spammer pleads guilty. Adam Vitale pled guilty Monday, June 11, to sending unsolicited e−mail to 1.2 million AOL LLC subscribers, U.S. Attorney for the Southern District of New York Michael J. Garcia said. Vitale and co−defendant Todd Moeller, were in contact with a government confidential informant via instant messaging, and agreed to send spam advertisements for a product in exchange for half of the profits, Garcia said in a statement. The pair then sent about 1.2 million unsolicited e−mails to AOL users between August 17 and August 23, 2005. They changed the headers on the e−mails and used various computers to conceal the source of the spam.
Source: http://www.infoworld.com/article/07/06/12/AOL−spammer−pleads −guilty_1.html

36. June 11, IDG News Service — Safari for Windows hacked. Just hours after Apple released its first Windows beta of Safari on Monday, June 11, a researcher said he'd found a bug. The bug causes the browser to crash and "might be exploitable," according to researcher Aviv Raff, meaning it could possibly be used to run malware on the PC.
Source: http://www.infoworld.com/article/07/06/11/Safari−for−Windows−released−and−hacked−in−a−day_1.html

37. June 11, Federal Computer WeekNavy rethinks its approach to collecting, sharing data. As it patrols Persian Gulf waters, the Navy is finding information collection and sharing among its main challenges, said the assistant deputy chief of naval operations for information, plans and strategy. There are multiple wrinkles to these challenges, Rear Adm. Peter Daly told a gathering of the Northern Virginia chapter of AFCEA on June 8. One involves the sheer level of information being retrieved from the boarding of suspicious vessels. “Boarding parties used to be armed to the teeth and behaved like it was a police shakedown,” said Daly. Instead, the Navy has been taking a friendlier, more conversational approach. Consequently, the amount of information retrieved from boarding has increased exponentially, from an average of 14K per boarding to 76M. The Navy also must figure out a better method of sharing maritime domain information with coalition partners and the Coast Guard. At this point the information is deposited in a shared database that is not online. The goal is to create a Web portal at which users post and retrieve maritime domain information.
Source: http://www.fcw.com/article102963−06−11−07−Web

38. June 11, SiliconRepublic (Ireland) — YouTube Trojan steals user data. Web users are being warned that hackers are using a new crimeware technique that attempts to dupe users into viewing a YouTube video masquerading as a Trojan horse. In what is an ironic twist on the current situation that sees music companies and sports TV firms suing YouTube for allegedly distributing stolen content, users who download the mysterious file end up seeing their own information being stolen. According to Internet security firm Websense, users who stumble onto the YouTube decoy end up downloading a Trojan horse. A file called YouTube04567 is then downloaded onto a user’s PC.
Source: http://www.siliconrepublic.com/news/news.nv?storyid=single85 21

39. June 11, New York Times — New tests to fool automated spammers. On the Internet, nobody knows you’re a human −− until you fill out a captcha. Captchas are the puzzles on many Websites that present a string of distorted letters and numbers. These are supposed to be easy for people to read and retype, but hard for computer software to figure out. Most major Internet companies use captchas to keep the automated programs of spammers from infiltrating their sites. There is only one problem. As online mischief makers design better ways to circumvent or defeat captchas, Web companies are responding by making the puzzles more challenging to solve −− even for people. As a result, the hunt is on for puzzles that are friendlier to humans and more difficult for computers. Many researchers are focusing on expanding the test beyond the constrained realm of 26 letters and 9 digits. Microsoft researchers have developed an alternative captcha that asks Internet users to view nine images of household pets and then select just the cats or the dogs. Other companies prefer to keep their next−generation captcha research quiet. Michael Barrett, the chief information security officer at PayPal, will say only that the new breed of captchas might resemble simple image identification puzzles.
Source: http://www.nytimes.com/2007/06/11/technology/11code.html?_r=1&ref=technology&oref=slogin
Tuesday, June 12, 2007

Daily Highlights

NorthWestern Energy announced plans Tuesday, June 5, for a transmission line, called the Mountain States Transmission Intertie, running from Montana to Idaho, which it said could carry energy from developing wind power plants to power−hungry markets. (See item 6)
·
The Associated Press reports an American Airlines flight to Madrid and a catering truck collided at Miami International Airport on Sunday, June 10, causing damage to both the plane and truck. (See item 15)

Information Technology and Telecommunications Sector

36. June 11, eWeek — Yahoo Messenger flaw being exploited in the wild. A high−risk Yahoo Messenger vulnerability is being exploited in the wild, jacking up the criticality of applying a fix to avoid system hijacking. At issue is a buffer−overflow vulnerability in Yahoo Messenger's Webcam ActiveX control. Attackers can exploit the issue to execute arbitrary code within the context of an application that uses the control—typically Internet Explorer, according to Symantec's DeepSight Alert Services. eEye spotted proof−of−concept code last week and predicted that a malicious exploit would soon follow. Sure enough, DeepSight has spotted an active exploit in the wild at "at least one" site: n.88tw.net. The exploit is put to work when an attacker crafts a malicious site designed to take advantage of the vulnerability. The attacker then lures victims to the site by sending the exploit code via e−mail or hosting it in a remotely accessible location, for example. When victims visit the page, arbitrary code runs in the context of their browser. If successful, the attacker then gains remote access to control the target system. Affected versions range from Yahoo Messenger 5.5.0 on up to 8.0.0 and those versions in between. Yahoo Messenger 8.1 isn't affected.
eEye Digital Security Advisory: http://research.eeye.com/html/advisories/upcoming/20070605.h tml
Source: http://www.eweek.com/article2/0,1895,2144610,00.asp

37. June 11, CNET News — OpenOffice worm Badbunny hops across operating systems. Malicious software targeting OpenOffice.org documents is spreading through multiple operating systems, according to Symantec. "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems," according to a Symantec Security Response advisory. "Be cautious when handling OpenOffice files from unknown sources." The worm was first spotted late last month, but at the time, it was not thought to be "in the wild." On Windows systems, it drops a file called drop.bad, which is moved to the system.ini file in the user's mIRC folder. It also executes the JavaScript virus badbunny.js, which replicates to other files in the folder. On Apple Mac systems, the worm drops one of two Ruby script viruses in files respectively called badbunny.rb and badbunnya.rb. On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.
Source: http://news.com.com/OpenOffice+worm+Badbunny+hops+across+operating+systems/2100−7349_3−6189961.html?tag=nefd.top

38. June 08, IDG News Service — Beware of fake Microsoft security alerts. With Microsoft's monthly patch release expected on Tuesday, June 12, scammers are sending out fake security bulletins that attempt to install malicious software on victim's computers. The e−mail messages claim to describe a "Cumulative Security Update for Internet Explorer" that fixes a critical security flaw in the browser. It comes with a link entitled "Download this update." When users click on this link, they are taken to a server that attempts to install malicious software known as Trojan−Downloader.Win32.Agent.avk. This Trojan software then attempts to reach out to other computers on the Internet in order to install more programs on the victim's computer. Microsoft does send out notification e−mail when it publishes security bulletins, but the links in these alerts take users to the bulletins themselves, not to executable downloads
Source: http://www.infoworld.com/article/07/06/08/Beware−of−fake−Microsoft−security−alerts_1.html

39. June 08, Computerworld — State's move to open document formats still not a mass migration. Only 250 of the 50,000 PCs at Massachusetts government agencies are able to use the Open Document Format (ODF) for Office Applications, despite an initial deadline of this month for making sure that all state agencies could handle the file format. Bethann Pepoli, acting state CIO and director of the Massachusetts Information Technology Division (ITD), said last week that potential plug−in suppliers weren't able to deliver working versions of their software by last November as previously planned. According to Pepoli, the ITD did deploy an Office−to−ODF converter for Word text files developed by Sun Microsystems Inc. at some agencies in January. The ITD is working to install the plug−in at more agencies, but Pepoli said it now has no definite schedule for completing the rollout. State legislators in Texas recently
quashed a bill calling for the use of open document formats−−one of five such proposals that have been defeated or shelved in the U.S. this year.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9024160&intsrc=hm_list

40. June 08, eWeek — Anti−spam orgs under DDoS siege. Anti−spam forces must have hit a nerve with their adversaries. As of the evening of June 7, anti−spam groups Spamhaus, SURBL (Spam URI Realtime Blocklists), URIBL (Realtime URI Blacklist) and others have been under a "pretty big" distributed denial−of−service (DDoS) attack, according to the Internet Storm Center (ISC), which is run by the SANS Institute. As of 11 a.m. EDT on June 8, both SURBL and URIBL remained down when eWEEK checked, but Spamhaus was back up. This is an extremely serious issue, as these types of attacks have succeeded in bringing down and, in some cases, permanently knocking out important weapons in the fight against spammers. However, ISC member Bojan Zdrnja noted this positive side of the current DDoS: Spammers must be desperate if they're using their resources to flood anti−spam groups rather than to send out spam.
Source: http://www.eweek.com/article2/0,1895,2143566,00.asp

41. June 08, VNUNet — Worm points the way to Arabic viruses. A seemingly harmless worm spreading around the world could point the way to an explosion in Arabic viruses, according to one security vendor. Masaki Suenaga, a security response engineer at Symantec, claimed that Arabic elements within the W32.Alnuh worm could be a test to see how users react. "W32.Alnuh looks like just an experiment by the author," Suenaga said on the company's Website. "After they have done their homework, they might step to the next stage to make a more complicated virus." Suenaga said that viruses not written in English usually target Chinese, German, Spanish, Portuguese or Russian users, as well as Indonesian, Japanese or Thai to a lesser extent. "There might be more Arabic−aware viruses in the wild than we think simply because many of us do not notice Arabic words, but we are seeing more Arabic−aware viruses than a year ago," said Suenaga. Discovered on May 31, W32.Alnuh spreads harmlessly and only terminates programs to protect itself.
Source: http://www.vnunet.com/vnunet/news/2191697/worm−points−way−ar abic−viruses
Monday, June 11, 2007

Daily Highlights

The Associated Press reports a computer system in Atlanta that processes pilots' flights plans and sends them to air−traffic controllers failed late Thursday or early Friday causing untold flight delays Friday, June 8. (See item 16)
·
The Times Ledger reports Western Queens residents are concerned about an underground petroleum pipeline that runs through five borough neighborhoods to reach LaGuardia Airport, after another fuel pipeline to Kennedy Airport was targeted by four suspected terrorists. (See item 17)


Information Technology and Telecommunications Sector

34. June 08, Government Computer News — Navy CIO approves open source systems. Open−source software is now an official option for all information technology systems in the Navy and Marine Corps, according to a guidance memo issued June 5 by the Department of the Navy’s Office of the Chief Information Officer. The Open−Source Guidance memo gives open−source platforms the same status as commercial off−the−shelf and government off−the−shelf software products, allowing Navy IT administrators to evaluate open−source code in acquisitions. The department “recognizes the importance of [open−source software] to the warfighter and the need to leverage its benefits throughout the [Department of the Navy],” according to the memo issued by Navy CIO Robert Carey.
Source: http://www.gcn.com/online/vol1_no1/44441−1.html
Friday, June 8, 2007

Daily Highlights

The Oregonian reports the Bonneville Power Administration's massive electrical substation near the Columbia River has been sabotaged by metal thieves; two Bonneville Power facilities have been hit in the past week. (See item 4)
·
The Associated Press reports a South Carolina man was charged Wednesday, June 6, with threatening to poison the capital city's water system using chemicals he had illegally buried in his back yard. (See item 18)
·
WBRC reports Birmingham and Trussville, Alabama, water customers were notified on Wednesday, June 6, of mandatory water restrictions taking effect in response to the continued drought as Birmingham Water Works moves to its Stage Three water conservation plan. (See item 19)·

Information Technology and Telecommunications Sector


31. June 06, Reuters — IBM to buy Watchfire security software firm. IBM said on Wednesday, June 6, it will buy privately held security and compliance testing software company Watchfire Corp. for an undisclosed amount. The deal is expected to close in the third quarter, IBM said in a statement. IBM said Watchfire's technology would be combined with IBM's Rational software products, which let users conduct performance tests while developing software. Top technology companies including Microsoft Corp., Cisco Systems Inc. and Google Inc. have been acquiring security companies to protect customers from malicious software attacks and spam mail.
Source: http://www.eweek.com/article2/0,1895,2142284,00.asp

32. June 06, IDG News Service — Google acquires server software company PeakStream. Google on Tuesday, June 5, acquired PeakStream, a developer of software for multicore and parallel processors, the company said. PeakStream's Website was not available following the acquisition. A version of its product page cached on Google's Website described it as the first commercial software product to allow programming of multicore and parallel processors, allowing optimization of these increasingly prevalent chipsets.
Source: http://www.infoworld.com/article/07/06/06/Google−acquires−Pe akstream_1.html

33. June 06, InformationWeek — Critical bugs discovered in Yahoo Messenger. Yahoo is working on a patch for critical Yahoo Messenger vulnerabilities that could enable a remote hacker to take control of a user's system. "We recently learned of a buffer overflow security issue in an ActiveX control," a Yahoo spokesperson said in an e−mail to InformationWeek. "This control is part of the code for Web cam image upload and viewing. Upon learning of this issue, we began working towards a resolution and expect to have a fix shortly."
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=199901856

34. June 06, Agence France Presse — Hoax text message spreads tsunami terror in Indonesia. Thousands of people fled their homes in panic on the Indonesian coast after hoax text messages spread warning them that a tsunami will hit the region, journalists and officials said Wednesday, June 6. "The possibility is that a tsunami may take place on June 7," said part of a short telephone text message (SMS) that is widely circulating in various coastal areas of Nusa Tenggara province, local journalists said. A check of several coastal districts in the province showed that thousands had left their homes on the coast in at least three districts to flee to higher grounds since Tuesday, they said. The regional meteorology and geophysics office said that the SMS warning did not come from their office. "Earthquakes and tsunami cannot be predicted and we have not issued such warning," office head Rivai Marulak told AFP.
Source: http://www.breitbart.com/article.php?id=070606101917.31jf2ey b&show_article=1
Thursday, June 7, 2007

Daily Highlights

The FBI's investigation is pointing to an outside hacker who broke into the computer network at the Illinois Financial and Professional Regulation in January and accessed a server that held information on about 1,200,000 people who have licenses or applied for licenses with the department. (See item 9)
·
CBC News reports Canada's skies are vulnerable to another attack against passenger travel unless tougher cargo controls are implemented on the ground, according to an aviation security expert who testified at the Air India inquiry Wednesday, June 6. (See item 16)
·
Information Technology and Telecommunications Sector

33. June 06, US−CERT — Computer Associates release security notice for anti−virus engine. The Computer Associates Anti−Virus engine fails to properly process CAB archives. These vulnerabilities may allow an unauthenticated attacker to execute arbitrary code or cause a denial−of−service condition. US−CERT encourages users to apply the updates as described in the Computer Associates Security Notice: http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus−securitynotice.asp
Source: Computer Associates Release Security Notice for Anti−Virus Engine

34. June 06, US−CERT — Sun Microsystems releases security advisory for Java Runtime Environment Image Parsing Code. Sun Microsystems released a Security Advisory for the Java Runtime Environment Image Parsing Code. This vulnerability may allow an applet to read and write local files or execute local applications. US−CERT encourages users to examine the resolutions that are described in the Sun Security Advisory as soon as possible:
http://www.sunsolve.sun.com/search/document.do?assetkey=1−26 −102934−1
More information can be found in US−CERT Vulnerability Note VU#138545:
http://www.kb.cert.org/vuls/id/138545
Source: http://www.us−cert.gov/current/index.html#sun_microsystems_releases_security_advisory

35. June 06, US−CERT — Vulnerability Note VU#290961: Microsoft Windows GDI+ ICO InfoHeader Height division by zero vulnerability. Microsoft Windows Graphics Device Interface (GDI+) is an application programming interface (API) that provides programmers the ability to display information on screens and printers. GDI+ includes the ability to process ICO (icon) image files. There is an integer division by zero vulnerability in the way the ICO parsing component of GDI+ (Gdiplus.dll) handles ICO files with a Height value of zero in the InfoHeader section of the ICO file. By introducing a specially crafted ICO file to the vulnerable component, a remote attacker could trigger an integer division by zero denial−of−service condition. Windows Explorer has been shown to be vulnerable, however any application that uses the GDI+ library may be vulnerable. US−CERT is currently unaware of a practical solution to this problem.
Source: http://www.kb.cert.org/vuls/id/290961

36. June 06, eWEEK — Mozilla plugs Thunderbird security hole. On June 4, Mozilla released a security−fix Version 1.5.0.12 of its Thunderbird e−mail client, after updating its Firefox browser, a Firefox Google toolbar extension and its SeaMonkey Web application suite. The new Thunderbird 1.5.0.12 replaces 1.5.0.10. The most important fixes include a flaw in APOP authentication (which also affects the Mail & Newsgroups component of SeaMonkey) and a memory corruption bug (which also affects Firefox and SeaMonkey), a spokesperson said. Thunderbird 1.5.0.12 can be downloaded (10.2MB for Linux users) from the older Thunderbird releases Web page or via Thunderbird's built−in software update system:
http://www.mozilla.com/en−US/thunderbird/all−older.html
More details are available in the Thunderbird 1.5.0.12 release notes:
http://www.mozilla.com/en−US/thunderbird/releases/1.5.0.12.h tml
Source: http://www.eweek.com/article2/0,1895,2142213,00.asp