Tuesday, July 31, 2007

Daily Highlights

VNUNet reports the Department of Homeland Security has set out security requirements for automated control systems, principally in the power industry, to protect installations against physical and cyber−attacks. (See item 1)
United Press International reports an incomplete job by a pest control contractor sparked an FBI terror investigation and forced the temporary shutdown of three of Washington, DC's Metro stations on Sunday, July 29. (See item 11)
Information Technology and Telecommunications Sector

37. July 30, eWeek — Core Security to reveal new database attack vector. Researchers at Core Security Technologies have donned their black hats and are preparing a presentation about a new database attack vector that relies solely on the inherent characteristics of the indexing algorithms. The attack, which will be demonstrated Wednesday, August 1, against the MySQL database engine at Black Hat USA in Las Vegas, affects database management systems using BTREE, the popular database indexing algorithm and data structure. Traditionally, database security breaches are mostly due to the abuse of wrongly configured authorization and actual control permissions or the exploitation of bugs in front−end Web applications through SQL injection, said Core Security Chief Technology Officer Ivan Arce. The presentation will involve the use of timing attacks, a common technique for breaking cipher system implementations, on database engines. Researchers from CoreLabs will explain how this technique can be used to extract information from a database by performing record insertion operations, which are typically available to all database users – including anonymous users of front−end Web applications.
Source: http://www.eweek.com/article2/0,1895,2164067,00.asp

38. July 30, InformationWeek — Verizon Wireless to acquire Rural Cellular for $2.67 billion. Verizon Wireless said it will acquire Rural Cellular Corporation for about $2.67 billion in the latest example of the new attractiveness of rural wireless services. Announced Monday, July 30, Verizon Wireless said the acquisition will increase its customer base by more than 700,000. Rural Cellular's networks range across areas in Maine, Vermont, New Hampshire, New York, Massachusetts, Alabama, Mississippi, Minnesota, North Dakota, South Dakota, Wisconsin, Kansas, Idaho, Washington, and Oregon. While the thought of acquiring small rural wireless providers would have been shunned not too long ago, the transactions are becoming a way for major mobile phone service providers to grow their subscriber rolls.
Source: http://www.informationweek.com/management/showArticle.jhtml;jsessionid=VJPIV3BK13WSSQSNDLRCKH0CJUNN2JVN?articleID=201201813

39. July 30, Sophos — Virus plays on Nintendo Mario game nostalgia. IT security and control firm Sophos is warning of a new mass−mailing worm that is capitalizing on users' enthusiasm for Nintendo's iconic character, Mario. Once they open the e−mail, recipients are requested to click on an attachment that promises to run one of the classic Super Mario Bros games. E−mails sent by the worm use the following text in the message body: "Hi There, Do You Like Mario Bross ? Test it, and you'll like it ;] !" Attached to the e−mails is a file containing the Romario−A worm, which in addition to launching a game starring the portly Italian plumber, also attempts to infect other unprotected computers via mass−mailing itself as a file attachment, as well as spreading via removable shared drives. Sophos experts note that Romario−A aims to cause maximum impact by scheduling a daily task to ensure the worm runs regularly at a specified time.
Source: http://www.sophos.com/pressoffice/news/articles/2007/07/mari o.html

40. July 28, Los Angeles Times — Three voting systems faulted. Three of California's electronic voting systems −− including those used in Orange, Riverside, San Bernardino and Ventura counties — can be easily hacked into, potentially compromising millions of votes, according to a detailed review announced Friday, July 27. Makers of Los Angeles County's InkaVote system did not submit its equipment in time, so it wasn't included, said Secretary of State Debra Bowen, who requested the study. The three systems evaluated, used by more than two−thirds of California's counties, also had problems with accessibility requirements for disabled and non−English−speaking voters. The findings of what some believe to be one of the most comprehensive electronic voting studies to date come as California registrars rush to prepare for the state's presidential primary election February 5. Over two months, dozens of experts in information technology organized by the University of California tested machines made by Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems. The analysts tried to infiltrate the three systems physically and electronically, without the safeguards that voting machine vendors or counties might use. "Under these conditions, the technology and security of all three systems could be compromised," the review said.
Report: http://www.sos.ca.gov/elections/elections_vsr.htm
Source: http://www.latimes.com/news/local/la−me−vote28jul28,0,1784391.story?coll=la−home−center

41. July 27, IDG News Service — Hotmail maintenance glitch locks users out. Microsoft's Windows Live Hotmail Webmail service remained inaccessible to a portion of its users for several hours on Friday, July 27, but the problem has been resolved. Windows Live Hotmail, which has about 310 million active users worldwide, became unavailable between approximately 6:30 a.m. U.S. Pacific Time and "late morning," a spokesperson for Microsoft said. She declined to specify how many users were affected, saying only that the problem affected "a limited set of customers." The problem, which erupted during maintenance work for Windows Live Hotmail, didn't lead to any loss of data for users, according to the spokesperson.
Source: http://www.infoworld.com/article/07/07/27/Hotmail−maintenance−glitch−locks−users−out_1.html

42. July 27, Government Accountability Office — GAO−07−837: Information Security: Despite
Reported Progress, Federal Agencies Need to Address Persistent Weaknesses (Report). For many years, the Government Accountability Office (GAO) has reported that weaknesses in information security are a widespread problem with potentially devastating consequences −− such as intrusions by malicious users, compromised networks, and the theft of personally identifiable information −− and has identified information security as a governmentwide high−risk issue. Concerned by reports of significant vulnerabilities in federal computer systems, Congress passed the Federal Information Security Management Act of 2002 (FISMA), which permanently authorized and strengthened the information security program, evaluation, and reporting requirements for federal agencies. As required by FISMA to report periodically to Congress, in this report GAO discusses the adequacy and effectiveness of agencies’ information security policies and practices and agencies’ implementation of FISMA requirements. To address these objectives, GAO analyzed agency, inspectors general, Office of Management and Budget (OMB), congressional, and GAO reports on information security. GAO is recommending that OMB strengthen FISMA reporting metrics. OMB agreed to take GAO’s recommendations under advisement when modifying its FISMA reporting instructions.
Highlights: http://www.gao.gov/highlights/d07837high.pdf
Source: http://www.gao.gov/cgi−bin/getrpt?GAO−07−837
Monday, July 30, 2007

Daily Highlights

The federal government has warned chemical companies in North Jersey and across the nation about a series of suspicious calls seeking information about safety procedures placed to at least three chemical manufacturers at plants in the Midwest earlier this month. (See item 5)
The Associated Press reports stores nationwide are continuing to sell recalled canned chili, stew, hash, and other foods from Castleberry's Food Co., potentially contaminated with poisonous bacteria, even after repeated warnings the products could kill. (See item 24)
Information Technology and Telecommunications Sector

33. July 27, IDG News Service — Black Hat spurs Apple to patch iPhone. With security researchers set to reveal details of a critical security flaw in the iPhone at the Black Hat 2007 conference this week, Apple Inc. now has fewer than seven days to patch a critical vulnerability in the product. The iPhone hack is one of several disclosures planned that could lead to fireworks as more than 3,000 hackers and security professionals converge at Caesars Palace Las Vegas for the annual confab. The iPhone hack, which was first reported Monday, July 23, by Independent Security Evaluators, showed how hackers could retrieve data from a victim's iPhone by tricking them into visiting a malicious Website. If Apple were to patch the iPhone, it would be the company's first ever software update for the product, which began shipping in late June. Patching the iPhone flaw would also show that Apple had made the right decision in reserving the right to patch the phone itself instead of handing over control of the iPhone software to the mobile carrier companies, as is common practice with mobile phones. Carriers have been slow to patch devices, even when they have known bugs, said Robert Graham, CEO of Errata Security Inc.
Source: http://www.infoworld.com/article/07/07/27/black−hat−iphone−p atch_1.html

34. July 27, ComputerWorld — Yahoo patches Widgets, fixes hijack bug on Windows. Security researchers on Friday, July 27, warned that Yahoo Widgets, a platform that runs small, Web−based gadget−like applications on computer desktops, sports a critical flaw hackers can use to hijack Windows PCs. A bug in an ActiveX control that ships with Yahoo Widgets can be exploited to create a buffer overflow and, after that, introduce rogue code to the compromised computer. The most likely attack scenario, said Yahoo, would find attackers feeding users' links to malicious Websites. Yahoo issued an update to Widgets' engine earlier last week, but it wasn't until Friday that Danish vulnerability tracker Secunia, which reported the bug to Yahoo, announced the flaw. Secunia pegged the problem as "extremely critical," the second−highest threat rating in its five−step scoring system. Only the Windows version of Yahoo Widgets is at risk; the Mac OS X edition does not need to be updated.
Yahoo security advisory: http://help.yahoo.com/l/us/yahoo/widgets/security/security−0 8.html
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028178&intsrc=hm_list

35. July 27, ComputerWorld — Attacks likely against unpatched Mac OS Samba bug. Symantec Corp. last week warned Mac OS X users that the addition of an exploit to the Metasploit hacking framework had boosted the threat posed by an unpatched bug in Samba, the open−source file− and print−sharing software included with the Apple operating system. Although the vulnerability was disclosed May 14 and patched that same day by the Samba community, Apple has not updated Mac OS X with a fix, said Symantec's Alfred Huger, vice president of engineering with the security company's response group. "This is significant exposure for Mac OS X users," said Huger. "Samba is used in virtually every mixed environment where there are Macs and PCs, and the threat profile is much higher now that an exploit has been added to Metasploit." This month, a trio of Brazilian researchers who collaborate as Rise Security released Mac OS X attack code for the Samba vulnerability. According to Symantec, the Rise code is "almost identical" to what the company's security team discovered in late May. More important, said Huger, is that Rise also contributed their code to Metasploit, an open−source platform for creating, testing and launching exploit code.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028220&intsrc=news_ts_head

36. July 27, InformationWeek — New attack uses bogus Websites to deliver malware. The Italian job that last month saw more than 10,000 legit Web pages embedded with malicious IFrames has resurfaced, this time with even more international intrigue. Last month's threat pushed malicious HTML files onto Web pages of several Italian Websites and infected Web surfers visiting those sites. The new threat comes from a number of newly registered Websites that pretend to represent Italian organizations, but are really just vehicles for using malicious IFrames to spread malware. Indeed, these new sites aren't even being hosted in Italy; they're being hosted out of Germany and may be tied to Russian malware writers, Trend Micro network architect Paul Ferguson told InformationWeek. "One of our researchers found an IP address that included 400 pieces of malware on different URLs," he said. As of Friday morning, July 27, about 2,500 systems may have been infected by these malicious IFrames.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=UQXB0NAA3SOKIQSNDLPCKH0CJUNN2JVN?articleID=201201582

37. July 27, Sophos — Spammed out screensaver installs rootkits and Trojan horse. Experts at Sophos have warned of a widespread e−mail spam campaign that poses as a screensaver, but is really designed to install a Trojan horses and rootkits on infected Windows PCs. The e−mails, which are being seen in inboxes worldwide, claim that the recipient has been sent a screensaver by a friend and tells the user to open the attachment (called bsaver.zip). The e−mails used in the malicious spam campaign contain phrasing such as "Good morning/evening, man! Realy cool screensaver in your attachment!" and use a variety of subject lines including: Life is beautiful; Life will be better; Good summer; help you. Clicking on the file contained inside the ZIP attachment infects users with the Troj/Agent−FZB Trojan horse, which drops two rootkits to try and hide from security software.
Source: http://www.sophos.com/pressoffice/news/articles/2007/07/bsav er.html
Friday, July 27, 2007

Daily Highlights

The Los Angeles Times reports the early outbreak of West Nile virus−related illnesses in California this summer has claimed a second life, that of an 85−year−old man from Kern County. (See item 23)
ComputerWorld reports millions of documents, both government and private, containing sensitive and sometimes classified information are available on file sharing networks after being inadvertently exposed by individuals downloading P2P software on systems that held the data. (See item 34)
Information Technology and Telecommunications Sector

29. July 25, IDG News Service — Mozilla flaw attack code published. Mozilla is working on patching its Firefox browser after a hacker posted details of a flaw that could let criminals run unauthorized software on a victim's machine. The flaw lies in Firefox's URL handler component, which was the source of another bug Mozilla disclosed Tuesday, July 24. This second flaw was disclosed Tuesday by Billy Rios and Nathan McFeters, security consultants with Verisign and Ernst & Young respectively. Like the first flaw, this one could be exploited by attackers to launch programs on the victim's PC without authorization, said Tyler Reguly, a security research engineer at nCircle Network Security. "They're both related to the URL handling process," he said "It's just different errors within that handling process." Even though the code posted by Rios and McFeters can only be used to launch software that is already installed on a victim's PC, it could be very dangerous if used by criminals, Reguly said. "It's still letting you run any program that exists on the user's computer," he said. "You can make it do some fairly bad things. For example, having it use command−line FTP to download a malicious file off a server somewhere and then execute that file."
Rios' blog: http://xs−sniper.com/blog/2007/07/24/remote−command−execution−in−firefox−2005/
Source: http://www.infoworld.com/article/07/07/25/Researcher−publishes−attack−code−for−Mozilla−flaw_1.html

30. July 25, ComputerWorld — Largest vendors account for fewer software flaws. Though it might not seem that way, the top 10 most vulnerable software vendors −− and, yes, that includes Microsoft Corp. −− are contributing a smaller percentage of all vulnerability disclosures per year compared to five years ago. That's according to an analysis by Gunter Ollmann, director of security strategies at IBM's Internet Security Systems X−Force team. Ollmann, who crunched vulnerability data gathered by X−Force between 2002 and 2006, said the overall percentage of security flaws disclosed by the most vulnerable software vendors dropped from 20.2 percent in 2002 to 14.6 percent during that period. Much of that decrease is likely the result of improved quality assurance and testing processes by the most vulnerable software vendors, Ollmann said. Most of their software packages have been through multiple versions and have been combed thoroughly for vulnerabilities by security researchers, Ollmann said. As larger vendors begin to do a better job of locking down their software, hackers and software researchers have begun focusing their attention on newer vendors and their applications, which has resulted in an overall increase in the number of vulnerabilities being reported, Ollmann said.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027947&source=rss_topic85

31. July 25, VNUNet — Password flaw hits Firefox and Safari. The latest versions of Firefox and Safari contain a password management security flaw that could allow certain Websites to access stored usernames and passwords. A message on the Full Disclosure mailing list warned that users who have either browser configured to remember passwords, and have JavaScript enabled, are at risk. Mozilla fixed a similar reverse cross−site scripting flaw in Firefox last November, but this was a lot more serious as it did not require JavaScript to be enabled. Heise Security has a demonstration of the vulnerability on its Website to allow users to determine whether they are vulnerable to the attack. However, some developers and commentators have questioned whether this constitutes a vulnerability in the browser, as it requires the attacker to place malicious code on the Web server.
Heise Security demonstration: http://www.heise−security.co.uk/services/browsercheck/demos/moz/pass1.shtml
Source: http://www.vnunet.com/vnunet/news/2194933/firefox−safari−pas sword−flaw

32. July 24, Sydney Morning Herald (Australia) — Mobile phone spammer fined in Australia. A mobile phone marketing company has been fined almost $132,000 over spamming practices that affected thousands of people over the past 12 months. DC Marketing Europe, a company notorious for its "missed call" telemarketing schemes, has been fined by the Australian Communications and Media Authority for breaching the Spam Act in July and August last year, by sending unsolicited messages that failed to identify the sender and did not allow the recipient to unsubscribe. Authorities say they are handling as many as 1800 complaints a month from mobile phone customers over rip−offs. Hidden charges and the inability to cancel subscriptions to services such as ringtones, wallpaper and video clips were the most common complaints among the 9000 recorded by the Telecommunications Industry Ombudsman over the past six months, under the Mobile Premium Services Industry Scheme. In the previous 12 months the ombudsman handled fewer than 6000 complaints over premium services, which suggests that complaints have risen threefold since the scheme began.
Source: http://www.smh.com.au/news/security/mobile−phone−spammer−fined−150000/2007/07/23/1185043066651.html
Thursday, July 26, 2007

Daily Highlights

The Associated Press reports Wednesday, July 25, a series of explosions at a facility that sells liquefied natural gas sent flaming debris raining onto highways and buildings near downtown Dallas; at least two people were seriously injured. (See item 1)
The Transportation Security Administration has sent an alert to airport security officers around the nation to look out for terrorists practicing to carry explosive components onto aircraft; this information is based on four curious seizures at airports since last September. (See item 12)
Information Technology and Telecommunications Sector

31. July 25, IDG News Service — Researchers: Forensics software can be hacked. The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners. The San Francisco security company has spent the past six months investigating two forensic investigation programs, Guidance Software's EnCase, and an open−source product called The Sleuth Kit. They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator's machine, according to Alex Stamos, a researcher and founding partner with Isec Partners. Researchers have been hacking forensics tools for years, but have traditionally focused on techniques that intruders could use to cover their tracks and thwart forensic investigations. The Isec team has taken a different tack, however, creating hacking tools that can be used to pound the software with data, looking for flaws. Based on their findings, Stamos's team believes that the EnCase software is not written as securely as it should and could theoretically be exploited by an attacker.
Source: http://www.infoworld.com/article/07/07/25/Forensics−software−can−be−hacked_1.html

32. July 25, Sophos — Sophos report reveals record number of new Web−borne threats in 2007. Sophos has published new research into the first six months of cybercrime in 2007. The Sophos Security Threat Report examines existing and emerging security trends and has identified a sharp rise in the number of Web threats, as well as the countries and server types hosting the most infected sites. The first half of 2007 has seen an explosion in threats spread via the Web, which has now taken over from e−mail as the preferred vector of attack for financially motivated cybercriminals. In June alone Sophos uncovered a record number of new infected Webpages −− approximately 29,700 −− each day. In contrast, earlier in 2007, the number of malicious pages detected stood as low as just 5,000 per day.
Sophos Security Threat Report (registration required):
http://www.sophos.com/security/whitepapers/sophos−security−t hreats−update−2007−wsrus
Source: http://www.sophos.com/pressoffice/news/articles/2007/07/secu rityrep.html

33. July 24, eWeek — Power outage hits San Francisco data center, Websites. An explosion beneath a manhole cover on Mission Street in downtown San Francisco Tuesday, July 24, knocked out power and cut service to customers and a major IT co−location center. The 365 Main data center, a city−block−size hosting facility that houses servers for a number of major Websites, was heavily affected by the outage and immediately switched to backup generator power, a company spokesperson told eWEEK. 365 Main hosts Craigslist, Cnet.com, Technorati, Typepad, LiveJournal, Yelp, RedEnvelope, SecondLife.com, and a portion of Charles Schwab's financial transactions, among other companies. Sun Microsystems also utilizes a portion of 365 Main's facility for its grid utility service. All of those Websites went offline for at least a portion of the afternoon due to the outage.
Source: http://www.eweek.com/article2/0,1895,2162216,00.asp

34. July 24, InformationWeek — Storm worm erupts into worst virus attack in two years. The Storm worm authors are waging a multi−pronged attack and generating the largest virus attack some researchers say they've seen in two years. "We are basically in the midst of an incredibly large attack," said Adam Swidler, a senior manager with security company Postini. "It's the most sustained attack that we've seen. There's been nine to 10 days straight days of attack at this level." Swidler said in an interview with InformationWeek that the attack started a little more than a week ago, and Postini since then has recorded 200 million spam e−mails luring users to malicious Websites. The viruses are not embedded in the e−mails or in attachments. The e−mails, many of them otherwise empty, contain a link to a compromised Website where machines are infected with a generic downloader. This helps pull the computers into the malware authors' growing botnet, while also leaving them open for further infection at a later date.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=AGU1WLLXDECCIQSNDLOSKH0CJUNN2JVN?articleID=201200849

35. July 24, InformationWeek — Cisco warns of bugs in Wireless LAN Controllers. Cisco Systems released a security advisory on Tuesday afternoon, July 24, to address several vulnerabilities in its Wireless LAN Controllers that could enable hackers to cause a denial−of−service on the affected network. The flaws lie in the handling of Address Resolution Protocol (ARP) packets. The advisory noted that a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group. A vulnerable WLC may mishandle unicast ARP requests from a wireless client, leading to an ARP storm. The bugs affect versions 4.1, 4.0, 3.2, and prior versions of the Wireless LAN Controller software, according to the advisory.
Cisco advisory: http://www.cisco.com/warp/public/707/cisco−sa−20070724−arp.s html
Source: http://www.informationweek.com/software/showArticle.jhtml;jsessionid=AGU1WLLXDECCIQSNDLOSKH0CJUNN2JVN?articleID=201200878
Wednesday, July 25, 2007

Daily Highlights

Amid concerns about after−hours employee access to concourses at Phoenix Sky−Harbor International Airport, the Transportation Security Administration and the airport have implemented several changes to ensure that local security procedures are in compliance with national requirements concerning screening employees. (See item 10)
The Boston Globe reports a spate of deadly chlorine bomb attacks in Iraq is prompting the Bush administration to urge nearly 3,000 municipal water treatment plants in the U.S. to make sure their chlorine gas is well protected. (See item 21)
Information Technology and Telecommunications Sector

30. July 24, IDG News Service — China breaks into large piracy syndicate with FBI's help. A flurry of raids and arrests in China over the last two weeks have ended what is estimated to be the world's largest piracy syndicate in operation for more than six years. The group, in Guangdong province in southern China, produced fraudulent copies of software from Microsoft and Symantec, according to the Federal Bureau of Investigation (FBI). In China, some 290,000 discs were seized, worth $500 million, as well as $7 million in other assets, the FBI said. In the U.S., the agency's Los Angeles office confiscated $2 million in counterfeit software, plus $700,000 in other assets. In one of the raids, an alleged counterfeiter named Ma Ke Pei was arrested along with 10 other people in connection with fake Symantec software, the FBI said. In 2003 Ma was indicted in the U.S. for copyright and trademark violations related to Microsoft software but fled to China. Other raids centered around Shenzhen, where some 70 percent of the counterfeit products are shipped to the U.S. to distributors and retail customers, the FBI said. Six manufacturing lines and retail facilities were dismantled, and 47,000 counterfeit Microsoft CDs were confiscated.
Source: http://www.infoworld.com/article/07/07/24/China−busts−piracy−syndicate−with−FBI_1.html

31. July 23, ComputerWorld — 'Dangling pointers' more dangerous than thought, says security vendor. An issue largely ignored because the security risk was deemed only theoretical might soon become a significant and dangerous security risk, according to Web application security vendor Watchfire Inc. The company has developed new proof−of−concept code that it says can use what’s generally seen as a relatively benign coding flaw −− it's known as a dangling pointer −− to launch remote−code execution attacks. A dangling pointer, like a buffer−overflow flaw, can exist in a large number of software products. Watchfire is set to demonstrate its attack code running against a vulnerability in Microsoft Corp.’s IIS 5.1 server software at next week’s BlackHat conference in Las Vegas.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027658&intsrc=hm_list
Tuesday, July 24, 2007

Daily Highlights

InformationWeek reports identifying information on more than half a million uniformed military personnel and their families was compromised by a military contractor that transmitted it over the Internet without encryption. (See item 8)
ABC15 reports news investigators have discovered a 4.5−hour time frame each night when X−ray machines are off, metal detectors are closed, and virtually anything can be brought into the secure side of Phoenix Sky Harbor Airport. (See item 16)
The U.S. Food and Drug Administration is expanding its July 18 warning for consumers and pet owners regarding canned food products and dog food produced by Castleberry Food Company of Augusta, Georgia, due to the risk of botulinum toxin. (See item 27)
Information Technology and Telecommunications Sector

37. July 23, IDG News Service — HP to acquire Opsware for $1.6 billion. Hewlett−Packard (HP) plans to buy datacenter automation software vendor Opsware for about $1.6 billion. It's the third−largest acquisition in HP's history after its multibillion−dollar purchases of Compaq and Mercury. HP said Monday, July 23, that it had signed a definitive agreement to acquire Opsware in a cash tender deal that values the company at $14.25 per share. Once the deal closes, HP plans to combine the Opsware software with its own enterprise IT management software, as the new acquisition becomes part of HP's software business.
Source: http://www.infoworld.com/article/07/07/23/HP−to−acquire−Opsw are_1.html

38. July 23, IDG News Service — Security team claims successful iPhone hack. A team of security experts in Baltimore said it has found a flaw in Apple's iPhone handset that can be used by attackers to access private data stored on it. Independent Security Evaluators (ISE) said on a Website dedicated to explaining the flaw and its exploitation that an attacker could gain access to the iPhone through a wireless access point, or through a Website controlled by the attacker. Because the iPhone connects to wireless Internet access networks, such as Wi−Fi, by name, an attacker could create a network with the same name and encryption method as one the handset already uses. The attacker could then substitute a Web page with exploit code to gain access to the phone, ISE said. An attacker could also use a link planted on an unedited or unmoderated online forum, or a link sent by SMS or e−mail to use make use of the flaw and gain access to the handset, ISE said. When the iPhone's Safari browser opens a malicious Web page, malicious code can be run on the phone via the flaw, allowing the attacker to read the iPhone's SMS log, address book, call history, and voice−mail information, ISE said.
Source: http://www.infoworld.com/article/07/07/23/successful−iPhone− hack_1.html

39. July 23, VNUNet — Symantec warns of cross−platform vulnerability. Symantec has warned of an exploit in circulation that can crash Nintendo's Wii gaming console. The problem concerns the use of Flash files on the console. Adobe patched the Flash flaw on July 12, but the Opera browser used by the Wii is still vulnerable. "The most interesting thing is that it is a cross−platform vulnerability," said Liam OMurchu from Symantec's Security Response team. "Due to the fact that Flash can run in different browsers and on different platforms, the discovery of this one vulnerability could leave all Flash−enabled operating systems and devices open to the attack, including some advanced smartphones. The vulnerability has already been tested on Windows, Apple Mac, and some Linux distributions, but many other devices that are Flash−enabled could be affected by the problem too."
Source: http://www.vnunet.com/vnunet/news/2194782/symantec−warns−wii −flaw

40. July 20, eWeek — Duke resolves iPhone, Wi−Fi outage problems. One week after discovering a glitch between Apple iPhones and its Cisco−based campus wireless network, Duke University on Friday, July 20, finally got to the bottom of the problem that caused periodic outages of the Wi−Fi network. Initial reports of the problem placed the blame for the outages squarely on Apple's iPhones, which flooded the Cisco Wireless Access Points with thousands of address requests per second. However, in a statement released Friday afternoon, Cisco Systems admitted that the problem was caused by a Cisco glitch. "Cisco has provided a fix that has been applied to Duke's network and the problem has not occurred since," the statement read. Cisco did not describe what the source of the problem was.
Source: http://www.eweek.com/article2/0,1895,2161065,00.asp
Monday, July 23, 2007

Daily Highlights

Information Week reports a former U.S. Marine and FBI analyst was sentenced to 10 years in federal prison for espionage charges in connection with stealing classified national defense documents from the White House, the FBI, the Department of Defense, and the U.S. Department of State. (See item 27)
The Associated Press reports the blast that made New York skyscrapers tremble on Wednesday, July 17, came from an 83−year−old steam pipe and sent a powerful message that the miles of tubes, wires, and iron beneath New York and other U.S. cities are getting older and could become dangerously unstable. (See item 37)
Information Technology and Telecommunications Sector

31. July 20, VNUNet — 'Critical' BitTorrent flaw hits Opera. A "highly critical" vulnerability has been found in the Opera Web browser which could be exploited to remotely compromise a user's system. The flaw is caused when Opera uses already freed memory to parse BitTorrent headers, and can lead to an invalid object pointer being de−referenced. This can be exploited to execute arbitrary code if the user is tricked into clicking on a specially−crafted BitTorrent file and then removes it from the download pane by right−clicking. The vulnerability is reported in version 9.21 of Opera on Windows, but security monitoring Website Secunia, which rated the flaw "highly critical," said that other versions may also be affected. The problem can be fixed by upgrading to Opera 9.22.
Source: http://www.vnunet.com/vnunet/news/2194683/highly−critical−bi ttorrent−flaw

32. July 20, InformationWeek — Spammers exploiting new Simpson's movie. Security researchers reported spotting a spam campaign that is preying on interest in the upcoming Simpson's movie. The spammed e−mails try to lure unsuspecting users to a Website, where their e−mail address will be harvested for later spamming attacks, according to researchers at Sophos. To get users to visit the site, the spam claims recipients will be given a $500 Visa gift card if they click on a link and participate in an online survey about the movie. Each e−mail contains a graphic of Homer Simpson sitting on his sofa wearing a Superman crop−top and tighty−whities. A message in the image asks: "Will you go see the movie The Simpsons? Take our short survey now."

33. July 19, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−200A: Oracle releases patches for multiple vulnerabilities. Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial−of−service. Systems Affected: Oracle Database; Oracle Application Server; Oracle Collaboration Suite; Oracle E−Business Suite and Applications; Oracle PeopleSoft Enterprise and JD EnterpriseOne. Solution: Apply the appropriate patches or upgrade as specified in the Critical Patch Update −− July 2007. Note that this Critical Patch Update only lists newly corrected vulnerabilities. As noted in the update, some patches are cumulative, others are not. Oracle E−Business Suite and Applications patches are not cumulative, so E−Business Suite and Applications customers should refer to previous Critical Patch Updates to identify previous fixes they want to apply. Vulnerabilities described in the July 2007 CPU may affect Oracle Database 10g Express Edition (XE). According to Oracle, Oracle Database XE is based on the Oracle Database 10g Release 2 code. Known issues with Oracle patches are documented in the pre−installation notes and patch readme files. Please consult these documents and test before making changes to production systems.
Oracle Critical Patch Update: http://www.oracle.com/technology/deploy/security/critical−patch−updates/cpujul2007.html
Oracle Database 10g Express Edition (XE):
http://www.oracle.com/technology/products/database/xe/index. html
Source: http://www.us−cert.gov/cas/techalerts/TA07−200A.html
Friday, July 20, 2007

Daily Highlights

CNN reports a contractor, Roy Lynn Oakley, who allegedly took classified material from a federal nuclear facility in Tennessee and tried to sell it has been arrested. (See item 2)
The San Francisco Chronicle reports San Francisco International Airport personnel on Thursday morning, July 19, discovered the body of a man in the wheel well of a 747 recently arrived from Shanghai. (See item 12)
The Department of Homeland Security announced Wednesday, July 18, final Fiscal Year 2007 Homeland Security Grant Program awards totaling $1.7 billion, including a total of almost $411 million to the nation’s six urban areas at highest risk of a terrorist attack. (See item 35)
Information Technology and Telecommunications Sector

37. July 19, Reuters — Toshiba recalls more Sony PC batteries. Toshiba Corp. said on Thursday, July 19, it has recalled more Sony Corp. laptop computer batteries due to fire risk, rekindling concerns over the safety of Sony−made batteries. Toshiba is replacing a total 10,000 battery packs after three of its laptop PCs using battery cells made on December 3, 2005 caught fire in the last 10 months. No one was hurt in the incidents. Only 5,100 units of the 10,000 packs are potentially defective, but Toshiba is recalling double the amount to make sure all the battery packs containing targeted battery cells are exchanged.
Source: http://www.eweek.com/article2/0,1895,2160393,00.asp

38. July 19, Associated Press — Duke University: iPhone may be disrupting network. Apple Inc.'s new iPhones may be jamming parts of the wireless network at Duke University, where technology officials worked with the company Wednesday, July 18, to fix problems before classes begin next month. Bill Cannon, a Duke technology spokesperson, said an analysis of traffic found that iPhones flooded parts of the campus' wireless network with access requests, freezing parts of the system for 10 minutes at a time. A single iPhone was powerful enough to cause the problem, and there are 100 to 150 of them registered on the network, Cannon said. Network administrators have noticed the problem nine times in the past week. "The scale of the problem is very small right now," said Cannon, adding that the school is working with Apple and Cisco Systems Inc., Duke's network equipment provider, to pinpoint the problem. "But the more iPhones that are around, the more they could be knocking on the door for access."
Source: http://news.yahoo.com/s/ap/20070719/ap_on_hi_te/iphone_duke;_ylt=AqYaqILaV9u7qP1meXmug2AjtBAF

39. July 19, VNUNet — Signature−based security unable to cope with 'zero−minute' threats. Signature−based malware detection techniques are becoming less effective in the face of so−called 'malware 2.0' threats, a security firm claimed Thursday, July 19. "The security space is changing rapidly. We are witnessing a major shift in the anti−malware marketplace moving into a new era of malware 2.0," said Kurt Baumgartner, chief threat officer at PC Tools. "We are now dealing with zero−minute, rather than just zero−day, exploits that have the potential to further evade signature detections." PC Tools said that malware variants are now released at "immense rates," driving up sample volumes and making it almost impossible for researchers to keep on top of updates using manual analysis. These threats are taking advantage of the non−detection sweet spot where they can freely propagate and infect before anti−malware companies can respond. PC Tools argues that new compilers and other techniques are being used to make threats more difficult, if not impossible, to detect with traditional signature−based systems.
Source: http://www.vnunet.com/vnunet/news/2194572/signature−security −dead−say

40. July 18, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−199A: Mozilla updates for multiple vulnerabilities. Mozilla has released new versions of Firefox and Thunderbird to address several vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to view a specially−crafted HTML document, such as a Web page or an HTML e−mail message. Systems Affected: Mozilla Firefox and Mozilla Thunderbird. Other products based on Mozilla components may also be affected. Solution: Upgrade: These vulnerabilities are addressed in Mozilla Firefox and Thunderbird Disable JavaScript: Some of these vulnerabilities can be mitigated by disabling JavaScript or using the NoScript extension. For more information about configuring Firefox, please see the Securing Your Web Browser document: http://www.us−cert.gov/reading_room/securing_browser/#Mozill a_Firefox
Thunderbird disables JavaScript and Java by default.
Source: http://www.uscert.gov/cas/techalerts/TA07−199A.html

41. July 18, eWeek — Explosion cuts Manhattan Internet service. An explosion early Wednesday morning, July 18, just south of Grand Central Station interrupted Internet service for Manhattan customers. In the hours following the incident, Verizon had already determined that major switches located underground had not been affected, and was preparing to inspect the cables underground. But it could not provide an estimate of whether or how many of its customers were affected. Mark Marchand, a spokesperson for the New York−based ISP, said the company was "still in the assessment phase." Marchand explained that the company has underground facilities under major Manhattan arteries such as Lexington Avenue, where the Con Edison steam pipe burst.
Source: http://www.eweek.com/article2/0,1895,2160274,00.asp

42. July 18, eWeek — Image spammers utilize PDF. Security vendors warn image spammers are increasingly using PDF files to bypass spam filters. Researchers at BorderWare Technologies, based in Toronto, reported that on any given day, more than 30 image spam campaigns are being run, with more than half of those being PDF−based. The findings come as a number of vendors have reported that the amount of image spam has declined in favor of PDF spam. A Commtouch report for the second−quarter of the year found that image spam had dropped to less than 15 percent of all spam, compared to 30 percent in the first−quarter of 2007. Rebecca Herson Senior Director, Marketing at Commtouch, said image spam had dropped overall because of increased enforcement attention to stock scams and improved spam filtering technologies.
Source: http://www.eweek.com/article2/0,1895,2160212,00.asp
Thursday, July 19, 2007

Daily Highlights

Counterterrorism investigators in New Jersey now have real−time access to information on potentially hazardous shipments on CSX Transportation, one of the nation's largest rail networks. (See item 17)
The White House Homeland Security Council on Tuesday, July 17, released a one−yearupdate on the federal government's pandemic influenza preparedness strategy, reporting that it has met 86 percent of the objectives it set for itself a year ago. (See item 30)
Information Technology and Telecommunications Sector

34. July 18, Sophos — Sophos reveals top 12 spam−relaying countries. Sophos has published its latest report on the top twelve spam−relaying countries over the second quarter of 2007. The U.S. continues to relay more spam than any other nation, accounting for 19.6 percent −− a decrease of just 0.2 percent from the previous quarter. However, Europe now has six entries in the top 12 spam−relaying countries list, which when combined, account for even more spam−relaying than the U.S. Sophos notes that the number of compromised PCs continues to rise steadily in Europe. The top twelve spam−relaying countries are as follows: 1) United States; 2) China (including Hong Kong); 3) South Korea; 4) Poland; 5) Germany; 6) Brazil; 7) France; 8) Russia; 9) Turkey; 10) United Kingdom; 10) Italy; 12) India.
Source: http://www.sophos.com/pressoffice/news/articles/2007/07/dirt ydozjul07.html

35. July 18, Reuters — China Internet censors blamed for e−mail chaos. Internet users and company officials in China on Wednesday, July 18, blamed a series of disruptions to cross−border e−mail traffic on adjustments to the country's vast Internet surveillance system. IT company executives offered varying explanations for the e−mail disruptions, but agreed they were not a result of standard technical problems. China is in the midst of a highly publicized campaign to rein in "unhealthy content" in its rapidly growing Internet, whose rapid spread of information regarding incidents of government corruption and rural unrest not reported in conventional media has alarmed China's stability−obsessed leaders. "We have had hundreds of complaints from our clients in the last couple of days," said Richard Ford, technical director of Candis Group, a Beijing−based IT company that processes hundreds of thousands of e−mails a day. Ford said clients complained of e−mails being returned with error messages that could only have been placed by a "third party" between local and foreign mail servers. Several other IT companies managing e−mail servers confirmed Internet users and clients in China and overseas had complained of having trouble sending and receiving e−mails.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=KZVNFLPTIUFBWQSNDLOSKHSCJUNN2JVN?articleID=201001971&articleID=201001971

36. July 17, eWeek — Oracle update plugs security holes. Oracle issued 45 security fixes for its customers Tuesday, July 17, as part of its quarterly Critical Patch Update. The 45 patches plug security holes in Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E−Business Suite and Applications, and Oracle PeopleSoft Enterprise products. The most serious of the flaws are two vulnerabilities affecting Oracle PeopleSoft Enterprise PeopleTools and received a Common Vulnerability Scoring System rating of 4.8 out of 10. The flaw can be exploited remotely by attacker but requires user authentication.
Oracle Critical Patch Update: http://www.oracle.com/technology/deploy/security/critical−patch−updates/cpujul2007.html
Source: http://www.eweek.com/article2/0,1895,2159759,00.asp
Wednesday, July 18, 2007

Daily Highlights

The Washington Post reports air travelers should not expect authorities to ease restrictions on gels and liquids in carry−on luggage until sometime next year when new technology may give screeners the ability to more easily spot potential explosives in bags. (See item 12)
According to a U.S. intelligence estimate released Tuesday, July 17, the al Qaeda terrorist network has regained enough strength to pose the largest part of a persistent and evolving terrorist threat to the United States over the next three years. (See item 35)
Information Technology and Telecommunications Sector

31. July 17, VNUNet — Cross−browser Firefox/IE flaw worsens. The browser flaw which allows attackers to hijack a computer by using Internet Explorer (IE) to launch Firefox is affecting other applications as well. Security researchers Nate McFeters, Billy Rios and Raghav Dube have disclosed information and working exploit code for a similar vulnerability in Trillian. Like the Firefox attack, the Trillian exploit uses a Uniform Resource Identifier (URI) function as the point of attack. The URI allows the browser to launch a third−party application on the user's system in much the same way that a URL is used to access a Web page. When the user visits a specially−crafted page, the application is launched and attack code is run to crash the application and execute code. The attack could be used to remotely install malware on a user's system. The researchers claim that, while this attack only affects AIM clients, any application that allows for URI access could be targeted with similar attacks.
Trillian vulnerability information provided by McFeters, Rios, and Dube:
http://www.xs−sniper.com/nmcfeters/Cross−App−Scripting−2.htm l
Source: http://www.vnunet.com/vnunet/news/2194362/cross−browser−flaw −expands

32. July 16, IDG News Service — Security firm: Don't use iPhone Web dialer. Security researchers at SPI Labs are warning iPhone users not to use a special feature that lets them dial telephone numbers over the Web using the iPhone's Safari browser. The feature was created to give iPhone users a simple way to dial phone numbers listed on Web pages, but according to SPI, the feature could be misused. Attackers could exploit a bug in this feature to trick a victim into making phone calls to expensive "900" numbers or even keep track of phone calls made by the victim over the Web, said Billy Hoffman, lead researcher with SPI Labs. The iPhone could even be stopped from dialing out, or set to dial out endlessly, he said. "Because this vulnerability can be launched from Websites, everybody who has an iPhone has the potential to get exploited," Hoffman said.
SPI Labs blog: http://portal.spidynamics.com/blogs/spilabs/archive/2007/07/16/SPI−Labs−advises−avoiding−iPhone−feature.aspx
Source: http://www.infoworld.com/article/07/07/16/Security−firm−says−to−not−use−iPhone−Web−dialer_1.html

33. July 16, ComputerWorld — Anonymous researcher boasts of building Mac worm. An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple Inc. missed in a May round of patches. A poster on the Information Security Sell Out blog said Sunday, July 15, that he or she had written a proof−of−concept worm "in a few hours" that exploits a variation of a vulnerability patched in May by Apple. According to the researcher, he or she exploited a still−unpatched bug in mDSNResponder, a component of Apple's Bonjour automatic network configuring service, in the worm's code. "This vulnerability, as with the ones fixed, gives remote root access," the researcher said. Apple's May security update, 2007−005, included a fix for the mDSN bug.
Information Security Sell Out blog:
http://infosecsellout.blogspot.com/2007/07/oh−look−apple−wor m.html
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027179&intsrc=hm_list
Tuesday, July 17, 2007

Daily Highlights

The Associated Press reports an Ohio man trying to take down a power line to steal and sell the copper inside was electrocuted early Monday morning, July 16; copper thefts have increased across the nation as the salvage price for the metal has more than quadrupled since 2003. (See item 1)
IDG News Service reports San Francisco offers subscribers a text−based emergency notification system for e−mail accounts and mobile devices called AlertSF, which can send warning alerts about flooding, power outages, and traffic disruptions, as well as tsunami alerts and other post−disaster information. (See item 25)
Information Technology and Telecommunications Sector

27. July 16, IDG News Service — Powerful earthquake disrupts Japan communications. A powerful earthquake that struck northern Japan Monday morning, July 16, has caused disruption to communications services in the country. The earthquake just off the coast of Niigata prefecture, which is northwest of Tokyo. The magnitude 6.8 quake registered an intensity of 6+ on Japan's scale of 0 to 7, in three locations. As a result of the temblor, major telecommunications carriers have imposed restrictions on phone calls into and out of the affected area. NTT East Corp., the major fixed−line provider in the area, has activated its "disaster dial 171" service that allows people in the area to leave voicemail messages that can be checked by those in the rest of the country. The major cell phone carriers have similarly restricted calls and activated their own disaster message board services on wireless Internet sites.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027082&intsrc=hm_list

28. July 16, IDG News Service — IBM nets real−time capabilities with DataMirror buy. IBM is looking to add real−time capabilities to its data integration software by buying Canadian firm DataMirror for about $162.3 million. DataMirror's Transformation Server software identifies and captures data that has been added, updated, or deleted, and it enables the changed information to be delivered in real time to processes, applications, and databases. Subject to shareholder and regulatory approval, the deal is set to close in the third quarter of this year.
Source: http://www.infoworld.com/article/07/07/16/IBM−DataMirror−buy _1.html

29. July 14, InformationWeek — IT security: The data theft time bomb. Despite the billions of dollars spent on information security products, the aggressive patching and repairing of operating systems and applications, and the heightened awareness of the need for computer users to guard against identity theft, most organizations aren't feeling any more secure than they were a year ago. InformationWeek Research's 10th annual Global Information Security survey shows that two−thirds of 1,101 survey respondents in the United States and 89 percent of 1,991 respondents in China are feeling just as vulnerable to security attacks as last year, or more so. Contributing to this unease is the perception that security technology has grown overly complex, to the point where it's contributing to the problem. The No. 1 security challenge identified by almost half of U.S. respondents is "managing the complexity of security." Yet a case can be made that respondents aren't worried enough, particularly about lost and stolen company and customer data. Only one−third of U.S. survey respondents and less than half of those in China cite "preventing breaches" as their biggest security challenge.
Source: http://www.informationweek.com/news/showArticle.jhtml;jsessionid=RK2TUBBPEPSV0QSNDLPCKH0CJUNN2JVN?articleID=201001203

30. July 13, IDG News Service — After criticism, Sun fixes Java flaw. Just days after a security researcher blasted its Java patching system, Sun Microsystems has issued a critical update to the consumer version of its Java software. The Java Platform Standard Edition (SE) Version 6, Update 2 release was made available on Sun's Java.com Website Friday, July 13, and is being pushed out to Java users who use the software's automatic update system, said Jacki Decoster, a Sun spokesperson. Sun supports four different versions of its Java SE software for desktop computers, and the company had already patched the other versions before releasing the Version 6, Update 2 release, which is the latest version of the product for consumer users. That raised a red flag with security vendor eEye Digital Security, which said that the staggered release schedule gives criminals a chance to reverse−engineer the Java bug by looking at the patches that have been made public.
Source: http://www.infoworld.com/article/07/07/13/Sun−fixes−Java−flaw_1.html?source=rss&url=http://www.infoworld.com/article/07/07/13/Sun−fixes−Java−flaw_1.html
Monday, July 16, 2007

Daily Highlights

A government investigator has accused the Federal Aviation Administration of covering up mistakes by air traffic controllers at Dallas−Fort Worth International Airport, one of the nation's busiest. (See item 14)
The Associated Press reports that two teenagers were arrested on conspiracy charges for allegedly threatening to attack teachers and classmates with guns and bombs at Connetquot High School on Long Island. (See item 25)
Information Technology and Telecommunications Sector

28. July 13, Register (UK) — Oracle UK systems accused in SSH hacking spree. Compromised computers at Oracle UK are listed among the ten worst offenders on the net for launching attacks on servers which run SSH (secure shell) server software. Oracle said it is investigating the reported problem. A box (or group of boxes behind a proxy) at Oracle UK is among the worst offenders for launching attacks, according to statistics from servers running DenyHosts software to block SSH brute−force password attacks. DenyHosts is a script for Linux system administrators designed to help thwart SSH server attacks. Around 6,800 users contribute to the data it collects. The compromised Oracle boxes −− recorded as active since May 3 −− feature at number nine on DenyHosts' list. The listing implies a computer (or multiple computers) at Oracle UK have been compromised for weeks allowing hackers to enjoy access to Oracle's bandwidth in order to hack other boxes elsewhere on the Internet.
Source: http://www.theregister.co.uk/2007/07/13/oracle_ssh_shamelist _listing/

29. July 13, CNET News — Cell phone security has at least one flaw: people. People have always been the weakest link when it comes to protecting computers. The same applies to mobile phones. Despite companies' attempts to create relatively secure operating systems, trickery and social engineering continue to manipulate people. For example, the Symbian operating system for mobile phones is "fairly secure," F−Secure security expert Patrik Runald said. Yet security is a problem. "All the malware we've seen so far relies on the user installing it themselves, bypassing three to four security warnings. So there hasn't really been a flaw in the operating system," he said. Runald acknowledges that some problems may be caused by unclear instructions on the user interface. But by and large, he said, security problems are caused by people ignoring warning signs. There have been a few instances in which cybercriminals disguised files to make them look like interesting shareware or freeware, but mostly he blames user ignorance. "They think it's about ringtones, games, wallpapers, videos −− all good and fun things. But there are actually malicious things out there as well," Runald said.
Source: http://news.com.com/Cell+phone+security+has+at+least+one+flaw+people/2100−7349_3−6196553.html?tag=nefd.top

30. July 13, CNET News — Critical Microsoft security bulletin revised to add Office for Mac. Microsoft late Thursday, July 12, revised one of its critical security bulletins from Patch Tuesday, adding another item to its list of affected software. Security bulletin MS07−036 now includes a warning that Microsoft Office 2004 for the Mac is also affected. The update is designed to address a security flaw, which could allow attackers to overwrite the computer's memory with malicious code. Microsoft notes that people running Office 2004 for the Mac on the Mac OS X 10.2 are at risk.
Microsoft Security Bulletin MS07−036:
http://www.microsoft.com/technet/security/Bulletin/ms07−036. mspx
Source: http://news.com.com/8301−10784_3−9744027−7.html
Friday, July 13, 2007

Daily Highlights

VNUNet reports utility companies could be facing a hacking time bomb owing to poor security measures, since as more utilities move control and billing systems online, hackers are increasingly turning their attention to the possibilities of controlling the systems. (See item 3)
Congressional investigators set up a bogus company with only a postal box and within a month obtained a license from the Nuclear Regulatory Commission that allowed them to buy enough radioactive material for a small dirty bomb. (See item 4)
The Associated Press reports two planes came within 100 feet of colliding at Fort Lauderdale−Hollywood International Airport on Wednesday, July 11, after one missed its turn onto a taxiway and entered the runway where the other was about to land. (See item 11)
Information Technology and Telecommunications Sector

32. July 12, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−193A: Apple releases security updates for QuickTime. Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial−of−service condition. Solution: Upgrade QuickTime Upgrade to QuickTime 7.2. This and other updates for Mac OS X are available via Apple Update. Apple Update: http://docs.info.apple.com/article.html?artnum=106704
QuickTime 7.2: http://www.apple.com/quicktime/download/
On Microsoft Windows, QuickTime users can install the update by using the built−in auto−update mechanism, Apple Software Update, or by installing the update manually.
Apple Software Update: http://docs.info.apple.com/article.html?artnum=304263
An attacker may be able to exploit some of these vulnerabilities by persuading a user to access a specially crafted media file with a Web browser. Disabling QuickTime in your Web browser may defend against this attack vector. For more information, refer to the Securing Your Web Browser document. An attacker may be able to exploit some of these vulnerabilities by persuading a user to access a specially crafted Java applet with a Web browser. Disabling Java in your Web browser may defend against this attack vector. Instructions for disabling Java can be found in the Securing Your Web Browser document.
Securing Your Web Browser: http://www.us−cert.gov/reading_room/securing_browser/
Source: http://www.us−cert.gov/cas/techalerts/TA07−193A.html

33. July 11, eWeek — The 'zero−day' solution. There's still no consensus regarding whether the zero−day vulnerability that security researcher Thor Larholm found is on Internet Explorer or on Firefox. But more to the point, there is a way to block the exploit, which otherwise could lead to remote system hijacking. According to Microsoft Security Program Manager Jesper Johansson, blocking the exploit boils down to deleting Firefox protocol handlers. To do so on a single computer, he said, requires running these commands: reg delete HKCR\FirefoxHTML /f; reg delete HKCR\FirefoxURL /f; and reg delete HKCR\Firefox.URL /f. One way to kill the protocol handlers on multiple machines is to group policy script and SMS packages, he said. Rolling the fix out to thousands of machines can be done by creating a batch file deployed as a startup script. To enable restoration of the protocol handlers, Johansson recommended running this command on any machine with Firefox installed: reg export HKCR\ backup.reg. "That will create a reg script that you can use to re−import the settings once Mozilla produces a patch to fix the problem," he said.
Source: http://www.eweek.com/article2/0,1895,2157333,00.asp

34. July 11, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−192A: Adobe Flash Player updates for multiple vulnerabilities. There are critical vulnerabilities in Adobe Flash player and related software. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Systems affected: Microsoft Windows, Apple Mac OS X, Linux, Solaris, or other operating systems with any of the following Adobe products installed: Flash Player; Flash Player and earlier network distribution; Flash Basic; Flash CS3 Professional; Flash Professional 8, Flash Basic; Flex 2.0; Flash Player 7.070.0 for Linux or Solaris. Solution: Apply Updates: Check with your vendor for patches or updates. For information about a specific vendor, please see the Systems Affected section in the vulnerability notes or contact your vendor directly. If you get the flash player from Adobe, see the Adobe Get Flash page for information about updates.
Vulnerability notes: http://www.kb.cert.org/vuls/id/945060
Adobe Get Flash: http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
Disable Flash: Users who are unable to apply the patch should disable Flash.
Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb07−12.ht ml
Source: http://www.uscert.gov/cas/techalerts/TA07−192A.html

35. July 11, ComputerWorld — Israeli security firm reports huge spike in PDF spam. Israeli security firm Commtouch Software Ltd. is warning of a massive surge in PDF spam. According to estimates by the company, about 10 percent to 15 percent of all spam over the past day or so has been in the form of PDF messages. "Given the fact that these messages are nearly four times bigger than standard spam messages, this increases overall global spam traffic by 30 percent to 40 percent," said Rebecca Herson, senior director of marketing at the Israel−based company. So far, the outbreak has involved 14 billion to 21 billion PDF unsolicited messages and shows no signs of slowing, Herson said. An analysis of the outbreak shows it to be a truly global zombie−distributed spam attack, Herson said. About 24 percent of the spam e−mails are from the U.S., 14 percent are from Taiwan, and China and Russia accounted for 10 percent and 4 percent, respectively. In all, PDF spam e−mails are being distributed by computers in 167 countries. According to Herson, the technique of sending messages as PDF attachments is relatively new and was first detected only a few weeks ago. The current outbreak shows that spammers have widely adopted the technique, she said.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026840&intsrc=hm_list
Thursday, July 12, 2007

Daily Highlights

eWeek reports that after more than $75 million in bogus credit card charges, several Cuban nationals in Florida have been arrested with more than 200,000 credit card account numbers, many of which came from the TJX and Polo Ralph Lauren data breaches. (See item 6)
The New York Times reports more than 700 tubes of toothpaste containing a chemical used in some antifreeze products have been removed from six of 120 Connecticut stores inspected since July 2. (See item 18)
Information Technology and Telecommunications Sector

26. July 10, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−191A: Microsoft updates for multiple vulnerabilities. Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Excel, Publisher, .NET Framework, Internet Information Services, and Windows Vista Firewall as part of the Microsoft Security Bulletin Summary for July 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Solution: Microsoft has provided updates for these vulnerabilities in the July 2007 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the Bulletins and test for any potentially adverse effects. Microsoft July 2007 Security Bulletins: http://www.microsoft.com/technet/security/bulletin/ms07−jul. mspx
System administrators may wish to consider using an automated patch distribution system such as Windows Server Update Services (WSUS). WSUS: http://technet.microsoft.com/en−us/wsus/default.aspx
Source: http://www.uscert.gov/cas/techalerts/TA07−191A.html

27. July 09, Security Focus — Fast flux foils bot−net takedown. Traditional bot nets have used Internet relay chat (IRC) servers to control each of the compromised PCs, or bots, but the central IRC server is also a weakness, giving defenders a single server to target and take down. An increasingly popular technique, known as fast−flux domain name service (DNS), allows bot nets to use a multitude of servers to hide a key host or to create a highly−available control network. The result: No single point of weakness on which defenders can focus their efforts. Fast−flux bot nets use the Internet's look−up system for domain names against defenders. With a typical domain, the IP address associated with the domain does not change often, if at all. Fast−flux DNS uses a large number of servers and a fast−changing domain record to turn shutdown attempts into a game of whack−a−mole. A related technique, known as rock phishing, uses a large number of proxies to hide the location of a smaller number of critical servers. The computers typically protected by these methods include the command and control servers for bot nets, phishing sites, caches of stolen data, and sites that push malicious code out to other compromised systems.
Source: http://www.securityfocus.com/news/11473
Wednesday, July 11, 2007

Daily Highlights

NBC12 reports Ahmad Abdallah Abu Ghanam, on his way from Jacksonville, Florida, to Amman, Jordan, is facing weapons charges for packing an undeclared .380 caliber semi−automatic pistol wrapped in aluminum foil in his checked luggage. (See item 8)
The Atlanta Journal−Constitution reports thousands of employees at the nation's 450 commercial airports are now subject to the "random security screenings," which the Transportation Security Administration and airport directors support as an alternative to the required screening of all workers. (See item 10)
Information Technology and Telecommunications Sector

30. July 10, Reuters — Cisco, Microsoft, EMC form government−data alliance. Cisco Systems, Microsoft and EMC said on Tuesday, July 10, they have formed an alliance to develop technology for protecting and sharing sensitive government information. The technology, called the Secure Information Sharing Architecture or SISA, will allow government agencies to better communicate while protecting content from being lost or stolen, the companies said. Technology to protect information has historically been enforced system−by−system, the companies said. SISA will allow agencies to set up networks that enable users of different computer systems to access the same information.
Source: http://news.com.com/Cisco%2C+Microsoft%2C+EMC+form+government−data+alliance/2100−1011_3−6195692.html?tag=nefd.top

31. July 10, CNET News — Critical Firefox security flaw discovered. A "highly critical" security flaw has been discovered in Firefox, which could allow a malicious attacker to gain remote control of a user's system, according to an advisory issued by Secunia. The security flaw is found in Firefox 2.0 and later versions, due to the way it registers the "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. "A new URI handler was registered on Windows systems to allow Websites to force launching Firefox if the 'firefoxurl://' URI was called, like ftp://, http://, or similar would call other applications," explained Thomas Kristensen, Secunia chief technology officer. But because of the way the URI handler was registered by Firefox, it causes any parameter to be passed from Microsoft's Internet Explorer (IE), or another application, to Firefox, when firefoxurl:// is activated. Kristensen said the security flaw actually rests with Firefox's URI handler, despite other security sites that attribute the security flaw to IE, such as researcher Thor Larholm, who discovered the flaw, and Symantec.
Secunia advisory: http://secunia.com/advisories/25984/
Source: http://news.com.com/8301−10784_3−9741435−7.html

32. July 09, InfoWorld — BSA offers $1 million reward for turning in software pirates. Earlier this month the Business Software Alliance (BSA) upped the ante from $200,000 to $1 million for anyone who turns in a company that is illegally circumventing software licensing agreements. BSA members include a who's who of the software and hardware industry, including Apple, Adobe, Dell, HP, Microsoft, SAP, and dozens more. The bounty for uncovering cheaters is not just a marketing ploy. The Association can, in fact, put some bite into uncovering cheaters, according to Kris Barker, CEO of Express Metrix. Express Metrix is a company that does hardware and software auditing to help companies keep in compliance with their software licenses. "Most software licensing agreements include a provision that allows a software vendor or its agent, which can be the BSA, to do an audit of end−user agreements," said Barker. The BSA increased the reward as software piracy continues to grow. According to IDC, U.S. software vendors lost $7.3 billion in 2006 as a result of piracy.
Source: http://www.infoworld.com/article/07/07/09/milliondollars_1.h tml

33. July 09, Information Week — New image spam threat uses PDF files. The PDF image spam is just one of a litany of creative attempts to fool e−mail users into downloading malware or visiting phishing sites, says Symantec in its monthly spam report. The good news is that image spam continues to subside, now averaging 14.5 percent of all spam e−mails in June, down from 27 percent and 37 percent in the months of April and March respectively, Symantec reported Monday, July 9, in its July monthly State of Spam report. At its peak in January, image spam accounted for more than half of all spam. The bad news is that this doesn't mean that image spam is going away, as Symantec is seeing an increase in new spam techniques that reference spam images in different ways. Image spammers have started an emerging trend known as PDF image spam, which Symantec has seen in two variations. The first is an e−mail with a PDF attachment that appears to be a legitimate stock newsletter. In the second variant, the PDF attached to the e−mail contains a stock spam image, similar to image spam attacks focusing on stocks.
Symantec's State of Spam report:
http://www.symantec.com/avcenter/reference/Symantec_Spam_Rep ort_−_July_2007.pdf
Source: http://www.informationweek.com/software/showArticle.jhtml;jsessionid=TGX3OD2E15XQIQSNDLRCKH0CJUNN2JVN?articleID=201000269
Tuesday, July 10, 2007

Daily Highlights

IDG News reports that according to Symantec, credit card thieves are starting to use charitable donations with stolen credit cards as a final check to ensure that the numbers will work. (See item 9)
GovExec reports the Secure Border Initiative Network −− a wireless network of high−tech towers to watch for illegal immigrants crossing from Mexico −− is vulnerable to cyber attacks that could shut the system down. (See item 13)
New York police officials say that by the end of this year more than 100 cameras will be monitoring cars moving through Lower Manhattan, in the beginning phase of the Lower Manhattan Security Initiative, a London−style surveillance system that would be the first in the United States. (See item 33)
Information Technology and Telecommunications Sector

25. July 09, IDG News Service — Average zero−day bug has 348−day lifespan, exec says. The average zero−day bug has a lifespan of 348 days before it is discovered or patched, but some vulnerabilities live on for much longer, according to security vendor Immunity's chief executive officer. Zero−day bugs are vulnerabilities that have not been patched or made public. When discovered and not disclosed, these bugs can be used by hackers and criminals to break into corporate systems to steal or change data. As a result, there is a thriving market for zero−day bugs. "Huge amounts of money are being offering to zero−day discoverers for their zero−days," said Justine Aitel, Immunity's CEO, speaking in Singapore at the SyScan '07 security conference. Immunity, which buys but does not disclose zero−day bugs, keeps tabs on how long the bugs it buys last before they are made public or patched. While the average bug has a lifespan of 348 days, the shortest−lived bugs are made public in 99 days. Those with the longest lifespan remain undetected for 1,080 days. To protect their data, security executives need to dig out the zero−day bugs in their systems, Aitel said, noting that this is an area most companies ignore.
Source: http://www.infoworld.com/article/07/07/09/zero−day−bug−lifes pan_1.html

26. July 09, IDG News Service — Google to buy Postini for $625 million. Google has agreed to buy messaging security company Postini for $625 million in a move to increase the appeal of Google's hosted applications among big businesses, the companies announced on Monday, July 9. Postini provides messaging security, archiving, policy enforcement and other services to about 35,000 business customers around the world, Google said. The vendor plans to use the technology to boost the security and compliance features of Google Apps, its hosted suite of productivity applications.
Source: http://news.yahoo.com/s/infoworld/20070709/tc_infoworld/90049;_ylt=AhsVUtQUgfrzLRFcyt4PIN0jtBAF

27. July 09, Websense Security Labs — Malicious Websites / Malicious Code: New fake patch malicious code run. Websense Security Labs has received reports that a new e−mail campaign is spreading that attempts to lure users into downloading malicious code. It appears as though the same group that was behind the widespread attacks July 4th, that used greeting card lures to spread, are behind this also. The July 4th greeting card had more than 250 sites that were hosting a variety of malicious code. The Websites are using the exact same JavaScript obfuscation technique and exploit code as the greeting card run also. All e−mails use URLs that send users to an IP address that will attempt to exploit the users if their browsers are vulnerable. If the browser is not vulnerable the exploit code will not work, however the page will attempt to get the user to download a file called patch.exe by displaying a message: "If your download does not start in approximately 15 seconds click here to download." Subject lines Websense has seen so far are: a) Virus Detected!; b) Trojan Alert!; c) Worm Alert!; d) Worm Activity Detected!
Source: http://www.websense.com/securitylabs/alerts/alert.php?AlertI D=786

28. July 08, ComputerWorld — China claims Motorola, Nokia batteries explode. As investigations continued into the death a 22−year−old Chinese man whose cell phone exploded, Chinese authorities have found batteries that may blow up when used in Motorola Inc. and Nokia Corp. cell phones, news reports said Friday, July 6. Government regulators in the southern province of Guangdong said this week that they had discovered unsafe Motorola and Nokia mobile phone batteries that could explode under certain conditions, the New York Times, Bloomberg, and the Chicago Tribune reported. Both handset manufacturers have said they are cooperating with the safety investigation, but claimed that the batteries fingered by authorities were unauthorized copycats. The news adds a turn to the ongoing investigation of the June 19 death of Xiao Jinpeng, a 22−year−old welder who died after the battery in his handset apparently exploded. However, neither Motorola or provincial law enforcement has confirmed that the phone, reported as made by Illinois−based Motorola, was actually a company−branded handset.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026498&intsrc=hm_list

29. July 06, Linux Devices — New FCC rules may impact Linux−based devices. New U.S. regulations went into effect Friday, July 6, that could change how vendors of devices with software−defined radios (SDR) use open−source software. The new rules could impact manufacturers of mobile phones, Wi−Fi cards and other devices that use SDR technologies. SDR technologies are commonly used in today's mobile phones and Wi−Fi equipment. The Federal Communications Commission's (FCC) new regulations are apparently aimed at ensuring that users of such equipment cannot access source code needed to reprogram it −− for example, to output more power, or operate on inappropriate frequencies, either of which could conceivably endanger public safety. A summary document published by the FCC suggests that because of the new rules, SDR device vendors who use open−source software in certain capacities could face challenges getting FCC approval.
FCC 2500−word document: http://edocket.access.gpo.gov/2007/07−2684.htm
Source: http://linuxdevices.com/news/NS9075126639.html

30. July 06, IDG News Service — Yahoo sites hit by availability problems. Yahoo Inc. suffered availability problems on Friday, July 6, that affected its home page as well as other of its Websites and services for a sustained period of time. Yahoo, which has some of the most popular sites and online services worldwide, first experienced problems on its home page at around 5:50 a.m. U.S. Pacific Time, said Dan Berkowitz, senior communications director at Keynote Systems Inc. Yahoo.com's operations began getting back to normal at around 7:15 a.m., said Berkowitz. At its worst point, Yahoo.com's availability dropped to around 60 percent, meaning that four out of ten visitors couldn't access the page, he said. A variety of bloggers also reported trouble Friday morning accessing other Yahoo services like Yahoo Messenger and Yahoo Mail, as well as other Yahoo sites like the Flickr photo sharing site and the news aggregation site Yahoo News.
Source: http://www.infoworld.com/article/07/07/06/Yahoo−sites−hit−by−availability−problems_1.html

31. July 06, ENN (Ireland) — U.S. claims top spam spot. The U.S. was top of the spam charts for the month of June, according to new e−mail security statistics from IE Internet. The U.S. generated 37.4 percent of all spam filtered by Irish security and e−mail monitoring firm IE Internet during the month of June, well clear of the chasing pack. China came in second with responsibility for 17 percent of spam sent to Irish firms, followed by the UK in third place on 10.9 percent. Mexico claimed fourth place with 9.9 percent, while Russia rounded out the top five, accounting for 7.6 percent of all spam.
Source: http://www.enn.ie/article/65402.html

32. July 05, Information Week — Downed electronic jihad site flew under the radar. Although the "electronic jihad" Website Al−jinan.org was offline for part of Thursday, July 5, the site has been able to survive for about four−and−a−half years for a number of reasons. While its domain name server registration features a number of contradictions that make tracing its origins difficult, the capabilities of the site's Electronic Jihad application are also limited. Still, the mere presence of the site is likely a precursor of an emerging cyber threat. Al−jinan.org's domain name server is being hosted by Ibtekarat, a Web hosting company based in Beirut. Created in December 2002, the site's registration information cites an address with a Los Angeles postal code, while listing the Egyptian city of Al Esmaeiliya as its "registrant city," and Iraq as its "registrant country." Anyone can register as a user with the Al−jinan.org Website and install the Electronic Jihad application on their computer. This gives the user the ability to launch denial−of−service attacks using their own computing resources, although the severity of such an attack depends upon the attacker's resources. According to claims posted on Al−jinan.org, they have contributed to knocking offline various Websites they deem as anti−Islamic.
Source: http://www.informationweek.com/software/showArticle.jhtml;jsessionid=MJ0IVBHGJFEHUQSNDLRCKH0CJUNN2JVN?articleID=200900590&articleID=200900590