Friday, June 29, 2007
Daily Highlights
The Associated Press reports the wing of a departing jetliner struck the tail of another plane on a holding pad at Chicago's O'Hare International Airport on Wednesday, June 27, during a severe thunderstorm. (See item 13)
·
The New York Times reports tainted Chinese toothpaste was widely distributed in the U.S., with roughly 900,000 tubes turning up in hospitals for the mentally ill, prisons, juvenile detention centers, and even some hospitals serving the general population. (See item 23)
Information Technology and Telecommunications Sector
32. June 28, CNET News — Gartner: Businesses should be wary of iPhone. Analyst Gartner claims the iPhone could "punch a hole" through corporate security systems if workers are allowed to use the phone for work purposes. IT departments should be extremely wary of allowing employees to use Apple's mobile handset because it does not contain the necessary functionality to comply with basic corporate security, analysts warned in a research note released on Thursday, June 28. The iPhone will be launched in the U.S. on Friday. Gartner lists the following reasons to steer clear of the iPhone for now: a) Lack of support from major mobile device management suites and mobile−security suites; b) Lack of support from major business mobile e−mail solution providers; c) An operating system platform that is not licensed to alternative−hardware suppliers, meaning there are limited backup options; d) Feature deficiencies that would increase support costs; e) Currently available from only one operator in the U.S.; f) An unproven device from a vendor that has never built an enterprise−class mobile device; g) The high price of the device, which starts at $500; H) A clear statement by Apple that it is focused on consumer rather than enterprise.
Source: http://news.com.com/Gartner+Businesses+should+be+wary+of+iPhone/2100−7350_3−6193856.html?tag=nefd.top
33. June 28, Sophos — Harry Potter worm targets USB memory drives. With just weeks remaining until the release of the last ever Harry Potter novel, and the imminent premiere of the fifth movie in the franchise, Sophos has warned of a new computer worm exploiting Potter−mania around the world. The W32/Hairy−A worm spreads by copying itself onto USB memory sticks, posing as a copy of the eagerly−anticipated novel "Harry Potter and the Deathly Hallows." Windows users who allow affected flash drives to "autorun" are automatically infected by the worm when it is attached to their PC. A file called HarryPotter−TheDeathlyHallows.doc can be found in the root directory of infected USB drives. Inside the Word document file is the simple phrase "Harry Potter is dead."
Source: http://www.sophos.com/pressoffice/news/articles/2007/06/hair y.html
34. June 27, InformationWeek — Hackers take over MySpace pages to build bots. Internet Storm Center researchers are warning users that drive−by exploits have been embedded in a few dozen legitimate MySpace pages. Johannes Ullrich, chief technology officer with the Internet Storm Center, told InformationWeek that the malicious code that's embedded in the Webpages installs the FluxBot, a dangerous new bot. Since the bot doesn't have a central command and instead relies on a complex set of ever−changing networks of proxy servers, Ullrich said it's extremely difficult to shut it down or cleanse it off an infected system. Ullrich explained that the embedded malicious code tries to exploit an old Microsoft Internet Explorer bug that was patched mid−2006. If that bug lets in the exploit, then the FluxBot is downloaded. "The IE hole is not particularly dangerous at this point, but quite a few people still got hit," he added. "I guess there are a lot of people out there with unpatched versions of Internet Explorer." Ullrich also noted that while MySpace isn't a new target for hackers, it's an increasingly popular one.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=B50NC0JHNDDKAQSNDLRSKHSCJUNN2JVN?articleID=200001122
skip to main |
skip to sidebar
Subscription to the full report on a daily basis can be obtained: Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe. To obtain a complete copy of the current report proceed to the DHS link below. To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.
Blog Archive
- ► 2016 (256)
- ► 2015 (254)
- ► 2014 (255)
- ► 2013 (244)
- ► 2012 (260)
- ► 2011 (250)
- ► 2010 (248)
- ► 2009 (254)
- ► 2008 (252)
- ▼ 2007 (233)
Links
About Me
- BobJ
- U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions. Motto: "When entrusted to process, you are obligated to safeguard"
No comments:
Post a Comment