Monday, July 2, 2007
Daily Highlights
The New York Times reports a smuggling tunnel freshly excavated under the border with Mexico was sealed Friday, June 29, after a joint raid by United States and Mexican authorities. (See item 13)
·
The Associated Press reports some U.S. airports will tighten security in response to terrorist incidents in Britain; the U.S., however, is not raising its terror alert status at this time. (See item 15)
·
CNN reports a man who allegedly stored nearly 1,500 pounds of potassium nitrate and other chemicals in his Staten Island home and a nearby storage facility was charged with reckless endangerment Friday, June 29. (See item 42)
Information Technology and Telecommunications Sector
37. June 29, IDG News Service — Department of Homeland Security to host closed−door security forum. The Department of Homeland Security will host an invite−only conference two months from now that will bring together security experts from law enforcement, Internet service providers, and the technology industry. The Internet Security Operations and Intelligence (ISOI) workshop will be held on August 27 and 28 at the Academy for Educational Development in Washington, DC. It is expected to draw about 240 participants who will engage in a frank discussion of the latest trends in cybercrime, said Gadi Evron, a security evangelist with Beyond Security who is one of the event's planners.
Source: http://news.yahoo.com/s/infoworld/20070629/tc_infoworld/89786;_ylt=AtPrh6pqrZCNUmledgz4pAcjtBAF
38. June 29, IDG News Service — Microsoft.co.uk succumbs to SQL injection attack. A hacker successfully attacked a Webpage within Microsoft's UK domain on Wednesday, June 27, resulting in the display of a photograph of a child waving the flag of Saudi Arabia. It was "unfortunate" that the site was vulnerable, said Roger Halbheer, chief security advisor for Microsoft in Europe, the Middle East and Africa, on Friday. The problem has since been fixed. However, the hack highlights how large software companies with technical expertise can still prove vulnerable to hackers. The hacker, who posted his name as "rEmOtEr," exploited a programming mistake in the site by using a technique known as SQL injection to get unauthorized access to a database, Halbheer said.
Source: http://news.yahoo.com/s/infoworld/20070629/tc_infoworld/89795;_ylt=Ai0coEUBCqNCNVAA5T1W_sQjtBAF
39. June 28, IDG News Service — RealPlayer, Helix Player vulnerable to attack. Users are being advised to upgrade to newer versions of the RealPlayer and Helix Player multimedia products because of a critical security flaw. The flaw could allow an attacker to gain control over a user's PC using a buffer overflow vulnerability, a memory problem that can allow unauthorized code to run on a machine, according to iDefense Inc. The vulnerability was discovered last October but publicly disclosed Tuesday, June 26, on iDefense's Website. Affected versions of the software include the 10.5 "gold" RealPlayer and any 1.x version of Helix Player, according to the French Security Incident Response Team (FrSIRT). iDefense advisory: http://labs.idefense.com/intelligence/vulnerabilities/displa y.php?id=547
Source: http://www.infoworld.com/article/07/06/28/RealPlayer−Helix−Player−vulnerable_1.html
40. June 28, ComputerWorld — Web−based attack poses as greeting card, tries three exploits. A new round of greeting−card spam that draws users to visit attack sites relies on a sophisticated multipronged, multiexploit strike force to infect machines, security professionals said late Thursday, June 28. Captured samples of the unsolicited e−mail have all borne the same subject line −− "You've received a postcard from a family member!" −− and contain links to a malicious Website. "If JavaScript is disabled, then they provide you a handy link to click on to exploit yourself," said an alert posted Thursday afternoon by SANS Institute's Internet Storm Center (ISC). The greeting−card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed "the Hail Mary" by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October. The ISC said several antivirus vendors had tentatively pegged the executable file, which is offered to users whose browsers have JavaScript disabled, as a variation of the Storm Trojan horse.
ISC alert: http://isc.sans.org/diary.html?storyid=3063
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025898&intsrc=hm_list
skip to main |
skip to sidebar
Subscription to the full report on a daily basis can be obtained: Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe. To obtain a complete copy of the current report proceed to the DHS link below. To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.
Blog Archive
- ► 2016 (256)
- ► 2015 (254)
- ► 2014 (255)
- ► 2013 (244)
- ► 2012 (260)
- ► 2011 (250)
- ► 2010 (248)
- ► 2009 (254)
- ► 2008 (252)
- ▼ 2007 (233)
Links
About Me
- BobJ
- U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions. Motto: "When entrusted to process, you are obligated to safeguard"
No comments:
Post a Comment