Friday, August 31, 2007

Daily Highlights

According to the Reuters News Agency, Dangerous chemicals that were removed from Iraq in the 1990s were found in a U.N. office in New York. (See item 2)

The Leader Times reports Armstrong County in southern Pennsylvania is set to begin issuing smart cards to about 1,000 emergency personnel and volunteers throughout the county in compliance with Presidential Directive 12 for the Department of Homeland Security's Counter Terrorism Task Force. (See item 31)

Information Technology Sector

34. August 30, Computerworld – Researchers spot rootkits on more Sony USB drives. A second line of USB drives sold by Sony Electronics Inc. that uses rootkit tactics to hide files has been identified, and the devices' software remains on the Web, a researcher said today. Hackers using just one of the package's files can mask their attack code from some security scanners, said the chief research officer at F-Secure Corp. "This new rootkit [which can still be downloaded] can be used by any malware author to hide any folder,” he said. On Monday, FSecure announced that the fingerprint-reader software included with Sony's MicroVault USMF flash drives stores files in a hidden directory that could be used by hackers to cloak their malicious code. F-Secure noted that the USM-F models were difficult, but not impossible to find. Sony has since confirmed that the line has been discontinued. But its replacement, the USM512FL, is widely available and shares the rootkit-like techniques of its predecessor. Sony has removed the download links for the USM-F and USM512FL software from its MicroVault support site, but researchers said today that they were still able to locate a live link with the information.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9033798&taxonomyId=17&intsrc=kc_top

35. August 29, Computerworld – Retail point-of-sale systems riddled with security flaws, warns researcher. Retail point-of-sale (POS) systems pose a clear but often overlooked danger to consumer credit card data, a security researcher warned this week. A white paper released by Hacker Factor Solutions described several relatively easily exploited vulnerabilities in POS technologies. "The vulnerabilities disclosed in this document denote a set of fundamental flaws in the point-of-sale process," the author said, adding that “even if a solution were available today, it would take years to be fully deployed." POS terminals that read credit card information, perform card transactions, and receive the confirmation code make attractive targets for hackers, the report notes, calling attention to the need for security standards at the payment level for POS devices and software.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9033620&taxonomyId=17&intsrc=kc_top

36. August 29 Computerworld – Microsoft blames WGA meltdown on human error. Microsoft Corp. said late Tuesday that last weekend's failure of the antipiracy process it requires of Windows XP and Vista was due to "human error" and shouldn't be called an "outage" since the servers didn't go off-line. The company also promised that changes have been made to avoid a repeat.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9033603&taxonomyId=17&intsrc=kc_top

37. August 29, Infoworld – Monster outlines anti-fraud measures. One week after hackers stole personal information from millions of people who had posted their resumes to Monster.com, the company has warned its users to be vigilant about online fraud because the breach was not an isolated incident. In an e-mail message sent to users, Monster shared antifraud advice and pledged to improve its security practices through enhanced surveillance of site traffic and tighter access to the Web site. Monster disclosed on August 23 that it had discovered a data breach caused by hackers who posed as employers, then illegally downloaded the names, addresses, phone numbers, and e-mail addresses of 1.3 million job-seekers. The hackers then sent e-mail to the users in an attempt to collect their passwords to financial sites or to install viruses on their PCs.
Source: http://www.infoworld.com/article/07/08/29/Monster-outlines-anti-fraudmeasures_1.html

38. August 28, Federal Times – Hackers steal info on USAJOBS.gov subscribers. Hackers have stolen the names, e-mail addresses and telephone numbers of about 146,000 subscribers to USAJOBS.gov, the Office of Personnel Management said Wednesday. The hackers accessed the information from the resume database run by Monster.com, which provides the technology for USAJOBS.gov, OPM said. Monster Worldwide told OPM that no Social Security numbers were compromised. OPM said that because of the breach, job seekers could find themselves targeted by so-called “phishing” e-mails, possibly disguised as Monster.com or USAJOBS.gov messages. Phishing e-mails try to trick people into revealing sensitive information such as passwords or downloading malicious software. Monster has identified and shut down the server that was accessing and collecting the information, OPM said.
Source: http://federaltimes.com/index.php?S=3001571

Communications Sector

39. August 29, CNet – Security group voices concerns over VoIP. A member of the Jericho Forum security group has criticized the security of voice over IP technology after researchers revealed that it was possible to eavesdrop on VoIP conversations. An eavesdropping vulnerability was revealed on the Full Disclosure mailing list on Wednesday. Vulnerability researchers claimed the exploit could allow a remote attacker to turn a VoIP phone into an eavesdropping device. A Jericho Forum board member said that VoIP is not yet ready for use in businesses. "We don't consider VoIP to be enterprise-ready," he said. "You can't run VoIP on a corporate network because you can't trust every single device on that network. VoIP as it stands certainly isn't secure. Going forward, everybody should be using inherently secure protocols."
Source: http://news.com.com/Security+group+voices+concerns+over+VoIP/2100-7355_3-6205178.html?tag=cd.top
Thursday, August 30, 2007

Daily Highlights

According to the Detroit Free Press, a spill at a chemical plant in Michigan forced evacuations. Nearly 7,000 gallons of nitric acid spilled at the chemical plant and created a potentially toxic cloud that forced evacuations in an industrial area. (See item 3)

Arbiter online reports a video game that simulates terrorist attacks and other major disasters could become pertinent to homeland security. The game simulates virtual reality training for emergency personnel. (See item 35)


Information Technology Sector

36. August 29, Electronic News – Flextronics-Solectron merger gets EC green light. The European Commission (EC) today announced that it has approved, under the European Union merger regulation, the proposed acquisition of Milpitas, Calif.- based electronics manufacturing services (EMS) provider Solectron Corp. by Singapore-based EMS provider Flextronics International Ltd. The rivaling companies announced in June their entrance into a definitive acquisition agreement that had been unanimously approved by the boards of both Solectron and
Flextronics.
Source: http://www.edn.com/article/CA6472924.html?industryid=47037

37. August 28, IDG News – Japan military homes, destroyer raided over data leak. The homes of several serving members of Japan's Maritime Self Defense Force (JMSDF) and a destroyer were raided as part of an investigation into a leak of sensitive military data from a computer, Japan's Kyodo News reported Tuesday. Officers from the Kanagawa police force and the JMSDF's own criminal investigations unit are investigating the leak of information related to the Aegis missile defense system, the sea-based Standard Missile-3 interceptor system and
the reconnaissance satellite data exchange Link 16 system. The Aegis leak first came to light in March this year when police were conducting an immigrationrelated investigation into the Chinese wife of a JMSDF officer. During the search they came across the data, which included the radar and transmission frequencies of the Aegis system. The issue of data security has been a sensitive one between Japan and the U.S. Japan's Defense Minister apologized to his U.S. counterpart during a visit to Washington, D.C., earlier this year and in June during a speech in Tokyo
Lieutenant General Bruce Wright, commander of U.S. Forces Japan, called the leak "a very serious security problem." Data security at Japanese military and government institutions has been in the spotlight in the last year. The rapid spread of viruses on file sharing networks has served to highlight that many employees and service personnel run file sharing software on official computers. The viruses have caused sensitive documents to be published and shared with data inevitably ending up on the Web.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9033179&taxonomyId=17&intsrc=kc_top

38. August 28, ComputerWorld – New attacks leave online transactions vulnerable even after sign-on authentication. Companies are trying to demonstrate that they're getting better at securing online transactions by adding multiple forms of authentication at sign-on, such as site keys. But experts say they could do 10 types of authentication at the start of the session and users would still be subject to attacks. "Once that user is authenticated, they think they're OK, but instead
companies have given them a false sense of security to merrily transact business." says the CEO of 2factor Inc. in Maumee, Ohio. An expert, who is currently leading one of several start-ups that are trying to tackle this problem, says the real threat for online transactions these days comes from intrasession attacks, where a secure session is hijacked without the user's knowledge. These usually occur in two ways, during a piggyback attack or a spoof server attack.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000174&intsrc=hm_list

Communications Sector

39. August 29, CNet – Wi-Fi to supersede wired Ethernet. Wi-Fi will start replacing wired Ethernet within the next two to three years, as users and applications go mobile. In a report comparing gigabit Ethernet with the latest version of Wi-Fi, 802.11n, Burton Group suggests that companies should begin making plans for switching their local-area networks (LANs) from wired to wireless. A Burton analyst listed several reasons for the switch, including growing numbers of laptop users, increased use of mobile applications and the deployment of voice over Internet Protocol, or VoIP. In addition, while recent advances in radio design, security and wireless management would soon make 802.11n the preferred LAN access technology, wired Ethernet would continue to be necessary in switch trunks and data center networks for many years to come. The new version of 802.11n promises higher throughput, and better range and bandwidth, than its predecessors. However, the standard's ratification has been a controversial affair, with final
approval by the Institute of Electrical and Electronics Engineers (IEEE) poised to come as late as 2009.
Source: http://news.com.com/Report+Wi-Fi+to+supersede+wired+Ethernet/2100-7351_3-6205010.html?tag=cd.top

40. August 28, Associated Press – Chicago scraps plans for wi-fi network. The plan to cover Chicago’s 228 miles with wireless internet access will be shelved because it is too costly and too few residents would use it. After much consideration city authorities decided they needed to reevaluate their approach to provide universal and affordable access to high speed Internet as part of the city's broader digital inclusion efforts. The city said that negotiations with private-sector partners have stalled because any citywide wi-fi would require massive public financing. The city
had hoped to provide only infrastructure for the network. Tuesday's announcement makes Chicago the latest in a string of municipalities to encounter troubles with their municipal broadband initiatives. About 175 U.S. cities or regions have citywide or partial systems.
Source: http://www.topix.net/content/ap/2007/08/chicago-scraps-plans-for-wi-finetwork

Wednesday, August 29, 2007

Daily Highlights

According to the Associated Press, South Carolina State Attorney General Henry McMaster wants tougher groundwater monitoring standards at one of the nation's few low level nuclear waste facilities. (See item 5)

Reuters reports A federal laboratory off Long Island, known as the "Alcatraz for animal disease," may move to the U.S. mainland as part of a new $450 million research center. (See item 36)

Information Technology Sector

39. August 28, AP — Beijing police launch virtual Web patrol. Police in China's capital said Tuesday they will start patrolling the Web using animated officers that pop up on a user's browser and walk, bike or drive across the screen warning them to stay away from illegal Internet content. Starting Sept. 1, the cartoon alerts will appear every half hour on 13 of China's top portals, including Sohu and Sina, and by the end of the year will appear on all Web sites registered with Beijing servers. The animated police appeared designed to startle Web surfers and remind them that authorities closely monitor Web activity.
Source: http://news.yahoo.com/s/ap/20070828/ap_on_hi_te/china_web_police;_ylt=AsYKAaakzG7yZ79MzsBKSNcjtBAF

40. August28, PC Magazine — Storm Worm uses YouTube ruse. Security professionals are warning that distributors of the Storm Trojan are using URL links that appear to be connected to a YouTube video. The malicious Storm Worm program first appeared in January 2007, infecting thousands of computers in the US and Europe.
Source: http://www.pcmag.com/article2/0,1895,2176469,00.asp

41. August 28, The Morning Call Cyber crime spreading like a virus. According to the 2007 Consumer Reports' State of the Net survey, threats from cyber criminals remain potent despite increase law enforcement and better security software. According to the report, about one in every four persons will become a “cyber victim.” This is slightly less than last year.
Source: http://www.mcall.com/business/local/all-neaconsu828.6011777aug28,0,2085724.story

42. August27, Computerworld Deja vu all over again, Sony uses rootkits, charges F-Secure. According to F-Secure, a Finish security company, some Sony-manufactured USB drives create a hidden folder that hackers can use to cloak malicious programs. The fingerprintreader software included with the Sony MicroVault USM-F line of flash drives installs a driver that hides in a hidden directory under "c:\windows.” That directory, and the files within it, are not visible through Windows' usual application programming interface. This file directory is also invisible to some virus scan programs, the report stated.
Source: http://www.pcworld.com/article/id,136439-c,trojanhorses/article.html

Communications Sector

43. August 27, InformationWeek — Unified communications can cause network traffic jams. More businesses are moving to implement unified communications, mainly because of the efficiency and potential cost savings it offers. While most deployment today are small and limited, users are discovering that there is a down side to unified communications; a significant growth in network traffic that can slowdown application performance and cause other problems. A survey of 576 unified communications users found that 75% said one-quarter of their network traffic in the last three months consisted of UC applications like VoIP, unified messaging, and instant messaging. Nearly 40% of companies have suffered application performance problems due to the convergence of communications applications onto their IP network.
Source: http://news.yahoo.com/s/cmp/20070828/tc_cmp/201802478

44. August 28, Webwire.com — Verizon to expand broadband availability access across
Maine. Verizon has reached a deal with Maine’s State Public Advocate that will allow it to increase high-speed internet access throughout the state. The agreement, which has been approved by the Public Utilities Commission, will increase Verizon's capability to offer the service to approximately 70 percent of the company's access lines in Maine. It is estimated that an additional 35,000 of the company's lines in the state will have broadband capability. The project, which will cost $12 million, is expected to be completed by February, 2008.
Source: http://www.webwire.com/ViewPressRel.asp?aId=46129
Tuesday, August 28, 2007

Yesterday, the following item appeared in the Daily Report: Attention DHS Daily Report readers: After five years, the production of the DHS Daily Report is transitioning to a new research team effective for the Tuesday, August 28, edition. The format of the DHS Daily Report will remain the same, but starting at the end of this week, it will be disseminated from a new email address: NICCREPORT@dhs.gov. Please stay tuned over the next few days for an announcement of the activation of the new email address and prepare to adjust your mail filters accordingly. Thank you for your support during this transition.

It appears that the new team will also be affecting the timeliness of delivery of the report. Normally the report arrives at my location shortly after midnight. Today, the new team's first day, the report has not yet arrived at 5:30AM nor has it been posted to the DHS website.

Well, it finally arrived at 07:48AM. My apologies for being busy and thus the report is just now being posted. Also, the format is slightly modified. Information Technology no longer includes Telecommunications which appears to now be included with Communications. Thus, this blog will include both of these sectors.

Daily Highlights

According to the Associated Press, in an attempt to reduce money counterfeiting, the U.S. $100 will feature a new security thread combining micro-printing with small lenses. (See item 8)

USA Today reports that a new airport shoe scanner, checking footwear while worn, did not pass the tests during high flows of passengers, and weapons and bomb parts went undetected. (See item 14)

Information Technology Sector

30. August 27, CondéNet, Inc — Server error labels Windows customers as software pirates. Microsoft is blaming a server error for inadvertently labeling legitimate copies of Windows XP and Vista as pirated software. Thousands of users found their purchased copies of Windows labeled as pirated software by Microsoft's Windows Genuine Advantage validation system over the weekend. Any Vista system fingered by the malfunctioning server was stripped of features, including the Aero graphical interface and DirectX support. After the issue cropped up, Microsoft’s WGA program manager posted a note to the WGA forums announcing a fix, though the cause of the issue remains a mystery.
Source: http://blog.wired.com/monkeybites/2007/08/server-error-la.html

31. August 26, Reuters — China counters German hackers and spying reports. China rejected on Sunday a German magazine report that computer hackers believed to be linked to the Chinese army had infected German government ministries with spying programs. The Der Spiegel magazine, in a report ahead of a visit by the German Chancellor to China, said that top German government ministries, including The Chancellor’s office, had been infected by the attack. "The Chinese government consistently opposes and strictly prohibits all criminal activities that damage computer network performance, including "hackers" behavior," a Foreign Ministry spokeswoman said in a statement.
Source:
http://news.yahoo.com/s/nm/20070826/wr_nm/china_germany_dc;_ylt=Alc_x0K86t6eJ8STctO14dIjtBAF

Communications Sector

32. August 27, WebWire — Skype and Wal-Mart partner to bring Internet communications to the masses. Skype, the leading Internet communications company, has announced that it is teaming up with Wal-Mart, the world’s largest retailer, to address the growing popularity and demand for Internet communications among U.S. consumers. Wal-Mart is offering Skype Certified hardware in the Internet and voice communications area of 1,800 of its stores throughout the country, providing more opportunity and accessibility for people looking for affordable calling options. The addition of Skype Internet communications products to Wal-Mart stores comes at a time when Voice over Internet Protocol (VoIP) adoption among U.S. households is growing rapidly.
Source: http://www.webwire.com/ViewPressRel.asp?aId=45984
Tuesday, August 28, 2007

Yesterday, the following item appeared in the Daily Report: Attention DHS Daily Report readers: After five years, the production of the DHS Daily Report is transitioning to a new research team effective for the Tuesday, August 28, edition. The format of the DHS Daily Report will remain the same, but starting at the end of this week, it will be disseminated from a new email address: NICCREPORT@dhs.gov. Please stay tuned over the next few days for an announcement of the activation of the new email address and prepare to adjust your mail filters accordingly. Thank you for your support during this transition.

It appears that the new team will also be affecting the timeliness of delivery of the report. Normally the report arrives at my location shortly after midnight. Today, the new team's first day, the report has not yet arrived at 5:30AM nor has it been posted to the DHS website.
Monday, August 27, 2007

Daily Highlights

The Department of Homeland Security's Domestic Nuclear Detection Office has announced the graduation of the first class of the Advanced Radiation Detection course, providing state, local, and municipal jurisdictions with skills to detect and investigate the potential malicious use of radioactive or nuclear material. (See item 3)
·
The Federal Aviation Administration is testing an experimental, satellite−based navigation system called NextGen that hopefully can prevent gridlock in the skies in the coming decades. (See item 11)
·
Attention DHS Daily Report readers: After five years, the production of the DHS Daily Report is transitioning to a new research team effective for the Tuesday, August 28, edition. The format of the DHS Daily Report will remain the same, but starting at the end of this week, it will be disseminated from a new email address: NICCREPORT@dhs.gov. Please stay tuned over the next few days for an announcement of the activation of the new email address and prepare to adjust your mail filters accordingly. Thank you for your support during this transition.

Information Technology and Telecommunications Sector

27. August 24, InformationWeek — Slammer worm still attacking. Gunter Ollmann, director of security strategy at IBM's Internet Security Systems, said the most common malware attack today is coming from the Slammer worm, which hit in January of 2003. The worm is still working its way around the Internet and within corporate networks, according to Ollmann. And it's still spreading in a big way. And Slammer isn't the only piece of old−time malware that is still wreaking havoc. "The stuff [malware authors] wrote a while ago is still out there and still propagating and still infecting machines," he said. "Some have more infections now than they did when they were headline news. All those old vulnerabilities haven't all gone away." Slammer, the worm that brought many networks down to their knees by attacking Microsoft's SQL Server, is at the top of Ollmann's list of current malware problems. "When we hear about the latest worm and zero−day, Slammer still beats them by a long shot," he added.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=Z0QOZ5L1MAE1OQSNDLRSKHSCJUNN2JVN?articleID=201802266

28. August 23, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−235A: Trend Micro ServerProtect Contains Multiple Vulnerabilities. A number of vulnerabilities exist in the Trend Micro ServerProtect antivirus product. These vulnerabilities could allow a remote attacker to completely compromise an affected system. Multiple buffer overflow vulnerabilities and an integer overflow vulnerability have been discovered in the RPC interfaces used by various components in Trend Micro's ServerProtect software package. These vulnerabilities could be exploited by a remote attacker with the ability to supply a specially crafted RPC request to the system running the affected software. Solution: Trend Micro has provided an update for these vulnerabilities in ServerProtect 5.58 for Windows NT/2000/2003 Security Patch 4 − Build 1185. Until the patch can be applied, administrators may wish to block access to the vulnerable software from outside their network perimeters, specifically by blocking access to the ports used by the ServerProtect service (5168/tcp) and the ServerProtect Agent service (3628/tcp). This will limit exposure to attacks; however, attackers within the network perimeter could still exploit the vulnerabilities.
ServerProtect 5.58 for Windows NT/2000/2003 Security Patch 4 − Build 1185:
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt
Source: http://www.uscert.gov/cas/techalerts/TA07−235A.html

29. August 23, eWeek — Hackers hit Trend Micro's ServerProtect. Hackers have set their sights on security vendor Trend Micro's ServerProtect. Several security researchers have noted a massive increase of activity over TCP port 5168 connected with ServerProtect, an anti−virus software product for servers that had a number of vulnerabilities publicly disclosed earlier the week of August 20. All of the vulnerabilities, which could lead to remote code execution, have been patched and the security fixes are available to customers. "Various people are abuzz trying to figure out what malware is behind this," Jose Nazario, senior security researcher at Arbor Networks, in Lexington, MA, wrote on a company blog. "At present it seems to be a botnet causing all of the havoc." Officials at Symantec said in an alert Thursday, August 23, that they have observed active exploitation of a Trend Micro ServerProtect vulnerability affecting the ServerProtect service on a DeepSight honey pot and are checking to see what vulnerability had
been targeted. The company advised administrators to block TCP port 5168 at the network boundary or deploy strict IP−based access control lists to hamper hacking attempts.
Source: http://www.eweek.com/article2/0,1895,2174804,00.asp
Friday, August 24, 2007

Daily Highlights

ComputerWorld reports California Public Employees' Retirement System officials are sending letters of apology to about 445,000 state retirees after inadvertently printing their Social Security numbers on brochures announcing an upcoming election at the state pension fund. (See item 13)
·
The New York Times reports the five levees that protect the metropolitan area of East St. Louis, Illinois, from the Mississippi River do not meet the Federal Emergency Management Agency’s standards for flood protection and will be removed from maps that record flood vulnerability. (See item 38)·

Information Technology and Telecommunications Sector

34. August 22, eWeek — Trend Micro fixes security flaws. Trend Micro has patched several vulnerabilities in its ServerProtect, Anti−Spyware and PC−cillin products that could be exploited remotely to allow hackers to execute arbitrary code. Several vulnerabilities affected ServerProtect, which provides anti−virus protection for Microsoft Windows and Novell NetWare servers. According to researchers at iDefense Labs, in Sterling, VA, an integer overflow exists within the RPCFN_SYNC_TASK function, which allocates memory based on a user−supplied integer within the request data. A number of boundary errors can be used to trigger buffer heap and/or stack−based buffer overflows. All of the vulnerabilities affect ServerProtect for Windows 5.58 Build 1176 (Security Patch 3), iDefense officials said, adding that previous versions and versions for other platforms are suspected to be vulnerable as well. The company has released Security Patch 4 to plug the security gaps. In addition, Trend Micro recently fixed flaws affecting version 3.5 of its Anti−Spyware offering, as well as PC−cillin Internet Security 2007.
Trend Micro Patches: http://www.trendmicro.com/download/product.asp?productid=17
Trend Micro Hotfix: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN−1035845
Source: http://www.eweek.com/article2/0,1895,2174124,00.asp

35. August 22, IDG News Service — IBM buys Web conferencing vendor WebDialogs. IBM has acquired a Web conferencing service provider, it announced as part of a flurry of unified communications moves on Wednesday, August 22. IBM will make WebDialogs part of its Lotus division and add its service to the Sametime family of products, giving customers a software−as−a−service option for Web conferencing, the company said. Cisco and Microsoft are moving aggressively into unified communications, which combines all forms of interactive voice and data communications with presence technology that tells the world how a person can be reached in real time. IBM has taken a different approach, not building its own phone−switch replacement or a full range of communications tools, but ensuring compatibility with third−party products.
Source: http://www.infoworld.com/article/07/08/22/IBM−buys−Web−conferencing−vendor−WebDialogs_1.html

36. August 22, Reuters — Telecom offers reward for leads on copper theft. U.S. rural telecommunications carrier Embarq is offering a $5,000 reward for information leading to the arrest of anyone stealing its copper cables in Las Vegas amid a global crime spree targeting increasingly valuable metals. Embarq said on Wednesday, August 22, that copper cable theft has become a growing problem, particularly in Las Vegas, its largest market, where thieves have snipped away part of its aerial lines. The company, a spin−off from Sprint Nextel, has already spent $400,000 so far this year to repair severed cable lines in Las Vegas. More than 60 people have been arrested in Las Vegas so far this year for stealing copper. Officials believe the stolen metal is sold as scrap to recycling centers. The price of copper has more than doubled over the past two years as rapid industrialization in China and other emerging economies spurred demand and triggered similar crimes around the world.
Source: http://news.com.com/Telecom+offers+reward+for+leads+on+copper+theft/2100−1037_3−6203977.html

37. August 22, ComputerWorld — Storm Trojan horse may turn to hyping Hurricane Dean. The 8−month old Storm Trojan horse may soon come full circle and take up touting Hurricane Dean, the Category 5 storm that slammed into Mexico Tuesday, August 21, security researchers said. Storm, also known as Peacomm, started life in January as malware attached to messages comprised of fake news accounts of a massive series of wind storms that struck Europe. One of the first Storm−bearing messages dangled the subject head "230 dead as storm batters Europe" to tempt users into launching the file. Recipients who clicked on the attached executable were infected by the Trojan horse, which turned their systems into spam−spewing zombies. Symantec Corp. researchers are betting that the malware's makers will try the same trick with Hurricane Dean.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032218&source=rss_topic85
Thursday, August 23, 2007

Daily Highlights

The U.S. House Committee on Transportation and Infrastructure will hold a hearing on deficient bridges nationwide starting on September 5; there are 73,784 bridges in the United States rated "structurally deficient" by the Department of Transportation. (See item 11)
·
The St. Louis Post−Dispatch reports a 29−member task force on campus security has presented a report on emergency instructions for college classes to Missouri Governor Matt Blunt. (See item 25)
·
Information Technology and Telecommunications Sector

30. August 22, Register (UK) — Two security flaws uncovered in Cisco IP phones. Cisco has advised users to update the firmware on some of its IP phones following the discovery of two security flaws. A brace of Session Initiation Protocol (SIP) vulnerabilities in Cisco 7940/7960 IP Phones create the potential for hackers to crash −− but not to run exploit code −− on vulnerable handsets. Cisco IP Phone 7940/7960 SIP firmware versions prior to 8.7(0) are vulnerable to the denial−of−service attacks, Cisco warns. Users are advised to update their firmware to version 8.7(0).
Cisco Advisory: http://www.cisco.com/warp/public/707/cisco−sr−20070821−sip.s html
Source: http://www.theregister.co.uk/2007/08/22/cisco_ip_phone_vuln/

31. August 21, eWeek — Report: Mobile users often lax about security. When it comes to securing a wireless workforce, enterprises may have their hands full, according to a study performed by the research firm InsightExpress. Their research found that 73 percent of mobile users admitted they are not always cognizant of security threats and best practices. More than 25 percent also conceded they either hardly ever or never consider security risks and proper behavior, offering reasons such as "I'm busy and need to get work done" and "It's IT's job, not mine" as justifications. The online survey included responses from 700 mobile workers in seven countries, including China, Germany, India and the United States. In the United States, 36 percent of those surveyed said they were unconcerned or hardly concerned with threats when using wireless devices. Employees in the U.S. were the third most likely to have received IT training on security risks and controls, with 46 percent reporting they had. China was first with 58 percent, while India was second with 55. Forty−four percent of all mobile users surveyed admitted to opening e−mails and or attachments from unknown or suspect sources.
Source: http://www.eweek.com/article2/0,1895,2173823,00.asp

32. August 21, VNUNet — Security flaw hits Symantec Enterprise Firewall. Symantec's Enterprise Firewall can be compromised by hackers via a username enumeration vulnerability, security experts warned Tuesday, August 21. NTA Monitor said that the flaw can occur when the devices are configured for remote access (client−to−gateway) VPNs using pre−shared key authentication. The devices respond differently to valid and invalid usernames, allowing an attacker to exploit this difference to determine whether a given user exists. It is also possible to use the vulnerability to enumerate valid users on the system, either by brute force or by trying likely usernames, the security firm warned.
Symantec Advisory: http://securityresponse.symantec.com/avcenter/security/Content/2007.08.16.html
Source: http://www.vnunet.com/vnunet/news/2197071/symantec−enterpris e−firewall

33. August 21, SecurityFocus — Storm Worm pursues more 'members'. The group responsible for propagating the malicious program commonly known as the Storm Worm changed tactics this week, using e−mail messages masquerading as verification announcements from online Websites and clubs to lure victims. The e−mail messages use a fairly regular format, including a brief greeting, a supposed temporary login name and password, and a link to a malicious Website, according to antivirus firms. The destination site will tell the user that, to log on, they need to download a secure login applet. Victims that do install the software will become infected with the Storm Worm bot software. The names of the online Websites used in the e−mail messages appear to be constructed from two randomly chosen words and include names "Fun World," "Internet Dating," and "MP3 World." In addition, there is some evidence that the Storm Worm is using the MPack infection tool kit to compromise systems.
Source: http://www.securityfocus.com/brief/573

34. August 21, Websense Security Labs — Malicious Code / Malicious Website: EDB Business Partner site compromise. Websense Security Labs has discovered that the Website of EDB Business Partner (www.edbbusinesspartner.com) has been compromised and infects visitors with malicious code that attempts to drop two files. Both files dropped are of malicious intent. The first file is a World of Warcraft trojan. The second file is designed to detect anti−virus protection. The malicious code drops the malware through an old vulnerability in Internet Explorer (Microsoft Data Access Components Remote Code Execution, MS06−14). The compromised site contains a link to an external .js file that is hosted on a Website that Websense Security Labs had previously categorized as malicious.
Source: http://www.websense.com/securitylabs/alerts/alert.php?AlertI D=798

35. August 21, IDG News Service — State says e−voting machines weren't certified. Election Systems & Software (ES&S) sold nearly 1,000 electronic−voting machines that were not certified to five California counties in 2006, Secretary of State Debra Bowen said Tuesday, August 21. "Given that each machine costs about $5,000, it appears ES&S has taken $5 million out of the pockets of several California counties," Bowen said in a statement. ES&S sold 972 of its AutoMark Phase 2 Model A200, even though the company never submitted that version of the AutoMark machine to Bowen's office for certification in California, she said. ES&S delivered hundreds of the Model A200 to the California counties before it was certified by federal election officials in August 2006, she said. A public hearing on the matter is scheduled for September 20. Earlier this month, Bowen mandated new security standards for the state's e−voting systems, following an independent review that slammed the security of the technology. ES&S machines were decertified because ES&S was late in providing access to their products.
Source: http://www.infoworld.com/article/07/08/21/State−says−evoting
Wednesday, August 22, 2007

Daily Highlights

The FBI released a bulletin late Monday, August 20, that includes photographs of two men who have recently been seen acting suspiciously aboard Washington State ferries, taking photos of parts of the boats among other activities. (See item 12)
·
The Department of Homeland Security has agreed to launch a project with Vermont that will enhance the security of state driver's licenses, which could potentially serve as an acceptable alternative document for crossing the United States' land and sea borders. (See item 15)
·
Information Technology and Telecommunications Sector

32. August 21, IDG News Service — Gunplay blamed for Internet slowdown. Internet service providers in the U.S. experienced a service slowdown Monday, August 20, after fiber optic cables near Cleveland were apparently sabotaged by gunfire. TeliaSonera AB, which lost the northern leg of its U.S. network to the cut, said that the outage began around 4 p.m. EDT Sunday night. When technicians pulled up the affected cable, it appeared to have been shot. "Somebody had been shooting with a gun or a shotgun into the cable," said Anders Olausson, a TeliaSonera spokesperson. The damage affected a large span of cable, more than two−thirds of a mile long, near Cleveland, TeliaSonera said. The company declined to name the service provider whose lines had been cut.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9031758&intsrc=news_ts_head

33. August 20, eWeek — Skype blackout fixed, caused by massive PC restart. The blackout that left millions of Skype users without the ability to make Internet phone calls from their PCs for two days was, ironically, triggered by the service's users. Skype spokesperson Villu Arak wrote in a blog post Monday, August 20, that the outage, which was resolved August 18, happened after a massive restart of its users' computers across the globe as they "re−booted after receiving a routine set of patches through Windows Update." Arak said the high number of restarts in a short time period clogged Skype's network, causing a flood of log−in requests. These, combined with the lack of peer−to−peer (P2P) network resources, "prompted a chain reaction that had a critical impact." While Skype's P2P network does have the ability to fix itself for just such problems, Arak said the outage revealed a software bug within the network resource allocation algorithm that prevented the self−healing function from properly working. This bug was not, he said, created via malicious activity.
Source: http://www.eweek.com/article2/0,1895,2173171,00.asp

34. August 20, ComputerWorld — First exploit appears for Patch Tuesday vulnerability. A security researcher has published the first exploit against one of the 14 vulnerabilities patched last week by Microsoft Corp., security company Symantec Corp. has warned customers. In a posting to the Full Disclosures security mailing list, Alla Bezroutchko, a senior security engineer at Brussels−based Scanit NV/SA, spelled out JavaScript code that crashes Internet Explorer 6.0 on Windows 2000 and Windows XP Service Pack 2. Bezroutchko's proof of concept exploits the critical bug in XML Core Services that was patched by MS07−042. That update, one of six rated "critical" by Microsoft, affected every currently supported version of Windows, including the new Vista operating system. Symantec warned users of its DeepSight threat−alert network to expect Bezroutchko's crude exploit to be polished soon. "The current proof of concept will crash Internet Explorer; however, it is likely that this code will be modified to produce a code−execution exploit in the near future," read the Symantec warning.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9031601&intsrc=hm_list
Tuesday, August 21, 2007

Daily Highlights

Symantec Corp. reports a new Trojan horse called Infostealer. Monstres has stolen more than 1.6 million records belonging to several hundred thousand people from Monster Worldwide Inc.'s job search service, setting them up for phishing mail that plants malware on their machines. (See item 4)
·
The Associated Press reports Texas officials opened emergency operations centers, moved inmates to prisons deeper inland, and passed out sandbags along portions of the Texas coast as Hurricane Dean barrels toward the warm waters of the Gulf of Mexico. (See item 18)
·
Information Technology and Telecommunications Sector

20. August 20, IDG News Service — RF Micro to buy Sirenza in $900 million deal. Mobile
phone chip maker RF Micro Devices plans to buy Sirenza Microdevices in a $900 million deal
aimed at expanding its presence in WiMax, broadband, cable TV, and wireless infrastructure.
The deal is a sign that merger and acquisition activity in the technology sector is not over,
despite credit industry problems that have roiled global stock markets.
Source: http://www.infoworld.com/article/07/08/20/RF−Micro−to−buy−Si renza_1.html

21. August 17, Websense Security Labs — Malicious Website/Malicious Code: Biotechnology Information Organization site compromise. Websense Security Labs has discovered that the official site of the Biotechnology Industry Organization (www.bio.org) has been compromised and infects visitors with a malicious script that attempts to exploit multiple vulnerabilities. The Biotechnology Industry Organization's Website is commonly visited by members of the biotech industry. To date Websense has seen infected pages only within the news and public relations sections of their site. This same exploit is used by the people behind the attack on Syndicate Bank of India.
Source: http://www.websense.com/securitylabs/alerts/alert.php?AlertI D=795
Monday, August 20, 2007

Daily Highlights

The Houston Chronicle reports the energy industry continues to prepare for Hurricane Dean's possible entry into the Gulf of Mexico, evacuating nonessential personnel from platforms, drillships, and rigs, and waiting for further developments in the hurricane's path. (See item 3)
·
The Los Angeles Daily News reports mistakes by both a pilot and a ground traffic controller led to yet another near−collision on the northern runway at Los Angeles International Airport on Thursday, August 16. (See item 15)
·
Government Technology reports Baton Rouge, Louisiana, has announced new a emergency contact system able to notify citizens by residential, business, or cell phone, as well as e−mail, text message, or devices for the hearing and speech impaired. (See item 31)
·
Information Technology and Telecommunications Sector

32. August 17, IDG News Service — Three indicted on software piracy charges. Three Florida men were indicted Thursday, August 16, on charges related to selling millions of dollars worth of counterfeit software through several Websites, the U.S. Department of Justice (DOJ) said. Maurice A. Robberson, Thomas K. Robberson, and Alton Lee Grooms, all of Lakeland, FL, were each charged with one count of conspiracy to violate copyright and counterfeiting laws, the DOJ said late Thursday. Maurice Robberson was also charged with a substantive count of felony copyright infringement and one count of trafficking in counterfeit goods, while Thomas Robberson was charged with one substantive felony count of copyright infringement and two counts of trafficking in counterfeit goods. The men conspired to sell more than $5 million in pirated software, according to the indictment from U.S. Attorney Chuck Rosenberg for the Eastern District of Virginia. The men operated BuysUSA.com, CDSalesUSA.com, AmericanSoftWareSales.com, TheDealDepot.net, and BestValueShoppe.com from late 2002 to October 2005, and sold counterfeit software from companies such as Adobe Systems, Autodesk, and Macromedia at discount prices, the DOJ said.
Source: http://www.infoworld.com/article/07/08/17/Three−indicted−on−software−piracy_1.html

33. August 16, InformationWeek — Storm botnet puts up defenses and starts attacking back. The Storm worm authors have another trick up their sleeves. The massive botnet that the hackers have been amassing over the last several months actually is attacking computers that are trying to weed it out. The botnet is set up to launch a distributed denial−of−service (DDoS) attack against any computer that is scanning a network for vulnerabilities or malware. Ren−Isac, which is supported largely through Indiana University, recently issued a warning to about 200 member educational institutions and then put out a much broader alert, warning colleges and universities that their networks could come under heavy attack. The warning noted that researchers have seen "numerous" Storm−related DDoS attacks recently. As the new school year is about to get underway, Ren−Isac is advising security professionals that the new attack "represents a significant risk" for the educational sector. With students returning to campus in the next few weeks, schools are expected to scan the servers on their network to find vulnerabilities and malware that the students are bringing back with them. When the scanner hits an infected computer that is part of the Storm botnet, the rest of the botnet directs a DDoS attack back against the computer running the scan.
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=201800635

34. August 16, InformationWeek — Opera uses Mozilla fuzzer tool to find 'highly severe' bug. Opera Software found and patched what it's calling a "highly severe" bug in its flagship browser, using a security tool released by its competitor, Mozilla. During the recent Black Hat security conference, the Mozilla Foundation made the JavaScript fuzzer, an open−source application testing security testing tool, available to anyone who wants to use it. Opera noted in an advisory that the flaw could allow a hacker to execute code on the victim's machine. A virtual function call on an invalid pointer, which may reference data crafted by the attacker, can be used to execute arbitrary code. Opera Software released Opera V9.23 to fix the problem.
Opera Advisory: http://www.opera.com/support/search/view/865/
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=201800584
Friday, August 17, 2007

Daily Highlights

The El Paso Times reports an FBI terrorism task force has arrested a 47−year−old Clint, Texas, man accused of shining a green laser on airplanes flying up to 35,000 feet over El Paso. (See item 9)
·
The New York Police Department in a study released on Wednesday, August 15, concluded understanding how seemingly ordinary people become radicalized and hatch homegrown terror plots is essential for law enforcement officials in the United States. (See item 21)
·
Information Technology and Telecommunications Sector

24. August 16, Associated Press — Many Skype users unable to make calls. Skype, the popular computer program that lets its users make long−distance phone calls over the Internet, said Thursday, August 16, that software problems have left many of its millions of users without service worldwide. The company, a division of online auction company eBay Inc., said on its Website that many users cannot log on to the free service. It was not immediately clear how many users were affected, but Skype users in Colombia, Brazil, Germany, Finland and the United States reported difficulties logging on.
Source: http://news.yahoo.com/s/ap/20070816/ap_on_hi_te/germany_skype_outage;_ylt=Ah7bLjwHChRDFIVivIKlol0jtBAF

25. August 16, CNET News — Adobe: No threat from PDF spam. PDF spam −− junk e−mail with its message attached as a PDF file to get past spam filters −− poses no security risk, says Adobe Systems. Asked if PDF spam can embed malicious software, Erick Lee, a security engineer at Adobe, wrote in an e−mail on Wednesday, August 15, that "PDF is no more able to embed malware on an unsuspecting user's system than any other typical e−mail attachment." Over the last two months, security vendors have seen a spike in spam embedded within PDF documents. According to the PDF−creation software maker, there is no hard evidence that such spam exposes users to any security risk.
Source: http://news.com.com/Adobe+No+threat+from+PDF+spam/2100−7349_3−6202909.html?tag=nefd.top

26. August 16, InformationWeek — Ubuntu tackling breach that hit half its servers. The open−source Ubuntu project is on the mend after shutting down more than half of its servers this past weekend because they had been compromised and were launching attacks. James Troup, who leads the Canonical sysadmin team, said in an online advisory that one of the hosted community servers that Canonical sponsored had been breached. Once technicians discovered that compromise, he said an investigation found that five of the eight machines had been breached and were actively attacking other machines. According to a notice in the Ubuntu newsletter, the servers were suffering from a few problems, such as missing security patches, FTP was being used to access the machines, and no upgrades "past breezy" were made due to problems with the network cards and kernels. Troup noted that since FTP was being used to access the machines, an attacker could have gotten access to the servers by sniffing the clear−text passwords.
Source: http://www.informationweek.com/software/showArticle.jhtml;jsessionid=2GV0M1R5OEZCCQSNDLOSKHSCJUNN2JVN?articleID=201800545

27. August 15, IDG News Service — New URI browser flaws worse than first thought. Security researchers Billy Rios and Nathan McFeters say they've discovered a new way that the URI (Uniform Resource Identifier) protocol handler technology, used by Windows to launch programs through the browser, can be misused to steal data from a victim's computer. URI bugs have become a hot topic over the past month ever since researcher Thor Larholm showed how a browser could be tricked into sending malformed data to Firefox using this technology. Later, other researchers, including Rios and McFetters, showed how other browsers and applications could be misused to achieve similar goals. In the past days, however, Rios and McFetters have shifted their focus away from malformed data and have taken a close look at how attackers could simply misuse the legitimate features of software that is launched via the URI protocol handler, something they call "functionality based exploitation." Their initial results show that there could be plenty of ways to misuse this technology. Rios and McFetters plan to release the results of their research after the vendor has had a chance to fix the problem.
Source: http://www.infoworld.com/article/07/08/15/New−URI−browser−flaws−worse−than−first−thought_1.html

28. August 15, ComputerWorld — Fake plain−text e−card variants look real, carry computer viruses. A new form of fake e−card notification e−mails are unleashing nasty viruses and virus−carrying Trojan horses on unsuspecting users. While e−card−triggered viruses and Trojan horses are not new, the latest versions are becoming more difficult for typical antivirus and antispam defenses to detect, according to alerts issued Wednesday, August 15, by security software vendors Avinti Inc. and F−Secure Corp. The new complication, said Dave Green, chief technology officer at Avinti, is that the latest slew of fake e−card e−mail notifications are using plain text in their messages, which don't get scanned and scrutinized by antivirus and antispam defense applications. While the e−mails don't contain pasted links or attached files that a recipient can click on to get a computer infection, many e−mail clients automatically convert the included text into a clickable link when the e−mail clients recognize a Web address in the text. All recipients have to do to trigger the virus is to click on the link created by the e−mail client once they have read the message, he said. The damaging payload files are new variants of the Storm Worm virus that was first detected in January, the company said.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9030860&pageNumber=1
Thursday, August 16, 2007

Daily Highlights

Pfizer, the world's largest drug maker, reports that for the second time in two months, a security breach has put the personally identifying information on current and former employees at risk. (See item 6)
·
U.S. Customs officials said Tuesday, August 14, they had traced the source of last weekend's system outage that left 17,000 international passengers stranded in airplanes at Los Angeles
International Airport to a malfunctioning network interface card on a single desktop computer in the Tom Bradley International Terminal. (See item 12)
·
Information Technology and Telecommunications Sector

28. August 15, IDG News Service — Citrix to acquire virtualization vendor XenSource for 500M. Citrix Systems plans to acquire virtualization vendor XenSource for approximately $500 million to enable the application delivery software vendor to enter both the server and desktop virtualization markets. Citrix made the announcement on Wednesday, August 15, the day after XenSource's rival VMware launched an initial public offering.
Source: http://www.infoworld.com/article/07/08/15/Citrix−to−acquire− XenSource_1.html

29. August 15, IDG News Service — Vulnerability uncovered within Yahoo Messenger. A new vulnerability in Yahoo's instant messenger program can potentially cause unwanted code to run on a PC, according to security researchers. Details of the vulnerability were first posted on a Chinese−language security forum and was later confirmed with Yahoo security officials, wrote Wei Wang, a researcher with McAfee's Avert lab in Beijing, on a company blog. So far, no exploit code has been published, wrote Karthik Raman, also of McAfee. The vulnerability affects Yahoo Messenger version 8.1.0.413. It is triggered when a user accepts an invitation to use their Web camera. The type of vulnerability is called a heap overflow, where a piece of code can be executed with improper permissions, which can allow for further malicious behavior such as downloading other code, said Greg Day, a security analyst for McAfee in the UK.
Source: http://www.infoworld.com/article/07/08/15/Vulnerability−in−Yahoo−Messenger_1.html

30. August 15, Register (UK) — Webmail−creating Trojan targets Gmail. A strain of malware capable of setting up bogus Hotmail and Yahoo! accounts in order to send spam has been adapted to also target Gmail accounts. The HotLan Trojan creates automatically−generated Webmail accounts, implying that spammers have discovered a means to defeat Captcha challenge−response systems. Captcha systems, which typically prevent accounts being created until a user correctly identifies letters depicted in an image, are designed to ensure requests are
made by a human rather than an automated program. Since the arrival of the first variant of the Trojan last month, more than 500,000 spam e−mail accounts have been created, according to Romanian anti−virus firm BitDefender. A joint effort between the security teams of BitDefender and Yahoo! appears to have stymied attempts to generate and use Yahoo! accounts to send spam. However, this has pushed the problem onto Hotmail and Gmail (a new target of a latter variant of the Trojan) rather than having the desired effect of bringing the creation of bogus accounts under control.
Source: http://www.theregister.co.uk/2007/08/15/webmail_trojan_updat e/

31. August 14, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−226A: Microsoft Updates for Multiple Vulnerabilities. Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic, Virtual PC, and Virtual Server as part of the Microsoft Security Bulletin Summary for August 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Solution: Microsoft has provided updates for these vulnerabilities in the August 2007 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the Bulletins and test for any potentially adverse effects.
Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms07−aug.mspx
Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site: https://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx?returnurl=https://www.update.microsoft.com/microsoftupdate&ln=en−us
Microsoft Office 2000 updates are available on the Microsoft Office Update site: http://office.microsoft.com/en−us/default.aspx
Apple Mac OS X users should obtain updates from the Mactopia Website: http://www.microsoft.com/mac/
System administrators may wish to consider using an automated patch distribution system such
as Windows Server Update Services: http://technet.microsoft.com/en−us/wsus/default.aspx
Source: http://www.uscert.gov/cas/techalerts/TA07−226A.html

32. August 14, eWeek — ATI driver bug leaves Vista open to attack. Microsoft is working with AMD to fix a bug in an ATI driver that ships preinstalled on millions of laptops and which leaves the Vista kernel open to arbitrary memory writes by malicious driver authors. It's not just ATI −− virtualization security researcher Joanna Rutkowska said during her presentation at Black Hat earlier in August that ATI, which is owned by AMD, and Nvidia are just two examples of particularly badly written drivers, and that there could be tens of thousands of vulnerable drivers out there. The bug in the ATI driver is that it allows arbitrary memory writes. Malicious driver authors can use that flaw to load unsigned drivers via the standard loading mechanism.
Source: http://www.eweek.com/article2/0,1895,2170804,00.asp
Wednesday, August 15, 2007

Daily Highlights

USA TODAY reports a new flu vaccine plant is set to begin operations as soon as next year, boosting the supply of vaccine for the annual flu season and providing a much−desired U.S. source of vaccine for use in a flu pandemic. (See item 22)
·
The Department of Homeland Security’s Ready Campaign has released three new demonstration videos designed to highlight the specific steps older Americans, individuals with disabilities and special needs, and pet owners should take to prepare for emergencies. (See item 26)
·
Information Technology and Telecommunications Sector

28. August 14, IDG News Service — Nokia says 46 million batteries may overheat. Nokia is offering to replace 46 million batteries made by another company for use in its mobile phones because of a risk of overheating, Nokia said on Tuesday, August 14. The faulty batteries were manufactured by Japan's Matsushita Battery Industrial Co. and sold in a wide range of Nokia phones, from its low−end 1100 family of products to its pricier N91 and E60 devices. Nokia said that in "very rare cases" a short circuit can cause the Nokia−branded BL−5C batteries to overheat while they are being recharged. It said it knows of about 100 incidents so far and that no serious injuries or property damage have been reported.
Source: http://www.infoworld.com/article/07/08/14/Nokia−batteries−ov erheat_1.html

29. August 14, ComputerWorld — Record−breaking 'Storm' linked to spam surge. Storm, the Trojan horse that hoovers PCs into hacker−controlled botnets, roared back into life last month in several waves, security researchers said Monday, August 13, and has blown by 2005's Sober to become the most prolific e−mail−borne malware ever. Thanks to Storm, MX Logic tracked a July jump in malicious e−mail of 1,700 percent over June. Storm, however, is much more malevolent than Sober. "Not only is it designed to propagate more copies of Storm, but it releases huge quantities of spam," said Sam Masiello, director of threat research at MX Logic Inc. Security analysts have been drawing a line between Storm's success and spam outbursts of July and August, including one that dropped impressive quantities of "pump−and−dump" stock scam mail in mailboxes worldwide.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9030538&intsrc=hm_list

30. August 14, Associated Press — Microsoft buys online−ad company. Microsoft completed its $6 billion buyout of digital marketing company aQuantive Monday, August 13, and now plans to challenge Yahoo and Google in the online advertising business. Microsoft, which lags behind Yahoo and Google in search traffic and advertising revenue, is trying to shift toward offering software applications over the Internet.
Source: http://www.washingtonpost.com/wp−dyn/content/article/2007/08/13/AR2007081300884.html

31. August 13, InfoWorld — Novell buys endpoint security firm Senforce. Novell announced on Monday, August 13, that it has acquired Senforce Technologies, a provider of endpoint and network security tools, for an undisclosed sum. Waltham, MA−based Novell also said that it would move quickly to integrate Senforce's technologies into its ZENworks product lineup in an effort to further expand its enterprise systems management offerings.
Source: http://www.infoworld.com/article/07/08/13/Novell−buys−endpoint−security−firm_1.html

32. August 13, ComputerWorld — DirectX SDK bug means bad news for IE users. The DirectX software development kit Microsoft issued in 2002 contains a critical vulnerability, a Polish researcher claimed as he released attack code that can hijack Windows PCs by tempting Internet Explorer (IE) users to malicious sites. According to Krystian Kloskowski, who posted exploit code on the milw0rm.com site, the FlashPix ActiveX control included with DirectX Media 6.0 SDK contains a buffer overflow bug that can be exploited. More importantly, according to an advisory issued by U.S. Computer Emergency Readiness Team (US−CERT) on Sunday, August 12, "because the FlashPix ActiveX control is marked 'Safe for Scripting,' Internet Explorer can be used as an attack vector for this vulnerability." IE 6 can be leveraged to exploit the flaw, noted Kloskowski, but he did not say if the newer IE 7 is also a workable attack vector.
US−CERT Vulnerability Note: http://www.kb.cert.org/vuls/id/466601
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9030418&intsrc=hm_list

33. August 13, InformationWeek — Storm botnet behind Canadian DoS attack. Researchers are blaming the virulent Storm worm for a widespread denial−of−service (DoS) attack that hit Canadian Websites over the weekend. The attack may have been unfocused and unsuccessful, but it could have been an early test of the DoS power that the Storm worm botnet now holds. Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center, said in an interview that while sites in Canada were "pounded" over the weekend, he doesn't think it was a targeted DoS attack. The attacks weren't aimed at any particular Websites. It was just spread across a wide swath of the Internet.
Source: http://www.informationweek.com/software/showArticle.jhtml;jsessionid=M0HTKFZNYOS4CQSNDLRSKHSCJUNN2JVN?articleID=201500196
Tuesday, August 14, 2007

Daily Highlights

InformationWeek reports law enforcement officials have arrested at least 10 people since the beginning of the year for their roles in using stolen information to commit fraud, after the theft of 45.7 million customer records from TJX. (See item 6)
·
The Associated Press reports a 25−pound chunk from United Express Flight 7350, a commuter jet headed to Washington's Dulles International Airport, landed in a grassy area between houses and soccer fields near Boyds, Maryland. (See item 12)
·
Information Technology and Telecommunications Sector

30. August 13, VNUNet — Black hat IPS reverse engineering poses 'serious threat'. A recently disclosed Black Hat hacker technique for reverse engineering intrusion prevention system (IPS) data poses a “serious risk” for thousands of enterprises, Gartner has warned. The analyst firm’s warning comes after a speaker at the recent Black Hat Briefings conference in Las Vegas demonstrated a method of reverse−engineering IPS signatures for zero−day vulnerabilities. The demonstration used signatures from 3Com's TippingPoint IPS, but Gartner notes that there is “an implication” that all IPS vendor's signatures are at risk. Paul E. Proctor, research vice president at Gartner, explained that enterprises use IPS technologies, which interpret external files containing signature definitions, to protect against the exploitation of vulnerabilities. However, when these patterns contain signatures for zero−day vulnerabilities, hackers can use this data to create exploit code based on vulnerabilities for which no protection exists. They can also use the signature file to write an exploit that bypasses the zero−day signature undetected, Proctor warned.
Source: http://www.vnunet.com/vnunet/news/2196512/black−hat−ips−reve rse

31. August 13, Register (UK) — Germany enacts controversial anti−hacker law. Germany has introduced anti−hacker measures that criminalize the creation or possession of dual−use security tools. An update to the country's computer hacking laws makes denial−of−service (DoS) attacks and hacking assaults against individuals clearly criminal. Gaining access to data, without necessarily stealing information, would also become an arrestable offense. The most serious offenses are punishable on conviction by up to 10 years' imprisonment. Controversy centers around a provision in the laws that make it an offense to create or distribute "hacking tools," a notoriously ambiguous term. The distinctions between, for example, a password cracker and a password recovery tool, or a utility designed to run DoS attacks and one designed to stress−test a network, are not covered by the new law, critics argue. Possession of dual−use tools −− port scanners such as nmap or security scanners like nessus −− is punishable by imprisonment of up to 12 months and a fine.
Source: http://www.theregister.co.uk/2007/08/13/german_anti−hacker_l aw/

32. August 12, ComputerWorld — UN Website goes offline hours after SQL injection attack. "Hackers" defaced the United Nations' (UN) Website early Sunday, August 12, with messages accusing the U.S. and Israel of killing children. As of late afternoon, some sections, including the area devoted to Secretary General Ban Ki−Moon, remained offline. The attack, spelled out by an Italian software developer on his blog and later reported by the BBC, replaced blurbs of recent speeches by Ban with text attributed to a trio of would−be hackers. The section of the UN's site dedicated to Ban was still offline as of 5 p.m. EDT Sunday. Giorgio Maone, a software developer from Palermo, Italy, noted the incident timeline and posted several screenshots of the defacement on his blog. Maone pegged the attack as an SQL injection exploit, which let the attackers add their own HTML code to the site.
Maone's blog: http://hackademix.net/2007/08/12/united−nations−vs−sql−injec tions/
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9030318&intsrc=hm_list

33. August 10, InformationWeek — Toshiba recalls more laptop batteries. Toshiba has issued its second recall in a month of Sony notebook batteries that could overheat and burst into flames. The latest recall, announced Thursday, August 9, by the U.S. Consumer Product Safety Commission, affects about 1,400 notebooks. The models include the Satellite A100 and A105, and the Tecra A7, which sell for as little as $680. The recall stemmed from three reports outside of the United States of notebook batteries overheating.
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=201400284
Monday, August 13, 2007

Daily Highlights

Reuters reports central banks around the globe pumped billions of dollars into banking systems on Friday, August 10, in a concerted effort to beat back a widening credit crisis, and they pledged to do more if needed; the U.S. Federal Reserve said it would provide cash as needed to ensure markets functioned smoothly. (See item 11)
·
The Los Angeles Times reports more than 20,000 international passengers were stranded for hours at Los Angeles International Airport on Saturday, August 11, waiting on airplanes and in packed customs halls, while a malfunctioning computer system prevented officials from processing their entry into the country. (See item 15)
·
Information Technology and Telecommunications Sector

35. August 10, IDG News Service — UK report questions role of ISPs in online safety. A new report on Internet safety has concluded ISPs (Internet service providers) should take more responsibility for online security since end users are often lax. But the 121−page Personal Internet Security report, published on Friday, August 10, by the UK House of Lords, stopped short of suggesting that the Office of Communications (Ofcom) −− the UK communications regulator −− should impose new rules on ISPs. "We do not advocate immediate legislation or heavy−handed intervention by the regulator," the report said. "But the market will need to be pushed a little if it is to deliver better security." ISPs generally argue that security is the responsibility of end users, which Ofcom has also supported. The report called it "disappointing" that the UK government has accepted those arguments since the reality often exceeds the capability of end users to recognize the threats.
Report: http://www.publications.parliament.uk/pa/ld200607/ldselect/l dsctech/165/165i.pdf
Source: http://www.infoworld.com/article/07/08/10/UK−report−questions−role−of−ISPs_1.html

36. August 09, eWeek — EMC−RSA acquires data loss prevention specialist Tablus. RSA revealed its intent Thursday, August 9, to acquire Tablus, a data loss prevention vendor adding to RSA's security portfolio the ability to identify sensitive data and find it in places where it shouldn't be stored. Neither party would disclose details of the deal, but executives expected RSA's acquisition of Tablus, which is based in San Mateo, to be complete by October or November. The purchase and software acquisition adds to RSA and parent company EMC's stack of content storage and security and place them ahead of the pack with a product that finds data even when it is out of place, said executives and industry analysts.
Source: http://www.eweek.com/article2/0,1895,2168890,00.asp

37. August 09, IDG News Service — Symantec patches critical Norton flaw. A bug in the way Norton AntiVirus software uses the ActiveX programming language could cause serious problems for users of Symantec's products. On Thursday, August 9, Symantec patched the flaw warning that a bug in two ActiveX controls used by Symantec's client software could allow an attacker to run unauthorized software on a victim's computer. Security vendor Secunia ApS rates the problem as "highly critical." The flaw is an "input validation" error, meaning that Norton doesn't properly check the data it's receiving to ensure that it can't be mistaken for malicious commands.
Secunia Advisory: http://secunia.com/advisories/25215/
Source: http://news.yahoo.com/s/infoworld/20070809/tc_infoworld/90901;_ylt=AnyqA_LzLbo5f0Gx4y3IPqUjtBAF
Friday, August 10, 2007

Daily Highlights

The Department of Homeland Security announced on Thursday, August 9, steps that will strengthen aviation security through uniform and consistent passenger prescreening against government watch lists. (See item 10)
·
United Press International reports the Philadelphia metro area has unveiled a regional, interoperable, alert and information−sharing system expected to enable communication among emergency managers, key government officials, and first responders across the region. (See item 31)
·
Information Technology and Telecommunications Sector

32. August 08, eWeek — Mandiant's free tool hunts for malware. Mandiant has released Mandiant Red Curtain, a free malware analysis tool aimed at helping security professionals evaluate files from potentially compromised computer systems. MRC examines executable files to determine how suspicious they are and calculates an overall threat score to establish whether a set of files should be examined further. The tool is aimed at helping security professionals responding to an incident.
Mandiant Red Curtain: http://www.mandiant.com/mrc
Source: http://www.eweek.com/article2/0,1895,2168413,00.asp

33. August 08, InfoWorld — SpyProxy takes Web apps security fight to virtual sandbox. Faced with volumes of browser vulnerabilities and Web−based exploits designed to take advantage of the flaws, security researchers presented a new process for protecting users with execution−based malware detection at the ongoing Usenix Security Symposium in Boston on Wednesday, August 8. In a demonstration led by Alexander Moshchuk, a University of Washington (UW) graduate student who is part of a research team that has developed a tool that uses the technique for filtering out malicious programs, the expert pitched the use of "virtual sandboxing" as an effective means for testing Web applications for suspicious behavior before they reach end−users' browsers. Injected as a virtual machine that sits between an end−users' browser and a Website, UW's SpyProxy promises to download and test any application that the browser is directed toward in order to weed−out potential attacks. In a matter of seconds, the security program can effectively run and analyze any type of Web page or application to determine whether it contains the hallmarks of many threats, the researcher said.
Source: http://www.infoworld.com/article/07/08/08/spyproxy−execution _1.html