Thursday, December 6, 2007

Daily Report

• USA Today reported on the expansion of check schemes across the U.S. as scammers exploit the popularity of online auction, dating, and social-networking sites to find victims. Overseas investigators, working with U.S. postal inspectors, have arrested 77 people this year and intercepted $2.1 billion in counterfeit checks headed for the U.S. (See item 12)

• According to KTTC Rochester, air traffic was brought to a halt Tuesday afternoon at Rochester International Airport in Minnesota, after workers hit a natural gas line. The gas line break forced evacuations and shut down heat to the airport. The assistant airport manager said no flights had to be delayed or rerouted because of the leak, but traffic was grounded for about a half hour. (See item 14)

Information Technology

27. December 5, Computerworld – (National) Researcher: Ukrainian botnet sent Ron Paul spam. The spam blamed on Republican presidential candidate Ron Paul more than a month ago originated with a Ukrainian spam operation, a senior security researcher with SecureWorks Inc. said today. According to him, the Ron Paul-related spam that flooded inboxes in late October can be traced to a botnet of approximately 3,000 compromised computers, all infected by a Trojan horse called Srizbi that in turn installed a spam-spewing bot -- dubbed “Reactor Mailer” -- onto each hijacked machine. It was Reactor Mailer that sent the spam touting Paul and his positions. Starting October 27 and ending October 30, the spam promoted the Texas congressman after a televised weekend debate, and featured subject headings such as “Ron Paul Wins GOP Debate!” and “Ron Paul Exposes Federal Reserve!” Researchers at the University of Alabama at Birmingham, who analyzed samples of the spam at the time, said that they had no reason to believe that the Paul campaign was behind the junk e-mail. A spokesman for Paul quickly denied any knowledge of the scam.

28. December 5, – (National) releases security patch. The community has issued a patch for a “highly critical” security vulnerability in OpenOffice 2.3 and prior versions, according to a security advisory issued by Secunia on Wednesday. A security flaw in a third party default database engine module, HSQLDB, shipped with OpenOffice 2.3 and prior versions, could allow malicious attackers to launch arbitrary code. The vulnerabilities could be exploited by manipulating the database documents processing, according to a security advisory issued by is asking users to download OpenOffice version 2.3.1. OpenOffice 2.3 was released last September, shortly before security researchers reported vulnerabilities in OpenOffice 2.0.4 and earlier versions. The security flaws could allow attackers to gain control of users’ systems via maliciously crafted TIFF files.

29. December 4, – (National) Predictions for 2008: A massive data meltdown. A vice president in the eco-computing team at Sun Microsystems predicted a massive data center failure over the next year. At a Monday dinner with reporters, he predicted that such a failure, and the ensuing panicked response, would be a crisis on par with what followed the first internet worm in 1988, which infected about five percent of the Unix boxes on the Internet, caused community uproar, and helped spur the security industry. Though just a prediction, conditions in the industry suggest it is possible, according to a blogger on Data centers have mushroomed with the flood of processes and jobs being turned over to the Internet, he said. Companies have built up their data centers, but even with technologies like virtualization it has been tough to keep up. At some point, a data center is going to crash, he said, and the response could be frenzied.

Communications Sector

30. December 4, US News & World Report – (National; International) The problem of space debris. In January, 2007, China destroyed its old Feng Yun 1-C weather satellite in an anti-satellite weapon test that NASA called “the single worst contamination of low Earth orbit during the past 50 years.” The debris field caused by the Feng Yun explosion extends from 125 miles above the surface of Earth to 2,500 miles. Air Force engineers have calculated that it will take a century for all the pieces to fall out of orbit. Many of the debris chunks are big enough to threaten satellites and equipment in lower Earth orbit, including the international space station. The Air Force Space Command has identified and is tracking 2,229 pieces of debris from the test that are at least as large as a softball. “Anything that size or larger, if it collided with a satellite, would equate to instantaneous death for a satellite,” said the former administrator of the space surveillance network at the Joint Space Operations Center at Vandenberg Air Force Base. The center, which continues to find more Feng Yun remnants, saw a 20 percent jump—to 11,800—in the size of its catalog of space objects of concern, including satellites and debris, after the test. (In all, analysts track more than 17,300 objects in space, but the rest have yet to be identified with certainty.) Chinese scientists told their western counterparts that their calculations suggest the risk of collision has increased by less than 1 percent. But U.S. analysts have seen the number of close calls between satellites and debris more than double since the test. In an average week, said the former administrator, there will be up to 200 incidents where a piece of the Feng Yun passes within 3 miles of one of America’s 400 satellites.

31. December 4, – (National) T-Mobile confirms flooding. T-Mobile today confirmed web reports that the company’s main data center was down due to flooding in the Seattle, Washington, area, and that the main website was offline. In the official statement, T-mobile said: “Severe flooding stemming from a powerful storm has affected a facility in Western Washington that houses some TMobile business systems. Our wireless network is operating at normal service levels. Various other T-Mobile operations may be temporarily offline or otherwise impacted. T-Mobile is working around-the-clock to restore the impacted systems. We apologize for any inconvenience this may cause our valued customers.” Additional web reporting stated that the main website was up Wednesday, but that some account information remained unavailable.

No comments: