Daily Report Wednesday, January 17, 2007

Daily Highlights

The Departments of Homeland Security and State have issued a reminder that beginning January 23, citizens of the United States, Canada, Mexico, and Bermuda are required to present a passport to enter the United States when arriving by air from any part of the Western Hemisphere. (See item 14)
The Associated Press reports an MD.10 cargo jet equipped with an anti.missile system took off from Los Angeles International Airport on a commercial flight Tuesday, January 16, marking the start of operational testing and evaluation of the laser system designed to defend against shoulder.fired anti.aircraft missiles. (See item 15)

Information Technology and Telecommunications Sector

28. January 16, VNUNet — Oracle flags 52 security flaws. Oracle has issued its first pre.release security patch announcement, flagging up no fewer than 52 critical updates, just as a security company has highlighted the vulnerability of many databases. However, security firm Secerno warned that weaknesses in the development process are often more serious than any vendor vulnerabilities. "This is another step in the right direction by Oracle. As ever, forewarned is forearmed and this move allows IT managers to get to grips earlier with essential patching," said Secerno chief executive Paul Davie. "But users need to beware that it is not the vendor vulnerabilities that they need to focus on, but the critical weaknesses in their development processes." Vulnerabilities in vendor solutions can be mitigated to some extent by timely patching, but users cannot rely on patch management to solve database security problems, according to Davie. Secerno believes that the continuous pressure on developers to drag more and more functionality out of their database should be a much greater cause for concern. Deployment errors caused by poorly configured databases, inappropriate access permissions or badly engineered applications accessing the database are an increasingly worrying trend.
Source: http://www.vnunet.com/vnunet/news/2172616/databases.come.und er.security

29. January 15, SecurityFocus — Rainbow table targets Word, Excel crypto. Office workers looking to protect their documents may want to select a higher grade of encryption. Swiss information.technology firm Objectif Sécurité announced last week that its latest pre.generated list of passwords and their hashes, known as a rainbow table, can now crack the standard encryption on Word and Excel documents in about five minutes on average. Using about four gigabytes of data, the program .. named Ophcrack_office .. can quickly defeat almost 99.6 percent of all passwords, according to the company. "What happens is that we actually crack the 40.bit key that is used to encrypt Word and Excel documents," Philippe Oechslin, CEO of Objectif Sécurité and the inventor of rainbow tables. "We found a way to use the same tables for both Word and Excel, although they have different file formats." Rainbow tables sidestep the difficulty in cracking a single password by instead creating a large data set of hashes from nearly every possible password.
Source: http://www.securityfocus.com/brief/407

30. January 13, IDG News Service — Hackers looking forward to iPhone. Within hours of Apple's iPhone unveiling on Tuesday, January 9, the iPhone was a hot topic on the Dailydave discussion list, a widely read forum on security research. Much of the discussion centered on the processor that Apple may have chosen to power its new device and what kind of assembly language "shellcode" might work on this chip. In an e.mail interview, one of the hackers behind the "Month of Apple Bugs" project, which is disclosing new Apple security vulnerabilities every day for the month of January, said he "would love to mess with" the iPhone. "If it's really going to run OS X, [the iPhone] will bring certain security implications, such as potential misuses of wireless connectivity facilities [and] deployment of malware in a larger scale," the hacker known as LMH wrote in an e.mail. Because the device could include a range of advanced computing features, such as Apple's Bonjour service.discovery protocol, it could provide many avenues of attack, according to LMH. "The possibilities of a worm for smartphones are something to worry about," he wrote. "Imagine Bonjour, and all the mess of features that OS X has, concentrated in a highly portable device which relies on wireless connectivity."
Source: http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9008038

31. January 12, CNET News — CA addresses backup software flaws. CA, formerly known as Computer Associates International, on Thursday, January 11, issued updates for its BrightStor ARCserve Backup software to address several security vulnerabilities. The most serious of the flaws could be exploited to compromise a vulnerable system. "CA BrightStor ARCserve Backup contains multiple overflow conditions that can allow a remote attacker to execute arbitrary code," CA said in an alert. The problems affect only Windows systems, the company said. The BrightStor ARCserve Backup Tape Engine service, Mediasvr service, and ASCORE.dll file are affected, it said.
CA Alert: http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx? cid=97428
Source: http://news.com.com/CA+addresses+backup+software+flaws/2110.7349_3.6149978.html
Daily Report Tuesday, January 16, 2007

Daily Highlights

The Nebraska Department of Agriculture has unveiled a new avian influenza surveillance program −− Avian Influenza: Testing Pays! −− for Nebraska poultry producers, providing free avian influenza tests of birds to any poultry producer who requests it. (See item 19)
The Associated Press reports police and sheriff's deputies rushed to check on churches early Sunday, January 14, after fires broke out at two Baptist churches and a break−in was discovered at a third in Greenville, North Carolina. (See item 38)

Information Technology and Telecommunications Sector

32. January 12, Agence France−Presse — A time−tested solution for Asia's damaged Internet cables. Workers are relying on 19th century technology to fix a very 21st century problem −− disruption of the Internet traffic that tech−savvy Asia relies on. Crewmen on boats south of Taiwan are dragging the seabed with grappling hooks at the end of long ropes to recover fiber optic cables damaged in a 7.1−magnitude earthquake that struck the region on December 26. "No electronics involved," said John Walters, general manager of Global Marine, one of the firms engaged in the repairs. "It's an old and traditional technique." Millions of people across the region, in Taiwan, China, Hong Kong, Japan, Singapore, South Korea and as far away as Australia, suffered Internet and telephone blackouts when the cables, linking Asian countries with the U.S. and beyond, were damaged. Telecom operators have diverted the traffic to allow service to return to normal but the repair work continues. "At this point none of those cables have been repaired," Walters told AFP in an interview.
Source: http://news.yahoo.com/s/afp/20070112/tc_afp/asiaquakeinternet

33. January 12, VNUNet — Cyber−crooks switch to code obfuscation. Security firm Finjan has reported that dynamic code obfuscation was increasingly used as a method to bypass traditional signature−based security systems and propagate malware during the fourth quarter of 2006. The technique works by providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions and parameter name changes. A conventional signature−based security solution would theoretically need millions of signatures to detect and block this particular piece of malicious code. "Hackers have begun to take advantage of new Web technologies to create complex and blended attacks," said Yuval Ben−Itzhak, chief technology officer at Finjan. "With the creation of dynamic obfuscation utilities, which enable virtually anyone to obfuscate code in an automated manner, they have dramatically escalated the threat to Web security."
Report (registration required): http://www.finjan.com/content.aspx?id=827
Source: http://www.vnunet.com/vnunet/news/2172438/cyber−crooks−switc h−code

34. January 12, VNUNet — New Java exploits brewing. Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems' Java Runtime Environment (JRE) and Java Software Development Kit (SDK). The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December. The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix. The vulnerabilities affect JRE 1.3.x, 1.4.x and 1.5.x, as well as versions 1.3.x and 1.4.x of the SDK and versions 1.5.x of the Java Development Kit.
Source: http://www.vnunet.com/vnunet/news/2172403/java−exploits−brew ing

35. January 12, Tech Web — Telecom carriers face declining revenue growth in core businesses. As telecom carriers strive to become full−service providers delivering mobile broadband and Internet−related services, it's likely they will experience a rapid decline in revenue growth, a market research firm says. Year−over−year growth of total revenue from telecom services will shrink to just 1.7 percent in 2010, with actual revenues increasing to $1.5 trillion in 2010 from $1.3 trillion in 2006, Gartner said Thursday, January 11. As a result, carriers will spend more on new markets, such as media and information technology, to compensate for revenue losses in traditional telecom services.
Source: http://www.techweb.com/showArticle.jhtml;jsessionid=MQ5MFFGI4PS3AQSNDLRCKHSCJUNN2JVN?articleId=196900481

36. January 11, eWeek — Exploit released for critical PC hijack flaw. A fully working exploit for a high−risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts. The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity's partners program, which offers up−to−the minute information on new vulnerabilities and exploits to intrusion detection companies and larger penetrating testing firms. The company's exploit takes aim at a "critical" bug in the way Vector Markup Language is implemented in Windows. It has been successfully tested on Windows XP SP2 and Windows 2000, with default installations of Internet Explorer 6.0. "This is a fully working exploit, [it] will give you full access to do anything on the target machine," says Immunity researcher Kostya Kortchinsky. The exploit was created and confirmed in less than three hours after Microsoft's Patch Tuesday release on January 9, a fact that clearly illustrates just how much the gap has narrowed between patch release and full deployment on enterprise networks.
Source: http://www.eweek.com/article2/0,1895,2082416,00.asp