Daily Report Tuesday, February 20, 2007

Daily Highlights

InformationWeek reports the Delaware U.S. attorney on Thursday, February 15, revealed a massive insider data breach at chemicals company DuPont where a former scientist late last year pleaded guilty to trying to steal $400 million worth of company trade secrets. (See item 13)
The Associated Press reports airlines are investigating why windshields on at least 13 planes cracked at Denver International Airport as winds of up to 100 mph whipped through the foothills in Colorado. (See item 17)
Governor Ed Rendell has ordered an investigation to find out what happened with PennDOT, the Pennsylvania Emergency Management Agency, and other agencies that resulted in hundreds of motorists being stranded in their cars for as much as 24 hours on Interstate 78. (See item 18)
The Chicago Tribune reports hundreds of cattle from Canada, which this month confirmed its ninth case of mad cow disease, have entered the U.S. without government−required health papers or identification tags. (See item 25)

Information Technology and Telecommunications Sector

February 16, US−CERT — Technical Cyber Security Alert TA07−047A: Apple Updates for Multiple Vulnerabilities. Apple has released Security Update 2007−002 to correct multiple vulnerabilities affecting Apple Mac OS X, Mac OS X Server, and iChat. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service. Apple Security Update 2007−002 addresses a number of vulnerabilities affecting Apple Mac OS X, OS X Server, and iChat. Further details are available in the related vulnerability notes. The vulnerabilities addressed in this update were previously disclosed as part of the Month of Apple Bugs project. The impacts of these vulnerabilities vary. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.
Users should install Apple Security Update 2007−002: http://docs.info.apple.com/article.html?artnum=106704
Source: http://www.us−cert.gov/cas/techalerts/TA07−047A.html

47. February 16, US−CERT — Cisco Releases Security Advisories to Address Multiple Vulnerabilities in PIX, ASA, and FWSM. Cisco has released Security Advisory cisco−sa−20070214−pix to address multiple vulnerabilities in the PIX 500 Series Security Appliances and the ASA 5500 Series Adaptive Security Appliances. The vulnerabilities exist due to flaws in the way Cisco PIX and ASA appliances process malformed HTTP requests, SIP packets, and TCP−based packets. By sending specially crafted packets to a vulnerable appliance, an attacker may be able to cause a denial of service, escalate user privileges, or take complete control of the appliance. Note: The Security Advisory also states that some of these vulnerabilities affect the Cisco Firewall Services Module (FWSM).
Cisco Security Advisory cisco−sa−20070214−pix − Multiple Vulnerabilities in Cisco PIX and
ASA Appliances: http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml#details
Cisco Security Advisory cisco−sa−20070214−fwsm − Multiple Vulnerabilities in Firewall
Services Module: http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml#details
Source: http://www.us−cert.gov/current/#cscopxasa