Daily Report Wednesday, February 21, 2007

Daily Highlights

Stop & Shop said Saturday, February 17, that thieves stole account and personal identification numbers from customers’ credit and debit cards at several Rhode Island locations by tampering with checkout−lane keypads. (See item 12)
The Associated Press reports Dole is recalling more than six−thousand cartons of imported cantaloupes grown in Costa Rica; this is yet another product being recalled after testing positive for salmonella. (See item 21)

Information Technology and Telecommunications Sector

32. February 19, US−CERT — Technical Cyber Security Alert TA07−050A: Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow. A stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Snort process. Sourcefire Snort is a widely−deployed, open−source network intrusion detection system (IDS). Snort and its components are used in other IDS products, notably Sourcefire, and Snort is included with a number of operating system distributions. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake.
Solution − Upgrade to Snort http://www.snort.org/docs/release_notes/release_notes_2613.t xt
Source: http://www.us−cert.gov/cas/techalerts/TA07−050A.html

33. February 16, InformationWeek — Princeton professor finds no hardware security in e−voting machine. A Princeton University computer science professor who bought several Sequoia electronic voting machines off the Internet claims he found no hardware security to prevent someone from accessing the technology that controls the vote counting. Andrew Appel said Friday, February 16, there was nothing in the five Sequoia AVC Advantage machines he bought for $82 that would stop him from reaching the read−only memory (ROM) chips that hold the program instructions for counting votes. The chips were not soldered to the circuit boards, and could be easily removed with a screwdriver and replaced with other chips. Therefore, a person who had access to a machine chip could reverse engineer the program instructions and then write his own instructions on a ROM chip available from any computer equipment retailer, according to Appel. If that person had access to a machine in a voting station, he could easily open the computer, pop out the original chip from its socket, and press in the new one. Sequoia, which says it has managed thousands of electronic elections for 14 years in 16 states, said the professor's analysis was incorrect because the machines bought off the Internet are not in a voting station, where election officials implement their own security measures to prevent machine tampering.
Source: http://www.informationweek.com/shared/printableArticle.jhtml ?articleID=197006847

34. February 16, Government Computer News — NIST releases info security documents. The National Institute of Standards and Technology (NIST) has published two new interagency reports designed to help auditors, inspectors general and senior management understand and evaluate information security programs. NISTIR 7359, titled “Information Security Guide for Government Executives,” is an overview of IT security concepts that senior management should grasp. NISTIR 7358, titled “Program Review for Information Security Management Assistance (PRISMA),” lays out a standardized approach for measuring the maturity of an information security program. PRISMA is a methodology developed by NIST for reviewing complex requirements and posture of a federal information security program. It is intended for use by security personnel, as well as internal reviewers, auditors and IGs. Tools laid out in NISTIR 7358 should help identify program deficiencies, establish baselines, validate corrections and provide supporting information for Federal Information Security Management Act scorecards.
NISTIR 7359: http://csrc.nist.gov/publications/nistir/ir7359/NISTIR−7359. pdf
NISTIR 7358: http://csrc.nist.gov/publications/nistir/ir7358/NISTIR−7358. pdf
Source: http://www.gcn.com/online/vol1_no1/43141−1.html