Daily Report Friday, March 9 , 2007

Daily Highlights

The Associated Press reports gasoline prices have jumped above $3 a gallon in some parts of California and Hawaii, and may hit that level in other parts of the country when the busy summer driving season approaches. (See item 1)
The Los Angeles Times reports the Department of Homeland Security has announced that it will fill in seven cross−border tunnels along the California−Mexico border that critics say pose a national security risk because they could be reused by smugglers. (See item 11)
Digital Communities reports that although the administration has warned repeatedly about the threat of a terrorist nuclear attack and spent more than $300 billion to protect the country, the U.S. remains ill−prepared to respond to a nuclear catastrophe. (See item 28)

Information Technology and Telecommunications Sector

29. March 09, — Trojan Bayrob targets eBay users. Named Trojan.Bayrob, the malware changes user hosts files to redirect traffic destined to numerous eBay sites, including eBay Motors, to a local proxy server and listens on localhost port 80. From there, Bayrob downloads configuration data from the eBay servers, including a number of php scripts. A spokesperson from eBay confirmed today that the auction company is aware of the problem. “We strongly encourage eBay buyers and sellers to never click on or download a link or file that is unfamiliar to them and always ensure your anti−virus software is up−to−date,” the spokesperson said.
Source: http://scmagazine.com/us/news/article/642361/trojan−bayrob−t argets−ebay−users/

30. March 07, CNET News — Bug may expose encrypted e−mail. A problem related to a widely used open−source cryptography technology could let miscreants tamper with digitally signed and encrypted e−mails. The problem lies in how certain e−mail applications display messages signed using the GNU Privacy Guard, also known as GnuPG and GPG, the GnuPG group said in a security alert Tuesday, March 6. It may not be possible to identify which part of a message is actually signed if GPG is not used correctly, it said. This poses a risk to those who use the cryptographic technology to authenticate or encrypt e−mail messages. According to security company Core Security Technologies, the affected applications include KDE's KMail, Novell's Evolution, Sylpheed, Mutt and GnuMail.org, and Enigmail. The GnuPG group has issued updates to prevent tampering with signed or encrypted messages, but it notes that individual e−mail applications might need updating as well, to correctly display signed messages after applying the GPG update. Enigmail software has already been updated.
Source: http://news.com.com/Bug+may+expose+encrypted+e−mail/2100−1002_3−6165277.html?tag=cd.lede