Wednesday, June 6, 2007

Daily Highlights

Federal Computer Week reports a year after a laptop computer was stolen from the home of a Veterans Affairs Department employee, federal systems are still vulnerable, according to a study released Monday, June 4. (See item 10)
·
The Associated Press reports Abdel Nur, a Guyanese suspect in an alleged plot to attack New York's John F. Kennedy International Airport, surrendered to police Tuesday, June 5, in Trinidad. (See item 40)

Information Technology and Telecommunications Sector

33. June 04, eWeek — Virus targets popular calculators. A popular brand of calculators is being infected by a new virus that causes screens to read, "t89.GARRA." The virus, which attacks Texas Instruments TI89 and compatible calculators, doesn't do any permanent harm, but Texas Instruments engineers haven't found a way to disable it either. And while the author of the virus has been charitable enough to include code for disabling it, researchers have not been able to validate that fix. TIOS.Tiagra, as it has been dubbed by researchers at Symantec, cannot spread without use of a USB cable. The virus works by appending its code to any suitable file, and searches for a particular instruction sequence to replace and point towards the virus code. If the sequence is not found, the virus will remain but will not gain control, according to Symantec security researchers. The virus only runs on files with ASM extensions, so, in order to propagate itself, it has to run a check on the calculator for ASM−type files; moreover, it cannot infect previously infected files, Symantec officials said in an advisory.
Symantec Advisory: http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007−060115−3305−99&tabid=1
Source: http://www.eweek.com/article2/0,1895,2141590,00.asp

34. June 04, eWeek — EMC acquires 'enhanced' security vendor Verid. Officials at data storage giant EMC have claimed that the company is not planning to acquire any more companies and instead wants to focus on building its existing storage− and security−related businesses. Nonetheless, the company announced Monday, June 4, that it has bought its second company of 2007 in Verid, a small, privately held information security technology vendor in Sunrise, FL, that makes knowledge−based authentication software. Verid's software is used by about 130 large consumer−facing financial institutions, telecom providers and retailers.
Source: http://www.eweek.com/article2/0,1895,2141611,00.asp

35. June 04, eWeek — Microsoft eschews patch, gives exploit code for IIS 5.0 bug. Saying that an Internet Information Server exploit is due to a feature, not a flaw, Microsoft has published exploit code for the flaw but no workaround or patch. The exploit, which was discovered on December 15, 2006, and made public at the end of May, works against IIS 5.x. By design, versions 5.x allow bypass of basic authentication by using the "hit highlight" feature. The hit−highlighting feature can be used by an unauthorized user to grab documents to which he or she has no privileges. At the very least, this leaves IIS 5.x users vulnerable to data interception. And while the exploit hasn't been used to take over systems to date, that could well change, according to Swa Frantzen of the Internet Storm Center. According to Microsoft, which has written up the issue in its Knowledge Base article 328832, hit−highlighting with Webhits.dll only relies on the Microsoft Windows NT ACL (Access Control List) configuration on 5.x versions.
Microsoft article: http://support.microsoft.com/kb/328832
Source: http://www.eweek.com/article2/0,1895,2141587,00.asp

36. June 04, IDG News Service — Avaya to be sold for $8.2 billion. Network equipment manufacturer Avaya Inc. late Monday, June 4, agreed to an $8.2 billion cash buyout by private equity firms TPG Capital LLP and Silver Lake Partners, the companies announced. This latest acquisition continues a recent trend of networking and telecommunications firms being bought by private equity firms.
Source: http://www.infoworld.com/article/07/06/04/Avaya−to−be−sold_1 .html

37. June 04, ComputerWorld — New zero−day bugs crop up in IE, Firefox. A noted security researcher on Monday, June 4, disclosed four new zero−day vulnerabilities in Microsoft Corp. and Mozilla Corp.'s browsers, including a critical flaw in Internet Explorer (IE) and a "major" bug in Firefox. Michael Zalewski, who regularly publishes browser flaw findings, posted details on the Full−disclosure mailing list for cookie−stealing, keystroke−snooping, malicious downloading and site−spoofing bugs. The most serious of the four, said Zalewski, is an IE6 and IE7 flaw he rated "critical." Dubbing it a "bait−and−switch" vulnerability, he said that the Microsoft browser gives hackers a window of opportunity to run malicious JavaScript to hijack the PC. "The entire security model of the browser collapses like a house of cards and renders you vulnerable to a plethora of nasty attacks," Zalewski claimed. But Mozilla's browser also suffered at Zalewski's hands. A new IFrame vulnerability in Firefox 2.0 can let attackers plant keyloggers or drop malicious content into a legitimate Website. Zalewski posted information about two other bugs, both rated "medium." A Firefox vulnerability could lead to unauthorized downloads, while IE6 is open to yet another address bar−spoofing flaw.
Full−disclosure mailing list: http://lists.grok.org.uk/pipermail/full−disclosure/2007−June/063712.html
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9023043&intsrc=hm_list

38. June 01, eWeek — Mac coming into focus as attack target. There haven't been mass Mac exploits to date, but interest is growing, as evidenced by the quick turnout of exploit code for a recently disclosed vulnerability. Compared with Windows, the Macintosh platform is still largely untouched by vulnerability exploits. But the prompt release of exploit code for a vulnerability detailed in a May 24 set of updates shows that it's catching up fast when it comes to grabbing the attention of exploit writers. Security research company Immunity released the exploit code −− which leveraged a buffer overflow vulnerability in the UPnP Internet Gateway Device Standardized Device Control code that's used to create port mappings on home NAT gateways in the OS X mDNSResponder implementation −− less than 24 hours after Apple had released a patch for it. The release of the exploit code for this flaw shows that interest in Mac vulnerabilities is high, analysts say. That's not surprising; even though Macs aren't used as broadly in businesses as Windows machines, plenty of consumers use them, said Rob Enderle, principal analyst for the Enderle Group. Another factor that may be causing attackers to focus more on Macs is that Windows operating systems are getting "much [harder] to penetrate," he said.
Source: http://www.eweek.com/article2/0,1895,2140308,00.asp