Monday, July 16, 2007

Daily Highlights

A government investigator has accused the Federal Aviation Administration of covering up mistakes by air traffic controllers at Dallas−Fort Worth International Airport, one of the nation's busiest. (See item 14)
The Associated Press reports that two teenagers were arrested on conspiracy charges for allegedly threatening to attack teachers and classmates with guns and bombs at Connetquot High School on Long Island. (See item 25)
Information Technology and Telecommunications Sector

28. July 13, Register (UK) — Oracle UK systems accused in SSH hacking spree. Compromised computers at Oracle UK are listed among the ten worst offenders on the net for launching attacks on servers which run SSH (secure shell) server software. Oracle said it is investigating the reported problem. A box (or group of boxes behind a proxy) at Oracle UK is among the worst offenders for launching attacks, according to statistics from servers running DenyHosts software to block SSH brute−force password attacks. DenyHosts is a script for Linux system administrators designed to help thwart SSH server attacks. Around 6,800 users contribute to the data it collects. The compromised Oracle boxes −− recorded as active since May 3 −− feature at number nine on DenyHosts' list. The listing implies a computer (or multiple computers) at Oracle UK have been compromised for weeks allowing hackers to enjoy access to Oracle's bandwidth in order to hack other boxes elsewhere on the Internet.
Source: _listing/

29. July 13, CNET News — Cell phone security has at least one flaw: people. People have always been the weakest link when it comes to protecting computers. The same applies to mobile phones. Despite companies' attempts to create relatively secure operating systems, trickery and social engineering continue to manipulate people. For example, the Symbian operating system for mobile phones is "fairly secure," F−Secure security expert Patrik Runald said. Yet security is a problem. "All the malware we've seen so far relies on the user installing it themselves, bypassing three to four security warnings. So there hasn't really been a flaw in the operating system," he said. Runald acknowledges that some problems may be caused by unclear instructions on the user interface. But by and large, he said, security problems are caused by people ignoring warning signs. There have been a few instances in which cybercriminals disguised files to make them look like interesting shareware or freeware, but mostly he blames user ignorance. "They think it's about ringtones, games, wallpapers, videos −− all good and fun things. But there are actually malicious things out there as well," Runald said.

30. July 13, CNET News — Critical Microsoft security bulletin revised to add Office for Mac. Microsoft late Thursday, July 12, revised one of its critical security bulletins from Patch Tuesday, adding another item to its list of affected software. Security bulletin MS07−036 now includes a warning that Microsoft Office 2004 for the Mac is also affected. The update is designed to address a security flaw, which could allow attackers to overwrite the computer's memory with malicious code. Microsoft notes that people running Office 2004 for the Mac on the Mac OS X 10.2 are at risk.
Microsoft Security Bulletin MS07−036:−036. mspx