Thursday, August 16, 2007

Daily Highlights

Pfizer, the world's largest drug maker, reports that for the second time in two months, a security breach has put the personally identifying information on current and former employees at risk. (See item 6)
·
U.S. Customs officials said Tuesday, August 14, they had traced the source of last weekend's system outage that left 17,000 international passengers stranded in airplanes at Los Angeles
International Airport to a malfunctioning network interface card on a single desktop computer in the Tom Bradley International Terminal. (See item 12)
·
Information Technology and Telecommunications Sector

28. August 15, IDG News Service — Citrix to acquire virtualization vendor XenSource for 500M. Citrix Systems plans to acquire virtualization vendor XenSource for approximately $500 million to enable the application delivery software vendor to enter both the server and desktop virtualization markets. Citrix made the announcement on Wednesday, August 15, the day after XenSource's rival VMware launched an initial public offering.
Source: http://www.infoworld.com/article/07/08/15/Citrix−to−acquire− XenSource_1.html

29. August 15, IDG News Service — Vulnerability uncovered within Yahoo Messenger. A new vulnerability in Yahoo's instant messenger program can potentially cause unwanted code to run on a PC, according to security researchers. Details of the vulnerability were first posted on a Chinese−language security forum and was later confirmed with Yahoo security officials, wrote Wei Wang, a researcher with McAfee's Avert lab in Beijing, on a company blog. So far, no exploit code has been published, wrote Karthik Raman, also of McAfee. The vulnerability affects Yahoo Messenger version 8.1.0.413. It is triggered when a user accepts an invitation to use their Web camera. The type of vulnerability is called a heap overflow, where a piece of code can be executed with improper permissions, which can allow for further malicious behavior such as downloading other code, said Greg Day, a security analyst for McAfee in the UK.
Source: http://www.infoworld.com/article/07/08/15/Vulnerability−in−Yahoo−Messenger_1.html

30. August 15, Register (UK) — Webmail−creating Trojan targets Gmail. A strain of malware capable of setting up bogus Hotmail and Yahoo! accounts in order to send spam has been adapted to also target Gmail accounts. The HotLan Trojan creates automatically−generated Webmail accounts, implying that spammers have discovered a means to defeat Captcha challenge−response systems. Captcha systems, which typically prevent accounts being created until a user correctly identifies letters depicted in an image, are designed to ensure requests are
made by a human rather than an automated program. Since the arrival of the first variant of the Trojan last month, more than 500,000 spam e−mail accounts have been created, according to Romanian anti−virus firm BitDefender. A joint effort between the security teams of BitDefender and Yahoo! appears to have stymied attempts to generate and use Yahoo! accounts to send spam. However, this has pushed the problem onto Hotmail and Gmail (a new target of a latter variant of the Trojan) rather than having the desired effect of bringing the creation of bogus accounts under control.
Source: http://www.theregister.co.uk/2007/08/15/webmail_trojan_updat e/

31. August 14, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−226A: Microsoft Updates for Multiple Vulnerabilities. Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic, Virtual PC, and Virtual Server as part of the Microsoft Security Bulletin Summary for August 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Solution: Microsoft has provided updates for these vulnerabilities in the August 2007 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the Bulletins and test for any potentially adverse effects.
Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms07−aug.mspx
Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site: https://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx?returnurl=https://www.update.microsoft.com/microsoftupdate&ln=en−us
Microsoft Office 2000 updates are available on the Microsoft Office Update site: http://office.microsoft.com/en−us/default.aspx
Apple Mac OS X users should obtain updates from the Mactopia Website: http://www.microsoft.com/mac/
System administrators may wish to consider using an automated patch distribution system such
as Windows Server Update Services: http://technet.microsoft.com/en−us/wsus/default.aspx
Source: http://www.uscert.gov/cas/techalerts/TA07−226A.html

32. August 14, eWeek — ATI driver bug leaves Vista open to attack. Microsoft is working with AMD to fix a bug in an ATI driver that ships preinstalled on millions of laptops and which leaves the Vista kernel open to arbitrary memory writes by malicious driver authors. It's not just ATI −− virtualization security researcher Joanna Rutkowska said during her presentation at Black Hat earlier in August that ATI, which is owned by AMD, and Nvidia are just two examples of particularly badly written drivers, and that there could be tens of thousands of vulnerable drivers out there. The bug in the ATI driver is that it allows arbitrary memory writes. Malicious driver authors can use that flaw to load unsigned drivers via the standard loading mechanism.
Source: http://www.eweek.com/article2/0,1895,2170804,00.asp