Tuesday, December 18, 2007
• According to USA Today, a recent midair jet engine failure that sent metal chunks exploding with violent force is prompting federal investigators to debate the need for tougher engine safety standards. The investigation has only just begun, but one possible outcome is a finding that existing protections on engines are not sufficient to prevent metal shards from being flung out of a damaged engine. (See item 12)
• The Los Angeles Times reports that the guilty pleas announced Friday in the JIS case represented an important win for the Justice Department. Authorities said the foiled plot posed a real and immediate threat, as the audacious scheme to attack more than a dozen military centers, synagogues, and other sites in Southern California was within 60 days of launching. (See item 23)
26. December 17, vnunet.com – (International) Sharp hike in cyber-attacks from China. Security experts have warned of a sharp hike in malicious activity coming out of China. Finjan has examined the new wave of Chinese attacks and the mechanisms used and claims to have identified an “intricate network of connections” between China-based servers run by cyber-criminals. The security firm has discovered that the entry points that initiate the attack on users “in the wild” exist all over the world and are eventually associated with servers registered as Chinese domains. The attackers are spreading the assaults by placing entry points on a variety of websites in different regions and listed differently by URL categorization engines. The infection consists of either an Iframe or a Script tag placed on the website that causes users visiting the site to be attacked. Examples for such entry point regions are shown in Finjan’s December 2007 Malicious Page of the Month Report, and were found on trusted websites in the U.S., China, and Western Europe, including government and education sites. After the victim reaches an entry point, the attackers use dynamic code obfuscation methods to limit signature-based technologies from detecting the attack. The victim is redirected to a series of sites containing Iframes that will eventually force the victim to visit a site that belongs to the Chinese network. In the first part of the actual malicious attack, the cyber-criminals use new or known exploits that will infect the victim with a crimeware Trojan. “After the initial Trojan is loaded it initiates the downloading of other Trojans from different locations. The compromised computer will then redirect to other sites in order to send statistical information about the infected PC,” the firm stated. “Finjan has discovered that different Trojans send encoded information to the same sites in China that we identified as being unique to the attack.”
27. December 15, Computerworld – (National) Apple fixes 18 flaws in Tiger’s Java. Apple Inc. has updated Java for Mac OS X 10.4, also known as Tiger, to patch 18 different vulnerabilities, including some fixed as long ago as May by Java’s maker, Sun Microsystems Inc. Apple’s newest operating system, dubbed Leopard, does not need to be patched because it includes the updated Java components. According to the accompanying advisory, Tiger’s Java, Java 1.4, and Java 2 Standard Edition 5.0 contain flaws that in some cases could lead to what Apple called “arbitrary code execution,” which means that attackers may be able to insert their own malware during an exploit and/or gain complete control of the machine. Unlike rivals such as Microsoft Corp., Apple does not rank or rate its security updates to give users an idea of the severity of the bugs. Among the 18 vulnerabilities was one discovered by 3com Corp.’s TippingPoint unit in June 2006 and another reported to Sun in October 2006 by a member of Google Inc.’s security team. TippingPoint’s flaw was fixed in January 2007, and the Google-reported bug was patched by Sun in May 2007. In both instances, updates were made available at the time for the Java components used by Windows, Linux and Solaris. But because Apple crafts the Java runtime for Mac OS X, its users were left unprotected an additional eleven and seven months, respectively. However, no exploits using either bug were reported during that time.
28. December 17, Broadbandreports.com – (National) Access problems caused by technical glitch, not net neutrality violation. When T-Mobile Customers could not access the blog hosting website Twitter over the weekend, bloggers assumed T-Mobile had blocked the site as policy and violated network neutrality. But according to Twitter, the problem was a technical one and has now been resolved. According to broadbandreports.com, last year BellSouth users complained they could not access MySpace and YouTube, leading some to issue cries of network-neutrality violation. As it turns out, the problem was completely unintentional routing issue. Similar cries of network neutrality wolf have been commonplace; Cox users who were unable to surf craigslist.com thought it was a secret Cox cabal to stop them from selling their junk (it was flaky security software), and Comcast users who could not reach Google assumed the worst (it was a DNS glitch). Some industry watchers have stressed user patience before accusing providers of policy-driven neutrality violations.