Thursday, January 10, 2008

Daily Report

• The Associated Press reported that starting January 31, citizens of the U.S. and Canada ages 19 and older will have to present a government-issued photo ID along with proof of citizenship in order to enter or depart the U.S. by land or sea. Children ages 18 and younger need proof of citizenship, such as a birth certificate. (See items 12)

• According to Agence France-Presse, an incurable, mosquito-borne dengue disease could spread from subtropical areas into the United States, requiring greater efforts to combat it. While dengue-related illness in the United States “is presently minimal,” global warming and poor efforts to control mosquito populations responsible for its spread could accelerate the disease’s propagation northward, the experts said. (See item 20)

Information Technology

24. January 9, Computerworld – (National) New rootkit hides in hard drive’s boot record. A rootkit that hides from Windows on the hard drive’s boot sector is infecting PCs, security researchers said today. Once installed, the cloaking software is undetectable by most current antivirus programs. The rootkit overwrites the hard drive’s master boot record (MBR), the first sector -- sector 0 -- where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks. Because it hides on the MBR, the rootkit is effectively invisible to the operating system and security software installed on that operating system. “A traditional rootkit installs as a driver, just as when you install any hardware or software,” said the director of Symantec Corp.’s security response team. “Those drivers are loaded at or after the boot process. But this new rootkit installs itself before the operating system loads. It starts executing before the main operating system has a chance to execute.” Control the MBR, he continued, and you control the operating system, and thus the computer. According to other researchers, including those with the SANS Institute’s Internet Storm Center, Prevx Ltd., and a Polish analyst who uses the alias “gmer,” the rootkit has infected several thousand PCs since mid-December, and is used to cloak a follow-on bank account-stealing Trojan horse from detection, as well as to reinstall the identity thief if a security scanner somehow sniffs it out.

25. January 8, IDG News Service – (National) Microsoft: Flaw could lead to worm attack. Microsoft has fixed a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack. The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel. Microsoft also released a second update for a less serious Windows flaw that would allow attackers to steal passwords or run Windows software with elevated privileges. The critical bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft says that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system. Security experts say that there is no known code that exploits this flaw, but now that the patch has been posted, hackers can reverse-engineer the fix and develop their own attack code. Because IGMP is enabled in Windows XP and Vista by default, this bug could be used to create a self-copying worm attack, Microsoft said Tuesday.

26. January 8, IDG News Service – (National) Report: IRS information security still poor. The Internal Revenue Service continues to have “pervasive” information security weaknesses that put taxpayer information at risk, and it has made limited progress in fixing dozens of problems the U.S. Government Accountability Office (GAO) has previously identified, according to a GAO report released Tuesday. The IRS, the tax collecting arm of the U.S. government, has “persistent information security weaknesses that place [it] at risk of disruption, fraud or inappropriate disclosure of sensitive information,” the GAO report said. The agency, which collected about $2.7 trillion in taxes in 2007, has fixed just 29 of 98 information security weaknesses identified in a report released last March, the new report said. Information security weaknesses -- both old and new -- continue to impair the agency’s ability to ensure the confidentiality, integrity and availability of financial and taxpayer information,” the GAO report said. “These deficiencies represent a material weakness in IRS’s internal controls over its financial and tax processing systems.” The GAO has issued multiple reports blasting IRS information security in recent years. The latest report described an IRS data center that took more than four months to install critical patches to server software. At one IRS data center, about 60 employees had access to commands that would allow them to make “significant” changes to the operating system, the GAO said. At two data centers, administrator access to a key application contained unencrypted data log-ins, potentially revealing users’ names and passwords. Three IRS sites visited by GAO auditors had computers or servers with poor password controls, the GAO said. The IRS also had lax physical security controls in place for protecting IT facilities, the GAO report said. One data center allowed at least 17 workers access to sensitive areas when their jobs did not require it, the GAO said. The IRS’s acting commissioner said the agency made significant progress in fixing information security problems during 2007, and in a letter to the GAO, said “While we agree that we have not yet fully implemented critical elements of our agency-wide information security program, the security and privacy of taxpayer information is of great concern to the IRS.”

Communications Sector

Nothing to report.

No comments: