Thursday, February 21, 2008
• According to the WCVB 5 Boston, There are new concerns about the safety of the Ted Williams Tunnel in Boston, Massachusetts, because inspectors cannot reach thousands of epoxy bolts to ensure their strength. NewsCenter 5 reported that the issue is slowing safety inspections inside the tunnel. Inspectors are supposed to routinely check the ceiling bolts to make sure they are holding, but about 4,000 of the bolts cannot be seen because they are out of view. (See item 10)
• The Los Angles Times reports a cat-and-mouse game is portrayed by past and current inspectors, lawmakers, and an audit report that says the U.S. Department of Agriculture’s (USDA) Food Safety Inspection Service is easy to bypass and was failing to screen potentially sick cattle long before this week’s beef recall, the largest in U.S. history. (See item 17)
29. February 20, vnunet.com – (National) Hackers step up website attacks. Trend Micro has warned that hackers are intensifying attacks on legitimate websites to spread malware. The security firm’s 2007 Threat Report and 2008 Forecast debunked the myth about “not visiting questionable sites.” But legitimate sites with the latest sports news, or links in a search engine result, could potentially infect visitors with malware. Trend Micro explained that an underground malware industry has carved itself a thriving market by exploiting the trust and confidence of web users. Apple also had to contend with the Zlob gang, proving that even alternative operating systems are not safe havens for the online user. ‘Gromozon’, malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007. The Storm botnet expanded in scope last year, and Trend Micro researchers found proof that the botnet is renting its services to host fly-by-night online pharmacies, pump-and-dump scams, and even portions of its backend botnet infrastructure. Trend Micro found that nearly 50 percent of all threat infections came from North America last year, but that Asian countries are also experiencing growth. Around 40 percent of infections stem from that region. Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying web 2.0 technologies, particularly cross-site scripting and streaming. Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons to send spam or deploy spyware while users were shopping online. Based on the emerging trends of this year, Trend Micro forecasts that legacy code used in operating systems and vulnerabilities in popular applications will continue to be attacked in an effort to inject in-process malicious code. High-profile sites will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code. These sites include social networking, banking/financial, online gaming, search engines, travel, commercial ticketing, local government, news, jobs, blogs, and ecommerce sites for auctions and shopping. Communication services such as email, instant messaging and file sharing will continue to be abused by content threats such as image spam and malicious URLs.