Thursday, February 21, 2008

Daily Report

• According to the WCVB 5 Boston, There are new concerns about the safety of the Ted Williams Tunnel in Boston, Massachusetts, because inspectors cannot reach thousands of epoxy bolts to ensure their strength. NewsCenter 5 reported that the issue is slowing safety inspections inside the tunnel. Inspectors are supposed to routinely check the ceiling bolts to make sure they are holding, but about 4,000 of the bolts cannot be seen because they are out of view. (See item 10)

• The Los Angles Times reports a cat-and-mouse game is portrayed by past and current inspectors, lawmakers, and an audit report that says the U.S. Department of Agriculture’s (USDA) Food Safety Inspection Service is easy to bypass and was failing to screen potentially sick cattle long before this week’s beef recall, the largest in U.S. history. (See item 17)

Information Technology

29. February 20, – (National) Hackers step up website attacks. Trend Micro has warned that hackers are intensifying attacks on legitimate websites to spread malware. The security firm’s 2007 Threat Report and 2008 Forecast debunked the myth about “not visiting questionable sites.” But legitimate sites with the latest sports news, or links in a search engine result, could potentially infect visitors with malware. Trend Micro explained that an underground malware industry has carved itself a thriving market by exploiting the trust and confidence of web users. Apple also had to contend with the Zlob gang, proving that even alternative operating systems are not safe havens for the online user. ‘Gromozon’, malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007. The Storm botnet expanded in scope last year, and Trend Micro researchers found proof that the botnet is renting its services to host fly-by-night online pharmacies, pump-and-dump scams, and even portions of its backend botnet infrastructure. Trend Micro found that nearly 50 percent of all threat infections came from North America last year, but that Asian countries are also experiencing growth. Around 40 percent of infections stem from that region. Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying web 2.0 technologies, particularly cross-site scripting and streaming. Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons to send spam or deploy spyware while users were shopping online. Based on the emerging trends of this year, Trend Micro forecasts that legacy code used in operating systems and vulnerabilities in popular applications will continue to be attacked in an effort to inject in-process malicious code. High-profile sites will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code. These sites include social networking, banking/financial, online gaming, search engines, travel, commercial ticketing, local government, news, jobs, blogs, and ecommerce sites for auctions and shopping. Communication services such as email, instant messaging and file sharing will continue to be abused by content threats such as image spam and malicious URLs.

30. February 19, IDG News Service – (National) DoS attack prevents access to blogs. The blog-hosting service suffered a denial-of-service (DoS) attack that began Saturday and was still preventing users from logging in or posting to their blogs on Tuesday. A spokesman for Automattic confirmed that the service experienced a DoS attack with spikes of up to 6 gigabits of incoming traffic, which was making some blogs inaccessible for about five to 15 minutes on Tuesday. Though service had mostly been restored, Automattic, which maintains, was still working on returning service to normal levels on Tuesday afternoon, he said. An employee at a New York-based company said on Tuesday afternoon that users there were unable to log in to their blogs and post comments for “most of the day.” However, the blogs were still able to be viewed publicly. users were notified via e-mail about the DoS attack. In the e-mail, the service provider said that the attack wasaffecting user log-in and causing some forums to be offline.

31. February 19, IDG News Service – (National) Microsoft scrambles to quash ‘friendly’ worm story. Microsoft is moving to counter some scathing comments regarding a security paper authored by researchers at its Cambridge, England, facility. The paper, “Sampling Strategies for Epidemic-Style Information Dissemination,” looks at how worms sometimes inefficiently spread their code. The research explores how a more efficient method could, for example, be used for distributing patches or other software. The advantage would be that patches could be distributed from PC to PC, rather than from a central server. That method would reduce the load on a server, and patches would be distributed faster. But the patches would have the same qualities as a computer worm, a generally malicious file. Since a story about the paper appeared on Thursday in the New Scientist magazine, the paper has been roundly assailed. A Microsoft spokesman said on Monday that the New Scientist story is not inaccurate. In response to the criticism, Microsoft said it does not intend to develop patch worms. The company also said it will continue to let customers decide how and when they apply security updates.

Communications Sector

32. February 19, Associated Press – (National) FCC must study bird-tower collisions. On Tuesday, the U.S. Court of Appeals for the District of Columbia Circuit sided with conservation groups that claimed the Federal Communications Commission violated government rules by approving communications towers that threaten migratory birds. The court is requiring the agency to conduct at least the minimal analysis on the environmental effect of cell, radio, television and other towers built in the Gulf Coast region, as the groups have requested. “This is a significant ruling ... because the D.C. Circuit is directing the FCC for the first time to carefully assess the impact of communication towers on birds,” said an attorney with Earthjustice, a public interest law firm, which represented the American Bird Conservancy Inc. and Forest Conservation Council. The groups want the FCC to assess the 6,000 towers in the Gulf Coast region and at least deal with the ones that pose the biggest problems to birds, said the American Bird Conservancy’s executive director for conservation advocacy. The U.S. Fish and Wildlife Service estimates that between 4 million to 50 million birds die every year colliding with communication towers as they cross the Gulf of Mexico during the fall and spring seasons. Towers at a certain height have lights that attract the birds, which fly into them, each other or the tower wires. In the ruling Tuesday, the court also said the FCC did not justify why it did not use federal wildlife experts to assess the environmental threat.

No comments: