Wednesday, April 30, 2008

Daily Report

• According to the Terre Haute Tribune-Star, a faulty flange resulted in synthetic gas exploding and killing two workers Monday at SG Solutions, a coal gasification plant north of Terre Haute, Indiana. (See item 1)

• The Associated Press reports several Web sites of Radio Free Europe have been attacked. The assault began Saturday and continues in the form of a denial-of-service attack that floods servers with fake traffic so legitimate visitors cannot get through, the network said, suggesting the Belarus government could be responsible. (See item 31)

Information Technology

30. April 29, IDG News Service – (International) Microsoft botnet-hunting tool helps bust hackers. Botnet fighters have another tool in their arsenal, thanks to Microsoft. The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows. Although Microsoft is reluctant to give out details on its botnet buster – the company said that even revealing its name could give cyber criminals a clue on how to thwart it – company executives discussed it at a closed door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft’s users, said an attorney with Microsoft’s World Wide Internet Safety Programs. “I think of it ... as botnet intelligence,” he said. Microsoft security experts analyze samples of malicious code to capture a snapshot of what is happening on the botnet network, which can then be used by law enforcers, he said. Botnets have been on Microsoft’s radar for about four years, ever since the company identified them as a significant emerging threat. In fact, the software vendor has held seven closed-door botnet conferences for law enforcement officials over the years, including an inaugural event in Lyon, France, hosted by Interpol, the Microsoft attorney said. Microsoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9080958&taxonomyId=17&intsrc=kc_top

31. April 28, Associated Press – (International) Radio Free Europe says it’s under attack. Several Web sites of the U.S.-funded Radio Free Europe/Radio Liberty have been attacked, the broadcaster said Monday, suggesting the Belarus government could be responsible. In the form of a denial-of-service attack that floods servers with fake traffic so legitimate visitors cannot get through, the assault began Saturday and continues, the network said in a statement. The broadcaster said it is trying to restore its Web sites. The attack is aimed mainly the site of Radio Free Europe’s Belarus service, but Web sites serving Iran, Russia, Azerbaijan, Tajikistan, Kosovo, Macedonia, Bosnia, and Croatia also have been affected. The network’s president compared the attack to communist countries jamming U.S.-backed broadcasts during the Cold War. “Dictators are still trying to prevent the kind of unfiltered news and information that (Radio Free Europe) provides from reaching their people,” he said. “They did not succeed in the last century and they will not succeed now.” Radio Free Europe/Radio Liberty is a private, nonprofit corporation that receives funding from the U.S. government. The head of the radio’s Belarus service said the attack began on the 22nd anniversary of the Chernobyl nuclear catastrophe in Ukraine. He said a similar attack took place the same day one year ago but lasted only hours and did not hit services in other languages. Source: http://www.msnbc.msn.com/id/24355333/

32. April 28, Dark Reading – (International) ‘Long-Term’ phishing attack underway. The notorious Rock Phish gang has added a new twist to its phishing exploits that does not require its victim to visit a malicious Website – instead, it just loads a malicious keylogging Trojan onto the victim’s machine that steals information or credentials. Both Trend Microand F-Secure over the past few days spotted new iterations of the attack, which was first reported by RSA last week. The latest tack is phishing emails posing as Comerica Bank and Colonial Bank that ask banking customers to renew their digital certificates. When they click on the link for more information on the phony renewal process, it downloads the nasty Trojan onto their desktops. “In a way, it’s so blatant that it reminds me of the worms of ‘04 and ‘05… such as Bagel. They would come via email, and you’d receive an executable file” in them, said a threat research project manager for Trend Micro. The danger of the so-called Zeus Trojan is that it can execute what he calls a “long-term” phishing attack on the victim. “It can stay there and log credentials, personal information, and steal personal information. Basically anything you type,” he says. The version Trend has been studying has the ability to receive downloaded updates to itself, he says. “So now the phishers don’t need to ask for passwords anymore, they can just take them.” Source: http://www.darkreading.com/document.asp?doc_id=152295

Communications Sector

33. April 28, Dark Reading – (National) Wireless vulnerabilities present enterprise-wide threats, expert says. Wireless vulnerabilities in corporate environments are creating as great a threat now as the Internet did in its early days, the CEO of AirPatrol said Monday at the Computer Security Institute’s CSI CX conference, which is being held concurrently with Interop in Las Vegas, adding that “the rapid growth of wireless networking has increased the threat.” In an effort to save money and reduce infrastructure, many companies are moving toward a wireless infrastructure, which puts their networks at a greater risk than ever, he said, adding that “many of the old vulnerabilities that existed in the wireless environment still have not been resolved.” Source: http://www.darkreading.com/document.asp?doc_id=152289

Tuesday, April 29, 2008

Daily Report

• The Inquirer reports hackers have managed to shut down the Bank of Israel for two days, taking advantage of the Jewish festival of Passover when senior staff members were out of the office. Sources from the bank said that financial reports going back to October 2007 had been deleted from the bank’s systems. (See item 8)

• According to KTVX 4 Salt Lake City, a woman says she boarded a plane for Las Vegas last Monday at Salt Lake International airport with a knife that was not detected during screening. She says the knife, which she forgot was in her purse, was caught during screening Sunday in Las Vegas. (See item 13)

Information Technology

34. April 28, IDG News Service – (National) Researcher finds new flaw in QuickTime for Windows. A security think tank says it has found a vulnerability in Apple’s QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2. From the scant details published on the GNUCitizen’s blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a Web site, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to a researcher. He does not think users are in danger of being attacked as of yet. “I highly doubt that anyone knows how to exploit this vulnerability,” he said. “I haven’t shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there.” In a video, he shows a QuickTime file sitting on the desktop of a PC running XP SP2. If a user opens the malicious file, the researcher then has control of the PC, demonstrated by the way the applications Paint, Calculator, and Notepad are seen launching, apparently without further user intervention. The demonstration is repeated on a PC running Windows Vista inside a virtual machine. Attacking vulnerabilities in applications is becoming increasingly favored by hackers, as finding problems in operating systems becomes increasingly harder, said the director of research for the SANS Institute, last week at the Infosec conference in London. The researcher said Monday that he has notified Apple of the problem. Source: http://www.pcworld.com/businesscenter/article/145189/researcher_finds_new_flaw_in_quicktime_for_windows.html

35. April 28, ars technica – (International) Microsoft gives details of massive web attack. On April 17, 2008, hundreds of thousands of pages on legitimate domains – including several at the United Nations and in the UK government – were attacked. Many of these sites ended up serving malware by redirecting users to malicious pages using JavaScript and IFRAMES. Users’ PCs were loaded with a malware program that tried eight different exploits in an attempt to hijack the system. Security companies blamed the attacks on a vulnerability in Microsoft’s web server software. Some concluded that the problem was related to an advisory regarding a bug in multiple Windows versions that could be exploited through Internet Information Services (IIS) and SQL Server. The same day as the attacks started, Microsoft disclosed an advisory for the security issue. Despite reports saying differently, the software giant has investigated the problems and has concluded that the two are not related. A Microsoft representative explained the company’s findings in his IIS blog, saying “Microsoft has investigated these reports and determined that the attacks are not related to the recent Microsoft Security Advisory (951306) or any known security issues related to IIS 6.0, ASP, ASP.Net, or Microsoft SQL technologies. Instead, attackers have crafted an automated attack that can take advantage of SQL injection vulnerabilities in web pages that do not follow security best practices for web application development.” It is still not clear how attackers are compromising such a large numbers of sites so quickly, but Microsoft is asking web administrators to look into how to avoid SQL injection attacks. Source: http://arstechnica.com/journals/microsoft.ars/2008/04/28/microsoft-gives-details-of-massive-web-attack

36. April 25, CongressDaily – (National) DHS moves to ramp up cybersecurity in federal agencies. The Homeland Security Department plans to complete an analysis in about 45

days to determine which U.S. government computer networks are most vulnerable to cyberattacks, with the intention of deploying 50 new intrusion detection systems to federal agencies by the end of the year, a top U.S. cybersecurity official said Friday. “We’re concerned that the intrusions are more frequent and they’re more targeted and they’re more sophisticated,” said the undersecretary for the department’s national protection and programs directorate. The undersecretary heads up Homeland Security’s role in the Bush administration’s so-called Cyber Initiative, a massive, multiyear, multibillion-dollar effort to counter attacks on U.S. computer networks. Most of the initiative remains classified, but Homeland Security is responsible for defending networks across the federal government or those that fall within the .gov domain. At a news conference Friday, he said the department is mapping where Internet access points exist across the .gov domain and which federal agencies are most at risk of attacks. Based on that information, the department will install 50 advanced intrusion detection devices, known as Einstein systems, by the end of 2008 to the networks most at risk, he said. “Over the next 30 to 45 days we hope to have a much more comprehensive picture of exactly which agencies are going to get the initial deployments,” he said. The number of network intrusions recorded by federal agencies is expected to rise as Einstein systems are deployed. The undersecretary said there were about 37,000 reportable incidents last year. Source: http://govexec.com/dailyfed/0408/042508pm2.htm

Communications Sector

37. April 27, Reuters – (International) EU puts second Galileo test satellite into orbit. The European Union launched the second and final test satellite for its $5.3-billion rival to the U.S. Global Positioning System on Sunday, brushing off industry doubts over its viability. The Galileo project, Europe’s biggest single space program, has been plagued by delays and squabbling over funding that ended only when the EU agreed to funnel public funds into it. The experimental satellite, Giove-B, was put into orbit by a Soyuz rocket in Kazakhstan and is due to test technologies for Galileo, such as a high-precision atomic clock and the triple-channel transmission of navigation signals, the executive European Commission said in a statement. “(The project) will be operational in 2013 and already we think this will be profitable,” the EU’s transport commissioner told Reuters after monitoring the launch from the Fucino control centre in the hills of central Italy. Galileo, whose first experimental satellite was launched in December 2005, has been plagued by doubts about its viability given the dominant position of the U.S. GPS and similar projects planned by Russia and China. Critics have also labeled it too expensive, despite Commission arguments that it would create thousands of jobs and ensure independence from the U.S. service. Source: http://www.reuters.com/article/marketsNews/idUSL2730916620080427

Monday, April 28, 2008

Daily Report

• According to WJLA 8 Washington, a Mesa Airlines pilot’s laptop, filled with top secret security information, was reported missing on April 17 at Dulles Airport, District of Columbia. Seventeen airports were forced to make emergency changes to access codes at Dulles, Atlanta, Phoenix, Chicago’s O’Hare, and San Antonio. (See item 17)

• MSNBC reports the head of Interpol said Friday that there is a “real possibility” that the Beijing Olympics will be targeted by terrorists or that anti-China groups could attack athletes. (See item 35)

Information Technology

32. April 25, IDG News Service – (National) Researcher finds new way to hack Oracle database. A security researcher has released technical details of a new type of attack that could give a hacker access to an Oracle database. Called a lateral SQL injection, the attack could be used to gain database administrator privileges on an Oracle server in order to change or delete data or even install software, he said in an interview on Thursday. He first disclosed this type of attack at the Black Hat Washington conference last February, but on Thursday he published a paper with technical details. In a SQL injection, attackers create specially crafted search terms that trick the database into running SQL commands. Previously, security experts thought that SQL injections would only work if the attacker was inputting character strings into the database, but the paper showed that the attack can work using new types of data, known as date and number data types. The attack targets the Procedural Language/SQL programming language used by Oracle developers. The researcher was not sure how widespread lateral SQL injection vulnerabilities are, but he thinks the attack could cause real damage in some scenarios. “If you happen to be using Oracle and you write your own applications on it, then yes, you could be writing vulnerable code,” he said. “The sky is not falling ... but it’s certainly something that people should be made aware of.” Database programmers should review their code to be sure it is checking to make sure that all of the data it is processing is legitimate, and not injected SQL commands, he said. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/04/25/Researcher-finds-new-way-to-hack-Oracle-database_1.html

33. April 25, IDG News Service – (National) Spammers ramp up siege on Google’s Blogger via bots. Spammers are using an automated method to create bogus pages on Google’s Blogger service, again highlighting the diminishing effectiveness of a security system intended to stop mass account registrations, according to security vendor Websense. The spammers are sending coded instructions to PCs in their botnets, or networks of computers that have been infected with malicious software, wrote a threat analyst, on Websense’s blog. Those sophisticated instructions tell PCs how to register a free account on Blogger. The spammers also figured out a way to solve the CAPTCHA, the warped text that has to be deciphered in order to complete an account registration. The compromised PC sends a request to an external host that tries to solve the CAPTCHA and then sends the answer back to the PC. Websense estimates the process has an 8 to 13 percent success rate. It is unknown how exactly the CAPTCHA gets solved. It has been theorized the process has been outsourced to real humans who get paid for every one deciphered. But researchers have successfully developed methods that enable computers to increase their success rate at solving the puzzles, indicating that hackers have also figured out how to do it. Security vendors and researchers have seen a rapid rise in accounts used for spam on free e-mail services from Microsoft, Yahoo, and Google, indicating current CAPTCHA technology has reached the end its usefulness. Source: http://www.infoworld.com/article/08/04/25/Spammers-ramp-up-siege-on-Google-Blogger_1.html

34. April 24, Dark Reading – (International) Securing the Internet’s DNS. The Internet is slowly inching closer to ratcheting up the security of its Domain Name System (DNS) server architecture: The Internet Corporation for Assigned Names and Numbers (ICANN) plans to go operational with the secure DNS technology, DNSSEC, later this year in one of its domains. ICANN officials said the organization plans to add DNSSEC to its .arpa Internet domain servers, and that the .org domain servers as well as the .uk servers also will go DNSSEC soon. Country domains .swe (Sweden), .br (Brazil), and .bg (Bulgaria) already run the secure version of DNS for their domain servers. DNSSEC, which stands for DNS Security Extensions, digitally signs DNS records so that DNS responses are validated as legitimate and not hacked or tampered with. That ensures users do not get sent to phishing sites, for example, when requesting a legitimate Website. DNS security increasingly has become a concern, with DNS prone to these so-called cache poisoning attacks, as well as distributed denial-of-service (DDOS) attacks like the one last year that temporarily crippled two of the Internet’s 13 DNS root servers. But DNSSEC adoption has been slow in coming, mainly due the complexity of managing the keys. Converting .arpa – a domain mostly relegated to Internet research sites – to DNSSEC is not quite the same as securing .com, but it could signal that DNSSEC is finally ready for prime time, experts say. Still, DNSSEC is not completely
useful unless all domains have deployed it. Source:
http://www.darkreading.com/document.asp?doc_id=152032&print=true

Communications Sector

Nothing to Report

Friday, April 25, 2008

Daily Report

• According to the Daily Breeze, attorneys for the University of California, Los Angeles, on Tuesday obtained a preliminary injunction against animal rights groups and activists accused of harassing university researchers who conduct experiments using animals. The injunction extends and expands a temporary restraining order granted February 22. (See item 22)

• Computerworld reports large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations, have been hacked and are serving up malware, a security researcher said Thursday, as massive JavaScript attacks last detected in March resume. (See item 25)

Information Technology

25. April 23, Computerworld – (International) Hackers jack thousands of sites, including UN domains. Large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations (UN), have been hacked and are serving up malware, a security researcher said today as massive JavaScript attacks last detected in March resume. “They’re using the same techniques as last month, of an SQL injection of some sort,” said the vice president of security research at Websense Inc., referring to large-scale attacks that have plagued the Internet since January. Among the sites hacked were several affiliated with either the UN or U.K. government agencies. The exact number of sites that have been compromised is unknown. He estimated that it is similar to the March attacks, which at their height infected more than 100,000 URLs, including prominent domains such as MSNBC.com. “The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack,” Websense said in an alert posted yesterday to its Web site. “We have no doubt that the two attacks are related.” Although the malware-hosting domain has changed, it is located at a Chinese IP address, just like the one used in March, he said. “It also looks like they’re using just the one [hosting] site, but changing the link within the JavaScript,” he added, talking about an obfuscation tactic that the attackers have used before. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9079961&source=rss_topic17

26. April 23, Dark Reading – (International) Researchers infiltrate and ‘pollute’ Storm botnet. Sophisticated peer-to-peer (P2P) botnets like Storm that have no centralized command and control architecture have frustrated researchers because they are tough to dismantle. But a group of European researchers has come up with a way to disrupt these stealthy botnets – by “polluting” them. The researchers, from the University of Mannheim and the Institut Eurecom, recently infiltrated Storm to test out a method they came up with of analyzing and disrupting P2P botnets. Their technique is a spinoff of traditional botnet tracking, but with a twist: It not only entails capturing bot binaries and infiltrating the P2P network, but it also exploits weaknesses in the botnet’s P2P protocol to inject “polluted” content into the botnet to disrupt communication among the bots, as well as to study them more closely. The researchers tested their pollution method out on Storm, and it worked. They presented their research this month at Usenix. “Our measurements show that our strategy can be used as a way to disable the communication within the Storm botnet to a large extent,” the researchers wrote in their paper. “As a side effect, we are able to estimate the size of the Storm botnet, in general a hard task.” Their Storm stats: the researchers crawled Storm every 30 minutes from December of last year through February of this year, and saw between 5,000 and 40,000 machines online at a time. And the U.S. has the most Storm bots, with 23 percent, according to the researchers, who said they spotted Storm bots in 200 countries. Source: http://www.darkreading.com/document.asp?doc_id=151862&f_src=drdaily

27. April 22, New Scientist News – (National) Beating the “botnets.” A team at the University of Washington wants to marshal swarms of good computers to neutralize the bad ones. They say their plan would be cheap to implement and could cope with botnets of any size. Current countermeasures are being outstripped by the growing size of botnets, says the Washington team, but assembling swarms of good computers in defense could render DDoS attacks obsolete. Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of “mailbox” computers. The many mailboxes do not simply relay information to the server like a funnel – they only pass on information when the server requests it. That allows the server to work at its own pace, without being swamped. Phalanx also requires computers wishing to start communicating with the protected server to solve a computational puzzle. This takes only a small amount of time for a normal web user accessing a site. But a zombie computer sending repeated requests would be significantly slowed down. The Washington team simulated an attack by a million-computer botnet on a server connected to a network of 7,200 mailboxes organized by Phalanx. Even when the majority of the mailboxes were under simultaneous attack, the server was not overwhelmed and could still function normally. A paper on Phalanx was presented at the USENIX symposium on Networked Systems Design and Implementation, held last week in San Francisco. Source: http://technology.newscientist.com/article/dn13753-to-defeat-a-malicious-botnet-build-a-friendly-one.html

Communications Sector

28. April 23, IDG News Service – (National) Telecom carriers: ‘Phantom’ voice traffic costing billions. Some VoIP and mobile phone service providers are riding free when connecting to the traditional telephone network in the U.S., potentially costing carriers billions of dollars, according to testimony at a Senate hearing Wednesday. Many voice calls now do not include the identification needed for carriers to charge access fees for calls coming into their networks, said the general manager of Rock Port Telephone. These so-called phantom calls are particularly hard on rural telephone carriers, which receive an average 29 percent of their revenues from the intercarrier compensation system, he told the Senate Commerce, Science, and Transportation Committee. Some VoIP providers have refused to pay access fees by saying the U.S. Federal Communications Commission (FCC) has “given them permission to use the networks for free because they’re IP,” he said. In 2007, 18 percent of Rock Port Telephone’s voice minutes were unbillable, and some rural carriers are seeing up to 30 percent of their minutes from phantom traffic, he said. He asked senators to push the FCC to require that all voice traffic pay intercarrier compensation fees. “If the FCC lets this continue, Americans who live in rural areas will likely see their phone bills escalate,” he said. “Their quality of service will be decreased, and [there will be] large reductions of investments in broadband.” Source: http://www.infoworld.com/article/08/04/23/Telecom-carriers-Phantom-voice-traffic-costing-billions_1.html

Thursday, April 24, 2008

Daily Report

• The Patriot Ledger reports unionized workers at the Pilgrim nuclear power plant are raising financial concerns about Entergy Corp.’s plan to spin off its plant and five other reactors into a new company. They say the new company could be saddled with as much as $6.5 billion in debt, which could increase the potential for layoffs, deferred maintenance, and safety risks at the plants. (See item 5)

• According to CNSNews.com, a former U.S. Army mechanical engineer is accused of passing secret defense documents to Israel in the early 1980s. The documents allegedly contained information on nuclear weapons, a modified F-15 fighter plane, and the U.S. Patriot missile air defense system. (See item 7)

Information Technology

31. April 23, IDG News Service – (International) CNN site hit by China attack. After being called off Friday, the on-again, off-again cyberattack against CNN’s Web site again picked up steam early this week, according to network security analysts. At its peak, the attack has sucked up 100MBps in bandwidth, enough to slow the news Web site for some visitors. “That’s a decent-sized attack,” said a senior security engineer with Arbor Networks. “Globally speaking, it’s probably garden-variety.” Organizers had originally called for the attack to be launched on April 19. But they soon called off their efforts with one organizer, CN-Magistrate, saying that “too many people are aware of it, and the situation is chaotic.” CN-Magistrate soon disbanded his Web site devoted to these attacks and dropped out of public view. Hackers had launched some low-intensity attacks against CNN ahead of the April 19 deadline, but on Sunday, another group calling itself HackCNN picked up the attack. CNN visitors experienced a noticeable slowdown during the early hours of Sunday and Monday, researchers said. This group also managed to deface a Sports Network Web site (sports.si.cnn.com), replacing sports scores with slogans such as “Tibet was, is, and always will be a part of China!” Although a CNN spokeswoman said that the Web site was not taken down by the attacks, Web monitoring company Netcraft said that some of its sensors were unable to get a response from CNN servers in Phoenix, San Jose, California, London, and Pennsylvania for about three hours on Sunday. On Monday, response times to CNN were as slow as two-tenths of a second, Netcraft said. CNN did slow down the rate at which network traffic from the Asia-Pacific region was able to reach its Web site, the spokeswoman said. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/04/23/CNN-site-hit-by-China-attack_1.html

32. April 23, Computer Weekly – (International) Use of new technologies exposing UK firms to risk, report finds. The adoption of new technologies is exposing UK companies to high levels of risk, according to a government security survey. The 2008 Information Security Breaches survey for the Department for Business, Enterprise, and Regulatory Reform reveals that although 17 percent of UK companies have adopted voice over IP (VoIP), only 30 percent have evaluated the security risk involved. Companies adopting VoIP were twice as likely to suffer a security breach, said the author of the report, which shows the number of UK companies that have implemented VoIP has doubled since the last survey in 2006. The same level of exposure was also true for the 42 percent of companies that have adopted wireless networks and the 54 percent of companies that have implemented remote access to corporate IT systems, said the report’s author. Instant messaging (IM) was another area of concern, he said, because it exposes companies to the same risks as e-mail, but half of companies using IM do not have any security controls in place. The report notes that financial companies take the most steps to mitigate IM risks, but said even in this sector, a third have taken no steps. Source: http://www.computerweekly.com/Articles/2008/04/23/230401/infosecurity-2008-use-of-new-technologies-exposing-uk-firms-to-risk-report.htm

33. April 22, vnunet.com – (International) Most breaches down to lost or stolen kit. Microsoft’s latest security report has shown that breaches from hacking attacks are plummeting, while lost equipment now accounts for over half of all security problems. Lost or stolen hardware was responsible for 58 percent of all data security breaches in the last six months of 2007. This compares with just 13 percent as a result of hacking, down from an average of 23 percent for previous years. “We all have smartphones and laptops and it is losing these that is a major problem,” said the general manager for Microsoft’s Malware Protection Agency. “If you think about what is often kept on these devices, losing it in public is a major problem.” The data comes from Microsoft users around the world and is analyzed by Microsoft malware labs. The information has allowed the company to create a threat map of the world, showing on average how many computers need to be scanned to find one piece of malware. Source: http://www.vnunet.com/vnunet/news/2214887/hacking-fades-favour-theft

34. April 22, IDG News Service – (National) Microsoft data show Web attacks taking off. Criminals changed tactics in the last six months of 2007, dropping malicious e-mail in favor of Web-based attacks, according to data reported to Microsoft by Windows users. The company saw the number of Trojan downloader programs it removed from Windows machines jump by 300 percent, according to the principal architect of Microsoft’s Malware Protection Center. These programs masquerade as legitimate pieces of software, but once installed they then download malicious software such as spyware or adware onto the victim’s computer. They are typically installed via the Web. The shift to the Web has been forced onto criminals, as system administrators have become better at blocking executable files from being sent via e-mail. Many companies compile data on Web attack trends, but Microsoft’s is the most comprehensive – based on data from the approximately 450 million computers that run the Microsoft Malicious Software Removal Tool that ships with Windows. On average, Microsoft removed malware from one out of every 123 computers it inspected each month during the period. In the U.S., that number was one in every 112. Japan was the least-infected country, with malware found on just one in 685 machines. Microsoft published its findings Monday in its Microsoft Security Intelligence Report, Volume 4. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/04/22/Microsoft-data-show-Web-attacks-taking-off_1.html

Communications Sector

Nothing to Report

Wednesday, April 23, 2008

Daily Report

• The Associated Press reports Santa Barbara County inspectors have ordered a Greka Oil & Gas Co. facility near Santa Maria, California, to stop work after finding a possibly dangerous leak. (See item 3)

• According to the Globe and Mail, two Toronto-area executives face charges of fraud and conspiracy for allegedly seeking to defraud the U.S. military of up to $11 million on a contract for night-vision goggles. (See item 10)

Information Technology

36. April 22, Age – (International) S. Korea’s presidential office hit by computer virus attack. South Korea’s presidential office said Tuesday its computer systems had been infected by a computer virus, resulting in the leak of some non-classified data. The presidential Blue House said in a statement the now-defunct secretariat of the presidential National Security Council was infected with a “worm” virus due to human negligence in mid-February, days before the new president took office. Traces of a virus were discovered in early March during security checks on computer systems received from the previous government, according to the president’s office. The virus attack caused the leak of personal and other data, the statement said, but a presidential spokesman said the data was not classified. The Blue House has taken actions to counter viruses and is considering disciplinary measures for those involved, according to the statement. Source: http://news.theage.com.au/skoreas-presidential-office-hit-by-computer-virus-attack/20080422-27ve.html

37. April 22, Economic Times India – (International) Beware of hacker attacks via Orkut, Facebook. As per the 2007 Internet Security Threat Report compiled by anti-virus and security solutions major Symantec, social networking sites have become the latest target of hackers to attack home and enterprise computers. “With the web emerging as the seamless medium of communication, information and interaction, online users are prone to get infected by engaging in social networking and browsing frequented websites due to malicious online activity in the form of worms, bots, viruses and Trojans,” Symantec India managing director said. Some of the popular social networking sites on the worldwide web are Bebo, Facebook (70 million registered users worldwide), Flickr (9.6 million users), MySpace (1.1 billion users), and Orkut. Source: http://economictimes.indiatimes.com/Beware_of_hacker_attacks_via_Orkut_Facebook/articleshow/2970560.cms

38. April 21, IDG News Service – (International) Mac hack contest bug had been public for a year. The winner of last month’s PWN2OWN contest to install unauthorized software on a machine running a fully patched version the Mac OS X operating system exploited a flaw that had been publicly disclosed nearly a year before the contest. The flaw, it turns out, lay in an open-source software library called the Perl Compatible Regular Expressions (PCRE) library, which is used by many products including Apache, the PHP scripting language, and Apple’s Safari browser, which a person hacked to win the contest. In an e-mail interview, a security researcher said he found the bug, which he publicly disclosed in November 2007. PCRE developers fixed the bug months earlier while writing an incomplete fix for the issue in the May 2007 PCRE 6.7 product. Although Apple’s Safari browser uses the PCRE software library, the company did not patch its version of the library until late last week. That means that an astute hacker who had noticed the fix in PCRE 6.7 would have been given an early tip on how to hack into Apple’s computers. Discovering a software bug is the first step toward figuring out how to use that flaw in an attack, but not every flaw leads to a successful exploit. In an e-mail interview, the contest winner confirmed that the bug he had exploited was the same one that was patched in PCRE 6.7, but said that researchers at his company, Independent Security Evaluators, had found it “completely independently.” Source: http://www.pcworld.com/businesscenter/article/144921/mac_hack_contest_bug_had_been_public_for_a_year.html

Communications Sector

39. April 20, IDG News Service – (International) Vietnam launches its first satellite. Vietnam launched its first satellite over the weekend to provide telecommunications, broadcasting, and Internet links across the country. Vinasat-1 was carried into space aboard an Ariane 5 rocket from the European spaceport in French Guiana at 7:17 p.m. local time Friday evening. “With transmission capacity equivalent to 10,000 voice, Internet and data channels, or 120 TV channels, Vinasat-1 will help Vietnam bring telecommunications, Internet and television services to all isolated, mountainous and island areas where other means of transmission is not feasible,” Vietnam’s minister of information and communication said in a televised speech shortly after the launch. The country is expecting economic gains from the telecommunications links that the satellite will support. Vinasat-1 was built by Lockheed Martin and will be positioned at 132-degrees East. It carries 12 Ku-band and 8 C-band transponders and has a design lifetime of 15 years. Its footprint will cover all of South East Asia in addition to the eastern part of China, India, Korea, Japan, Australia, and Hawaii. Five other nations in the region already have their own satellites in space: Indonesia, Malaysia, the Philippines, Singapore, and Thailand. Source: http://www.pcworld.com/businesscenter/article/144864/vietnam_launches_its_first_satellite.html

Tuesday, April 22, 2008

Daily Report

• CNN reports a South Carolina high school senior arrested in an alleged bomb plot had the ingredients to assemble a bomb in minutes, police said Monday. The teenager was arrested Saturday after his parents called police when ten pounds of ammonium nitrate was delivered to their home. (See item 24)

• According to KOAT 7 Albuquerque, forestry officials said that the Trigo Fire in the Cibola National Forest had grown to 3,745 acres Monday morning, nearly triple the size it was early Sunday. The Torrance County, New Mexico, emergency manager called the situation severe. (See item 36)

Information Technology

30. April 21, IDG News Service – (International) Rock Phish gang adds second punch to phishing attacks. A notorious online gang known for its prolific phishing operations has expanded its means of attack, potentially putting more PC users at risk of losing personal data. The Rock Phish gang surfaced around 2004, becoming well-known for its expertise in setting up phishing sites, which seek to trick people into divulging sensitive data, as well as for selling phishing kits designed for less technical cybercriminals. Now, the phishing sites linked with the Rock Phish gang are being rigged with a drive-by download, a type of attack that can infect a PC with malicious software without any interaction by the user, researchers from vendor RSA said Monday. The one-two punch means that even people who go to the phishing site but are not fooled into inputting their personal details could still be infected, wrote a senior researcher, on RSA’s blog. The phishing Web site tries to exploit any software vulnerabilities, and if it finds one, will then load the Zeus Trojan onto the PC. Zeus is particularly dangerous: it can collect data on forms, take screen shots, pilfer passwords from browsers, and remotely control the computer, the researcher wrote. Zeus also comes in at least 150 flavors. One of the phishing kits being sold now for US$700 masks how Zeus appears to security programs. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/04/21/Rock-Phish-gang-adds-second-punch-to-phishing-attacks_1.html

31. April 21, vnunet.com – (National) Microsoft warns of web server flaw. Microsoft is investigating a newly reported flaw that could put websites at risk of attack. The company has issued an advisory on the vulnerability, which affects Windows XP Professional SP2, Windows Server 2003, Windows Vista, and Windows Server 2008. The problem exists in Windows’ handling of code within its Internet Information Services (IIS) and SQL Server. If exploited, the vulnerability could allow a user to elevate access privileges to that of the LocalSystem administration tool. Microsoft warned that companies that make extensive use of user-provided code, such as site hosts, are especially vulnerable. Microsoft has yet to receive any reports of the vulnerability being targeted, but security experts have already warned of a possible attack. “The vulnerability is limited to a local privilege escalation, but IIS’ susceptibility is concerning,” wrote a McAfee researcher. “The web server is widely used on the internet, and is a top pick by web-hosting providers. We might see web-hosting providers targeted, and their clients’ websites breached.” Microsoft is still investigating the reports and will make a decision on whether to issue a patch immediately or wait until its next scheduled security update on May 13. Source: http://www.vnunet.com/vnunet/news/2214722/microsoft-warns-web-server

32. April 19, ars technica – (International) EU states agree that inciting terrorism on the Internet is a crime. Representatives of the EU’s 27 member states formally agreed today to harmonize their respective countries’ definitions of criminally prosecutable acts of terrorism by expanding them to include three new types of crimes: “public provocation to commit a terrorist offence, [terrorist] recruitment, and training for terrorism.” The definition of “public provocation” was especially controversial, and it encompasses content posted on the Internet, including not only direct incitements to violence but also terrorist propaganda and bomb-making expertise. The decision was not without controversy, and misgivings about the possible limits on freedom of expression implied in the Amendment to the 2002 Council Framework Decision on combating terrorism were aired in a round-table session on Monday. An EU Parliament report on the round-table summarized the concerns of one British representative, who recounted how British law enforcement had allegedly threatened to use anti-terror laws to arrest some of the protesters at the London leg of the Olympic torch relay. Her concern, much like those who have been raising objections to this “public provocation” language since it was proposed last year, is that the Amendment will push member states down a slippery slope toward criminalizing legitimate political expression. Source: http://arstechnica.com/news.ars/post/20080419-eu-states-agree-that-inciting-terrorism-on-the-internet-is-a-crime.html

33. April 19, IDG News Service – (International) CNN cyberattack called off. A planned cyberattack against CNN’s Web site fizzled out Saturday as the group backing the event called it off. “Our original plan for 19 April has been canceled because too many people are aware of it and the situation is chaotic,” wrote a group called “Revenge of the Flame,” according to a translation posted on the Dark Visitor Blog. “At an unspecified date in the near future, we will launch the attack.” Pro-China hackers had called for the attack in protest of the news network’s coverage of Tibet, which they believe has been overly critical of China. Participants had been instructed to flood CNN’s Web site with Internet traffic in hopes of knocking it offline, something known as a distributed denial of service attack. Some had begun hitting the site ahead of the April 19 attack date. On Friday, CNN reported that it had been attacked Thursday causing the site “to be slow or unavailable to some users in limited areas of Asia.” The net effect of the attack was “imperceptible,” CNN said. Network monitoring company Arbor Networks observed that www3.cnn.com was hit with a minor 14-MB-per-second attack that lasted about 21 minutes, according to the company’s chief research officer. Source: http://www.networkworld.com/news/2008/041908-cnn-cyberattack-called.html

Communications Sector

34. April 19, IDG News Service – (National) EarthLink redirect service poses security risk, expert says. A vulnerability in servers used by EarthLink Inc. to handle mistyped Web page requests may have allowed attackers to launch undetectable phishing attacks against any Internet site, according to a noted Internet security researcher. The bug, which was patched earlier this week, underscores a fundamental security risk in the way that some Internet service providers are attempting to generate advertising revenue from mistyped Web addresses, said the director of penetration testing at IOActive Inc., a security consulting firm. The vulnerability was in a service called Barefruit, which EarthLink has been using since August 2006 to return Web pages with search terms and advertising to customers who mistype a domain name in their browser. With Barefruit’s servers, users are told that nonexistent addresses do exist and are then sent to a Web page that displays advertising and suggested search terms. Because of a bug in the software used to redirect users to these advertising and search pages, the researcher was able to get the pages to run his own JavaScript code, enabling him to steal users’ cookies, create fake Web sites that appeared to be hosted on legitimate domains, and even log into certain Web sites without authorization. EarthLink is not the only Internet service provider to be testing this system. The researcher said he found evidence of Barefruit or similar systems being tested on Verizon, Time Warner, Qwest, and Comcast, which outsources some of its network to EarthLink. “The security of the entire Web for these ISPs is right now limited by the security of some random ad server run by a British company,” he said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9079099&source=rss_topic17

Monday, April 21, 2008

Daily Report

• Foster’s Daily Democrat reports the Memorial Bridge in Portsmouth, New Hampshire, will be closed from April 21 to April 26 for much needed repair work, forcing commuters to seek alternate routes across the Piscataqua River. (See item 15)

• According to the Associated Press, a homeless man has come forward with two sets of confidential blueprints for the planned New York City Freedom Tower that he says were dumped in a lower Manhattan trash can. The agency that owns the World Trade Center site calls it a serious security lapse. (See item 41)

Information Technology

36. April 18, IDG News Service – (National) Chinese blogs detail zero-day flaw in Microsoft Works. Chinese-language blogs are detailing a zero-day vulnerability in Microsoft Works, the company’s lower-end office productivity suite, according to security vendor McAfee. The vulnerability is within an ActiveX control for the Works’ Image Server, a McAfee analyst wrote. A PC would need to visit a Web site engineered to exploit the flaw. A zero-day flaw is a software vulnerability that has become public knowledge but for which no patch is available. It is particularly dangerous since users are exposed from day zero until the day a vendor prepares a patch and notifies users it is ready. Proof-of-concept code was posted on a Chinese blog showing how the problem could cause Windows to crash. Then, a few hours later, a working exploit appeared, which could allow malicious code to run on a machine. Source: http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html

37. April 18, ITProPortal – (Oklahoma) Oklahoma State leaks tens of thousands of social security numbers. Residents of Oklahoma were told this week that tens of thousands of their names, social security numbers, and allied data were effectively available on the Web for around three years. The source of the problem, says a software security researcher with Fortify Software, is poor coding on the state’s Department of Corrections Web site. “This is a classic SQL injection vulnerability,” he said, adding that, in this case, the security lapse could easily have been caught with a simple code review. Had some form of automated analysis been part of the release procedure for this Web site, the incident could have been avoided, he said. According to newswire reports, anyone with a basic knowledge of SQL programming could interpret the URL and other data returned by the Oklahoma DoC Web site. Then, by the simple process of amending the long URLs returned by the site, they could retrieve tens of thousands of social security numbers and their allied data from the site. Source: http://www.security.itproportal.com/articles/2008/04/18/oklahoma-state-leaks-tens-thousands-social-security-numbers/

38. April 17, Secunia – (National) Mozilla Firefox Javascript Garbage Collector vulnerability. A vulnerability has been reported in Mozilla Firefox, which can potentially be exploited to compromise a user’s system. The vulnerability is caused due to an error in the Javascript Garbage Collector and can be exploited to cause a memory corruption via specially crafted Javascript code. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 2.0.0.13. Prior versions may also be affected. Source: http://secunia.com/advisories/29787/

Communications Sector

39. April 18, International Herald Tribune – (International) Era of in-flight mobile phone use begins in Europe. Relatively unobtrusive data calls, like mobile e-mail and messaging, have been available for a while on airlines including Emirates, Qantas, JetBlue, Virgin America, and Alaska Airlines. But last month, Emirates became the first airline to enable in-flight mobile voice services, on an Airbus A340 from Dubai to Casablanca. On April 2, Air France began offering voice calls on one of its jets on a trial basis, and BMI of Britain and TAP of Portugal plan to do the same. Although U.S. airlines have shunned the service, Ryanair, Europe’s largest low-cost airline, is so confident mobile phoning will prove popular that it plans to start offering it in June without even bothering with a trial. With the Air France trial, passengers only learn about the possibility of using their phone once they are on the plane. An announcement refers them to an instruction card in the seat pocket. They are told to switch off their phones during take-off and landing – and a special icon has been added next to the seatbelt sign to indicate when phones can be turned on. But there are still a number of hurdles to be overcome. The technology, which lets users make and receive calls through a satellite-linked, on-board base station, delivers a patchy quality that keeps most in-flight calls short and tinny. So far, only six passengers on any given flight can get a signal at the same time, although that is due to be expanded to 12. And then there are the roaming charges of as much as $4.80 per minute. Source: http://www.iht.com/articles/2008/04/18/business/cell.php

40. April 18, Los Angeles Times – (National) EBay may consider selling Skype phone division. EBay Inc. said Thursday that it would consider selling its Skype telephone division if it could not be integrated with other units. EBay will review Skype this year, and if its chief executive officer determines the unit does not help the auction and PayPal payment system, it will be reassessed and may be sold, an EBay spokesman said. The auctioneer bought Skype, which enables users to make calls over the Internet, for $2.6 billion in 2005 with the intent of using it to facilitate the sale and purchase of goods online. The company said last year that the phone service had not lived up to those expectations. In October, EBay wrote off $1.39 billion for Skype. Skype has 309 million registered users. Source: http://www.latimes.com/business/la-fi-skype18apr18,1,7995341.story

Friday, April 18, 2008

Daily Report

• The Galveston County Daily News reports the U.S. Department of Labor cited Valero Energy Corp.’s Port Arthur, Texas, refinery for 16 safety violations and proposed penalties of $101,750. Thirteen of the 16 citations are classified as “serious,” meaning they have the potential to cause death or serious injury. (See item 3)

• According to the Associated Press, waves have eaten a chunk five feet deep and ten to 12 feet wide in the Montegut Marsh Management levee in Louisiana. Terrebonne Parish levee officials have set aside $35,000 to plug the hole with rocks before the winds change and waters rise higher. (See item 35)

Information Technology

30. April 17, vnunet.com – (National) Apple patches critical Safari holes. Apple has patched four security vulnerabilities in Safari affecting the Mac OS X and Windows versions of the web browser. The vulnerabilities range from cross-site scripting to remote code execution. For Windows XP and Vista users, the update addresses four flaws. Two of the vulnerabilities, a memory overflow error in the browser itself and a buffer overflow in the JavaScript component, could be exploited by an attacker to remotely install and execute malware on a target system. Another flaw in the browser could allow for a URL to be displayed without the page itself being loaded. Apple warned that this could be exploited by an attacker to spoof legitimate sites by displaying normal URLs with forged web pages. The fourth vulnerability is a flaw in the browser’s WebKit component. An attacker could use a malformed URL to exploit the vulnerability and perform a cross-site scripting attack. Mac users will receive updates for just two of the four flaws. Apple patched the JavaScript remote code execution flaw as well as the cross-site scripting vulnerability in the OS X version of the Safari patch. Users can download the Safari update through Apple’s Software Update application or from the company’s Safari download site. Source: http://www.vnunet.com/vnunet/news/2214507/apple-patches-safari-holes

31. April 17, Associated Press – (National) Most computer users repeat passwords, at their peril. Using the same password for multiple Web pages is the Internet-era equivalent of having the same key for your home, car, and bank safe-deposit box. Even though a universal password is like gold for cyber crooks because they can use it to steal all of a person’s sensitive data at once, nearly half the Internet users queried in a new survey said they use just one password for all their online accounts. At the same time, 88 percent of the 800 people interviewed in the U.S. and the U.K. for the survey by the Accenture consultancy, which is to be released Thursday, said personal irresponsibility is the key cause of identity theft and fraud. Researchers say the findings suggest that many users underestimate the growing threat from organized cyber criminals who can reap big profits from selling stolen identities. “There’s a lot of confusion out there – a lot of people don’t think there’s a problem,” said a senior executive in Accenture’s global security practice. He said the problem with repeating passwords is that a hacker who successfully breaks into one account then has an easy time guessing how to get into all the user’s other accounts. Source: http://news.yahoo.com/s/ap/20080417/ap_on_hi_te/techbit_password_peril;_ylt=AnKf5Jj8hmkE4G9HTD.qDFoRSLMF

32. April 17, BetaNews – (National) Latest Firefox update causes crashes, possible hole. While there is no evidence of an exploit as of yet, Mozilla is taking a proactive measure to fix the issue before it could be. A problem with stability which resulted in crashes and evidence of memory corruption was remedied in Firefox 2.0.0.13, however apparently the fix did not completely close any holes. In fact, it seems as if it introduced new stability issues, where crashes occurred during JavaScript garbage collection. That feature allows a developer to reclaim the memory occupied by strings, objects, arrays, and functions that are no longer in use. “We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past,” Mozilla said in an advisory. Thunderbird is vaScript needs to be enabled. By default, this is not, and s users from running scripts within mail. JavaScript garbage cropped up in the past. In February 2006, Mozilla addressed ox 1.5 which also posed a memory corruption and arbitrary also affected, however, JaMozilla said it discourage collection problems have several issues within Firefcode risks.
Source:
http://www.betanews.com1208442989/article/Latest_Firefox_update_causes_crashes_possible_hole/

Communications Sector

33. April 16, IDG News Service – (International) Survey: 12 percent of consumers ‘borrow’ free Wi-Fi. Although it is illegal in some parts of the world, 12 percent of U.S. and U.K. respondents to an Accenture survey have logged on to someone else’s unsecured Wi-Fi connection. Data that is sent via unsecured wireless routers is unencrypted and could theoretically be read by anyone who had the right network sniffing tools, but many people have tried logging on to unsecure Wi-Fi. Logging on to open Wi-Fi signals is most popular with 18- to 34-year-olds, Accenture said. Nearly a third of them said they had done this at some point. The practice is apparently more common in the U.S., where one in seven have piggybacked on free Wi-Fi networks, than in the U.K., where Accenture found that it was attempted by one in 11. In some parts of the world, Wi-Fi piggybacking is considered to be a form of criminal hacking. In August, police arrested a 39-year-old man for using his laptop to connect to an unsecured Wi-Fi connection as he sat on a garden wall in the London suburb of Chiswick. And in a case that was widely publicized in the U.S., a Sparta, Michigan, man was charged after using a cafe’s wireless connection to check his e-mail. Source: http://news.yahoo.com/s/pcworld/20080416/tc_pcworld/144727

Thursday, April 17, 2008

Daily Report

• According to the Daily Planet, the more than 6,500-acre fire that raged through Crowley County, Colorado, on Tuesday downed live power poles throughout the area. About 25 power poles burned, and the town of Ordway and surrounding communities were without electricity. (See item 2)

• IDG News Service reports many executives from major technology companies have expressed concern about the exhaustion of available IP addresses using IP version 4. Executives say the solution is to switch to IP version 6. (See item 39)

Information Technology

37. April 16, IDG News Service – (National) Malicious microprocessor opens new doors for attack. For years, hackers have focused on finding bugs in computer software that give them unauthorized access to computer systems, but now there is another way to break in: Hack the microprocessor. On Tuesday, researchers at the University of Illinois at Urbana-Champaign demonstrated how they altered a computer chip to grant attackers back-door access to a computer. It would take a lot of work to make this attack succeed in the real world, but it would be virtually undetectable. To launch its attack, the team used a special programmable processor running the Linux operating system. The chip was programmed to inject malicious firmware into the chip’s memory, which then allows an attacker to log into the machine as if he were a legitimate user. To reprogram the chip, researchers needed to alter only a tiny fraction of the processor circuits. They changed 1,341 logic gates on a chip that has more than one million of these gates in total, said an assistant professor in the university’s computer science department. “This is like the ultimate back door,” he said. “There were no software bugs exploited.” The professor demonstrated the attack on Tuesday at the Usenix Workshop on Large-Scale Exploits and Emergent Threats, a conference for security researchers held in San Francisco. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9078058&taxonomyId=17&intsrc=kc_top

38. April 15, Network World – (National) Oracle patches 41 security flaws in database and other products. Oracle released 41 security fixes for its flagship database and several other products Tuesday, including 15 patches for vulnerabilities that can be exploited remotely without a username or password. The presence of vulnerabilities that can be exploited without authentication “means that your database is a sitting duck unless you deploy this patch,” says the chief technical officer of database security vendor Sentrigo. Oracle database products account for 17 security patches, two of which could be exploited remotely over a network without authentication. The rest of the fixes are spread across Oracle’s Application Server, Collaboration Suite, and E-Business Suite products, as well as Oracle’s PeopleSoft and Siebel software. SQL injections might be among the attacks customers risk if they do not install the patches, he says. The Advanced Queuing technology in Oracle’s database has been linked to SQL injections in which malicious users gain elevated privileges and steal data such as credit card information, he says. Two vulnerabilities related to the Advanced Queuing database component were listed in Tuesday’s quarterly critical patch update. Source: http://www.networkworld.com/news/2008/041508-oracle-patches.html

Communications Sector

39. April 16, IDG News Service – (International) Sound the alarm, IPv6 execs say. The sky is falling on the number of global IP (Internet Protocol) addresses, and IPv6 (Internet Protocol version 6) is the solution, executives from major technology companies said Wednesday. The exhaustion of available IP addresses using IPv4 (IP version 4) brought out the alarmist side of many industry executives. “It’s a crisis – not a market-oriented event,” said the chairman of the Asia Pacific Network Information Centre, speaking at the Global IPv6 Summit in Beijing. “We have just three years until IPv4 addresses are depleted. These changes will come suddenly,” he said. The telecommunications industry is going through “a period of grief” over the end of IPv4, said the IPv6 technical leader for Cisco Systems. “Most people in the world are still in a state of denial” about upgrading to IPv6. “No one will ask for IPv6 until they run out of IPv4 addresses,” he said. IP addresses allow individual devices, including computers, laptops, and mobile handsets to connect to the Internet. Using the current IPv4 system, which offers a total of about 4.7 billion possible IP addresses, some countries, including China, will begin to run out of addresses they can allocate around 2010, according to estimates by the Internet Assigned Numbers Authority and the Internet Corporation for Assigned Names and Numbers. By switching to IPv6, the number of possible addresses increases by billions more. This would also allow a far greater number of devices to connect, allowing features like the Internet-based remote control of security cameras, and even turning on home appliances from one’s desktop at work. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/04/16/IPv6-execs-say-sound-the-alarm_1.html

40. April 15, Web Pro News – (National) Broadband penetration up 300% since 2002. Broadband penetration has increased more than 300 percent since 2002, according to a new analysis from Scarborough Research. In 2002, 12 percent of U.S. adults had a broadband connection in their household. Now, close to half (49 percent) have broadband. DSL connections have grown more than cable modems, but both have seen significant growth. Since 2002, cable modem penetration increased 188 percent and DSL connections increased 575 percent. San Francisco is the top local U.S. market for broadband penetration with 62 percent of adults living in a household that has a broadband Internet connection. Other cities with high levels of broadband penetration include Boston and San Diego, both with 61 percent penetration. Cities with high levels of broadband penetration are also in high Internet usage markets. Adults in San Francisco, Boston, and San Diego are more likely than the average person to have gone online in the past month, and they are also more likely to have spent ten or more hours online in the past week. Source: http://www.webpronews.com/topnews/2008/04/15/broadband-penetration-up-300-since-2002 41. April 15, RCR Wireless News – (National) Regulators pressured on text message rights. Public-interest groups reiterated their call for federal regulators to protect text messaging rights, framing the issue with far-reaching implication for free speech, disability access, and competition in the wireless industry. Public Knowledge and other organizations want the Federal Communications Commission (FCC) to rule that mobile-phone carriers cannot interfere with text messages, including those provided via short codes, based on content or source so long as such transmissions are legal. “The problem is real and current; carriers are discriminating against competitors and claiming the right to exert broad editorial control over text messages, especially those addressed to or from short codes,” said a Public Knowledge attorney. “As has been demonstrated with new communications media in the past, empowering consumers and ensuring the inability of the carriers to discriminate based on content is the best way to protect users both from unwanted communications and from the control of a small set of corporate interests.” The FCC has begun to receive a new round of public comments on the issue. Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20080415/FREE/500856120/1005/rss01