Thursday, May 22, 2008

Daily Report

• According to the Washington Post, a GAO report released Wednesday found that the Tennessee Valley Authority is vulnerable to cyber attacks that could sabotage critical systems that provide electricity to more than 8.7 million people. This is due to the TVA’s Internet-connected corporate network being linked with systems used to control power production. (See item 2)

• KGO 7 San Jose reports that the Communication Workers Union will allow their workers to honor the picket lines of janitors protesting high tech Bay Area companies, potentially delaying the installation and repair of data telephone and fiber optic lines. (See item 39)

Information Technology

36. May 21, Register – (International) Mass SQL injection hits English language websites. Thousands of websites in China have been booby trapped with code written to download Trojan software onto visitors who run vulnerable Windows PCs. Unlike earlier rounds of SQL injection attacks the latest assaults mostly target English language sites (predominantly sites hosted in China but with a .com suffix) and purposefully avoid Chinese government sites, according to net security firm ScanSafe. The latest attacks inject an iFrame onto compromised sites that loads malicious scripts from qiqigm.com, a domain registered on 16 May. These scripts include the text “silent love china” in an apparent greeting to other Chinese hackers. The malicious code exploits well-known RealPlayer and Internet Explorer vulnerabilities to install a password-stealing Trojan that hides its presence on Windows PCs. More than 7,000 sites have been compromised in this way, reports ScanSafe’s senior security researcher. English language Hong Kong stock brokerage kgieworld.com and Kodak camera reviews at digitalcamerareview.com are among the sites hit by the drive-by download attack. The attacks are the latest in a wave of SQL injection attacks against websites that began this month. More than one group, using different sets of tools to inject attack code, is involved, according to F-Secure. The net security firm Trend Micro says two exploits used in the latest SQL injection attacks are related to Chinese-language software, suggesting miscreants are specifically targeting the Chinese speaking world. Source: http://www.theregister.co.uk/2008/05/21/china_sql_injection_attack/

37. May 20, Agence France-Presse – (International) IT chiefs warn of cyber-terrorism threat. The threat of cyber-terrorism is growing and most countries are vulnerable to attacks that can shut down critical infrastructure, global experts told a conference here Tuesday. “The hard reality is that (information technology) has become a tool for cybercrime and cyberterrorism,” said a representative from the United Nations’ International Telecommunications Union. “Cybersecurity must be the cornerstone of every aspect of keeping ourselves, our countries and our world safe,” he told the conference, which the Malaysian hosts are billing as the first on cyber-terrorism and security. The U.N. official dismissed as a dangerous myth the idea that events in the virtual world have only a limited impact on the physical world, saying that technology has “changed the dynamics of terrorism.” Small groups or even individuals are capable of gaining control of millions of computers, “which can be used, for instance, to launch denial-of-service attacks on a nation’s critical infrastructure,” he said. Malaysia said it was launching a global center to combat cyber-terrorism which will provide emergency response to high-tech attacks on economies and trading systems worldwide. The center, which is expected to be built by the end of the year at the nation’s IT hub of Cyberjaya, south of Kuala Lumpur, will be funded by governments and the private sector. Source: http://news.yahoo.com/s/afp/20080520/tc_afp/malaysiaattacksinternet

38. May 20, Computerworld – (National) Phishers point scam at Apple’s iTunes. Phishers have targeted users of Apple Inc.’s iTunes music store with sophisticated identity theft attacks for the first time, a security company said today. People began receiving spam messages yesterday telling them that they must correct a problem with their iTunes account, said an executive at e-mail security vendor Proofpoint Inc. A link in the spam leads to a site posing as an iTunes billing update page, which asks for information, including credit card number and security code, Social Security number and mother’s maiden name. The theft attempt is a new twist on the usual phishing attack, he said. “We’ve gotten used to seeing the usual companies and brands attacked,” he said, “like PayPal, eBay and Citibank. But we’ve never seen Apple as the target.” He also speculated that the identity thieves aimed the new attack at iTunes users because of the service’s perceived demographics. “I wonder if the bad guys are thinking that [iTunes users] are younger than those for some of the other phished sites, like banks and eBay,” he said. “The way that teenagers and young adults use the Internet, they show a certain level of trust or openness when they post their name and age and school on MySpace.” Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9087358&source=rss_news10

Communications Sector

39. May 20, KGO 7 San Jose – (California) Janitors picket Silicon Valley companies. Thousands of janitors working at the biggest Silicon Valley companies began picketing some of the signature buildings in the Silicon Valley and the Bay Area Tuesday, demanding that the tech leaders help the janitors make a livable wage. An estimated 6,000 union workers voted to strike after rejecting the latest offer from their companies. Janitors were said to be walking out of Hewlet Packard and Oracle buildings. There were no new negotiations as of Tuesday, and Teamsters refused to cross the lines in order to pick up the trash at Cisco. On Saturday, more than 6,000 members of the Service Employee International Union voted to walk out of bio tech and high tech buildings all over the Bay Area. The dispute is over health care co-payment increases and a raise. The strike began Tuesday at Yahoo and Cisco is expected to spread throughout the Bay Area. Cisco representatives issued a statement: “Please note that this is a contract dispute between a third-party service provider and its employees. This is not a dispute between Cisco and its employees.” The Communication Workers Union said they will allow their workers honor the picket lines, potentially delaying the installation and repair of data telephone and fiber optic lines until the dispute is resolved. Source: http://abclocal.go.com/kgo/story?section=news/local&id=6153583

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)