Thursday, June 26, 2008

Daily Report

• The LA Times reports that bacterial, viral, and parasitic infections are plaguing the U.S.’s poor. The Public Library of Science journal PLoS Neglected Tropical Diseases lists 24 “neglected infections of poverty.” (See item 23)

• The associate technical director of the Defense Intelligence Agency’s Missile & Space Intelligence Center warned in a recent presentation that terror groups could use lasers, radio frequency jammers, and even nuclear weapons to knock out U.S. satellites by the year 2020. (See item 38)

Banking and Finance Sector

11. June 23, Government Computer News – (International) Cybercrooks going after the euros. A supposed hacker is attempting to extort 10,000 euros from European Union banks in exchange for stolen credit card information on 48,000 accounts. According to the online security company SecureWorks, e-mails with the subject line “We can have a deal!” have been sent to banks in France, the Netherlands, Denmark, Belgium, and Norway, and an apparent copycat has targeted banks in the United Kingdom, Spain, and Germany. “And now I have two ways to do,” the blackmailer writes. One, he can post the information on the Web to the embarrassment of the bank. “However, I have the second way. We can have a deal if you transfer 10,000 EUR on my account.” In this case, he promises – no doubt sincerely – to destroy the data. The information described by the blackmailer is worth only about 1,000 euros on the underground market, and news of a successful extortion is likely to be more damaging to a bank than a breach would be. “We will almost certainly see this one jump the pond and target banks in the United States shortly,” the director of threat intelligence at SecureWorks said. Source: http://www.gcn.com/print/27_15/46493-1.html#

Information Technology

31. June 25, TechTree News – (National) Windows XP support extended until 2014. Microsoft has decided to offer technical support for Windows XP with updates and security patches until April 2014. However, it will not go back on its decision to discontinue Windows XP sales after June 30. This means that after June 30, Microsoft will stop distributing Windows XP as a stand-alone product, as well as stop licensing it to PC manufacturers like Dell, HP, Lenovo, and others. However, it doesn’t mean that XP will disappear overnight. Consumers may still find copies of the software or computers pre-loaded with it for months, as stores and PC makers typically work through their inventories. Microsoft’s move to extend the deadline for technical support is primarily influenced by large business customers, who haven’t yet upgraded their systems to Windows Vista. The companies have been reluctant to switch to Vista due to the costs and heavy system requirements involved. So, large business customers might just skip Vista and continue with XP until the release of Windows 7, which is scheduled for release in 2010. Source: http://www.techtree.com/India/News/Windows_XP_Support_Extended_until_2014/551-90615-580.html

32. June 24, Wired Blogs – (National) Net neutrality advocates call for fast, universal access to the Net. The United States’ anemic broadband penetration rate has led to the formation of a new lobbying group whose goal is to build the political will to bring a more determined, coherent approach to the problem. Many members of the group, including its chief non-profit organizing entity Free Press, have been allies in the fight to shape public opinion and build wide-spread support for the concept of net neutrality. “We’re going to create one of the largest coalitions ever assembled, which is going to demonstrate to policymakers that the will of the people is to create an internet system that has competition, access, and that fosters innovation,” said the Free Press’ executive director at a Tuesday press conference unveiling the initiative at The Personal Democracy Forum in New York City. The group wants better leadership from the White House on this issue, but is not advocating for any specific piece of legislation. Google’s involvement in the deal is significant. The company has expanded its Washington, D.C. lobbying group significantly in the past few years. Source: http://blog.wired.com/27bstroke6/2008/06/net-neutrality.html

33. June 24, CNET News – (National) Trojans exploit Mac OS X ARDAgent flaw. Building on the Trojan released last week, a group of hackers appear to be targeting the Mac OS X platform with more variations. Last Thursday, Mac antivirus vendors Intego and SecureMac reported a serious vulnerability within the Apple Remote Desktop Agent (ARDAgent). It is part of the remote-management component of Mac OS X 10.4 and 10.5, and is owned by root. Thus, the ARDAgent executable runs this malicious code as root without requiring a password. The Washington Post on Monday reported the presence of a hacker forum devoted to the development of Trojans around this vulnerability. The particular user forum at MacShadows.com has since been removed. The Post was nonetheless able to obtain screenshots from the forum before it was erased, and also a copy of the Mac Trojan template. Buried within the template was an e-mail from one of the Trojan’s authors, “Andrew.” Despite their existence, there is no evidence these Trojans are circulating widely on the Internet. Source: http://news.cnet.com/8301-10789_3-9976122-57.html

34. June 24, IDG News Service – (International) $1B market for meddling with DNS poses security problem. The interception of Internet traffic to snoop on phone calls or track surfers’ behavior is a hot topic, but members of Internet Corporation for Assigned Names and Numbers (ICANN)’s Security and Stability Advisory Committee (SSAC) are concerned about the interception of traffic to and from sites that don’t even exist. There are still a few possible domain names out there that have not been registered, and if you accidentally type one of them into your browser’s address bar, you ought to receive an error message from the DNS signaling that the domain does not exist. What happens to those error messages is of concern to SSAC’s members, who advise on the security and integrity of the domain name systems that ICANN coordinates. Some internet service providers and domain name registrars see the error messages as a missed opportunity to “help” their customers find the site they are looking for and to make a little money on the side. They do this by intercepting the error messages and modifying them to point to a web site that they control, typically carrying advertisements related to the domain name typed. “There’s a perceived $1 billion market for domain error resolution,” said ICANN’s senior security technologist. At the top of his list of reasons why ISPs and registrars should not be allowed to profit from people’s typing errors in this way is that they may open up security holes in users’ computers. For example, a security researcher demonstrated in April that he could exploit the error message redirection system used by ISP EarthLink to execute his own JavaScript. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9102778&taxonomyId=17&intsrc=kc_top

35. June 24, ComputerWorld – (International) Researcher slams Adobe for ‘epidemic’ of JavaScript bugs. Adobe Systems Inc. patched its free Reader and commercial Acrobat software late Monday to plug the latest in what one researcher called an “epidemic” of JavaScript vulnerabilities in the popular programs this year. Both the Windows and Mac editions of the Adobe software require patches. Adobe last patched JavaScript bugs in Reader and Acrobat in February, although other fixes were issued in early 2007. In February, Adobe updated both programs to Version 8.1.2 by patching nearly 30 problems. At the time, the company was criticized for not providing more information about exactly what was fixed. Days later, reports surfaced that some of the JavaScript bugs patched this year had been exploited by hackers for several weeks and had infected thousands of users. According to Adobe, Versions 8.0 through 8.1.2 of both Reader and Acrobat should be patched; Reader and Acrobat 7.1.0, which were released in February, do not contain the bug and therefore do not need to be updated. Users still relying on Version 7.0.9 or earlier, however, should update to 7.1.0, urged Adobe. Reader 9 and Acrobat 9, which are expected to launch next month, are not vulnerable.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9102878&taxonomyId=17&intsrc=kc_top

36. June 24, ComputerWorld – (International) Microsoft, HP ship free tools to protect Web sites from hackers. Microsoft Corp. and Hewlett-Packard Co. on Tuesday unveiled free tools to help Web developers and site administrators defend against the rapidly growing number of SQL injection attacks that aim to hijack legitimate sites. The move is in response to a major upswing during the first six months of 2008 in the number of attacks targeting legitimate sites. Most of the hacks have used SQL injection attacks, and have compromised significant sites including ones operated by government agencies, the United Nations, and major corporations. In a report issued the same day, Finnish security company, F-Secure, estimated the number of pages hacked by SQL injection attacks so far this year at between two and three million. Previously, Microsoft denied that its software was vulnerable to attack or otherwise responsible for the flood of hacked sites. Instead, the company told developers and administrators to follow the company’s guidelines to protect their sites from attack. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9103138&taxonomyId=17&intsrc=kc_top

Communications Sector

37. June 25, Forbes – (National) Calling during disasters. Corporations and some government agencies have used wireless technologies to make their labor more mobile for years. But when a disaster can make the infrastructure supporting wireless literally vanish, disaster relief specialists need more than a just a conventional cell phone or BlackBerry. Now commercial technology that can set up a global communications network in under an hour is emerging. These technologies can support devices like personal digital assistants (PDAs) and cell phones in places where infrastructure breaks down. With a little help from satellites, wireless is saving lives. Recent disasters have offered a unique testing ground for burgeoning wireless technology. Events from Hurricane Katrina to California wildfires have illustrated the need for a diverse communications infrastructure with various technologies playing key roles. When using wireless networks to communicate through a disaster, the scope of communications infrastructure is especially important, says the president of Kingsbridge Systems, a disaster-planning consulting company. Communications networks are fairly robust and can withstand some pretty remarkable devastation. When the Twin Towers collapsed, they knocked out cables and cell towers attached to the buildings, disrupting Internet and cell service all over New York City. But that disruption turned out to be only temporary; fail-safes, or backup networks, quickly jumped into place, allowing people to keep in contact with relatives and loved ones. In past years, the military has turned to costly satellite-and-radio combinations to keep up communications in remote places. Now some of the companies that catered to the military in the past are making low-cost versions of the technology available to the private sector. Source: http://www.forbes.com/home/2008/06/24/wireless-disaster-relief-tech-wireless08-cx_ae_0625disaster.html

38. June 25, Wired Blogs – (National) Pentagon spy: Terrorists ready to launch satellite strikes by 2020. The associate technical director of the Defense Intelligence Agency’s Missile & Space Intelligence Center warned in a recent presentation that terror groups could use lasers, radio frequency jammers, and even nuclear weapons to knock out U.S. satellites by the year 2020. Countries like China might launch anti-satellite [ASAT] ballistic missiles – or position weapons in orbit. These states might be “hesitant,” at first, to start blasting American orbiters, he observes, “but [would] probably be willing under appropriate conditions” to attack. His presentation, “Threats to Space Capabilities,” was delivered earlier this month to the Space Security & Defense Conference. In it, he observes that advanced countries already “have the technical basis to develop” an ASAT arsenal. He also notes that “rogue nation/terrorist[s]” can use jammers to interfere with satellite transmission. Source: http://blog.wired.com/defense/2008/06/the-defense-int.html

39. June 24, CNet News – (National) T-Mobile’s home phone service goes nationwide. T-Mobile USA plans to announce Wednesday that its new @Home voice service will be available nationwide starting July 2. The cell phone operator has been testing the new Internet telephony service since February in Dallas and Seattle. And now the new service, which is meant to replace traditional home phones, will be offered to any T-Mobile cell phone customer. Subscribers will be able to connect any regular home telephone to a T-Mobile router that will send calls over the Internet much the same way as services like Vonage operate. The service costs $10 a month plus taxes and fees for unlimited domestic local and long-distance calls. Source: http://news.cnet.com/8301-10784_3-9976679-7.html

No comments: