Department of Homeland Security Daily Open Source Infrastructure Report

Friday, August 29, 2008

Complete DHS Daily Report for August 29, 2008

Daily Report

Headlines

 According to Communications News, business travelers are losing more than 12,000 laptops per week at U.S. airports; only one-third of those are reclaimed. A study by the Ponemon Institute said that workforce mobility is putting companies at risk of having a data breach if a laptop containing sensitive information is lost or stolen. (See item 11)

See details below in Banking and Finance Sector.


 The Associated Press reports that New Orleans drew up evacuation plans as forecasters warned that Gustav could strengthen and slam into the Gulf Coast as a major hurricane. Since Katrina, the U.S. Army Corps of Engineers has spent billions of dollars to improve the levee system, but because of two quiet hurricane seasons, the flood walls have never been tested. (See item 38)

38. August 28, Associated Press – (Louisiana) Officials may evacuate New Orleans as Gustav nears. With forecasters warning that Gustav could strengthen and slam into the Gulf Coast as a major hurricane, a New Orleans still recovering from Hurricane Katrina’s devastating hit drew up evacuation plans. Since Katrina, the U.S. Army Corps of Engineers has spent billions of dollars to improve the levee system, but because of two quiet hurricane seasons, the flood walls have never been tested. Floodgates have been installed on drainage canals to stop any storm surge from entering the city, and levees have been raised and in many places strengthened with concrete. The regional levee director said the levee system can handle a storm with the likelihood of occurring every 30 years, what the Corps calls a 30-year storm. By comparison, Katrina was a 396-year storm. Scientists cautioned that the storm’s track and intensity were difficult to predict several days in advance. But in New Orleans, there was little else to do except prepare as if it were Katrina. Source: http://ap.google.com/article/ALeqM5gpauoVAbn-X0yxQd1J28sBl0cw2AD92R75HO0



Details

Banking and Finance Sector


10. August 28, Agence France-Presse – (International) Taiwan cracks major hacking ring, data on president stolen. Police in Taiwan have arrested six people suspected of stealing personal data from state firms, including information about the island’s current and former presidents, officials said Wednesday. An official at Taiwan’s Criminal Investigation Bureau said the hackers had tapped into data held by government agencies, state-run firms, telecom companies and a television shopping network. He called it the biggest hacking operation of its kind in Taiwan. The suspects are believed to have stolen more than 50 million records of personal data, including information about Taiwan’s president, his predecessor, and the police chief, the official said. They then offered to sell the information for 300 Taiwan dollars (10 US) per entry, he said. The hackers, based in Taiwan and China, also swindled victims out of millions of Taiwan dollars through their online bank accounts, he said. Source: http://digital.asiaone.com/Digital/News/Story/A1Story20080828-84676.html


11. August 28, Communications News – (National) The case of the 12,000 lost laptops. Business travelers are losing more than 12,000 laptops per week at U.S. airports. Only one-third of those are reclaimed, according to a study by the Ponemon Institute, sponsored by Dell. At the same time, more than 53 percent of polled business travelers say their laptops contain confidential or sensitive information, and 65 percent of these travelers admit they do not take steps to protect or secure the information contained on their laptop. Companies are dependent on a mobile workforce with access to information no matter where they travel. This mobility, however, is putting companies at risk of having a data breach if a laptop containing sensitive information is lost or stolen. To gather more information about this concern, the Ponemon Institute conducted field research at 106 major airports in 46 states and surveyed 864 business travelers in an airport environment. The airports with the highest number of lost, missing or stolen laptops include: Los Angeles International, Miami International, Kennedy International and Chicago O’Hare. While Adanta’s Hartsfield- Jackson International is the busiest airport in the United States, it is tied for eighth place (with Washington’s Reagan National) for lost, stolen or missing laptop computers. According to the study, the types of company information contained on business travelers’ laptop computers include customer or consumer data (47 percent), business confidential information (46 percent), intellectual property such as software code, drawings or renderings (14 percent), and employee records (13 percent). The average business cost when confidential personal information is lost or stolen is $197 per record, says the Ponemon Institute. Even one missing laptop, however, can become a serious problem for any organization. Source: http://www.redorbit.com/news/business/1535862/the_case_of_the_12000_lost_laptops/


Information Technology


32. August 28, DB Techno – (National) Computer virus hits ISS, should NASA worry? It was confirmed yesterday by National Aeronautics and Space Administration (NASA) that they discovered a computer virus that has the ability to steal passwords on a laptop that is aboard the International Space Station (ISS). The virus was first discovered by Symantec back on August 27, 2008, with the virus being called W32.Gammima.AG. It impacts systems running Windows 2000, 95, 98, Me, NT, XP, and Windows Server 2003. At this point though, it does not seem that there is much of a threat to NASA directly from the virus. The report states that the virus is very easy to contain and remove, and can cause minimal damage. Source: http://www.dbtechno.com/space/2008/08/28/computer-virus-hits-iss-should-nasa-worry/


33. August 28, PC Advisor – (National) Hackers resort to ‘sick’ kidnap spam. Hackers are claiming they have kidnapped children in a bid to infect PCs with a Trojan Horse virus, said security firm Sophos. The security firm is warning users that emails entitled ‘We have hijacked your baby’ are being sent to Web users around the globe. As well as asking for a US$50,000 ransom for the ‘release’ of the child, the messages also contain an attachment supposed to be a photograph of the child. Instead the file actually contains a deadly Trojan Horse that will steal personal information. Source: http://www.pcworld.idg.com.au/index.php/id;1663778139


34. August 27, ComputerWorld – (National) Terror threat system crippled by technical flaws, says Congress. A U.S. House subcommittee is charging that a $500 million IT project intended to “connect the dots” on terrorists and help prevent another 9/11 is a failure; it can’t even handle basic Boolean search terms, such as “and,” “or” and “not.” Allegations of waste and mismanagement were outlined in a staff memo and letter from the Subcommittee on Investigations and Oversight, which is part of the Committee on Science and Technology. The material was released last week in what is a usually a quiet month for Congress during its August recess. The bulk of the subcommittee’s charges come from a memo prepared by subcommittee staff about a data integration project called Railhead, which is intended to help intelligence and law enforcement agencies uncover terrorist plots. Railhead, due to be ready by year’s end, was supposed to combine and upgrade existing databases called Terrorist Identities Datamart Environment and improve terrorism-fighting capabilities. But the project is in such bad shape -- suffering from delays and cost overruns – that Subcommittee Chairman said: “There may be current efforts under way to close down Railhead completely.” Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113658&intsrc=hm_list


Communications Sector


35. August 27, ComputerWorld – (National) Apple forgets to fix iPhone passcode bug. An iPhone bug that Apple Inc. patched last January to stop unauthorized users from bypassing the password-protected locking feature has resurfaced in newer versions of the phone’s software. The bug also affects the iPod touch. First reported yesterday by a user identified as “greenmymac” on the MacRumors forum, the flaw lets anyone sidestep passcode locking by simply tapping “Emergency Call” on the password-entry screen, then double-tapping the Home button. That leads to the iPhone’s Favorites, a list of frequently-called contacts, and their contact information, including phone numbers and addresses. If any of the contacts have e-mail or Web addresses associated with them, the trick also allows access to the iPhone’s e-mail application and Safari browser, respectively. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113646&intsrc=hm_list


36. August 27, Providence Business News – (Rhode Island) Verizon launches FiOS in Glocester, Smithfield. Verizon Communications Inc. Wednesday began offering its FiOS fiber-optic television service in Glocester and Smithfield, Rhode Island. Verizon’s local spokesman told Providence Business News the company expects to have the fiber-optic network built out to reach 85 percent of Rhode Island customers by the end of the year. The Rhode Island Public Utilities Commission has granted Verizon approval to offer FiOS service in 29 of the state’s 39 communities; the most recent approval was for state Cable Service Area 1, which includes Glocester and Smithfield. The television and Internet service is now available in 16 cities and towns across the Ocean State, the spokesman said, and the company expects it will be offered in four more municipalities by the end of the year: Cumberland, Lincoln, Central Falls, and Pawtucket. The other nine communities for which the company already has approval should gain access to the actual FiOS service in 2009, he said. Source: http://www.pbn.com/stories/34747.html


37. August 27, Media Daily News – (National) FCC may still require HD access to satellite radios. Reviving an issue that earlier appeared to be settled, the Federal Communications Commission (FCC) may still require the merged Sirius-XM satellite radio broadcaster to include hardware that makes their radios compatible with HD terrestrial radio broadcasts. In a Notice of Inquiry, the FCC is inviting comment from the public and companies that may be affected, including manufacturers of satellite radios. The news comes just a few weeks after the FCC voted along party lines to allow the satellite radio merger to proceed. To get approval, Sirius and XM had to agree to a number of conditions, including leasing eight percent of the satellite spectrum to minority and public broadcasters and a three-year price cap on subscriptions. The 3-to-2 FCC vote made no mention of the HD radio requirement, which had been discussed but not included in the list of conditions presented to the satellite radio broadcasters. Source: http://www.mediapost.com/publications/?fa=Articles.showArticleHomePage&art_aid=89370

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, August 28, 2008

Complete DHS Daily Report for August 28, 2008

Daily Report

Headlines

 The Rutland Herald reports that about a dozen workers in the reactor building at the Vermont Yankee nuclear plant in Vermont were evacuated Tuesday because of a doubling of radiation levels in a portion of the plant. Entergy officials said the higher radiation levels were the result of human error in changing a filter in the reactor’s cooling system. (See item 10)

10. August 27, Rutland Herald – (Vermont) Yankee workers evacuated. About a dozen workers in the reactor building at the Vermont Yankee nuclear plant were evacuated Tuesday around noon because of a doubling of radiation levels in a portion of the plant, Entergy officials said late Tuesday. The higher radiation levels were the result of human error, they said, in changing a filter in the reactor’s cooling system. There were no radioactive releases to the environment and the problem did not affect the operation of the plant nor its power production, according to a spokesman for Entergy Nuclear. He said the worker failed to clean all the water off a demineralization filter, and the extra water in the reactor’s cooling system created additional nitrogen, which became radioactive. He said the nitrogen gas decayed to “negligible levels” within seconds. The workers were kept out of the reactor building for about two hours. He said the problem was under investigation. He said Entergy Nuclear notified the U.S. Nuclear Regulatory Commission and the Vermont Department of Emergency Management as a courtesy. He said that control room operators noticed the doubling of radiation levels in the main steam line in the reactor building. Entergy Nuclear notified the public about the problem shortly before 5 p.m. Source: http://www.rutlandherald.com/apps/pbcs.dll/article?AID=/20080827/NEWS02/808270353/1003/NEWS02


 According to the Associated Press, an electronic communication failure at a Federal Aviation Administration facility in Hampton, Georgia, caused mass flight delays around the country. (See item 18)

18. August 27, Associated Press – (National) FAA says communication breakdown delayed flights. Mass flight delays caused by an electronic communication failure at a Federal Aviation Administration facility drew new criticism. The Northeast was hardest hit by the delays prompted Tuesday by a glitch at a Hampton, Georgia, facility that processes flight plans for the eastern half of the U.S. By early evening, the FAA said that the situation around the country was returning to normal, with delays remaining in Atlanta and Chicago. At one point, an FAA Web site that tracks airport status showed delays at some three dozen major airports across the country. An FAA spokeswoman said there were no safety issues and officials were still able to speak to pilots on planes on the ground and in the air. She said she did not know exactly how many flights were affected, but she said it was in the hundreds. The FAA did not expect to have total figures until Wednesday. She said that in a 24-hour period the FAA processes more than 300,000 flight plans in the U.S. The official said the problem that occurred Tuesday afternoon involved a failure in a communication link that transmits flight plan data from the Georgia facility to a similar facility in Salt Lake City. As a result, the Salt Lake City facility had to process those flight plans, causing delays in planes taking off. She said the delays were primarily affecting departing flights. The official added that there was an unrelated hardware problem at the Hampton facility on Aug. 21 that resulted in issues processing flight plans. The FAA says on its Web site that a glitch that day involving the Hampton facility delayed the departure of at least 134 flights. Source: http://ap.google.com/article/ALeqM5jRgDahJp29m0syjpH485FiJuXktwD92QGASO0


Details

Banking and Finance Sector


14. August 27, National Mortgage News – (Minnesota) Final defendant in First Rate Mortgage scheme sentenced. The last defendant involved in a fraudulent mortgage brokering business known as First Rate Mortgage Group that resulted in a loss to area banks of more than $2.3 million was sentenced in Federal Court, according to the U.S. attorney’s office for the District of Minnesota. All six defendants pleaded guilty last fall to one count of conspiracy to commit mail fraud and bank fraud. They admitted that between 2000 and August 2004 they conspired to use the U.S. Mail to execute a scheme to defraud financial institutions and private mortgage lenders of funds. Specifically, through their business, First Rate Mortgage Group, they represented that, for a fee, they could help people obtain financing for the purchase of real estate. In furtherance of their scheme, they mailed false and fraudulent loan applications to banks and mortgage lending companies, which concealed that First Rate Mortgage had loaned the money for the downpayment to the borrower. The applications also inflated the borrower’s income and assets, falsely described the borrower’s employment, contained forged signatures and attached false documents, including pay stubs, gift letters, bank statements and bank notes. In January 2004, the six defendants caused false loan applications to be submitted to Washington Mutual Bank in the amount of $1.33 million and Associated Bank in the amount of $378,555 on behalf of a borrower purchasing property in Wayzata, Minnesota. The applications falsely stated the source of the downpayment, which had been loaned by the conspirators, and included other falsified information. This case is the result of an investigation by the FBI and the U.S. Postal Inspection Service. Source: http://www.nationalmortgagenews.com/fraud/stories/?storyid=20080820a.htm


15. August 26, Associated Press – (International) Banking customers’ personal details sold on eBay. A computer containing banking security details of more than one million people has been sold on eBay, bank officials said Tuesday - the latest in a series of losses of personal data in the U.K. The Royal Bank of Scotland acknowledged that a machine belonging to archiving company Graphic Data and sold “inappropriately to a third party” had information on credit card applications from some RBS customers and data from other banks. The computer contained account numbers, passwords, mobile telephone numbers and signatures. Source: http://www.forbes.com/feeds/ap/2008/08/26/ap5360026.html


16. August 26, All Headlines News – (National) Data breach incidents at an all-time high in the U.S. From January until August this year, 449 American businesses, government agencies and schools reported consumer data loss, according to the Identity Theft Resource Center. In contrast, 446 data breaches were recorded by the center for 2007 covering 127 million consumer records. The bulk of the record breach incidents were traced to retail chain TJX, which runs T.J. Maxx outlets. The District of Columbia and 44 states have legislation requiring companies that were victims of data loss to inform their affected clients. But only Maryland, New Hampshire and Wisconsin regularly publish data breach cases in their states online, Foley said. The center said 13 percent of the data breach is done by hacking, 15.6 percent to information theft done by company employees, 21 percent to lost laptops and other digital gadgets, 14 percent accidental publishing of sensitive consumer information and 11 percent breaches done by subcontractors. Source: http://www.allheadlinenews.com/articles/7012070780


17. August 26, Associated Press – (California; National) Citi pays $18M for questioned credit card practice. Citigroup Inc. will pay nearly $18 million in refunds and settlement charges for taking $14 million from customers’ credit card accounts, California’s attorney general said Tuesday. Citigroup will make refunds to the 53,000 customers affected, and pay $3.5 million in damages and civil penalties to the state of California, which had been investigating the questionable practices for three years, the attorney general said. The bank will also pay 10 percent interest to California customers, who accounted for $1.6 million of the money “swept” out of accounts and into a Citi fund between 1992 and 2003. Citigroup’s “account sweeping program” automatically removed positive balances from customers’ credit card accounts, an attorney general said. For instance, if a customer double-paid a bill by mistake or refunded a purchase for credit, that positive balance was then taken from the customer without notification, he said. Citigroup, however, said in a statement that it voluntarily stopped the computerized “sweeping” practice in 2003, and that it also voluntarily began refunding customers before the settlement. Source: http://ap.google.com/article/ALeqM5im7vDRMYCHb80J8mbj_wexTdskBAD92Q6F503


Information Technology


41. August 27, VNUNet – (National) Malware rockets again. Last month saw more web-based malware blocked than the whole of 2007, an increase of a third, according to security as a service vendor ScanSafe. The firm’s latest Global Threat Report for July found an increase of 87 percent in web-based malware blocks from June to July, mainly caused by the increasing use of SQL injection attacks. July also saw a surge in social engineering-based email attacks, where users are tricked into installing backdoor Trojans and other malware on their PCs. According to ScanSafe, 95 percent of its customers tried to click on links to malicious sites in these emails. Source: http://www.vnunet.com/vnunet/news/2224747/malware-rockets-again


42. August 26, SPAMfighter – (National) Three botnets yield 75% spam in H1 2008, says Marshal. The Threat Research and Content Engineering (TRACE) report by Marshal for H1 2008 revealed that three botnets accounted for 75 percent of spam in the January-June 2008 review period. All the three botnets produced billions of messages every hour through zombie computers. The analysis further revealed that cyber criminals are employing blended attacks to send malware and links to hacked Websites through e-mails on a massive scale. Un-patched browsers are making more than 45 percent of users vulnerable to attacks by exposing their personal details when they visit the legitimate site loaded with malicious code, said Marshal. Marshal said the volume spam doubled in the first six months of 2008. Srizbi botnet, the most productive offender during review period, sent more than 7.80 billion spam messages every hour. Srizbi is the world’s largest botnet controlling over 315,000 compromised machines and sending more than 50 percent of the total spam mails, followed by Mega-D and Rustock each accounting for 14 percent. Marshal further said that 90 percent of spam originated from a mere seven botnets, pointing to millions of computer infected with Trojan worldwide Source: http://www.spamfighter.com/News-10838-Three-Botnets-Yield-75-Spam-in-H1-2008-Says-Marshal.htm


Communications Sector


43. August 26, Monterey County Herald – (California) Broken cable hits cell phone service. A broken fiber-optic cable in the San Jose area disrupted Verizon cell phone service from Eureka to Santa Barbara, a company spokeswoman said Tuesday afternoon. She said crews are working to repair the line owned by Qwest Communications that was cut about 2 p.m., adding that other communications companies may be affected. Verizon cell phone users may experience call failure, poor call quality, or be unable to access features such as voice mail, depending on the cell phone towers in their area, she said. Disruptions occurred in Monterey, San Jose, San Luis Obispo, Santa Barbara, Chico, Redding, Yreka, and Eureka. Source: http://www.montereyherald.com/breaking/ci_10308867

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, August 27, 2008

Complete DHS Daily Report for August 27, 2008

Daily Report

Headlines

 According to the Associated Press, industry data released Monday shows that incidents of mortgage fraud jumped 42 percent nationwide. The report is based on data about loans that were originated in the first quarter of this year. (See item 16)

See details below in Banking and Finance Sector.

 The New York Times reports that eight states and Puerto Rico will no longer get money for an advanced HIV tracking system because funds are limited and those states did not meet competitive requirements. (See item 29)

29. August 24, New York Times – (National) HIV/AIDS testing jurisdictions reduced; 8 states lose funding. It was only two weeks ago that a revised HIV/AIDS tracking system indicated the annual HIV rate in the United States was about 40 percent higher than annual estimates had been giving for years. Now, the New York Times has reported that eight states and Puerto Rico will no longer get money for an advanced HIV tracking system because funds are limited and those states did not meet competitive requirements. The country had been divided into 34 HIV tracking jurisdictions, the Times reported, but now there will be 25. Those jurisdictions no longer getting financing are Georgia, Illinois, Maryland, Missouri, Ohio, Oklahoma, Pennsylvania, Tennessee, and Puerto Rico, the newspaper said. Source: http://www.washingtonpost.com/wp-dyn/content/article/2008/08/24/AR2008082400535.html

Details

Banking and Finance Sector


14. August 26, Bloomberg – (National) Merrill, Wachovia hit with record refinancing bill. Banks, securities firms and lenders have a record $871 billion of bonds maturing through 2009, according to JPMorgan Chase & Co., just as yields are at their most punitive compared with Treasuries. The increase in yields may cost them as much as $23 billion more in annual interest versus a year ago based on Merrill Lynch index data. Higher refinancing expenses will restrict the ability of banks to borrow in the capital markets and lend, further cutting off credit to consumers and businesses and curbing what is already the slowest growing economy since 2001. Standard & Poor’s said last week that it had a “negative” outlook on almost half of the 50 highest-rated financial institutions in the U.S. as of June 30, the highest proportion in 15 years. The Federal Reserve’s quarterly lending survey released August 11 said that more banks tightened credit for consumers and business borrowers. Interest-rate derivatives imply that banks are even becoming hesitant to lend to each other amid the flood of maturing debt. They are charging each other a premium of 78 basis points over what traders predict the Fed’s daily effective federal funds rate will average over the next three months. That is up from 24 basis points in January, and may widen to 85 basis points, or 0.85 percentage point, by mid-December, approaching the record levels set last year, prices in the forwards market show. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=a7snTaUmiwnw&refer=home


15. August 25, Empire State News – (New York) Foreign currency broker sentenced in scheme to rig trades. A foreign currency broker originally from Staten Island has been sentenced to four years supervised release before a Federal District Court in Manhattan Federal Court. The sentence follows his guilty plea to a conspiracy to commit wire fraud, bank fraud, money laundering and federal tax evasion. The suspect was arrested in November 2003 in connection with Operation Wooden Nickel, a large scale undercover investigation of criminal activity in the foreign currency or “forex” markets. As part of the sentence, he was ordered to pay $400,001 in restitution to UBS and $24,000 to Societe Generale and to forfeit $5.2 million dollars to the government. During the late 1990’s, the culprit worked at Tullett and Tokyo Forex, Inc., a firm that offered brokerage services in the interbank spot foreign currency market. In his scheme, he used his contacts with bank traders in large institutions and provided rigged foreign currency trades to co-conspirators in return for cash kickbacks. Source: http://www.empirestatenews.net/News/20080826-6.html


16. August 25, Associated Press – (National) Florida tops 1Q mortgage fraud list. Reported incidents of mortgage fraud jumped 42 percent nationwide, with Florida reporting the highest number of cases, according to industry data released Monday. Properties in Florida accounted for nearly a quarter of all mortgage fraud incidents, the Mortgage Asset Research Institute (MARI) said. California ranked second, followed by a three-way tie for third among Illinois, Maryland and Michigan. The report is based on data submitted by MARI subscribers about loans that were originated in the first quarter of this year and have since been classified as fraudulent. The most common mortgage fraud cases included misrepresenting income, employment history, and debt and assets. Maryland, for example, had an unusually high percentage (69 percent) of its cases involved tax return and financial statement misrepresentation. Mortgage fraud has represented about $1 billion in losses over the past decade, the Mortgage Bankers Association said. Source: http://ap.google.com/article/ALeqM5j-14h6zFmTnryUbOyy9zHpSRzpUAD92PHRIO0


17. August 25, Reuters – (International) Abu Dhabi bank sues in U.S. over risky investments. Abu Dhabi Commercial Bank of the United Arab Emirates bank sued Morgan Stanley, the Bank of New York Mellon Corp and ratings agencies Moody’s and S&P on Monday, accusing them of fraud in operating a fund that collapsed in the U.S. credit crisis. The lawsuit filed in U.S. district court in Manhattan said a complex deal known as the Cheyne Structured Investment Vehicle (SIV) was marketed by the defendants as highly rated and reliable, but they had hidden the risks. “Defendants knew the assets purchased and held by the SIV were risky and of poor quality. They further

knew the models used to generate the high rates were flawed,” the lawsuit said. SIVs, which once held some $350 billion in assets, have played a major role in the U.S. credit crisis, after proving unable to refinance their short-term debts. A series of SIVs are now selling off bank debt and assets such as asset-backed securities to try to pay back investors, a move that many see as further pressuring credit markets. A deal was announced last month to restructure Cheyne, which at receivership was a $7 billion fund. Many investors who elected to stay in the restructured fund now have assets worth less than one-half of their former value, and the Abu Dhabi Commercial Bank’s investment is worth zero now, the complaint said. SIVs used short-term funding, such as asset-backed commercial paper, to buy longer-term assets such as bank debt and asset-backed securities. The bank brought the action on behalf of all investors who bought investment grade Mezzanine Capital Notes issued by Cheyne Finance PLC and its wholly owned subsidiary Cheyne Finance Capital Notes from October 2004 to October 2007. Source: http://www.reuters.com/article/marketsNews/idUSN2544108520080825

Information Technology


35. August 26, ComputerWeekly – (International) Brazilian charged for leasing out PC botnet to attackers. Brazilian authorities have charged a man for allegedly selling access to a 100,000-PC botnet of zombie computers. These zombie PCs were used to send spam, launch distributed denial-of-service attacks, or commit identity theft. The man now faces up to five years in prison and a fine of more than $250,000. Source: http://www.computerweekly.com/Articles/2008/08/26/231977/brazilian-charged-for-leasing-out-pc-botnet-to-attackers.htm


36. August 26, Philippines Inquirer – (International) IBM warns ‘zero-day’ hacker exploits growing. Hackers are exploiting users’ inability to comply promptly against announced vulnerabilities, according to an IBM security report. Ironically, IBM said security advisories seem to worsen the problem. According to IBM’s X-Force midyear report, more than 90 percent of browser-related exploits detected during the first six months of this year have occurred within 24 hours after these vulnerabilities were disclosed. More significantly, IBM noted hackers are adopting new techniques and strategies in order to better exploit “zero-day” vulnerabilities, or simply before users are even aware they need to install patches or updates. Also, “exploit codes” being made public further compromise IT systems. The practice of disclosing exploit code along with a security advisory has been the accepted practice for many security researchers, the report said. In the first six months of 2008, nearly 80 percent of Web browser exploits are targeted browser plug-ins, the report also said Source: http://technology.inquirer.net/infotech/infotech/view/20080826-156948/IBM-warns-zero-day-hacker-exploits-growing


37. August 25, Computerworld – (National) Novell’s iPrint open to attack, say researchers. Attackers can exploit bugs in Novell Inc.’s iPrint application to obtain corporate information or hijack computers, security experts said. Novell has issued a patch that plugs multiple holes in the ActiveX control that Novell ships as part of its iPrint product, but according to Copenhagen-based bug tracker Secunia APS, one of the flaws remains unfixed. Secunia, which reported the bugs to Novell, counted at least eight vulnerabilities in the ActiveX control included with the Windows Vista version of the iPrint client, as well as several other flaws in another Windows Vista iPrint component. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9113385&taxonomyId=17&intsrc=kc_top


38. August 25, Computerworld – (National) Microsoft adds privacy tools to IE8. On Monday, Microsoft Corp. spelled out new privacy tools in Internet Explorer 8 (IE8). The most intriguing tool was dubbed “InPrivate Browsing” by Microsoft. When enabled, IE8

will not save browsing and searching history, cookies, form data, and passwords; it also will automatically clear the browser cache at the end of the session. Other new tools will include “InPrivate Blocking” and “InPrivate Subscription,” which notifies users of third-party content that can track browsing history and subscribe to lists of sites to block, respectively. Microsoft will also tweak its existing “Delete Browsing History” by adding an option to preserve bookmarked sites’ cookies even when all others are erased. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9113419&taxonomyId=17&intsrc=kc_top


Communications Sector


39. August 26, VNUNet – (Michigan) Phone companies latest iPhone slowdown culprit. A recent survey by Wired magazine has pointed to mobile carriers as the reason for the iPhone 3G slowdown. The magazine asked some 2,600 iPhone 3G users around the world to contribute 3G performance numbers from their localities. The results, claims Wired, suggest that the sluggish 3G speeds have more to do with the local 3G networks than any shortcomings in the hardware. 3G performance has by far been the biggest complaint from users ever since the iPhone 3G was launched in early July. The model was the first to run with a 3G connection, eschewing the EDGE network hardware employed by the previous model. So far, nobody has been able to pinpoint the exact reason for the slowdown. One analyst firm has suggested that the problems were due to bad hardware from Infineon. Other pundits suggested a firmware issue which they say Apple attempted to fix with the last update. Source: http://www.vnunet.com/vnunet/news/2224626/phone-companies-latest-iphone