Friday, September 12, 2008
Complete DHS Daily Report for September 12, 2008
Daily Report
Headlines
Reuters reports that a U.S. senator has asked the Energy Department to revoke a recent order authorizing energy companies to continue exporting liquefied natural gas (LNG) from Kenai, Alaska, to Japan and other Pacific Rim markets. The senator said those Alaskan supplies need to stay in the U.S. market because of a forecast for higher winter prices for natural gas. (See item 2)
2. September 9, Reuters – (National) Senator wants to stop Alaskan gas exports to Japan. A U.S. senator has asked the Energy Department to revoke a recent order authorizing energy companies to continue exporting liquefied natural gas (LNG) from Kenai, Alaska, to Japan and other Pacific Rim markets. The department approved a request this summer from ConocoPhillips and Marathon Oil for authority to export up to 98.1 billion cubic feet of natural gas to Japan and other Pacific Rim countries through March 2011. The senator said that with Americans forecast to pay 22 percent more for natural gas to heat their homes this winter, those Alaskan supplies need to stay in the U.S. market. The senator said there are new LNG import terminals along the West Coast that could receive the LNG. The amount of Alaskan LNG that would be exported is enough to heat 1.4 million American homes a year, according to the senator. Under federal law, any company that wants to export LNG must first obtain Energy Department permission to ensure the export would not harm U.S. energy supplies. The department has said allowing the LNG exports to continue “will not be inconsistent with the public interest.” Source: http://www.reuters.com/article/rbssEnergyNews/idUSN0932191020080909?pageNumber=1&virtualBrandChannel=0
According to the Washington Post, a panel of aviation safety experts said that the Federal Aviation Administration should audit information it receives from airlines on safety and maintenance issues to ensure its accuracy. The FAA relies heavily on self-reported data from airlines to spot trends that could lead to mechanical failures or plane crashes. (See item 14)
14. September 11, Washington Post – (National) FAA told to audit airline safety data for accuracy. The Federal Aviation Administration (FAA) should audit information it receives from airlines on safety and maintenance issues to ensure its accuracy, a panel of aviation safety experts said Wednesday. The U.S. Transportation Department secretary asked an outside panel earlier this year to review FAA safety policies in the wake of blistering criticism from Congress and the department’s inspector general that the FAA had grown too cozy with air carriers. The FAA relies heavily on self-reported data from airlines to spot trends that could lead to mechanical failures or plane crashes. Panel members said they supported the FAA’s strategy of working closely with airlines on maintenance and safety issues, citing the approach as integral to the nation’s aviation safety system. The panel made 13 recommendations for changes at the agency, including implementing the audits, more training of inspectors, and more consistency in inspection rules. The acting FAA administrator said the agency would work “full throttle” to implement the changes. Source: http://www.washingtonpost.com/wp-dyn/content/article/2008/09/10/AR2008091003499.html
Details
Banking and Finance Sector
11. September 11, Bloomberg – (National) Fed May expand funding aid to banks in a ‘Mother of Year-Ends.’ The Federal Reserve may have to increase the cash it provides to banks and brokers, already a record, to help them balance their books at the end of the year. Six bank failures in the past two months and rising concern about Lehman Brothers Holdings Inc.’s capital levels pushed lenders’ borrowing costs to near a four-month high Wednesday. They may climb further as companies rush for cash to settle trades and buttress their balance sheets at year-end. One option is for banks and brokers to increase the loans they take out directly with the Fed; the central bank reports on the figures Wednesday. Officials could also offer options on its biweekly loan auctions or introduce special repurchase agreements to straddle the end of the year, economists said. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aavHtPEY4aCc&refer=home
12. September 10, Connecticut Post – (Connecticut) Data theft scheme affects 28,000 in state. The personal information of more than 28,000 Connecticut residents was stolen from Countrywide Home Loan computers and sold. The theft of data about more than two million people who applied to Countrywide for mortgages between July 2006 and July 2008 is unlike other recent data losses, the Connecticut attorney general said Wednesday, because there is no doubt the information is not just missing. “It was sold, we know that. We don’t know precisely who bought it,” he said, calling the loss “extraordinarily frightening,” because it definitely came about through criminal activity. Last month, the Federal Bureau of Investigation in Los Angeles arrested two men – one a former Countrywide employee – on charges related to the illegal sale of the data. According to the official, a minimum of 28,123 Connecticut residents are among those whose data were allegedly downloaded. Source: http://www.connpost.com/ci_10431496
13. September 10, Phoenix Business Journal – (National) Countrywide Financial alerts customers to security breach. Countrywide Financial Corp. is notifying mortgage holders in Arizona and other states regarding a possible security breach. The Federal Bureau of Investigation (FBI) arrested a former Countrywide employee in August for the alleged sale of personal and financial data belonging to the California-based company’s customers. The FBI contends the culprit sold consumer data for as much as $70,000. Source: http://www.bizjournals.com/phoenix/stories/2008/09/08/daily34.html
Information Technology
39. September 11, Register – (National) CookieMonster nabs user creds from secure sites. Websites used for email, banking, e-commerce, and other sensitive applications just got even less secure with the release of a new tool that siphons users’ authentication credentials – even when they are sent through supposedly secure channels. Dubbed CookieMonster, the toolkit is used in a variety of man-in-the-middle scenarios to trick a victim’s browser into turning over the authentication cookies used to gain access to user account sections of a website. Unlike an attack method known as sidejacking, it works with vulnerable websites even when a user’s browsing session is encrypted from start to finish using the secure sockets layer protocol. The vulnerability stems from website developers’ failure to designate authentication cookies as secure. That means web browsers are free to send them over the insecure http channel, and that is exactly what CookieMonster causes them to do. It does this by caching all DNS responses and then monitoring hostnames that use port 443 to connect to one of the domain names stored there. CookieMonster then injects images from insecure (non-https) portions of the protected website, and the browser sends the authentication cookie. For now, CookieMonster is in the hands of only about 225 security professionals. In the next couple weeks, the creator of CookieMonster plans to make it generally available. He has listed some two-dozen sites that are vulnerable. Source: http://www.theregister.co.uk/2008/09/11/cookiemonstor_rampage/
40. September 10, Dark Reading – (National) ‘Password recovery’ services may be hackers for hire. Services that promise to help find lost passwords may make their living by cracking the passwords of others, says the chief security strategist at IBM’s Internet Security Systems unit. Webmail services such as Gmail and Hotmail are widely used as a quick, low-cost alternative to more sophisticated email services offered by ISPs or corporations. But Webmail accounts are not particularly secure, he warns. For between $300 to $600, a hacker can find a full suite of Webmail cracking tools on the Internet, complete with the ability to do brute-force “guessing” of simple passwords and enhanced tools for penetrating the CAPTCHA authentication methods used on Webmail services, he notes. CAPTCHA-breaking methods have become so effective that for about $100, the service provider can not only promise to give you the password to a specific Webmail account, but it can also promise to give you subsequent passwords if the legitimate owner should change passwords. There is not much that users can do to protect themselves from these hack-for-hire services, he says. “The best thing you can do is to use strong passwords,” he says. It would be difficult for any company to set a policy against using Webmail services, he says. “Your best bet is to educate your users about the vulnerabilities of these services, and discourage them from using their Webmail accounts for transmitting company information or other sensitive data,” he says. Users also should stay away from the services themselves, many of which are based in Russia or southeast Asia and can be recognized by the stilted English grammar in their service descriptions, he notes. Source: http://www.darkreading.com/document.asp?doc_id=163471&WT.svl=news1_1
Communications Sector
41. September 11, Computerworld – (National) Wireless operators seek faster review of cell tower proposals. Wireless network operators are pushing for faster consideration of cell tower construction applications in the U.S., urging that reviews be finished in 75 days. The CTIA, which represents the major carriers, wants state and local regulatory bodies to make more timely cell tower decisions because of a sizable backlog of construction applications and a clear desire by many customers to have more cellular network coverage and reliability, said the vice president of regulatory affairs at the CTIA. He said a survey of carriers showed that 760 applications have taken more than a year to review, with half that number of applications under review bodies for more than three years. The commissioner of the Federal Communications Commission (FCC) said the federal government and the FCC have no right to tell states and local communities whether to build a tower in a certain location, but the FCC has a directive from Congress to provide cellular access to Americans in a timely manner. He said the FCC can regulate the amount of power generated by a cell tower, adding, “but as for health problems, there’s no proof of this.” Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9114458&intsrc=hm_list
42. September 10, Computerworld – (National) Yahoo expands Blueprint for mobile apps. Yahoo Inc. announced Wednesday at the CTIA trade show that it has expanded Blueprint, a mobile development platform, to allow developers to build applications for mobile devices running Java, Windows Mobile, and Symbian operating systems. Blueprint was previously available to create mobile widgets for Yahoo Go, a mobile application that first appeared two years ago. The executive vice president of Yahoo Connected Life said Blueprint, which is available for free, allows a developer to write once and have an application run across many devices and operating systems to reach billions of users. As such, Yahoo is expecting its services and advertising system to be available for all kinds of devices globally, he added. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=11&articleId=9114440&intsrc=hm_topic
No comments:
Post a Comment