Thursday, March 20, 2008

Daily Report

• According to the New York Times, when a New York woman died aboard an American Airlines flight last month, her death raised concerns among passengers about the level of medical treatment available at 30,000 feet. Medical emergencies happen on planes more often than people might think. (See item 13)

• The Associated Press reports police arrested more than a dozen people who crossed a barricade and blocked entrances at the Internal Revenue Service building Wednesday, the start of a day of protests marking the fifth anniversary of the U.S. invasion of Iraq. (See item 31)

Information Technology

36. March 19, Computerworld – (National) Apple issues mega-monster security update. Apple Inc. Tuesday issued a record-breaking security update that patched nearly 90 vulnerabilities in both its own code and the third-party applications it bundles with its Tiger and Leopard operating systems. Security Update 2008-002 plugged 87 holes in the client and server editions of Mac OS X 10.4 and Mac OS 10.5. This single update’s total patch count nearly equaled half of all the fixes Apple released in 2007, and easily dwarfed the biggest updates that year, both which saw 40 or more bugs patched. Apple also updated its Safari browser for both Mac and Windows, patching 13 vulnerabilities. The much larger security roll-up fixed flaws in 30 different applications or operating system components in Mac OS X, from AFP Client and Apache to the Wiki Server and X11, the Mac’s version of the X Window System.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9069538&intsrc=hm_list

37. March 19, IDG News Service – (Pennsylvania) Pennsylvania pulls plug on voter site after data leak. With voting in Pennsylvania’s presidential primary just a month away, the state was forced to pull the plug on a voter registration Web site Tuesday after it was found to be exposing sensitive data about voters in the state. The problem lay in an online voter registration application form that was designed to simplify the task of registering to vote. State residents used it to enter their information on the Web site, which then generated a printable form that could be mailed to state election officials. Pennsylvania’s Department of State disabled the registration form late Tuesday after being informed of the vulnerability by IDG News Service. Because of a Web programming error, the Web site was allowing anyone on the Internet to view the forms, which contained data such as the voter’s name, date of birth, driver’s license number, and political party affiliation. On some forms, the last four digits of Social Security numbers could also be seen. The flaw was first reported by a reader of Digg.com, who stumbled upon the bug after filling out a voter registration form. The bug did not expose all registration data – just the information supplied by those who used the Web site’s online form. About 30,000 voter registration records appeared to be available on the site.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=spam__malware_and_vulnerabilities&articleId=9069578&taxonomyId=85

38. March 19, Financial Times – (National) Beware: Printing can be data security’s Achilles Heel. Since January 2005, more than 218 million records involving sensitive personal information belonging to U.S. citizens have been exposed by security breaches. Drill down into the data, collected by U.S. lobbying group the Privacy Rights Clearinghouse, however, and it is clear that it is not only electronic media that are to blame. Last year, more than a dozen serious data protection breaches resulted not from the loss of a laptop, a disk, or memory drive, but from printed data. Some of the breaches resulted from errors in bulk or commercial printing houses, such as inadvertently printing customers’ social security numbers on envelopes or labels. But others were the result of employees printing sensitive data, which was subsequently lost or stolen - often because the paperwork was in the same bag or case as a laptop targeted by thieves. The true number of cases of data loss from paper documents could be far greater.
Source:
http://www.ft.com/cms/s/0/f05e51e8-f557-11dc-a21b-000077b07658.html

39. March 19, ZDNet UK – (International) RSA sees increase in fast-flux botnets. Security vendor RSA has reported that it has seen an increase in the use of sophisticated techniques that hide command-and-control servers in networks of compromised computers. However, University of Cambridge researchers have disputed the claim, saying fast-flux use has remained constant over the past year. Fast-flux is a DNS technique that distributes command-and-control by constantly reallocating the servers controlling peer-to-peer botnets. It makes those servers difficult to identify and shut down, as they “move” around the network. Fast-flux can also be associated with the allocation of proxy servers to hide static command-and-control servers in botnets. RSA said on Monday that the technique, widely reported as being used by the controllers of the Storm botnet, is now being used by at least three other compromised networks. RSA refused to name the botnets or the gangs involved, and said naming them would compromise its surveillance.
Source:
http://www.zdnetasia.com/news/security/0,39044215,62039095,00.htm

40. March 18, Computer Weekly – (National) Cyber Storm 2 exercise reveals security preparedness. Cyber Storm II, the world’s largest international cyber security exercise so far, ended on March 15. Undoubtedly, the U.S. Department of Homeland Security-sponsored event will report it as a resounding success and learning experience in its final report due in late summer. The exercise simulated a coordinated cyber attack on information technology, communications, chemical, and transportation systems and assets. It simulated a crash of the US and international telephone system, which in turn caused problems for top level domains such as .com, .net, and .gov. Crisis managers had to identify, evaluate, and respond to more than 1,800 malware incidents. These included botnet, phishing, and denial of service attacks. Some were “white noise.” These were relatively harmless events designed to mask or confuse more serious attacks on the systems. Cyber security is one of four priorities at DHS, which is responsible for securing the government’s IT and critical national infrastructure. Federal departments use an intrusion detection system called Einstein, as well as US-Cert, a 24x7 public-private operation that monitors and defends against malware attacks. DHS also plans to cut the number of internet access points that link to federal systems from about 4,000 to 50 to make the federal IT system easier to guard.
Source:
http://www.computerweekly.com/Articles/2008/03/18/229909/cyber-storm-2-exercise-reveals-security-preparedness.htm

Communications Sector

41. March 19, Reuters – (National) Google sees surge in Web use on mobile phones. Google has seen an acceleration of Internet activity among mobile phone users in recent months since the company has introduced faster Web services on selected phone models, fueling confidence the mobile Internet era is at hand, the company said on Tuesday. Early evidence showing sharp increases in Internet usage on phones, not just computers, has emerged from services Google has begun offering in recent months on Blackberry e-mail phones, Nokia devices for multimedia picture and video creators and business professionals and the Apple iPhone, the world’s top Web search company said. Google made the pronouncement as it introduced a new software download for mobile phones running Microsoft Corp’s Windows Mobile software that conveniently positions a Google Web search window on the home screen of such phones. The software shortcuts the time it takes for people to perform Web searches on Google by eliminating initial search steps of finding a Web browser on the phone, opening the browser, waiting for network access, and getting to Google.com. By making a Google search box more convenient, mobile phone users have begun using the Internet more, the company said. Source: http://news.yahoo.com/s/nm/20080319/wr_nm/google_mobile_dc;_ylt=AgxMlVSbRsdKquDIjfiubC767rEF

Wednesday, March 19, 2008

Daily Report

• According to the Associated Press, a security breach at an East Coast supermarket chain exposed 4.2 million credit and debit card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday. The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida, and a smaller number of independent groceries that sell Hannaford products. (See item 12)

• The Gainesville Daily Register reports emergency responders from various Cooke County agencies arrived at Era, Texas, for a mass casualty exercise. The exercise brought together volunteer firefighters, state troopers, emergency management officials, EMS responders, members of the media, and others to test how well these life-saving organizations can work together during a crisis. (See item 28)

Information Technology

29. March 18, Ars Technica – (National) Ongoing IFrame attack proving difficult to kill. One of the factors that make an ongoing malware attack so difficult to stop is the speed with which the assault can evolve. Over the past 12 days, an IFrame injection attack that originally focused on ZDNet Asia has been spreading across the Net, changing targets and payloads on an almost daily basis. An iFrame (short for inline frame) is an element of HTML that is used to embed HTML from another source into a webpage. This particular IFrame exploit takes advantage of web site query caching. Web sites often cache the results of search queries that are run locally. These search results are forwarded to search engine providers (think Google or Yahoo), who use the information to generate their own search results. Hackers exploit the system by typing a query immediately followed by the text of an IFrame. This data (including the IFrame) is then passed to various search engines and displayed if a user searches for a relevant keyword. When the user visits an apparently legitimate document, the IFrame activates and attempts to complete whatever instructions it has been given. The major advantage of an injected attack versus an embedded one is that an injected attack requires no direct access to a web site’s server backend. Instead, it takes advantage of the company’s SEO (Search Engine Optimization) practices and poisons the results that are fed back to web surfers. The first wave of injections targeted ZDNet Asia and torrentreactor.net. The attackers shifted away from these two domains quickly and branched out into other web sites. One key purpose of the attack was to advertise the rogue antivirus product developed by the RBN (Russian Business Network), XP Antivirus.
Source:
http://arstechnica.com/news.ars/post/20080318-ongoing-iframe-attack-proving-difficult-to-kill.html

30. March 18, Computerworld – (National) Malicious subtitle file could trip up media player. A flaw in the widely-used open-source VLC media player could allow an attacker to execute harmful code on a PC. The problem stems from a buffer overflow that can occur when the player processes subtitle files used for movies, according to a security advisory. The vulnerability existed before VLC was upgraded to version 0.8.6e in late February, but the bug appears to have escaped the last round of patches. Video files can contain a link to a separate subtitle file, which VLC automatically loads when it plays the video. An attacker could use the buffer overflow flaw in VLC to execute malicious code contained in a subtitle file, and thus tamper with a PC. The flaw affects VLC players running on Windows, Mac, BSD and possibly more operating systems. The VLC media player is part of the VideoLAN project. The player is free, and it is released under the GNU General Public License. VLC can also be used as a streaming media server for a variety of platforms.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9069178&taxonomyId=17&intsrc=kc_top

31. March 17, Information Week – (National) Internet Explorer 8 could break applications, Gartner warns. Microsoft’s improved support for Web standards in its Internet Explorer 8 browser “will result in pages that don’t display correctly for some enterprise applications,” analysts at tech research firm Gartner warn. This is because many Web- or intranet-facing applications used in business were built to work with previous versions of Explorer, in which Microsoft often favored its own protocols over universal Web standards. With Explorer 8, slated for full release later this year, Microsoft has promised default compatibility with W3C guidelines. Among other things, the browser features support for Web programming standards such as CCS 2.1 and HTML 5. It also promises improved support for the Ajax programming language. “Microsoft is trying to woo the Web 2.0 world,” Gartner said in a document published last week. The researchers said it is “an indicator of what some have called ‘the new Microsoft.’”
Source:
http://www.informationweek.com/news/showArticle.jhtml?articleID=206904001&subSection=All+Stories

32. March 17, Associated Press – (National) It’s prison for ID thief who used P2P software. A Seattle man was sentenced to more than four years in prison Monday in what prosecutors said was the first federal case against someone using file-sharing software to steal identities. The man pleaded guilty in November to mail fraud, aggravated identity theft, and accessing a protected computer without authorization to further fraud. Although people have been prosecuted for using networks to illegally share copyrighted music, movies, and software, the Justice Department called the prosecution its first case against someone accused of using file-sharing programs to commit identity theft. The man received four years and three months in prison.
Source:
http://www.msnbc.msn.com/id/23682023/

Communications Sector

33. March 18, vnunet.com – (International) Boffins bounce photons off satellite. Scientists have successfully hit a satellite with a stream of protons in an experiment to build a global quantum-encrypted communications network. A professor and his team from the University of Vienna used a 1.5 meter telescope at the Matera Laser Ranging Observatory in Italy to bounce single photons off the Ajisai geodetic satellite 1400km above the earth. The project smashed his previous record of 144km. With the right satellite in orbit the stream could be used to send quantum-encoded data that is virtually unbreakable using current known technology. But, up until now, the blurring effects of the atmosphere has made sending data in this way practically impossible. The team managed to hit the Ajisai satellite, which is one of a number of ‘mirror ball’ satellites used solely for measurement, and receive coherent data back. The researchers tried to establish contact with similar satellites further away, but were unable to do so, according to the physics arXiv blog. The next stage would be to build satellites capable of receiving signals and either decoding them and sending back information, or firing them sideways to other satellites to establish a global communications network. Source: http://www.vnunet.com/vnunet/news/2212264/boffins-bounce-photons

34. March 18, Information Week – (National) VoiceCon: Nortel adds mobility to unified communications mix. New communications server software from Nortel lets enterprises extend VoIP and unified communications features to cell phones and smartphones, improving decision making and productivity, the vendor said Monday at the VoiceCon tradeshow in Orlando, Florida. Nortel’s mobile unified communications solutions are embedded in Communication Server 1000 IP PBX 5.5, available in April, and the new Mobile Communication 3100 2.0, a fixed-mobile convergence system for enterprises that’s available now. The vendor also unveiled IP Softphone 2050 3.0 for laptop PCs and a new high-capacity SIP DECT system for outside the U.S. Business-people use about six different communication devices and almost as many applications on those devices, but that’s not helping people connect any more easily, Nortel said. By adding mobility to the unified communications mix, workers can eliminate wasted time and the frustration of managing multiple phone numbers and voice-mail boxes, the company said. Now, mobile workers get access to the same voice calling features as the corporate network, like dialing by extension, conferencing, and call transferring. Nortel has also added single phone number and voice mail across multiple devices (desk phone, PC, and mobile). As with instant messaging, a presence indicator lets colleagues know an individual’s availability and online status. A handoff key allows users to transfer calls from their mobile to their desktop phones. Unified communications can help reduce mobile communications costs by up to 30 percent through more efficient handling of mobile calls using corporate dial plans, the vendor said. Source: http://www.informationweek.com/news/showArticle.jhtml?articleID=206904195