Tuesday, April 29, 2008

Daily Report

• The Inquirer reports hackers have managed to shut down the Bank of Israel for two days, taking advantage of the Jewish festival of Passover when senior staff members were out of the office. Sources from the bank said that financial reports going back to October 2007 had been deleted from the bank’s systems. (See item 8)

• According to KTVX 4 Salt Lake City, a woman says she boarded a plane for Las Vegas last Monday at Salt Lake International airport with a knife that was not detected during screening. She says the knife, which she forgot was in her purse, was caught during screening Sunday in Las Vegas. (See item 13)

Information Technology

34. April 28, IDG News Service – (National) Researcher finds new flaw in QuickTime for Windows. A security think tank says it has found a vulnerability in Apple’s QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2. From the scant details published on the GNUCitizen’s blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a Web site, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to a researcher. He does not think users are in danger of being attacked as of yet. “I highly doubt that anyone knows how to exploit this vulnerability,” he said. “I haven’t shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there.” In a video, he shows a QuickTime file sitting on the desktop of a PC running XP SP2. If a user opens the malicious file, the researcher then has control of the PC, demonstrated by the way the applications Paint, Calculator, and Notepad are seen launching, apparently without further user intervention. The demonstration is repeated on a PC running Windows Vista inside a virtual machine. Attacking vulnerabilities in applications is becoming increasingly favored by hackers, as finding problems in operating systems becomes increasingly harder, said the director of research for the SANS Institute, last week at the Infosec conference in London. The researcher said Monday that he has notified Apple of the problem. Source: http://www.pcworld.com/businesscenter/article/145189/researcher_finds_new_flaw_in_quicktime_for_windows.html

35. April 28, ars technica – (International) Microsoft gives details of massive web attack. On April 17, 2008, hundreds of thousands of pages on legitimate domains – including several at the United Nations and in the UK government – were attacked. Many of these sites ended up serving malware by redirecting users to malicious pages using JavaScript and IFRAMES. Users’ PCs were loaded with a malware program that tried eight different exploits in an attempt to hijack the system. Security companies blamed the attacks on a vulnerability in Microsoft’s web server software. Some concluded that the problem was related to an advisory regarding a bug in multiple Windows versions that could be exploited through Internet Information Services (IIS) and SQL Server. The same day as the attacks started, Microsoft disclosed an advisory for the security issue. Despite reports saying differently, the software giant has investigated the problems and has concluded that the two are not related. A Microsoft representative explained the company’s findings in his IIS blog, saying “Microsoft has investigated these reports and determined that the attacks are not related to the recent Microsoft Security Advisory (951306) or any known security issues related to IIS 6.0, ASP, ASP.Net, or Microsoft SQL technologies. Instead, attackers have crafted an automated attack that can take advantage of SQL injection vulnerabilities in web pages that do not follow security best practices for web application development.” It is still not clear how attackers are compromising such a large numbers of sites so quickly, but Microsoft is asking web administrators to look into how to avoid SQL injection attacks. Source: http://arstechnica.com/journals/microsoft.ars/2008/04/28/microsoft-gives-details-of-massive-web-attack

36. April 25, CongressDaily – (National) DHS moves to ramp up cybersecurity in federal agencies. The Homeland Security Department plans to complete an analysis in about 45

days to determine which U.S. government computer networks are most vulnerable to cyberattacks, with the intention of deploying 50 new intrusion detection systems to federal agencies by the end of the year, a top U.S. cybersecurity official said Friday. “We’re concerned that the intrusions are more frequent and they’re more targeted and they’re more sophisticated,” said the undersecretary for the department’s national protection and programs directorate. The undersecretary heads up Homeland Security’s role in the Bush administration’s so-called Cyber Initiative, a massive, multiyear, multibillion-dollar effort to counter attacks on U.S. computer networks. Most of the initiative remains classified, but Homeland Security is responsible for defending networks across the federal government or those that fall within the .gov domain. At a news conference Friday, he said the department is mapping where Internet access points exist across the .gov domain and which federal agencies are most at risk of attacks. Based on that information, the department will install 50 advanced intrusion detection devices, known as Einstein systems, by the end of 2008 to the networks most at risk, he said. “Over the next 30 to 45 days we hope to have a much more comprehensive picture of exactly which agencies are going to get the initial deployments,” he said. The number of network intrusions recorded by federal agencies is expected to rise as Einstein systems are deployed. The undersecretary said there were about 37,000 reportable incidents last year. Source: http://govexec.com/dailyfed/0408/042508pm2.htm

Communications Sector

37. April 27, Reuters – (International) EU puts second Galileo test satellite into orbit. The European Union launched the second and final test satellite for its $5.3-billion rival to the U.S. Global Positioning System on Sunday, brushing off industry doubts over its viability. The Galileo project, Europe’s biggest single space program, has been plagued by delays and squabbling over funding that ended only when the EU agreed to funnel public funds into it. The experimental satellite, Giove-B, was put into orbit by a Soyuz rocket in Kazakhstan and is due to test technologies for Galileo, such as a high-precision atomic clock and the triple-channel transmission of navigation signals, the executive European Commission said in a statement. “(The project) will be operational in 2013 and already we think this will be profitable,” the EU’s transport commissioner told Reuters after monitoring the launch from the Fucino control centre in the hills of central Italy. Galileo, whose first experimental satellite was launched in December 2005, has been plagued by doubts about its viability given the dominant position of the U.S. GPS and similar projects planned by Russia and China. Critics have also labeled it too expensive, despite Commission arguments that it would create thousands of jobs and ensure independence from the U.S. service. Source: http://www.reuters.com/article/marketsNews/idUSL2730916620080427