Tuesday, May 13, 2008

Daily Report

• Agence France-Presse reports that U.S. authorities rushed into disaster areas Monday after tornadoes left tens of thousands without power. Some 43,000 people across Georgia were without power early Monday, down from 253,000 at the peak of the outages. (See item 2)

• According to the Associated Press, a hazardous materials response team was called to a freight facility near Los Angeles International Airport Saturday after an air cargo container holding low-grade radioactive material was exposed. (See item 19)

Information Technology

33. May 12, IDG News Service – (National) Hackers create their own social network. Hackers now have their own social network, backed by GnuCitizen, a high-profile “ethical hacking” group. The network, called House of Hackers, has signed up more than 1,000 members since its launch earlier this week, according to the site. GnuCitizen set up the network in order to promote collaboration among security researchers. The site’s founders said they use “hacker” in the complementary sense. The term “should all express admiration for the work of the most skilled, creative, clever, unique, provocative, intelligent, intense, intriguing and interesting people among the human society,” said GnuCitizen in a message on the House of Hackers website. “We do not promote criminal activities. The network is designed to enable its members to exchange ideas with each other, communicate, form groups, elite circles and tiger/red teams, conglomerate around projects and participate in a hacker recruitment market.” The site’s founder said the ability to create groups on the network could be useful for setting up ad-hoc penetration testing teams. He suggested organizers could use the site’s events features to test the water for planned events. GnuCitizen is encouraging businesses to use the site to seek out security researchers for jobs or particular projects. GnuCitizen was founded in 2005 and has been credited with some high-profile security research of late, including vulnerabilities involving SNMP and BT Home Hub Wi-Fi routers. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/05/12/Hackers-create-their-own-social-network_1.html

34. May 12, infoZine – (International) Hacker posts confidential information about six million Chileans online. IT security and control firm Sophos is reminding organizations around the world about the importance of data security following news that a hacker in Chile has posted personal details about six million Chileans online. According to reports in the Chilean media, the hacker, known as ‘Anonymous Coward’ hacked into government and military servers and stole data including ID card numbers, addresses, telephone numbers, emails and academic records. He then posted the information on a Chilean technology blog before the owners of the site contacted authorities and removed the links. The Chilean newspaper El Mercurio reported that the hacker had committed the offence in order ‘to demonstrate how poorly protected data in Chile is’. “Chile may seem far away to many computer users, but the scale of this data breach should not be ignored,” said a senior technology consultant for Sophos. “No matter how moral or ethical the hacker’s motives, this prank was irresponsible and has left almost 40 percent of Chile’s population at risk of identity theft. Organizations around the world need to take this issue seriously and defend against these risks. The consequences of falling victim to such an attack can be much more far reaching than a simple fine, including irreversible damage to your reputation and customer confidence.” Sophos recommends that all businesses ensure that their computers are properly defended against the threat of hackers and malware, and are using a consolidated solution which can control network access and ensure security patches are in place. Source: http://www.infozine.com/news/stories/op/storiesView/sid/28341/

35. May 11, Xinhua – (International) S Korea, U.S. consider more drills against cyber attacks. South Korea and the U.S. are considering conducting more drills against cyber attacks in their annual defense exercise, South Korea’s Yonhap News Agency reported on Sunday. The two nations are also discussing the possibility of reinforcing drills against cyber attacks starting from this year’ s Ulchi Focus Guardian exercise, an unnamed South Korean military official said. The drill, if conducted, will involve a number of intelligence and Internet security officials from various organizations, including the country’s Defense Security Command. According to the South Korean Defense Ministry, a total of 278 computers at 10 government offices and institutes, such as the Korea Institute of Defense Analysis and the Korea Atomic Energy Research Institute, were infected with viruses in 2004. The military’s systems have so far been free of hacking attempts as they run on an intranet, completely cut off from the Internet. Source: http://news.xinhuanet.com/english/2008-05/11/content_8147619.htm

36. May 11, CNet News Blog – (National) Flaw turns Gmail into spamming machine. A “serious security flaw” in Gmail turns Google’s e-mail service into a spamming machine, according to a recent security report. INSERT (the Information Security Research Team), has created a proof of concept that exploits the “trust hierarchy” that exists between mail service providers. By exploiting a flaw in the way Google forwards messages, a spammer can send thousands of bulk e-mails through Google’s SMTP service, avoiding Google’s 500-address bulk e-mail limit and identity fraud protections. The report notes that with the rising volume of spam, e-mail providers have turned to whitelists and blacklists to help root out IP addresses of known spammers. Because Gmail falls into the trusted-whitelist category, messages are allowed “carte blanche” to bypass spam filtering. INSERT’s report notes that no extraordinary Internet expertise is required to exploit the flaw. Google has offered no official comment on the report. Source: http://www.news.com/8301-10784_3-9941156-7.html?part=rss&subj=news&tag=2547-1_3-0-5

37. May 9, IDG News Service – (National) Hackers find a new place to hide rootkits. Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer’s microprocessor, hidden from current antivirus products. Called a System Management Mode (SMM) rootkit, the software runs in a protected part of a computer’s memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of processes in a computer’s memory. The SMM rootkit comes with keylogging and communications software and could be used to steal sensitive information. The proof-of-concept software will be unveiled for the first time at the Black Hat security conference in Las Vegas this August. Source: http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_place_to_hide_rootkits.html

Communications Sector

38. May 11, Broadband Reports – (National) Wireless companies crack down on phone spam. Cell phone spam is on the rise with one prediction being that wireless customers are going to receive one and a half billion unsolicited text messages this year (double what the rate was for 2006). Wireless companies have been accused of supporting phone spam because they profit from those people without text message plans who receive spam. The companies respond that they are opposed to cell phone spam because it makes their customers irate and because they want to exploit the opportunity for cell phone marketing in the future and do not want customers completely turned off to the idea of cell phone spam. As a result, wireless companies are taking action to protect customers. Sprint has a filter in place to catch spam before it gets to your phone; reportedly two thirds of all text messages sent on the network are identified as spam and blocked. Verizon uses a combination of blocking mass spammers and filing lawsuits about the issue. AT&T notes that all three major wireless companies have agreed to share information about text spammers to make solving the problem more efficient. Source: http://www.dslreports.com/shownews/Wireless-Companies-Crack-Down-on-Phone-Spam-94314

39. May 9, WPTZ 5 Plattsburgh – (New York) Verizon gets approval for Northway cell tower. Verizon Wireless has permission to build a fourth cell-phone tower along the Adirondack Northway as part of its plan to fill a service gap along remote stretches of the upstate New York interstate. The Adirondack Park Agency said Verizon can build the 94-foot tower, which will be disguised to look like a pine tree, at Schroon Falls, about 100 miles north of Albany. That is on the southern edge of a 47-mile so-called “dark zone” on the Northway. Verizon started adding towers to the Northway after a Brooklyn man crashed and froze to death in January 2007, unable to call for help. The death prompted a public outcry, and state officials, environmentalists and the phone company forged an agreement to add towers that blend into the landscape. Source: http://www.wptz.com/news/16211821/detail.html