Friday, May 30, 2008

Daily Report

• WUSA 9 reports that FBI estimates cargo theft and trailer hijackings to net $30 billion a year for thieves and to be relatively low risk. This has raised concerns that it may be an easy option for terrorists trying to raise money. (See item 13)

• The Associated Press reports that federal investigators arrived Thursday at the tracks outside Boston where two commuter trains collided and derailed during rush hour Wednesday, killing one person and injuring more than a dozen others. (See item 15)

Banking and Finance Sector

10. May 29, Boston Globe – (Massachusetts) Identity-theft services face legal test. IdentityTruth Inc. says it will reimburse customers up to $2 million if they are victims of identity theft. But a Phoenix lawyer says the identity-protection company’s promise is not worth nearly that much. IdentityTruth charges $10 a month or $100 a year to insure people against unauthorized use of their personal information. The privately held company posts fraud alerts with credit reporting agencies on behalf of its customers. These alerts warn banks and other businesses not to open new accounts unless they confirm the identity of the customer. In addition, IdentityTruth scours the Internet and a host of private and government-run databases, looking for evidence that somebody out there is pretending to be the customer. The company does not actually prevent identity theft. The IdentityTruth website states, “if you are a member of our service and are a victim of identity theft resulting in the loss of your money, we will reimburse you up to $2 million.” But a Phoenix law firm official said the fine print of the IdentityTruth guarantee belies this assertion. He recently filed a lawsuit in the US District Court of Arizona against a rival service, LifeLock Inc. of Tempe. The suit, which seeks class-action status, claims LifeLock’s $1 million guarantee is fraudulent because it contains loopholes that make it far less generous. He said the same loopholes are present in the IdentityTruth guarantee. For instance, the guarantee covers damages caused by a failure of the IdentityTruth service. But banks often ignore fraud alerts. If that happens and an IdentityTruth customer gets stung, the company is not liable, because the bank failed, not IdentityTruth. The president of Javelin Strategy said consumers should not be too quick to sign on with any identity theft preventers. Source: http://www.boston.com/business/articles/2008/05/29/identity_theft_services_face_legal_test/

11. May 28, Originator Times – (California) Home foreclosure ring scam broken up. San Diego and state officials announced that a huge real estate fraud scheme has been broken up after victimizing potentially 400 homeowners in San Diego County alone, with additional victims in other counties. There are many more victims throughout the state who have not yet come forward or do not yet realize they have been scammed. “The defendants preyed on mostly non-English speaking, Hispanic homeowners who were in foreclosure, claiming to offer assistance in preventing the victims from losing their home,” a District Attorney said. The defendants are facing more than 100 felony charges and that number is expected to increase. The defendants were allegedly engaged in a widespread foreclosure rescue scam by which they acquired grant deeds to homes in foreclosure based on untrue or misleading statements that their “land grant program” would prevent homeowners from losing their homes through foreclosure. Two methods were used for inducing owners of residences in foreclosure to participate in a so-called land grant program. One method required homeowners to pay a one-time fee of up to $10,000 to put their property in a land grant. The second method was a lease back scheme in which homeowners paid the suspects $500 or more and then transferred their property via grant deeds to the defendants for no consideration and then made monthly payments to the defendants, purportedly to rent their homes back from the defendants. In both scenarios, the homeowner was typically evicted from their property at the completion of foreclosure proceedings and retained no legally recognized title to their property. While the total loss is still being tallied, the defendants probably got away with hundreds of thousands of dollars. Source: http://originatortimes.com/content/templates/standard.aspx?articleid=3190&zoneid=5

12. May 27, Daily Local – (Pennsylvania) Data breach concerns residents. News of a teenager being arrested for hacking into the school district’s computer system and obtaining Social Security numbers has left some district residents wondering if their identity is in danger. Borough, Pennsylvania, police arrested the 15-year-old male connected with the computer breach on May 21. The student accessed a school district computer server, copied and duplicated computer data and transferred that data to his home computer. According to police, the files contained more than 41,000 taxpayers’ names and personal information including Social Security numbers and more than 15,000 students’ names and personal information. The district sent out letters to 16,595 residents whose names were included in the file. Personal information of 71 employees at one of the district’s schools was included in these files. Police have isolated another student that may have received part of the copied files from the arrested student. Source: http://www.dailylocal.com/WebApp/appmanager/JRC/Daily?_nfpb=true&_pageLabel=pg_article&r21.pgpath=%2FDLN%2FHome&r21.content=%2FDLN%2FHome%2FTopStoryList_Story_2110534

Information Technology

30. May 29, Register – (International) Comcast hack leaves users without email. The portal of U.S. communications giant Comcast was hacked on Wednesday night in an assault that left subscribers unable to access their emails for several hours. The comcast.net front page was replaced by a greeting from hackers on Wednesday night (28 May). The defacement was removed around two hours later. Before the site was restored in the early Thursday morning, users encountered a “page under construction” message. The site remained intermittently unavailable even after this time. Hackers calling themselves KRYOGENICS EBK and DEFIANT claimed the defacement. As a result of the attack, Comcast subscribers were unable to access their email or other services through the portal for more than two hours. The exact mechanism of the attack is unclear. However, an injected iFrame that served up content from sites under the control of hackers is suspected. Some form of DNS redirection attack may also have been involved. Normally defacement attacks simply involve the spraying of digital graffiti on a website. However, in the case of the Comcast attack it seems some attempt may have been made to snoop on its users’ login credentials. “There is still a lot of speculation about the details of this and why this happened,” said a Comcast user. “But it is clear now that a group of people (according to the hacker’s message) somehow rerouted the IP and DNS values of Comcast to an off site. (http://www.freewebs.com/kryogeniks911/).” “It appears there was no malicious codes or script being run but a lot of people are saying that ports were being ‘listened’ to which could have led to the compromising of username/passwords,” the user added. Source: http://www.theregister.co.uk/2008/05/29/comcast_hack/

31. May 28, Computerworld – (National) Apple updates Leopard, issues 68 fixes. More than three months after it last updated Mac OS X, Apple Inc. today released 10.5.3, an upgrade for its Leopard operating system that boasts nearly 70 stability, compatibility, and security improvements and fixes. Apple did not include patches for two of three iCal vulnerabilities that were made public a week ago, however. Mac OS X 10.5.3, the third upgrade to Leopard since Apple launched the current in October 2007, addresses issues in several components and bundled applications, ranging from the Address Book and Automator to Time Machine and VoiceOver. Apple also listed a baker’s dozen under a “General” category that included a fix for hard drives that would not show in the Finder; an improvement in Spotlight, the OS’s built-in search tool, for searches done on AFP volumes; and a patch for stuttering audio and video playback from certain USB-based hardware. AirPort, Apple’s label for its wireless technology, got a pair of fixes: one to improve wireless reliability in general, the other to boost reliability when used with the company’s relatively new Time Capsule router-cum-backup-device that debuted earlier this year. Apple also tucked eight fixes for iCal, its personal scheduling program, into the 10.5.3 update, but failed to patch two of the three security vulnerabilities disclosed last week by Core Security Technologies. It appears Apple did patch the most serious of the three – dubbed CVE-2008-1035 – which Core said was the only one of the three it had proven could be used to insert malicious code into a Mac. Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9090338&taxonomyId=17&intsrc=kc_top

32. May 28, IDG News Service – (National) Symantec backtracks on Adobe Flash warning. After warning on Tuesday that hackers were exploiting an unpatched bug in Adobe Systems’ Flash Player software, Symantec has backtracked from this claim, saying the flaw is “very similar” to another vulnerability that was patched last month. Symantec’s initial warning described a disturbing threat – a previously unknown and unpatched flaw that was being exploited on tens of thousands of Web pages. The flaw allowed attackers to install unauthorized software on a victim’s machine and was being used to install botnet programs and password-logging software, Symantec said. Now Symantec believes that the bug was previously known and patched by Adobe on April 8, said a senior research manager with Symantec Security Response. However, the Linux version of Adobe’s stand-alone Flash Player, version 9.0.124, is vulnerable to the attack. On Tuesday Symantec researchers saw that the attack worked on Linux and that it caused Flash Player to crash on Windows XP, so they reasoned that they had a new bug that was just not working properly on the Windows platform, possibly due to a programming error by the hackers. “We thought it was a problem with the exploit,” he said. Now Symantec believes that the vulnerability was simply not properly patched in this one version of Adobe’s software, he said. Source: http://www.networkworld.com/news/2008/052808-symantec-backtracks-on-adobe-flash.html

Communications Sector

33. May 29, Register – (International) Hackers start poking holes in NFC. A researcher from the Fraunhofer Institute for Secure Information Technology used the recent EUSecWest event to demonstrate progress in attacking Near Field Communications (NFC) applications. Near Field Communications is the radio frequency identification (RFID)-based standard being built into mobile phones to allow them greater interaction with the physical world. NFC-enabled handsets can be used to pay for bus or train journeys, replacing existing contactless cards, and can read tags embedded in (Smart) posters that trigger a URL to be loaded or a phone number to be called. Currently, only Nokia sells an NFC-enabled handset, the 6131NFC, though they have another model planned for later this year. But NFC is compatible with previous contactless standards such as MiFare and Felica. Therefore, the Fraunhofer Institute for Secure Information Technology created a toolkit that turns a 6131NFC into a generic toolkit for testing deployments of those technologies, as well as looking at functionality unique to NFC deployments. Two hacks involved replacing the NFC tag on a vending machine, and spoofing a uniform resource identifier (URI) in a Smart Poster to connect the user to somewhere other than they wished. The vending machines in question are in Vienna where a phone is waved near the machine and an NFC connection asks the phone to send an SMS message. This premium-rate SMS message is used to pay for the snack. The hacker simply switches NFC tags between two machines and collects what is paid for using the other machine. It is also possible to display one URI to the phone’s user, while trigging the handset to connect to a different one. The Fraunhofer Institute for Secure Information Technology told Nokia about the problems last month; Nokia is already working on a fix. Source: http://www.theregister.co.uk/2008/05/29/first_nfc_hack/

Thursday, May 29, 2008

Daily Report

• The Associated Press reports that an Iranian-born naturalized U.S. citizen who worked as an engineer at the Palo Verde Nuclear Generating Station was convicted of illegally accessing a protected computer. The man quit his job in 2006 and brought a laptop to Iran containing training software with design schematics and other plant details. (See item 5)

• The Telegraph reports that CDC researchers have discovered a strain of the bird flu that appears to be moving towards developing traits that make human transmission more possible. The virus shows “the same strong sugar binding properties” that have characterized previous pandemics (See item 27)

Banking and Finance Sector

10. May 28, Boston Globe – (Massachusetts) Secretary of State issues scam warning. The Massachusetts Secretary of State is warning consumers about a scam that offers the promise of winning a $250,000 sweepstakes but seems to be a scheme to obtain personal financial information. The official indicated that he was prompted to issue the warning following reports to the Securities Division of his office by people who said they have received letters with a $4,620 check in them with instructions to call a “service tax” agent and provide financial information. The check, which is supposed to be used to pay a “non-resident government service tax,” appears to be “fake,” the secretary’s office said. The current version of the scam claims to come from Newfoundland, and it announces a “compensation draw” for the “Sweepstakes Association of North America,” the official’s office said. “Unsolicited notices like this should always raise an immediate red flag” he said in a statement. Source: http://www.boston.com/business/ticker/2008/05/galvin_issues_s_3.html

Information Technology

34. May 28, Silicon Republic – (International) ‘Digital 9/11’ unless EU network security heightened. Europe is in danger of experiencing a ‘digital 9/11’ if problems in national security approaches are not addressed, a European IT security organization has warned. ENISA, the EU Agency for European Network and Information Security, outlined some of the dangers posed by cyber attacks, spam and social networking misuse in its summary of its General Report 2007. The agency said EU member states have a long way to go to safeguard the European digital economy. It said that while spam cost business €64.5bn in 2007, double the figure for 2005, the fact that only 6 percent of spam reaches mailboxes gives the false impression that the problem is under control. However, ENISA noted that spam is growing in quantity, size and bandwidth and remains a costly problem, with the unseen 94 percent being an invisible part of the ‘iceberg.’ “Europe must take security threats more seriously and invest more resources in network and information security,” said the executive director at ENISA. “ENISA calls for the EU to introduce mandatory reporting on security breaches and incidents for business, just as the US has already done.” “The member states should undertake concerted efforts to reduce the imbalances in security levels, through more cross-border co-operation. ENISA is confident that the need for secure networks to safeguard the European economy is a distinct driving force for member states to co-operate more closely,” he added. Source: http://www.siliconrepublic.com/news/news.nv?storyid=single11127

35. May 27, IDG News Service – (National) New Adobe flaw being used in attacks, says Symantec. An unpatched bug in Adobe Systems’ Flash Player software is being exploited by online criminals, Symantec reported Monday. Few details on the bug are available, but the flaw lies in the latest version of the Adobe Flash Player browser plugin, which is widely used by Internet surfers to view animated Web pages. The flaw affects both the recently released Flash Player version 9.0.124 .0 and version 9.0.115.0, according to an advisory posted Monday to Symantec’s Security Focus Web site. The flaw lets attackers run unauthorized software on the PC, and if the attack fails for some reason it will likely crash the browser, Security Focus said. Symantec is not aware of any vendor-supplied patches for the flaw, the advisory states. Flash bugs have lately been a favorite of attackers. Adobe last month patched seven bugs in Flash Player, including the one that allowed a hacker to win a laptop and US$5,000 for hacking into a Windows Vista machine in a March contest at the CanSecWest security conference. In January, Adobe and other Web-development-tool vendors had to fix bugs in their development tools that created buggy Shockwave Flash (.swf) files that could be exploited in a cross-site scripting attack. This attack can be used by phishers, but it also gives the bad guys a nearly undetectable route into a victim’s bank account or almost any type of Web service. Source: http://www.networkworld.com/news/2008/052708-new-adobe-flaw-being-used.html

36. May 27, Security Focus – (International) Microsoft: Kraken nearly Storm’s size. While researchers have disagreed as to the size and importance of the Kraken botnet, the malicious software has compromised roughly the same number of computers as a more famous bot program, Storm, Microsoft’s security response team stated last week in a blog post. Early data from Microsoft’s Malicious Software Removal Tool indicates that the Kraken botnet, which the company refers to as Oderoor, reached about 80 percent of the size of the Storm botnet, the team stated. In the first week following the inclusion of Kraken into its Malicious Software Removal Tool, Microsoft detected nearly 464,000 instances of the program and cleaned 254,000 machines. For the Storm Worm, which Microsoft refers to as Nuwar, the company detected 537,000 copies and deleted the program from nearly 320,000 machines in its first week. Source: http://www.securityfocus.com/brief/743?ref=rss

Communications Sector

37. May 27, Computerworld Singapore – (International) IT managers daunted by mobile device security. IT managers are reluctant to take on the responsibility of managing the mobile devices that employees are increasingly using and integrating with enterprise applications, according to a new report by Datamonitor in London. The report “Enterprise Mobility: Trend Analysis to 2012” also predicts global enterprise expenditures on mobile devices. According to the study, mobile devices will grow from $6 billion today to an estimated $17 billion by 2012. The report highlights that this kind of growth underlines the need for IT managers to begin to implement mobile device policies. “Enterprises are fighting a losing battle against employees when it comes to mobile devices, and they should consider supporting a limited selection of devices rather than banning them outright,” said an analyst at Datamonitor and the report’s author. Security concerns are the largest barrier to mobility deployments, according to the author. In March 2007, Datamonitor conducted a survey of 467 IT managers, CIOs and IT decision-makers to establish issues that are currently preventing enterprises from investing in mobility products. It found that the majority of the respondents rated security as the greatest barrier to adopting those products. According to the study, as mobile devices like the iPhone are increasingly becoming popular among end users, enterprises are finding that employees want to be able to integrate their personal devices with their corporate e-mail account and other applications. They do not want one device for personal use and an IT-issued device for work. However, according to the report, so far very few IT departments have yielded to these changing scenarios and are refusing to be responsible for managing such a wide variety of mobile devices. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9089539&source=rss_topic15