Monday, June 9, 2008

Daily Report

• According to CBS News, the Chairman of the House Transportation Committee is raising questions about a Federal Aviation Administration investigation into Airtech International. The company has allegedly sold sub-standard materials to virtually every aircraft manufacturer in the world. (See item 20)

• Washington Times reports that the U.S. administration has approved the export of sensitive equipment and expertise to China’s military and police forces to bolster security at the Beijing Olympics. The FBI and other U.S. security agencies also are helping China to develop sensitive counterterrorism coordination techniques. (See item 37)

Banking and Finance Sector

15. June 6, Times Online – (National) UBS may divulge client names in US tax inquiry. UBS is considering whether to reveal the names of up to 20,000 wealthy American clients as U.S. authorities step up their investigation of alleged tax irregularities at the Swiss wealth manager, according to reports. US investigators believe private bankers at UBS may have helped U.S. clients hide as much as $20 billion in offshore accounts to avoid paying tax, the New York Times reports, citing people close to the inquiry. The U.S. believes the alleged scam may have cost up to $300 million in lost taxes, according to a Government official. A spokesman for UBS declined to comment on the report and said the bank’s position on the U.S. investigation had not changed. The Securities and Exchange Commission, the U.S. financial regulator, is conducting a separate investigation into UBS’ work for U.S. clients. Source: http://business.timesonline.co.uk/tol/business/law/article4078910.ece

16. June 6, Canadian Press – (International) Bank fraud linked to terrorist plans: tape. The alleged ringleader of a Toronto-based terrorist cell sought advice on an elaborate bank fraud scheme to fund attacks on Canadian soil so devastating that the country would “never recover again,” wiretap evidence played in court yesterday suggests. The wiretaps were played during the trial of the remaining youth suspect. During the same March 2006 conversation, another man who is not one of the suspects tells the police informant and two of the accused about a bank fraud scheme. Using fake ID, a blond Caucasian woman is sent into a bank to arrange a loan, the man says, adding she hands the check off to a man who cashes it at a check-cashing outlet to avoid bank scrutiny. Source: http://www.edmontonsun.com/News/Canada/2008/06/06/5789741-sun.html

Information Technology

32. June 6, vnunet.com – (National) Ransomware virus uses 1,024-bit key. Security specialists are warning of a new virus that encrypts data on infected machines and demands money for the decryption key. ‘Gpcode’ is thought to access PCs via unpatched browsers. Once active it encodes most of the data on the computer, including .doc, .txt, .pdf, .xls, .jpg and .png files, with a 1,024-bit key. Once all the files have been encrypted a ReadMe file is left on the machine giving an email address to send money in order to get the decryption key. The malware is a revision of a previous virus, thought to be from the same author, which appeared two years ago but only used a 660-bit key. “Virus researchers have been able to crack keys up to 660 bits,” said a researcher at Kaspersky Labs. “This was the result of a detailed analysis of the RSA algorithm implementation. If the encryption algorithm is implemented correctly, it could take one PC with a 2.2GHz processor around 30 years to crack a 660-bit key.” The company has urged users struck by the virus not to reboot or shut down the infected machine. Instead they should get in contact immediately with the last few websites they visited to determine what, if any, programs were running. Source: http://www.vnunet.com/vnunet/news/2218478/alert-issued-blackmail-virus

33. June 5, Asia News International – (National) New strategy may protect computer networks from most virulent computer worms. Researchers at Ohio State University have come up with a way to protect computer networks from Internet worms similar to Code Red, which scans the web randomly looking in search for vulnerable hosts to infect. “These worms spread very quickly. They flood the Net with junk traffic, and at their most benign, they overload computer networks and shut them down,” said an Ohio Eminent Scholar in Networking and Communications, whose team described the new strategy in IEEE Transactions on Dependable and Secure Computing. He highlighted how Code Red blocked network traffic to important physical facilities like subway stations and 911 call centers in 2001, and caused 2.6 billion dollars in lost productivity to businesses worldwide. “Code Red infected more than 350,000 machines in less than 14 hours. We wanted to find a way to catch infections in their earliest stages, before they get that far,” he said. He revealed that his strategy relied on software that had been designed to monitor the number of scans sent out by machines on a network, saying that sending out too many scans by a machine would be a sign that it had been infected, and that administrators should take such a machine off line and check it for viruses. He said that the simulations pitted against the Code Red Worm allowed them to prevent the spread of the infection to less than 150 hosts on the whole Internet, 95 percent of the time. He further said that the strategy was also effective in containing a variant of Code Red worm (Code Red II), which scans the local network more efficiently and finds vulnerable targets much faster. Source: http://www.thecheers.org/news/Science/news_26471_New-strategy-may-protect-computer-networks-from-most-virulent-computer-worms.html

34. June 5, Computerworld – (National) Microsoft slates seven fixes for next week. Microsoft Corp. Thursday set its June patch list, saying it would issue seven security updates, three of them “critical,” to patch Windows components such as Bluetooth, DirectX and Internet Explorer (IE). It also looks like Microsoft will disable a vulnerable third-party program, said the director of security operations at nCircle Network Security Inc. “Maybe this is a new trend by Microsoft, issuing kill bit updates to mitigate risks,” he said, referring to one of the seven updates. “Kill bit” is the term Microsoft coins to describe setting a flag in the Windows registry that disables a specific ActiveX control; the company regularly advises users to set the kill bit in lieu of a formal patch for a control that contains a bug. In April, Microsoft issued a kill bit update for an ActiveX control distributed by Yahoo Inc. for its Yahoo Music Jukebox. At the time, Microsoft said it would lock down other vendors’ software at their request by releasing fixes through Windows Update. The seven security updates will be posted Tuesday, June 10, around 1 p.m. EDT. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=operating_systems&articleId=9093958&taxonomyId=89&intsrc=kc_top

Communications Sector

35. June 6, Arizona Republic – (National; Arizona) Merger won’t affect phone customers yet. Arizona customers of Verizon Wireless and Alltel Corp. should not expect any immediate changes to call plans or service as a result of the $5.9 billion merger. That may change when the wireless carriers begin the laborious process of combining operations when the deal closes at the end of the year. The combined company would be the nation’s largest wireless carrier with about 80 million customers, surpassing AT&T, which has about 71 million customers. Source: http://www.azcentral.com/arizonarepublic/business/articles/0606biz-verizon0606.html

36. June 5, Secunia – (National) Skype file URI code execution vulnerability. A vulnerability has been reported in Skype, the popular Voice of Internet Protocol (VoIP) provider, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error in the handling of “file:” URIs, which can be exploited to bypass the security warning for blacklisted file extensions e.g. via a “file:” URI containing upper case characters in the file extension. Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into clicking on a specially crafted “file:” URI. The vulnerability is reported in version 3.8.*.115 and prior. Source: http://secunia.com/advisories/30547/