Thursday, May 14, 2009

Complete DHS Daily Report for May 14, 2009

Daily Report

Top Stories

 According to the Associated Press, five contract workers at Total’s refinery in Port Arthur, Texas had to be transported to a hospital Tuesday after getting sick for undetermined reasons. (See item 1)

1. May 12, Associated Press – (Texas) At least 5 workers sicken at Port Arthur refinery. Five contract workers at a Port Arthur refinery had to be transported to a hospital after getting sick for undetermined reasons. Officials are trying to figure out the source of the problem May 12 at the Total Port Arthur Refinery. A plant spokeswoman initially said three workers were transported, for treatment of shortness of breath. She later confirmed five employees had been transported. All were treated and released. She says an investigative team was inspecting the plant. A statement late on May 12 from the refinery said no elevated levels were detected and a formal internal review will be done. Source:

 WLUK 11 Greenbay reports that nearly 1.2 million gallons of raw liquefied sewage flowed freely into Baird Creek in Green Bay, Wisconsin when a clog diverted the normal flow to the wastewater treatment plant. An assistant city engineer says the problem was identified on May 8. (See item 24)

24. May 12, WLUK 11 Greenbay – (Wisconsin) Raw sewage leaks into Baird Creek. Raw liquefied sewage, mixed with other waste washed down the drain, flowed freely into Baird Creek in Green Bay when a clog diverted the normal flow to the wastewater treatment plant. City engineers estimate nearly 1.2 million gallons of sanitary sewer liquid ended up in Green Bay. An assistant city engineer admits the problem may only have been identified a week ago on May 8, but actually leaking at lower levels for some time. The city determined the clog was due to a grease build up in a key 10-inch pipe. The city is investigating where all the grease in the system is coming from. They will be checking with area restaurants and businesses, including a cheese factory and meat packaging plant. Source:


Banking and Finance Sector

10. May 13, AirTight Networks – (International) Airtight study of financial districts’ airspace reveals Wi-Fi security risks. There appears to be a very high incidence of wireless vulnerabilities and poor wireless security practices in the financial districts of seven cities, according to the results of a survey released on May 13 by AirTight Networks. AirTight issued the findings of its Financial Districts Scanning Report for wireless security vulnerabilities in the financial districts of New York, Chicago, Boston, Wilmington (DE), Philadelphia, San Francisco, and London. The key findings demonstrate a pattern of careless use of Wi-Fi access points and lack of knowledge about the vulnerabilities wireless can introduce into a business environment and how to protect corporate data. The airspace in these financial districts is dominated by open or poorly encrypted (WEP) wireless access points (APs). Many of these APs were using ineffective security practices such as hiding the SSID, and personally identifiable information was leaking out. “In light of some rather spectacular data breaches involving financial information in recent years, both wired and wireless, in financial districts we expected to find well protected and configured networks, open or guest access isolated from corporate networks and strict enforcement of Wi-Fi security policies,” said the CTO of AirTight. “What we found instead should give pause to security administrators working in industries with highly sensitive information such as financial services.” AirTight wireless security researchers doing “war walks” took five minute scans at randomly selected locations in the financial districts of the seven cities from February through April 2009. Overall, the signal from more than 2000 Wi-Fi access points was sampled. The scans were typically collected near the buildings where financial institutions were housed, including banks and stock exchanges. Source:

11. May 12, American Chronicle (National) Enzi - Senate increases FDIC limit. Following several days of debate, the U.S. senate passed a bill that will help community banks by extending a higher Federal Deposit Insurance Corporation (FDIC) limit, according to a U.S. Senator. The Senate passed the bill, S. 896, by a vote of 91-5. The bill extends the FDIC’s deposit insurance limit of $250,000 for the next four years. Previously, the insurance limit was $100,000. The Senator worked to get a mortgage modification provision commonly known as ‘cramdown’ out of the final bill. The cramdown measure would have granted bankruptcy judges the ability to modify mortgage terms during bankruptcy proceedings and decrease the amount of principle owed. The bill will now go to a conference committee where differences between the Senate and House versions will be worked out. Source:

12. May 12, Reuters (National) U.S. FDIC seeking quick, narrow resolution authority. The Federal Deposit Insurance Corp. is talking with lawmakers about speedy legislation that could give it the power to wind down troubled bank holding companies, but not a broader range of financial firms, according to a source familiar with agency plans. The Federal Reserve and U.S. Treasury Department have some disagreement with the FDIC about exactly what new powers the agency should gain, the source said, speaking anonymously because the meetings have been private. The FDIC has been meeting with lawmakers’ staff in recent days about so-called ‘resolution authority.’ The FDIC currently has the power to resolve failed banks, but not bank holding companies. The Treasury in March drafted a legislative proposal that names the FDIC as the resolution authority for a broad range of financial firms, but some members of the administration and bank industry groups have opposed such a plan, saying the FDIC is not properly equipped for such a large task. Source:

Information Technology

32. May 13, Afilias – (International) New report shows .INFO domain safest from phishing attacks. Afilias, a global provider of Internet infrastructure services, announced on May 13 that a new Global Phishing Survey released by the Anti-Phishing Work Group (APWG) reveals that the .INFO domain is the generic top-level Internet domain (gTLD) safest from phishing attacks. The results of the Survey show that, during the second half of 2008, .INFO had the lowest phishing rates and the lowest average attack duration among the gTLDs measured. .INFO’s phishing durations were half the world average. “The .INFO registry is at the forefront of protecting Internet users from online identity theft across the world,” said the Director of Key Account Management and Domain Security at Afilias, and a co-author of the study. “In January 2008, Afilias implemented a vigorous anti-phishing program working closely with .INFO registrars. We are pleased that the hard work of the .INFO anti-phishing team and dedicated registrars have propelled .INFO to the top spot for safety from phishing.” The Global Phishing Survey analyzes the APWG phishing attack repository and other data sources comprising a comprehensive archive of phishing activity. It reports 56,959 phishing attacks worldwide in the second half of 2008, hosted on 30,454 unique domain names. Phishing took place on domain names in 170 top-level domains (TLDs). According to the report, a phishing rate is a standard measure of the number of detected phishing Web sites for every 10,000 domains registered, and indicates the prevalence of phishing in a top-level domain. Attack duration measures the amount of time a phishing Web site remains online, the longer one stays online, the more unsuspecting users may fall victim to the criminals. Source:

33. May 13, Mac Observer – (International) Apple releases Safari 3.2.3, beta 4 security updates. Apple released Safari 3.2.3 and a new public beta of Safari 4 late on May 12. The updates provide several security fixes for both versions of Apple’s Web browser application. The updates address issues where an attacker could potentially cause Safari to crash or execute arbitrary code when a user visits a maliciously crafted Web site. The updates also patch security-related issues when loading maliciously crafted URL feeds, and correct a memory corruption issue in WebKit that could lead to arbitrary code execution when visiting maliciously crafted Web sites. Safari 3.2.3 and the Safari 4 beta updates are available via Apple’s Software update application. Mac OS X 10.5.7 must be installed before the Safari beta 4 update will be available. Source:

34. May 12, TMCnet – (International) Eyeing home network security, D-Link brings CAPTCHA to routers. At about 76 percent of all phishing attacks, software represents the largest doorway that cybercriminals such as hackers use to enter computer users’ systems and steal confidential information, IT security experts say. One Cupertino, California-based security, storage and systems management solutions provider, Symantec Corp., recently reported that it is seeing malicious code grow at a record pace. In recent weeks, more and more home and small office computers have seen their networks compromised by Internet security attacks that gain traction through the devices that many use to make users’ home-surfing lives more portable: routers. In an effort to try and preempt the attacks, one Fountain Valley, California-based company recently launched a new system that prevents malicious software by detecting whether responses are generated by humans or computers. Officials at D-Link say their so-called “CAPTCHA” system, short for “Completely Automated Public Turing test to tell Computers and Humans Apart,” helps identify and root out actions caused by worms, viruses and Trojan horses. A common type of CAPTCHA requires the user to type letters or numbers from a distorted image that appears on the screen. “These malicious software invasions, in which users unknowingly download a Trojan horse when performing common tasks, invade the router to detect wireless capabilities, then alter the victim’s domain name system records so that all future traffic is diverted through the attackers’ network first,” company officials say. “The integration of CAPTCHA into home routers is a natural extension of this security technology and should cut down on the infiltration of malicious software, spyware and Trojans into home networks,” the TMC president said. Source:

35. May 12, Computerworld – (International) Microsoft delivers mega PowerPoint patch. As expected, Microsoft on May 12 patched a six week-old critical vulnerability in PowerPoint, the presentation maker that is part of the popular Office suite, using a single security update. But that one update patched 14 separate vulnerabilities, 11 of which were rated “critical,” Microsoft highest threat ranking. Also, while Microsoft patched all still-supported Windows editions of Office, including Office 2000, Office XP, Office 2003 and Office 2007, it was not able to complete fixes for the three vulnerabilities that also affect Office 2004 and Office 2008 on Macs. Fixes for those editions were not ready, the company said. This is the first time that Microsoft has issued patches, but not plugged holes in every affected version, a fact the company itself acknowledged. “We normally do not update one supported platform before another, but given this situation of a package available for an entire product line that protects the vast majority of customers at risk within the predictable release cycle, we made a decision to go early with the Windows packages,” said an engineer with the Microsoft Security Response Center, in a post to a company blog. “None of the [PowerPoint] exploit samples we have analyzed will reliably exploit the Mac version, so we did not want to hold the Windows security update while we wait for Mac packages,” added the engineer. Source:

Communications Sector

36. May 13, Cellular-News – (National) Verizon sells landline assets for $8.6 billion. Verizon Communications has announced plans to sell its landline operations in predominantly rural areas in 14 states to Frontier Communications in an all-stock deal worth $8.6 billion. The operations Frontier will acquire include all of Verizon’s local wireline operating territories in Arizona, Idaho, Illinois, Indiana, Michigan, Nevada, North Carolina, Ohio, Oregon, South Carolina, Washington, West Virginia, and Wisconsin. In addition, the transaction will include a small number of Verizon’s exchanges in California, including those bordering Arizona, Nevada, and Oregon. As of year-end 2008, these operations served approximately 4.8 million local access lines; 2.2 million long-distance customers; 1.0 million high-speed data customers, including approximately 110,000 FiOS Internet customers; and 69,000 FiOS TV customers. Source: