Department of Homeland Security Daily Open Source Infrastructure Report

Friday, July 30, 2010

Complete DHS Daily Report for July 30, 2010

Daily Report

Top Stories

• Fire destroyed a chemical plant in Northeast Clarke County Georgia early July 28, sending plumes of toxic smoke into the air and chemicals into a nearby creek, according to the Athens Banner-Herald. (See item 6)

6. July 29, Athens Banner-Herald – (Georgia) Fire destroys chemical plant. Fire destroyed a chemical plant in Northeast Clarke County Georgia early July 28, sending plumes of toxic smoke into the air and chemicals into a nearby creek. The fire at J&J Chemical Co. began about midnight and burned through most of the day. After battling the blaze for several hours, Athens-Clarke fire crews withdrew from the building because of the intense heat and toxic fumes and waited for the fire to burn itself out. Fire investigators planned to begin searching for a cause July 29, after the remains of the chemical plant have cooled down. J&J Chemical manufactures restroom deodorizers, graffiti remover and other products that contain toxic chemicals. The company’s 30,000-square-foot Athens plant was destroyed. No one was in the building when the fire began, and no firefighters were hurt battling the blaze. Authorities were concerned the fire might pose a public health risk as it consumed untold gallons of glutaraldehyde — a toxin that can irritate eyes, nose, throat and lungs, along with causing headaches, drowsiness and dizziness. People at Athens Technical College and nearby businesses were cautioned to stay inside, and authorities evacuated employees of McAnn Aerospace Machining Corp., located next to the chemical plant. But hazardous materials response teams from Athens-Clarke County and the University of Georgia tested the air within a half-mile radius of the chemical plant and determined the levels of toxins were within safe limits. Blue dye from the plant did make its way to a nearby creek, and officials with the state environmental protection division will assess the damage and monitor cleanup work. Source:

• Homeland Security Today reports that based on intelligence indicating that Al Qaeda and associated movements continue to express interest in attacking U.S. mass transit systems, the Government Accountability Office (GAO) has issued a redacted version of a classified report on “explosives detection technologies [that] are available or in development that could help secure passenger rail systems.” (See item 22)

22. July 29, Homeland Security Today – (National) Passenger rail systems vulnerable, GAO study says. Based on intelligence indicating that Al Qaeda and associated movements continue to express interest in attacking U.S. mass transit systems, the Government Accountability Office (GAO) has issued a redacted version of a classified report on “explosives detection technologies [that] are available or in development that could help secure passenger rail systems.” However, GAO noted that “while these technologies show promise in certain environments, their potential limitations in the rail environment need to be considered and their use tailored to individual rail systems.” In its report, Explosives Detection Technologies to Protect Passenger Rail, GAO did not make any specific recommendations, but it did raise “various policy considerations.” The report pointed to the fact that the TSA and passenger rail operators share the responsibility for security, which is said could complicate decisions. In addition, the GAO recommended the use of risk-management principles to guide decision-making related to technology and resource allocation. Source:


Banking and Finance Sector

15. July 29, Daniweb – (International) Black Hat conference demonstration reveals ATM security risk. At the Black Hat conference in Las Vegas, IOActive’s director of security research gave a demonstration of how he learned to crack the security of various stand alone ATMs after coming across several errors and security weaknesses in their [software] coding, allowing him to gain full access to the machines’ safes. He wrote multiple programs to exploit some of the machines’ weaknesses including one that allows him to gain remote entry without the need of a password, which he calls Dillinger, and a second program, Scrooge, that relies on a back-door entry with the ability to conceal itself from the machine’s main operating system. In the case of Triton’s ATMs, the researcher found the motherboard of the machine was sorely lacking in physical security, and once he had gained access to it, he was easily able to use a similar back-door technique then simply trick the machine into thinking that the hack was actually a legitimate update. So far, the researcher has attempted to hack four different ATMs and, as he demonstrated at the conference, he has found that the same “game over vulnerability” has enabled him to crack every one of them. Source:

16. July 29, Consumer Affairs – (National) Electronic payments association warns of new phishing scam. The Electronic Payments Association said it has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from National Automated Clearing House Association (NACHA). The subject line of the e-mail states: “Unauthorized ACH Transaction.” The e-mail includes a link that redirects the individual to a fake Web page and contains a link that is almost certainly an executable virus with malware. NACHA said it does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. It also does not send communications to individuals or organizations about individual ACH transactions that they originate or receive. Source:

17. July 29, Green Bay Press-Gazette – (Wisconsin) Green Bay police warn of credit card scam. Several residents in Green Bay, Wisconsin, have reported a caller asking for credit card information because a bank account is overdrawn, is suspended due to security measures or to activate an account. Green Bay police are reminding residents not to give out personal information over the phone after a recent credit-card scam. Residents should call the police or a banking institution if they receive one of these calls. Source:

18. July 29, The Age – (International) ATM skimmers fleece millions from Melbourne bank customers. Police have released images of five men believed to linked to an international ATM skimming scam that has fleeced millions of dollars from Melbourne, Australia, bank customers this year. At least 28 machines around Melbourne have been compromised since March in an elaborate scheme believed to have links to Eastern European crime gangs. The crime syndicate is one of two that are preying on Melburnians and stealing their card details and cash. In a separate scam, Melbourne shop workers are being offered upwards of $40,000 to let scammers tamper with their Eftpos machines, enabling them to steal the PINs and card details of shoppers. The devices, including a card reader and a pinhole camera, had been placed on ATMs outside banks and on stand-alone machines with a high turnover of customers, including at large shopping centers. All banks were being targeted. Source:

19. July 28, KMGH 7 Denver – (Colorado) More than 12 stations hit by gas pump skimmers. Thieves have placed credit-card skimming devices in the housing of gas pumps at 12 stations in Colorado. Federal authorities are tight-lipped about the investigation, so it is up to station owners and customers to take steps to protect sensitive information. However, a representative from the Colorado Wyoming Petroleum Marketers Association said: “The gasoline industry has just finished a nationwide system upgrade that [only] secures customer information on the back end,” so that once the credit card information is processed at the pump, it is triple encoded and cannot be stored at the station itself. He added that the only remaining access point for people who want to compromise this information is at the beginning of the transaction at the pump. The petroleum industry representative recommends paying with cash, or taking a credit card to the station’s attendant inside. Source:

Information Technology

38. July 29, – (International) 100 million Facebook accounts exposed. The details of 100 million Facebook users have been posted online by a security analyst, in a stark demonstration of the potential privacy weaknesses of social networks. In a detailed blog post, an analyst from Skull Security explained that he used a simple piece of code to perform the scrape, which took any data not already locked down within personal privacy settings. However, as of the morning of July 29, his Web site and the blog post were unavailable. The list of users has been shared on peer-to-peer site The Pirate Bay, and included in the packaged files are names and Facebook URLs. Facebook explained that the information that was taken had already been made public by users. However, the firm is investigating whether the collection of information in this way was a violation of its terms and conditions. A senior technology consultant at security firm Sophos concurred with Facebook’s stance, explaining that it was enabled by lax user controls. He said he hoped the incident would prompt social network users to harden their security settings. Source:

39. July 29, IDG News Service – (International) Verizon: Data breaches often caused by configuration errors. Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon. Verizon said it found that a surprising and “even shocking” trend is continuing: There are fewer attacks that focus on software vulnerabilities than attacks that focus on configuration weaknesses or sloppy coding of an application. In 2009, there was not a “single confirmed intrusion that exploited a patchable vulnerability,” the report said. The finding has caused Verizon to question whether patching regimes — while important — need to be done more efficiently given the trend in how attacks are occurring. In other findings, some 97 percent of the malicious software found to have stolen data in 2009 was customized in some way. Source:

40. July 29, Compterworld – (International) Microsoft’s bug reports fail to produce prompt patches. According to data released July 28 by Microsoft, third-party developers patched just 45 percent of the vulnerabilities that Microsoft’s security team reported to them during the 12 months from July 2009 to June 2010. The newest number, however, was more than triple that during the year-long stretch through June 2009, when developers patched 13 percent of the bugs Microsoft reported. The data came from a progress report issued by the Microsoft Vulnerability Research, or MSVR. Microsoft tried to explain the sluggish patching pace of its MSVR partners. “Most vulnerabilities identified ... since July 2009 have not yet been resolved,” the progress report admitted. “This is not entirely surprising — in most cases the vulnerabilities ... have been low-level architecture issues that are not easy to resolve, and vendors require considerable time to develop an effective resolution and test it thoroughly.” The pattern was repeated in a July 2009 episode that Microsoft touted as a good example of the MSVR program at work. Source:

41. July 29, Compterworld – (International) Malware openly available in China, researchers say. China’s rapid emergence as a hotspot for criminal hacking activities is enabled by the open and unfettered availability of sophisticated hacking tools, according to security researchers attending the Black Hat conference July 28. Many of the hacking tools are inexpensive, highly customizable, and easy to use. Most of the early users of the malware products have sought to steal from online gaming accounts inside China. But now experts are seeing much broader use of such tools. Hackers in China are developing malicious software “almost like a commercial product,” said the founder of Attack Research, a Los Alamos, New Mexico-based security firm. The products come complete with version numbers, product advertising, end-user license agreements, and 24-hour support services, he said. Source:

42. July 29, SC Magazine UK – (International) Apple issues patch for Safari, as details of AutoFill vulnerability will be demonstrated today at the Black Hat conference. Apple has issued a fix for its Safari browser ahead of a demonstration of a vulnerability at the Black Hat conference. The founder and CTO of WhiteHat Security will present the vulnerability at the conference in Las Vegas July 29. According to Kaspersky’s Threat Post Web site, the major update to Safari includes a number of security fixes, most importantly a patch for the AutoFill vulnerability, which was recently disclosed by the CTO. Safari 5.0, which was released July 28 by Apple, gives users protection against several flaws, including the AutoFill weakness, which enabled attackers to harvest a user’s personal information from the browser. The new version of Safari also fixes 14 vulnerabilities in WebKit. The director of operations at nCircle said: “With or without the Black Hat related hype, this release contains enough critical bugs to warrant quick installation.” Source:

43. July 29, Help Net Security – (International) Trojan masquerades as iPhone jailbreaking software. An e-mail campaigned targeting iPhone users who might want to jailbreak their device has been detected by BitDefender. Only a few days after U.S. federal regulators decided and announced that the practice was not illegal, cybercriminals have seized the opportunity to infect more systems, and the e-mail started hitting inboxes all over the world. Clicking on the offered link will initiate a download of the iphone3gs-3g.exe file, which is actually a generic keylogger Trojan that records and sends everything the victim writes on the computer to a specific e-mail address. Source:

44. July 28, Softpedia – (International) Scareware scheme abuses Firefox ‘What’s New’ page. Security researchers warn that a new scareware distribution campaign is using a fake copy of the “Firefox Updated” page to trick users into installing a rogue antivirus program. The problem occurs because Firefox 3.5.3, Mozilla also checks if Flash Player is up-to-date when the browser is upgraded. If an old version of the plug-in is detected, a warning message encouraging users to install the latest variant, is displayed on the “whatsnew” page. This is the page that automatically opens on first run after a successful Firefox update. According to F-Secure, scammers are now looking to capitalize on the trust users instinctively place in Mozilla by creating rogue copies of the “whatsnew” page. The rogue pages appear to have been created using the “Firefox Updated” site template for Firefox 3.6.7. The regular Flash Player update warning message is displayed, but users do not even have to click the contained link, as a file called ff-update.exe is served for download automatically. This executable is the installer for a fake antivirus called SecurityTool. Source:

45. July 27, Softpedia – (International) LNK vulnerability exploited by more families of malware. Antivirus companies are warning that virus writers are slowly adopting the exploit targeting the currently unpatched Windows LNK vulnerability in their creations. New families of malware to leverage this flaw in order to propagate and infect systems are Chmine, Vobfus, Sality, and ZeuS. The new Windows shortcut-processing bug allows attackers to execute potentially malicious code by tricking users into simply opening a folder containing malformed LNK files. Given the flaw’s broad attack surface, security researchers and antivirus vendors predicted that it will not be long until malware writers integrate the exploit into the threats they develop — and they were right. ESET reported July 22 that a new keylogger Chymine is exploiting the LNK flaw to infect computers. Just a day later, Microsoft announced that another malware family called Vobfus is now leveraging the LNK vulnerability to execute automatically. Now, Trend Micro and F-Secure both warn that hackers behind Sality, a family of file infectors, have adopted the LNK exploit and are using it to spread a variant of the notorious polymorphic viruses. ZeuS, otherwise known as Zbot, usually spreads through e-mail spam and this latest variant is not different in that respect. Source:

Communications Sector

46. July 29, Associated Press – (International) Al-Qaida-linked group claims TV bombing in Baghdad. An al-Qaida-linked group claimed responsibility July 29 for a bombing earlier this week targeting the Baghdad offices of a pan-Arab television station, describing the deadly attack that killed six people as a victory against a “corrupt channel.” A statement posted on the Web site of the Islamic State of Iraq said the operation was carried out by a “hero of Islam” and was intended to hit the “mouthpieces of the wicked and evil.” The Arabic-language news channel Al-Arabiya is one of the most popular in the Middle East, but is perceived by insurgents as being pro-Western. A suicide bomber driving a minibus July 26 drove through at least two checkpoints before pulling up to the front of the station’s Baghdad office and blowing himself and his vehicle up. The massive blast blew out windows in the two-story Al-Arabiya building and left much of the interior in shambles, with doors hanging off their frames. None of the dead were employees of the network. Source:

47. July 29, DeKalb Daily Chronicle – (Illinois) Frontier Communications takes over local phone service. Flooding that caused about 80 households in DeKalb, Illinois, to lose telephone service the week of July 26 came right after landline service provider Frontier Communications took over local phone service from Verizon on July 1. The service outage was caused by standing water on underground copper cable, Frontier’s general manager said. Since Frontier just inherited the lines about four weeks ago, it could not have prevented the outage, but crews have been working around the clock since July 26 in an effort to repair the problem. As of July 28, there was no estimate on when customers could expect service to be restored. The $5.3 billion deal inked July 1 transferred phone lines in 14 states, including Illinois, from Verizon to Frontier. With more than 4 million customers in 27 states, Frontier is now the nation’s largest rural phone service provider. The company has taken over all of Verizon’s landline services in the area, including local and long-distance phone, high-speed Internet and television. Verizon Wireless customers are not affected. Source:

48. July 29, Eureka Times-Standard – (California) Trinidad, Westhaven land lines busy to outside calls. The city of Trinidad, California, made two incident reports to AT&T Inc. July 28 regarding residents’ inability to call out of the area on telephone lines. For the last two days, Trinidad and Westhaven residents have received busy signals when dialing numbers that do not have a 677 prefix. If people from outside the area try to call a 677 number, they also receive a busy signal. While the city submitted one report July 27 and two reports July 28, the city manager said July 28 that the phone company has not been in contact with the city, and he does not know when the problem will be fixed. A spokeswoman for AT&T, did not say when the outage would be fixed. While city employees have had verbal confirmation from residents around town, the lack of land line access to the rest of the community seems to have gone unnoticed by most residents since most people use their cell phones. Internet service, which sometimes requires a land line, is also unaffected. Source:

49. July 29, Southwest Times Record – (Oklahoma) Cut line knocks out LeFlore phones. A cut to a fiber-optic cable July 28 caused outages to landline phones, cell phones and data usage such as credit-card transactions in LeFlore County Oklahoma, according to a spokesperson for AT&T. The 911 system also went down, but was rerouted to Haskell County, where employees communicated with LeFlore County by radio, the Pocola Emergency Management director said. Several businesses in LeFlore County had to close because they could not provide transactions with debit and credit cards. The cut was caused by a third party in the Spiro area, and crews were addressing the problem most of the day, a spokesman for AT&T said. It was unclear how many customers were affected because three other phones companies lease space on AT&T’s fiber-optic cable. Emergency personnel could not use their numeric pagers to notify fire and emergency personnel of emergencies because they were down as well. The line was repaired by 6 p.m. July 28. Source:

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, July 29, 2010

Complete DHS Daily Report for July 29, 2010

Daily Report

Top Stories

• A report to Wisconsin environmental officials said more than 2 billion gallons of untreated sewage and stormwater were dumped into Lake Michigan and Milwaukee area rivers during the recent storms, according to The Associated Press. (See item 37)

37. July 28, Associated Press – (Wisconsin; Michigan) 2 billion gallons of sewage dumped in Wis. storm. A report to Wisconsin environmental officials said more than 2 billion gallons of untreated sewage and stormwater were dumped into Lake Michigan and Milwaukee area rivers during the recent storms. The Milwaukee Metropolitan Sewerage District’s report to the state department of natural resources said that the amount is more than four times the capacity of its deep tunnel storage system. The release into area waterways still wasn’t enough to prevent sewers from backing up into thousands of homes, in addition to property damage caused by above ground flooding. The Journal Sentinel reports area sewage treatment plants handled more than 3.2 million gallons of wastewater from the July 22 storm. Source:

• CNN reports that Kern County, California was under a state of emergency July 28 as a result of spreading wildfires that have destroyed 25 homes, caused more than 2,300 people to evacuate and burned 15,000 acres. (See item 62)

62. July 28, CNN – (California) Wildfires spark state of emergency in California county. Kern County, California was under a state of emergency July 28 as a result of spreading wildfires that have destroyed 25 homes, caused more than 2,300 people to evacuate and burned 15,000 acres. The afternoon of July 27, firefighters were called to a new wild fire southeast of Tehachapi. Later that night the fire had grown, threatening 150 structures, authorities reported. Fire crews battled through the night with aircraft, fire engines, and bulldozers. Crews worked throughout the night protecting homes and trying to contain the blaze. An evacuation center was set up at the old junior high school nearby for evacuees and their pets. Animal control was taking large animals, authorities said. In addition, more than 1,000 firefighters continued to battle a blaze July 28 in California’s Sequoia National Forest, north of Tehachapi. As of July 27, that fire had spread across roughly 6,000 acres, a U.S. Bureau of Land Management spokeswoman said. The bureau is working with the U.S. Forest Service and the Kern County Fire Department to fight the blaze. Kern County is approximately 130 miles north of Los Angeles. Source:


Banking and Finance Sector

20. July 28, The Register – (International) Russian gang uses botnets to automate check counterfeiting. The director of malware research for Atlanta-based SecureWorks has uncovered a sophisticated check-counterfeiting ring that uses compromised computers to steal and print millions of dollars worth of bogus invoices, and then recruit money mules to cash them. The highly automated scheme starts by infiltrating online check archiving and verification services that store huge numbers of previously cashed checks. It then scrapes online job sites for e-mail addresses of people looking for work and sends personalized messages offering jobs performing financial transactions for an international company. The scammers then use stolen credit-card data to ship near exact replicas of checks to those who respond. The director was able to track the operation by infecting a lab computer and observing its interactions with command and control channels. A database file the criminals carelessly exposed showed 3,285 checks had been printed since June of 2009 and 2,884 job seekers had responded to the employment offer. Assuming each check was written in amounts of $2,800, a threshold sum that brings increased scrutiny to transactions, the director estimates the checks were valued at about $9 million. Source:

21. July 28, – (National) Most breaches caused by crime gangs. Organized crime was responsible for 85 percent of all stolen data in 2009. And stolen credentials were the most common way to gain unauthorized access into organizations. These are among the headlines of the 2010 Verizon Data Breach Investigations Report, just released by Verizon Business. Conducted for the first time in collaboration with the U.S. Secret Service, this year’s report takes a broader look at the types and causes of data breaches. The latest report finds 2009’s breaches of electronic records involved more insider threats, greater use of social engineering, and the persistent, troubling trend of organized crime involvement. Of the 143 million records breached in 2009, 85 percent of them were attributed to financial service incidents. Data breaches caused by insiders add up to 48 percent of all breaches investigated — an increase of 26 percent over 2008. Conversely, breaches caused by external sources were down slightly to 70 percent, dropping from 2008’s 79 percent. The CEO of ID Experts, a data breach response provider, said the latest report mirrors his own group’s finding — particularly an increase in “hybrid attacks” where external organized cybercriminals work with insiders to implement an effective breach. Source:

22. July 27, KRCG 13 Columbia – (Missouri) Phishing scam targets River Region Credit Union. River Region Credit Union in Jefferson City, Missouri is the target of a cell-phone phishing scam. The calls started July 27. “We started to receive phone calls from area residents, reporting that they have been receiving phone calls, asking for card information,” River Region Credit Union’s president said. The recorded message tells the person that their River Region debit card has been deactivated. Then, it asks the person to enter in their card number. The phishing scam called AT&T Wireless customers. An AT&T representative did not say how the scammers got the phone numbers, but said that they were investigating. River Region said the scammers did not get the phone numbers from them. The credit union said customers’ information has not been breached unless someone entered in their card number when they got the call. All banks have said they will never ask for personal information over the phone. Source:

23. July 27, Gainesville Sun – (Florida) Area credit card skimmers may be part of statewide theft ring. Law enforcement officials said a dozen credit-card skimming devices have been found this month at Gainesville, Florida area gas stations along with other devices found at St. Johns and Flagler County stations, in what appears to be a statewide theft ring. Some stolen card numbers are being used to buy Walmart cards in Miami, investigators have said. Gainesville police said at least 25 people in Gainesville have been victims. Officials said someone using a universal key, which fits almost any gas pump in the country, is opening the pump faces and within a few minutes installing the device, which is undetectable to someone slipping their credit or debit card into the machine on the outside. The device consists of a skimmer attached to the pump’s card reader, a small hard drive to store the credit card numbers and a Bluetooth wireless device that can be accessed remotely to retrieve the data. Investigators downloaded data from one device found earlier this month in Gainesville and found it had stored 500 card numbers. Source:

Information Technology

51. July 28, SC Magazine – (International) Twitter and Google are riddled with malicious links. Almost three quarters of Twitter’s 100 million accounts are unused or responsible for delivering malicious links. The 2010 mid-year security report from Barracuda Labs analyzed more than 25 million Twitter accounts, both legitimate and malicious, and found that true Twitter users (a user that has at least 10 followers, follows at least 10 people, and has tweeted at least 10 times) tweet more often, and as casual users become more active, malicious activity increases. Only 28.87 percent of Twitter users are “true Twitter users,”and the Twitter crime rate — the percentage of accounts created per month that were eventually suspended for malicious or suspicious activity, or otherwise misused — for the first half of 2010 was 1.67 percent. Google distributed the most malicious links of four of the most popular online services Bing, Twitter, and Yahoo, with 69 percent of its results poisoned when searches on popular trending topics were performed. The analysis reviewed more than 25,000 trending topics and nearly 5.5 million search results. Source:

52. July 28, Compterworld – (International) Google patches Chrome, sidesteps Windows kernel bug. On July 26, Google patched five vulnerabilities in Chrome by issuing a new “stable” build of the browser. The update to Chrome 5.0.375.125 fixed three flaws rated “high,” Google’s second-most-serious threat rating, as well as one pegged “medium” and another labeled as “low in Google’s four-step scoring system. Danish vulnerability tracker Secunia judged the cumulative update as “highly critical” using its own ranking. As per Google’s usual practice, technical details of the vulnerabilities were hidden from public view to prevent attackers from leveraging the information before most users have upgraded. According to a blog post by a member of the Chrome team, Google also added what he called “workarounds” to Chrome for a pair of critical vulnerabilities not in the browser’s code, but in external components or software. He did not provide any additional information on the workarounds other than to point a finger at the Windows kernel and “glibc,” or the GNU C Library, a collection of C programming language files and routines that’s a critical component of most Linux operating system kernels. Source:

53. July 28, IDG News Services – (International) Three arrested in connection with Mariposa botnet. Slovenian police have arrested three men in connection the massive Mariposa botnet that was disabled late last year. A 23-year-old man was arrested in Maribor, Slovenia, about 10 days ago. He has been released but is expected to be charged with computer-related crimes. The U.S. FBI confirmed the arrest July 28. Two others were also arrested. Millions of computers worldwide were infected with the Mariposa botnet code, which allowed hackers to siphon information from those machines and launch denial-of-service attacks against others. The FBI director said in March that Mariposa had infected the computers of Fortune 1000 companies and major banks. Mariposa’s authors changed the botnet’s code as frequently as every 48 hours in order to go undetected by security software. Source:

54. July 28, Help Net Security – (International) Critical ToolTalk Database Server Parser vulnerability discovered. Check Point announced that its IPS Research team has recently discovered a critical vulnerability in a function of the ToolTalk Database Server Parser that can enable a remote attacker to potentially inject and execute arbitrary code onto the affected system. The vulnerability identified is in the RPC-based ToolTalk database server that creates and manages database files and affects all system users with IBM AIX Version 6.1.3 and lower, Sun Solaris 10 Sparc/x86 and lower, as well as HP HP-UX 11.0 and lower. The vulnerability was discovered and responsibly disclosed to vendors by the IPS Research team. Check Point recommends applying the latest vendor patches and getting immediate protection by applying the latest IPS update. Source:

55. July 28, Help Net Security – (International) Critical vulnerability in Apple QuickTime. A highly critical vulnerability affects the latest version of Apple QuickTime Player for Windows. “The vulnerability is caused due to a boundary error in QuickTimeStreaming.qtx when constructing a string to write to a debug log file,” said a Secunia researcher. “This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL.” If the flaw is successfully exploited, arbitrary code can be executed by the attacker, and the system can be compromised. So far, the vulnerability is confirmed to affect only the latest version of the software (7.6.6) for Windows, which was released March 30. Source:

Communications Sector

56. July 28, Honolulu Star-Advertiser – (Hawaii) Severed deep-sea cable disrupts service. At about 1:10 a.m. July 27, Oceanic Time Warner Cable in Hawaii started seeing disruptions. It was later discovered that part of a fiber-optic cable was severed about 30 miles off Kihei, Maui. The damaged cable is 3,000 feet under the sea, and 400,000 customers were affected. Most, if not all, Internet service was restored by the afternoon. TV service on Maui and the Big Island was the last to be restored because of the cut’s proximity to both islands. Oceanic Time Warner is among 144 Maui firms that rent bandwidth from that section of the cable. When the cable was cut, Internet protocol addresses did not know which route to take back to the mainland. Oceanic crews had to reroute connections through alternate cables connecting the islands. Oahu and Kauai services were restored by 8 a.m. July 27. Maui and Big Island services were restored by the afternoon. It was not immediately known how the cable was cut. Initial indications seem to point to the possibility that water may have seeped into the cable. Source:

57. July 27, Philadelphia Inquirer – (Pennsylvania) WHYY-FM off air during morning rush. Maintenance work on an antenna apparently knocked WHYY-FM in Pennsylvania off the air July 27 for about three hours longer than planned. Radio listeners were unable to listen to the BBC’s “World Update” or NPR’s “Morning Edition” on 90.9 early July 27. In a note on its Web site, the station advised that it might be off the air between 11:30 p.m. July 26 until 5 a.m. July 27 for maintenance work at the Roxborough antenna farm. Broadcasting resumed on the FM dial at 8 a.m. WHYY continued broadcasting online during the signal outage. Source:

58. July 27, NextGov – (National) FCC plan to support emergency communications relies on unproven technology. A proposal to auction 10 megahertz of broadband spectrum to commercial organizations, rather than dedicating the spectrum exclusively for public safety communications, relies on unproven technology to provide first responders priority access, a Homeland Security Department official told Congress July 27. The Federal Communications Commission’s (FCC) National Broadband Plan, released in March, includes a proposal to auction the 10 megahertz of spectrum known as D-Block to commercial interests, providing public safety organizations priority access in emergency events with next-generation wireless broadband technologies that — while unproven — promise to increase the capacity and speed of mobile telephone networks. “The technology being recommended by the FCC provides great opportunity,” said the assistant secretary of the Office of Cybersecurity and Communications at DHS during testimony before the House Subcommittee on Emergency Communications, Preparedness and Response. “It’s not absolutely clear what [this technology] is capable of.” Homeland Security would support FCC’s plan for the auction if the technical and legal frameworks were properly evaluated, and the technology’s capacity and capability were understood to meet public safety requirements, he added. Many public safety organizations oppose the proposal to auction the D-Block spectrum to commercial interests, instead supporting a bill that would dedicate the spectrum to public safety. Source: