Friday, November 26, 2010
• According to the Associated Press, a woman charged with making threats that caused 300 Broward County, Florida schools to be locked down was arrested November 23, federal authorities said. (See item 43)
43. November 23, Associated Press – (Florida) Fla. woman accused in school threats arrested. A woman charged with making threats that caused 300 Florida schools to be locked down and a congressman-elect’s top aide to step down was arrested November 23, federal authorities said. FBI agents apprehended the 48-year-old suspect of New Port Richey, Florida, near Los Angeles, the U.S. Attorney’s Office in Miami said. She is accused of sending an e-mail on November 10 to a WFTL 850 AM conservative talk show host, who was tapped to be a U.S. Representative-elect’s chief of staff. The suspect called the Pompano Beach station later that morning and claimed that her husband was going to go to a school in Pembroke Pines and start shooting, according to federal authorities who said they traced the call. Authorities responded by placing all 300 Broward County schools in lockdown for several hours. The talk show host has been on South Florida radio for nearly 20 years. She stepped down as chief of staff a day after the lockdown, saying she wanted to avoid any repercussions against the U.S. Representative. Source: http://www.bloomberg.com/news/2010-11-24/fla-woman-accused-in-school-threats-arrested.html
• According to BBC News, one fifth of Facebook users are exposed to malware contained in their news feeds, claim researchers at security firm BitDefender.
See item 49 below in the Information Technology sector.
Banking and Finance Sector
19. November 24, Krebs on Security – (International) Crooks rock audio-based ATM skimmers. Criminals increasingly are cannibalizing parts from handheld audio players and cheap spy cams to make extremely stealthy and effective ATM skimmers, devices designed to be attached to cash machines and siphon card + PIN data, a new report warns. The European ATM Security Team (EAST) found that 11 of the 16 European nations covered in the report experienced increases in skimming attacks last year. EAST noted that in at least one country, anti-skimming devices have been stolen and converted into skimmers, complete with micro cameras used to steal PINs. EAST said it also discovered that a new type of analog skimming device — using audio technology — has been reported by five countries, two of them “major ATM deployers” (defined as having more than 40,000 ATMs). Source: http://krebsonsecurity.com/2010/11/crooks-rock-audio-based-atm-skimmers/
20. November 24, Krebs on Security – (Missouri) Escrow Co. sues bank over $440K cyber theft. An escrow firm in Missouri is suing its bank to recover $440,000 that organized cyber thieves stole in an online robbery earlier this year, claiming the bank’s reliance on passwords to secure high-dollar transactions failed to measure up to federal e-banking security guidelines. The attack against Springfield, Missouri based title insurance provider Choice Escrow and Land Title LLC began late in the afternoon on St. Patrick’s Day, when hackers who had stolen the firm’s online banking ID and password used the information to make a single unauthorized wire transfer for $440,000 to a corporate bank account in Cyprus. The following day, when Choice Escrow received a notice about the transfer from its financial institution — Tupelo, Mississippi based BancorpSouth Inc. — it contacted the bank to dispute the transfer. But by the close of business on March 18, the bank was distancing itself from the incident and its customer, said the director of business development for Choice Escrow. “What they really were doing is contacting their legal department and figuring out what they were going to say to us. It took them until 5 p.m. to call us back, and they basically said, ‘Sorry, we can’t help you. This is your responsibility.’” A spokesman for BancorpSouth declined to discuss the bank’s security measures or the specifics of this case, saying the institution does not comment on ongoing litigation. Source: http://krebsonsecurity.com/2010/11/escrow-co-sues-bank-over-440k-cyber-theft/
21. November 24, Tallahassee Democrat – (Florida) Capital Circle NE remains closed after bomb threat. Capital Circle Northeast in Tallahassee, Florida, remained closed in both directions between Raymond Diehl and Lonnbladh roads on November 24 as police officers and bomb squad technicians investigate a bomb threat made by a bank robber. A 56-year-old man entered Premier Bank, 3110 Capital Circle NE, said that he had a bomb and demanded money from a teller, said a spokesman for Tallahassee Police Department (TPD). There were customers in the bank at the time of the robbery, but no injuries have been reported. Capital Circle should be reopened within an hour, the spokesman said. Police officers arrived before the man could exit the bank, and he was taken into custody without incident. The man then claimed the bomb threat was merely a bluff, but law-enforcement officials are required to take the threat seriously. The Big Bend Regional Bomb Squad, comprised of officials from TPD, the Tallahassee Fire Department, Florida Capital Police, and other local law-enforcement agencies, deployed a robot to the bank earlier in the morning. Investigators also examined a secondary search site, the parking lot of Gold’s Gym, 2695 Capital Circle NE, where they think the man may have parked his car. Source: http://www.tallahassee.com/article/20101124/BREAKINGNEWS/101124004/Updated--Capital-Circle-NE-remains-closed-after-bomb-threat
48. November 24, Help Net Security – (International) Kids lured to scam site by promises of parental control bypassing. The latest scam to hit Facebook users is one that supposedly offers a completely free proxy service for those who want to bypass parental controls and blocks set up by schools and at workplaces that prevent users from accessing certain sites such as Facebook. The campaign is specifically targeting kids, luring them into trying out the service located at hxxp://myfatherisonline.com to access Facebook in school. Sunbelt researchers have have poked around the site and discovered a veritable trove of various scamming attempts. The victims are faced with an affiliate site containing malware, surveys, quizzes, and offers for free iPhones that will try to get them to subscribe to a premium rate service or sign up for spam. Source: http://www.net-security.org/malware_news.php?id=1546
49. November 24, BBC News – (International) Facebook news feeds beset with malware. One fifth of Facebook users are exposed to malware contained in their news feeds, claim security researchers. Security firm BitDefender said it had detected infections contained in the news feeds of around 20 percent of Facebook users. Facebook said it already had steps in place to identify and remove malware-containing links. BitDefender arrived at its figures by analyzing data from 14,000 Facebook users that had installed a security app, called safego, it makes for the social network site. In the month since safego launched, it has analyzed 17 million Facebook posts, said BitDefender. The majority of infections were associated with apps written by independent developers, which promised enticements and rewards to trick users into installing the malware. These apps would then either install malware used for spying on users or to send messages containing adverts to the users’ contacts. Facebook said it had processes and checks in place to guard against the risk of malware. “Once we detect a phony message, we delete all instances of that message across the site,” the site said in a statement. Source: http://www.bbc.co.uk/news/technology-11827856
52. November 23, Network World – (International) HTTPS Everywhere gets Firefox “Firesheep” protection. The Electronic Frontier Foundation (EFF) November 23 said it rolled out a version of HTTPS Everywhere that offers protection against “Firesheep” and other tools that seek to exploit Web page security flaws. Firesheep sniffs unencrypted cookies sent across open WiFi networks for unsuspecting visitors to Web sites such as Facebook and Twitter, and lets the user take on those visitors’ log-in credentials. EFF says the new version of HTTPS Everywhere (0.9.x) is a direct response to growing concerns about Web site vulnerability in the wake of Firesheep on social networking sites or Web mail systems, for example — if the browser’s connection to the Web application either does not use cryptography or does not use it thoroughly enough. EFF says that HTTPS Everywhere now protects sites such as Bit.ly, Cisco, Dropbox, Evernote, and GitHub. Source: http://www.networkworld.com/community/node/68828
53. November 23, The Register – (International) Network card rootkit offers extra stealth. Security researchers have demonstrated how it might be possible to place backdoor rootkit software on a network card. A reverse engineer at French security firm Sogeti ESEC was able to develop proof-of-concept code after studying the firmware from Broadcom Ethernet NetExtreme PCI Ethernet cards. He used publicly available documentations and open source tools to develop a firmware debugger. He also reverse-engineered the format of the EEPROM where firmware code is stored, as well as the bootstrap process of the device. Using the knowledge gained from this process, he was able to develop custom firmware code and flash the device so that his proof-of-concept code ran on the CPU of the network card. The technique opens the possibility of planting a stealthy rootkit that lives within the network card, an approach that gives potential miscreants several advantages over conventional backdoors. Chief among these is that there will be no trace of the rootkit on the operating system, as it is being hidden inside the network interface card. Source: http://www.theregister.co.uk/2010/11/23/network_card_rootkit/
See item 50 above in Information Technology