Monday, September 20, 2010

Complete DHS Daily Report for September 20, 2010

Daily Report

Top Stories

 According to PC magazine, Intel confirmed that the leaked HDCP master key protecting millions of protected devices, including Blu-ray drives, from unlicensed recording and authentication is legitimate. (See item 45 below in the Information Technology Sector)

 KSAT 12 reports that at least three people were injured, one critically, in an explosion and fire at the Aquarium Inn near the Texas State Aquarium and the USS Lexington in Corpus Christi, Texas. (See item 54)

54. September 17, KSAT 12 San Antonio – (Texas) Report: 3 Injured in explosion, fire in Corpus Christi. At least three people were injured, one critically, September 16 in an explosion and fire in Corpus Christi, Texas. The explosion happened at the Aquarium Inn near the Texas State Aquarium and the USS Lexington. The one critical patient was transported to a hospital in San Antonio. The Corpus Christi Caller-Times reported a UPS driver had just dropped off a package moments before the explosion, but investigators did not believe that it may have been the cause. Investigators said they have been in contact with the company that sent the package and the person who received it and do not suspect foul play. The explosion was felt for miles, and nearby cars had their windows blown out. Officials from the Bureau of Alcohol, Tobacco, Firearms and Explosives, and the FBI are investigating. Officials said a gas leak may have led to the explosion. Source:


Banking and Finance Sector

13. September 17, Buffalo News – (National) Snyder woman admits felony wire fraud. A Snyder, New York woman who worked at a Florida-based mortgage company pleaded guilty to a felony wire fraud charge in connection with a mortgage fraud scheme that cost nine banks a total of $24 million. She pleaded guilty before a U.S. District Judge the week of September 13, admitting to wire fraud affecting a financial institution. As an employee at Federal Guaranty Mortgage Co., she was responsible for preparing loan packages and forwarding the documents to financial institutions, according to an Assistant U.S. Attorney. The suspect admitted that she sometimes would sign several fraudulent mortgage applications for the same piece of property. Multiple mortgages would be obtained for the same property purchase, and the proceeds for the fraudulent mortgages would be wired to the account of a company associated with the company for which she worked. Because of her actions, M&T Bank was one of nine financial institutions to suffer a loss, prosecutors said. The banks’ total losses amounted to about $24 million, federal officials said. Source:

14. September 16, SC Magazine UK – (International) Emails containing Zeus malware detected, as removal tool announced. Warnings have been made of a new wave of malicious e-mail messages that carry a Zeus payload. According to Websense Security Labs, the campaign is related to pharmaceutical spam messages, except it combines an HTML or ZIP attachment with a social engineering technique. Detection found in the case of an HTML attachment, criminals are using an obfuscated JavaScript, and content is encrypted with a commercially available HTML obfuscation tool. Websense said when viewing the deobfuscated content, it saw the script uses a meta refresh tag to redirect a user who views the attachment. The script checks what browser is used and only performs the redirection if Firefox, Chrome, or Safari is used. Someone using an affected browser will get redirected to a pharmaceutical site. The “” file contains “label.exe,” which is a copy of Zeus. The malware copies itself to C:\Documents and Settings\user\Application Data\Ewca\refef.exe, and tries to access two sites located in the .ru zone. The announcement came as BitDefender released its Zbot/Zeus removal tool. Source:

Information Technology

43. September 17, Computerworld – (International) Researchers issue homemade patch for PDF zero-day bug. A little-known security firm September 15 released a home-brewed patch for a critical bug in Adobe Reader that hackers are already exploiting. RamzAfzar, whose Web site bills it as a penetration testing company, reworked a flawed Adobe dynamic link library, or DLL, to replace the vulnerable “strcat” API call with the more secure alternative, “strncat.” To install the latest patch, users must download the revamped “CoolType.dll” created by RamzAfzar, then copy it to the Windows folder where Adobe’s DLL by the same name is located. Adobe confirmed September 17 that RamzAfzar’s patched CoolType.dll seemed to do the trick. “At first glance, their DLL appears to prevent the crash [that can lead to remote code execution], but we have not performed a thorough investigation,” a company spokeswoman said in an e-mail. Nonetheless, Adobe warned users to steer clear. “A DLL is equivalent to an .EXE. Users should never install executables from an untrusted publisher on their machine,” the spokeswoman added. Adobe will release its official update for Reader sometime during the week of October 4. Source:

44. September 16, Computerworld – (International) Google patches Chrome second time this month. Google patched 10 vulnerabilities in Chrome, including one pegged critical on the Mac. The September 14 security update brings the number of Chrome flaws fixed in September to 26. Of the 10 bugs patched, one was rated “critical.” Six were ranked as “high,” and three were labeled as “low.” The one critical flaw is a Mac-only bug that Google said was a second crack at an earlier bug. Two others, both categorized as low-level threats, were Linux-only vulnerabilities. Other just-patched bugs included a pair that addressed problems with parsing SVG (scalable vector graphics) elements embedded in Web sites, and a memory corruption vulnerability in Chrome’s geolocation API, which lets Web application and site developers pinpoint users’ location, typically on a map service like Google Maps. Source:

45. September 16, PC Magazine – (International) HDCP master key confirmed; Blu-ray content vulnerable. The leaked HDCP master key protecting millions of protected devices, including Blu-ray drives, that was posted to the Web has been confirmed as legitimate, Intel representatives said September 16. The disclosure means, in effect, that the content flowing over the encrypted HDMI connection may be recorded and authenticated using an unlicensed device. An Intel spokesman said after 2 days of investigation, the company had informed its partners and licensees that the key, which was posted online September 14, was indeed legitimate. As a practical matter, the most likely scenario for a hacker would be to create a computer chip with the master key embedded in it, that could be used to decode Blu-ray discs. A software decoder is unlikely, “but I’d never say never,” the Intel spokesman said. Source:,2817,2369280,00.asp

46. September 15, CNET News – (International) Google fires engineer for privacy breach. Google confirmed September 14 that it fired an employee earlier this year for violating its policies on accessing the accounts of its users. Earlier in the day, Gawker reported that an engineer in Google’s Seattle, Washington offices used his position as a key engineer evaluating the health of Google’s services to break into the Gmail and Google Voice accounts of several children. After parents of the children complained to Google, Gawker said the engineer was dismissed, and Google confirmed that move later September 14. “We dismissed [the engineer] for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls — for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective,” a Google spokesman said in a statement. The report raises questions regarding how effective Google’s systems are in preventing a potentially rogue engineer from abusing his position. It is not clear whether the increase in the amount of time auditing logs referenced in the Google statement was directly related to the engineer’s incident. Source:

Communications Sector

47. September 17, eWeek – (National) FCC broadband agenda for small businesses advances. The Federal Communications Commission (FCC) chairman announced the next step in advancing the agency’s small business broadband agenda, part of a broader FCC plan which includes connecting communities to broadband through the Universal Service Fund, promoting mobile connectivity by unleashing more spectrum, and, in partnership with the Small Business Administration, training small businesses to use digital tools to reach wider markets and improve their operations. He said the FCC will issue a Public Notice to help improve the FCC’s understanding of business broadband needs, a key recommendation in the National Broadband Plan. Specifically, the FCC is seeking comment on questions including what transmission services, technologies or types of facilities are used in the business broadband marketplace are relevant to a full understanding of the marketplace, and what the overall size of the business broadband marketplace is today in terms of revenues and demand. The Public Notice stated the FCC understands that optical fiber facilities are increasingly being used for higher-capacity offerings, but that legacy copper facilities (with or without higher-layer communication protocols), co-axial cable facilities, and wireless spectrum remain highly desirable transmission media that are used in a wide variety of circumstances. Source:

48. September 17, KPCC 89.3 Pasadena – (California) 90.3 KPCV serving the Coachella Valley is off-air due to a power failure. The 90.3 KPCV transmitter serving the Coachella Valley is off the air September 17 due to a power failure at the transmitter site on Indio Peak in California. Station engineers and Imperial Valley Water and Power personnel are working to restore electrical service as soon possible. Source:

49. September 16, Olympia Olympian – (Washington) Severed cable kills phone, Web service for hundreds. A construction accident severed a fiber-optic cable serving Olympia and Lacey, Washington, about 1:30 p.m. September 16, cutting off phone and Internet service to hundreds of businesses in Thurston County, a telecommunications official for Integra Telecom said. The vice president of corporate communications for Integra Telecom said he was optimistic that the fiber-optic cable would be repaired “in the next several hours.” Integra and other crews were working to repair the damaged cable. The cable was severed during work done by a third party, not Integra Telecom, he added. He said the severed cable was “most likely affecting more than Integra customers” because other telecoms likely use the same fiber-optic cable as Integra. Source:

50. September 16, Associated Press – (Pennsylvania) Verizon outage In 3 Pa. counties has been repaired. A cut fiber optic cable was repaired September 16, a day after it interrupted Verizon cell phone and other services in three west central Pennsylvania counties. Thousands of customers in Clearfield, Elk and Jefferson counties lost service for most of the day September 15. Some customers also lost Internet service or found it to be sporadic. A Verizon spokeswoman said the Punxsutawney area was affected by a line that was cut near Johnstown. The line that was cut was operated by a third party that she did not identify. The problem was fixed about 4:30 p.m., but some short service interruptions continued. Crews must determine if the repair has solved the problem or if more work is needed to iron out remaining glitches. Source:

51. September 16, Canton Repository – (Ohio) 1,300 Massillon Cable customers lose service. Some Massillon Cable customers in Massillon, Ohio lost service when construction crews working on the Hills and Dales Road project cut a service cable. The outage has affected about 1,300 cable and modem customers in the northeast section of Massillon and Jackson Township. Repair crews are at the site, hoping to have service fully restored by the evening, according to the cable company. Source:

52. September 16, Yuma Sun – (Arizona) Dump truck wreck cuts phone, Internet service. An estimated 300 to 400 Qwest customers were without phone and Internet service September 16 after a dump truck snagged an overhead telephone line in Yuma, Arizona. “Qwest places a priority on customer service and restoration of that service regardless of the cause of the outage,” a Qwest spokesman said. “Our technicians are confident they will have full service restored before 8 p.m. (September 16).” According to the Yuma Police Department, at about 10:58 a.m., officers responded to a report of a single-vehicle collision involving telephone lines at the intersection. The police investigation revealed that the accident involved a 1997 Peterbilt dump truck owned by Zeller’s Excavating & Paving. The truck was driven by 56-year-old from Yuma. As the driver was attempting a right turn from 1st Avenue onto 5th Street, the bed of the dump truck, which was in the elevated position, snagged the overhead telephone line hanging across 1st Avenue. Source: