Friday, May 20, 2011

Complete DHS Daily Report for May 20, 2011

Daily Report

Top Stories

• According to the Associated Press, a Kentucky coal mine has been issued 10 withdrawal orders a month after federal regulators hit the mine’s operator with a first-ever pattern of violations notice. (See item 3)

3. May 18, Associated Press – (Kentucky) Ky. mine hit with 10 withdrawal orders in May. A Kentucky coal mine has been issued 10 withdrawal orders a month after federal regulators hit the mine’s operator with a first-ever pattern of violations notice. The U.S. Mine Safety and Health Administration (MHSA) announced the orders at Abner Branch Rider Mine in Leslie County May 18, saying inspectors found multiple violations at the Bledsoe Coal Corp’s mine in May. The mine was one of the first two ever issued a pattern of violation notice. The agency took the action in April, also citing the New West Virginia Mining Co.’s Apache Mine in McDowell County, West Virgina. That mining operation is currently idle. The 10 orders in May fall under the pattern of violations notice. Under the Federal Mine Safety and Health Act of 1977, MSHA may order miners withdrawn from a mine each time the agency issues a significant and substantial violation. The order remains in place until the violation is corrected. A mine operator can be removed from pattern of violation status only after a complete inspection is done without a significant and substantial violation citation being issued. The 10 withdrawal orders include 2 issued May 3 because the mine roof was not adequately supported to prevent a potential roof fall. Three were issued May 10 for inadequate ventilation controls and inadequate roof, rib, and face support, causing the withdrawal of more than 30 miners working over three shifts. Inspectors found ventilation controls between the secondary escapeway and the belt entry had become damaged and difficult to open. The order related to inadequate ventilation controls was terminated the following day when the operator installed a pressure relief slider in the personnel door, and made modifications to enable the doors to easily open. Source: http://www.greenwichtime.com/default/article/Ky-mine-hit-with-10-withdrawal-orders-in-May-1385310.php

• KHOU reports newly released e-mails from the Texas Commission on Environmental Quality show the agency’s top commissioners told staff to continue lowering radiation test results in defiance of federal Environmental Protection Agency rules. (See item 28)

28. May 19, KHOU 11 Houston – (Texas) Texas politicians knew agency hid the amount of radiation in drinking water. Newly released e-mails from the Texas Commission on Environmental Quality (TCEQ) show the agency’s top commissioners directed staff to continue lowering radiation test results in 2007, in defiance of federal Environmental Protection Agency (EPA) rules, KHOU 11 Houston reported May 19. The e-mails and documents, released under order from the Texas Attorney General to KHOU, also show the agency was attempting to help water systems get out of formally violating federal limits for radiation in drinking water. Without a formal violation, the water systems did not have to inform their residents of the increased health risk. Under federal law, Texas and other states are only allowed to enforce EPA rules, according to the Safe Drinking Water Act, if the EPA determines the state has adopted drinking water standards that are “no less stringent” than the federal rules. A spokesperson for the Texas governor said the governor expects the TCEQ and all state agencies to follow all the laws that are on the books, which the spokesperson said the TCEQ began doing after that 2008 audit by the EPA. Source: http://www.khou.com/home/-Texas-politicians-knew-agency-hid-the-amount-of-radiation-in-drinking-water-122205439.html

Details

Banking and Finance Sector

13. May 18, KMOV 4 St. Louis – (Missouri) Suspected serial bank robber arrested, could be charged with eleven robberies. Federal and local authorities in St. Louis, Missouri, said May 18 they have arrested a suspect in a frenzy of bank robberies dating back to August 2010. The 37-year-old man was tracked down and arrested without incident at a hotel in St. Louis. The arrest was the result of the investigative efforts of the FBI, St. Louis County, and city police. The suspect has been charged with the robbery of the Montgomery Bank in the 3800 block of Union in St. Louis County May 16. Investigators said an alert witness gave police a good description of the getaway vehicle. That vehicle was spotted May 17and the man was arrested May 18. Authorities believe the suspect is responsible for as many as 10 other bank robberies. Source: http://www.kmov.com/news/crime/Serial-bank-bandit-arrested-could-be-charged-with-eleven-robberies-122192444.html

14. May 18, Reuters – (Ohio) Columbus police comb city for mullet-wearing bandit. Police in Ohio are searching for a mullet-wearing bandit they said has been on a bank-robbing spree across the state. A man is a suspect in at least two bank robberies in Columbus over the past 2 weeks, an FBI Special Agent told Reuters, and may have been involved in a third holdup. The latest heist took place May 18 at a Fifth-Third bank branch on Holt Road in Columbus. The suspect, who wears a Seattle Mariners baseball cap and large dark sunglasses and carries an oversized book bag, walked into the bank shortly after 9 a.m., the special agent said. After waiting his turn in line, he went up to a teller and passed a note saying he was robbing the bank. The same suspect is believed to have held up a branch of Chase Bank on Polaris Parkway in Columbus May 5, and the FBI said he may also have been involved in a robbery in northeast Ohio. Source: http://www.reuters.com/article/2011/05/18/us-ohio-mullet-bandit-idUSTRE74H7JX20110518

15. May 18, Savannah Morning News – (National) Savannah’s serial bank robber strikes Pooler. Savannah, Georgia’s brazen bank robber — who did not bother to hide his face when he walked into two southside banks during one week in April, pulled a gun and demanded cash — struck again May 18. This time, it was a Pooler bank, located across the street from police headquarters. “He seems to be knowledgeable of how to go about the business of robbing a bank,” said the FBI’s resident agent in charge for Savannah. The May 18 robbery happened at 10:10 a.m. at the Bank of America, located at 105 U.S. 80 East, across Rogers Street from the Pooler police headquarters. The robber followed pretty much the same plan he did in the April 8 robbery of the SunTrust bank located inside the Kroger at 318 Mall Boulevard and the April 13 robbery of the Bank of America, located at 7802 Abercorn Street, less than a half mile away from the SunTrust branch. He walked into the bank wearing long sleeves and a baseball cap, handed the teller a note demanding money, and pulled out a gun and set it on the counter. The teller handed over an undisclosed amount of cash May 18. The FBI agent in charge said the robber peeled through the bills to make sure they did not contain dye packs. In the two previous robberies, the man is believed to have fled in a blue Chevy Astro van with a Georgia tag, but the FBI agent in charge said he may have used a gold vehicle for the May 18 job. He is believed to be working alone. Source: http://savannahnow.com/news/2011-05-18/savannah-s-serial-bank-robber-strikes-pooler

16. May 18, Tempe East Valley Tribune – (Arizona) Bank offers reward in branch robberies. Wells Fargo Bank is offering up to a $5,000 reward for information leading up to the arrest and conviction of a man who has committed eight robberies at numerous branches throughout the East Valley in Arizona since November 23, including robbing a branch in Gilbert twice. FBI investigators believe the robberies were committed by the same suspect, whom they have dubbed the “Black Binder Bandit” because he carries a black binder or black bag when approaching bank tellers and has been seen on video surveillance wearing different caps or hats and sunglasses. In addition to robbing banks throughout Chandler, Gilbert, Mesa and Tempe, the man also robbed a branch of Bank of America at 2998 N. Alma School Road in Chandler January 7. Source: http://www.eastvalleytribune.com/local/cop_shop/article_09a42a96-81ab-11e0-8bbc-001cc4c03286.html

17. May 18, MainStreet.com – (International) Free trial scams targeted by Feds. The Federal Trade Commission (FTC) announced May 17 it has taken legal action against an online operation that allegedly raked in more than $450 million from consumers worldwide by luring them into “free” or “risk-free” trials on a variety of different products. The FTC has filed a complaint against a man and the companies he controls, citing his online “free trials” for various products including acai berry weight-loss pills, tooth whiteners and dietary supplements were merely bogus attempts to swindle consumers. “The defendants used the lure of a ‘free’ offer to open an illegal pipeline to consumers’ credit card and bank accounts,” the director of the FTC’s Bureau of Consumer Protection said in a written statement. The companies targeted consumers in the United States, Canada, Great Britain, Australia and New Zealand. The FTC said it plans to stop the illegal practices and make the defendants repay defrauded consumers. As part of its complaint, the FTC is also charging the man and his co-defendants with running phony work-at-home schemes, providing access to non-existent government grants, offering but not providing free credit reports, and running penny auctions. The defendants undertook these scams under various company names that include Just Think Media, Credit Report America, eDirect Software, WuLongsource, and Wuyi Source. They have also operated under the names Terra Marketing Group, SwipeBids.com, SwipeAuctions.com, Circle Media Bids Limited, Coastwest Holdings Ltd., Farend Services Ltd, JDW Media LLC, Net Soft Media LLC, Sphere Media LLC, and True Net LLC. Source: http://www.mainstreet.com/article/smart-spending/technology/free-trial-scams-targeted-feds

Information Technology

43. May 19, Help Net Security – (International) OpenSSL weakness can expose sensitive information. A weakness has been reported in OpenSSL, which can be exploited to disclose potentially sensitive information, according to Secunia. The weakness is caused due to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) not properly preventing timing attacks, which can be exploited to, for example, disclose the private key of a TLS server using ECDSA signatures. Source: http://www.net-security.org/secworld.php?id=11053

44. May 19, Help Net Security – (International) Mac Protector: Fake AV targets Mac OS X users. New rogue AV is targeting Mac users. The name of the rogue AV is Mac Protector, and according to McAfee, the downloaded Trojan contains two additional packages: macprotector(dot)pkg (the application) and macProtectorInstallerProgramPostflight(dot)pkg (bash script that launches Mac Protector once it is installed). As with MAC Defender, an earlier AV targeting Mac users, the application requires root privileges to get installed, so the user is asked to enter the password. “Mac Protector is very sophisticated and uses a lot of resources to appear as a real anti-virus app to the user. There are a lot of images and sounds in the package that simulate system scanning, show the alerts, etc.,” McAfee said. “Mac Protector will perform a fake scan on the system, and will show rootkits and spyware detections for real and current processes.” Copying MAC Defender again, Mac Protector tries to convince the user his computer is infected by opening browser windows to sites with adult content. Once the fake scan is finished, the rogue AV said the user must register the app for it to be able to clean the system. To do that, the user is asked to submit credit card data. Source: http://www.net-security.org/malware_news.php?id=1727

45. May 18, Computerworld – (International) Google moves fast to plug Android Wi-Fi data leaks. Google May 18 confirmed it is starting to release a server-side patch for a security vulnerability in most Android phones that could let hackers snatch important credentials at public Wi-Fi hotspots. “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts,” a Google spokesman said in an e-mailed statement. “This fix requires no action from users and will roll out globally over the next few days.” Google will apply a fix on its servers since it does not need to issue an over-the-air update to Android phones. According to the University of Ulm researchers, who tested another researcher’s contention last February that Android phones sent authentication data in the clear, hackers could easily spoof a Wi-Fi hotspot and then steal data users’ phones transmitted during synchronization. In Android 2.3.3 and earlier, the phone’s Calendar and Contacts applications transmit data via unencrypted HTTP, then retrieve an authentication token from Google. Hackers could eavesdrop on the HTTP traffic at a public hotspot, lift authentication tokens, and use them for up to 2 weeks to access users’ Web-based calendars, contacts, and the Picasa photo storage and sharing service. Source: http://www.computerworld.com/s/article/9216835/Google_moves_fast_to_plug_Android_Wi_Fi_data_leaks

46. May 18, IDG News Service – (International) Sony takes down PlayStation Network after URL error. Sony was forced to take part of its PlayStation Network offline briefly May 18 as it fixed a Web glitch that gave hackers a way to take over users’ accounts. Sony was hacked in April, and since May 14 had been bringing its PlayStation Network (PSN), Sony Online Entertainment network, and Qriocity sites back online. To lock down the networks’ security, Sony asked users to reset their passwords, but now a Web programming error has halted that process. According to a discussion forum posting by Sony, the company has turned off its sign-in feature for PlayStation.com, Qriocity, PlayStation blogs, forums, and gaming Web sites as well as Music Unlimited on the Web. Midday May 18, the company gave a vague description of what had happened. “We temporarily took down the PSN and Qriocity password

reset page,” a Sony spokesman said. “In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.” Contrary to some reports, the site had not been hacked, he said. Sony did not say exactly what it meant by “URL exploit,” but according to the gaming blog Nyleveia, Sony’s password reset page was configured so that anyone who knew their victim’s e-mail address and birth date could take over that account. The spokesman said this was due to a “vulnerability in the password reset form,” but did not publish details of how the password reset could be done. “Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3,” he wrote. “Otherwise, they can continue to do so via the website as soon as we bring that site back up.” Source: http://www.computerworld.com/s/article/9216834/Sony_takes_down_PlayStation_Network_after_URL_error

47. May 16, Softpedia – (International) New Alureon version employs sophisticated encryption. Security researchers from Microsoft have come across a new version of Alureon malware that uses sophisticated obfuscation techniques to evade antivirus detection and analysis. Alureon is a family of trojans that intercept Internet traffic to steal log-in credentials, credit card data, and other sensitive information. Malicious programs from this family commonly use DNS hijacking techniques to achieve their goals, causing some infected computers to exhibit rogue DNS entries. The new Alureon version found by Microsoft researchers is different as it borrows encryption techniques from Win32/Crypto, a virus that dates back to 1999. Win32/Crypto encrypted its payload with a key whose recovery from the PE header required brute-forcing attacks executed by the malware itself. Microsoft’s malware researchers said while reviewing Win32/Alureon samples, they found they used Win32/Crypto-style decryption to elude anti-virus scanners. But the new Alureon uses an even more sophisticated method. It can take up to 255 retries to recover the decryption key, which, unlike Win32/Crypto, is spread across the entire PE image, between other code and resources. This makes recovering the encrypted file much more complicated for malware analysts, and makes detection harder for antivirus programs. Source: http://news.softpedia.com/news/New-Alureon-Version-Employs-Sophisticated-Encryption-200697.shtml

Communications Sector

48. May 19, WOOD 8 Grand Rapids – (Michigan) Computers down at Sec of State branches. A computer system problem is interrupting transactions at Michigan Secretary of State branches in Lansing, Michigan. The Michigan Department of Technology, Management and Budget said May 19 it is working to correct an outage that occurred May 18 on a mainframe computer that supports secretary of state branch office systems. The problem stems from a broken fiber link. Secretary of state branch offices are open, but citizens visiting them will not be able to conduct most business transactions until further notice. Branches are not able to finish driver’s license or vehicle registration functions. No time estimate is available for restoration of service. Source: http://www.woodtv.com/dpp/news/michigan/computers-at-Secretary-of-State-branches

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)