Friday, August 10, 2012 

Daily Report

Top Stories

 • A massive refinery fire in Richmond, California, could severely impact the facility‘s ability to produce petroleum. Emergency management officials said they planned to ramp up the alert system because emergency calls went out too slowly during the fire that sent more than 1,700 people to hospitals. – Contra Costa Times

1. August 9, Contra Costa Times – (California) Questions raised about Chevron’s handling of gas leak that sparked massive blaze. Federal, State, and local agencies descended August 8 on the site of Chevron‘s massive refinery fire in Richmond, California, as questions deepened about whether the company could have prevented the accident by shutting down a crude unit that began leaking hours before the eruption of the blaze. The lingering fire was finally extinguished the afternoon of August 8, but the company acknowledged that the damage was so severe that the plant‘s ability to produce refined petroleum is limited — a situation that is pushing up gas prices in California and across the Western United States. The investigations may not begin in earnest until August 10, after State officials declare the site safe. At least five separate investigations, including one by the U.S. Chemical Safety Board, will target a pipe that burst after 2 hours of monitored leaking, sparking the fire. About 1,700 western Contra Costa residents visited county hospitals since the evening of August 6, said the director of Contra Costa‘s Emergency Medical Services. Contra Costa had its own phone issues, as the county‘s hazardous materials chief said warning calls to area residents went out too slowly through the automatic phone system. The director plans to beef up the system‘s capacity. Source:

 • Federal highway officials warned that grout used to protect steel support cables on dozens of bridges in 21 States may be contaminated with a chemical that could accelerate rusting. – Baltimore Sun

13. August 8, Baltimore Sun – (Maryland; Virginia; National ) Wilson Bridge, 34 others being checked for possible structural defects. Grout used to protect steel support cables in the Woodrow Wilson Bridge, which carries Interstate 95 over the Potomac River between Maryland and Virginia, may be contaminated with an excessive level of chloride, a corroding substance known to accelerate rusting. The Federal Highway Administration (FHA) warned 21 States — including Maryland — that as many as 3 dozen bridges were built with possibly defective grout manufactured in Ohio between November 2002 and March 2010. Chloride-contaminated grout was blamed in the collapse of a pedestrian walkway at Lowe‘s Motor Speedway in Concord, North Carolina, in 2000, injuring more than 100 fans. In the case of the Woodrow Wilson Bridge, however, federal and State highway officials insist there is no imminent hazard. The FHA said the presence of chloride is not an indication of corrosion but ―does indicate corrosion potential.‖ ―There isn‘t any safety issue. There isn‘t one in the foreseeable future,‖ said a spokesman for the Maryland State Highway Administration. ―There‘s so much redundancy built into the bridge. But we‘re keeping an eye on it.‖ Source:

 • Agricultural officials were on high alert in Colorado after the first anthrax outbreak in a generation killed at least 50 head of cattle on a ranch. – Food Safety News

17. August 9, Food Safety News – (Colorado) Anthrax outbreak on Colorado ranch kills cattle. Colorado‘s first anthrax outbreak in a generation was being investigated on a Logan County ranch, the State government confirmed, Food Safety News reported August 9. Anthrax, an infection caused by the spores produced by Bacillus anthracis, has reportedly killed at least 50 head of cattle on the Colorado ranch. Only bovine infections are likely to arise from the Colorado outbreak, but humans can become infected with anthrax by either breathing spores from infected animal products or eating undercooked meat from infected animals. Foodborne or gastrointestinal anthrax is rare. Colorado placed the ranch involved under quarantine and notified surrounding ranches about the outbreak. No cattle left the ranch before the quarantine, and no infected cattle entered the human food supply, the State veterinarian said. The anthrax was confirmed by a necropsy performed on a dead animal by the Colorado State University Veterinary Diagnostic Laboratories. Cattle, people, and equipment were all being monitored to prevent the disease from leaving the quarantined ranch. During a drought like the one now affecting eastern Colorado, spores can develop naturally in the soils of riverbeds. During periods of rain or flood, these spores can become active and kill many animals quickly, often before anyone realizes they are infected. Source:

 • Massachusetts officials raised the risk level from the dangerous Eastern equine encephalitis virus to ―critical‖ in some towns and said the threat from mosquito-borne illness is the highest in decades. – Reuters

30. August 8, Reuters – (Massachusetts) Massachusetts takes fresh steps against dangerous mosquitoes. Massachusetts officials raised the risk level from the dangerous Eastern equine encephalitis (EEE) virus to ―critical‖ in some towns and said the threat from mosquito-born illness is the highest in decades. Separately, health authorities said August 7 that the State‘s first human case of the virus for 2012 had been identified, although most likely contracted out of State. The man was hospitalized and released. The potentially deadly EEE virus is spread to humans through the bite of an infected mosquito. Aerial spraying — conducted in about 20 Massachusetts communities in late July — will likely resume the week of August 13 in six towns, said a State Department of Public Health spokeswoman. State officials said a mild winter in the Northeast United States contributed to higher mosquito populations this summer in Massachusetts and potentially neighboring States, and was also why mosquitoes carrying EEE were found earlier than normal. Massachusetts had two cases of EEE, one fatal, in 2011. Source:

 • A wildfire burning on the grounds of the Utah National Guard‘s Camp Williams near Salt Lake City quickly doubled in size after the flames jumped containment lines and threatened to detonate thousands of unexploded shells. – Associated Press

33. August 9, Associated Press – (Utah) Wildfire on Utah military camp doubles in size after flames cross containment lines. A wildfire burning on the grounds of the Utah National Guard‘s Camp Williams near Salt Lake City quickly doubled in size after the flames jumped containment lines, Associated Press reported August 9. Fire officials said the blaze was moving away from thousands of unexploded shells that can still detonate on the base grounds. The Pinyon Fire has burned 9.8 square miles and was 10 percent contained the morning of August 9. Containment was at 40 percent the afternoon of August 8 before the flames crossed containment lines. More than 200 firefighters were battling the wildfire with air support. The fire destroyed seven training structures that were part of a mock Afghan village on the camp. Source:


Banking and Finance Sector

9. August 9, Wired – (International) Flame and Stuxnet cousin targets Lebanese bank customers, carries mysterious payload. A newly uncovered espionage tool known as Gauss, apparently designed by the same people behind the State-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to researchers. reported August 9 that the malware steals banking credentials and other information, and also carries a heavily encrypted payload. Gauss was found infecting at least 2,500 machines, most of them in Lebanon, said Russia-based security firm Kaspersky Lab, which discovered the malware in June and published an extensive analysis of it. The malware targets accounts at several banks in Lebanon, as well as customers of Citibank and PayPal. The varied functionality of Gauss suggests a toolkit used for multiple operations. While the banking component adds a new element to State-sponsored malware, the mysterious payload may prove to be the most interesting part of Gauss, since that part of the malware was carefully encrypted by the attackers and so far remained uncracked by Kaspersky. The payload appears to be highly targeted against machines that have a specific configuration, used to generate a key that unlocks the encryption. So far the researchers have been unable to determine what configuration generates the key. Source:

10. August 8, Newark Star-Ledger – (New Jersey) N.J. officials charge Jersey City hedge fund, executives with fraud. New Jersey officials sued a Jersey City-based hedge fund and its executives over charges that they defrauded dozens of investors and sold about $12 million worth of unregistered securities, the Newark Star-Ledger reported August 8. The charges were levied against Osiris Partners and an affiliated entity, Osiris Fund Limited Partnership, and 10 individuals who either worked for the firm or sold unregistered interests in the hedge fund. According to the complaint, the firm violated multiple provisions of the State‘s securities law, including producing falsified investor account statements, and overstating the value of the Osiris fund‘s assets to generate higher management fees and conceal losses. The fund firm also employed unregistered agents to sell limited partnership interests in the Osiris fund, and failed to disclose its chairman‘s criminal background, which included convictions for securities fraud. Source:

11. August 8, Associated Press – (New Mexico) NM Finance Authority exec, ex-controller arrested. The current chief operating officer (COO) and a former controller at the New Mexico Finance Authority (NMFA) were arrested August 8 on charges of State securities violations related to a fake audit that made the agency‘s revenue look stronger than it actually was in 2011. According to the criminal complaint, the former controller faces securities fraud, forgery, and racketeering charges for misrepresenting about $40 million in the audit. Investigators said he acknowledged he forged the agency‘s audit report that provides financial statements about the agency, and he falsely claimed that it had been audited by an outside firm. The COO was charged as an accessory on eight counts of securities fraud and racketeering. He was also charged with conspiring to engage in a pattern of racketeering by misrepresenting NMFA‘s financial statements to ratings agencies, investors that buy the agency‘s bonds, and the State. The NMFA‘s governing board said it would be uncertain about whether any money is missing until a forensic audit of the agency is completed. Source:

For another story, see item 42 below in the Information Technology Sector
Information Technology Sector

38. August 9, IDG News Service – (International) Internet attacks from China and US increased in first quarter of 2012, report says. China and the United States were the two largest sources of Internet-attack traffic in the first quarter of 2012, increasing to account for 16 percent and 11 percent respectively, according to Akamai Technologies. Attack traffic from China increased three percentage points compared to the last quarter of 2011, and attacks from the United States increased one percentage point in the same period, Akamai said in its First Quarter, 2012 State of the Internet report. Russia ranks third in the top 10 and generated 7 percent of all attack traffic, a slight increase compared to 2011‘s results. Over the past 4 years, the United States has been responsible for as little as 6.9 percent of attack traffic and as much as 22.9 percent, Akamai said. The highest concentration of attack traffic generated from China was observed in the third quarter of 2008 when the country was responsible for 26.9 percent of attack traffic, it added. Source:

39. August 9, Dark Reading – (International) Serving up malicious PDFs through SQL injection. In July at the BSides conference Las Vegas, a pair of researchers from FishNet Security demonstrated a new SQL injection attack technique against Web sites that distribute binary file content such as PDFs from dynamically-built URLs. Their methods give attackers the means to stealthily extract data and distribute hidden malware by attacking SQL injection vulnerabilities on these types of sites — even if the back-end database distributing content to the Web application is hardened in every other way. The technique they developed was precipitated by a real-world penetration test and code review conducted by security consultants for FishNet Security against a customer Web application designed to retrieve stored PDFs within a database and return them as a Web page. Source:

40. August 9, The H – (International) Improved Flash sandbox arrives in Chrome for Windows. The Google Chrome developers, with help from Adobe, improved the sandboxing of the browser‘s Flash plugin. To enable the improved sandboxing, the developers ported the Flash player plugin from the older Netscape Plugin API (NPAPI) to Google‘s Pepper Plugin API (PPAPI) architecture, developed especially to allow advanced features such as sandboxing and hardware graphics acceleration to be implemented. These improvements have now arrived as defaults in the Windows version of the browser. Source:

41. August 8, Dark Reading – (International) Top 3 HTML5 vulnerability risk categories. New advice from Forrester Research urges companies to increase the pace of their HTML5 adoption to keep up with mobility trends and enable better online customer experiences. As HTML5 gains relevance in the enterprise, developers need to think carefully about the vulnerabilities their new code may introduce into their organizations‘ Web infrastructure. As one researcher highlighted at the Black Hat annual conference recently, the capabilities afforded by HTML5 open up a whole new world of attack opportunities for hackers. In his talk, the researcher discussed and demonstrated proof-of-concepts for many, different vulnerabilities, with all of them falling under three main categories. Source:

42. August 8, Help Net Security – (International) eBay’s security efforts lead to massive fraud drop and 3K arrests. The online auction and shopping Web site, eBay, managed to cut fraud by 90 percent in the last 3 years, the company‘s former chief information security officer recently said. According to CSO Online, this increased action in shutting down malicious individuals trying to take advantage of the site and its users led to the arrest of some 3,000 people around the world, mostly outside the United States. Source:

For more stories, see item 9, above in the Banking and Finance Sector
Communications Sector

43. August 9, KWQC 6 Davenport – (Iowa) KWQC transmitter repair. Due to technical issues, KWQC 6 in Davenport, Iowa, was broadcasting at extremely low power (3 percent) while they awaited the arrival of a tower crew to replace a bad connector on their transmission line, KWQC 6 Davenport reported. The problem occurred late August 8, and repairs were successfully made overnight and signal transmission was near 50 percent power the morning of August 9. Engineers shut down the transmitter while the transmission line was repaired. Source:

44. August 8, Minneapolis Star Tribune – (Minnesota) Lightning strikes twice at KBEM. KBEM 88 FM Minneapolis was kept off the air for close to 24 hours beginning late August 3 and continuing into the evening of August 4 by what was diagnosed as a lightning strike, Minneapolis Star Tribune reported August 8. Lightning also knocked the station off the air for part of the weekend of May 26. According to the district spokeswoman, equipment belonging to the station‘s communications provider was struck and ―all of our communications suffered.‖ That affected a T1 internet connection that links the studio and transformer, another line that is used as a backup, and the phone link that notifies the staff that there is a problem. She said that normally tower equipment begins calling at 90 seconds of dead air, but the downed link prevented that. Normally when the T1 line fails, there is a backup. But the unit that handles that was still back at the factory being repaired from the May 28 lightning strike. Source: