Daily Report Friday, November 3, 2006

Daily Highlights

The Department of Health and Human Services' Agency for Healthcare Research and Quality, in partnership with the American Academy of Pediatrics, has released a report entitled Pediatric Terrorism and Disaster Preparedness: A Resource for Pediatricians. (See item 28)

The Pittsburgh Post−Gazette reports bronze flag holders, some with plaques that designate military service during America's wars, have disappeared during the past few months at cemeteries in rural southwestern Pennsylvania counties; many are being sold for the scrap metal value. (See item 38)
The Associated Press reports that led by the U.S. Marshals Service, a weeklong sting code−named Operation Falcon III has arrested nearly 11,000 sex offenders, gang members, and other fugitives in 24 states east of the Mississippi River. (See item 40)

Information Technology and Telecommunications Sector

November 01, Security Focus — Microsoft Windows NAT helper remote denial−of−service vulnerability. Microsoft Windows is prone to a remote denial−of−service vulnerability because the server service fails to properly handle unexpected network traffic. Exploiting this issue may cause affected computers to crash, denying service to legitimate users. Reports indicate that this vulnerability can be used to disable the Windows firewall. To exploit this issue, an attacker must have the ability to send malformed network traffic from a network interface located in the LAN−side of an affected computer.
Vulnerable: Microsoft Windows XP Tablet PC Edition SP2; Microsoft Windows XP Tablet PC Edition SP1; Microsoft Windows XP Tablet PC Edition; Microsoft Windows XP Professional SP2; Microsoft Windows XP Professional SP1; Microsoft Windows XP Professional; Microsoft Windows XP Media Center Edition SP2; Microsoft Windows XP Media Center Edition SP1; Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2; Microsoft Windows XP Home SP1; Microsoft Windows XP Home.
Solution: Currently, Security Focus is not aware of any vendor−supplied patches for this issue.
Source: http://www.securityfocus.com/bid/20804/references

November 01, Network World — New trick lures worried employees to visit malicious site. Last week, a handful of employees at Dekalb Medical Center in Decatur, GA, received e−mails saying they were being laid off. The subject line read "Urgent −− employment issue," and the sender listed on the message was at dekalb.org, which is the domain the medical center uses. The e−mail contained a link to a Website that claimed to offer career−counseling information. And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e−mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site. Called targeted spam or spear phishing, this type of spam that's currently on the rise is particularly vexing because the spammer is able to "spoof" the sending e−mail address to make it look like it's coming from within the organization of the recipient, making it difficult for spam filters to catch. And, unlike traditional spam that is sent in the thousands, spammers are sending just handfuls of these messages at a time, again making it difficult for anti−spam technology to detect.
Source: http://www.networkworld.com/news/2006/110106−spam−spear−phis hing.html

November 01, CNET News — Attack code out for new Apple Wi−Fi flaw. Kicking off a
"month of kernel bugs," a security researcher has released attack code that he claims exploits a new security hole in wireless software from Apple Computer.
The vulnerability lies in the Apple AirPort driver, according to details on the flaw published by H.D. Moore, the developer of the Metasploit security tool. It affects only the AirPort driver provided with wireless cards shipped between 1999 and 2003 with PowerBooks and iMacs, the posting said. To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac. The attack entails trying to trigger a memory corruption flaw by sending a malformed data packet to the computer, according to Moore's advisory. But the process isn't easy, and Moore hasn't yet been able to gain complete control over a vulnerable Mac.
Details on the flaw: http://projects.info−pull.com/mokb/MOKB−01−11−2006.html
Source: http://news.com.com/Attack+code+out+for+new+Apple+Wi−Fi+flaw