Daily Report Tuesday, November 14, 2006

Daily Highlights

California wind company operators say that within the past year, trespassing and burglaries have increased at the 50,000−acre Altamont Wind Resource Area with thieves cutting and stealing the copper electrical cables used to operate the 5,400 windmills east of Livermore. (See item 1)
The U.S. Coast Guard began a pilot program on Monday, November 13, that will collect biometric information from illegal migrants interdicted while attempting entry into U.S. territory through the body of water between the Dominican Republic and Puerto Rico known as the Mona Passage. (See item 10)

Information Technology and Telecommunications Sector

35. November 13, Information Week — Mobile devices provide more opportunities for mischief and theft. Smartphones and similar devices increasingly are being used by business professionals to store information, tap into customer accounts, and exchange data with the office. The expanded use of mobile devices has caught the interest of criminals and malicious hackers, and several proof−of−concept mobile viruses have emerged in recent months. The growth of Microsoft Windows Mobile 5.0 in the device market also creates new security concerns. Windows Mobile 5.0, released to manufacturers in May, offers more and easier ways to exchange information with back−end servers than previous versions, and it's the first Windows operating system to appear on popular Palm devices. Trojan.Wesber, a proof−of−concept virus for Windows Mobile discovered in September, sends messages from a mobile device via the Short Message Service wireless protocol without the device user's consent, similar to the Redbrowser Trojan reported earlier this year. MSIL.Cxover.A, discovered in March, searches for a device connected to a wireless network, then attempts to establish an ActiveSync connection to the device. If successful, the worm copies itself as a file and disconnects the ActiveSync connection. While there haven't been any public reports of data breaches or other incidents resulting from these viruses, they demonstrate hacker interest in mobile devices.
Source: http://www.informationweek.com/story/showArticle.jhtml?artic leID=193700286

36. November 11, eWeek — Alarm raised for critical Broadcom Wi−Fi driver flaw. Computer security analysts are raising the alarm for a critical vulnerability in the Broadcom wireless driver embedded in PCs from HP, Dell, Gateway and eMachines. The vulnerability, which was exposed as part of the Month of Kernel Bug project, is a stack−based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver that could be exploited by attackers to take complete control of a Wi−Fi−enabled laptop. The vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field and can lead to arbitrary kernel−mode code execution. The volunteer Zero Day Emergency Response Team warns that the flaw could be exploited wirelessly if a vulnerable machine is within range of the attacker.
Source: http://www.eweek.com/article2/0,1895,2056023,00.asp

37. November 10, CNET News — UK outlaws denial−of−service attacks. A UK law has been passed that makes it an offense to launch denial−of−service attacks, which experts had previously called "a legal gray area." Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, November 8, is a clause that makes it an offense to impair the operation of any computer system. Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer. The maximum penalty for such cybercrimes has also been increased from five years to 10 years.
Source: http://news.com.com/U.K.+outlaws+denial−of−service+attacks/2100−7348_3−6134472.html