Daily Report Wednesday, January 31, 2007

Daily Highlights

The Associated Press reports an explosion leveled a gas station near a ski resort in West Virginia killing at least four people and seriously injuring at least nine others; a propane tank exploded just as a fire truck was pulling into the station in response to reports of a leak. (See item 2)
A Vermont state computer containing personal information such as names, Social Security numbers, and bank account information for 70,000 Vermonters has been hacked in an automated computer attack that puts their personal information at risk for misuse. (See item 7)
United Press International reports federal authorities are treating Super Bowl XLI in Miami on Sunday, February 4, as a Level 1 security event with measures far beyond other football games. (See item 39)

Information Technology and Telecommunications Sector

33. January 30, Sophos — Korean programmers arrested for sending 1.6 billion spam e.mails. Sophos has welcomed the arrests of two men suspected of being involved in one of South Korea's biggest spam incidents. The men, one aged 20 and the other 26.years.old, are alleged to have broken the law by sending out 1.6 billion spam e.mails between September and December 2006. South Korean authorities in Seoul claim that the duo, both computer programmers, obtained personal and financial information from 12,000 victims which they then sold to other firms. South Korea was revealed in Sophos' recent security report as the third.worst nation in the world for relaying spam.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/kore anspam.html

34. January 30, IDG News Service — Cingular, Priceline, Travelocity settle adware suit. Cingular Wireless, Priceline.com, and Travelocity.com have settled with New York State's attorney general after the state accused them of contributing to the spread of adware. The companies agreed to pay fines and take steps to help keep adware off users' PCs but did not admit guilt in the case. It marked the first time law enforcement had held advertisers responsible for ads delivered via adware, according to a statement by Attorney General Andrew Cuomo's office. DirectRevenue actually installed the adware.
Source: http://www.infoworld.com/article/07/01/30/HNcingularpricelin etravelocity_1.html

35. January 30, CNET News — Experts: Don't buy Vista for the security. Windows Vista is a leap forward in terms of security, but few people who know the operating system say the advances are enough to justify an upgrade. Microsoft officially launched Vista for consumers Tuesday, January 30. The software giant promotes the new operating system as the most secure version of Windows yet. It's a drum Microsoft has been beating for some time. Now that Vista is finally here, pundits praise the security work Microsoft has done. However, most say that is no reason to dump a functioning PC running Windows XP with Service Pack 2 and shell out $200 to upgrade to Vista. "As long as XP users keep their updates current, there's generally no compelling reason to buy into the hype and purchase Vista right away," said David Milman, chief executive of Rescuecom, a computer repair and support company. "Upgrading to Vista is pretty expensive, not only the new software but often new hardware as well," said Gartner analyst John Pescatore. "If you put IE 7 on a Windows XP SP2 PC, along with the usual third.party firewall, antiviral and antispyware tools, you can have a perfectly secure PC if you keep up with the patches."
Source: http://news.com.com/Experts+Dont+buy+Vista+for+the+security/2100.1016_3.6154448.html?tag=nefd.lede

36. January 30, CNET News — Spanish start.up promises free Wi.Fi for all. A small Spanish start.up called Whisher is thumbing its nose at U.S. broadband providers as it prepares to launch a new service that lets people share their broadband connections via Wi.Fi. "Either you believe in the user.generated revolution or you believe ISPs rule the world," said Ferran Moreno, co.founder and CEO of Whisher. "I believe ISPs don't rule the world and how the Internet works." Of course, there is one small snag in Moreno's utopian view of free Wi.Fi for everyone. In the U.S., it's illegal. Time Warner and other broadband providers such as Verizon Communications said it's rare that they have to take action against subscribers sharing their broadband service outside their home. But representatives from each company said that if illegal sharing persists, the company takes action, which could result in users getting their service cut off or even facing prosecution. So far, broadband providers have not come down hard on other companies proposing to build free Wi.Fi networks that cobble together networks using existing Wi.Fi hot spots. But this could be because these networks are still relatively new, and their service models require additional equipment.
Source: http://news.com.com/Spanish+start.up+Whisher+promises+free+Wi.Fi+for+all/2100.7351_3.6154438.html?tag=nefd.lede

37. January 30, Information Week — Organized malware factories threaten Internet users, study says. Spam, malware, phishing, and other forms of cyberattacks will likely increase in 2007 as more cyber.criminals organize into sophisticated manufacturing and distribution networks that mirror in structure the computer industry's legitimate production channels, according to a study released Monday, January 29. The study, authored by IBM, warns of the emergence of a so.called "exploits.as.a service" industry. "Managed exploit providers are purchasing exploit code from the underground, encrypting it so that it cannot be pirated, and selling it for top dollar to spam distributors," the report says. The industrialization of malware production will make it tougher for corporate IT security departments to stay ahead of the hackers, says an IBM researcher who helped author the study. "With this whole infrastructure that these criminal organizations are building they can not only target these attacks, they can build custom malware to be used against you. Meaning the probability of you being affected by a piece of malware no one has ever seen before is much higher today than it ever was before," says Gunter Ollmann, director of security strategy at IBM's Security Systems unit.
Report: http://www.iss.net/documents/whitepapers/X_Force_Exec_Brief. pdf
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=JSHY1CJG1SGRIQSNDLRCKHSCJUNN2JVN?articleID=197001739

38. January 29, CNET News — Net pioneer predicts overwhelming botnet surge. Internet pioneer Vint Cerf has warned high.powered attendees at the World Economic Forum in Davos, Switzerland, that the Internet is at serious risk from botnets. Vast networks of compromised PCs, used by criminals for sending spam and spyware and for launching denial.of.service attacks, are reported to be growing at an alarming rate in terms of their potential. Cerf, now an employee of Google, warned that they could undermine the future of the Internet and likened their spread to a pandemic. Cerf predicted that a quarter of all PCs currently connected to the Internet .. around 150 million .. could be infected by Trojans that covertly seize control of a computer and its broadband connection, handing control of both to criminals in remote locations. According to Mark Sunner, chief security analyst at MessageLabs, Cerf's words of warning are far from scaremongering and the picture is at least as serious as Cerf paints it.
Source: http://news.com.com/Net+pioneer+predicts+overwhelming+botnet+surge/2100.7348_3.6154221.html
Daily Report Tuesday, January 30, 2007

Daily Highlights

The Federal Railroad Administration, in part as a response to a serious November 2006 accident, has issued a safety advisory to railroad industry owners and operators urging them to ensure that specialized maintenance equipment is only operated by fully qualified individuals and is properly inspected. (See item 15)
The Army Corps of Engineers, in an inspection program that has grown more aggressive since Hurricane Katrina overwhelmed levees across the Gulf Coast in August 2005, has identified 146 levees nationwide that pose an unacceptable risk of failing in a major flood. (See item 36)
The Associated Press reports police are on the lookout for a man described as being of Middle Eastern descent who tried to gain access to the Barrett Firearms plant, which makes 50.caliber rifles that could be used to bring down commercial airliners or penetrate rail cars and storage plants holding hazardous materials. (See item 37)

Information Technology and Telecommunications Sector

29. January 29, IDG News Service — Symantec to buy asset management vendor Altiris. Symantec will acquire Altiris, a maker of asset management software for mobile devices and other hardware, for $830 million, the companies said Monday, January 29. Symantec said it will merge technology from Altiris into its endpoint security products, which deal with compliance, security, and backup issues.
Source: http://www.infoworld.com/article/07/01/29/HNsymantecbuysalti ris_1.html

30. January 29, Agence France.Presse — Repairs to quake.hit Asia Internet cables delayed again. Hong Kong's telecom regulator says bad weather had again delayed full repairs to undersea cables damaged last year by an earthquake, which badly disrupted Internet access in parts of Asia. The Office of the Telecommunications Authority (OFTA) said most of the seven submarine cables, damaged by a powerful 7.1.magnitude temblor off Taiwan on December 26, have now been fixed but that one will take longer than estimated. Repair work will be completed at the end of February, instead of mid.February as had been anticipated earlier. "The repair work of one section of a cable will now complete by the end of next month," said OFTA Director General Au Man.ho. "Bad weather, technical problems and other reasons are causing the delay." However, he said Internet providers had diverted Web traffic and that the delay was not having a significant impact on Internet services in Hong Kong.
Source: http://news.yahoo.com/s/afp/20070129/tc_afp/asiaquakeinternet;_ylt=AkPe2aokcV9ioj2vUK3ms8IjtBAF;_ylu=X3oDMTA0cDJlYmhvBHNlYwM.

31. January 29, IDG News Service
— Adobe looks to have full PDF spec become ISO standard. Adobe Systems is taking the first step towards having its entire Portable Document Format (PDF) specification recognized as a global standard by the International Organization for Standardization (ISO). The vendor announced Monday, January 29, plans to submit the full PDF 1.7 specification to enterprise content management nonprofit organization the Association for Information and Image Management (AIIM) with the hope that AIIM will then recommend ISO adopt it as an international standard. In part the move was driven by a growing proliferation of ISO standards around different subsets of the PDF specification, according to Sarah Rosenbaum, director of product management with Adobe. “It was becoming a bit of an alphabet soup dependent on industries or uses of the specification,” she said.
Source: http://www.macworld.com/news/2007/01/29/pdfiso/index.php

32. January 29, Reuters — China's 4G wireless launch leapfrogs 3G. China, still working on its long.delayed homegrown third.generation (3G) wireless standard, has leapfrogged itself by launching the world's first fourth.generation (4G) standard, state media said on Monday, January 29. Data.rich 3G telephony .. which allows high.speed transmission of data and images .. is not yet available in Mainland China. But a group of 10 "leading domestic institutions" called the "FuTURE Project" on Sunday rolled out 4G in Shanghai, the official China Daily reported. China aims to hold field tests for the 4G system and put it into trial commercial use up until 2010.
Source: http://news.com.com/Report+Chinas+4G+wireless+launch+leapfrogs+3G/2100.1039_3.6154100.html?tag=nefd.top

33. January 29, VNUNet — Debian warns of Mozilla bugs. Linux distributor Debian issued a security advisory over the weekend, warning of several problems in Mozilla and associated products such as Mozilla Firefox. The vulnerabilities include bugs in the layout engine which could allow a denial.of.service attack and the execution of arbitrary code. Vulnerabilities in the JavaScript engine could allow the same attacks, and a "shutdown" flaw could allow remote attackers to gain privileges and install malicious code via the watch JavaScript function.
Source: http://www.vnunet.com/vnunet/news/2173641/debian.warns.mozil la.bugs

34. January 29, Reuters — Vista is ready for consumers. After more than five years of development, over 50 million lines of software code, a $6 billion investment and a few headaches, Microsoft Corp.'s Windows Vista finally reaches consumers this week. But the extent of success of the new operating system may depend more on large corporations, looking for different things than the multimedia bells and whistles aimed at home users and who have more discretion about when to buy the software. Computers running Vista go on sale at retailers Tuesday, January 30, two months after Microsoft made it available to corporate, or enterprise, customers. This is the first major upgrade of the Windows operating system since Microsoft first released Windows XP in October 2001.
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=YKEAUQMNHZS1GQSNDLRSKH0CJUNN2JVN?articleID=197001179

35. January 28, Sophos — Malware shipped on TomTom SatNav devices. Internet reports claim that some TomTom GO 910 satellite navigation devices for car drivers have been shipped with malware pre.installed. An Internet posting by British technology journalist Davey Winder contains a statement by the makers of the dashboard.mounted SatNav units acknowledging the incident. TomTom SatNav devices are Linux.based, and cannot be infected by the malware. However, Windows users who connect to the device via their USB port could risk running the malicious code and infecting their desktop computers.
Winder's report: http://www.daniweb.com/blogs/entry1276.html
TomTom public statement:
http://www.tomtom.com/news/category.php?ID=2&NID=349&Languag e=2
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/tomt om.html
Daily Report Monday, January 29, 2007

Daily Highlights

The Associated Press reports safety experts say that determining what caused an Indonesian jetliner, a Boeing 737, to plunge into the sea with 102 people on board is important for global aviation safety in case there are structural problems with the world's most popular aircraft. (See item 17)
The Department of Transportation has released a manual that will help airlines, airports, and local governments prepare to stop the introduction of emerging diseases and to recognize and control pandemic outbreaks before they have a widespread impact on public health. (See item 19)
The University of Arkansas reports an interdisciplinary team of researchers has developed a portable biosensor for in.field, rapid screening of avian influenza virus that detects the avian influenza strain H5N1 in poultry in less than 30 minutes. (See item 33)

Information Technology and Telecommunications Sector

40. January 26, InfoWorld — Symantec warns of new zero.day Word attack. Hackers are exploiting a new, unpatched vulnerability in Microsoft Word that could allow them to take control of a victim's computer, Symantec has warned. The zero.day vulnerability is the fourth in Microsoft's widely used Word 2000 software that has not yet been patched, the security company said in its Security Response Weblog. This vulnerability one affects most versions of Windows running Word, Symantec's advisory said. The attack comes via an infected Word document, a method increasingly used by hackers for targeted attacks. If the document is opened, it installs a Trojan horse program, called Trojan.Mdropper.W, onto the computer. The Trojan also puts other files on a computer that enable a hacker to control it.
Symantec Advisory: http://www.securityfocus.com/bid/22225/info
Source: http://www.infoworld.com/article/07/01/26/HNnewwordzerodayat tack_1.html

41. January 26, VNUNet — Flaw found in PGP Desktop encryption tool. Users of the popular PGP Desktop encryption tool are being urged to upgrade to the latest version of the software after the discovery of a flaw in the code. The flaw exists in the Windows Service which PGP Desktop installs, and could be used by any local or remote user to run code with escalated privileges. Vulnerability testers NGS Software rated the flaw as a "medium risk" and said that it affects versions of the software earlier than PGP Desktop 9.5.1. The company does not yet have a workaround and is urging all PGP Desktop users to upgrade as a matter of urgency.
Source: http://www.vnunet.com/vnunet/news/2173564/flaw.found.pgp.enc ryption

42. January 25, University of New Hampshire — UNH unveils Cyber Threat Calculator. Hackers, terrorists and nations all use computers, but who really is capable of damaging U.S. critical infrastructure? The University of New Hampshire (UNH) Thursday, January 26, unveiled the UNH Cyber Threat Calculator, which assesses the level of threat any attacker poses to specific sectors in the country that rely on information technology. The UNH Cyber Threat Calculator was developed by researchers at UNH Justiceworks and students, and offers a new method to identify and quantify the threats posed to the United States’ cyber infrastructure. To determine the overall threat level, analysts enter data for a particular organization or country into the calculator, which assigns a value to variables that measure the actor’s intent and technological capabilities. These variables assess the actor’s intent to use cyber warfare means, as well as its technical capabilities to put such means into practice. The higher number assigned to a possible attacker by the calculator, the greater the threat.
Source: http://www.unh.edu/news/cj_nr/2007/jan/lw25cyber.cfm

43. January 25, eWeek — Apple ships Airport security update. Apple on Thursday, January 25, shipped an Airport security update to fix a kernel panic issue that could allow attackers to cause system crashes. The company's fix comes almost two months after the issue was first flagged in the Month of Kernel Bugs project in November 2006. Apple credited the anonymous researcher known only as L.M.H. for reporting the issue. This comes one day after the release of a QuickTime update to fix a flaw exposed by L.M.H., but in that instance Apple did not acknowledge the controversial researcher.
Airport Update: http://docs.info.apple.com/article.html?artnum=305031
Source: http://www.eweek.com/article2/0,1895,2087724,00.asp

44. January 25, eWeek CA predicts more attacks on experienced users. The continued rise of IT threats that seek to trick even the most careful PC users ranks among the top issues highlighted by software maker CA in its latest online security research report. Published on Thursday, January 25, the 2007 Internet Threat Outlook highlights the most pressing online security trends projected to have an impact over the next 12 months. According to CA, malware writers will continue to blend multiple threat formats and utilize new, covert distribution methods in 2007, making it harder for even the most informed users to discern the difference between legitimate content and attacks. CA said malware brokers will continue to piece together threats such as Trojan horse viruses, worms and the many forms of spyware to hide their attacks and evade technological defenses. With the level of professionalism rising quickly among the most sophisticated virus distributors, CA predicts that zero.day exploits, drive.by malware downloads and extremely intricate phishing schemes will continue to become more dangerous and harder to detect. Of particular danger to PC users will be blended threats that combine different elements of the various attack models, such as spam.borne Trojans and cross.site scripting code loaded onto legitimate Websites.
Report: http://www3.ca.com/Files/SecurityAdvisorNews/ca_2007_internet_threat_outlook_final.pdf
Source: http://www.eweek.com/article2/0,1895,2087584,00.asp

45. January 25, IDG News Service — Half of pirated Vista is malware. About half of the downloads claiming to be free versions of Microsoft's Vista operating system are actually malicious Trojan horse software, security vendor DriveSentry warned Thursday, January 25. With Vista's consumer launch just days away, hackers have been bombarding discussion boards with offers of "cracked" versions of Windows Vista, which are typically being distributed on peer.to.peer networks, said John Lynch, vice president of sales and marketing for DriveSentry. These posts offer downloads of the operating system that skip Vista's activation process, created by Microsoft to prevent users from running illegal copies. Users who fall for the scam can end up with some pretty nasty problems, according to Lynch. DriveSentry researchers have found malicious key.logging software and spyware on about half of the downloads it has examined recently, he said.
Source: http://www.infoworld.com/article/07/01/25/HNpiratedvista_1.h tml
Daily Report Friday, January 26, 2007

Daily Highlights

Business Week reports the Massachusetts Bankers Association says customer data stolen by computer hackers from TJX Cos. has been used to make fraudulent debit card and credit card purchases in the United States and overseas. (See item 9)
The Associated Press reports a leading Olympic security expert believes it is 'just a matter of time' before terrorists target a major sports event, and that spectators should be screened before they get to the event location. (See item 34)

Information Technology and Telecommunications Sector

30. January 24, U.S. Computer Emergency Readiness Team — US.CERT Technical Cyber Security Alert TA07.024A: Cisco IOS is affected by multiple vulnerabilities. Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial.of.service. Systems Affected: Cisco network devices running IOS in various configurations. Cisco has published three advisories describing flaws in IOS with various security impacts, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Although the resulting impacts of these three vulnerabilities is slightly different, in two of the vulnerabilities, a remote attacker could cause an affected device to reload the operating system.
Solution: Cisco has updated versions of its IOS software to address these vulnerabilities. Please
refer to the "Software Versions and Fixes" sections of the following Cisco Security Advisories
for more information on upgrading:
Crafted TCP Packet can cause denial.of.service:
http://www.cisco.com/warp/public/707/cisco.sa.20070124.craft ed.tcp.shtml
Crafted IP option vulnerability:
http://www.cisco.com/warp/public/707/cisco.sa.20070124.craft ed.ip.option.shtml
IPv6 routing header vulnerability:
http://www.cisco.com/warp/public/707/cisco.sa.20070124.IOS.I Pv6.shtml
Cisco has also published practical workarounds for these vulnerabilities. Please refer to the
"Workarounds" section of each Cisco Security Advisory for more information. Sites that are
unable to install an upgraded version of IOS are encouraged to implement these workarounds.
Source: http://www.uscert.gov/cas/techalerts/TA07.024A.html

31. January 24, eWeek — The zero.day dilemma. The recent surge in malware attacks against zero.day flaws in some of the most widely used software packages is confirmation of an IT administrator's worst nightmare: Stand.alone, signature.based anti.virus software offers no protection from sophisticated online criminals. During 2006, there was a wave of zero.day attacks against Microsoft Office applications that bypassed all anti.virus protection at the network and desktop level. Because traditional anti.virus technology depends on the ability to quickly capture malware samples, reverse the code for the specific characteristics, and then write and release detection signatures, the zero.day attack presents a major dilemma. "Signatures have been dead for a long time now," said Roger Thompson, an anti.virus pioneer who now runs the Atlanta.based Exploit Prevention Labs. "[Attackers] use new packers or tweak their code so that it's different enough to bypass signatures for a short while. By the time you get a signature out, it's too late. They've already hit enough targets." The death of stand.alone, signature.driven anti.virus software has forced incumbent security software vendors to reshape their product lineups.
Source: http://www.eweek.com/article2/0,1895,2087034,00.asp

32. January 24, CNET News — Competition planned for new crypto standards. The National Institute of Standards and Technology (NIST) is planning a public competition to develop one or more cryptographic "hash" algorithms, it said Tuesday, January 23. Such algorithms are widely used by the federal government and others in applications such as digital signatures and message authentication. However, the current cryptographic standards are under continued attack, weakening their security. "Because serious attacks have been reported in recent years against cryptographic hash algorithms, including SHA.1, NIST is preparing the groundwork for a more secure hash standard," the organization, a federal agency within the U.S. Commerce Department's Technology Administration, said on its Website. Any newly approved algorithm is meant for federal use or to revise the current Secure Hash Standard, NIST said on its site.
For more information: http://www.csrc.nist.gov/pki/HashWorkshop/index.html
Source: http://news.com.com/Competition+planned+for+new+crypto+standards/2100.1029_3.6152936.html

33. January 24, VNUNet — Wikipedia shuts out link spammers. Wikipedia has started to instruct search engines to ignore links on its pages which point to external Websites. The user.created encyclopedia has started to include "nofollow" tags in all external links. This prevents the links from being spidered by search engines, or used to determine a Website's popularity by mechanisms such as Google's PageRank. Wikipedia took the action in response to a search engine optimization contest in which Webmasters were challenged to gain the highest ranking with major search engines for the query "Global warming awareness 2007." One of the contestants created a spam entry on Wikipedia which included a link to his own Webpage. The "nofollow" tag was first introduced by companies providing blogging services in an effort to curb the flow of spam links in comments on blogs.
Source: http://www.vnunet.com/vnunet/news/2173254/wikipedia.shuts.li nk.spammers
Daily Report Thursday, January 25, 2007

Daily Highlights

Reuters reports utilities in five western U.S. states are in the process of setting up the Northern Tier Transmission Group, which is designed to facilitate coordination of big power lines in the area. (See item 1)
The Washington Post reports as the number of armed pilots aboard U.S. jetliners has expanded, pilots complain about a lack of supervision and the difficulty in finding time to participate in training courses; federal security officials are launching a refresher training program next month to address this. (See item 14)

Information Technology and Telecommunications Sector

32. January 24, IDG News Service — Apple patches security flaw in QuickTime. Apple Inc. has patched a vulnerability in its QuickTime media player that could give a hacker control over a computer. The problem concerns a buffer overflow that can occur when QuickTime processes a Real Time Streaming Protocol Uniform Resource Locator (RTSP URL), which directs the player to a streaming file and allows a user to play and pause it. A hacker could create a malicious RTSP URL embedded in a Webpage that would open a door for other harmful code to run on a machine, Apple said. The patch comes more than three weeks after researchers who are part of the Month of Apple Bugs project published exploit code.
QuickTime patch: http://www.apple.com/support/downloads/
Source: http://www.infoworld.com/article/07/01/24/HNquicktimepatch_1 .html

33. January 24, Sophos — Storm worm turns to love in major new attack. Sophos is warning of a major new malicious attack occurring against Internet users. New variants of the Dorf malware family (earlier incarnations of which purported to be breaking news of deaths caused by European storms) are now using disguises associated with love and greeting cards. Subject lines used in the spam campaign are many and varied. Some of them include "You're so Far Away," "I Dream of you," "Old Together," "Dream Date Coupon," "Together You and I," "A Bouquet of Love," "So in Love," "Cuddle Up," and "Vacation Love." Attached to the e.mails are files called flash postcard.exe or greetingcard.exe, which contain the worm. Opening the attached files on a PC activates the worm, which then sends itself to other e.mail addresses found on the now infected computer. Sophos analysts believe that the worm code is designed to attempt to download further malicious code from the Internet designed to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/dorf love.html

34. January 24, Sophos — Couple sued for sending five million spam cell phone messages. Sophos has warned of the rising nuisance of spam sent to mobile phones as two people from Florida have been charged with flooding cell phones with spam messages advertising time shares. Illinois Attorney General Lisa Madigan has filed a suit against Neela Pundit and Charles Rossop for sending five million unsolicited text messages to cell phone owners across the country. More than 200 consumers complained in Illinois alone after receiving the advertisements in October and November 2006 which read: "We have someone interested in buying or renting your Time Share." The advertisement encouraged recipients to visit two Internet Websites.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/smss pam.html

35. January 23, Information Week — One hacker kit accounts for 71 percent of attacks. A multi.exploit hack pack was responsible for nearly three.fourths of all Web.based attacks during December, a security company said Tuesday, January 23. Tagged with the moniker "Q406 Roll.up," the attack kit was behind 70.9 percent of last month's attacks, reported Atlanta, GA.based Exploit Prevention Labs. Up to a dozen different exploits make up the kit, which includes several exploits derived from the proof.of.concept code that researcher HD Moore published in July 2006 during his "Month of Browser Bugs" project. It's difficult to tell the exact number of exploits in the package, said Exploit Prevention's chief technology officer, Roger Thompson, because the kit is heavily encrypted. The most common exploits found in the kit are setSlice, VML, XML, and (IE COM) Createcomobject Code. "The dominance of this package reinforces the fact that the development and release of exploits frequently parallels legitimate software businesses," Thompson said in a statement.
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=196902970

36. January 23, eWeek — Compatibility concerns hinder Vista upgrades. Microsoft's new operating system may be the most eagerly anticipated release of the past 10 years, but concerns over compatibility, bugs and security are keeping many IT professionals from doing so soon, according to the survey released Tuesday, January 23, by Cambridge, MA.based Bit9, a provider of desktop lockdown solutions. Only 68 percent of IT pros reported that they'd be upgrading to Vista in 2007, though very few had made immediate plans. Of those who had expressed their intention to shift to the new operating system, 58 percent said they'd be waiting six months to one year after the launch to do so, while but 10 percent planned to roll out the upgrade in the next six months.
Research Brief (registration required):
http://www.bit9.com/files/Bit9_Vista_Survey_Research_Brief_v f.pdf
Source: http://www.eweek.com/article2/0,1895,2086703,00.asp

37. January 23, IDG News Service — Google.de domain gets kidnapped. Visitors to the German Website of Google were met with a strange sight early Tuesday morning, January 23: Gone was the Google logo, replaced by the name of a local Internet service provider with the message that no content was available for the domain. The Internet address of google.de and the page name were transferred to the new ISP, Goneo Internet GmbH, in a domain name grab that has confused Google users and infuriated company officials. Not all of Google's German Websites were affected by the domain grab, and those that were got restored within approximately two hours. In Google's case, two key security measures to prevent domain hijacking failed, a situation that could lead to changes in German domain name regulations, according to German domain registry Denic eG.
Source: http://www.infoworld.com/article/07/01/23/HNgooglegermany_1. html
Daily Report Wednesday, January 24, 2007

Daily Highlights

The Associated Press reports a United Airlines passenger faces federal charges for allegedly making statements about a hijacking, trying to open a cabin door, and fighting with flight attendants while aboard a flight from Boston to San Francisco. (See item 11)
The Army Corps of Engineers began lowering the water level on Lake Cumberland behind the Wolf Creek Dam, on Monday, January 22, fearing a dam break that could cause catastrophic flooding in Kentucky and Tennessee. (See item 29)

Information Technology and Telecommunications Sector

26. January 23, IDG News Service — Symantec: Storm Trojan worst outbreak since 2005. Malicious software that was sent out in millions of spam messages over the weekend has now infected about 300,000 computers, making it the worst malware outbreak since 2005, Symantec said Monday, January 22. The so called "Storm Worm" e.mail messages first started appearing last Wednesday, advertising attached news reports on topics like "230 Dead as storm batters Europe," or "U.S. Secretary of Sate Condoleeza Rice has kicked German Chancellor." "Over the weekend it really kicked into high gear," said Patrick Martin, senior product manager with Symantec Security Response. The last time malicious software spread this quickly was in May 2005, when the Sober.O mass.mailing worm affected a similar number of systems, Martin said. The latest versions of the worm include similarly provocative news headlines and malicious attachments, but the criminals have added a twist over the past few days: the text of the e.mail messages now contains glowing reviews of penny stocks. In addition, some of the recent versions of these Trojan e.mails have contained subject lines such as "A Bouguet of Love," "A Day in Bed Coupon," or "A Monkey Rose for You." security vendor F.Secure Corp. warned.
Source: http://www.infoworld.com/article/07/01/23/HNstormtrojanworst _1.html

27. January 23, IDG News Service — Latest McAfee upgrade jams up Lotus Notes. The latest upgrade to McAfee's VirusScan Enterprise security software is causing hiccups for some versions of IBM's Lotus Notes, the companies warned. The problem affects users who have upgraded to VirusScan Enterprise 8.5i and are using the R6 or R7 version of Lotus Notes, McAfee said. While working in Lotus Notes e.mail for a period of time, typically an hour or two, the program will display the following error message when users try to open or delete e.mail: "You are not authorized to perform that operation." Users can close the dialog box but then can't do anything else in Notes.
Source: http://www.infoworld.com/article/07/01/23/HNmcafeeupgradejam snotes_1.html

28. January 23, IDG News Service — China Internet market grows to 137 million users. China added another 14 million Internet users in 2006, retaining its status as the world's second largest Internet market with 137 million total users, the China Internet Network Information Center announced Tuesday, January 23. Of those, 90.7 million access the Internet using a broadband connection, a 15 percent jump over 2005, although total broadband use held steady at two.thirds of the Internet population. Also, 17 million users now access the Internet primarily via a wireless device.
Source: http://www.infoworld.com/article/07/01/23/HNchinainternetgro ws_1.html
Daily Report Tuesday, January 23, 2007

Daily Highlights

A new rule going into effect Tuesday, January 22, will require Americans flying to Mexico, Canada and the Caribbean to show a passport to get back into the country. (See item 10)
USA TODAY reports the Transportation Security Administration will start a nationwide tracking system in about a month to determine how long rail cars filled with lethal materials are stopped on tracks or sit in unsecured storage yards in urban areas. (See item 15)
The Department of Homeland Security Secretary Michael Chertoff has designated the President's State of the Union Address as a National Special Security Event and the U.S. Secret Service assumes its legally mandated role as the lead federal agency for the design and implementation of the operational security plan. (See item 26)

Information Technology and Telecommunications Sector

30. January 22, IDG News Service — MySpace files law suit against Spam King. MySpace.com has filed a lawsuit against the self.proclaimed "Spam King" for allegedly blasting the portal with spam through the use of compromised user accounts, the Website said on Monday, January 22. MySpace also seeks a permanent injunction to bar Scott Richter, who has fought with Microsoft and the state of New York over spam, and his affiliates from using the popular social networking site. Richter runs Optinrealbig.com, an e.mail marketing company based in Westminster, CO. MySpace, which is owned by News Corp., also accused Richter of running afoul of the federal CAN.SPAM act and California's anti.spam law. The suit was filed Friday in U.S. District Court in Los Angeles. MySpace users can send "bulletins" .. a few lines of text .. to blocks of users who are in their circle of friends. That distribution power has made MySpace a frequent target for spammers, who can reach up to thousands of users if they have the log.in and password for a single account.
Source: http://www.infoworld.com/article/07/01/22/HNmyspacesuesspamk ing_1.html

31. January 22, IDG News Service — China Mobile buys stake in Pakistani wireless firm. China Mobile Communications, the world's largest mobile phone service provider, took its first major step outside China on Sunday, January 21, sealing a $284 million deal to buy most of the outstanding shares of a wireless operator in Pakistan. The Chinese company, parent company of China Mobile Ltd., agreed to buy 88.9 percent of Paktel Ltd. from Millicom International Cellular, it said in a statement. China Mobile signed the deal after months of talks.
Source: http://news.yahoo.com/s/infoworld/20070122/tc_infoworld/8530 3

32. January 22, CNET News — Cyberthreat experts to meet at secretive conference. Internet security experts are gathering at a secretive conference later this week to strategize in their fight against cybercriminals. The meeting on Thursday and Friday, January 25.26, at Microsoft's Redmond, WA, headquarters is slated to bring together representatives from security companies and government and law enforcement officials, as well as others involved in network security. The agenda focuses on botnets and related topics, seen by experts as a prime threat to the Internet. "These events have been a great way to build trust in the security community, which can lead to collaboration and data sharing. This helps in the overall efforts to combat the cybercriminals," said Dave Jevans, chairman of the Anti.Phishing Working Group, who is slated to speak at the event later this week.
Source: http://news.com.com/Cyberthreat+experts+to+meet+at+secretive+conference/2100.7348_3.6151860.html?tag=nefd.lede

33. January 22, VNUNet — Mobile operators urged to prepare for WiMax threat. The impact of WiMax on the mobile telephony industry could be profound, and carriers need to put together strategies concerning the wide area wireless technology now, industry experts urged Monday, January 22. In.Stat warned existing cellular carriers that WiMax may become a big competitor. However, the analyst firm conceded that the technology could also be a great ally, or a minor factor for established mobile operators. "WiMax faces many challenges, including multiple incompatibility standards, different frequency allocations in each country, and expensive consumer devices, " said In.Stat analyst Allen Nogee.
Source: http://www.vnunet.com/vnunet/news/2173166/mobile.operators.p repare.wimax

34. January 22, Sophos — U.S. is worst for malware hosting and spam.relaying: Report. Sophos has published its Security Threat Report 2007, examining the threat landscape over the previous twelve months, and predicting malware and spam developments during 2007. The report reveals that the U.S. hosts more than one third of the Websites containing malicious code identified during 2006, as well as relaying more spam than any other nation. The Sophos Security Threat Report 2007 examines in detail the top ten malware threats of the last year, and also confirms that malware authors are continuing to turn their backs on large.scale attacks in favor of more focused strikes against computer users. Microsoft Windows continues to be the primary target for hackers, with Internet criminals increasingly manufacturing downloading Trojan horses rather than mass.mailing worms to do their dirty work for them.
Report (registration required): http://www.sophos.com/security/whitepapers/sophos.security.threats.2007_wsrus
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/secr ep2007.html

35. January 19, eWeek — IEEE 802.11n standard makes progress in London meeting. The long.anticipated 1.10 version of the Institute of Electrical and Electronics Engineers (IEEE) 802.11n draft standard was approved unanimously in an IEEE task group meeting held in London in mid.January. According to Atheros CTO Bill McFarland, who attended the meeting, all of the 3,000.plus technical comments to the 11n draft 1.0 were resolved, and that in turn resulted in the successful agreement to draft 1.10. According to McFarland's written statement, this is a significant step forward in achieving the next stage of the approval process to an accepted 802.11n draft standard. Last fall, the Wi.Fi Alliance announced that it would publish an interim standard in March so that companies could begin work on 11n products, while giving customers some reason to believe that those products would continue to work when the standard became finalized.
Source: http://www.eweek.com/article2/0,1895,2085922,00.asp

36. January 19, Sophos — Storm Trojan's second wave arrives. Sophos has warned that the hackers behind the widespread "Storm Trojan" which was spammed widely across the Internet on Friday, January 19, have now renewed their activities using a new piece of malware, Troj/Dorf.Fam. These latest spam messages, which have a malicious e.mail attachment, have been sighted being sent from computers in 80 different countries so far including U.S., Turkey, South Korea, France, Germany, United Kingdom and Brazil. Subject lines seen so far include: a) Radical Muslim drinking enemies's blood; b) Chinese missile shot down Russian satellite; c) Chinese missile shot down Russian aircraft; d) Chinese missile shot down USA aircraft; e) Chinese missile shot down USA satellite; f) Russian missile shot down USA aircraft; g) Russian missile shot down USA satellite; h) Russian missile shot down Chinese aircraft; i) Russian missile shot down Chinese satellite; j) Saddam Hussein safe and sound!; k) Saddam Hussein alive! Attached to each e.mail is a file with one of the following names: Full Clip.exe, Full News.exe, Full Story.exe, Full Text.exe, Full Video.exe, Read More.exe, or Video.exe.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/stor mreturns.html
Daily Report Monday, January 22, 2007

Daily Highlights

USA TODAY reports a number of community banks and credit unions are joining insurers and a few major banks like Citibank in offering customers free identity theft recovery service. (See item 9)
The Associated Press reports the pilot of a Continental Airlines flight bound for Puerto Vallarta, Mexico, became ill after takeoff and was later pronounced dead after the plane made an emergency landing at McAllen.Miller International Airport Saturday, January 20. (See item 12)

Information Technology and Telecommunications Sector

31. January 19, VNUNet — Nokia cleared in exploding phone case. A man thought to have been the victim of an exploding mobile phone has left investigators baffled after engineers examined the device and gave it the all clear. Luis Picaso, 59, is in a critical condition with 50 percent second. and third.degree burns to his upper body, back, right arm and right leg after being found in his hotel room in Vallejo, CA. The cause of the fire was assumed to be his mobile phone, which was still in his pocket where the fire started. But engineers from Nokia have flown to California to examine the 2125i handset and gave it the all clear and were even able to switch it on. While there have been instances of mobile phones overheating and catching fire, the usual culprit is third.party batteries with faulty power management controllers.
Source: http://www.vnunet.com/vnunet/news/2173035/nokia.cleared.expl oding.phone

32. January 19, Sophos — Trojan spam storm hits inboxes, races to top of malware charts. Sophos is warning of a widespread spam campaign that poses as a breaking news report, but is really an attempt to lure innocent computer users into being infected by a Trojan horse and attacked by hackers. The distribution has been so widespread that since midnight GMT the Trojan has accounted for over two thirds of all malware reports seen at Sophos' global network of monitoring stations, accounting for an infection rate of 1 in 200 of all e.mails being sent across the et. Subject lines used in the malicious e.mails include, but may not limited to, the following: 1) 230 dead as storm batters Europe; 2) British Muslims Genocide; 3) Naked teens attack home director; 4) A killer at 11, he's free at 21 and kill again!; 5) U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel. Attached to the e.mails are files with names such as Full Clip.exe, Full Story.exe, Full Video.exe, Read More.exe, Video.exe which contain malicious code. Sophos products detect the malicious Trojans it has seen so far as Troj/DwnLdr.FYD and Troj/Small.DOR (also known as Small.DAM).
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/malw arestorm.html

33. January 19, VNUNet — Data centers face looming power crisis in London. Companies in the city of London are facing a looming power crisis, as some report being unable to get enough power for in.house data centers. Power is an increasing problem for data center managers, both as a running cost and increasingly because of the overall power requirements of high.end data centers. "Some banks in the city cannot physically get any more power in their data centers," said Chris Armes, director of Solaris revenue product engineering software at Sun Microsystems. "That is how big a power problem we have looming."
Source: http://www.vnunet.com/vnunet/news/2172968/city.faces.looming .power.crisis

34. January 18, eWeek — Survey: Half of SMBs have faith in the security of VoIP. Only half of small and midsize business users feel they can trust the security behind IP telephony, according to a survey released Thursday, January 18, by the Computing Technology Industry Association (CompTIA) and IDC. User sensitivity to any disruption of service in voice communication and knowledge that IP telephony relies on the same systems they know are vulnerable to viruses, worms and Trojan horses make it hard for any more than 50 percent of those surveyed to say they could rely on the technology, up from 48 percent a year earlier, researchers said. "People are much more sensitized to disruptions in voice communications than they are with data communications," said John Venator, president and chief executive officer, CompTIA, which commissioned the study. Conversely, 82 percent of the 350 respondents said they trust the security of traditional telephone systems, 72 percent trust Ethernet data networks and 60 percent wireless local area networks, according to CompTIA.
Source: http://www.eweek.com/article2/0,1895,2085417,00.asp

35. January 18, eWeek — Microsoft patches buggy Excel patch. Microsoft has re.released an update issued in its January 2007 patch batch to correct a glitch in the way Excel 2000 processes information. The company announced that the "targeted re.release" was necessary to correct the bug, which occurs in the way Excel 2000 processes the phonetic information embedded in files created using Excel in the Korean, Chinese or Japanese executable mode. The patch was shipped January 9 as part of the MS07.002 bulletin that provided fixes for a total of five Microsoft Excel vulnerabilities.
Microsoft Security Bulletin MS07.002:
http://www.microsoft.com/technet/security/Bulletin/MS07.002. mspx
Source: http://www.eweek.com/article2/0,1895,2085354,00.asp

January 18, CNET News — Mashups: The future of the Web? Alan Taylor is living in the Wild West of Web development, and he has the scars to prove it. In his spare time, Taylor builds mashups .. Web applications that combine content from more than one source and have caught on as Web providers from Amazon.com to Microsoft make their data programmatically available to outsiders. But while he is breaking new ground on the Internet, he is also pushing legal and business boundaries. His Amazon Light application .. a stripped.down site for buying and renting goods through Amazon .. attracted two cease.and.desist orders a couple of years back, one from Amazon and another from Google. Taylor, who holds a day job as a senior Web developer at Boston.com, survived the legal threats without much trouble, but his experience points to the relative immaturity of mashups, which advocates believe represent the Web's cutting edge. Large software vendors catering to corporate software developers or independent software vendors have spent years establishing a suite of Web services standards and infrastructure software while advocating a modular design, called a service.oriented architecture. Mashups, by contrast, tend to focus on speed and simplicity, wiring together different Websites using quick and lightweight methods.
Source: http://news.com.com/At+Mashup+Camp%2C+geeks+plot+future+of+Web/2100.1012_3.6151162.html?tag=nefd.top
Daily Report Friday, January 19, 2007

Daily Highlights

CCN Magazine reports Sandia National Laboratories has developed a simulation program designed to track the illicit trade in radiological material well enough to predict who is building the next nuclear weapon and where they are doing it. (See item 4)
TJX Cos. officials said on Wednesday, January 17, that credit and debit card information had been stolen from its computer systems, a breach that could affect a broad swath of customers of T.J. Maxx, Marshalls, and other stores. (See item 10)
Gov Exec reports lawmakers want the Transportation Security Administration to increase inspections of general aviation planes, so that they undergo approximately the same security checks as commercial airliners. (See item 17)

Information Technology and Telecommunications Sector

33. January 18, Sophos — Panda joss.stick virus is no pandemic, reports Sophos. Sophos is urging Windows users not to panic following reports of a "five.star cyber worm" that is said to have infected "several million" computers across China. The virus has captured attention because it converts icons of infected programs into a picture of a panda burning joss.sticks. Media reports from China, including the Shanghai Daily, have quoted members of the Shanghai Information Technology Service Center as a "top level" threat, because of the threat it posed to networks belonging to government bureaus and companies. Sophos, however, has received very few reports of the malware being seen in the wild. The virus is known as Fujacks.I and Fujacks.J (also called worm.whboy in some media reports). Although the Shanghai Daily story reports that all infections have so far been on Chinese.language versions of Windows, this is not a limitation of Fujacks. The virus will run and spread on English language Windows, too. Additionally, Fujacks spreads to network shares and onto removable disk devices such as USB keys, music players and cameras. Fujacks creates a hidden AUTORUN file on removable devices, in the hope of spreading the virus automatically when an infected device is inserted into another PC.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/fuja cks.html

34. January 18, IDG News Service — European registrars gain new tool to fight spam. Under a new rule that will come into force next month, European registrars for the ".eu" domain will be able to immediately stop the transfer of ownership of a domain name if it's suspected of abuse. The rule, set to take effect February 19, will make it easier for investigations into activities such as spam, although the Website can still function, said Patrik Lindén, communications manager for the European Registry of Internet Domain Names (Eurid). Eurid is a nonprofit organization based in Diegem, Belgium, that oversees administration of the .eu domain.
Source: http://www.infoworld.com/article/07/01/18/HNeurofightspam_1. html

35. January 18, CNET News — Sun patches critical JRE security flaws. Sun Microsystems has issued a critical security patch to address vulnerabilities in Sun's Java Runtime Environment when it processes graphics interchange format, or GIF, images. The security flaws could allow an attacker to gain control of a user's system via an untrusted Java applet, which in turn could allow attackers to grant themselves permission to read and write local files or execute applications on the user's computer, according to an advisory issued by Secunia on Wednesday, January 17. Exploitation of these vulnerabilities, however, requires a user to visit a malicious Website, noted Zero Day Initiative, which reported the vulnerability with the aid an anonymous researcher.
Secunia advisory: http://secunia.com/advisories/23757/
Source: http://news.com.com/Sun+patches+critical+JRE+security+flaws/2100.1002_3.6151100.html?tag=nefd.top

36. January 18, Sophos — Owner of online dating firm arrested for sending 5.4 billion spam e.mails. Sophos has warned companies to abide by anti.spam laws following the arrest of a man suspected of sending 5.4 billion spam e.mails promoting his dating Website. Japanese authorities arrested 47.year.old Yoshimitsu Hirono, president of Tokyo.based dating Website Takumi Tsushin, along with three other suspects. Approximately 90 million spam e.mails a day are said to have been sent promoting the site over a two month period.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/jpda ting.html
Daily Report Thursday, January 18, 2007

Daily Highlights

The Department of Homeland Security announced on Wednesday, January 17, that it will launch the DHS Traveler Redress Inquiry Program, an easy to use, single point of inquiry for travel.related issues. (See item 17)
USA TODAY reports a long.delayed program aimed at speeding trusted travelers through airport security took a big step Tuesday, January 16, when it opened at one terminal in New York's John F. Kennedy International Airport, the first besides Orlando International Airport. (See item 19)
The Associated Press reports hundreds of people were in emergency shelters and thousands remained in darkened homes after a winter storm that left 54 dead in nine states from Texas to Maine. (See item 38)

Information Technology and Telecommunications Sector

30. January 17, IDG News Service — Dutch prosecutors seek jail time for botnet duo. Dutch prosecutors are pursuing jail terms for two men charged in a large.scale computer hacking scheme in which more than one million computers may have been infected with adware and other malicious programs. The case is the biggest cybercrime case prosecuted so far in the Netherlands, said Desiree Leppens, spokesperson for the organized crime branch of the National Public Prosecution Service in Rotterdam. During a one.day trial that ended Tuesday, January 16, prosecutors showed how at least 50,000 computers were infected by the two defendants, who are 20 and 28 years old. Police have not released their names. The pair used a malicious program called "Toxbot," a worm that can be used to gain remote control of a computer and log keystrokes, prosecutors said.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9008286&source=rss_topic85

31. January 17, U.S. Computer Emergency Readiness Team — US.CERT Technical Cyber Security Alert TA07.017A: Oracle releases patches for multiple vulnerabilities. Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial.of.service. Systems Affected: Oracle Database; Oracle Application Server; Oracle HTTP Server (Apache); Oracle Identity Management; Oracle Enterprise Manager Grid Control; Oracle E.Business Suite; Oracle Collaboration Suite; Oracle PeopleSoft Enterprise PeopleTools; Oracle Life Sciences Applications (formerly Oracle Pharmaceutical Applications).
Solution: Apply the appropriate patches or upgrade as specified in the Critical Patch Update ..
January 2007. Note that this Critical Patch Update only lists newly corrected vulnerabilities.
Oracle Critical Patch Update: http://www.oracle.com/technology/deploy/security/critical.patch.updates/cpujan2007.html
Source: http://www.uscert.gov/cas/techalerts/TA07.017A.html

32. January 16, CNET News — Attack code out for 'critical' Windows flaw. Computer code that exploits a security vulnerability in Windows has been published on the Internet, making it more urgent for users of the operating system to patch. The attack code exploits a flaw in the way Windows handles Vector Markup Language, or VML, documents, which are used for a type of high.quality graphic on the Web. The bug lies in a Windows component called "vgx.dll" that supports these files. Microsoft provided a fix for the flaw last week with security bulletin MS07.004. At the time, the company warned that it had already seen limited cyberattacks exploiting the vulnerability. However, attack code hadn't been available publicly. On Tuesday, January 16, exploit code was published to a widely.read online security forum. Prior to the public posting of the exploit, other code that takes advantage of the flaw had been made available to users of a security testing tool made by Immunity. However, these attack blueprints are private, supplied to people who pay for the tool.
Source: http://news.com.com/Attack+code+out+for+critical+Windows+flaw/2100.1002_3.6150642.html

33. January 16, CNET News — Google plugs account hijack holes. Google has patched a cross.site scripting vulnerability in one of its Web.hosting services. If left unpatched, the cross.site scripting (XSS) vulnerability could have allowed hackers to modify third.party Google documents and spreadsheets and to view e.mail subjects and search history, according to the Google Blogoscoped blog. Philipp Lenssen, the author of Google Blogoscoped, a third.party site that comments on Google developments, said the vulnerability was similar to another in Blogger Custom Domains reported on Sunday night. "The security hole is connected to an update to a specific Google service which doesn't correctly defend against HTML injections," he said. According to Lenssen, the earlier Custom Domains vulnerability allowed another Google expert, Tony Ruscoe, to create a page that was hosted on a Google.com domain. Ruscoe was able to prove that he could have used code to steal a user's Google cookie and access their Google services. The second vulnerability, reported by Lenssen, would also have enabled a hacker to use JavaScript code to pass cookie data to an external source.
Source: http://news.com.com/Google+plugs+account+hijack+holes/2100.1002_3.6150578.html

34. January 16, CNET News — Persistent zombie attacks target Symantec corporate software. Symantec first dismissed the threat, but worm attacks that exploit a known security hole in the company's corporate antivirus tool are proving to be persistent. The attacks target computers running older versions of Symantec Client Security and Symantec AntiVirus Corporate Edition. Compromised systems are turned into remotely controlled zombies by the attacker and used to relay spam and other nefarious activities. Symantec's Norton consumer software is not affected. "What we have been seeing in December and in the last week and a half is related to new variants of Spybot," Vincent Weafer, senior director of Symantec Security Response, said Tuesday, December 16. "We had a couple of versions of Spybot that went nowhere, but these ones found a way to propagate more effectively." The Spybot variants break into computers through a known security hole in the widely used Symantec antivirus tools. When installed on a PC, Spybot opens a back door in the system and connects to an Internet Relay Chat server to let the remote attacker control the compromised computer. Spybot first surfaced in 2003 and has spawned many offshoots.
Source: http://news.com.com/Persistent+zombie+attacks+target+Symantec++corporate+software/2100.1002_3.6150560.html

35. January 16, CNET News — President signs pretexting bill into law. It's official: "pretexting" to buy, sell or obtain personal phone records .. except when conducted by law enforcement or intelligence agencies .. is now a federal crime that could yield prison time. President Bush on Friday, January 12, affixed his signature to the Telephone Records and Privacy Protection Act of 2006. The measure threatens up to 10 years behind bars to anyone who pretends to be someone else, or otherwise employs fraudulent tactics, to persuade phone companies to hand over what is supposed to be confidential data about customers' calling habits.
Source: http://news.com.com/President+signs+pretexting+bill+into+law/2100.1028_3.6150572.html
Daily Report Wednesday, January 17, 2007

Daily Highlights

The Departments of Homeland Security and State have issued a reminder that beginning January 23, citizens of the United States, Canada, Mexico, and Bermuda are required to present a passport to enter the United States when arriving by air from any part of the Western Hemisphere. (See item 14)
The Associated Press reports an MD.10 cargo jet equipped with an anti.missile system took off from Los Angeles International Airport on a commercial flight Tuesday, January 16, marking the start of operational testing and evaluation of the laser system designed to defend against shoulder.fired anti.aircraft missiles. (See item 15)

Information Technology and Telecommunications Sector

28. January 16, VNUNet — Oracle flags 52 security flaws. Oracle has issued its first pre.release security patch announcement, flagging up no fewer than 52 critical updates, just as a security company has highlighted the vulnerability of many databases. However, security firm Secerno warned that weaknesses in the development process are often more serious than any vendor vulnerabilities. "This is another step in the right direction by Oracle. As ever, forewarned is forearmed and this move allows IT managers to get to grips earlier with essential patching," said Secerno chief executive Paul Davie. "But users need to beware that it is not the vendor vulnerabilities that they need to focus on, but the critical weaknesses in their development processes." Vulnerabilities in vendor solutions can be mitigated to some extent by timely patching, but users cannot rely on patch management to solve database security problems, according to Davie. Secerno believes that the continuous pressure on developers to drag more and more functionality out of their database should be a much greater cause for concern. Deployment errors caused by poorly configured databases, inappropriate access permissions or badly engineered applications accessing the database are an increasingly worrying trend.
Source: http://www.vnunet.com/vnunet/news/2172616/databases.come.und er.security

29. January 15, SecurityFocus — Rainbow table targets Word, Excel crypto. Office workers looking to protect their documents may want to select a higher grade of encryption. Swiss information.technology firm Objectif Sécurité announced last week that its latest pre.generated list of passwords and their hashes, known as a rainbow table, can now crack the standard encryption on Word and Excel documents in about five minutes on average. Using about four gigabytes of data, the program .. named Ophcrack_office .. can quickly defeat almost 99.6 percent of all passwords, according to the company. "What happens is that we actually crack the 40.bit key that is used to encrypt Word and Excel documents," Philippe Oechslin, CEO of Objectif Sécurité and the inventor of rainbow tables. "We found a way to use the same tables for both Word and Excel, although they have different file formats." Rainbow tables sidestep the difficulty in cracking a single password by instead creating a large data set of hashes from nearly every possible password.
Source: http://www.securityfocus.com/brief/407

30. January 13, IDG News Service — Hackers looking forward to iPhone. Within hours of Apple's iPhone unveiling on Tuesday, January 9, the iPhone was a hot topic on the Dailydave discussion list, a widely read forum on security research. Much of the discussion centered on the processor that Apple may have chosen to power its new device and what kind of assembly language "shellcode" might work on this chip. In an e.mail interview, one of the hackers behind the "Month of Apple Bugs" project, which is disclosing new Apple security vulnerabilities every day for the month of January, said he "would love to mess with" the iPhone. "If it's really going to run OS X, [the iPhone] will bring certain security implications, such as potential misuses of wireless connectivity facilities [and] deployment of malware in a larger scale," the hacker known as LMH wrote in an e.mail. Because the device could include a range of advanced computing features, such as Apple's Bonjour service.discovery protocol, it could provide many avenues of attack, according to LMH. "The possibilities of a worm for smartphones are something to worry about," he wrote. "Imagine Bonjour, and all the mess of features that OS X has, concentrated in a highly portable device which relies on wireless connectivity."
Source: http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9008038

31. January 12, CNET News — CA addresses backup software flaws. CA, formerly known as Computer Associates International, on Thursday, January 11, issued updates for its BrightStor ARCserve Backup software to address several security vulnerabilities. The most serious of the flaws could be exploited to compromise a vulnerable system. "CA BrightStor ARCserve Backup contains multiple overflow conditions that can allow a remote attacker to execute arbitrary code," CA said in an alert. The problems affect only Windows systems, the company said. The BrightStor ARCserve Backup Tape Engine service, Mediasvr service, and ASCORE.dll file are affected, it said.
CA Alert: http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx? cid=97428
Source: http://news.com.com/CA+addresses+backup+software+flaws/2110.7349_3.6149978.html
Daily Report Tuesday, January 16, 2007

Daily Highlights

The Nebraska Department of Agriculture has unveiled a new avian influenza surveillance program −− Avian Influenza: Testing Pays! −− for Nebraska poultry producers, providing free avian influenza tests of birds to any poultry producer who requests it. (See item 19)
The Associated Press reports police and sheriff's deputies rushed to check on churches early Sunday, January 14, after fires broke out at two Baptist churches and a break−in was discovered at a third in Greenville, North Carolina. (See item 38)

Information Technology and Telecommunications Sector

32. January 12, Agence France−Presse — A time−tested solution for Asia's damaged Internet cables. Workers are relying on 19th century technology to fix a very 21st century problem −− disruption of the Internet traffic that tech−savvy Asia relies on. Crewmen on boats south of Taiwan are dragging the seabed with grappling hooks at the end of long ropes to recover fiber optic cables damaged in a 7.1−magnitude earthquake that struck the region on December 26. "No electronics involved," said John Walters, general manager of Global Marine, one of the firms engaged in the repairs. "It's an old and traditional technique." Millions of people across the region, in Taiwan, China, Hong Kong, Japan, Singapore, South Korea and as far away as Australia, suffered Internet and telephone blackouts when the cables, linking Asian countries with the U.S. and beyond, were damaged. Telecom operators have diverted the traffic to allow service to return to normal but the repair work continues. "At this point none of those cables have been repaired," Walters told AFP in an interview.
Source: http://news.yahoo.com/s/afp/20070112/tc_afp/asiaquakeinternet

33. January 12, VNUNet — Cyber−crooks switch to code obfuscation. Security firm Finjan has reported that dynamic code obfuscation was increasingly used as a method to bypass traditional signature−based security systems and propagate malware during the fourth quarter of 2006. The technique works by providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions and parameter name changes. A conventional signature−based security solution would theoretically need millions of signatures to detect and block this particular piece of malicious code. "Hackers have begun to take advantage of new Web technologies to create complex and blended attacks," said Yuval Ben−Itzhak, chief technology officer at Finjan. "With the creation of dynamic obfuscation utilities, which enable virtually anyone to obfuscate code in an automated manner, they have dramatically escalated the threat to Web security."
Report (registration required): http://www.finjan.com/content.aspx?id=827
Source: http://www.vnunet.com/vnunet/news/2172438/cyber−crooks−switc h−code

34. January 12, VNUNet — New Java exploits brewing. Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems' Java Runtime Environment (JRE) and Java Software Development Kit (SDK). The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December. The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix. The vulnerabilities affect JRE 1.3.x, 1.4.x and 1.5.x, as well as versions 1.3.x and 1.4.x of the SDK and versions 1.5.x of the Java Development Kit.
Source: http://www.vnunet.com/vnunet/news/2172403/java−exploits−brew ing

35. January 12, Tech Web — Telecom carriers face declining revenue growth in core businesses. As telecom carriers strive to become full−service providers delivering mobile broadband and Internet−related services, it's likely they will experience a rapid decline in revenue growth, a market research firm says. Year−over−year growth of total revenue from telecom services will shrink to just 1.7 percent in 2010, with actual revenues increasing to $1.5 trillion in 2010 from $1.3 trillion in 2006, Gartner said Thursday, January 11. As a result, carriers will spend more on new markets, such as media and information technology, to compensate for revenue losses in traditional telecom services.
Source: http://www.techweb.com/showArticle.jhtml;jsessionid=MQ5MFFGI4PS3AQSNDLRCKHSCJUNN2JVN?articleId=196900481

36. January 11, eWeek — Exploit released for critical PC hijack flaw. A fully working exploit for a high−risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts. The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity's partners program, which offers up−to−the minute information on new vulnerabilities and exploits to intrusion detection companies and larger penetrating testing firms. The company's exploit takes aim at a "critical" bug in the way Vector Markup Language is implemented in Windows. It has been successfully tested on Windows XP SP2 and Windows 2000, with default installations of Internet Explorer 6.0. "This is a fully working exploit, [it] will give you full access to do anything on the target machine," says Immunity researcher Kostya Kortchinsky. The exploit was created and confirmed in less than three hours after Microsoft's Patch Tuesday release on January 9, a fact that clearly illustrates just how much the gap has narrowed between patch release and full deployment on enterprise networks.
Source: http://www.eweek.com/article2/0,1895,2082416,00.asp
Daily Report Friday, January 12, 2007

Daily Highlights

Reuters reports a new study casts doubt on nuclear waste storage safety, and materials that scientists had hoped would contain nuclear waste for thousands of years may not be as safe and durable as previously thought. (See item 2)
The Sun−Herald reports that all 16 counties in the Southwest Florida Water Management District are experiencing a "severely abnormal" drought, and are now under a "Phase 2 water shortage," that will remain in effect until July 31 unless conditions improve. (See item 25)

Information Technology and Telecommunications Sector

30. January 11, IDG News Service — Google irks Website owners over malware alerts. Some Website operators are complaining that Google is flagging their sites as containing malicious software when they believe their sites are harmless. At issue is an "interstitial" page that appears after a user has clicked on a link within Google's search engine results. If Google believes a site contains malware, the page will appear, saying "Warning − visiting this Website may harm your computer!" Google does not block access to the site, but a user would have to manually type in the Website address to continue. Organizations are complaining their sites do not contain malicious software, and the warning is embarrassing. Google's warning page contains a link to Stopbadware.org, a project designed to study legal and technical issues concerning spyware, adware, and other malicious software. Organizations should work with their Web hosting provider to check for security problems, Stopbadware.org said.
Source: http://www.infoworld.com/article/07/01/11/HNgooglemalwareale rtsirk_1.html

31. January 11, New York Times — Firms fret as office e−mail jumps security walls. Companies spend millions on systems to keep corporate e−mail safe. If only their employees were as paranoid. A growing number of Internet−literate workers are forwarding their office e−mail to free Web−accessible personal accounts offered by Google, Yahoo and other companies. Their employers, who envision corporate secrets leaking through the back door of otherwise well−protected computer networks, are not pleased. It is a battle of best intentions: productivity and convenience pitted against security and more than a little anxiety. Corporate techies want strict control over internal company communications and fear that forwarding e−mail might expose proprietary secrets to prying eyes. Employees just want to get to their mail quickly, wherever they are, without leaping through too many security hoops. So far, no major corporate disasters caused by this kind of e−mail forwarding have come to light. But security experts say the risks are real. Also, because messages sent from Web−based accounts do not pass through the corporate mail system, companies could run afoul of federal laws that require them to archive corporate mail and turn it over during litigation.
Source: http://www.nytimes.com/2007/01/11/technology/11email.html?_r=1&ref=technology&oref=slogin

32. January 11, VNUNet — Bug found in Apple security patch software. The group behind the Month of Apple Bugs (MoAB) project has found a flaw in software designed to fix security issues on Apple Macs. The vulnerability affects the Application Enhancer (Ape) software, which was designed by a rival group trying to combat the flaws highlighted by MoAB. The bug could allow malicious users on a local system to replace Ape's binary code and take control of the root privileges on a computer. "Like the previous local exploits, this could be combined with a remote exploit to gain root privileges from an administrator account without user interaction," said Landon Fuller, author of the Ape software, on his blog. "There are also a number of alternative exploit conditions that could occur due to the admin−writability of other directories in /Library."
Source: http://www.vnunet.com/vnunet/news/2172335/apple−flaw−found−s ecurity−patch

33. January 10, eWeek — Hosted VoIP services grow, report shows. In−Stat, a technology research firm, released its latest research study Wednesday, January 10, that showed that hosted Voice over IP (VoIP) telephony usage has increased among small businesses. The study, "Hosted VoIP: Steady Growth, But Will the Boom Come?" found that small businesses have the most hosted VoIP deployments in the 20−to−50−seat range and that hosted VoIP will continue to grow over the next few years with revenues expected to exceed $2 billion by 2010. "Most business customers adopt hosted VoIP with the expectation of cost savings, but soon come to value the feature functionality and integration with data networks the application provides," said David Lemelin, senior analyst at In−Stat. "As a result, hosted VoIP solutions are becoming more valuable." The study from In−Stat found the following: 1) U.S.−hosted VoIP seats in service are expected to continue to increase consistently to more than 3 million in 2010; 2) For hosted VoIP services, cost savings is the main appeal; 3) Businesses that have several office locations as well as the mobile worker are most attracted to hosted VoIP solutions.
Source: http://www.eweek.com/article2/0,1895,2081954,00.asp

34. January 10, eWeek — VeriSign offers hackers $8,000 bounty on Vista, IE 7 flaws. VeriSign's iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer (IE) 7. The Reston, VA, security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay−for−flaw Vulnerability Contributor Program. The launch of the latest hacking challenge comes less than a month after researchers at Trend Micro discovered Vista flaws being hawked on underground sites at $50,000 a pop and illustrates the growth of the market for information on software vulnerabilities. iDefense isn't the only brand−name player in the market. 3Com's TippingPoint runs a similar program, called Zero Day Initiative, that pays researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code. The companies act as intermediaries in the disclosure process −− handling the process of coordinating with the affected vendor −− and use the vulnerability information to beef up protection mechanisms in their own security software, which is sold to third parties.
Source: http://www.eweek.com/article2/0,1895,2082014,00.asp

35. January 10, IDG News Service — NSA helped Microsoft make Vista secure. The U.S. agency best known for eavesdropping on telephone calls had a hand in the development of Microsoft's Vista operating system, Microsoft confirmed Tuesday, January 9. The National Security Agency (NSA) stepped in to help Microsoft develop a configuration of its next−generation operating system that would meet Department of Defense requirements, said NSA spokesperson Ken White. This is not the first time the secretive agency has been brought in to consult with private industry on operating system security, White said, but it is the first time the NSA has worked with a vendor prior to the release of an operating system. By getting involved early in the process, the NSA helped Microsoft ensure that it was delivering a product that was both secure and compatible with existing government software, he said. Still, the NSA's involvement in Vista raises red flags for some. Part of this concern may stem from the NSA's reported historical interest in gaining "back−door" access to encrypted data produced by products from U.S. computer companies like Microsoft.
Source: http://www.infoworld.com/article/07/01/10/HNnsamadevistasecu re_1.html

36. January 10, Security Focus — Acer ships laptops with security hole. Computer maker Acer has shipped its notebook computers with an ActiveX control that lets any Website install software on the machine, security researchers warned this week. The ActiveX control −− named LunchApp.ocx −− appears to be a way for the company to easily update customer laptops, but also allows others to do the same thing, anti−virus firm F−Secure stated in a blog post on Tuesday, January 9. The security problem, first discovered in November by security researcher Tan Chew Keong, was confirmed by antivirus F−Secure. "The library, named LunchApp.ocx, is probably supposed to help with browsing the vendor's Website, enable easy updates and such," wrote F−Secure's research team. "It turns out it also makes all those machines vulnerable to a specially crafted HTML file that could instantly download malicious file(s) onto the user's machine and then execute them."
Source: http://www.securityfocus.com/brief/404