Thursday, May 31, 2007

Daily Highlights

United Press International reports a new study from Congressional Research Service says terrorists are increasingly relying on criminal activity to finance their operations, as State−sponsorship is declining and terrorist groups are increasingly decentralized and more amateur. (See item 6)
Agence France−Presse reports China is to introduce new rules requiring food companies to take back products found to pose a health risk after poisoning of thousands of animals in the U.S., one of a series of incidents that have exposed lax controls in Beijing's food quality control system. (See item 15)
The International Herald Tribune reports public health officials have urged the passengers and crew of two recent trans−Atlantic flights to get checked for tuberculosis, after learning that a man with an exceptionally drug−resistant form of the disease had flown on the planes. (See item 19)

Information Technology and Telecommunications Sector

24. May 30, Government Computer News — NIST readies guidance on IT security assessments. The National Institute of Standards and Technology (NIST) has finished the third and possibly final draft of its revised guidelines for assessing the adequacy of IT security. Special Publication 800−53A, Guide for Assessing the Security Controls in Federal Information Systems, will be released for comment June 4. Comments on the current version will be accepted by the Computer Security Division of NIST’s IT Laboratory through July 31. Comments can be e−mailed to sec− All of the FISMA−related security standards and guidelines can be found at−cert . Final publication of SP 800−53A is expected early next year. NIST will decide on whether additional public drafts are needed based on comments received on the present draft.

25. May 29, US−CERT — Apple Releases a Security Update for QuickTime 7.1.6 to Address Multiple Vulnerabilities. Apple has released a Security Update for QuickTime 7.1.6 to address multiple vulnerabilities in Apple QuickTime for Java. The impacts of these vulnerabilities include arbitrary code execution and information disclosure.
US−CERT recommends users install the QuickTime 7.1.6 Security Update:
Instructions for disabling Java may be found here:− _security.html
Source:− ecurity_update
Wednesday, May 30, 2007

Daily Highlights

The Associated Press reports six Florida customs inspectors have told federal officials that superiors instructed them to enter false data indicating airline passengers had been stopped and inspected for plant and animal contraband. (See item 16)
The Los Angeles Daily News reports due to a creeping chemical plume threatening the water supply, the Department of Water and Power has shut down at least one drinking−water well in Los Angeles because of contamination of the San Fernando Valley aquifer, with the possibility that the contamination will spread. (See item 22)
The University of Maryland’s National Consortium for the Study of Terrorism and Responses to Terrorism has made its terrorism attack database publicly available, providing a unique service for understanding risk in the context of terrorism threats. (See item 29)

Information Technology and Telecommunications Sector

30. May 29, Chicago Tribune — Attacks on Estonia move to new front. After Estonia relocated a Soviet war memorial out of downtown Tallinn last month, furious Russians rioted in the Estonian capital, tried to attack Estonia's ambassador in Moscow, and hastily engineered de facto economic sanctions against the tiny Baltic nation. But the salvo from the Russian side that has most worried Estonians is a carefully crafted three−week cyber attack on Estonian government, bank and media Websites that has wreaked havoc in a country heavily dependent on the Internet for everything from banking and voting to paying taxes. The onslaught of "denial−of−service" attacks, many of which have originated from Russian computers, has raised questions about whether such attacks will become a tactic in future political conflicts. U.S. Deputy Secretary of State John Negroponte said the cyber sabotage in Estonia should prompt countries to shore up defenses against hackers and cyber−terrorists. Hackers routinely use Internet−connected computers as a conduit for attacks without the owner's knowledge. And Estonian officials have yet to prove that the Russian government instigated the sabotage.

31. May 28, Computerworld — Mac OS open to attack through unpatched Samba. Hackers can attack Apple Inc.'s Mac OS X by exploiting an unpatched vulnerability in the open−source Samba file−and print−sharing software that's included with the operating system, Symantec Inc. said Monday, May 28. Samba is enabled when Mac users turn on the Windows Sharing feature that allows Microsoft Corp. customers to access files and printers on a Mac network. Symantec was able to exploit "the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application." Although Mac OS X doesn't turn on Samba by default, Macs that share a network with Windows PCs could be at risk, Symantec warned. Because Apple has not released a Samba update since 2005, users must upgrade to the latest, and secure version, themselves.
Samba Website:

32. May 28, SecurityFocus — Peer−to−peer networks co−opted for DOS attacks. A flaw in the design of a popular peer−to−peer network software has given attackers the ability to create massive denial−of−service attacks that can easily overwhelm corporate Websites, a security firm warned last week. Over the past three months, more than 40 companies have endured attacks emanating from hundreds of thousands of Internet protocol addresses (IPs), with many of the attacks producing more than a gigabit of junk data every second, according to security solutions provider Prolexic Technologies. The latest attacks came from a collection of computers running peer−to−peer software known as DC++. The software is based on Direct Connect, a protocol which allows the exchange of files between instant messaging clients. The directories of where to find certain files resides in a few servers, known as hubs. Older versions of the hub server software have a flaw that allows an attacker to direct clients to get information from another server, said Fredrik Ullner, a developer for the DC++ project. Maliciously redirecting those client results in a large number of computers continuously demanding data from the victim's Web server, overwhelming it with requests.
Tuesday, May 29, 2007

Daily Highlights

The Department of State reports that by June the United States, Canada, and Mexico will develop a plan to further align and strengthen their energy efficiency standards, the first in a series of proposed efforts to advance cooperation on energy issues. (See item 2)
The Courier−Post reports this summer, South Jersey emergency responders −− local police, fire, Emergency Medical Services, and tow truck personnel −− will test a plan called the Atlantic City Expressway Contra−Flow, to reverse the traffic flow along all the eastbound lanes on the Atlantic City Expressway. (See item 35)

Information Technology and Telecommunications Sector

36. May 25, CNET News — Cisco patches security flaws in number of products. Cisco Systems has released a security patch to fix vulnerabilities in a number of its products that are at risk of a denial of service attack. The vulnerabilities are found in a third−party cryptographic library in Cisco IOS, Cisco IOS XR, Cisco PIX and ASA Security Appliances, Cisco Firewall Module and Cisco Unified CallManager products, according to a security advisory issued by Cisco. The security flaws could allow attackers to send a few small packets through the routers to shut down the network in a DOS attack, said Johannes Ullrich, chief research officer for the Sans Institute. The vulnerabilities can be exploited without a valid username or password, given some of the older Cisco products have the cryptographic library set to default. And while attackers may be able to launch a DOS attack, they are not known to gain access to information that has already been encrypted, Cisco noted. In its advisory, Cisco includes various links for downloading fixes, as well as offering suggestions for potential workarounds.
Cisco Security Advisory: Vulnerability In Crypto Library: ry09186a0080847c5d.shtml

37. May 24, US−CERT — Apple releases security update to address multiple vulnerabilities in
various products. Apple has released Security Update 2007−005 to address multiple
vulnerabilities in various products. The impacts of these vulnerabilities include denial of
service, arbitrary code execution, information disclosure, and privilege escalation. US−CERT
encourages users to apply the appropriate updates as soon as possible.
Security Update 2007−005:
Source:− urity_update_to3
Friday, May 25, 2007

Daily Highlights

KSBI−TV reports on Wednesday night, May 23, Tulsa, Oklahoma's International Airport came to a stand still when a surge knocked out power; planes sat on the runway while workers drove bags to the front of the airport into the hands of passengers, because the inbound baggage conveyor system did not work. (See item 15)
The Bush administration on Wednesday, May 23, pressed senior Chinese officials to bolster the safety of food exports, a key issue for U.S. consumers after melamine, a chemical used in plastics and fertilizers, surfaced in imported pet food. (See item 20)

Information Technology and Telecommunications Sector

27. May 24, InformationWeek — Philadelphia launches wi−fi access test zone. Philadelphia, PA, has approved a 15−square−mile Wi−Fi test zone. About 5,000 paying customers are expected to sign up by July and 12,000 by the end of the year. Consumers in the 15−square−mile test area can sign up beginning Thursday, May 24. Free access will be offered to city residents and visitors in several designated access areas throughout the city.
Source: eID=199701767

28. May 24, CNET News — Flawed Symantec update cripples Chinese PCs. A Symantec antivirus signature update mistakenly quarantined two critical system files in the Simplified Chinese version of Windows XP last week, crippling PCs throughout China. According to the Chinese Internet Security Response Team (CISRT), users of Norton Antivirus, Norton Internet Security 2007 and Norton 360 who installed an antivirus signature update released by Symantec on May 17 could not reboot their PCs. The update reportedly mistook two Windows system files−−"netapi32.dll" and "lsasrv.dll"−−as the Backdoor.Haxdoo Trojan horse. The two files were subsequently quarantined. CISRT said the flawed Symantec update only affects users of the Simplified Chinese version of Windows XP Service Pack 2 that have been patched with a particular Microsoft software fix available since November 2006. According to Symantec China's Website, affected customers can resolve the problem by initiating another LiveUpdate, if they have not restarted their PCs after installing the flawed update. Systems that have already been restarted can be returned to the previous state by recovering the two system files from the Windows XP disc.

29. May 23, US−CERT — Microsoft Office ActiveX control vulnerability. US−CERT is aware of reports of a vulnerability in a Microsoft Office 2000 ActiveX control. Excessive data passed to the OUACTRL ActiveX control may result in a buffer overflow allowing arbitrary code execution or causing a denial−of−service condition. This vulnerability was fixed in the Microsoft UA Control Vulnerability update, which is included in Microsoft Office 2000 SP3:−76fa−40cf−a84a−6284f5a15533&displaylang=en

30. April 30, Government Accountability Office — GAO−07−368: Information Security: FBI Needs to Address Weaknesses in Critical Network (Letter Report). The Federal Bureau of Investigation (FBI) relies on a critical network to electronically communicate, capture, exchange, and access law enforcement and investigative information. Misuse or interruption of this critical network, or disclosure of the information traversing it, would impair FBI’s ability to fulfill its missions. Effective information security controls are essential for ensuring that information technology resources and information are adequately protected from inadvertent or deliberate misuse, fraudulent use, disclosure, modification, or destruction. GAO was asked to assess information security controls for one of FBI’s critical networks. To assess controls, GAO conducted a vulnerability assessment of the internal network and evaluated the bureau’s information security program associated with the network operating environment. This report summarizes weaknesses in information security controls in one of FBI’s critical networks. GAO recommends several actions to fully implement an information security program. In a separate classified report, GAO makes recommendations to correct specific weaknesses. FBI agreed with many of the recommendations but disagreed with the characterization of risk to its information and noted that it has made significant strides in reducing risks. GAO believes that increased risk remains.
Thursday, May 24, 2007

Daily Highlights

Reuters reports forecasters urge the oil industry to stockpile supplies away from the U.S. Gulf Coast, which they predict will be hit by hurricane−force winds, potentially sending sky−high gas prices even higher, according to hazard models. (See item 1)
Computer World reports a new, enhanced 911 response system −− completely separated from the existing public telephone switching systems −− is being built in New York City to help residents get quicker and more efficient assistance from police, fire, and other first responders in times of emergency. (See item 24)

Information Technology and Telecommunications Sector

26. May 23, SC Magazine — Microsoft releases a non−security security update. Microsoft on Tuesday, May 22, released a non−security−related security bulletin to fix Windows Update issues. The fix addresses an issue forcing PCs to become unresponsive when Microsoft Update or Windows Update is performs scans prior to downloads, according to Microsoft. Christopher Budd, Microsoft security program manager, said that PC users should have no problem downloading the bulletin even if they’re experiencing update issues. Users experiencing issues with Windows Update or Microsoft Update may experience see systems, access violation errors in svchost.exe, memory leaks while scanning for updates and lengthy scanning times, sometimes taking hours to complete. The errors have occurred in Windows 2000 with Service Pack 4, Windows XP with Service Pack 2, XP Professional x64 edition with and without Service Pack 2 installed, Windows Server 2003 with Service Pack 1 and Service Pack 2 and Windows Server 2003 x64 Edition with Service Pack 1 and Service Pack 2.
Microsoft Security Advisory (927891) −− Fix for Windows Installer (MSI): px

27. May 23, CNET News — Promising antispam technique gets nod. An Internet standards body gave preliminary approval on Tuesday, May 23, to a powerful technology designed to detect and block fake e−mail messages. Yahoo, Cisco Systems, Sendmail and PGP Corporation are behind the push for DomainKeys, which the companies said in a joint statement will provide "businesses with heightened brand protection by providing message authentication, verification and traceability to help determine whether a message is legitimate." The draft standard that the Internet Engineering Task Force adopted is more promising than most other anti−spam and antiphishing technologies because it harnesses the power of cryptographically secure digital signatures to thwart online miscreants. DomainKeys works by embedding a digital signature in the headers of an outgoing e−mail message. If the cryptographically secure signature checks out, the message can be delivered as usual. Otherwise, it can be flagged as spam. In the long run, DomainKeys is more promising than existing antispam and antiphishing technologies, which rely on techniques like assembling a "blacklist" of known fraudsters or detecting such messages by trying to identify common characteristics. But the DomainKeys approach does suffer from one serious, short−term problem: it's only effective if both the sender and recipient's mail systems are upgraded to support the standard.

28. May 21, Government Computer News — Cyberattacks get physical. At City Hall in the fictional New England town of Harborville, two computer systems containing sensitive data have been penetrated. The police department’s 911 system is not working right and the computer−aided dispatch system is sending police on false calls. Communications are down at the hospital, and false reports of fires and bioterrorism attacks are causing panic. That was the opening scenario of a tabletop exercise done by the Dartmouth College Thayer School of Engineering at the recent GovSec Conference in Washington. The goal was to demonstrate how information technology problems can affect decisions and emergency responses. Hierarchies and chains of command fall apart when communications are interrupted and information can’t be trusted, said Mark Stanovich, lead developer of the exercise. Cyberattacks increasingly will be used to magnify the effect of physical attacks or hamper responses to them, said analysts from the U.S. Cyber Consequences Unit (US−CCU). The US−CCU is a government−funded, independent research organization Established in 2004, it receives government funding for on−site surveys of critical infrastructure facilities.
Wednesday, May 23, 2007

Daily Highlights

The Illinois Department of Financial and Professional Regulation is sending out letters to an estimated 300,000 licensees and applicants informing them of a potential compromise of their names, Social Security numbers, and other personal data. (See item 9)
The Associated Press reports the Transportation Security Administration has started using hand−held scanners to inspect bottled carry−on liquids for explosives at some of the nation's busiest airports. (See item 14)

Information Technology and Telecommunications Sector

30. May 22, IDG News Service — Microsoft tools keep bad Office files at bay. Microsoft released a pair of tools on Monday, May 21, that help protect computers from Office 2003 files containing malicious software code. Both tools, which were announced earlier this month, are designed to help defend against Office "zero−day" attacks, which take advantage of vulnerabilities before a patch is released by Microsoft. These type of attacks have become more common in recent months as attackers look for holes in Office to penetrate corporate networks. The first tool to defend against these attacks, called Microsoft Office Isolated Conversion Environment (MOICE), is meant to protect users running Office 2003 and 2007 Office. The tool does not work with other versions of Office. The second tool, called File Block Functionality for Microsoft Office 2003 and the 2007 Microsoft Office system, gives system administrators the ability to define which file types can and cannot be opened by users. This gives administrators the ability to block access to certain files when a specific threat arises, Microsoft said. Microsoft detailed MOICE and File Blocker in a security advisory, recommending that both tools be used to protect against malicious Office documents.
Microsoft Advisory: px

31. May 22, Washington Post — XM Satellite Radio hit by temporary outage. XM Satellite Radio was off the air for many subscribers Monday, May 21. The company experienced a technical problem that triggered an outage lasting most of the day, causing many listeners across the country to lose access to its programming. The company blamed a software glitch for the interruption and did not say how many listeners lost their connections.

32. May 21, eWeek — IronPort revamps security monitoring site. IronPort Systems has revised its Internet traffic monitoring Website, a resource for IT staffers searching for a real−time view into security threats. This Website provides e−mail administrators visibility into the e−mail and Web traffic coming into their networks and features a new graphical user interface company officials hope will make it easier than ever for every member of the Internet community to track spam trends, virus outbreaks, spyware and other Web−based threats. A free service, can be used like a credit reporting service, providing comprehensive data that ISPs and companies can use to tell the difference between legitimate senders and attackers, IronPort officials said. Consumers, media and other parties can also use SenderBase to monitor threat activity and check their e−mail reputation scores, officials added.
SenderBase Website:

33. May 21, Washington Technology — DHS calls for cybersecurity white papers. The Department of Homeland Security (DHS) is initiating an ambitious Cyber Security Research Development Center program that entails soliciting input from industry, government labs and academia on how to protect data against the latest threats and intrusions. The Science & Technology Directorate published a 43−page broad agency announcement seeking white papers on topics such as botnet and malware protection, composable and scaleable systems, cyber metrics, data visualization, routing security, process control security, real−time assessment, data anonymization and insider threat detection and management. White papers on technologies to address the threats and strengthen protections are due on June 27. Final proposals will be due on September 17.
Source:−1.html? topic=homeland

34. May 21, Information Week — The impending Internet address shortage. The coming shortage of Internet Protocol addresses on Monday, May 21, prompted the American Registry for Internet Numbers to call for a faster migration to the new Internet Protocol, IPv6. The current version of the Internet Protocol, IPv4, allows for over 4 billion Internet addresses. Only 19 percent of the IPv4 address space remains. Somewhere around 2012−2013, the last Internet address bloc will be assigned and the Internet will be full, in a manner of speaking. IPv6 promises some 16 billion−billion possible addresses.
Source: eID=199700668

35. May 21, ComputerWorld — Office 2007 left unprotected in update snafu. Office 2007 users running Windows Vista may not have realized that their systems had not received several of this month's patches, Microsoft Corp. said last week when it acknowledged that its security update services had failed to deploy the fixes. "We have updated the detection logic for the May 8th security and non−security updates for Office 2007," said Mark Griesi, a program manager with the Microsoft Security Response Center (MSRC), in an entry on the team's blog. "In some cases, the original detection logic may not have offered the updates or the updates may not have been installed successfully on systems running Windows Vista," Griesi added. Only Vista users with Office 2007 on their hard drives who rely on Microsoft Update or Windows Server Update Services for patches were affected, Microsoft said. The updates that may not have been deployed two weeks ago included ones for Excel 2007 and Office 2007 in general.
MSRC Blog:−detection−logic−for−may−8th−office−2007−updates.aspx
Tuesday, May 22, 2007

Daily Highlights

KDKA reports investigators are trying to determine how a small explosive device got past security at Pittsburgh International Airport and was then set off inside a magazine store. (See item 14)
The New York Times reports as many as 85,000 large residential and commercial buildings in New York City lack special valves on their water connections that could prevent hazardous substances from being pulled into the public water system. (See item 21)
The Associated Press reports a gunman suspected of killing three people and himself in Moscow, Idaho, on Sunday, May 20, had said during a court−ordered mental evaluation that if he committed suicide, he would try to take a large number of people with him. (See item 28)

Information Technology and Telecommunications Sector

32. May 21, IDG News Service — Mobile provider Alltel agrees to $27.5B buyout. Mobile phone and wireless services provider Alltel on Sunday, May 20, agreed to a $27.5 billion buyout, a deal likely to spur more such acquisitions in North America. The company, which serves 12 million mobile phone subscribers in 35 states, signed a deal to be bought by TPG Capital, and the private equity division of Goldman Sachs Group.
Source:−agrees−to−b uyout_1.html

33. May 21, CNET News — Expert: IT industry has failed in desktop security. The IT industry has failed when it comes to desktop security for all major operating systems, a security specialist told delegates attending a security conference in Australia. Ivan Krstic, director of security architecture for the One Laptop per Child project, kicked off the AusCert 2007 conference Monday morning, May 21, with a keynote speech that blasted desktop computer security because it is based on a 35−year−old premise where software can run with the same privilege as a user. "The number one broken assumption of desktop this very simple premise that all executing software should execute with the full permission that its user possesses," Kristic said. "There are a bunch of programs that ship with all major operating systems −− including Linux, Mac OS and Windows −− that can format your hard drive, spy on your computer, spy on you with your microphone and camera, and turn over control of your computer to third parties," said Krstic.

34. May 21, VNUNet — Bad Norton update zaps 'millions' of PCs. A faulty update to Symantec's Norton Antivirus package has disabled "millions" of PCs in China, according to local press reports. One report carried by China's official news agency put the number of affected PCs in the millions, although others said that the figure was more like thousands or tens of thousands. The affected PCs cannot be started up. PCs running Windows XP began to fail after they downloaded a virus definitions update file on Friday, May 18. The regular updates are automatically pushed out from Symantec's servers. Users explained that nothing went wrong immediately, but that the next restart showed the infamous Windows 'Blue Screen of Death' instead of the normal start−up sequence. The PCs could not be restored to operation by any normal means. Symantec's China office explained in a statement that the software had mistakenly detected a virus in some key Windows XP system files. These files were either deleted or quarantined.
Source:−pcs−zappe d−bad

35. May 21, VNUNet — OpenOffice worm targets Windows, Mac and Linux computers. A newly discovered worm targeting OpenOffice attempts to download indecent JPEG images onto compromised PCs. Badbunny−A, a macro worm for OpenOffice/StarBasic that drops scripts in other languages, infects computer users when they open an OpenOffice Draw file called badbunny.odg. A macro within the file performs different functions depending on whether the user is running Windows, MacOS or Linux. These can include executing other self−replicating JavaScript and Perl viruses.
Source:−worm−do wnloads−bunny

36. May 18, eWeek — Hundreds click on 'click here to get infected' ad. The fact that 409 people clicked on an ad that offers infection for those with virus−free PCs proves that people will click on just about anything. That was evidenced by the 409 people who clicked on an ad that offers infection for those with virus−free PCs. The ad, run by a person who identifies himself as security professional Didier Stevens, reads like this: "Drive−By Download. Is your PC virus−free? Get it infected here! drive−by−" Stevens, who says he works for Contraste Europe, has been running his Google Adwords campaign for six months now and has received 409 hits. Stevens has done similar research in the past, such as finding out how easy it is to land on a drive−by download site when doing a Google search. Stevens says that he got the idea after picking up a small book on Google Adwords at the library and finding out how easy and cheap it is to set up an ad.

37. May 18, InformationWeek — Online criminal gangs battle with botnets. Two or three online criminal gangs are waging an all−out battle for control of the largest botnets, sending out waves of malware aimed at stealing zombie computers from rival gangs to build up their own army. Each online gang is trying to build up the biggest botnet because the bigger the army of infected computers they control, the more money spammers and hackers will pay to use them, explains Shane Coursen, a senior technical consultant for Kaspersky Lab. Since the gangs have their own botnets already built up, they're all trying to pilfer victimized computers from their rivals, to diminish their competitor's botnets while they build up their own. Coursen said the author of the well−known Storm Worm, also known as Zhelatin, is going head to head with the author or authors of the Warezov and Bagle worms. It's unclear whether one group is responsible for both the Warezov worm and the Bagle worm or if different groups are behind each one, he said. Regardless, they're both working to steal zombies from the Storm Worm authors.
Monday, May 21, 2007

Daily Highlights

PC World reports authorities in a number of states have reported instances of a new high−tech crime: Crooks replacing or rigging checkout keypads at grocery and convenience stores to record the credit card number or the personal identification number used for a debit card. (See item 8)
The New York Times reports a proposal to build a parking garage within one foot of the federal courthouse in Akron, Ohio's downtown area has provoked a strong reaction from some judges who say it would allow potential terrorists to get dangerously close to their courtrooms. (See item 23)

Information Technology and Telecommunications Sector

27. May 18, IDG News Service — Microsoft to buy aQuantive for $6 billion. Microsoft plans to acquire aQuantive, a digital marketing services agency, for around $6 billion in order to grow its Internet advertising business, it was announced Friday, May 18. Microsoft said aQuantive's 2,600 employees will be incorporated into its online services business, dedicated to growing advertising on the company's MSN portal, its Windows Live online services, the Xbox Live gaming platform and Office Live services.
Source:−to−buy−a quantive_1.html

28. May 18, IDG News Service — Symantec: Chinese hackers grow in number, skills. China's hacking scene appears poised for growth, as the number of Internet users rise with a commensurate interest in criminal hacking and government spying, according to a new Symantec study. "China’s hacking scene is clearly an active one," the report said. "These individuals and groups are known for discovering vulnerabilities, writing exploit code, and developing sophisticated hacking techniques." China ranks second behind the U.S. as far as malicious activity on the Internet as a whole, Symantec said, citing its own data. The country had 131 million Internet users as of the end of 2006, accounting for about 10 percent of its population and 11 percent of the world's Internet users.
Source:−hackers−gr ow−in−number_1.html

29. May 17, eWeek — Critical flaws found in Java Development Kit. Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit (JDK), one of which could be used to take over a compromised system. JDK is a software development tool made by Sun Microsystems specifically for Java users. The vulnerabilities were rated "critical" by the French Security Incident Response Team, a security research organization based in France. One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images. The second vulnerability is caused by an error in the BMP image parser when processing malformed files on Unix/Linux systems, which could be exploited by attackers to cause a denial−of−service. Both flaws affect Sun JDK version 1.x.

30. May 17, eWeek — Symantec fixes flaw in security software. Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged−in user, Symantec officials said. In order for an exploit to work, however, the hacker must first trick the user into viewing a specially crafted HTML document.
Symantec Advisory:
Warning: The following post is not by DHS. Rather it is a copy of another blog I maintain and its posts regarding the Julie Amero case. If you do not recognize the name Julie Amero, I implore you to read on. If you are up to speed on the case, this is one that you can skip...assuming you are aware of what happened on May 18th, her scheduled sentencing date. My apologies to anyone who is offended.

To be contined.....It appears that the Julie Amero drama will never end!

Once again, for the fourth time, the saga of Julie Amero has been continued. Who knows why? Only the States Attorney. And, when it is finally heard, at this point no one can be really sure but currently the date is June 6th, it will not be heard in the court of conviction, Norwich Superior Court, but at the New London Judicial District court, the supervising headquarters of the Norwich Superior Court. I was looking forward to attending the hearing in Norwich today and meeting many of the persons who I have discussed this case with. Unfortunately, I may not be able to on June 6th due to other committments. Is it a conspiracy? I think not. However, others have already effectively articulated what is happening with far greater skill than mine....thus, I will introduce them and suggest that you follow the links to their posts.

The first is Rick Green, a columnist with the Hartford Courant: His columns on the Julie Amero saga have been most illuminating. I have had the priviledge of meeting with Rick and discussing the case, and a priviledge it was. Here is his most recent column:

Porn Case: Ducking For Cover, May 18, 2007. The state of Connecticut spent two years investigating before it won a speedy conviction of Julie Amero - the infamous Norwich porn teacher - this January.....

Next is Odd Time Signatures by Karoli....a blog covering many issues that has paid much attention to the Julie Amero case. Go here to see her latest post as well as obtaining a more historical perspective:

Julie Amero News, May 18, 2007. About the time I think I’ve written everything I can possibly write about Julie Amero, something else comes up. This latest postponement of her sentencing date has created opportunities for some very interesting articles and interviews.....

You can also read my earlier posts below for additional perspective or simply Google 'Julie Amero'. Sit back, relax and learn what is wrong with the current criminal justice system and technology.

Sentencing continues to be Continued.....Julie Amero....Will it ever end?

I hope that you have been following this case through other vehicles. Simply stated, my activities relative to Julie, college and clients has me going in overdrive and now that Spring has arrived, finally in New England, I have a lot of outside duties to tend to as well. A lot has transpired since my last post, the most significant of which is the delay of the sentencing. First of all in February until March 26th at the request of defense with the addition of skilled defense/appeal attornies and then March until April 26th at the State's request. Now, April until May 18th and you may see it here first.

I determined the rescheduling to May 18th by calling the GA-21 Criminal Clerks office in Norwich Superior Court this morning at about 11:30PM EDST. I was told by the media it was not official yet and I suspect that is why none of the media seem to have picked this up yet. None-the-less, I was told the following, "The Julie Amero sentencing hearing has been rescheduled for May 18th in Norwich Superior Court." Thus, I have no reason to doubt its accuracy.

Now, why another rescheduling? I could be barking up the wrong tree, and this would not be the first time, but with all of the media resources, international, national and local tied up with the Skakel trial in Bridgeport I believe that the State wants a clear agenda when the Julie Amero sentencing hearing takes place. It is embarrassed and needs maximum publicity as it tries to extracate itself from the mess that it finds itself in. For those that have not followed the case closely, the muck smears even Connecticut's Chief States Attorney Kevin Kane. On the job for less than a year, I am quite sure he wants a job for awhile longer.

Keep your eyes and ears posted here. If you want every detail, this is not the place to look. However, if you only want the significant events in this case, you can be assured I will update you later.

Julie Amero -- Searchable Transcript Now Available

Through the efforts of several individuals, a searchable version of the transcript is now available that can be published on the Internet. Actually, it has been available for several days. However, I wanted to clean it up and found the challenge greater than the amount of spare time that I have to complete such a task. Thus, while this transcript is "good", you will find that it changes font and appearance on many occasions. It also has errors in that this is an automated OCR conversion of the original images appearing in the non-searchable version.

Thus, when using the searchable version the following is strongly recommended:

1.) Be sure that you have both the searchable and non-searchable versions.

2.) Use the searchable version to locate the page that desired information is on and then switch to the non-searchable version for reading/research.

a.) This is the full set that is not searchable and has been available since February 28, 2007. You do not need to download this version if you have already done so. It has not changed.

Transcript Julie Amero Full Set Finally.pdf (101.0 MB bytes) =>
Short URL —
Long URL —

b.) This full set is searchable and compatible with all Adobe Acrobat Reader versions from Version 5 forward. If you have not down loaded the non-searchable version above, you should do so first as it is the only version that is "completely" accurate as it is a photographic image of the paper transcript. Do not make the mistake of trying to quote information from this version of the is fine for automated searching, but that is all.

Transcript julie-amero-full-transcript-text.pdf (13.4 MB bytes) =>
Short URL —
Long URL —

c.) This full set is searchable and compatible with all Adobe Acrobat Reader versions from Version 7 forward. It likely is not compatible with earlier versions and supports features of Version 7 and beyond that are not supported by the Version 5 file above. If you have not down loaded the non-searchable version above, you should do so first as it is the only version that is "completely" accurate as it is a photographic image of the paper transcript. Do not make the mistake of trying to quote information from this version of the is fine for automated searching, but that is all.

Transcript julie-amero-full-transcript-text-3.pdf (90.4 MB bytes) =>
Short URL —
Long URL —

Julie Amero -- I've Been Silent for Too Long!! -- Phase 2

I promised in my initial post on the Julie Amero issue that I would update the matter when a couple of articles that I knew were in development became available to the public. Personally, I am very pleased with these articles and what they present to the public. One of them is quite long, 17 pages, but an extremely informative well written read. The other is of similar quality from a totally different, mostly technical perspective. There is no question that both authors see the Julie Amero issue as a travesty of justice as do I. Please reserve yourself a block of time and eliminate the distractions before you approach these articles. They deserve your undivided attention.

The first is a PDF from Windows Secrets, a newsletter that I subscribe to and encourage others to also subscribe. They have a free version which is great and a paid version that is even better. Fortunately, this article, Pop-up ads can land you in jail, appears in the free version. I created a PDF of it so that you can save a copy. If you wish to see the original, here is the link:

Julie Amero -- I've Been Silent for Too Long!!

Ok....where have I been for so long; working studying and maintaining another blog on a daily basis along with following/working on the Julie Amero case with my law professor. I know...I should have said something sooner, but quite frankly with everything that has been going on with Julie Amero I am barely keeping up with my studies and my wife is quite unhappy as well but is also outraged regarding this case.

I could overwhelm you with the facts, but rather than repeat what many others have said so well, with much more to come in the near future, I will summarize with appropriate links. Julie is a teacher that has been ambushed by the Connecticut legal system as a wanton vixen who destroys the character of young children, 7th graders, by exposing them to sordid sites on the classroom teacher's computer. The Norwich Bulletin has covered this story with a somewhat negative bias until recently. A simple Google search on Julie Amero will connect you with numerous other coverages of the story worlwide.

There are a couple of more local posts that help put it all together. They include
My Left Nutmeg and the Region 19 BOE Gazette; both of which you should read including their many links. I do not find it appropriate to attempt to paraphrase their excellent dialog on this issue. I am working with them and many others to ensure that Julie receives justice in this case...that is full exoneration, including compensation for the undue stress that she is enduring. As a result I know of other articles now about to be published. When they are available for the public I will post again.
Friday, May 18, 2007

Daily Highlights

The Indianapolis Star reports in what appears to be one of the broadest online school security failures ever in the U.S., thousands of confidential Indianapolis Public Schools student records were available to the public through Google searches. (See item 11)
The Los Angeles Daily News reports travelers were evacuated from Terminal 2 at Los Angeles International Airport Wednesday night, May 16, after baggage screening equipment detected two inactive World War II−era mortar shells inside luggage at a security checkpoint. (See item 19)

Information Technology and Telecommunications Sector

32. May 17, IDG News Service — Estonia recovers from massive denial−of−service attack. A spree of denial−of−service attacks against Websites in Estonia appears to be subsiding, as the government calls for greater response mechanisms to cyber attacks within the European Union. The attacks, which started around April 27, have crippled Websites for Estonia's prime minister, banks, and less−trafficked sites run by small schools, said Hillar Aarelaid, chief security officer for Estonia's Computer Emergency Response Team, on Thursday, May 17. But most of the affected Websites have been able to restore service. "Yes, it's serious problem, but we are up and running," Aarelaid said. Aarelaid said analysts have found postings on Websites indicating Russian hackers may be involved in the attacks. However, analysis of the malicious traffic shows that computers from the U.S., Canada, Brazil, Vietnam, and others have been used in the attacks, he said. Experts from the North Atlantic Treaty Organization are helping Estonia investigate the attacks, Aarelaid said.
Source:−denial−of− service−attack_1.html

33. May 17, IDG News Service — Investment firms to buy Acxiom for $3 billion. Customer information management company Acxiom has agreed to be acquired by two private equity firms for $3 billion in cash. Acxiom has signed a definitive agreement to be acquired by the equity firms Silver Lake and ValueAct Capital. The price tag includes the assumption of about $756 million in debt, the companies announced Wednesday, May 16. They expect to close the deal in three to four months.
Source:−firms−b uy−acxiom_1.html

34. May 16, eWeek — Researcher reveals two−step Vista UAC hack. A Web application developer has uncovered a two−step process for exploiting Windows Vista's User Account Control (UAC), essentially by having a Trojan piggyback on what could be a legitimate download. Robert Paveza, a senior Web application developer with Terralever, published details of the vulnerability in a paper titled, "User−Prompted Elevation of Unintended Code in Windows Vista." Paveza said in the paper that the vulnerability uses a two−part attack vector against a default Vista installation. The first step requires that malware called a proxy infection tool be downloaded and run without elevation. That software can behave as the victim expects it to while it sets up a second malicious payload in the background.
White paper: r.pdf

35. May 16, SecurityFocus — Microsoft to give more early data on flaws. Microsoft announced on Wednesday, May 16, that the company will release more information on coming patches through its Advanced Notification Service and modify the layout of its security bulletins starting in June. Under the changes, Microsoft's Security Response Center will release advanced notifications and security bulletins under the same URLs, adding in−depth vulnerability information on the second Tuesday each month to the summary of information released five days before as part of its Advanced Notification Service. The summarized information will include maximum severity and impact of the flaws, detection information and the names of affected software.
Thursday, May 17, 2007

Daily Highlights

Florida Governor Charlie Crist said Monday, May 14, that most gas stations along hurricane evacuation routes haven't yet complied with a new law requiring them to install generators so they can still supply fuel if a storm knocks out power. (See item 4)
The Pipeline and Hazardous Materials Safety Administration and the State of Alaska on Tuesday, May 15, announced an agreement to provide stronger oversight over oil and natural gas production and transportation facilities located within the State’s borders. (See item 17)

Information Technology and Telecommunications Sector

28. May 16, IDG News Service — Millions disconnected by NTT broadband outage. Millions of broadband Internet users across most of eastern Japan were unable to log on Tuesday evening, May 15, after a problem at the country's largest broadband provider. NTT East said 2.85 million customers lost Internet service at 6:44 p.m. (9:44 a.m. GMT) on Tuesday, the carrier said in a statement. The outage, the cause of which is still being investigated, lasted until 1:35 a.m. on Wednesday when the last of the affected customers was reconnected. The outage is one of the largest in years and took out both PC Internet connections and IP telephone service across 14 of the 17 prefectures in which NTT East provides service. Customers in Tokyo and the surrounding prefectures of Kanagawa, Chiba and Saitama were not affected.
Source:−broadband−outa ge_1.html

29. May 16, Associated Press — Next gen of Wi−Fi is planned for summer. The next generation of wireless Internet products certified by the Wi−Fi Alliance is expected to hit shelves this summer, even though a final standard for the technology isn't due for another year, the industry group says. The Wi−Fi Alliance was announcing Wednesday, May 16, that it will begin certifying wireless routers, networking cards, microchips and other so−called "Draft N" products in June. The products, which take their name from the upcoming 802.11n technical standard, are expected to reach retail stores shortly thereafter.

30. May 16, Reuters — Symantec sues eight companies over software piracy. Symantec Corp., maker of the Norton Antivirus software, said on Wednesday, May 16, it has sued eight companies it accuses of illegally copying its computer security software, seeking more than $55 million in damages. It is the latest company to resort to legal action to fight piracy, a crime the industry says costs software makers billions of dollars a year in lost revenue. Symantec is seeking jury trials in each case and $4 million to $10 million in damages from each company named in the lawsuits, filed in U.S. District Courts in California. Symantec alleges the companies engaged in trademark infringement, copyright infringement, fraud, unfair competition, trafficking in counterfeit labels and documentation, and false advertising.

31. May 16, ComputerWorld — Worm attacked voter database in notorious Florida district. Sarasota County, FL's, computer database infrastructure was attacked by a notorious Internet worm on the first day of early voting during the 2006 election featuring the now−contested U.S. House race in Florida's 13th Congressional district. In the early afternoon hours on Monday, October 23, 2006, an Internet worm slammed into the county's database system, breaching its firewall and overwriting the system's administrative password. The havoc brought the county's network, and the electronic voting system which relies on it, to its knees as Internet access was all but lost at voting locations for two hours that afternoon. Voters in one of the nation's most hotly contested Congressional elections were unable to cast ballots during the outage as officials were unable to verify registration data. An incident report filed by the county explains the intrusion and temporary havoc wrought by the virus. According to the two−page report, a server on Sarasota County's database system was attacked by "a variant of the SQL Slammer worm." Once infected, as the report details, the server "sent traffic to other database servers on the Internet, and the traffic generated by the infected server rendered the firewall unavailable."
Incident report:

32. May 16, News (Australia) — Sydney, Australia, phone blackout to follow Bush at APEC summit. Mobile phone calls will be blocked in central Sydney, Australia, during the APEC summit in September to protect President George W. Bush from bomb attacks. A helicopter equipped with signal−jamming equipment will shadow Bush's presidential motorcade whenever he travels on the city's streets. It is expected the mobile phone network will be neutralized for about two minutes. Many of the remote−controlled bombs detonated in Iraq and those used in the second Bali bombing were set off by mobile phones.

33. May 15, eWeek — US−CERT: Critical Unicode flaw undercuts firewalls, scanners. The U.S. Computer Emergency Readiness Team (US−CERT) reports that 92 security products by different vendors, including Cisco, may have a serious security hole. Given these products' market share, most businesses could be affected. US−CERT is reporting a network evasion technique that uses full−width and half−width unicode characters to allow malware to evade detection by an IPS or firewall. The vulnerability affects virtually every major firewall and intrusion prevention system available, including products from Cisco Systems. Given Cisco's major share of the market, at least for enterprise routers and VPN and firewall equipment, that means most businesses will be affected. The vulnerability concerns HTTP content−scanning systems that fail to properly scan full−width and half−width Unicode−encoded HTTP traffic. A remote attacker could exploit the vulnerability by sending specially crafted HTTP traffic to a vulnerable content scanning system. After sneaking malware past the firewall or IPS, the attacker can then wreak havoc on a system, scanning and attacking without being detected.
US−CERT Vulnerability Note:

34. May 15, InfoWorld — Oracle to buy premier PLM company Agile. Oracle announced Tuesday, May 15, that it is buying Agile Software, one of the premier product lifecycle management (PLM) solution providers. The deal is being managed as a cash merger for $8.10 per share or $495 million and is expected to close in July. PLM software is designed to streamline the design, engineering, production, distribution, and support of a product. Agile will serve as the foundation of an Oracle PLM offering.
Source:−buys−Agile_ 1.html
Wednesday, May 16, 2007

Daily Highlights

Boston NOW reports critics and nuclear security experts charge that three nuclear research reactors operated by Massachusetts colleges and universities could be easy targets for terrorist attacks because they lack the stringent security required of larger commercial nuclear power plants. (See item 1)
The Associated Press reports two commuter trains collided in Philadelphia in a downtown tunnel at the beginning of the evening rush hour Monday, May 14, slightly injuring nearly three−dozen people. (See item 15)

Information Technology and Telecommunications Sector

34. May 15, eWeek — Vendor: Cisco IOS Server backdoor may have been planted. A security vendor is questioning whether the IOS FTP Server vulnerabilities Cisco reported on May 9 may constitute an intentionally planted backdoor, as opposed to a series of programming errors that inadvertently led to a backdoor. Chris Eng, director of security services at Veracode, is suggesting that possibility given that a remote attacker would need one of the flaws −− improper authorization checking in IOS FTP −− in order to exploit the second flaw −− an IOS reload when transferring files via FTP. In essence, an attacker can bypass authentication and avoid giving credentials because of the first flaw. The attacker then has to overwrite the critical startup configuration file, then has to cause the router itself to reboot in order to execute the rewritten configuration file. "Is it a coincidence that both flaws happen to be there at same time?" Eng asked. "Multiple things have to fall into place to really exercise the full extent of the attack. That seems a little bit odd. It kind of has the trademarks of what you'd expect from [an intentionally planted] backdoor." Together, the flaws open the door for an attacker to retrieve or write any file from the device file system.

35. May 15, IDG News Service — Tech groups support new cybersecurity bill. A tech trade group and a leading cybersecurity vendor applauded new legislation introduced in Congress that would broaden penalties for cybercrime, including first−time penalties for botnet attacks. The Cyber Security Enhancement Act, introduced Monday, May 14, would create for the first time criminal penalties for botnet attacks often used to aid identity theft, denial−of−service attacks, and the spread of spam and spyware. The bill would also allow prosecutors to pursue racketeering charges against cybercriminal groups, would expand sentencing guidelines for cybercrime by allowing the forfeiture of property used to commit the crime, and would add $30 million a year to the budgets of federal agencies fighting cybercrime. The Business Software Alliance, a trade group, and Symantec, a security vendor, both offered support for the legislation.
Source:−cybersecurity− bill_1.html

36. May 15, IDG News Service — Samba developers quash serious bug. Users of the open−source Samba software are being urged to patch their code following the discovery of a critical bug in the file−and−print software. The bug is one of three vulnerabilities that were patched Monday, May 14, by the Samba team in the Samba 3.0.25 release. The flaw is considered to be particularly worrisome for two reasons: It could be remotely exploited by an attacker to run unauthorized code on the Samba server and there is no known work−around for the flaw. Samba ships with Linux and Unix operating systems and is a popular way of allowing Windows clients to print and store files using a Linux or Unix machine.
Source:−quashes−seri ous−bug_1.html

37. May 15, IDG News Service — AOL buys company to boost mobile ad business. AOL has acquired Third Screen Media to strengthen its position in mobile advertising, a small component of online advertising expected to shoot up in coming years and become a multibillion dollar market. Third Screen Media, which has a mobile ad network and an ad management platform, will become a subsidiary of AOL's division, AOL announced Tuesday, May 15.

38. May 14, IDG News Service — SAP fills gaps with two Nordic acquisitions. In line with its acquisition strategy to fill technology gaps, SAP has purchased two privately held Scandinavian software companies. SAP acquired identity management software MaXware and Wicom Communications, which designs call−center applications based on IP technology, the German business software maker announced Monday, May 14. Financial details were not disclosed. SAP intends to integrate MaXware's identity management features into its NetWeaver integration middleware in a move to allow businesses to centralize identity management and increase security across their various processes.
Source:−nordic−acquisi tions_1.html
Tuesday, May 15, 2007

Daily Highlights

The Associated Press reports the Empress of the North −− a cruise ship that ran aground at the southern end of Icy Strait, off the Alaskan coast −− was moving under Coast Guard escort after its passengers had been evacuated. (See item 17)
The Department of Homeland Security will soon begin conducting multiple projects in the Port of Tacoma, to evaluate technology and concepts of operations for radiation detection that will scan cargo at various points in transfer from ship to rail. (See item 19)
WCBD reports Karen Wyndham, of Cottageville, South Carolina, was charged with tampering with consumer products after placing rodent poison into three previously sealed packages of ground beef, and then putting the tainted meats in the meat display of a Super K−Mart store. (See item 27)

Information Technology and Telecommunications Sector

38. May 14, IDG News Service — Verizon Business to acquire Cybertrust. Verizon Communications' Business unit plans to acquire managed security vendor Cybertrust in an effort to pump up its cybersecurity offerings, Verizon announced Monday, May 14. The financial terms of the deal were not disclosed. The companies expect the transaction to close in 60 to 90 days. The goal of the acquisition is to make Verizon Business a leading provider of managed information security services to large business and government customers, Verizon said.
Source:−acquires−c ybertrust_1.html

39. May 14, Associated Press — DoD blocks some Websites. Soldiers serving overseas will lose some of their online links to friends and loved ones back home under a Department of Defense (DoD) policy that a high−ranking Army official said would take effect Monday, May 14. DoD will begin blocking access "worldwide" to YouTube, MySpace and 11 other popular Websites on its computers and networks, according to a memo sent Friday by General B.B. Bell, the U.S. Forces Korea commander. The policy is being implemented to protect information and reduce drag on the department's networks, according to Bell.

40. May 14, VNUNet — Google warns of Web malware epidemic. A study released Monday, May 14, by Google has warned of "very high levels" of malware being hosted on Websites. In a year−long scan of over 4.5 million sites the Google team found code on 450,000 pages that could inject malware onto users' PCs via improperly patched browsers. A further 700,000 sites hosted similar code that, while not necessarily malicious, could harm the security of the PC viewing the page. "In most cases, a successful exploit results in the automatic installation of a malware binary, also called drive−by download," said the five−member team who wrote, "The Ghost in the Browser" paper. "The installed malware often enables an adversary to gain control over the compromised system and can be used to steal sensitive information such as banking passwords, to send out spam or to install more malicious executables over time." The research highlighted four main attack vectors: Web server security; user generated content; advertising; and third−party software.
Study: os/provos.pdf
Source:−study−shows −scale−web

41. May 11, eWeek — Mother's Day brought unwanted spam. Mother's Day brought unwanted gift−spam. According to researchers at security vendor Sophos, spammers were trying to sell items like flowers, chocolates and baskets of fruit to consumers who may have not purchased presents for their mothers. Sophos experts said there are at least 23 different dates used in countries around the world to celebrate Mother's Day, but spammers focus on the North American celebration because it provides them with the largest possible audience. Meanwhile, security specialists at Panda Software's anti−malware laboratory, PandaLabs, on May 10 uncovered an application being used to control botnets in 54 countries. Ryan Sherstobitoff, product technology officer at Panda Software said the tool did not seem to be connected to the recent Mother's Day spam e−mails, but was a threat −− particularly if it was used by cyber−criminals. "Everything has the end−all goal [of stealing] information," Sherstobitoff said. The application, called Zunker, contains a statistics section that includes graphs displaying the performance of each bot in the network, the number of available zombies and their monthly or daily activity.

42. May 11, eWeek — ANI Trojan lurks in popular hardware site. More than a month after Microsoft patched the .ANI vulnerability, the popular Tom's Hardware has found the W32.ani Trojan lurking in one of its banner ads. ScanSafe, a managed Web security services company, on May 8 noticed a spike in traffic blocks that had a common theme. The company found that was unknowingly hosting the banner ad, which was redirecting users to a site where the driveby malware was automatically downloaded. The banner ad was up, infecting victims with unpatched systems, for 24 hours.