Monday, October 15, 2007

Daily Report

· The Associated Press reports that Penn State University experienced a minor leak of ‘slightly radioactive water’ at its Breazeale nuclear reactor. However, the incident did not pose any health risk to workers, the community or the environment, according to the university. (See item 5)

· The New York Times reports that a 14-year-old boy was arrested in a northern suburb of Philadelphia, Pennsylvania for plotting a “Columbine style” attack on students. Police found a 9-millimeter assault rifle, dozens of authentic-looking BB and air guns, and seven homemade hand grenades at the boy’s home. The student was charged with various offenses including criminal attempt and possession of a criminal instrument. (See item 24)

Information Technology

27. October 12, Computerworld – (National) Storm Trojan flaunts crazy cat to build out botnet. After lying low for several weeks, hackers responsible for spreading the Storm Trojan have returned to the attack with e-mail that leads to an exploit-filled Web site and a laughing cat, said researchers today. Storm -- also known as Nuwar or Peacomm -- is a Trojan horse designed to compromise Windows-powered computers, then add those machines to a growing botnet. Although the size of the botnet Storm has acquired has been disputed, the most conservative estimates put it in the hundreds of thousands. The malware has been seeded using several attack vectors, but the most common have been e-mail campaigns that contain attachments, or which link to malicious Web sites. Those sites then infect visiting vulnerable PCs using drive-by downloads or by convincing users to click on additional links that then download an executable. Attacks typically come in waves, researchers have noted, that rise, crest and then subside, while the hackers behind the botnet have become infamous for crafting persuasive messages and tricking users into infecting themselves.

28. October 11, Computerworld – (National) Now Pfizer employees’ spouses suffer data compromise. For the fourth time in as many months, some Pfizer Inc. employees have been affected by a compromise involving personal data -- though this time, in a somewhat indirect fashion and not as a result of a security breach at the company itself. The most recent incident involves Wheels Inc., a company that leases cars to Pfizer employees and their spouses. In August, Wheels discovered that an online Web application used to collect information from spouses of Pfizer employees failed to employ proper encryption during the data transfer process, according to Wheels’ marketing director. As a result, personal information sent by about 1,800 spouses of Pfizer employees was transmitted in a non-encrypted fashion to Wheels during a two-week period in August. The data included names, addresses, dates of birth and driver’s license numbers. Social Security numbers were not collected as part of the process. Wheels collects the data in order to conduct a search of motor vehicles records to qualify spouses to drive leased company cars, he said. Following the discovery of the breach, Wheels shut down the service and made sure data was being encrypted during transmission before turning the service back on again, he said. Even though the likelihood of anyone’s information having actually been intercepted or stolen during transmission is remote, Wheels has decided to offer two-years’ worth of credit monitoring and credit restoration services free of charge to the 1,800 people affected, he said.

29. October 12, Computerworld – (National) Microsoft explains Windows URI patch strategy. Microsoft Corp. Thursday clarified what it plans to patch to fix a bug in Windows XP and Server 2003, but said it had no plans to overhaul the operating system’s protocol-handling technology. Representatives from the Microsoft Security Response Center (MSRC) acknowledged there was confusion around its decision to patch a vulnerability in Windows XP and Windows Server 2003 on systems running Internet Explorer 7. “There are two separate issues,” one of the reps said, referring to the Universal Resource Identifier (URI) bug in Windows that was the focus of a security advisory issued yesterday, and a larger problem that first surfaced in June but gained traction in July. “The issue [from] back in June is really related to protocol handling, and is really around how third-party applications handle them,” he said. Starting four months ago, researchers uncovered vulnerabilities in applications such as Apple Inc.’s Safari for Windows and Mozilla Corp.’s Firefox that were traced to Windows’ protocol handling, the technology that lets browsers run other programs via commands in the URL. In July, criticism mounted as some researchers said Microsoft bore full responsibility for the flaws, which could be used to hijack PCs. Others, however, defended Windows, saying it was the applications’ duty to “sanitize” -- to guarantee that the URIs did not allow invalid input -- the URLs they passed to the operating system.

Communications Sector

30. October 11, Reuters – (National) FCC eases some broadband rules on AT&T. A divided Federal Communications Commission (FCC) partially granted AT&T’s request to relax rules that govern what the company can charge business customers and rivals for access to some of the its high-speed Internet lines. “This relief will enable AT&T to have the flexibility to further deploy its broadband services and fiber facilities without overly burdensome regulations, said the FCC chairman. Under telecommunications law, the FCC has the authority to waive some regulations if it believes the market has become sufficiently competitive. The FCC action will eliminate a key requirement that AT&T file tariffs with the agency disclosing the rates it charges businesses and rivals for high-speed access. The FCC lifted regulations on Verizon Communications high-speed business services last year. Verizon’s petition was not approved by the agency, but went into effect when one commissioner recused himself from the case and the remaining four were deadlocked. A similar petition by Qwest Communications International is still pending before the agency. That company’s request was put on hold by the FCC last month. All the requests have been opposed by smaller rivals such as Sprint Nextel Corp, Time Warner Telecom Inc and XO Communications.

31. October 11, IDG News Service – (National) Tech group, broadcasters slug it out on white spaces. A technology trade group has accused U.S. television executives of conducting a “misinformation campaign” about wireless devices designed to operate in unused portions of the television spectrum. The Information Technology Industry Council (ITI) on Thursday accused executives at four major television networks, including CBS and NBC Universal, of spreading false information about the interference possibilities for proposed devices that would operate in the “white spaces” of the television spectrum. ITI and tech vendors, including Microsoft, Google, Dell, and Philips Electronics North America, are pushing the U.S. Federal Communications Commission (FCC) to approve prototype wireless devices that would operate in the white spaces. But in July, a prototype device submitted to the FCC by Microsoft malfunctioned in tests and was not approved by the agency. Microsoft and Philips retested an identical device and said last month that it passed interference sensing tests.

No comments: