Daily Report Thursday, January 4, 2007

Daily Highlights

The Associated Press reports five employees of a baggage.handling contractor, Menzies Aviation Group, have been charged in the thefts of 158 pieces of luggage from George Bush
Intercontinental Airport. (See item 10)
The Department of Homeland Security on Wednesday, January 3, released scorecard assessments of interoperable communications capabilities in 75 urban and metropolitan areas nationwide. (See item 21)

Information Technology and Telecommunications Sector

22. January 03, Sophos — Top ten malware threats and hoaxes reported to Sophos in December 2006. Sophos has revealed the most prevalent malware threats and e.mail hoaxes causing problems for computer users around the world during December 2006. The figures show that the long.established Dref malware has made an unexpected return to the top of the threat chart, thanks to two new variants currently causing problems for computer users worldwide. The Dref.V mass.mailing worm, which poses as a New Year e.card, was discovered on December 30, 2006, and by the following day accounted for 93.7 percent of infected e.mails. As a result, Dref .. which was first seen in July 2005 .. has knocked last month's main offender Stratio (also known as Stration) off the top of the chart. Stratio, currently in fourth place, now accounts for just 7.8 percent of the total. The proportion of infected e.mail continues to remain low, at just one in 337 (0.30 percent), while during December Sophos identified 6,251 new threats, bringing the total number of malware protected against to 207,684. Refer to source to view the full report.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/topt endec.html

23. January 02, eWeek — Month of Apple Bugs, meet Month of Patches. It's officially a cat.and.mouse race to exploit .. and fix .. security vulnerabilities affecting Apple Computer's Mac operating system. Less than 24 hours after the release of working exploits for two critical media player flaws .. QuickTime and VLC .. a former engineer in Apple's BSD Technology Group has launched an effort to provide run.time fixes for each flaw released during the Month of Apple Bugs (MoAB) project. Landon Fuller, one of the primary architects of the Darwin ports system, has announced plans to react to each MoAB bug with a daily, unofficial patch.
Source: http://www.eweek.com/article2/0,1895,2078433,00.asp

24. January 02, eWeek — Survey: Consumers not confident about Internet security. Trend Micro on Tuesday, January 2, released the Internet Confidence and Safety survey that evaluates consumers' attitudes about Internet.related concerns such as how safe they feel when using the Internet, their opinions regarding the future of Internet security, their experience with Internet infections and their confidence when it comes to security software. The study, which was gathered in September 2006 and will take place at six.month intervals in Japan, the United States, the United Kingdom, Germany and France, reported that 51 percent of consumers are not confident that their Internet security software is protecting their system. The study also found that while 51 percent of respondents in the United States feel that the Internet is very safe, 32 percent feel that the Internet will be less safe in six months. The new research study from Trend Micro concluded that consumers take part in what is considered risky online behavior by participating in online banking, using credit cards to buy things and downloading freeware or shareware.
Survey results: http://www.trendmicro.com/en/about/news/pr/archive/2006/pr01 0207.htm
Source: http://www.eweek.com/article2/0,1895,2078315,00.asp

25. January 02, IDG News Service — Google closes Gmail cross.site scripting vulnerability. Google Inc. has fixed a flaw that would have allowed Websites to harvest information from Gmail contact lists, a problem that could have let spammers collect reams of new e.mail addresses. For an attack to work, a user would have to log into a Gmail account and then visit a Website that incorporates JavaScript code designed to take contact information from Gmail. Proof.of.concept code was publicly posted.
Source: http://www.infoworld.com/article/07/01/02/HNgmailscripting_1 .html

26. January 02, IDG News Service — Outage knocks Lycos offline. A network outage at hosting provider SAVVIS Communications has knocked a number of Websites offline, including Web portal Lycos. The outage occurred around 9 a.m. Eastern on Tuesday morning, December 2, when a backup data line connecting SAVVIS's Boston data centers was accidentally severed, said Kathy O'Reilly, a Lycos spokesperson. At the time, crews had been in the process of repairing the main line to the data center, which was also down, she added. With the two data lines out of service, the entire Lycos Network including Lycos Mail and the Tripod Web hosting service was knocked off the Internet, O'Reilly said. None of the data being stored by Lycos was affected by the incident, she added.
Source: http://www.infoworld.com/article/07/01/02/HNsavvis_1.html

27. January 02, Washington Technology — DHS plans IT employee records database. The Department of Homeland Security (DHS) is setting up a new records system to keep track of the names, passwords, citizenship information and other data on thousands of IT workers with access to the department’s systems. In a notice posted December 29, DHS announced it is creating a new sensitive, but unclassified, database as part of its General Information Technology Access Account Records System. The new database will collect personal information from IT employees, contractors, grantees and others, including people who serve on DHS advisory committees or are listed as points of contact for facilities.
Source: http://www.washingtontechnology.com/news/1_1/daily_news/29923.1.html?topic=homeland