Daily Report Monday, January 8, 2007

Daily Highlights

CNN reports security at the Port of Miami was tightened Sunday, January 7, after three people, two of them hidden inside a truck container, tried to enter the port illegally. (See item 11)
The Associated Press reports a Frontier Airlines jet attempting to land Friday, January 5, at Denver International Airport came within 50 feet of a smaller charter plane that had inadvertently entered the runway. (See item 12)
The Department of Homeland Security has released fiscal year 2007 grant guidance and application kits for five grant programs that will total roughly $1.7 billion in funding for state and local counterterrorism efforts. (See item 25)

Information Technology and Telecommunications Sector

29. January 05, Reuters — Chinese Web users lose 10,000 domain names in quakes. Chinese Web users lost around 10,000 Internet domain names due to disruption caused by last month's earthquakes off Taiwan, state media said on Friday, January 5. The domain names .. or Website addresses .. vanished after Chinese users were unable to update them or failed to re.register them on their expiry, the official Xinhua news service said, citing China International Network Information Center.
Source: http://news.yahoo.com/s/nm/20070105/wr_nm/china_earthquake_d omain_dc

30. January 05, U.S. Computer Emergency Readiness Team — US.CERT Technical Cyber
Security Alert TA07.005A: Apple QuickTime RTSP buffer overflow. A vulnerability
exists in the way Apple QuickTime handles specially crafted Real Time Streaming Protocol
(RTSP) URL strings. Public exploit code is available that demonstrates how opening a .QTL
file triggers the buffer overflow. However, US.CERT has confirmed that other attack vectors
for the vulnerability also exist. Possible attack vectors include: 1) A Webpage that uses the
QuickTime plug.in or ActiveX control; 2) A Webpage that uses the rtsp:// protocol; 3) A file
that is associated with the QuickTime Player. Note that this vulnerability affects QuickTime on
Microsoft Windows and Apple Mac platforms. Although Webpages can be used as attack
vectors, this vulnerability is not dependent on the specific Web browser that is used. Apple
iTunes and other software using the vulnerable QuickTime components are also affected.
Solution: US.CERT is currently unaware of a solution to this problem. Until a solution
becomes available, the workarounds provided in US.CERT Vulnerability Note VU#442497
are strongly encouraged: http://www.kb.cert.org/vuls/id/442497
Source: http://www.uscert.gov/cas/techalerts/TA07.005A.html

31. January 04, eWeek — Patch Tuesday: Critical MS Office fixes coming. Microsoft's security response team has announced plans to release eight security bulletins Tuesday, January 9, with patches for a slew of Windows and Office vulnerabilities. Four of the bulletins will deal directly with the Microsoft Office desktop suite, which includes the Microsoft Word software that has been the target of zero.day malware attacks. As part of its advance notification process, Microsoft said at least three of the four Office updates will be rated "critical," its highest severity rating.
Source: http://www.eweek.com/article2/0,1895,2079123,00.asp

32. January 04, InfoWorld — Cisco warns of vulnerabilities in NAC product. Networking
equipment vendor Cisco Systems Inc. issued an advisory to customers Wednesday, January 3,
about two serious vulnerabilities in its Cisco Clean Access software, a network access control
product. The two issues could allow remote attackers to gain control of the devices, or glean
sensitive data from Clean Access customers that could be used to compromise the Clean Access
Manager (CAM) product, the company said. According to Cisco Security Advisory 72379, a
problem with initial setup of the Cisco Clean Access Manager (CAM) and Clean Access Server
(CAS) product makes it impossible to properly configure a "shared secret" that is used to
authentication communications between the two devices. Remote hackers could take advantage
of the vulnerability by establishing a TCP connection to the CAS device, Cisco said. A second
vulnerability in the Clean Access Manager allows malicious users to view backups of the CAM
database without first authenticating on the CAM device. A flaw in the way database backups
are stored makes it possible to guess the backup file name and download it without
authenticating, Cisco said.
Source: http://www.infoworld.com/article/07/01/04/HNciscoclean_1.htm l

33. January 04, CNET News — PDF security risk greater than originally thought. A recently discovered security weakness in the widely used Acrobat Reader software could put Internet users at more risk than previously thought, experts warned Thursday, January 4. Initially, security professionals thought that the problem was restricted and exposed only Web.related data or could support phishing scams. Now it has been discovered that miscreants could exploit the problem to access all information on a victim's hard disk drive, said Web security specialists at WhiteHat Security and SPI Dynamics. Key to increased access is where hostile links point. When the issue was first discovered, experts warned of links with malicious JavaScript to PDF files hosted on Websites. While risky, this actually limits the attacker's access to a PC. It has now been discovered that those limits can be removed by directing a malicious link to a PDF file on a victim's PC. "This means any JavaScript can access the user's local machine," said Billy Hoffman, lead engineer at SPI Dynamics. "Depending on the browser, this means the JavaScript can read the user's files, delete them, execute programs, send the contents to the attacker, et cetera. This is much worse than an attack in the remote zone."
Source: http://news.com.com/PDF+security+risk+greater+than+originally+thought/2100.1002_3.6147428.html?tag=nefd.top

34. January 04, IDG News Service — Patch issued for OpenOffice.org WMF vulnerability. A patch has been released for a vulnerability in the OpenOffice.org productivity suite, a problem rated as "highly critical" by one security vendor. The flaw could be exploited by creating a malicious file in the Windows Metafile (WMF) or Enhanced Metafile formats. If the file was opened by a user, it could start running unauthorized code on a computer, according to an advisory by Linux distribution vendor Red Hat Inc., which offers the OpenOffice suite with several of its products. OpenOffice.org has published a patch, which in turn is being distributed by Red Hat. The problem was first reported in October, but the vendors that distribute OpenOffice and often work together on security issues chose not to issue the patch until OpenOffice.org acknowledged earlier this week that it was a security issue, said Mark Cox, director of Red Hat's Security Response Team. No public exploits or even proof.of.concept code has been discovered, he added.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007101&source=rss_topic85