Daily Report Thursday, January 18, 2007

Daily Highlights

The Department of Homeland Security announced on Wednesday, January 17, that it will launch the DHS Traveler Redress Inquiry Program, an easy to use, single point of inquiry for travel.related issues. (See item 17)
USA TODAY reports a long.delayed program aimed at speeding trusted travelers through airport security took a big step Tuesday, January 16, when it opened at one terminal in New York's John F. Kennedy International Airport, the first besides Orlando International Airport. (See item 19)
The Associated Press reports hundreds of people were in emergency shelters and thousands remained in darkened homes after a winter storm that left 54 dead in nine states from Texas to Maine. (See item 38)

Information Technology and Telecommunications Sector

30. January 17, IDG News Service — Dutch prosecutors seek jail time for botnet duo. Dutch prosecutors are pursuing jail terms for two men charged in a large.scale computer hacking scheme in which more than one million computers may have been infected with adware and other malicious programs. The case is the biggest cybercrime case prosecuted so far in the Netherlands, said Desiree Leppens, spokesperson for the organized crime branch of the National Public Prosecution Service in Rotterdam. During a one.day trial that ended Tuesday, January 16, prosecutors showed how at least 50,000 computers were infected by the two defendants, who are 20 and 28 years old. Police have not released their names. The pair used a malicious program called "Toxbot," a worm that can be used to gain remote control of a computer and log keystrokes, prosecutors said.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9008286&source=rss_topic85

31. January 17, U.S. Computer Emergency Readiness Team — US.CERT Technical Cyber Security Alert TA07.017A: Oracle releases patches for multiple vulnerabilities. Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial.of.service. Systems Affected: Oracle Database; Oracle Application Server; Oracle HTTP Server (Apache); Oracle Identity Management; Oracle Enterprise Manager Grid Control; Oracle E.Business Suite; Oracle Collaboration Suite; Oracle PeopleSoft Enterprise PeopleTools; Oracle Life Sciences Applications (formerly Oracle Pharmaceutical Applications).
Solution: Apply the appropriate patches or upgrade as specified in the Critical Patch Update ..
January 2007. Note that this Critical Patch Update only lists newly corrected vulnerabilities.
Oracle Critical Patch Update: http://www.oracle.com/technology/deploy/security/critical.patch.updates/cpujan2007.html
Source: http://www.uscert.gov/cas/techalerts/TA07.017A.html

32. January 16, CNET News — Attack code out for 'critical' Windows flaw. Computer code that exploits a security vulnerability in Windows has been published on the Internet, making it more urgent for users of the operating system to patch. The attack code exploits a flaw in the way Windows handles Vector Markup Language, or VML, documents, which are used for a type of high.quality graphic on the Web. The bug lies in a Windows component called "vgx.dll" that supports these files. Microsoft provided a fix for the flaw last week with security bulletin MS07.004. At the time, the company warned that it had already seen limited cyberattacks exploiting the vulnerability. However, attack code hadn't been available publicly. On Tuesday, January 16, exploit code was published to a widely.read online security forum. Prior to the public posting of the exploit, other code that takes advantage of the flaw had been made available to users of a security testing tool made by Immunity. However, these attack blueprints are private, supplied to people who pay for the tool.
Source: http://news.com.com/Attack+code+out+for+critical+Windows+flaw/2100.1002_3.6150642.html

33. January 16, CNET News — Google plugs account hijack holes. Google has patched a cross.site scripting vulnerability in one of its Web.hosting services. If left unpatched, the cross.site scripting (XSS) vulnerability could have allowed hackers to modify third.party Google documents and spreadsheets and to view e.mail subjects and search history, according to the Google Blogoscoped blog. Philipp Lenssen, the author of Google Blogoscoped, a third.party site that comments on Google developments, said the vulnerability was similar to another in Blogger Custom Domains reported on Sunday night. "The security hole is connected to an update to a specific Google service which doesn't correctly defend against HTML injections," he said. According to Lenssen, the earlier Custom Domains vulnerability allowed another Google expert, Tony Ruscoe, to create a page that was hosted on a Google.com domain. Ruscoe was able to prove that he could have used code to steal a user's Google cookie and access their Google services. The second vulnerability, reported by Lenssen, would also have enabled a hacker to use JavaScript code to pass cookie data to an external source.
Source: http://news.com.com/Google+plugs+account+hijack+holes/2100.1002_3.6150578.html

34. January 16, CNET News — Persistent zombie attacks target Symantec corporate software. Symantec first dismissed the threat, but worm attacks that exploit a known security hole in the company's corporate antivirus tool are proving to be persistent. The attacks target computers running older versions of Symantec Client Security and Symantec AntiVirus Corporate Edition. Compromised systems are turned into remotely controlled zombies by the attacker and used to relay spam and other nefarious activities. Symantec's Norton consumer software is not affected. "What we have been seeing in December and in the last week and a half is related to new variants of Spybot," Vincent Weafer, senior director of Symantec Security Response, said Tuesday, December 16. "We had a couple of versions of Spybot that went nowhere, but these ones found a way to propagate more effectively." The Spybot variants break into computers through a known security hole in the widely used Symantec antivirus tools. When installed on a PC, Spybot opens a back door in the system and connects to an Internet Relay Chat server to let the remote attacker control the compromised computer. Spybot first surfaced in 2003 and has spawned many offshoots.
Source: http://news.com.com/Persistent+zombie+attacks+target+Symantec++corporate+software/2100.1002_3.6150560.html

35. January 16, CNET News — President signs pretexting bill into law. It's official: "pretexting" to buy, sell or obtain personal phone records .. except when conducted by law enforcement or intelligence agencies .. is now a federal crime that could yield prison time. President Bush on Friday, January 12, affixed his signature to the Telephone Records and Privacy Protection Act of 2006. The measure threatens up to 10 years behind bars to anyone who pretends to be someone else, or otherwise employs fraudulent tactics, to persuade phone companies to hand over what is supposed to be confidential data about customers' calling habits.
Source: http://news.com.com/President+signs+pretexting+bill+into+law/2100.1028_3.6150572.html