Daily Report Friday, January 26, 2007

Daily Highlights

Business Week reports the Massachusetts Bankers Association says customer data stolen by computer hackers from TJX Cos. has been used to make fraudulent debit card and credit card purchases in the United States and overseas. (See item 9)
The Associated Press reports a leading Olympic security expert believes it is 'just a matter of time' before terrorists target a major sports event, and that spectators should be screened before they get to the event location. (See item 34)

Information Technology and Telecommunications Sector

30. January 24, U.S. Computer Emergency Readiness Team — US.CERT Technical Cyber Security Alert TA07.024A: Cisco IOS is affected by multiple vulnerabilities. Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial.of.service. Systems Affected: Cisco network devices running IOS in various configurations. Cisco has published three advisories describing flaws in IOS with various security impacts, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Although the resulting impacts of these three vulnerabilities is slightly different, in two of the vulnerabilities, a remote attacker could cause an affected device to reload the operating system.
Solution: Cisco has updated versions of its IOS software to address these vulnerabilities. Please
refer to the "Software Versions and Fixes" sections of the following Cisco Security Advisories
for more information on upgrading:
Crafted TCP Packet can cause denial.of.service:
http://www.cisco.com/warp/public/707/cisco.sa.20070124.craft ed.tcp.shtml
Crafted IP option vulnerability:
http://www.cisco.com/warp/public/707/cisco.sa.20070124.craft ed.ip.option.shtml
IPv6 routing header vulnerability:
http://www.cisco.com/warp/public/707/cisco.sa.20070124.IOS.I Pv6.shtml
Cisco has also published practical workarounds for these vulnerabilities. Please refer to the
"Workarounds" section of each Cisco Security Advisory for more information. Sites that are
unable to install an upgraded version of IOS are encouraged to implement these workarounds.
Source: http://www.uscert.gov/cas/techalerts/TA07.024A.html

31. January 24, eWeek — The zero.day dilemma. The recent surge in malware attacks against zero.day flaws in some of the most widely used software packages is confirmation of an IT administrator's worst nightmare: Stand.alone, signature.based anti.virus software offers no protection from sophisticated online criminals. During 2006, there was a wave of zero.day attacks against Microsoft Office applications that bypassed all anti.virus protection at the network and desktop level. Because traditional anti.virus technology depends on the ability to quickly capture malware samples, reverse the code for the specific characteristics, and then write and release detection signatures, the zero.day attack presents a major dilemma. "Signatures have been dead for a long time now," said Roger Thompson, an anti.virus pioneer who now runs the Atlanta.based Exploit Prevention Labs. "[Attackers] use new packers or tweak their code so that it's different enough to bypass signatures for a short while. By the time you get a signature out, it's too late. They've already hit enough targets." The death of stand.alone, signature.driven anti.virus software has forced incumbent security software vendors to reshape their product lineups.
Source: http://www.eweek.com/article2/0,1895,2087034,00.asp

32. January 24, CNET News — Competition planned for new crypto standards. The National Institute of Standards and Technology (NIST) is planning a public competition to develop one or more cryptographic "hash" algorithms, it said Tuesday, January 23. Such algorithms are widely used by the federal government and others in applications such as digital signatures and message authentication. However, the current cryptographic standards are under continued attack, weakening their security. "Because serious attacks have been reported in recent years against cryptographic hash algorithms, including SHA.1, NIST is preparing the groundwork for a more secure hash standard," the organization, a federal agency within the U.S. Commerce Department's Technology Administration, said on its Website. Any newly approved algorithm is meant for federal use or to revise the current Secure Hash Standard, NIST said on its site.
For more information: http://www.csrc.nist.gov/pki/HashWorkshop/index.html
Source: http://news.com.com/Competition+planned+for+new+crypto+standards/2100.1029_3.6152936.html

33. January 24, VNUNet — Wikipedia shuts out link spammers. Wikipedia has started to instruct search engines to ignore links on its pages which point to external Websites. The user.created encyclopedia has started to include "nofollow" tags in all external links. This prevents the links from being spidered by search engines, or used to determine a Website's popularity by mechanisms such as Google's PageRank. Wikipedia took the action in response to a search engine optimization contest in which Webmasters were challenged to gain the highest ranking with major search engines for the query "Global warming awareness 2007." One of the contestants created a spam entry on Wikipedia which included a link to his own Webpage. The "nofollow" tag was first introduced by companies providing blogging services in an effort to curb the flow of spam links in comments on blogs.
Source: http://www.vnunet.com/vnunet/news/2173254/wikipedia.shuts.li nk.spammers