Daily Report Monday, January 29, 2007

Daily Highlights

The Associated Press reports safety experts say that determining what caused an Indonesian jetliner, a Boeing 737, to plunge into the sea with 102 people on board is important for global aviation safety in case there are structural problems with the world's most popular aircraft. (See item 17)
The Department of Transportation has released a manual that will help airlines, airports, and local governments prepare to stop the introduction of emerging diseases and to recognize and control pandemic outbreaks before they have a widespread impact on public health. (See item 19)
The University of Arkansas reports an interdisciplinary team of researchers has developed a portable biosensor for in.field, rapid screening of avian influenza virus that detects the avian influenza strain H5N1 in poultry in less than 30 minutes. (See item 33)

Information Technology and Telecommunications Sector

40. January 26, InfoWorld — Symantec warns of new zero.day Word attack. Hackers are exploiting a new, unpatched vulnerability in Microsoft Word that could allow them to take control of a victim's computer, Symantec has warned. The zero.day vulnerability is the fourth in Microsoft's widely used Word 2000 software that has not yet been patched, the security company said in its Security Response Weblog. This vulnerability one affects most versions of Windows running Word, Symantec's advisory said. The attack comes via an infected Word document, a method increasingly used by hackers for targeted attacks. If the document is opened, it installs a Trojan horse program, called Trojan.Mdropper.W, onto the computer. The Trojan also puts other files on a computer that enable a hacker to control it.
Symantec Advisory: http://www.securityfocus.com/bid/22225/info
Source: http://www.infoworld.com/article/07/01/26/HNnewwordzerodayat tack_1.html

41. January 26, VNUNet — Flaw found in PGP Desktop encryption tool. Users of the popular PGP Desktop encryption tool are being urged to upgrade to the latest version of the software after the discovery of a flaw in the code. The flaw exists in the Windows Service which PGP Desktop installs, and could be used by any local or remote user to run code with escalated privileges. Vulnerability testers NGS Software rated the flaw as a "medium risk" and said that it affects versions of the software earlier than PGP Desktop 9.5.1. The company does not yet have a workaround and is urging all PGP Desktop users to upgrade as a matter of urgency.
Source: http://www.vnunet.com/vnunet/news/2173564/flaw.found.pgp.enc ryption

42. January 25, University of New Hampshire — UNH unveils Cyber Threat Calculator. Hackers, terrorists and nations all use computers, but who really is capable of damaging U.S. critical infrastructure? The University of New Hampshire (UNH) Thursday, January 26, unveiled the UNH Cyber Threat Calculator, which assesses the level of threat any attacker poses to specific sectors in the country that rely on information technology. The UNH Cyber Threat Calculator was developed by researchers at UNH Justiceworks and students, and offers a new method to identify and quantify the threats posed to the United States’ cyber infrastructure. To determine the overall threat level, analysts enter data for a particular organization or country into the calculator, which assigns a value to variables that measure the actor’s intent and technological capabilities. These variables assess the actor’s intent to use cyber warfare means, as well as its technical capabilities to put such means into practice. The higher number assigned to a possible attacker by the calculator, the greater the threat.
Source: http://www.unh.edu/news/cj_nr/2007/jan/lw25cyber.cfm

43. January 25, eWeek — Apple ships Airport security update. Apple on Thursday, January 25, shipped an Airport security update to fix a kernel panic issue that could allow attackers to cause system crashes. The company's fix comes almost two months after the issue was first flagged in the Month of Kernel Bugs project in November 2006. Apple credited the anonymous researcher known only as L.M.H. for reporting the issue. This comes one day after the release of a QuickTime update to fix a flaw exposed by L.M.H., but in that instance Apple did not acknowledge the controversial researcher.
Airport Update: http://docs.info.apple.com/article.html?artnum=305031
Source: http://www.eweek.com/article2/0,1895,2087724,00.asp

44. January 25, eWeek CA predicts more attacks on experienced users. The continued rise of IT threats that seek to trick even the most careful PC users ranks among the top issues highlighted by software maker CA in its latest online security research report. Published on Thursday, January 25, the 2007 Internet Threat Outlook highlights the most pressing online security trends projected to have an impact over the next 12 months. According to CA, malware writers will continue to blend multiple threat formats and utilize new, covert distribution methods in 2007, making it harder for even the most informed users to discern the difference between legitimate content and attacks. CA said malware brokers will continue to piece together threats such as Trojan horse viruses, worms and the many forms of spyware to hide their attacks and evade technological defenses. With the level of professionalism rising quickly among the most sophisticated virus distributors, CA predicts that zero.day exploits, drive.by malware downloads and extremely intricate phishing schemes will continue to become more dangerous and harder to detect. Of particular danger to PC users will be blended threats that combine different elements of the various attack models, such as spam.borne Trojans and cross.site scripting code loaded onto legitimate Websites.
Report: http://www3.ca.com/Files/SecurityAdvisorNews/ca_2007_internet_threat_outlook_final.pdf
Source: http://www.eweek.com/article2/0,1895,2087584,00.asp

45. January 25, IDG News Service — Half of pirated Vista is malware. About half of the downloads claiming to be free versions of Microsoft's Vista operating system are actually malicious Trojan horse software, security vendor DriveSentry warned Thursday, January 25. With Vista's consumer launch just days away, hackers have been bombarding discussion boards with offers of "cracked" versions of Windows Vista, which are typically being distributed on peer.to.peer networks, said John Lynch, vice president of sales and marketing for DriveSentry. These posts offer downloads of the operating system that skip Vista's activation process, created by Microsoft to prevent users from running illegal copies. Users who fall for the scam can end up with some pretty nasty problems, according to Lynch. DriveSentry researchers have found malicious key.logging software and spyware on about half of the downloads it has examined recently, he said.
Source: http://www.infoworld.com/article/07/01/25/HNpiratedvista_1.h tml