Daily Report Wednesday, January 31, 2007

Daily Highlights

The Associated Press reports an explosion leveled a gas station near a ski resort in West Virginia killing at least four people and seriously injuring at least nine others; a propane tank exploded just as a fire truck was pulling into the station in response to reports of a leak. (See item 2)
A Vermont state computer containing personal information such as names, Social Security numbers, and bank account information for 70,000 Vermonters has been hacked in an automated computer attack that puts their personal information at risk for misuse. (See item 7)
United Press International reports federal authorities are treating Super Bowl XLI in Miami on Sunday, February 4, as a Level 1 security event with measures far beyond other football games. (See item 39)

Information Technology and Telecommunications Sector

33. January 30, Sophos — Korean programmers arrested for sending 1.6 billion spam e.mails. Sophos has welcomed the arrests of two men suspected of being involved in one of South Korea's biggest spam incidents. The men, one aged 20 and the other 26.years.old, are alleged to have broken the law by sending out 1.6 billion spam e.mails between September and December 2006. South Korean authorities in Seoul claim that the duo, both computer programmers, obtained personal and financial information from 12,000 victims which they then sold to other firms. South Korea was revealed in Sophos' recent security report as the third.worst nation in the world for relaying spam.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/kore anspam.html

34. January 30, IDG News Service — Cingular, Priceline, Travelocity settle adware suit. Cingular Wireless, Priceline.com, and Travelocity.com have settled with New York State's attorney general after the state accused them of contributing to the spread of adware. The companies agreed to pay fines and take steps to help keep adware off users' PCs but did not admit guilt in the case. It marked the first time law enforcement had held advertisers responsible for ads delivered via adware, according to a statement by Attorney General Andrew Cuomo's office. DirectRevenue actually installed the adware.
Source: http://www.infoworld.com/article/07/01/30/HNcingularpricelin etravelocity_1.html

35. January 30, CNET News — Experts: Don't buy Vista for the security. Windows Vista is a leap forward in terms of security, but few people who know the operating system say the advances are enough to justify an upgrade. Microsoft officially launched Vista for consumers Tuesday, January 30. The software giant promotes the new operating system as the most secure version of Windows yet. It's a drum Microsoft has been beating for some time. Now that Vista is finally here, pundits praise the security work Microsoft has done. However, most say that is no reason to dump a functioning PC running Windows XP with Service Pack 2 and shell out $200 to upgrade to Vista. "As long as XP users keep their updates current, there's generally no compelling reason to buy into the hype and purchase Vista right away," said David Milman, chief executive of Rescuecom, a computer repair and support company. "Upgrading to Vista is pretty expensive, not only the new software but often new hardware as well," said Gartner analyst John Pescatore. "If you put IE 7 on a Windows XP SP2 PC, along with the usual third.party firewall, antiviral and antispyware tools, you can have a perfectly secure PC if you keep up with the patches."
Source: http://news.com.com/Experts+Dont+buy+Vista+for+the+security/2100.1016_3.6154448.html?tag=nefd.lede

36. January 30, CNET News — Spanish start.up promises free Wi.Fi for all. A small Spanish start.up called Whisher is thumbing its nose at U.S. broadband providers as it prepares to launch a new service that lets people share their broadband connections via Wi.Fi. "Either you believe in the user.generated revolution or you believe ISPs rule the world," said Ferran Moreno, co.founder and CEO of Whisher. "I believe ISPs don't rule the world and how the Internet works." Of course, there is one small snag in Moreno's utopian view of free Wi.Fi for everyone. In the U.S., it's illegal. Time Warner and other broadband providers such as Verizon Communications said it's rare that they have to take action against subscribers sharing their broadband service outside their home. But representatives from each company said that if illegal sharing persists, the company takes action, which could result in users getting their service cut off or even facing prosecution. So far, broadband providers have not come down hard on other companies proposing to build free Wi.Fi networks that cobble together networks using existing Wi.Fi hot spots. But this could be because these networks are still relatively new, and their service models require additional equipment.
Source: http://news.com.com/Spanish+start.up+Whisher+promises+free+Wi.Fi+for+all/2100.7351_3.6154438.html?tag=nefd.lede

37. January 30, Information Week — Organized malware factories threaten Internet users, study says. Spam, malware, phishing, and other forms of cyberattacks will likely increase in 2007 as more cyber.criminals organize into sophisticated manufacturing and distribution networks that mirror in structure the computer industry's legitimate production channels, according to a study released Monday, January 29. The study, authored by IBM, warns of the emergence of a so.called "exploits.as.a service" industry. "Managed exploit providers are purchasing exploit code from the underground, encrypting it so that it cannot be pirated, and selling it for top dollar to spam distributors," the report says. The industrialization of malware production will make it tougher for corporate IT security departments to stay ahead of the hackers, says an IBM researcher who helped author the study. "With this whole infrastructure that these criminal organizations are building they can not only target these attacks, they can build custom malware to be used against you. Meaning the probability of you being affected by a piece of malware no one has ever seen before is much higher today than it ever was before," says Gunter Ollmann, director of security strategy at IBM's Security Systems unit.
Report: http://www.iss.net/documents/whitepapers/X_Force_Exec_Brief. pdf
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=JSHY1CJG1SGRIQSNDLRCKHSCJUNN2JVN?articleID=197001739

38. January 29, CNET News — Net pioneer predicts overwhelming botnet surge. Internet pioneer Vint Cerf has warned high.powered attendees at the World Economic Forum in Davos, Switzerland, that the Internet is at serious risk from botnets. Vast networks of compromised PCs, used by criminals for sending spam and spyware and for launching denial.of.service attacks, are reported to be growing at an alarming rate in terms of their potential. Cerf, now an employee of Google, warned that they could undermine the future of the Internet and likened their spread to a pandemic. Cerf predicted that a quarter of all PCs currently connected to the Internet .. around 150 million .. could be infected by Trojans that covertly seize control of a computer and its broadband connection, handing control of both to criminals in remote locations. According to Mark Sunner, chief security analyst at MessageLabs, Cerf's words of warning are far from scaremongering and the picture is at least as serious as Cerf paints it.
Source: http://news.com.com/Net+pioneer+predicts+overwhelming+botnet+surge/2100.7348_3.6154221.html