Daily Report Thursday, February 1, 2007

Daily Highlights

The Los Angeles Times reports seven of the largest tunnels discovered under the U.S..Mexico border in recent years have yet to be filled in, raising concerns because smugglers have tried to reuse such passages before. (See item 17)
·
The Government Accountability Office has published a Special Report entitled, High.Risk Series: An Update, which included audits and evaluations that identify federal programs and operations that are high risk due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. (See item 25)
·
The Maryland Coordination and Analysis Center is one of about 20 state, local, or regional “intelligence fusion centers” that will gather representatives from law enforcement along with intelligence analysts and representatives from federal agencies to work under one roof. (See item 26)

Information Technology and Telecommunications Sector

29. January 31, SecurityFocus — Microsoft Word 2003 unspecified code execution vulnerability. Microsoft Word 2003 is prone to an unspecified remote code.execution vulnerability. Microsoft Word 2003 is confirmed vulnerable to an unspecified remote code.execution issue. Although it has not been confirmed, other versions of Microsoft Word/Office may be affected by the vulnerability. Note that this issue is distinct from the Microsoft Word 2000 unspecified code execution vulnerability. Currently, SecurityFocus is not aware of any vendor.supplied patches for this issue.
Source: http://www.securityfocus.com/bid/22328/discuss

30. January 31, Sophos — Dorf malware storms the top ten chart. Sophos has revealed the most prevalent malware threats and e.mail hoaxes causing problems for computer users around the world during January 2007. The figures show that the recently discovered Dorf malware has had a massive impact on computer users worldwide, rampaging to the top of the monthly malware threat chart and accounting for almost 50 percent of all malware seen during January. The Dorf malware was aggressively spammed out posing as breaking news of deaths caused by stormy European weather during January. Later in the month the authors changed tack and launched a further campaign disguising the malware as a romantic e.mail greeting card. Elsewhere in the top ten, the Netsky, Mytob and Stratio malware remain rooted in second, third and fourth place respectively, between them accounting for one third of all malware reports. View source for full report.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/topt enjan07.html

31. January 31, IDG News Service — U.S. government does poorly in cybersecurity. The Cyber Security Industry Alliance (CSIA) has given the U.S. government D grades on its cybersecurity efforts in 2006, and renewed its call for the Congress to pass a comprehensive data protection law in 2007. The CSIA, a trade group representing cybersecurity vendors, gave the U.S. government D grades in three areas: security of sensitive information, security and reliability of critical infrastructure, and federal government information assurance. In addition to a comprehensive data protection bill, CSIA called for the U.S. government to strengthen the power of agency chief information officers and called on agencies to increase testing of cybersecurity controls.
Report: https://www.csialliance.org/resources/pdfs/CSIA_06Report_07A genda_US_Govt.pdf
Source: http://www.infoworld.com/article/07/01/31/HNlowcybergrades_1 .html

32. January 30, IDG News Service — Porn marketer settles spam charges with FTC. An Internet.based provider of sexually explicit entertainment has agreed to pay a $465,000 civil penalty for sending unwanted e.mail, the U.S. Federal Trade Commission (FTC) announced Tuesday, January 30. The settlement with TJ Web Productions is the fifth after the FTC announced a crackdown on sexually explicit e.mail spam in July 2005, when the agency charged seven companies with violating a U.S. law requiring warning labels on sexually explicit e.mail. Sexually explicit e.mails sent by TJ Web affiliates have been "widely distributed" since May 2004, according to an FTC complaint.
Source: http://www.infoworld.com/article/07/01/30/HNpornspamcharges_ 1.html

33. January 26, NewScientist — Mysterious source jams satellite communications. Paris.based satellite company Eutelsat is investigating "unidentified interference" with its satellite broadcast services that temporarily knocked out several television and radio stations. The company declined to say whether it thought the interference was accidental or deliberate. The problem began Tuesday afternoon, January 23, blocking several European, Middle East and northeast African radio and television stations, as well as Agence France.Presse's news service. All transferred their satellite transmissions to another frequency to resume operations. Theresa Hitchens of the Center for Defense Information think.tank in Washington, DC, says there have been cases of deliberate satellite jamming in the past, but it is hard to see what motivation there would be in this instance. "It's really puzzling to me," she said. "If it was accidental, why would they be so secretive about saying what the source was and if it's deliberate, you've got to wonder why .. it just seems to me to be an odd target..." she says.
Source: http://space.newscientist.com/article/dn11033.mysterious.source.jams.satellite.communications.html