Daily Report Friday, February 2, 2007

Daily Highlights

CNN reports more than 500 flights at the Atlanta and Charlotte airports were canceled as wintry weather brought rain, sleet, and freezing rain across North Georgia and into the Carolinas early Thursday, February 1; freezing rain is expected to develop in the Washington metro area Thursday night. (See item 10)
Reuters reports experts have called for closer study of less lethal strains of the H5N1 bird flu virus because they might be more likely candidates to spark an influenza pandemic. (See item 21)
The Beacon News reports Kane County in Illinois is implementing an emergency telephone notification system that calls the public with a pre.recorded message providing vital information during an emergency and is capable of dialing up 60,000 residents per hour. (See item 27)

Information Technology and Telecommunications Sector

29. February 01, IDG News ServiceCalifornia police arrest 'mid.level' software pirate. California police arrested a man on Tuesday, January 30, who allegedly sold illegally copied Microsoft and Adobe Systems software on the Internet for seven years, netting him an estimated $750,000. Gad Zamir, 64, of Menifee, CA, was arrested after an eight.month investigation. Police said they found 15 computers, $13,000 in cash, and software valued at $283,000 in Zamir's home, calling it a "mid.level" piracy operation.
Source: http://www.infoworld.com/article/07/02/01/HNcaliforniaarrest spirate_1.html

30. February 01, Reuters — Piracy worked for us, Romania president tells Gates. Pirated Microsoft Corp. software helped Romania to build a vibrant technology industry, Romanian President Traian Basescu told the company's co.founder Bill Gates on Thursday, February 1. Basescu was meeting the software giant's chairman in Bucharest to celebrate the opening of a Microsoft global technical center in the Romanian capital. "Piracy helped the young generation discover computers. It set off the development of the IT industry in Romania," Basescu said during a joint news conference with Gates. Former communist Romania, which has just joined the European Union, introduced anti.piracy legislation 10 years ago but copyright infringements are still rampant. Experts say some 70 percent of software used in Romania is pirated.
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=N13BVLXSC5OXEQSNDLRCKHSCJUNN2JVN?articleID=197002479

31. February 01, Register (UK) — 'Contact us' attack takes out mail servers. The "contact us" feature on many Websites is often insecure and makes it easy to launch denial.of.service attacks on corporate mail servers, according to UK.based security consultancy SecureTest. The "contact us" feature is usually a form that allows surfers to submit comments to the people running a Website. According to SecureTest, these forms can be used to launch denial.of.service attacks through endemic security weaknesses that have largely been overlooked. The significance of the attack varies, depending on whether or not firms host their Websites internally. Even sites hosted by third parties can still be vulnerable to denial.of.service attack through misuse of Web.based forms, but the risk is probably the worst for firms that cost their own systems.
Source: http://www.theregister.co.uk/2007/02/01/web_form_dos_risk/

32. January 31, Information Week — Microsoft challenges newest Word zero.day. Microsoft on Wednesday, January 31, disputed a security company's claim that a fifth unpatched vulnerability in Microsoft Word was being actively exploited by criminals. On Tuesday, Symantec notified users it had multiple exploit samples that represented new targeted attacks using a zero.day bug in Word 2003. In a warning sent to customers of its DeepSight threat management service, Symantec said that the attacks were "exploiting a previously undocumented and currently unpatched vulnerability." Opening a malformed Word 2003 document triggers the vulnerability, which then allows the exploit .. a form of the Mdropper.x Trojan horse .. to inject several malicious files onto the PC. Microsoft said Wednesday afternoon, however, that its research came to a different conclusion. "Microsoft's initial investigation shows that this is not a new vulnerability but a duplicate of an already known
issue" first reported in mid.December, a company spokesperson said in an e.mail.
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=2FQTVPUVKXX0MQSNDLRCKHSCJUNN2JVN?articleID=197002350

33. January 31, CNET News — Dutch botnet hackers sentenced to time served. A Dutch court on Tuesday, January 30, sentenced two hackers to prison for breaking into millions of computers worldwide and using the hijacked systems in online crimes. The lead perpetrator was sentenced to two years in prison and the accomplice to 18 months, the Dutch public prosecution service said in a statement. Part of each sentence is probationary. In both cases the sentences equal the time the two young men have already served, meaning they don't have to spend any more time in prison. In addition to the prison sentences, the court ordered the main hacker to pay an $11,700 fine, while the second hacker was ordered to pay $5,200. The court found the pair responsible for commandeering millions of computers last year with a Trojan horse called Toxbot. They used the hijacked systems in a network, popularly called a botnet, to steal credit card numbers and other personal data, and to blackmail online businesses by threatening to take down their Websites.
Source: http://news.com.com/Dutch+botnet+hackers+sentenced+to+time+served/2100.7348_3.6155251.html?tag=nefd.top