Daily Report Friday, February 9, 2007

Daily Highlights

USA TODAY reports the U.S. government is asking foreign countries to allow pilots to carry guns in the cockpit when they fly overseas, trying to expand a four−year−old program that allows thousands of pilots to carry guns on domestic flights. (See item 17)
·
The Transportation Security Administration said Wednesday, February 7, that the nation's 43,000 airport security screeners will now receive notices and photos of abducted children as part of the AMBER Alert network's quest to find missing people. (See item 22)
·
The Department of Homeland Security has announced the establishment of the National Advisory Council, which is being created to advise the Administrator of the Federal Emergency Management Agency on all aspects of emergency management in an effort to ensure close coordination with all involved. (See item 36)

Information Technology and Telecommunications Sector

37. February 08, eWeek — Botnet stalkers share takedown tactics at RSA. A pair of security researchers speaking at the ongoing RSA Conference Wednesday, February 7, demonstrated their techniques for catching botnet operators who use secret legions of infected computers to distribute malware programs and violent political propaganda. The botnet experts, both of whom are employed by anti−malware software maker FaceTime Communications, detailed how they identified and pursued individuals believed to be responsible for running a pair of sophisticated botnet schemes, which have been subsequently shut down or significantly scaled back. Addressing a packed room of conference attendees, Chris Boyd and Wayne Porter offered a rare inside glimpse into the world of botnet herders, which the researchers entered by hanging out on the shady online bulletin boards and chat relays where the schemers meet to share the tricks of the trade and their malware programs. By luring the prolific scammers to offer details about their work, and spying on the criminals, the researchers claim to have pieced together the identities of several of the unsavory individuals and helped take down their networks of subverted machines.
Source: http://www.eweek.com/article2/0,1895,2092435,00.asp

38. February 08, Information Week — Polycom boosts Wi−Fi voice effort with SpectraLink acquisition. Polycom reported that it will acquire SpectraLink for $220 million in cash in a move that will bolster Polycom's drive into the nascent voice over Wi−Fi market. The addition of SpectraLink will boost Polycom's ability to provide fixed and mobile telecommunications products covering voice, video, and data over desktop and mobile environments.
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=4MG1IA020SCFCQSNDLOSKH0CJUNN2JVN?articleID=197004389

39. February 08, SecurityFocus — US−CERT: Companies increasingly reporting attacks. Corporate America is getting better about telling the U.S. government about serious security incidents, according to an official from the Department of Homeland Security (DHS). In 2006, companies, universities and government agencies reported 23,000 incidents to the U.S. Computer Emergency Readiness Team (US−CERT), up from 5,000 reported in 2005, Jerry Dixon, deputy director of the DHS's National Cyber Security Division, said at the RSA Security Conference on Wednesday, February 7. So far, in the first quarter of 2007, more than 19,000 incidents have been reported to US−CERT, Dixon said. "Increasingly, the private sector is reporting these incidents," Dixon said. "We are getting a much better picture than what we use to get at the DHS."
Source: http://www.securityfocus.com/brief/430

40. February 07, eWeek — Symantec spots exploit for Excel zero−day flaw. Symantec has uncovered malicious code that could exploit Microsoft's newest zero−day vulnerability. Wednesday, February 7, on Security Response Weblog, Symantec revealed the exploit, which could drop a back−door Trojan onto an infected system. The exploit "may enable an attacker to gain remote access to your computer," wrote Amado Hidalgo in the blog post. The malicious code "appears to be exploiting a bug on MSO.DLL," which is an Office shared library, Hidalgo wrote. In a security bulletin issued on February 2, Microsoft warned that "other Office applications are potentially vulnerable" to the zero−day flaw. Symantec has only seen code that exploits Excel. The exploit actually uses two different Trojans. The first, Trojan.Mdropper.Y, drops the second, Backdoor.Bias. Symantec has released patches for both Trojans. A signature update for the first one was issued Wednesday. "Fully patched versions of Office 2000, XP and 2003 appear to be vulnerable to this exploit," Hidalgo wrote.
Symantec blog: http://www.symantec.com/enterprise/security_response/weblog/2007/02/latest_office_zeroday_vulnerab.html
Source: http://www.eweek.com/article2/0,1895,2091695,00.asp

41. February 07, CNET News — Two flaws found in Firefox. A security company has reported two new flaws in the Mozilla Firefox browser that may leave locally saved files vulnerable to outside attacks. Both flaws were announced by SecuriTeam, a division of Beyond Security, this week. The first flaw lies in Firefox's pop−up blocker feature, according to a SecuriTeam statement on Monday, February 5. The browser typically does not allow Websites to access files that are stored locally, according to the official report, but this URL permission check is superseded when a Firefox user has turned off pop−up windows manually. As a result, an attacker could use this flaw to steal locally stored files and personal information that might be stored in them. The second flaw, announced by SecuriTeam on Wednesday, concerns Firefox's phishing protection feature. With this vulnerability, an adept phisher could fool the browser into believing that a fraudulent site is actually secure by adding particular characters into the URL of its Website. The phishing flaw does appear to apply to the current 2.0.0.1 version of Firefox.
Popup blocker flaw advisory: http://www.securiteam.com/securitynews/5JP051FKKE.html
Phishing flaw advisory: http://www.securiteam.com/securitynews/5MP0320KKK.html
Source: http://news.com.com/Two+flaws+found+in+Firefox/2100−1002_3−6 157307.html