Daily Report Tuesday, February 13, 2007

Daily Highlights

Johns Hopkins −− which comprises Johns Hopkins University and Johns Hopkins Hospital in Baltimore −− disclosed that it has lost the personal data on roughly 52,000 employees and 83,000 patients. (See item 10)
The U.S. Postal Inspection Service is working with law enforcement agents from the FBI and ATF, as well as local and state agencies, to investigate two explosive devices sent to financial institutions since January 31, and has its own employees nationwide on high alert to identify suspicious packages. (See item 14)
The Associated Press reports thousands of people were evacuated from a Spokane mall Sunday afternoon, February 11, after noxious fumes of unknown origin sickened people inside. (See item 34)

Information Technology and Telecommunications Sector

26. February 12, IDG News Service — China and Russia top list of worst copyright violators. China and Russia are the two worst foreign infringers of U.S. software and music copyrights and they should remain on the U.S. government's priority watch list, a group representing the software, music, books, and movie industries said Monday, February 12. The International Intellectual Property Alliance (IIPA) put out the figures as part of its recommendations to the U.S. Trade Representative. China topped all rivals on the IIPA most−wanted list by pumping out $2.21 billion worth of pirated goods last year, mainly business software, according to IIPA figures. Russia ran a close second at $2.18 billion, it said.
Source: http://www.infoworld.com/article/07/02/12/HNworstcopyrightvi olators_1.html

27. February 12, InformationWeek — Penn State researchers develop new worm−stopping technology. Researchers at Penn State University say they have developed anti−malware technology that can identify and contain worms in milliseconds rather than minutes −− greatly limiting how far they spread and how much damage they cause. The new technology focuses on analyzing packet rate and frequency of connections, rather than signature or pattern identification, according to a release from Penn State. "A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the system. Penn State researchers assert that because many security technologies focus on signature or pattern identification for blocking worms, they cannot respond to new attacks fast enough, allowing worms to exploit network vulnerabilities.
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=MIRYBBI1UOICGQSNDLRCKH0CJUNN2JVN?articleID=197005266

28. February 12, InformationWeek — SANS warns of 'major zero−day' bug in Solaris. The SANS Institute is warning of a zero−day bug in Sun's Solaris 10 and 11 Telnet that allows hackers to easily gain remote access to the computes running the operating systems. The vulnerability −− called a "major zero−day bug" −− has been verified, according to a release on the SANS' Internet Storm Center Website. The problem lies in the way Telnet, which is a network protocol, uses parameters during the authentication process, says Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Storm Center. Ullrich says that by simply adding what he calls a "trick" or simple text to the telnet command, the system will skip asking for a user name and password. No exploit needs to be downloaded. Every Solaris 10 and 11 system is at risk. If the systems are installed out of the box, they automatically come Telnet enabled. Storm Center analysts are recommending that Telnet be disabled on the Solaris systems.
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=MIRYBBI1UOICGQSNDLRCKH0CJUNN2JVN?articleID=197005178

29. February 12, Sophos — Valentine's spammers face a harder sell. In the run−up to Valentine's Day, Sophos has reported seeing a rise in the number of spam campaigns selling romantic gifts such as jewelry, chocolate and lingerie. However, a new Sophos poll reveals that just five percent of computer users now admit to purchasing goods sold via spam, compared to nine percent this time last year. According to Sophos, many of the Valentine's Day themed campaigns make use of graphics embedded in the regular e−mail text. This type of image spam, most often used for promoting stock pump−and−dump scams or medication, is popular with spammers thanks to its ability to bypass anti−spam filters that scan text content only.
Source: http://www.sophos.com/pressoffice/news/articles/2007/02/vale ntine.html

30. February 09, Federal Computer Week — Attack by Korean hacker prompts DoD cyber debate. The Department of Defense (DoD) computer networks are probed and attacked hundreds of time each day. But a recent attack on the civilian Internet is causing DoD officials to re−examine whether the policies under which they fight cyber battles are tying their hands. “This is an area where technology has outstripped our ability to make policy,” said Air Force Gen. Ronald Keys, Commander of Air Combat Command. “We need to have a debate and figure out how to defend ourselves.” Unlike in the war on terror, DoD can’t go after cyber attackers who plan or discuss crimes until they act, Keys said. Websites in other countries are beyond DoD's reach, he added. “If they’re not in the United States, you can’t touch 'em.” Keys said it would probably take a cyber version of the 9/11 attacks to make the U.S. realize that barriers to action in cyberspace should be re−evaluated.
Source: http://www.fcw.com/article97645−02−09−07−Web

31. February 09, CNET News — Price of cybercrime tools shrinks. It's becoming cheaper and easier to get hold of the tools needed to launch a cybercrime attack, according to security company RSA. Jens Hinrichsen, the company's product marketing manager for fraud auction, said Thursday, February 8, that RSA has been monitoring the Websites and ICQ channels where malicious hackers and cybercriminals interact. These sites allow participants to share feedback and even review one another's products. Addressing an audience at the RSA Conference 2007, Hinrichsen showed several screengrabs to illustrate that the prices being asked for hacking tools have been dropping, with many participants embracing volume discounts and other incentives. One example was a post offering a "Super Trojan," which could be used to install malicious code on a victim's PC, for $600.
Source: http://news.com.com/Price+of+cybercrime+tools+shrinks/2100−7349_3−6158025.html