Daily Report Thursday, February 15, 2007

Daily Highlights

The Associated Press reports snow and ice coated streets Wednesday, February 14, as a blizzard shut down schools, highways, and air travel across the Northeast, and left 300,000 homes and business without electrical power. (See item 3)
The Associated Press reports two baggage handlers working for Menzies Aviation at Seattle−Tacoma International Airport have been arrested and fired in suitcase thefts that included laptop computers, video cameras, and DVDs. (See item 10)
All Headline News reports a mysterious ailment, called the Colony Collapse Disorder, is killing the nation's honeybees that are necessary to pollinate most of the food crops, as well as pollinating plants in home and public gardens. (See item 21)
InformationWeek reports Microsoft is warning customers that the switch to early daylight savings time on March 11 isn't accounted for in a number of its products, and that users will need to update their software to avoid potential problems. (See item 33)

Information Technology and Telecommunications Sector

33. February 14, InformationWeek — Microsoft issues warning on daylight−savings time software flaw. Microsoft is warning customers that the switch to early daylight savings time this year isn't accounted for in a number of its products, including Windows XP, and that users will need to update their software to avoid potential problems. U.S. daylight savings time will start on March 11, this year −− three weeks earlier than usual. The change was authorized by the U.S. Energy Policy Act of 2005, but Microsoft says its Y2K−like implications mean computer users need to parry like its 1999. "Unless certain updates are applied to your computer, it is possible that the time zone settings for your computer's system clock may be incorrect during this four week period," the software maker said in a statement issued Tuesday, February 13. That could lead to all kinds of problems, from calendaring applications not working properly to key, automated processes not taking place on time. Microsoft said the fix is already built into Windows Vista and Office 2007, but that earlier operating systems and applications could be hit by the problem. As of Tuesday, the company had released an update for Windows XP SP2 users via its Automatic Updates service.
Microsoft statement: http://support.microsoft.com/gp/dst_homeuser#affected
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=VORJ0BAAN1KVYQSNDLPSKHSCJUNN2JVN?articleID=197006039

34. February 14, VNUNet — Valentine worm spreading fast. Security experts warned Wednesday, February 14, that a "widespread worm" posing as a Valentine's greeting is spreading fast across the Internet. Dref−AB was deliberately spread so that office workers and home computer users found the malicious e−mail in their inbox first thing Wednesday morning. Since midnight GMT Dref−AB has accounted for 76.4 percent of all malware sighted at Sophos. Subject lines used in the attack are many and varied, but all pose as a romantic message. The worm is attached to the e−mails in files called "flash postcard.exe," "greeting postcard.exe," "greeting card.exe," or "postcard.exe."
Source: http://www.vnunet.com/vnunet/news/2183228/valentine−worm−spr eading−fast

35. February 13, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−044A: Microsoft updates for multiple vulnerabilities. Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Office, Works, Malware Protection Engine, Visual Studio, and Step−by−Step Interactive Training as part of the Microsoft Security Bulletin Summary for February 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Some of the updates released for Microsoft Office address vulnerabilities that are actively being exploited. For more information, refer to the following Vulnerability Notes:
Solution: Microsoft has provided updates for these vulnerabilities in the February 2007 Security
Bulletins. The Security Bulletins describe any known issues related to the updates. Note any
known issues described in the Bulletins and test for any potentially adverse effects in your
environment. System administrators may wish to consider using an automated patch
distribution system such as Windows Server Update Services:
http://www.microsoft.com/windowsserversystem/updateservices/ default.mspx
Microsoft February 2007 Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms07−feb. mspx
Source: http://www.uscert.gov/cas/techalerts/TA07−044A.html

36. February 13, InformationWeek — Cisco warns of multiple IOS vulnerabilities. Cisco Systems announced on Tuesday, February 13, that there are several vulnerabilities in the Intrusion Prevention System (IPS) feature set of its Internetwork Operating System (IOS). Fragmented IP packets may be used to evade signature inspection, according to a warning on Cisco's Website. It also warned that the IPS signatures using the regular expression feature of the Atomic.TCP signature engine may cause a router to crash, resulting in a denial−of−service.
Cisco Security Advisory: http://www.cisco.com/warp/public/707/cisco−sa−20070213−iosips.shtml
Source: http://www.informationweek.com/showArticle.jhtml;jsessionid=VORJ0BAAN1KVYQSNDLPSKHSCJUNN2JVN?articleID=197005905&articleId=197005905

37. February 13, SecurityFocus — Old Firefox, IE flaw remains unfixed. Security researchers discovered that both Mozilla's Firefox and Microsoft's Internet Explorer Web browsers fail to securely handle keystrokes entered by the user, potentially allowing an attacker the ability to download files. The design flaws, which resemble issues found in June 2006 and as far back as 2000, allow certain keystrokes to be sent to a different application as long as the attacker can convince the user to type the appropriate characters. Attackers could use typing−intensive tasks such as keyboard−based games and comment fields to collect a user's input and send the appropriate keystrokes to a hidden application. "The vulnerability allows the attacker to silently redirect focus of selected key press events to an otherwise protected file upload form field," researcher Michal Zalewski, who discovered the most recent issues, stated in a post to the Full disclosure security mailing list on Sunday, February 11. "This is possible because of how onKeyDown [and] onKeyPress events are handled, allowing the focus to be moved between the two. If exploited, this enables the attacker to read arbitrary files on victim's system." The issue appears to affect versions 1.5 and 2.0 of Firefox and versions 5.0, 5.5, 6 and 7 of Internet Explorer.
Source: http://www.securityfocus.com/brief/433