Daily Report Thursday, February 22, 2007

Daily Highlights

SC Magazine reports phishers are using Google Maps and IP addresses in a new social engineering attack for committing identity theft, targeting customers with Bank of America accounts in the United States and account holders with other financial institutions in Australia and Germany. (See item 8)
The Department of Homeland Security has announced the launch of the Traveler Redress Inquiry Program, which allows travelers to seek redress and resolve possible watch list misidentification issues with any of the department’s component agencies at an easy to use and easy to access online location. (See item 14)

Information Technology and Telecommunications Sector

February 21, US−CERT — Multiple vulnerabilities in Trend Micro ServerProtect. US−CERT is aware of multiple stack−based buffer overflow vulnerabilities in the Trend Micro ServerProtect "stcommon.dll" and "eng50.dll" modules. Exploitation of these vulnerabilities may allow execution of arbitrary code with SYSTEM privileges.
US−CERT recommends users apply the ServerProtect 5.58 for Windows Security Patch 1−
Build 1171 patch as soon as possible: http://www.trendmicro.com/download/product.asp?productid=17
Trend Micro Vulnerability Response: http://esupport.trendmicro.com/support/viewxml.do?ContentID= EN−1034290
NVD Vulnerability Summary CVE−2007−1070: http://nvd.nist.gov/nvd.cfm?cvename=CVE−2007−1070
Source: http://www.us−cert.gov/current/current_activity.html#tmbofs

29. February 21, CRN — Google Desktop vulnerability fixed. Google has fixed a serious vulnerability in its popular Google Desktop software that could allow remote attackers to access confidential data and gain full control over affected PCs. Google Desktop, which extends Google's Web search and indexing functions to local PC hard drives, is susceptible to a cross−site scripting attack (XSS) because of its failure to properly encode output data, according to researchers at security vendor Watchfire, which discovered the flaw in January. Google issued a fix for the vulnerability soon after being notified by Watchfire, and users are being automatically updated with the patch, according to a Google spokesperson. Although Google has fixed this XSS vulnerability, the fact that the online and offline connection with Google Desktop still exists means that the software could still be vulnerable, according to said Mike Weider, CTO of Watchfire.
Original report: http://www.watchfire.com/news/releases/02−21−07.aspx
Source: http://www.crn.com/sections/breakingnews/dailyarchives.jhtml ?articleId=197007769

30. February 21, SC Magazine — Microsoft takes down malicious MSN Messenger banner advertisements. Banner advertisements that install malware onto the user's computer were left unnoticed for several days on the MSN Messenger service, according to researchers. The advertisements appear to promote a security application, known as Winfixer or ErrorSafe−−said to identify and repair threats and other computer problems. The malware is downloaded and installed onto the user’s machine without their authorization and announces fake security warnings to entice the recipient into buying a licensed copy of the product, according to security analysts. Microsoft has now acknowledged the problem and removed the advertisements, which were displayed in the contacts panel in its instant messaging program.
Source: http://scmagazine.com/us/news/article/634699/microsoft−takes−down−malicious−msn−messenger−banner−advertisements/

31. February 20, Government Computer News — Many unknowns remain in move to IPv6. On Tuesday, February 20, a panel of government and industry experts met during the IPv6 Tech Forum in Virginia to discuss uses for the new IPv6−enabled networks and the challenges users will face. The Department of Defense, along with civilian agencies, has set a goal of transitioning its networks to the next generation of Internet Protocols by July 2008. But a successful transition to IPv6 will merely establish parity with existing networks. The return on the investment will depend on how applications take advantage of the new functionality. Unfortunately, there still are many unanswered questions about what will happen when networks begin using IPv6. The federal government is a major driver in the industry’s move to IPv6, because it has been requiring functionality for the new protocols in its networking equipment. The business rationale for moving to IPv6 will be improved productivity or functionality. The opportunity to strip proprietary protocols out of legacy systems and build everything on IPv6 should save money on licensing and simplified application development. But the steep learning curve in managing networks with the new protocols could delay these benefits.
IPv6 Tech Forum: http://www.afcea.org/committees/technology/techforum/
Source: http://www.gcn.com/online/vol1_no1/43184−1.html