Daily Report Monday, February 26 , 2007

Daily Highlights

The Des Moines Register reports ice accumulation of up to one and one−half inches wreaked havoc on Iowa's power lines Saturday, February 24, leaving more than 171,000 customers without electricity and others in jeopardy of losing power if winds pick up. (See item 1)
The Transportation Security Administration on Friday, February 23, unveiled an operational test to evaluate backscatter technology, which detects weapons, explosives, and other metallic and non−metallic threat items concealed under layers of clothing, at Phoenix Sky Harbor Airport. (See item 13)
U.S. scientists have confirmed the first reported case of pig meningitis in a human being in North America: a 59−year−old farmer in New York State, who complained of sudden fever and confusion. (See item 25)

Information Technology and Telecommunications Sector

February 23, IDG News Service — Mozilla fixes Firefox bugs. Mozilla has released an update to its Firefox browser, fixing security flaws in the product. The Firefox release includes a fix for a bug disclosed by a security researcher last week. That flaw can be exploited by attackers to manipulate cookie information in the Firefox browser, making it probably the most important fix in the update, according to Window Snyder, Mozilla's head of security strategy. The updates also include a fix for a previously undisclosed memory corruption flaw in the browser that could be exploited to run unauthorized software on a Firefox user's computer. This flaw could also affect Thunderbird users who have configured their mail client to run JavaScript automatically, something that Mozilla does not recommend. Thunderbird is Mozilla's free e−mail client. Mozilla has patched a total of seven Firefox bugs and is also addressing two bugs in Thunderbird.
Source: http://www.infoworld.com/article/07/02/23/HNmozillafixesfire foxbugs_1.html

32. February 23, CNET News.com — Flaw found in Office 2007. Researchers at eEye Digital Security found a file format vulnerability in Microsoft Office Publisher 2007, which could be exploited to let an outsider run code on a compromised PC. An attacker could create a malicious publisher file, said Ross Brown, eEye's chief executive. Once the recipient opens the file, he or she could find the system infected and susceptible to a remote attack. Microsoft, meanwhile, said it is investigating the report of a possible vulnerability in Publisher 2007 and will provide users with additional guidance if necessary.
Source: http://news.com.com/Flaw+found+in+Office+2007/2100−1002_3−6161835.html?tag=ne.fd.mnbc

33. February 23, Websense — Monster.com email lure to malicious code. Websense Security Labs has discovered emails that attempt to lure users to click on a link in order to upgrade their system security. The emails, which are spoofed from Monster, are written in HTML and claim that Monster systems have been upgraded and that users need to download a certified utility to be able to use Monster. The domain name that the emails point to are using five different IP addresses. Upon connecting to one of the IP addresses, the code is run, several files are downloaded and installed on the user's machine, and another file is downloaded and installed from a server in Denmark. The files appear to be designed to steal end−user information.
Source: http://www.websense.com/securitylabs/alerts/alert.php?AlertI D=747

34. February 23, US−CERT — Vulnerability Note VU#393921: Mozilla Firefox fails to properly handle JavaScript onUnload events. The JavaScript onUnload event is executed when the browser exits a Web page. An event handler can be installed via JavaScript to trap and process this event. Mozilla Firefox fails to properly handle JavaScript onUnload events. Specifically, Firefox may not correctly handle freed data structures modified in the onUnload event handler possibly leading to memory corruption. By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. We are currently unaware of a practical solution to this problem; however, disabling JavaScript will prevent exploitation of this vulnerability.
Source: http://www.kb.cert.org/vuls/id/393921