Daily Report Friday, March 2 , 2007

Daily Highlights

The Boston Globe reports that in response to credit− and debit−card theft from retailers, American financial institutions are starting to offer "smart cards" with microprocessor chips that store encrypted customer information and require a personal identification number, or PIN. (See item 10)
The Department of Homeland Security announced on Thursday, March 1, its proposal to establish minimum standards for state−issued driver’s licenses and identification cards, in compliance with the REAL ID Act of 2005, to enhance the security and integrity of driver’s licenses. (See item 16)
The Associated Press reports heavy, wet snow and blizzard conditions hit the Plains and Midwest on Thursday, March 1, shutting down hundreds of miles of interstate highways, closing schools, and canceling flights. (See item 39)

Transportation and Border Security Sector

16. March 01, Department of Homeland Security — DHS issues proposal for states to enhance driver’s licenses. The Department of Homeland Security (DHS) announced on Thursday, March 1, its proposal to establish minimum standards for state−issued driver’s licenses and identification cards in compliance with the REAL ID Act of 2005. The REAL ID requirements are a result of recommendations made by the 9/11 Commission, which Congress passed into law, and will enhance the security and integrity of driver’s licenses. “Raising the security standards on driver’s licenses establishes another layer of protection to prevent terrorists from obtaining and using fake documents to plan or carry out an attack. These standards correct glaring vulnerabilities exploited by some of the 9/11 hijackers who used fraudulently obtained drivers licenses to board the airplanes in their attack against America,” said DHS Secretary Michael Chertoff. The department’s proposed regulations set standards for states to meet the requirements of the REAL ID Act, including: security features that must be incorporated into each card; verification of information provided by applicants to establish their identity and lawful status in the United States; and physical security standards for locations where licenses and identification cards are issued. As proposed, a REAL ID driver’s license will be required in order to access a federal facility, board federally−regulated commercial aircraft, and enter nuclear power plants.
To view the proposed regulations, go to http://www.dhs.gov/
Source: http://www.dhs.gov/xnews/releases/pr_1172765989904.shtm

Information Technology and Telecommunications Sector

March 01, eWeek — Black Hat demonstrations shatter hardware hacking myths. At the Black Hat Briefings, two breakthrough hardware hacks were demonstrated. One shocker was Coseinc Senior Security Researcher Joanna Rutkowska's demonstration of a way to subvert system memory through software −− in essence, the shattering of the long−held belief that "going to hardware" to secure incident response is a security failsafe. Security professionals at the show called it the "attainment of the holy grail," particularly since the only way to fix the system's memory corruption is to reboot −− thus erasing all tracks of the subversion. It's a digital forensic team's worst nightmare. John Heasman from NGSS proved that rootkits can persist on a device −− on firmware −− rather than on disk, and can thus survive a machine being reimaged. These hacks are esoteric, but they're proving that much of what we thought of as hardware unassailability is pure folklore.
Source: http://www.eweek.com/article2/0,1895,2099603,00.asp

33. March 01, IDG News Service — Lenovo recalls 205,000 notebook batteries. Months after joining other PC vendors in a massive recall of faulty notebook batteries, Lenovo Group has found a different problem with some models, and will recall 205,000 notebook batteries worldwide, the company said Thursday, March 1. Lenovo made the move after four customers complained their batteries overheated after they had dropped or hit the notebooks. The defect caused minor eye irritation for one user, and damaged the property and computers of the others, according to the U.S. Consumer Product Safety Commission. The recall affects the nine−cell, extended−life version of a battery pack manufactured by Sanyo Electric, of Japan.
Source: http://www.infoworld.com/article/07/03/01/HNlenovorecallsbat teries_1.html

34. March 01, IDG News Service — Oracle to buy Hyperion for $3 billion. Oracle has agreed to acquire business intelligence software vendor Hyperion Solutions for $3.3 billion in cash, it said Thursday, March 1. Oracle said it will combine Hyperion's software with its own business intelligence and analytics tools to offer customers a broad range of performance management capabilities, including planning, budgeting and operational analytics.
Source: http://www.infoworld.com/article/07/03/01/HNoraclehyperion_1 .html

35. March 01, Sophos — Malware adopts disguises in attempt to dupe IT defenses. Sophos has revealed the most prevalent malware threats and e−mail hoaxes causing problems for computer users around the world during February 2007. The figures, compiled by Sophos' global network of monitoring stations, show that the HckPk family has had the greatest impact on computer users this month, accounting for more than half of malware seen during February. Hackers are increasingly using encryption and packer tools −− such as those belonging to the HckPk family −− to camouflage their malicious code. January's hardest−hitting worm, Dorf, plus the prevalent Dref mass−mailing worms are just two examples of the malware currently being hidden within HckPk programs. Sophos has also found that cybercriminals are constantly modifying their HckPk disguises in an attempt to bypass IT defenses.
Source: http://www.sophos.com/pressoffice/news/articles/2007/03/topt enfeb07.html

36. February 28, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−059A: Sun Solaris Telnet Worm. A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges. Further details about the vulnerability are available in Vulnerability Note VU#881872:
Because VU#881872 is trivial to exploit and sufficient technical detail is publicly available, any attacker, not just this worm, could exploit vulnerable systems. Sun has published information about the worm in the Security Sun Alert Feed including an inoculation script that disables the telnet daemon and reverses known changes made by the worm:
http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_ seen
Solution: To address VU#881872, apply the appropriate patches referenced in Sun Alert Notification 102802: http://sunsolve.sun.com/search/document.do?assetkey=1−26−102 802−1
To recover compromised systems, Sun has provided an inoculation script that disables the telnet daemon and reverses known changes made by the worm:
Note that the inoculation script only recovers from this particular worm. Running the inoculation script does not guarantee system integrity. To fully recover, it may be necessary to rebuild a compromised system using trusted software sources. For more information, see Recovering from an Incident: http://www.cert.org/nav/recovering.html
Source: http://www.uscert.gov/cas/techalerts/TA07−059A.html

37. February 28, CNET News — Symantec incorrectly flags Yahoo Mail as a virus. Yahoo's e−mail service is not infected with a computer virus, despite a warning from Symantec that says it is. Starting sometime on Tuesday, February 27, accessing the beta version of Yahoo Mail on a PC with Symantec's updated antivirus software caused alarm bells to go off. The security software reported finding the "Feebs" worm on the Yahoo Webpages. That warning was in error, Symantec said Wednesday. "Symantec antivirus products...triggered a false−positive alert with Yahoo Mail beta," said Vincent Weafer, a senior director at Symantec Security Response.
Source: http://news.com.com/Symantec+incorrectly+flags+Yahoo+Mail+as+a+virus/2100−1002_3−6163068.html