Daily Report Wednesday, March 7 , 2007

Daily Highlights

The Associated Press reports the white supremacist gang Public Enemy No. 1 that began as a group of teenage punk−rock fans from Southern California, now deals in drugs, guns, and identity theft and is gaining clout across the West after forging an alliance with the notorious Aryan Brotherhood. (See item 6)
The Palladium Times reports the fishing industry in Upstate New York is in jeopardy because of a newly discovered Viral Hemorrhagic Septicemia virus that has made its way into the water systems. (See item 18)

Information Technology and Telecommunications Sector

30. March 07, Government Computer News — CRS: Terrorists find fertile environment in cyberspace. Finding proof that terrorists plan to launch cyberattacks against the United States is difficult, but the accessibility and vulnerability of the Internet to attack makes it a growing threat. “The time may be approaching when a cyberattack may offer advantages that cause terrorists to act, even if the probability of success or level of effectiveness is unknown,” according to the Congressional Research Service (CRS). This and other conclusions are included in a recent CRS report, titled Terrorist Capabilities for Cyberattack: Overview and Policy Issues, released by the Federation of American Scientists. Terrorists are using the Internet today to recruit new members, the report states. While it is highly likely that terrorist organizations are using cybercrime to finance their activities, the threat is expanding beyond credit card fraud and identity theft. The CRS report outlines the fragmented nature of the federal response to potential cyberattacks, pointing to responsibilities dispersed among the Homeland Security and Defense departments, the FBI and the intelligence community. CRS refers to international efforts to prevent cybercrime as one way to address the terrorist threat. It cites the Convention on Cybercrime, which the United States has signed but not yet ratified.
Report: http://www.fas.org/sgp/crs/terror/RL33123.pdf
Source: http://www.gcn.com/online/vol1_no1/43263−1.html

31. March 06, US−CERT — Technical Cyber Security Alert TA07−065A: Apple Releases Security Updates for QuickTime. Apple QuickTime 7.1.5 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most Web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a Web page. US−CERT Vulnerability Notes Database:
An upgrade to QuickTime 7.1.5 is available via Apple Update:
Source: http://www.us−cert.gov/cas/techalerts/TA07−065A.html

32. March 06, Government Computer News — DoD intertwines data security, interoperability challenges. The Department of Defense (DoD) is spending $2.5 billion on information assurance in fiscal 2007, and a good portion of those funds are to ensure the military can share data safely and more easily with the intelligence community. John Grimes, DOD CIO, said Monday, March 5, the key to information sharing is security. “We are looking at those two areas in our architecture and in the next generation of security technology, and how we may change the nonclassified IP router network,” he said in Orlando, FL, at the Information Processing Interagency Conference, sponsored by the Government IT Executive Conference. “The only way to get to net−centricity is to ensure we can share information and it is interoperable.” One program DoD is working on with the Department of Homeland Security (DHS) and other agencies is the National Command Coordination Center, which will improve information sharing among federal, state and local agencies. To ensure data interoperability, DoD is moving more toward communities of interest, including one recently set up in the maritime community with the Coast Guard, Navy and other agencies. Grimes said the Office of Management and Budget is paying close attention to how these communities succeed.
Conference Website: http://www.ipicconference.org/
Source: http://www.gcn.com/online/vol1_no1/43260−1.html

33. March 06, CNET News.com — Security flaws found in fix for Firefox, SeaMonkey. Mozilla Foundation on Monday, March 5, issued a critical fix designed to address vulnerabilities in a recent security update for the Firefox browser and SeaMonkey application suite. The security flaws were discovered in Firefox and, as well as in SeaMonkey 1.0.7, according to a security advisory posted by Mozilla. Security researchers say the initial fix, issued in mid−December, was designed to address vulnerabilities in Firefox, SeaMonkey and Mozilla's Thunderbird e−mail client. But that particular fix introduced a flaw that could allow JavaScript code from Web content to be exploited, then lead to the execution of arbitrary code. Mozilla advises Firefox users to upgrade to version and, and SeaMonkey users to update to version 1.1.1 and 1.0.8.
Mozilla Foundation Security Advisory 2007−09:
http://www.mozilla.org/security/announce/2007/mfsa2007−09.ht ml
Source: http://news.com.com/Security+flaws+found+in+fix+for+Firefox%2C+SeaMonkey/2100−1002_3−6164702.html?tag=nefd.top

34. March 05, Federal Computer Week — OMB analyzing architecture of agency business lines. The Office of Management and Budget (OMB) is reviewing agency enterprise architectures with a keen eye toward how the blueprints will change mission−critical business lines. Dick Burk, OMB’s chief architect, said Monday, March 5, that his office has been meeting weekly with agency chief architects to have them focus on specific business segments, and to get the owner of that business line to sign off on the architecture. “We want the architecture to be a reflection of their business because in the past we’ve seen it be a reflection of their” information technology, Burk said here at the 2007 Information Processing Interagency Conference sponsored by the Government Information Technology Executive Conference. “If we are going to solve the problems of the agency, we need the architecture to reflect where the business wants to be in three to five years.” Burk said 25 of 26 agencies submitted their enterprise architectures for review, and OMB will have them analyzed by early April. With 93 percent of all development, modernization and enhancement funding going toward mission−critical systems, OMB thought segment architecture would be a valuable tool to improve the use of enterprise architecture, he said.
Source: http://fcw.com/article97820−03−05−07−Web