Daily Report Thursday, March 8 , 2007

Daily Highlights

The Boston Globe reports Southern New England's two biggest utilities are developing plans to spend potentially $1 billion constructing 80 to 100 miles of high−voltage electric transmission lines to make the regional power grid more reliable and keep up with steadily growing energy demand. (See item 1)
·
The Orlando Sentinel reports an airline employee at Orlando International Airport used his security privileges on Monday, March 5, to sneak a duffle bag containing 13 handguns, an assault rifle, and eight pounds of marijuana aboard a Delta flight to San Juan. (See item 19)


Information Technology and Telecommunications Sector

33. March 07, SC Magazine — IRC bot a growing threat to enterprise networks. A new Internet relay chat (IRC) bot is building an even larger zombie family that could pose a significant threat to enterprise networks, security researchers said Wednesday, March 7. The Nirbot family is based on relatively new code and spreads after receiving instructions from the botmaster inside an IRC channel, said Jose Nazario, of Arbor Networks. The bot attempts to exploit patched vulnerabilities in Symantec anti−virus programs and the Microsoft server service function. More dangerous for enterprises, though, is that the bot preys on password weaknesses in Windows file−sharing networks, researchers said. Once launched, the bot joins the IRC server and can download arbitrary code, unleash DDoS attacks or launch an HTTP or FTP server to browse an infected PC for sensitive files, he said.
Source: http://scmagazine.com/us/news/article/642351/irc−bot−growing−threat−enterprise−networks/

34. March 06, Federal Computer Week — VA to control, restrict use of mobile storage devices. In the next month, the Department of Veterans Affairs (VA) will let employees plug into its network only those mobile storage devices issued by the chief information officer’s office. Robert Howard, the department’s CIO, said Tuesday, March 6, he will issue only 1G and 2G thumb drives and will not allow anything larger onto the network unless he approves it. The mobile storage devices also must be certified under the National Institute of Standards and Technology’s Federal Information Processing Standard 140−2, he added. Besides controlling thumb drives, Howard aims to have a standard configuration for smart phones and personal digital assistants, eliminate unencrypted messages that travel on the VA’s network and reduce the number of virtual private networks by the end of fiscal 2007. The department also is relying more on public−key infrastructure (PKI) and Microsoft’s rights management system (RMS) in its Outlook e−mail system to do a better job of securing e−mail and documents.
Source: http://www.fcw.com/article97837−03−06−07−Web