Wednesday, April 11, 2007

Daily Highlights

US−CERT has released Technical Cyber Security Alert TA07−100A: Microsoft Updates for Multiple Vulnerabilities. (See item 29)
The Washington Post reports that two of the shopping industry's largest trade groups are joining forces with the FBI to create a database that tracks retail crime gangs, which they say are becoming increasingly organized. (See item 33)

Information Technology and Telecommunications Sector

27. April 10, IDG News Service — Over 2,000 sites exploit .ani security flaw. More than 2,000 unique Websites have been rigged to exploit the animated cursor security flaw in Microsoft's software, according to security vendor Websense Inc. Those Websites are either hosting exploit code or are redirecting Internet users to sites with bad code, Websense's blog reported Monday, April 9. The number of Websites engineered to exploit the problem has jumped considerably since the vulnerability was publicly disclosed by Microsoft on March 29. It will likely continue to rise until patches are applied across corporate and consumer PCs, said Ross Paul, senior product manager for Websense. Hackers are hoping to catch some of the millions of unpatched machines.
Websense blog: 2
Source: .html

28. April 10, Information Week — VoIP is too complicated for mass markets, says Forrester Research. In a survey of VoIP users, a Forrester Research analyst has found the low−cost calling technology to be too complicated to appeal to mass−market users. Forrester's Zayera Khan found voice−over−Internet Protocol (VoIP) navigation systems generally to be a problem with users who are bewildered by a plethora of icons, buttons, rollovers, and navigation features. Khan cited the lack of clear keyword search capability as another problem. The report, "The VoIP Customer Experience: Work in Progress," said the leading VoIP vendors like Skype, Yahoo, Google, Microsoft, and ICQ still haven't developed user friendly services.

29. April 10, US−CERT — Technical Cyber Security Alert TA07−100A: Microsoft Updates for Multiple Vulnerabilities. Microsoft has released updates to address vulnerabilities that affect Microsoft Windows and Microsoft Content Management Server as part of the Microsoft Security Bulletin Summary for April 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. These updates include a fix to address a previously disclosed vulnerability in the Windows Client/Server Run−time Subsystem.
Microsoft Security Bulletin Summary for April 2007:−apr. mspx

30. April 09, IDG News Service — Apple offers AirPort Base Station security fix. Apple has published a firmware update for its Airport Extreme Base Station that fixes two security flaws in the Wi−Fi router. The patch fixes a bug found in certain versions of the Base Station that prevented the router from acting as a firewall by blocking IPv6 traffic by default. Both of the bugs, patched in version 7.1 of the product's firmware, affect only the 802.11n versions of the router, Apple said. The second Base Station flaw could let an attacker view filenames−−but not file contents−−on a password−protected USB hard drive connected to the Base Station via the AirPort Disk feature.

31. April 09, ComputerWorld — Hackers dupe users with spam about bogus U.S.−Iran war. A weekend spam run tried to dupe recipients into downloading the infamous "Storm Trojan" by attaching files that posed as videos of a bogus missile strike by the U.S. against Iran, antivirus vendors said Monday, April 9. The unsolicited e−mail, which arrives with provocative subject lines that include "Missle [sic] Strike: The USA kills more then [sic] 20000 Iranian citizens," "USA Declares War on Iran," and "USA Just Have Started World War III," include attached executable files such as video.exe and readme.exe, said Symantec Corp. "The underlying threats are actually nothing new," said Symantec researcher John McDonald. "They are simply minor variants of Trojan.Peacomm and W32.Mixor, which have been repacked in an attempt to avoid existing detection and appear to have been largely successful at that." Symantec added that executable file attached to the war−scare spam is actually a worm that downloads and installs both Trojan horses.