Friday, April 13, 2007

Daily Highlights

Department of Homeland Security officials are increasing their efforts to prevent attacks that involve deadly chemicals, especially because insurgents in Iraq have increased their use of bombs laced with chlorine gas. (See item 4)
The Jerusalem Post reports the Israeli Air Force came very close Wednesday afternoon, April 11, to intercepting and destroying a U.S. civilian airliner that had failed to make contact with Air Traffic Control and comply with international regulations as it approached the country's airspace. (See item 13)
CNN reports a 43−year−old U.S. citizen, Christopher Paul of Columbus, Ohio, faces charges of providing material support to al Qaeda and plotting to set off bombs in Europe and the U.S., according to a federal indictment unsealed in Columbus. (See item 37)

Information Technology and Telecommunications Sector

31. April 12, InformationWeek — Google dissects a clickbot, and discusses the cost of click fraud. Over the past year, Google has been reaching out to the media and the public to allay fears that click fraud represents a serious threat to its business. Its executives have repeatedly said the problem is under control and not significant for Google. On Tuesday, April 11, Google published "The Anatomy of Clickbot.A," an analysis of malicious software used to commit click fraud. Despite Google CEO Eric Schmidt's past insistence that click fraud is "immaterial," the paper argues that more needs to be done to protect search engines and computers in general against botnet attacks. "We believe that it is important to disclose the details of how such botnets work to help the security community, in general, build better defenses," the paper states, adding that Google identified and invalidated all the clicks originating from the Clickbot.A botnet in question. The particular Clickbot.A botnet described in the paper consisted of 100,000 machines when analyzed in June 2006. The Clickbot.A software was designed to conduct "a low−noise click fraud attack against syndicated search engines."
Anatomy of Clickbot.A:

32. April 11, Federal Computer Week — Shortcomings plague State's IT security. Despite some improvements, the Department of State still falls short in its information security efforts, according to a new report from Inspector General Howard Krongard. Nearly half of the 34 departmental posts and bureaus audited by the inspector general from April to September 2006 displayed shortcomings in information technology security, according to the report. These shortcomings were apparent in classified data being stored in unclassified systems, inadequate separation of duties among IT employees and missing or inadequate documentation on security settings used to protect data. Despite progress in addressing privacy and in reporting computer hacking incidents, the department also shows inadequacies in its Federal Information Security Management Act compliance and documentation.
OIG Website:

33. April 11, Government Computer News — OMB, DoD to enforce desktop standard through procurement. The Office of Management and Budget (OMB) and the Department of Defense (DoD) are taking similar but separate paths to ensure a standard Microsoft Windows desktop configuration is used by all agencies. Karen Evans, OMB’s administrator for IT and e−government, has recommended to Paul Denett, the administrator in the Office of Federal Procurement Policy (OFPP), that the Federal Acquisition Regulations (FAR) Council add a clause to the FAR, or OFPP send out a memo to all chief acquisition officers, that would require all IT contracts to include the requirement that all software and hardware does no harm to the standard configuration. The Air Force, meanwhile, has submitted a three−part clause to the DoD chief information officer that would be included in every IT contract, said Ken Heitkamp, associate director for lifecycle management and director of the Air Force’s IT Commodity Council. Eventually, Heitkamp said, DoD’s rule could be given to OMB for them to decide whether to take it governmentwide. OMB has set a June 30 deadline for agencies to include provisions in contracts addressing the standard configuration.

34. April 11, eWeek — MS first look: No Word 2007 bugs. Microsoft says a preliminary investigation into reports of vulnerabilities in its Office 2007 suite has produced no evidence of a threat to users. Reports of new security holes in MS Office have been made public on known exploit sites, including information about four bugs posted on one site. Microsoft has not released specific information about the vulnerabilities, citing potential risk to users. "Microsoft's initial investigation has found that none of these claims demonstrate any vulnerability in Word 2007 or any Office 2007 products," a company spokesperson said April 11. "Our investigation into the possible impact of these claims on other versions of Microsoft Office is continuing." The reported flaws were uncovered by Mati Aharoni of Offensive−, in Israel.

35. April 11, IDG News Service — Sophos: China fixing spam problem. The amount of spam pumping out of China dropped precipitously in the first three months of 2007, security vendor Sophos reported Wednesday, April 11. A year ago, computers in China were sending out 21.1 percent of all spam messages, but that number has steadily dropped over the past year, totaling just 7.5 percent in the most recent quarter, Sophos said. During the first seven days of 2007, for example, China accounted for only 1.7 percent of spam messages, an unusually precipitous drop, said Carole Theriault, a senior security consultant with Sophos. The cutoff was probably caused by two major December 26 earthquakes off the coast of Taiwan, which damaged underwater data cables and disrupted Internet access in Asia, Theriault said. But some of the credit also goes to a country−wide spam crackdown, she added.

36. April 10, InfoWorld — McAfee: Cyber−crime will continue to pay. The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end−users, predicting continued maturation of cyber−crime and the technological means being used to carry out external attacks. According to McAfee's semi−annual Sage journal, a roundup of the company's ongoing security research, everything from spam to spyware will become more dangerous over the course of 2007 as hackers look for new ways to exploit end users' machines in their quest for fast cash. As was the case in 2006, the drive for profits among hackers and malware code writers will dominate development of the threat landscape over the next 12 months, McAfee experts said. "The overall trend remains more attacks geared toward making money that make use of malware or support people making malware," said Dave Marcus, security research manager with Avert Labs. "What is surprising is the service and support that's going on around the malware industry; there are more sites selling custom Trojans with support contracts and attacks coded to target banks of the buyer's choice and more malware suppliers offering patches and variants to their users."
McAfee's Sage Journal:
Thursday, April 12, 2007

Daily Highlights

The Georgia Department of Community Health said Tuesday that a CD containing the names, addresses, birth dates and Social Security numbers of 2.9 million Medicaid recipients went missing while being transported by a private carrier. (See item 11)
The Director of National Intelligence on Wednesday unveiled a broad new program to enhance collaboration between agencies. (See item 25)

Information Technology and Telecommunications Sector

27. April 10, eWeek — Symantec patches flaw in Enterprise Security Manager. Symantec has patched a security hole in its Enterprise Security Manager (ESM) tool that allows attackers to take control of infected machines. The company cautioned users in an advisory that all versions of ESM, except version 6.5.3, are vulnerable to a remote code execution attack. The problem, officials at the anti−virus vendor reported, is that the ESM agent remote upgrade interface does not authenticate the source of remote upgrade requests −− a vulnerability that can be exploited to launch malware via a specially crafted upgrade request. "The ESM agent accepts remote upgrade requests from any entity that understands the upgrade protocol," according to the advisory. "The ESM agent does not currently verify that upgrades are from a trusted source. An attacker with knowledge of the agent protocol could deploy a piece of software that allows the attacker to control the host computer. The ESM agent runs with administrative privileges."

28. April 10, CNET News — Office zero−day bugs spoil Patch Tuesday. A trio of what appear to be new, yet−to−be−patched flaws in Microsoft Office has surfaced, according to security researchers at McAfee. The vulnerabilities were reported in online security forums on Monday, April 9, according to a posting on the McAfee Avert Labs blog on Tuesday. All but one of the flaws results in denial−of−service, meaning the application would crash, according to the blog post. "There is one heap−overflow flaw that might be exploited for code execution," Karthik Raman, a McAfee researcher wrote on the blog on Tuesday. Typically such flaws are exploited by tricking a targeted victim into opening a rigged Office document. Microsoft is investigating the bug reports as well, a company representative said in an e−mailed statement. Microsoft is not aware of any attacks that exploit any of the issues at this time, the representative said. Word of the flaws comes on the day that Microsoft issued five security bulletins as part of its monthly patch cycle.
McAfee blog:

29. April 10, CNET News — Oracle patches to fix 37 flaws. Oracle next week plans to release fixes for 37 security flaws across all its products, the company said Tuesday, April 10. The fixes will be delivered April 17 as part of Oracle's quarterly patch cycle. Seven of the bugs are serious and could allow a system running the vulnerable Oracle software to be compromised remotely, the company said in a note on its Website. This is the second time Oracle is giving a heads−up on patches.