Monday, April 16, 2007

Daily Highlights

The Maui News reports a Transportation Security Administration screener at Lanai Airport found a duffel bag with forged IDs including that of a Maui police lieutenant whose name, address, Social Security number, and birth date were stolen last year from missing U.S. Department of Veterans Affairs records. (See item 21)
The Miami Herald reports Florida water managers ordered the deepest water−use cutbacks ever across South Florida on Thursday, April 12, and started the formal process of extending restrictions year−round in an effort to halt rapidly worsening conditions. (See item 31)
The Baltimore Sun reports a two−year−old boy was severely burned Saturday afternoon, April 14, at the playground of a Middle River, Maryland, elementary school after going down a slide doused in sulfuric acid and landing in a pool of the corrosive liquid; this follows a similar incident in Texas. (See item 37)·

Transportation and Border Security Sector

21. April 13, Maui News (HI) — Suspect found with forged IDs by TSA screener in Hawaii. The name on the duffel bag read Robert Folsom. But when a federal Transportation Security Administration (TSA) screener looked through the bag March 29 at Lanai Airport, she found a Hawaii driver’s license with a different name. As she continued to examine the traveler’s belongings, she turned up 43 Hawaii driver’s licenses, each with photos of the same man but with 35 different names, addresses and Social Security numbers, said Deputy Prosecutor John Tam. The suspect’s is Shane James Deighan, a 33−year−old Honolulu resident with a prior forgery conviction. Also found in his baggage were 19 credit cards, 11 of them matching one of the Hawaii driver’s licenses, with four of the credit cards signed on the back; three other apparently stolen Hawaii driver’s licenses with other people’s names and photos; two apparently stolen Texas driver’s licenses with other people’s names and photos; three Social Security cards, two blank checks, one military identification and a Canadian birth certificate. Deighan also had the personal information of a Maui police lieutenant whose name, address, Social Security number, and birth date were written in a notebook, possibly stolen last year from missing U.S. Department of Veterans Affairs records.

Information Technology and Telecommunications Sector

42. April 13, Reuters — Deadly virus phone threat causes Pakistan panic. Mobile service providers in Pakistan have been inundated by calls from subscribers worried by a prank message that they could die of a deadly virus being transmitted via their phones. The rumor was so effective that some mosques in the country's biggest city, Karachi, made announcements that people were being killed by a mobile virus and they should be aware of God's wrath. In a prank reminiscent of the plot in the hit Hollywood movie "The Ring" in which people die within a week after watching a video, the prankster warned users that a deadly virus transmitted through phones had killed 20 people. There are more than 52 million mobile users among 160 million people in Pakistan.

43. April 13, CNET News — Storm Worm variant ignites e−mail virus activity. Postini has reported that Thursday, April 12, likely marked the largest proliferation of e−mail virus attacks in more than a year. The e−mail security company indicated that two variations of the Storm Worm virus, which originally spread across the Internet in January, had driven global virus levels 60 times higher than their daily average. E−mail users were warned to be alert for messages with "love"−related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a .zip file full of malicious code. According to warning notices from Postini as well as VeriSign, which also has been following the threat, clicking on the executable file in one of the new Storm Worm e−mails installs a rootkit with anti−security measures in order to mask the malicious software's presence from virus scans and shut down security programs that may be running. The virus then taps into a private peer−to−peer network where it can download new updates and upload personal information from the compromised computer. Additionally, the virus scans the machine's hard drive to locate e−mail addresses to which it can replicate itself.

44. April 13, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−103A: Microsoft Windows DNS RPC Buffer Overflow. A buffer overflow in the Remote Procedure Call (RPC) management interface used by the Microsoft Windows Domain Name Service (DNS) service is actively being exploited. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges. Systems affected: Microsoft Windows 2003 Server and Microsoft Windows 2000 Server. Solution: US−CERT is unaware of a complete solution to this vulnerability. Until a fix is available, there are workarounds that may reduce the chances of exploitation. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate. For instance, disabling the RPC interface of the DNS service may prevent administrators from being able to remotely manage a Microsoft Windows DNS server. Consider this when implementing the following workarounds: a) Disable the RPC interface used by the Microsoft Windows DNS service; b) Block or restrict access to RPC services. Refer to source for details.
Microsoft Security Advisory:

45. April 12, eWeek — Spammers increase efforts to exploit animated cursor flaw. IT organizations are being urged to deploy a patch for a bug affecting how Microsoft Windows handles animated cursors as spammers step up their efforts to exploit the flaw −− this time with a promise of lewd pictures of celebrity hotel heiress Paris Hilton. The spammed e−mail messages have subject lines such as "Hot pictures of Paris Hilton nude" but actually contain an embedded image of adult film star and entrepreneur Jenna Jameson. When clicked on, the image links to a Website containing the malicious Troj/Iffy−B Trojan horse, which in turn points to another piece of malware targeting the Microsoft vulnerability.

46. April 12, IDG News Service — Cisco fixes wireless security holes. Cisco has patched a number of security flaws in the software used to manage its wireless networking products. The company issued two sets of patches Thursday, April 12. One fixes flaws in the Wireless Control System software used to manage the company's Aironet Lightweight Access Points, Wireless LAN Controllers, and Wireless Location Appliance. A second set of patches fixes bugs in the Wireless LAN Controller, which controls Aironet access points as well as flaws in the access points themselves, Cisco said.
Security advisory:
Second security advisory:
Source: 1.html

47. April 12, InformationWeek — New Bug reported in Windows help files. Another Microsoft vulnerability has been disclosed, along with proof−of−concept code. The so−called heap−overflow vulnerability affects Windows help files in multiple versions of Windows XP, Windows Server 2003, Windows NT, and Windows 2000. Researchers at SecurityFocus reported that the Help File viewer is prone to a heap−overflow vulnerability because it fails to perform boundary checks before copying user−supplied data into insufficiently sized memory buffers. The problem arises when the application handles a malformed or malicious Windows Help File. Hon Lau, a member of the Security Response Team at Symantec, wrote in a blog entry on Thursday that researchers there have not seen the vulnerability being actively exploited. Lau said Symantec analyzed a sample of the proof−of−concept code and released the Bloodhound.Exploit.135 to detect threats that exploit the vulnerability.
Symantec blog: