Thursday, April 26, 2007

Daily Highlights

Computerworld reports a new wave of extortion e−mails targeted at higher−income professionals is circulating on the Internet −− sent directly to the victims from valid e−mail accounts −− that threaten recipients with bodily harm and death if they do not pay thousands of dollars to the sender. (See item 13)

The U.S. Food and Drug Administration says that it will test imports of wheat gluten, corn gluten, corn meal, soy protein, rice bran, and rice protein concentrate to detect any contamination with melamine, which has been found in both human and animal food. (See item 24)

Information Technology and Telecommunications Sector

35. April 25, U.S. Computer Emergency Readiness Team — Vulnerability in HP−UX running sendmail. The U.S. Computer Emergency Readiness Team (US−CERT) is aware of a vulnerability in HP−UX running sendmail that may allow a remote user to cause a 12 denial−of−service condition. US−CERT recommends users apply the patches as described in HP Technical Knowledge Base Document c00841370. Please note that logon credentials may be needed to access this document. US−CERT will continue to investigate this issue and provide additional information as it becomes available. HP Technical Knowledge Base Document c00841370:
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00841370&admit=−1335382922+1177517201483+28353475
Source: http://www.uscert.gov/current/#hp_ux_sendmail_vulnerability

36. April 25, IDG News Service — Microsoft ups security stance with new labs. In a move to strengthen its response to security threats, Microsoft is opening two labs to study the growing amount of malicious software circulating on the Internet, security executives announced Wednesday, April 25. The Malware Protection Centers, in Dublin and Tokyo, will be staffed with analysts who will create updates −− called "signatures" −− for its security products to detect malicious software, said Roger Halbheer, chief security advisor for Europe, the Middle East and Africa. The labs will be similar to ones run by competitors such as Symantec and McAfee.
Source: http://www.infoworld.com/article/07/04/25/HNmssecuritylabs_1 .html

37. April 25, IDG News Service — 'Evil twin' Wi−Fi access points proliferate. Beware of the "evil twin." That's the term for a Wi−Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers. Unfortunately, experts say there is little consumers can do to protect themselves, but enterprises may be in better shape. With the growth in wireless networks, the "evil twin" type of attack is on the rise, said Phil Cracknell, president of the UK branch of the Information Systems Security Association. Such attacks are much easier than others seeking logins or passwords, such as phishing, which involves setting up a fraudulent Website and luring people there, Cracknell said. The growth in the number of Wi−Fi networks poses increasing opportunities for hackers, who can make their networks appear to be legitimate by simply giving their access point a similar name to the Wi−Fi network on the premises.
Source: http://www.infoworld.com/article/07/04/25/HNevilwifiaccesspo ints_1.html

38. April 25, VNUNet — Rogue software floods anti−spyware market. Malware writers are flooding the market with rogue anti−spyware applications in an attempt to steer consumers away from genuine security software and make money from selling bogus applications. Download service Snapfiles said that the rogue applications outnumber genuine software by a factor of four to one. Snapfiles hosts free and trial applications for consumers to download, and claims to reject any software that fails to deliver the promised functionality or causes harm to a system. Download site Tucows confirmed the figure, saying that it too rejects about four−fifths of the anti−spyware programs it receives from developers. Rogue anti−spyware programs present themselves as legitimate security solutions, but have no intention of ridding a user's system of malware. Instead, the application scares the user with false test results, fails to get rid of existing spyware infections, and in some cases even infects the system with additional pieces of spyware and adware. Source: http://www.vnunet.com/vnunet/news/2188549/rogue−apps−dominat ing 13

39. April 24, Associated Press — Researchers break Internet speed records. A group of researchers led by the University of Tokyo has broken Internet speed records −− twice in two days. Operators of the high−speed Internet2 network announced Tuesday, April 24, that the researchers on December 30 sent data at 7.67 gigabits per second, using standard communications protocols. The next day, using modified protocols, the team broke the record again by sending data over the same 20,000−mile path at 9.08 Gbps. Source: http://www.nytimes.com/aponline/technology/AP−Faster−Interne t.html?_r=1&oref=slogin

40. April 24, CNET News — Web threats to surpass e−mail pests. By next year, Internet users can expect more cyberattacks to originate from the Web than via e−mail, security firm Trend Micro predicts. E−mail has traditionally been the top means of attack, with messages laden with Trojan horses and other malicious programs hitting inboxes. But the balance is about to tip as cybercrooks increasingly turn to the Web to attack PCs. "By 2008, most of the threats you are facing will be Web placed. Today most of it is still e−mail," Raimund Genes, Trend Micro's chief researcher, said in a presentation at the Gartner Symposium and ITxpo on Monday, April 23. The reason for the flip is simple. Security tools for e−mail have become commonplace, but the same isn't true for Web traffic. Security firms have found it tough to secure what comes into a network and computers over port 80, the network port used to browse the Web using the hypertext transfer protocol, or HTTP. Source: http://news.com.com/Web+threats+to+surpass+e−mail+pests/2100−7349_3−6178930.html