Friday, April 27, 2007

Daily Highlights

Government Technology reports Texas Governor Rick Perry has announced the reduction of crime by 30 percent in the El Paso area during a recent border security operation known as Operation Wrangler III. (See item 16)
University of California scientists have identified likely suspects in the massive die−off of bee colonies in the U.S., including a parasite called Nosema ceranae that has been associated with affecting Asian bees. (See item 20)
Computer World reports a reverse 911 notification system will be deployed to some 17,500 households to notify residents of impending flooding if an emergency occurs during a $309 million rebuilding project under way at the Wolf Creek Dam on the Cumberland River in southern Kentucky. (See item 32)

Information Technology and Telecommunications Sector

33. April 26, CNET News — Schneier questions need for security industry. Outspoken author and security guru Bruce Schneier has questioned the very existence of the security industry, suggesting it merely indicates the willingness of other technology companies to ship insecure software and hardware. Speaking this week at Infosecurity Europe 2007, a leading trade show for the security industry, Schneier said, "the fact this show even exists is a problem. You should not have to come to this show ever." "We shouldn't have to come and find a company to secure our e−mail. E−mail should already be secure. We shouldn't have to buy from somebody to secure our network or servers. Our networks and servers should already be secure." Schneier, chief technology officer at BT Counterpane, said his own company was bought by BT Group last year because the UK telecommunications giant realized the need for security to be part of any service, not an add−on at additional cost and inconvenience to the user. His words echoed those of Lord Broers, chair of the House of Lords science and technology committee, who suggested every company, from operating system and application vendors to ISPs, needs to take greater responsibility for the security of end users.

34. April 26, CNET News — Exploit code released for Adobe Photoshop flaw. Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported. The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday, April 25. The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib, and .rle. A malicious attacker could exploit the flaw with a buffer overflow attack, followed by remotely taking over a user's system. Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.
Secunia advisory:

35. April 26, ComputerWorld — Entrepreneurial hackers buy sponsored links on Google. A hacker scheme that involved buying search keywords on Google and then routing users to a malicious site when they clicked on sponsored links was revealed Wednesday, April 25, by a security company. According to Roger Thompson, chief technology officer at Exploit Prevention Labs, the ploy involved sponsored links (the text ads that appear alongside search results on Google), a malicious intermediary and malware that steals online banking usernames and passwords. Those keywords put the criminals' sponsored links at the top of the page when searches were run for brand name sites like the Better Business Bureau or, using phrases such as "betterbusinessbureau" or "modern cars airbags required." But when users clicked on the ad link, they were momentarily diverted to, a malicious site that used an exploit against the Microsoft Data Access Components (MDAC) function in Windows to plant a back door and a "post−logger" on the PC.

36. April 26, U.S. Computer Emergency Readiness Team — US−CERT Vulnerability Note VU#127545: Cisco NetFlow Collection Engine contains known default passwords. A vulnerability in the Cisco NetFlow Collection Engine could allow a remote attacker to gain access to a vulnerable system. The Cisco Network Services (CNS) NetFlow Collection Engine (NFC) is a software package for supported UNIX platforms and is used to collect and monitor NetFlow accounting data for network devices such as routers and switches. Versions of NFC prior to 6.0 create and use default accounts with an identical username and password of "nfcuser." A remote attacker with knowledge of the default account information can gain administrative control of the NFC application configuration through the Web−based interface. For some configurations, the attacker may also be able to gain user access to the host operating system with the privileges of nfcuser. This access may allow for additional privilege escalation attacks on an affected system.
Solution: Change passwords for the affected account. Cisco has published instructions for changing the passwords on the nfcuser account in Cisco Security Advisory

37. April 25, eWeek — Acer joins Sony battery pack recall. Nine months following those first voluntary recalls of Sony−made notebook battery packs, Acer will recall some 27,000 notebooks that also contained those same lithium−ion batteries. Acer announced the recall Wednesday, April 25. The 27,000 notebooks recalled by Acer were all sold in the United States between May 2004 and November 2006. The models that came with faulty packs included the company's TravelMate notebooks with model numbers 321x, 242x, 330x, 561x, C20x, 422x, 467x and 320x. The recall also involves some models in the company's Aspire line, including the 980x, 556x, 930x, 941x, 560x and 567x.

38. April 25, SecurityFocus — Storm Worm marries malware and spam. The stock−touting e−mail messages regularly sent out by spam−focused bot nets have started to include links to malicious code, according to a report published Wednesday, April 25, by e−mail security firm MessageLabs. The criminal groups responsible for the spam appear to believe that recipients of the e−mail may click on a Web link, even if they don't buy the stock touted by the e−mail message. In the past 10 days, MessageLabs has only detected about 3,500 of the messages, so the spammers may be testing to waters to see how often the scam works, said Mark Sunner, chief technology officer for the company. The Storm Worm, which is actually a Trojan horse that does not spread on its own, embodies the latest tactics by spammers and bot masters to grow their networks. Rather than using worms and viruses to create bot nets that likely grow out of control, the Storm Worm −− also known as Zhelatin and Peacomm −− is sent out in spam to increase the size of a bot net at a controllable pace.