Wednesday, May 2, 2007

Daily Highlights

A new video on YouTube shows the discovery of individuals' social security numbers, bank account balances and numbers, and other sensitive information in trash bags outside JPMorgan Chase Bank branches in New York City. (See item 11)
·
The San Francisco Chronicle reports the day after a fiery gasoline truck accident destroyed key ramps in the MacArthur Maze interchange, security analysts and truck drivers weighed the scope of damage a deliberate terrorist attack using tankers could cause U.S. metropolises and highways. (See item 13)
·
The Department of Agriculture and the Food and Drug Administration have learned that byproducts from pet food manufactured with contaminated wheat gluten imported from China have been used in chicken feed on some farms in the state of Indiana. (See item 20)

Information Technology and Telecommunications Sector

35. May 01, SC Magazine — Flaw in Winamp MP4 processing disclosed. A hacker posted exploit code for a then−unknown vulnerability in the Winamp media player to the Milw0rm site on Monday, April 30. The flaw, which vendor eEye Digital Security ranked as "high" severity, allows an attacker to execute arbitrary code from a remote location, possibly taking full control of a system. Winamp, created by Nullsoft, is owned by AOL. The company said today that it is working to fix the flaw. The flaw exists in Winamp version 5.34, according to eEye. Secunia, which released an advisory for the vulnerability today, urged users to not open untrusted MP4 files and ranked the flaw as "highly critical."
Secunia advisory: http://secunia.com/advisories/25089/
eEye Digital Security: http://research.eeye.com/html/alerts/zeroday/20070430.html
Source: http://scmagazine.com/us/news/article/654194/flaw−winamp−mp4−processing−disclosed/

36. April 30, Government Computer News — NIST issues RFID guidelines. The National Institute of Standards and Technology (NIST) last week issued guidelines and a set of best practices for the use of radio frequency technology by federal agencies, as well as private corporations. NIST said entities deploying RFID technologies need to consider any security or privacy risks that could arise and should minimize those risks by following a list of best practices developed for RFID users. The guidelines focus specifically on the use of RFID technologies for asset management, tracking, matching and process and supply chain control. While RFID offers the potential for organizations to improve their logistics, reduce expenses and increase safety, it also entails the risk of eavesdropping and unauthorized use, according to NIST, an organization within the Commerce Department.
Guidelines for Securing Radio Frequency Identification Systems:
http://csrc.nist.gov/publications/nistpubs/800−98/SP800−98_R FID−2007.pdf
Source: http://www.gcn.com/online/vol1_no1/43601−1.html