Wednesday, May 30, 2007

Daily Highlights

The Associated Press reports six Florida customs inspectors have told federal officials that superiors instructed them to enter false data indicating airline passengers had been stopped and inspected for plant and animal contraband. (See item 16)
·
The Los Angeles Daily News reports due to a creeping chemical plume threatening the water supply, the Department of Water and Power has shut down at least one drinking−water well in Los Angeles because of contamination of the San Fernando Valley aquifer, with the possibility that the contamination will spread. (See item 22)
·
The University of Maryland’s National Consortium for the Study of Terrorism and Responses to Terrorism has made its terrorism attack database publicly available, providing a unique service for understanding risk in the context of terrorism threats. (See item 29)

Information Technology and Telecommunications Sector

30. May 29, Chicago Tribune — Attacks on Estonia move to new front. After Estonia relocated a Soviet war memorial out of downtown Tallinn last month, furious Russians rioted in the Estonian capital, tried to attack Estonia's ambassador in Moscow, and hastily engineered de facto economic sanctions against the tiny Baltic nation. But the salvo from the Russian side that has most worried Estonians is a carefully crafted three−week cyber attack on Estonian government, bank and media Websites that has wreaked havoc in a country heavily dependent on the Internet for everything from banking and voting to paying taxes. The onslaught of "denial−of−service" attacks, many of which have originated from Russian computers, has raised questions about whether such attacks will become a tactic in future political conflicts. U.S. Deputy Secretary of State John Negroponte said the cyber sabotage in Estonia should prompt countries to shore up defenses against hackers and cyber−terrorists. Hackers routinely use Internet−connected computers as a conduit for attacks without the owner's knowledge. And Estonian officials have yet to prove that the Russian government instigated the sabotage.
Source: http://www.chicagotribune.com/technology/chi−estonia_rodriguezmay29,1,6793241.story?coll=chi−techtopheds−hed

31. May 28, Computerworld — Mac OS open to attack through unpatched Samba. Hackers can attack Apple Inc.'s Mac OS X by exploiting an unpatched vulnerability in the open−source Samba file−and print−sharing software that's included with the operating system, Symantec Inc. said Monday, May 28. Samba is enabled when Mac users turn on the Windows Sharing feature that allows Microsoft Corp. customers to access files and printers on a Mac network. Symantec was able to exploit "the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application." Although Mac OS X doesn't turn on Samba by default, Macs that share a network with Windows PCs could be at risk, Symantec warned. Because Apple has not released a Samba update since 2005, users must upgrade to the latest, and secure version, themselves.
Samba Website: http://us4.samba.org/samba/
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9021518&intsrc=hm_list

32. May 28, SecurityFocus — Peer−to−peer networks co−opted for DOS attacks. A flaw in the design of a popular peer−to−peer network software has given attackers the ability to create massive denial−of−service attacks that can easily overwhelm corporate Websites, a security firm warned last week. Over the past three months, more than 40 companies have endured attacks emanating from hundreds of thousands of Internet protocol addresses (IPs), with many of the attacks producing more than a gigabit of junk data every second, according to security solutions provider Prolexic Technologies. The latest attacks came from a collection of computers running peer−to−peer software known as DC++. The software is based on Direct Connect, a protocol which allows the exchange of files between instant messaging clients. The directories of where to find certain files resides in a few servers, known as hubs. Older versions of the hub server software have a flaw that allows an attacker to direct clients to get information from another server, said Fredrik Ullner, a developer for the DC++ project. Maliciously redirecting those client results in a large number of computers continuously demanding data from the victim's Web server, overwhelming it with requests.
Source: http://www.securityfocus.com/news/11466