Wednesday, June 13, 2007

Daily Highlights

The National Institute for Standards and Technology has released a 387−page draft of its new guide designed to help federal agency technical teams evaluate whether the security controls they have actually work as intended to protect information systems from being compromised. (See item 9)
The Associated Press reports the New York Police Department is concerned that the commercial trucks rumbling through the city each day could be instruments of terror, and in response, has stepped up inspections and introduced an array of new technology to thwart possible plots. (See item 14)
Representatives from nearly 30 countries have gathered to discuss how to combat nuclear terrorism in a first−of−its−kind international conference led by the FBI and its Weapons of Mass Destruction Directorate. (See item 40)

Information Technology and Telecommunications Sector

35. June 12, IDG News Service — AOL spammer pleads guilty. Adam Vitale pled guilty Monday, June 11, to sending unsolicited e−mail to 1.2 million AOL LLC subscribers, U.S. Attorney for the Southern District of New York Michael J. Garcia said. Vitale and co−defendant Todd Moeller, were in contact with a government confidential informant via instant messaging, and agreed to send spam advertisements for a product in exchange for half of the profits, Garcia said in a statement. The pair then sent about 1.2 million unsolicited e−mails to AOL users between August 17 and August 23, 2005. They changed the headers on the e−mails and used various computers to conceal the source of the spam.
Source:−spammer−pleads −guilty_1.html

36. June 11, IDG News Service — Safari for Windows hacked. Just hours after Apple released its first Windows beta of Safari on Monday, June 11, a researcher said he'd found a bug. The bug causes the browser to crash and "might be exploitable," according to researcher Aviv Raff, meaning it could possibly be used to run malware on the PC.

37. June 11, Federal Computer WeekNavy rethinks its approach to collecting, sharing data. As it patrols Persian Gulf waters, the Navy is finding information collection and sharing among its main challenges, said the assistant deputy chief of naval operations for information, plans and strategy. There are multiple wrinkles to these challenges, Rear Adm. Peter Daly told a gathering of the Northern Virginia chapter of AFCEA on June 8. One involves the sheer level of information being retrieved from the boarding of suspicious vessels. “Boarding parties used to be armed to the teeth and behaved like it was a police shakedown,” said Daly. Instead, the Navy has been taking a friendlier, more conversational approach. Consequently, the amount of information retrieved from boarding has increased exponentially, from an average of 14K per boarding to 76M. The Navy also must figure out a better method of sharing maritime domain information with coalition partners and the Coast Guard. At this point the information is deposited in a shared database that is not online. The goal is to create a Web portal at which users post and retrieve maritime domain information.

38. June 11, SiliconRepublic (Ireland) — YouTube Trojan steals user data. Web users are being warned that hackers are using a new crimeware technique that attempts to dupe users into viewing a YouTube video masquerading as a Trojan horse. In what is an ironic twist on the current situation that sees music companies and sports TV firms suing YouTube for allegedly distributing stolen content, users who download the mysterious file end up seeing their own information being stolen. According to Internet security firm Websense, users who stumble onto the YouTube decoy end up downloading a Trojan horse. A file called YouTube04567 is then downloaded onto a user’s PC.
Source: 21

39. June 11, New York Times — New tests to fool automated spammers. On the Internet, nobody knows you’re a human −− until you fill out a captcha. Captchas are the puzzles on many Websites that present a string of distorted letters and numbers. These are supposed to be easy for people to read and retype, but hard for computer software to figure out. Most major Internet companies use captchas to keep the automated programs of spammers from infiltrating their sites. There is only one problem. As online mischief makers design better ways to circumvent or defeat captchas, Web companies are responding by making the puzzles more challenging to solve −− even for people. As a result, the hunt is on for puzzles that are friendlier to humans and more difficult for computers. Many researchers are focusing on expanding the test beyond the constrained realm of 26 letters and 9 digits. Microsoft researchers have developed an alternative captcha that asks Internet users to view nine images of household pets and then select just the cats or the dogs. Other companies prefer to keep their next−generation captcha research quiet. Michael Barrett, the chief information security officer at PayPal, will say only that the new breed of captchas might resemble simple image identification puzzles.