Thursday, June 21, 2007

Daily Highlights

The Associated Press reports a massive computer failure, causing a two−hour outage at United Airlines, halted all flights systemwide for the carrier on Wednesday, June 20. (See item 14)
The Department of Homeland Security and the Department of State announced on Wednesday, June 20, the Notice of Proposed Rulemaking for the land and sea portion of the Western Hemisphere Travel Initiative, a core 9/11 Commission recommendation. (See item 17)

Information Technology and Telecommunications Sector

27. June 20, eWeek — Gateway recalls faulty battery packs. Gateway announced Tuesday, June 19, that it is voluntarily recalling about 14,000 laptop battery packs that were sold during a three−month period in 2003. The PC vendor is working with the U.S. Consumer Product Safety Commission and the company will replace the faulty battery packs for free. The lithium−ion battery packs can overheat and possibly cause a fire, although the internal battery cell is not defective, says Gateway.

28. June 20, IDG News Service — National security risks prompt French BlackBerry ban. French government members and their advisors have been told not to use BlackBerry smartphones, for national security reasons. The ban on BlackBerry devices is just one of the IT challenges facing new National Assembly members as they take their seats following Sunday's elections. The smartphones, developed by Canadian company Research in Motion, send and receive e−mail through just a handful of servers in the United Kingdom and in North America −− a reality brought home when a failed software upgrade to the North American servers in April abruptly halted service to BlackBerry users there. This concentration of data poses a threat to national security, according to Alain Juillet, senior economic intelligence advisor to the French Prime Minister, because of the risk of data interception.

29. June 20, Information Week — Trojans lurking in fake video postings on YouTube. Malware authors have a new trick up their sleeves that targets the YouTube nation. Within the past week, cybercriminals have hidden Trojan horses in fake video postings on the wildly popular YouTube site, according to Paul Henry, vice president of technologies with Secure Computing. While YouTube techies were quick to pull down both postings, Henry said in an interview Wednesday, June 20, that the two incidents could sound the bell for a new means of attack. Henry said that when users tried to view the fake video posting, they were infected with the zlob Trojan, which then begin spitting out pop−ups ads for pornographic sites onto the infected computer. As bad as that may be for users, Henry said his concern is that it's simply a prelude to the Trojans downloading other pieces of malware, like keyloggers. It also would be an easy way to turn infected computers into bots and then have them join the growing wave of botnets that are plaguing the Internet with spam and denial−of−service attacks. Another concern is that users don't expect to fend off malware attacks when they're cruising around YouTube. And that's part of the cybercriminals' plan, noted Henry.

30. June 20, Government Accountability Office — GAO−07−1003T: Information Security: Homeland Security Needs to Enhance Effectiveness of Its Program (Testimony). To protect and mitigate threats and attacks against the United States, 22 federal agencies and organizations were merged to form the Department of Homeland Security (DHS) in 2002. One of the department’s components, U.S. Customs and Border Protection (CBP), is responsible for securing the nation’s borders. DHS and CBP rely on a variety of computerized information systems to support their operations and assets. The Government Accountability Office (GAO) has reported for many years that poor information security is a widespread problem with potentially devastating consequences. In reports to Congress since 1997, GAO has identified information security as a governmentwide high−risk issue. In this testimony, GAO discusses DHS’ information security program and computer security controls for key information systems. GAO based its testimony on agency, inspector general, and GAO issued and draft reports on DHS information security. To enhance departmental security, GAO has previously made recommendations to DHS in implementing its information security program and is making additional recommendations in two draft reports currently being reviewed by the department.