Thursday, June 28, 2007

Our apologies to everyone. Factors beyond our control from a timely post of Thursday, June 28, 2007 and Friday, June 29, 2007. We are now back on schedule as these two and today's, Monday, July 2, 2007 are being posted.

Daily Highlights

Aero−News Network reports police in Tulsa, Oklahoma, arrested a man Monday, June 25, for pointing a laser at a law enforcement helicopter, a crime that could mean up to five years in prison. (See item 17)

The Associated Press reports a February incident in which noxious fumes were released in the Spokane region's NorthTown Mall is being investigated by the FBI as a possible incident of domestic terrorism. (See item 42)

Information Technology and Telecommunications Sector

36. June 27, Sophos — Malicious spam posing as fake vulnerability patch leads to Trojan horse infection. Experts at Sophos have warned of a widespread attempt to infect e−mail users by sending them a warning about a bogus Microsoft security patch. The e−mails, which have the subject line "Microsoft Security Bulletin MS07−0065" pretend to come from Microsoft, and claim that a zero−day vulnerability has been discovered in the Microsoft Outlook e−mail program. They go on to warn recipients that "more than 100,000 machines" have been exploited via the vulnerability in order to promote medications such as Viagra and Cialis. Users are encouraged by the e−mail to download a patch which, it is claimed, will fix the problem and prevent them from becoming attacked by hackers. However, clicking on the link contained inside the e−mail does not take computer users to Microsoft's Website but one of many compromised Websites hosting a Trojan horse.
Source: http://www.sophos.com/pressoffice/news/articles/2007/06/bogusmspatch.html

37. June 27, Federal Computer Week — Increase in cyber threats spurs government, industry. A reinforced cadre of federal cybercrime prosecutors and technicians at the third annual GFirst (Government Forum of Incident Response and Security Teams) conference marshaled new deterrents and defenses against the rising level of cyberattacks, as industry executives forecast increases in the market for security products. This year's conference is being held June 25−29 at the Buena Vista Palace Hotel in Orlando, FL. More than 550 people from about 70 organizations attended the conference. Greg Garcia, the Department of Homeland Security’s (DHS) assistant secretary for cybersecurity and communications, said his organization had received more than 21,000 reports of cyber incidents through May during this fiscal year, in contrast to about 24,000 during all of 2006. He highlighted the importance of the sector−specific infrastructure protection plans that DHS released in May. Adding operational content to those plans is a major department goal for the rest of this year and beyond, he added.
Source: http://www.fcw.com/article103099−06−27−07−Web

38. June 26, eWeek — Security appliances sitting ducks for known bug. The all−in−one device many businesses think is protecting their security likely has a hole as big as a Boeing, according to new research from Calyptix Security. Calyptix Security has discovered that CSRF (cross−site request forgery), a type of vulnerability that typically concerns large sites like Amazon.com, Google and Digg, also affects a vast array of the security devices that enterprises plunk down at the heart of their defense systems. Calyptix notified eight security vendors of the concern, said CEO Ben Yarbrough, but only one −− Check Point Software Technologies −− has responded by issuing an update to multiple versions of its vulnerable apps. Calyptix declined to release the names of the other seven vendors, but said those vendors provide widely deployed appliances. Calyptix classified the CSRF risk as medium, given that a successful attack requires knowledge of the URL that is used to manage a device.
Calyptix Security Advisory: http://labs.calyptix.com/CX−2007−04.php
Source: http://www.eweek.com/article2/0,1895,2151154,00.asp

39. June 26, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−177A: MIT Kerberos Vulnerabilities. The MIT Kerberos 5 implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Other products that use the RPC library provided with MIT Kerberos or other RPC libraries derived from SunRPC may also be affected. Impact: A remote, unauthenticated attacker may be able to execute arbitrary code on KDCs, systems running kadmind, and application servers that use the RPC library. An attacker could also cause a denial−of−service on any of these systems. These vulnerabilities could result in the compromise of both the KDC and an entire Kerberos realm. Solution: Check with your vendors for patches or updates. Alternatively, apply the appropriate source code patches referenced in MITKRB5−SA−2007−004 and MITKRB5−SA−2007−005 and recompile. MITKRB5−SA−2007−004: http://web.mit.edu/kerberos/www/advisories/MITKRB5−SA−2007−0 04.txt MITKRB5−SA−2007−005: http://web.mit.edu/kerberos/www/advisories/MITKRB5−SA−2007−0 05.txt
Source: http://www.uscert.gov/cas/techalerts/TA07−177A.html

40. June 26, Security Focus — Study: Exploit Wednesday more myth than reality. Several security researchers' and news articles' assertions that exploits for previously unknown vulnerabilities appear soon after Microsoft's regularly scheduled Patch Tuesday appear to have little basis in reality, according to an analysis of some 200 zero−day vulnerabilities by security firm McAfee. Defining a zero−day vulnerability as "the public availability of exploit information on the same day that a vulnerability is publicly disclosed," McAfee security researcher Craig Schmugar surveyed 200 zero−day flaws spanning the past three years and found little evidence that exploits are released on the day following Microsoft's Patch Tuesday. "It’s more likely that many attackers do not wait and (instead) simply release their threats as soon as they are ready to be released," Schmugar stated in the analysis. "The more time that passes, the greater the chance that the vulnerability will be disclosed and/or patched."
Source: http://www.securityfocus.com/brief/535