Tuesday, July 3, 2007

Daily Highlights

CNN reports travelers setting off for the Fourth of July holiday can expect tighter security at U.S. airports −− including more police and bomb−sniffing dogs and random vehicle checks −− in response to an attack Saturday on the Glasgow airport in Scotland. (See item 20)
·
U.S. companies are increasing their scrutiny of thousands of products they receive from Chinese suppliers, as widening recalls force them to focus on potential hazards that were overlooked in the past. (See item 28)

Information Technology and Telecommunications Sector

36. July 02, Sophos — Sophos reveals top ten Web threats for June 2007. Sophos has revealed the most prevalent malware threats causing problems for computer users around the world during June 2007. The figures show a further sharp rise in Web−based threats. Sophos uncovered an average of 29,700 new infected Web pages every day −− around 80 percent of which were located on hacked legitimate sites. The top ten list of Web−based malware threats in June 2007 reads as follows: 1) Mal/Iframe; 2) Mal/ObfJS; 3) Troj/Fujif; 4) Troj/Decdec; 5) VBS/Redlof; 6) Troj/Psyme; 7) Mal/Packer; 8) Troj/Ifradv; 8) VBS/Haptime; 10) Mal/Zlob. Iframe, which works by injecting malicious code onto Web pages, has again topped the chart, accounting for nearly two thirds of the world's infected Web pages. Earlier this month, an Iframe attack on multiple Italian Websites occurred, making headlines around the world.
Source: http://www.sophos.com/pressoffice/news/articles/2007/07/topt enjun07.html

37. July 01, Associated Press — Cyber attacks engulf Kremlin's critics. A political battle is raging in Russian cyberspace. Opposition parties and independent media say murky forces have committed vast resources to hacking and crippling their Websites in attacks similar to those that hit tech−savvy Estonia as the Baltic nation sparred with Russia over a Soviet war memorial. While they offer no proof, the groups all point the finger at the Kremlin, calling the electronic siege an attempt to stifle Russia's last source of free, unfiltered information. The victims, who range from liberal democrats to ultranationalists, allege their hacker adversaries hope to harass the opposition with the approach of parliamentary elections in December and presidential elections in next March. Some independent experts agree. "A huge information war awaits Russia before the elections," said Oleg Panfilov of the Center for Journalism in Extreme Situations. The groups claim the attackers use vast, online networks of computers infected with malicious software −− whose owners probably aren't aware they are involved −− to paralyze or erase targeted Websites. The attacks are similar to assaults unleashed in April and early May against Websites in Estonia.
Source: http://news.yahoo.com/s/ap/20070702/ap_on_hi_te/russia_cyber_war;_ylt=Av0_mH_egVqYX41YhyBjPfwjtBAF
Monday, July 2, 2007

Daily Highlights

The New York Times reports a smuggling tunnel freshly excavated under the border with Mexico was sealed Friday, June 29, after a joint raid by United States and Mexican authorities. (See item 13)
·
The Associated Press reports some U.S. airports will tighten security in response to terrorist incidents in Britain; the U.S., however, is not raising its terror alert status at this time. (See item 15)
·
CNN reports a man who allegedly stored nearly 1,500 pounds of potassium nitrate and other chemicals in his Staten Island home and a nearby storage facility was charged with reckless endangerment Friday, June 29. (See item 42)

Information Technology and Telecommunications Sector

37. June 29, IDG News Service — Department of Homeland Security to host closed−door security forum. The Department of Homeland Security will host an invite−only conference two months from now that will bring together security experts from law enforcement, Internet service providers, and the technology industry. The Internet Security Operations and Intelligence (ISOI) workshop will be held on August 27 and 28 at the Academy for Educational Development in Washington, DC. It is expected to draw about 240 participants who will engage in a frank discussion of the latest trends in cybercrime, said Gadi Evron, a security evangelist with Beyond Security who is one of the event's planners.
Source: http://news.yahoo.com/s/infoworld/20070629/tc_infoworld/89786;_ylt=AtPrh6pqrZCNUmledgz4pAcjtBAF

38. June 29, IDG News Service — Microsoft.co.uk succumbs to SQL injection attack. A hacker successfully attacked a Webpage within Microsoft's UK domain on Wednesday, June 27, resulting in the display of a photograph of a child waving the flag of Saudi Arabia. It was "unfortunate" that the site was vulnerable, said Roger Halbheer, chief security advisor for Microsoft in Europe, the Middle East and Africa, on Friday. The problem has since been fixed. However, the hack highlights how large software companies with technical expertise can still prove vulnerable to hackers. The hacker, who posted his name as "rEmOtEr," exploited a programming mistake in the site by using a technique known as SQL injection to get unauthorized access to a database, Halbheer said.
Source: http://news.yahoo.com/s/infoworld/20070629/tc_infoworld/89795;_ylt=Ai0coEUBCqNCNVAA5T1W_sQjtBAF

39. June 28, IDG News Service — RealPlayer, Helix Player vulnerable to attack. Users are being advised to upgrade to newer versions of the RealPlayer and Helix Player multimedia products because of a critical security flaw. The flaw could allow an attacker to gain control over a user's PC using a buffer overflow vulnerability, a memory problem that can allow unauthorized code to run on a machine, according to iDefense Inc. The vulnerability was discovered last October but publicly disclosed Tuesday, June 26, on iDefense's Website. Affected versions of the software include the 10.5 "gold" RealPlayer and any 1.x version of Helix Player, according to the French Security Incident Response Team (FrSIRT). iDefense advisory: http://labs.idefense.com/intelligence/vulnerabilities/displa y.php?id=547
Source: http://www.infoworld.com/article/07/06/28/RealPlayer−Helix−Player−vulnerable_1.html

40. June 28, ComputerWorld — Web−based attack poses as greeting card, tries three exploits. A new round of greeting−card spam that draws users to visit attack sites relies on a sophisticated multipronged, multiexploit strike force to infect machines, security professionals said late Thursday, June 28. Captured samples of the unsolicited e−mail have all borne the same subject line −− "You've received a postcard from a family member!" −− and contain links to a malicious Website. "If JavaScript is disabled, then they provide you a handy link to click on to exploit yourself," said an alert posted Thursday afternoon by SANS Institute's Internet Storm Center (ISC). The greeting−card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed "the Hail Mary" by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October. The ISC said several antivirus vendors had tentatively pegged the executable file, which is offered to users whose browsers have JavaScript disabled, as a variation of the Storm Trojan horse.
ISC alert: http://isc.sans.org/diary.html?storyid=3063
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025898&intsrc=hm_list
Friday, June 29, 2007

Daily Highlights

The Associated Press reports the wing of a departing jetliner struck the tail of another plane on a holding pad at Chicago's O'Hare International Airport on Wednesday, June 27, during a severe thunderstorm. (See item 13)
·
The New York Times reports tainted Chinese toothpaste was widely distributed in the U.S., with roughly 900,000 tubes turning up in hospitals for the mentally ill, prisons, juvenile detention centers, and even some hospitals serving the general population. (See item 23)

Information Technology and Telecommunications Sector

32. June 28, CNET News — Gartner: Businesses should be wary of iPhone. Analyst Gartner claims the iPhone could "punch a hole" through corporate security systems if workers are allowed to use the phone for work purposes. IT departments should be extremely wary of allowing employees to use Apple's mobile handset because it does not contain the necessary functionality to comply with basic corporate security, analysts warned in a research note released on Thursday, June 28. The iPhone will be launched in the U.S. on Friday. Gartner lists the following reasons to steer clear of the iPhone for now: a) Lack of support from major mobile device management suites and mobile−security suites; b) Lack of support from major business mobile e−mail solution providers; c) An operating system platform that is not licensed to alternative−hardware suppliers, meaning there are limited backup options; d) Feature deficiencies that would increase support costs; e) Currently available from only one operator in the U.S.; f) An unproven device from a vendor that has never built an enterprise−class mobile device; g) The high price of the device, which starts at $500; H) A clear statement by Apple that it is focused on consumer rather than enterprise.
Source: http://news.com.com/Gartner+Businesses+should+be+wary+of+iPhone/2100−7350_3−6193856.html?tag=nefd.top

33. June 28, Sophos — Harry Potter worm targets USB memory drives. With just weeks remaining until the release of the last ever Harry Potter novel, and the imminent premiere of the fifth movie in the franchise, Sophos has warned of a new computer worm exploiting Potter−mania around the world. The W32/Hairy−A worm spreads by copying itself onto USB memory sticks, posing as a copy of the eagerly−anticipated novel "Harry Potter and the Deathly Hallows." Windows users who allow affected flash drives to "autorun" are automatically infected by the worm when it is attached to their PC. A file called HarryPotter−TheDeathlyHallows.doc can be found in the root directory of infected USB drives. Inside the Word document file is the simple phrase "Harry Potter is dead."
Source: http://www.sophos.com/pressoffice/news/articles/2007/06/hair y.html

34. June 27, InformationWeek — Hackers take over MySpace pages to build bots. Internet Storm Center researchers are warning users that drive−by exploits have been embedded in a few dozen legitimate MySpace pages. Johannes Ullrich, chief technology officer with the Internet Storm Center, told InformationWeek that the malicious code that's embedded in the Webpages installs the FluxBot, a dangerous new bot. Since the bot doesn't have a central command and instead relies on a complex set of ever−changing networks of proxy servers, Ullrich said it's extremely difficult to shut it down or cleanse it off an infected system. Ullrich explained that the embedded malicious code tries to exploit an old Microsoft Internet Explorer bug that was patched mid−2006. If that bug lets in the exploit, then the FluxBot is downloaded. "The IE hole is not particularly dangerous at this point, but quite a few people still got hit," he added. "I guess there are a lot of people out there with unpatched versions of Internet Explorer." Ullrich also noted that while MySpace isn't a new target for hackers, it's an increasingly popular one.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=B50NC0JHNDDKAQSNDLRSKHSCJUNN2JVN?articleID=200001122