Thursday, July 5, 2007

Daily Highlights

Fidelity National Information Services, a financial processing company, said Tuesday, July 3, a subsidiary's employee sold 2.3 million consumer records containing credit card, bank account and other personal information. (See item 9)
The New York Times reports New York City’s 911 call system is getting a major overhaul that will include a backup center and will, for the first time, consolidate operators and dispatchers from all of the emergency services into two centers. (See item 28)

Information Technology and Telecommunications Sector

29. July 03, IDG News Service — Beijing scores number one spot for malware. China is proving to be a mighty force not only economically, but also as the launching point for malicious software and spam. In June, some 40 percent of malicious software worldwide originated from Beijing, nearly doubling from 21 percent in May, said Simon Heron, managing director for security vendor Network Box. Spam from Beijing, however, dropped from 11 percent to five percent over the same time period, he said. Beijing kept the number one spot for malware, followed by Wattleup, Australia, at 3.7 percent, and Madrid, Spain, at 2.5 percent, according to Network Box. The percentage is calculated from event logs transmitted by about 700 customers using Network Box's security appliance. As more and more users come online in China, there's a good chance those computers are using pirated software without up−to−date security fixes, making them prime targets for hackers who are actually located elsewhere in the world, Heron said.

30. July 03, IDG News Service — Two days after iPhone launch, AT&T EDGE goes down. iPhone users across the U.S. were complaining Monday, June 2, that AT&T's wireless data network was down. The network was down primarily in the West and Midwest, but by 7 p.m. on the East Coast, service was restored, according to Warner May, an AT&T spokesperson. He said he didn't know when the problems started. AT&T had isolated the problem and was still working on it, he said. Voice and text messaging services remained fully functional but EDGE (Enhanced Data Rates for GSM Evolution) and 3G services were down, he said. While BlackBerry users had full service, users of other phones in addition to the iPhone were also affected, he said.

31. July 03, VNUNet — Eastern European Websites under renewed attack. A large number of online attacks have been reported in Russia against Websites deemed to be anti−President Putin. The sites are being crashed or slowed severely by distributed denial−of−service attacks similar to those directed against Estonia earlier in the year. The outlawed National Bolshevik Party claimed that it had been under attack between February and April when it was trying to organize anti−government protests. "They killed the entire U.S. server that hosted us," the party's online supervisor Alexei Sochnev told Associated Press. Meanwhile Pavel Chernikov, owner of news site Kommersant, reported that his site was attacked in early May after publishing a report on Russian exile Boris Berezovsky. On the same day radio station Ekho Moskvy was taken down by a denial−of−service attack.
Source:−attacks−hit −eastern

32. July 02, eWeek — iPhone coughs up first bugs. Even as the iPhone drew its first breath, security researchers were squeezing it to make it cough up its first bugs. In a nutshell, the security quibbles, theoretical or otherwise, are that at least one Safari browser bug that was known prior to device launch is still on the phone, and that anyone can listen to users' voice mail because spoofing Caller ID is so easy with AT&T/Cingular service. Errata Security's Robert Graham said on Sunday, July 1, that, after waiting a day to get an iPhone activated, the security firm found a bug within a few minutes −− although it was familiar from being one of a group of bugs the company had found earlier in the Safari browser. Errata's Dave Maynor found multiple bugs in the beta of Safari for Windows within hours of the beta's June 11 release. Errata also found that its Bluetooth fuzzer locked up the iPhone −− a promising sign of further bugs to come after the firm has had time to dissect the reason for the crashes. Errata isn't handing over any of these vulnerability details to Apple until the company publishes "acceptable vulnerability handling guidelines," Graham said.

33. July 02, Information Week — iPhone used as bait for malicious Website. Hackers were quick to jump on the iPhone bandwagon, spamming out e−mails that lure users to malicious Websites that infect their machines and turn them into bots. Researchers at security company Secure Computing discovered a Website set up to exploit more than 10 ActiveX vulnerabilities in an attempt to install a malicious payload, which includes a rootkit. This piece of malware is designed to open up a back door in the computer and turn it into a bot that fills out the hackers' botnet. "This yet again confirms the expanding trend in Web−borne malware," Paul Henry, VP of technology evangelism for Secure Computing, said in a written statement. "This threat is particularly insidious in that scripts within the HTML code returned to the user contain exploit code for multiple vulnerabilities to improve the malicious hacker's chances of gaining the necessary access to install the rootkit/spam bot malware. While most organizations fully inspect the traffic directed to their Internet facing Web servers, many do not inspect the traffic that is returned to their internal users when visiting Internet Websites." Hackers set up the bot to send out spam, according to a Secure Computing advisory.
Source: eID=200001909

34. July 02, CNET News — Grand Theft Auto mod virus uses YouTube to spread. Although YouTube videos remain safe to view, that hasn't stopped criminals from finding new ways to entice YouTube viewers to get infected with the latest Trojan horse. The latest example is a Grand Theft Auto video for a mod called Hood Life. According to Chris Boyd, Director of Malware Research at FaceTime Security Labs, the images used in the video are circa 1986, crudely rendered, not up to the high standards of the GTA game itself, yet at least 54 people have nonetheless downloaded the game. Watching the You Tube video is safe. The danger comes at the end when the video displays a site where you can download the game mod itself. Boyd notes that he's seen other YouTube videos where the criminals teach you how to write and distribute viruses. In this case, the video acts only as a distribution for an already complete package of malware hosted somewhere else.

35. July 02, ComputerWorld — Apple patches 'snap, crackle, pop' bug. Apple Inc. Monday, June 2, issued a fix for the "snap, crackle, pop" audio problem that has bedeviled some Macintosh users since the June 20 operating system update to Mac OS 10.4.10. Tagged as "Audio Update 2007−001," the 660KB download targets all Intel−powered Macs, said Apple. "[This] addresses an issue with version 1.0 of the Mac OS X 10.4.10 Update in which a 'popping' sound might be heard with some external speakers on Intel−based Macs," said Apple in the update's online notice. Macs equipped with the older PowerPC processors don't need to install this update, Apple said.
Audio Update 2007−001: ml