Friday, July 6, 2007

Daily Highlights

KHOU reports someone has stolen a chlorine gas canister from a water treatment facility in Montgomery, Texas; the Joint Terrorism Task force has been notified of the theft. (See item24)

eWeek reports that as the number of Voice over Internet Protocol, or VoIP, deployments continues to increase, IT professionals and researchers are urging enterprises to be more concerned about security. (See item 37)

Information Technology and Telecommunications Sector

33. July 05, IDG News Service — Court holds Belgian ISP responsible for file sharing. A court has ruled that the Belgian ISP Scarlet Extended is responsible for blocking illegal file sharing on its network, setting a precedent that could affect other ISPs in Europe, according to a recording industry group. Belgium's Court of First Instance has given the Internet service provider six months to install technology to prevent its customers from sharing pirated music and video files, the International Federation of the Phonographic Industry (IFPI) said. If it fails to do so it will be fined $3,400 per day, according to the ruling, published June 29. The Brussels ruling is based on Belgium's interpretation of the European Union's Information Society Directive, often called the EU copyright directive, and as such could set a precedent for other cases in Europe, the IFPI said.
Source: http://www.infoworld.com/article/07/07/05/ISP−responsible−fo r−file−sharing_1.html

34. July 05, VNUNet — Security exchange trades zero−day flaws. A vendor−independent Swiss laboratory is aiming to allow hackers and security specialists to sell vulnerability data to security vendors and software companies. WSLabi claims that its offering is the first zero−day vulnerability security research exchange. Herman Zampariolo, chief executive at WSLabi, said: "We set up this portal for selling security research because, although there are many researchers out there who discover vulnerabilities, very few are able or willing to report it to the 'right' people due to the fear of it being exploited." Zampariolo added that, although researchers had analyzed around 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362 a year. "Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber−criminals," he said.
Source: http://www.vnunet.com/vnunet/news/2193550/security−exchange− trades−zero

35. July 05, VNUNet — Welder killed by mobile phone explosion. A Chinese welder has died after the mobile phone in his chest pocket exploded. Chinese state media reported that Xiao Jinpeng was killed in June while working at the Yingpan Iron Ore Dressing Plant. His Motorola phone apparently exploded, driving splinters of his ribs through his heart. The man died in hospital after emergency surgery. "Up to now, preliminary evidence suggests that it is highly unlikely that a cell phone caused this accident. We are working with the Chinese authorities to determine and investigate the root cause," said Yang Boning, a press officer for Motorola in Beijing. One possibility is that the high temperatures generated by welding caused the explosion. Phones using batteries from third−party suppliers have also caused severe overheating in the past owing to poor power management controls.
Source: http://www.vnunet.com/vnunet/news/2193549/chinese−welder−kil led−mobile

36. July 04, Sophos — Independence Day malware attack strikes via e−mail greetings. Experts at Sophos have warned of a widespread e−mail spam campaign that poses as a 4th July greeting card, but is really an attempt to lure innocent computer users into being infected by a Trojan horse and attacked by hackers. The e−mails, which are being seen in inboxes worldwide, claim that the recipient has been sent an ecard greeting by a friend and tells the user to click on a link to view the card. Clicking on the link contained inside the e−mail, which is in the form of a numeric IP address, takes surfers to a compromised zombie computer hosting the Troj/JSEcard−A Trojan horse. The Trojan horse then tries to download additional code from the Internet which Sophos intercepts as Mal/Dorf−C.
Source: http://www.sophos.com/pressoffice/news/articles/2007/07/july 4.html

37. July 03, eWeek — Enterprises must focus on VoIP security. As the number of Voice over Internet Protocol (VoIP) deployments is expected to continue to increase, IT professionals and researchers are urging enterprises not to forget about security. VoIP security threats are viewed as more theoretical than actual. But the few cases that have come to light have been brazen and costly. For example, investigators arrested two people in 2006 for a scam in which they were accused of hacking into the networks of several unnamed companies and hijacking their VoIP bandwidth for resale. With IP phone use growing, some security specialists are saying it is a mistake to downplay the danger and it's time to learn what the threats are as well as how to counter them. In a report, analysts from In−Stat predicted that the number of business IP phones sold would grow from 9.9 million in 2006 to 45.8 million in 2010. Yet more than 40 percent of the enterprises it surveyed don't have any specific security plans for their VoIP deployments.
Source: http://www.eweek.com/article2/0,1895,2154629,00.asp

38. July 03, IDG News Service — After attacks, U.S. government sending team to Estonia. Two months after much of Estonia's online infrastructure was targeted by an online attack, the U.S. government is sending cyber−investigators to help the Baltic state better understand what happened. A representative from the Department of Homeland Security's U.S. Computer Emergency Readiness Team division is heading to Estonia this week to help analyze the large volume of data that was generated by the attacks, said Gregory Garcia, assistant secretary for cyber security and telecommunications with the DHS. "We are sending someone from our organization...to help them with forensic analysis and to do some additional training on how to secure their infrastructure," he said. In April, a widespread DDOS attack struck Estonia and affected government and banking Websites. Early press reports linked the attacks to Russia, but investigators now say that it is unclear who exactly was behind the incident.
Source: http://www.infoworld.com/article/07/07/03/US−government−sending−team−to−Estonia_1.html