Tuesday, July 10, 2007

Daily Highlights

IDG News reports that according to Symantec, credit card thieves are starting to use charitable donations with stolen credit cards as a final check to ensure that the numbers will work. (See item 9)
·
GovExec reports the Secure Border Initiative Network −− a wireless network of high−tech towers to watch for illegal immigrants crossing from Mexico −− is vulnerable to cyber attacks that could shut the system down. (See item 13)
·
New York police officials say that by the end of this year more than 100 cameras will be monitoring cars moving through Lower Manhattan, in the beginning phase of the Lower Manhattan Security Initiative, a London−style surveillance system that would be the first in the United States. (See item 33)
·
Information Technology and Telecommunications Sector

25. July 09, IDG News Service — Average zero−day bug has 348−day lifespan, exec says. The average zero−day bug has a lifespan of 348 days before it is discovered or patched, but some vulnerabilities live on for much longer, according to security vendor Immunity's chief executive officer. Zero−day bugs are vulnerabilities that have not been patched or made public. When discovered and not disclosed, these bugs can be used by hackers and criminals to break into corporate systems to steal or change data. As a result, there is a thriving market for zero−day bugs. "Huge amounts of money are being offering to zero−day discoverers for their zero−days," said Justine Aitel, Immunity's CEO, speaking in Singapore at the SyScan '07 security conference. Immunity, which buys but does not disclose zero−day bugs, keeps tabs on how long the bugs it buys last before they are made public or patched. While the average bug has a lifespan of 348 days, the shortest−lived bugs are made public in 99 days. Those with the longest lifespan remain undetected for 1,080 days. To protect their data, security executives need to dig out the zero−day bugs in their systems, Aitel said, noting that this is an area most companies ignore.
Source: http://www.infoworld.com/article/07/07/09/zero−day−bug−lifes pan_1.html

26. July 09, IDG News Service — Google to buy Postini for $625 million. Google has agreed to buy messaging security company Postini for $625 million in a move to increase the appeal of Google's hosted applications among big businesses, the companies announced on Monday, July 9. Postini provides messaging security, archiving, policy enforcement and other services to about 35,000 business customers around the world, Google said. The vendor plans to use the technology to boost the security and compliance features of Google Apps, its hosted suite of productivity applications.
Source: http://news.yahoo.com/s/infoworld/20070709/tc_infoworld/90049;_ylt=AhsVUtQUgfrzLRFcyt4PIN0jtBAF

27. July 09, Websense Security Labs — Malicious Websites / Malicious Code: New fake patch malicious code run. Websense Security Labs has received reports that a new e−mail campaign is spreading that attempts to lure users into downloading malicious code. It appears as though the same group that was behind the widespread attacks July 4th, that used greeting card lures to spread, are behind this also. The July 4th greeting card had more than 250 sites that were hosting a variety of malicious code. The Websites are using the exact same JavaScript obfuscation technique and exploit code as the greeting card run also. All e−mails use URLs that send users to an IP address that will attempt to exploit the users if their browsers are vulnerable. If the browser is not vulnerable the exploit code will not work, however the page will attempt to get the user to download a file called patch.exe by displaying a message: "If your download does not start in approximately 15 seconds click here to download." Subject lines Websense has seen so far are: a) Virus Detected!; b) Trojan Alert!; c) Worm Alert!; d) Worm Activity Detected!
Source: http://www.websense.com/securitylabs/alerts/alert.php?AlertI D=786

28. July 08, ComputerWorld — China claims Motorola, Nokia batteries explode. As investigations continued into the death a 22−year−old Chinese man whose cell phone exploded, Chinese authorities have found batteries that may blow up when used in Motorola Inc. and Nokia Corp. cell phones, news reports said Friday, July 6. Government regulators in the southern province of Guangdong said this week that they had discovered unsafe Motorola and Nokia mobile phone batteries that could explode under certain conditions, the New York Times, Bloomberg, and the Chicago Tribune reported. Both handset manufacturers have said they are cooperating with the safety investigation, but claimed that the batteries fingered by authorities were unauthorized copycats. The news adds a turn to the ongoing investigation of the June 19 death of Xiao Jinpeng, a 22−year−old welder who died after the battery in his handset apparently exploded. However, neither Motorola or provincial law enforcement has confirmed that the phone, reported as made by Illinois−based Motorola, was actually a company−branded handset.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026498&intsrc=hm_list

29. July 06, Linux Devices — New FCC rules may impact Linux−based devices. New U.S. regulations went into effect Friday, July 6, that could change how vendors of devices with software−defined radios (SDR) use open−source software. The new rules could impact manufacturers of mobile phones, Wi−Fi cards and other devices that use SDR technologies. SDR technologies are commonly used in today's mobile phones and Wi−Fi equipment. The Federal Communications Commission's (FCC) new regulations are apparently aimed at ensuring that users of such equipment cannot access source code needed to reprogram it −− for example, to output more power, or operate on inappropriate frequencies, either of which could conceivably endanger public safety. A summary document published by the FCC suggests that because of the new rules, SDR device vendors who use open−source software in certain capacities could face challenges getting FCC approval.
FCC 2500−word document: http://edocket.access.gpo.gov/2007/07−2684.htm
Source: http://linuxdevices.com/news/NS9075126639.html

30. July 06, IDG News Service — Yahoo sites hit by availability problems. Yahoo Inc. suffered availability problems on Friday, July 6, that affected its home page as well as other of its Websites and services for a sustained period of time. Yahoo, which has some of the most popular sites and online services worldwide, first experienced problems on its home page at around 5:50 a.m. U.S. Pacific Time, said Dan Berkowitz, senior communications director at Keynote Systems Inc. Yahoo.com's operations began getting back to normal at around 7:15 a.m., said Berkowitz. At its worst point, Yahoo.com's availability dropped to around 60 percent, meaning that four out of ten visitors couldn't access the page, he said. A variety of bloggers also reported trouble Friday morning accessing other Yahoo services like Yahoo Messenger and Yahoo Mail, as well as other Yahoo sites like the Flickr photo sharing site and the news aggregation site Yahoo News.
Source: http://www.infoworld.com/article/07/07/06/Yahoo−sites−hit−by−availability−problems_1.html

31. July 06, ENN (Ireland) — U.S. claims top spam spot. The U.S. was top of the spam charts for the month of June, according to new e−mail security statistics from IE Internet. The U.S. generated 37.4 percent of all spam filtered by Irish security and e−mail monitoring firm IE Internet during the month of June, well clear of the chasing pack. China came in second with responsibility for 17 percent of spam sent to Irish firms, followed by the UK in third place on 10.9 percent. Mexico claimed fourth place with 9.9 percent, while Russia rounded out the top five, accounting for 7.6 percent of all spam.
Source: http://www.enn.ie/article/65402.html

32. July 05, Information Week — Downed electronic jihad site flew under the radar. Although the "electronic jihad" Website Al−jinan.org was offline for part of Thursday, July 5, the site has been able to survive for about four−and−a−half years for a number of reasons. While its domain name server registration features a number of contradictions that make tracing its origins difficult, the capabilities of the site's Electronic Jihad application are also limited. Still, the mere presence of the site is likely a precursor of an emerging cyber threat. Al−jinan.org's domain name server is being hosted by Ibtekarat, a Web hosting company based in Beirut. Created in December 2002, the site's registration information cites an address with a Los Angeles postal code, while listing the Egyptian city of Al Esmaeiliya as its "registrant city," and Iraq as its "registrant country." Anyone can register as a user with the Al−jinan.org Website and install the Electronic Jihad application on their computer. This gives the user the ability to launch denial−of−service attacks using their own computing resources, although the severity of such an attack depends upon the attacker's resources. According to claims posted on Al−jinan.org, they have contributed to knocking offline various Websites they deem as anti−Islamic.
Source: http://www.informationweek.com/software/showArticle.jhtml;jsessionid=MJ0IVBHGJFEHUQSNDLRCKH0CJUNN2JVN?articleID=200900590&articleID=200900590