Thursday, July 12, 2007

Daily Highlights

eWeek reports that after more than $75 million in bogus credit card charges, several Cuban nationals in Florida have been arrested with more than 200,000 credit card account numbers, many of which came from the TJX and Polo Ralph Lauren data breaches. (See item 6)
The New York Times reports more than 700 tubes of toothpaste containing a chemical used in some antifreeze products have been removed from six of 120 Connecticut stores inspected since July 2. (See item 18)
Information Technology and Telecommunications Sector

26. July 10, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−191A: Microsoft updates for multiple vulnerabilities. Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Excel, Publisher, .NET Framework, Internet Information Services, and Windows Vista Firewall as part of the Microsoft Security Bulletin Summary for July 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Solution: Microsoft has provided updates for these vulnerabilities in the July 2007 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the Bulletins and test for any potentially adverse effects. Microsoft July 2007 Security Bulletins:−jul. mspx
System administrators may wish to consider using an automated patch distribution system such as Windows Server Update Services (WSUS). WSUS:−us/wsus/default.aspx

27. July 09, Security Focus — Fast flux foils bot−net takedown. Traditional bot nets have used Internet relay chat (IRC) servers to control each of the compromised PCs, or bots, but the central IRC server is also a weakness, giving defenders a single server to target and take down. An increasingly popular technique, known as fast−flux domain name service (DNS), allows bot nets to use a multitude of servers to hide a key host or to create a highly−available control network. The result: No single point of weakness on which defenders can focus their efforts. Fast−flux bot nets use the Internet's look−up system for domain names against defenders. With a typical domain, the IP address associated with the domain does not change often, if at all. Fast−flux DNS uses a large number of servers and a fast−changing domain record to turn shutdown attempts into a game of whack−a−mole. A related technique, known as rock phishing, uses a large number of proxies to hide the location of a smaller number of critical servers. The computers typically protected by these methods include the command and control servers for bot nets, phishing sites, caches of stolen data, and sites that push malicious code out to other compromised systems.