Friday, July 20, 2007

Daily Highlights

CNN reports a contractor, Roy Lynn Oakley, who allegedly took classified material from a federal nuclear facility in Tennessee and tried to sell it has been arrested. (See item 2)
The San Francisco Chronicle reports San Francisco International Airport personnel on Thursday morning, July 19, discovered the body of a man in the wheel well of a 747 recently arrived from Shanghai. (See item 12)
The Department of Homeland Security announced Wednesday, July 18, final Fiscal Year 2007 Homeland Security Grant Program awards totaling $1.7 billion, including a total of almost $411 million to the nation’s six urban areas at highest risk of a terrorist attack. (See item 35)
Information Technology and Telecommunications Sector

37. July 19, Reuters — Toshiba recalls more Sony PC batteries. Toshiba Corp. said on Thursday, July 19, it has recalled more Sony Corp. laptop computer batteries due to fire risk, rekindling concerns over the safety of Sony−made batteries. Toshiba is replacing a total 10,000 battery packs after three of its laptop PCs using battery cells made on December 3, 2005 caught fire in the last 10 months. No one was hurt in the incidents. Only 5,100 units of the 10,000 packs are potentially defective, but Toshiba is recalling double the amount to make sure all the battery packs containing targeted battery cells are exchanged.

38. July 19, Associated Press — Duke University: iPhone may be disrupting network. Apple Inc.'s new iPhones may be jamming parts of the wireless network at Duke University, where technology officials worked with the company Wednesday, July 18, to fix problems before classes begin next month. Bill Cannon, a Duke technology spokesperson, said an analysis of traffic found that iPhones flooded parts of the campus' wireless network with access requests, freezing parts of the system for 10 minutes at a time. A single iPhone was powerful enough to cause the problem, and there are 100 to 150 of them registered on the network, Cannon said. Network administrators have noticed the problem nine times in the past week. "The scale of the problem is very small right now," said Cannon, adding that the school is working with Apple and Cisco Systems Inc., Duke's network equipment provider, to pinpoint the problem. "But the more iPhones that are around, the more they could be knocking on the door for access."

39. July 19, VNUNet — Signature−based security unable to cope with 'zero−minute' threats. Signature−based malware detection techniques are becoming less effective in the face of so−called 'malware 2.0' threats, a security firm claimed Thursday, July 19. "The security space is changing rapidly. We are witnessing a major shift in the anti−malware marketplace moving into a new era of malware 2.0," said Kurt Baumgartner, chief threat officer at PC Tools. "We are now dealing with zero−minute, rather than just zero−day, exploits that have the potential to further evade signature detections." PC Tools said that malware variants are now released at "immense rates," driving up sample volumes and making it almost impossible for researchers to keep on top of updates using manual analysis. These threats are taking advantage of the non−detection sweet spot where they can freely propagate and infect before anti−malware companies can respond. PC Tools argues that new compilers and other techniques are being used to make threats more difficult, if not impossible, to detect with traditional signature−based systems.
Source:−security −dead−say

40. July 18, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA07−199A: Mozilla updates for multiple vulnerabilities. Mozilla has released new versions of Firefox and Thunderbird to address several vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to view a specially−crafted HTML document, such as a Web page or an HTML e−mail message. Systems Affected: Mozilla Firefox and Mozilla Thunderbird. Other products based on Mozilla components may also be affected. Solution: Upgrade: These vulnerabilities are addressed in Mozilla Firefox and Thunderbird Disable JavaScript: Some of these vulnerabilities can be mitigated by disabling JavaScript or using the NoScript extension. For more information about configuring Firefox, please see the Securing Your Web Browser document:− a_Firefox
Thunderbird disables JavaScript and Java by default.

41. July 18, eWeek — Explosion cuts Manhattan Internet service. An explosion early Wednesday morning, July 18, just south of Grand Central Station interrupted Internet service for Manhattan customers. In the hours following the incident, Verizon had already determined that major switches located underground had not been affected, and was preparing to inspect the cables underground. But it could not provide an estimate of whether or how many of its customers were affected. Mark Marchand, a spokesperson for the New York−based ISP, said the company was "still in the assessment phase." Marchand explained that the company has underground facilities under major Manhattan arteries such as Lexington Avenue, where the Con Edison steam pipe burst.

42. July 18, eWeek — Image spammers utilize PDF. Security vendors warn image spammers are increasingly using PDF files to bypass spam filters. Researchers at BorderWare Technologies, based in Toronto, reported that on any given day, more than 30 image spam campaigns are being run, with more than half of those being PDF−based. The findings come as a number of vendors have reported that the amount of image spam has declined in favor of PDF spam. A Commtouch report for the second−quarter of the year found that image spam had dropped to less than 15 percent of all spam, compared to 30 percent in the first−quarter of 2007. Rebecca Herson Senior Director, Marketing at Commtouch, said image spam had dropped overall because of increased enforcement attention to stock scams and improved spam filtering technologies.