Thursday, July 26, 2007

Daily Highlights

The Associated Press reports Wednesday, July 25, a series of explosions at a facility that sells liquefied natural gas sent flaming debris raining onto highways and buildings near downtown Dallas; at least two people were seriously injured. (See item 1)
The Transportation Security Administration has sent an alert to airport security officers around the nation to look out for terrorists practicing to carry explosive components onto aircraft; this information is based on four curious seizures at airports since last September. (See item 12)
Information Technology and Telecommunications Sector

31. July 25, IDG News Service — Researchers: Forensics software can be hacked. The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners. The San Francisco security company has spent the past six months investigating two forensic investigation programs, Guidance Software's EnCase, and an open−source product called The Sleuth Kit. They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator's machine, according to Alex Stamos, a researcher and founding partner with Isec Partners. Researchers have been hacking forensics tools for years, but have traditionally focused on techniques that intruders could use to cover their tracks and thwart forensic investigations. The Isec team has taken a different tack, however, creating hacking tools that can be used to pound the software with data, looking for flaws. Based on their findings, Stamos's team believes that the EnCase software is not written as securely as it should and could theoretically be exploited by an attacker.

32. July 25, Sophos — Sophos report reveals record number of new Web−borne threats in 2007. Sophos has published new research into the first six months of cybercrime in 2007. The Sophos Security Threat Report examines existing and emerging security trends and has identified a sharp rise in the number of Web threats, as well as the countries and server types hosting the most infected sites. The first half of 2007 has seen an explosion in threats spread via the Web, which has now taken over from e−mail as the preferred vector of attack for financially motivated cybercriminals. In June alone Sophos uncovered a record number of new infected Webpages −− approximately 29,700 −− each day. In contrast, earlier in 2007, the number of malicious pages detected stood as low as just 5,000 per day.
Sophos Security Threat Report (registration required):−security−t hreats−update−2007−wsrus
Source: rityrep.html

33. July 24, eWeek — Power outage hits San Francisco data center, Websites. An explosion beneath a manhole cover on Mission Street in downtown San Francisco Tuesday, July 24, knocked out power and cut service to customers and a major IT co−location center. The 365 Main data center, a city−block−size hosting facility that houses servers for a number of major Websites, was heavily affected by the outage and immediately switched to backup generator power, a company spokesperson told eWEEK. 365 Main hosts Craigslist,, Technorati, Typepad, LiveJournal, Yelp, RedEnvelope,, and a portion of Charles Schwab's financial transactions, among other companies. Sun Microsystems also utilizes a portion of 365 Main's facility for its grid utility service. All of those Websites went offline for at least a portion of the afternoon due to the outage.

34. July 24, InformationWeek — Storm worm erupts into worst virus attack in two years. The Storm worm authors are waging a multi−pronged attack and generating the largest virus attack some researchers say they've seen in two years. "We are basically in the midst of an incredibly large attack," said Adam Swidler, a senior manager with security company Postini. "It's the most sustained attack that we've seen. There's been nine to 10 days straight days of attack at this level." Swidler said in an interview with InformationWeek that the attack started a little more than a week ago, and Postini since then has recorded 200 million spam e−mails luring users to malicious Websites. The viruses are not embedded in the e−mails or in attachments. The e−mails, many of them otherwise empty, contain a link to a compromised Website where machines are infected with a generic downloader. This helps pull the computers into the malware authors' growing botnet, while also leaving them open for further infection at a later date.

35. July 24, InformationWeek — Cisco warns of bugs in Wireless LAN Controllers. Cisco Systems released a security advisory on Tuesday afternoon, July 24, to address several vulnerabilities in its Wireless LAN Controllers that could enable hackers to cause a denial−of−service on the affected network. The flaws lie in the handling of Address Resolution Protocol (ARP) packets. The advisory noted that a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group. A vulnerable WLC may mishandle unicast ARP requests from a wireless client, leading to an ARP storm. The bugs affect versions 4.1, 4.0, 3.2, and prior versions of the Wireless LAN Controller software, according to the advisory.
Cisco advisory:−sa−20070724−arp.s html