Monday, July 30, 2007

Daily Highlights

The federal government has warned chemical companies in North Jersey and across the nation about a series of suspicious calls seeking information about safety procedures placed to at least three chemical manufacturers at plants in the Midwest earlier this month. (See item 5)
·
The Associated Press reports stores nationwide are continuing to sell recalled canned chili, stew, hash, and other foods from Castleberry's Food Co., potentially contaminated with poisonous bacteria, even after repeated warnings the products could kill. (See item 24)
·
Information Technology and Telecommunications Sector

33. July 27, IDG News Service — Black Hat spurs Apple to patch iPhone. With security researchers set to reveal details of a critical security flaw in the iPhone at the Black Hat 2007 conference this week, Apple Inc. now has fewer than seven days to patch a critical vulnerability in the product. The iPhone hack is one of several disclosures planned that could lead to fireworks as more than 3,000 hackers and security professionals converge at Caesars Palace Las Vegas for the annual confab. The iPhone hack, which was first reported Monday, July 23, by Independent Security Evaluators, showed how hackers could retrieve data from a victim's iPhone by tricking them into visiting a malicious Website. If Apple were to patch the iPhone, it would be the company's first ever software update for the product, which began shipping in late June. Patching the iPhone flaw would also show that Apple had made the right decision in reserving the right to patch the phone itself instead of handing over control of the iPhone software to the mobile carrier companies, as is common practice with mobile phones. Carriers have been slow to patch devices, even when they have known bugs, said Robert Graham, CEO of Errata Security Inc.
Source: http://www.infoworld.com/article/07/07/27/black−hat−iphone−p atch_1.html

34. July 27, ComputerWorld — Yahoo patches Widgets, fixes hijack bug on Windows. Security researchers on Friday, July 27, warned that Yahoo Widgets, a platform that runs small, Web−based gadget−like applications on computer desktops, sports a critical flaw hackers can use to hijack Windows PCs. A bug in an ActiveX control that ships with Yahoo Widgets can be exploited to create a buffer overflow and, after that, introduce rogue code to the compromised computer. The most likely attack scenario, said Yahoo, would find attackers feeding users' links to malicious Websites. Yahoo issued an update to Widgets' engine earlier last week, but it wasn't until Friday that Danish vulnerability tracker Secunia, which reported the bug to Yahoo, announced the flaw. Secunia pegged the problem as "extremely critical," the second−highest threat rating in its five−step scoring system. Only the Windows version of Yahoo Widgets is at risk; the Mac OS X edition does not need to be updated.
Yahoo security advisory: http://help.yahoo.com/l/us/yahoo/widgets/security/security−0 8.html
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028178&intsrc=hm_list

35. July 27, ComputerWorld — Attacks likely against unpatched Mac OS Samba bug. Symantec Corp. last week warned Mac OS X users that the addition of an exploit to the Metasploit hacking framework had boosted the threat posed by an unpatched bug in Samba, the open−source file− and print−sharing software included with the Apple operating system. Although the vulnerability was disclosed May 14 and patched that same day by the Samba community, Apple has not updated Mac OS X with a fix, said Symantec's Alfred Huger, vice president of engineering with the security company's response group. "This is significant exposure for Mac OS X users," said Huger. "Samba is used in virtually every mixed environment where there are Macs and PCs, and the threat profile is much higher now that an exploit has been added to Metasploit." This month, a trio of Brazilian researchers who collaborate as Rise Security released Mac OS X attack code for the Samba vulnerability. According to Symantec, the Rise code is "almost identical" to what the company's security team discovered in late May. More important, said Huger, is that Rise also contributed their code to Metasploit, an open−source platform for creating, testing and launching exploit code.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028220&intsrc=news_ts_head

36. July 27, InformationWeek — New attack uses bogus Websites to deliver malware. The Italian job that last month saw more than 10,000 legit Web pages embedded with malicious IFrames has resurfaced, this time with even more international intrigue. Last month's threat pushed malicious HTML files onto Web pages of several Italian Websites and infected Web surfers visiting those sites. The new threat comes from a number of newly registered Websites that pretend to represent Italian organizations, but are really just vehicles for using malicious IFrames to spread malware. Indeed, these new sites aren't even being hosted in Italy; they're being hosted out of Germany and may be tied to Russian malware writers, Trend Micro network architect Paul Ferguson told InformationWeek. "One of our researchers found an IP address that included 400 pieces of malware on different URLs," he said. As of Friday morning, July 27, about 2,500 systems may have been infected by these malicious IFrames.
Source: http://www.informationweek.com/security/showArticle.jhtml;jsessionid=UQXB0NAA3SOKIQSNDLPCKH0CJUNN2JVN?articleID=201201582

37. July 27, Sophos — Spammed out screensaver installs rootkits and Trojan horse. Experts at Sophos have warned of a widespread e−mail spam campaign that poses as a screensaver, but is really designed to install a Trojan horses and rootkits on infected Windows PCs. The e−mails, which are being seen in inboxes worldwide, claim that the recipient has been sent a screensaver by a friend and tells the user to open the attachment (called bsaver.zip). The e−mails used in the malicious spam campaign contain phrasing such as "Good morning/evening, man! Realy cool screensaver in your attachment!" and use a variety of subject lines including: Life is beautiful; Life will be better; Good summer; help you. Clicking on the file contained inside the ZIP attachment infects users with the Troj/Agent−FZB Trojan horse, which drops two rootkits to try and hide from security software.
Source: http://www.sophos.com/pressoffice/news/articles/2007/07/bsav er.html