Friday, August 17, 2007

Daily Highlights

The El Paso Times reports an FBI terrorism task force has arrested a 47−year−old Clint, Texas, man accused of shining a green laser on airplanes flying up to 35,000 feet over El Paso. (See item 9)
The New York Police Department in a study released on Wednesday, August 15, concluded understanding how seemingly ordinary people become radicalized and hatch homegrown terror plots is essential for law enforcement officials in the United States. (See item 21)
Information Technology and Telecommunications Sector

24. August 16, Associated Press — Many Skype users unable to make calls. Skype, the popular computer program that lets its users make long−distance phone calls over the Internet, said Thursday, August 16, that software problems have left many of its millions of users without service worldwide. The company, a division of online auction company eBay Inc., said on its Website that many users cannot log on to the free service. It was not immediately clear how many users were affected, but Skype users in Colombia, Brazil, Germany, Finland and the United States reported difficulties logging on.

25. August 16, CNET News — Adobe: No threat from PDF spam. PDF spam −− junk e−mail with its message attached as a PDF file to get past spam filters −− poses no security risk, says Adobe Systems. Asked if PDF spam can embed malicious software, Erick Lee, a security engineer at Adobe, wrote in an e−mail on Wednesday, August 15, that "PDF is no more able to embed malware on an unsuspecting user's system than any other typical e−mail attachment." Over the last two months, security vendors have seen a spike in spam embedded within PDF documents. According to the PDF−creation software maker, there is no hard evidence that such spam exposes users to any security risk.

26. August 16, InformationWeek — Ubuntu tackling breach that hit half its servers. The open−source Ubuntu project is on the mend after shutting down more than half of its servers this past weekend because they had been compromised and were launching attacks. James Troup, who leads the Canonical sysadmin team, said in an online advisory that one of the hosted community servers that Canonical sponsored had been breached. Once technicians discovered that compromise, he said an investigation found that five of the eight machines had been breached and were actively attacking other machines. According to a notice in the Ubuntu newsletter, the servers were suffering from a few problems, such as missing security patches, FTP was being used to access the machines, and no upgrades "past breezy" were made due to problems with the network cards and kernels. Troup noted that since FTP was being used to access the machines, an attacker could have gotten access to the servers by sniffing the clear−text passwords.

27. August 15, IDG News Service — New URI browser flaws worse than first thought. Security researchers Billy Rios and Nathan McFeters say they've discovered a new way that the URI (Uniform Resource Identifier) protocol handler technology, used by Windows to launch programs through the browser, can be misused to steal data from a victim's computer. URI bugs have become a hot topic over the past month ever since researcher Thor Larholm showed how a browser could be tricked into sending malformed data to Firefox using this technology. Later, other researchers, including Rios and McFetters, showed how other browsers and applications could be misused to achieve similar goals. In the past days, however, Rios and McFetters have shifted their focus away from malformed data and have taken a close look at how attackers could simply misuse the legitimate features of software that is launched via the URI protocol handler, something they call "functionality based exploitation." Their initial results show that there could be plenty of ways to misuse this technology. Rios and McFetters plan to release the results of their research after the vendor has had a chance to fix the problem.

28. August 15, ComputerWorld — Fake plain−text e−card variants look real, carry computer viruses. A new form of fake e−card notification e−mails are unleashing nasty viruses and virus−carrying Trojan horses on unsuspecting users. While e−card−triggered viruses and Trojan horses are not new, the latest versions are becoming more difficult for typical antivirus and antispam defenses to detect, according to alerts issued Wednesday, August 15, by security software vendors Avinti Inc. and F−Secure Corp. The new complication, said Dave Green, chief technology officer at Avinti, is that the latest slew of fake e−card e−mail notifications are using plain text in their messages, which don't get scanned and scrutinized by antivirus and antispam defense applications. While the e−mails don't contain pasted links or attached files that a recipient can click on to get a computer infection, many e−mail clients automatically convert the included text into a clickable link when the e−mail clients recognize a Web address in the text. All recipients have to do to trigger the virus is to click on the link created by the e−mail client once they have read the message, he said. The damaging payload files are new variants of the Storm Worm virus that was first detected in January, the company said.