Tuesday, September 18, 2007

Daily Reports

Reuters reports that the U.S. will remove nine tons of plutonium from military stockpiles, enough for more than 1,000 atom bombs, in order to demonstrate its commitment to non-proliferation. In the coming decades, the excess plutonium will be turned into mixed-oxide fuel, burnable in commercial nuclear reactors providing electricity. (See item 5)

According to a Wall Street Journal report, the Grocery Manufacturers Association, the industry's largest trade group, plans to unveil on Tuesday a proposal to increase U.S. federal oversight of imported food and ingredients, requiring the adoption of food-safety measures such as product tests and checks on foreign suppliers. (See item 18)

Information Technology

36. September 17, Associated Press – Microsoft loses European appeal. Microsoft lost its appeal of a European antitrust order Monday that obliges the technology giant to share communications code with rivals, sell a copy of Windows without Media Player and pay a $613 million fine — the largest ever levied by EU regulators. The EU Court of First Instance ruled against Microsoft on both parts of the case, saying the European Commission was correct in concluding that the world’s biggest software company was guilty of monopoly abuse in trying to use its power over desktop computers to muscle into server software. Microsoft said it would withhold comment on the decision and on whether it would appeal to the EU’s highest court, the European Court of Justice, until it finishes reviewing the 248-page ruling. It has two months to appeal. The court had confirmed that regulators had “quite broad power and quite broad discretion” over companies with large market shares, said a Microsoft lawyer, citing Google Inc., Apple Inc. and International Business Machines Corp. as those that needed to heed the decision. In its ruling, the court upheld both the Commission’s argument and its order for Microsoft to hand over information on server protocols to rivals. Microsoft had claimed these were protected by patents and the Commission was forcing it to give away valuable intellectual property at little or no cost. Source: http://news.yahoo.com/s/ap/20070917/ap_on_hi_te/eu_microsoft;_ylt=AroGciF_8D_k9ofqk.QLli8jtBAF

37. September 17, Associated Press – Report: Sophisticated thieves selling code to criminal middlemen. Online crooks are quickly enlarging an already vast sales and distribution network to propagate spam and send malicious software in hopes of infecting millions of computers worldwide, according to a new report. The Internet Security Threat Report, covering the first half of 2007 and released Monday by security software maker Symnatec, says sophisticated thieves sell code to criminal middlemen for as much as $1,000 per program. The middlemen then push the code to consumers, who may be duped into participating in a scam, or who may have their passwords, financial data and other personal data stolen and used by identity theft rings. The savviest hackers lock middlemen into long-term service contracts so they can automatically push the newest exploits on unwitting consumers and compensate for patches developed by legitimate programmers. The agreements — not unlike contracts between software powerhouses such as Oracle Corp. or Microsoft Corp. and their corporate clients — leave a trail of code that, in principal, makes it easier for authorities to catch both the hacker and the person who is buying the program. However, researchers who worked on Symantec's newest said the amount of money to be made from computer attacks still outweighs the danger. The report also found that the U.S. is the top country for so-called underground economy servers. It is home to 64 percent of the computers known to Symantec to be places where thieves barter over the sale of verified credit card numbers, government-issued identification numbers and other data. (See next article for related story.)

Source: http://www.msnbc.msn.com/id/20818870/

38. September 17, IDG News Service – Symantec: Bank account details fetch $400 online. Stolen bank account numbers are commanding the highest price in an underground trade of personal details stolen by hackers, according to the Internet Security Threat Report released Monday by Symantec Corp. Bank account details command prices of up to $400, while credit card details sell for between 50 cents and $5, e-mail passwords from $1 to $350 each, and e-mail addresses from $2 to $4 per megabyte, the report says. The online trade in stolen data highlights the commercialization of Internet crime, with gangs researching, developing and marketing nefarious software for other criminals, said the director of Symantec's security practice for Europe. He also noted that here has been an increase in the quality and quantity of malicious code sold on the Internet, driven by well-funded international groups of criminals. The hackers are obtaining the information through increasingly targeted attacks on computers that often involve collecting personal information about a person from social networks such as MySpace.com or Facebook, the same source said. With specific personal details, a hacker can construct a personalized e-mail that entices the victim to either click on an attachment containing malicious software or visit a phishing site. On the spam front, Symantec said it has noticed a 30 percent drop in so-called pump-and-dump spam, in which e-mails touting penny stocks are sent out, causing a rise in the stock price before the perpetrators sell the stock early. The decline can be attributed to a crackdown by the U.S. Securities and Exchange Commission. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=009036819&intsrc=hm_list

39. September 17, Computerworld – Experts say more personal data is on stolen Ohio tape. An Ohio state government backup tape stolen in June contained far more personal data than was first believed, according to a computer forensics firm hired by the state. When the incident was discovered, state officials said the device contained data on all 64,467 Ohio state employees and tens of thousands of other people, including Ohio teachers. Two reports released last week by Interhack Corp. said an examination of a copy of the missing tape revealed that it also held the names and Social Security numbers of 47,245 Ohio taxpayers and 19,388 former state employees. A spokesman for the Ohio Department of Administrative Services said that Interhack investigators also uncovered banking information on 100 state businesses and the federal employee ID numbers from 40,088 businesses. The incident is expected to cost the state almost $3 million, including $2.3 million to provide affected individuals with credit protection services, he said. The tape was stolen from a vehicle that transported data from government offices to an off-site location where developers were working on the state’s new $158 million ERP system, known as the Ohio Administrative Knowledge System. The breach prompted the state to review how backups are handled at all agencies.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=302856&taxonomyId=17&intsrc=kc_top

40. September 14, Computerworld – Hacked GOP site infects visitors with notorious bot-making malware. A Republican Party Web site has been hacked, and for some time it has been spreading a variation of the long-running Storm Trojan horse to vulnerable visitors, a security researcher said Friday. This is the first time that Storm has taken to the Web for its victims, stated the head of research at Websense Inc. “The big news is that Storm has added infecting sites to its arsenal,” he said. Storm debuted in January, cracked the top malware lists early this summer, and has become infamous for its ability to adapt its infection strategies. “They have a knack for latching onto the latest newsworthy events and capitalizing on the public interest in them,” a Symantec Corp. researcher said last month. Until now, Storm has infected users via files attached to e-mail or through links embedded in spam. The change noticed by Websense’s scanners, however, means that Storm’s backers have moved to other attack vectors -- in particular, compromised Web sites that sport malicious IFRAMEs. Users visiting such sites are instantly infected with the Trojan if their browsers are not patched against whatever exploit the IFRAME code is throwing out. According to Websense, several hundred sites have been compromised by Storm’s makers. One such site was a Republican Party Web site for the 1st Congressional District of Wisconsin Within hours after Websense notified the site’s owners, however, it had been purged of the dangerous IFRAME code. By mid-morning Friday, it was safe to visit. The motive behind Storm's continued attacks, and its expansion into new areas like this, according to Websense, is a never-ending appetite for bots -- compromised computers that can be used for spamming or other criminal activities, either by the original attackers or by others who lease sections of the botnet.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9036679&taxonomyId=17&intsrc=kc_top

Communications Sector

41. September 17, Reuters – Deutsche telecom to buy SunCom Wireless. Deutsche Telekom’s mobile phone division, T-Mobile USA, has agreed to buy SunCom Wireless Holdings Inc. for about $1.6 billion, the companies said on Monday. Deutsche Telekom said in a statement it would also take on SunCom debt of almost $800 million. SunCom shareholders will receive $27 per share, a 22.7 percent premium to Friday's closing price, the companies said. The deal is expected to close in the first half of 2008. SunCom, founded in 1999, operates in the southeastern United States and the Caribbean. It had more than 1.1 million customers by the end of June and posted second-quarter revenue of $242.5 million. The acquisition will further enhance T-Mobile's network coverage through the addition of SunCom's markets and customers in North Carolina, South Carolina, Tennessee, Georgia, Puerto Rico and the U.S. Virgin Islands, Deutsche Telekom said. Deutsche Telekom, Europe's largest operator measured by sales, last month won permission from the European Commission for its T-Mobile Netherlands unit to buy the Dutch unit of rival France Telecom's Orange division.

Source: http://www.bnet.com/2407-13071_23-164730.html