Thursday, September 27, 2007

Daily Report

Computerworld reports that fraud police do not possess the resources needed to handle the increase in data that accompanies increased financial fraud. While greater computing power has helped, some are calling for a greater degree of information sharing with private financial institutions, despite privacy concerns. (See item 11)

The Herald Times reports that global climate change and a recent influx of a deadly fish virus are stressing the Great Lakes fisheries, thereby affecting the $4 billion Great Lakes commercial and sport fisheries industry. Other habitat stressors have also lead to a decline in the fish population there. (See item 19)

Information Technology

29. September 25, CNet News – (National) OpenOffice bug hits multiple operating systems. Researchers at iDefense have discovered that OpenOffice version 2.0.4 and earlier versions are vulnerable to maliciously crafted TIFF files, which can be delivered in an e-mail attachment, published on a Web site or shared using peer-to-peer software. In June, OpenOffice users were warned about a worm called “Badbunny” that was spreading in the wild through multiple operating systems, including Mac OS, Windows and Linux. At the time, Symantec posted an advisory that said: “A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources.” The next version of OpenOffice, which is a free, open-source office productive software package, arrived on September 17 and is not affected by the flaw.


30. September 26, IDG News Service – (National) AIM vulnerable to worm attack, researchers warn. A critical flaw in the way that the AOL’s instant messaging client displays Web-based graphics could be exploited by criminals to create a self-copying worm attack, security researchers are warning. The flaw was discovered by researchers at Core Security Technologies Inc., which has been working with AOL over the past few weeks to patch the problem. AOL's servers are now filtering instant messaging traffic to intercept any attacks, but the company has yet to patch the underlying problem in its client software, security researchers said Tuesday. The flaw has to do with the way the AOL Instant Messaging (AIM) software uses Internet Explorer’s software to render HTML messages. By sending a maliciously encoded HTML message to an AIM user, an attacker could run unauthorized software on a victim’s computer or force the IE browser to visit a maliciously encoded Web page, said a Core Chief Technology Officer. This type of flaw could be exploited to create a self-replicating worm attack. “The frightening thing about this vulnerability is that it can be easily exploited to create a massive IM worm, because it doesn’t require any user interaction,” said an IT security expert. No attacks based on these flaws have been reported. Source:

Communications Sector

31. September 25, Memphis Business Journal – (Tennessee) Telecom glitch stops departures at Memphis International. The Federal Aviation Administration's air route traffic control center in Memphis experienced a communications failure at 11:30 a.m on Tuesday, standing hundreds of passengers. According to an FAA spokesman, “several radar systems were impacted when the telecom lines that feed the center failed.” The center is one of 20 across the nation and is responsible for a 250-mile radius. The air route traffic control center communicates with all flights originating within that radius and those flying over the area. Source:

32. September 24, AT&T press release – (National) AT&T wins deal to build next-generation enterprise network for U.S. Department of the Treasury. AT&T Inc. has announced a task order potentially worth up to $1 billion from the U.S. Department of the Treasury to build and transition the Department to a next-generation enterprise network known as Treasury Network (TNet). TNet is a secure enterprise network that will facilitate the convergence of data, voice and video technologies into a single network infrastructure that supports the efficient operation of applications and services across the Treasury’s entire operating environment. The $270 million task order awarded to AT&T could be worth up to $1 billion with enhanced services and other options over the life of the contract. The TNet order has a time frame of 10 years, which includes a four-year base with three two-year options. Source: