Wednesday, October 10, 2007

Daily Report

· Express News reports that scientists at the Southwest Foundation for Biomedical Research have received a $5 million grant from the Department of Homeland Security to begin studying the Marburg virus, which federal security officials say could be in the hands of terrorist groups that want to turn it into a biological weapon. The virus is in the same family as Ebola. (See item 20)

· WBZ Boston reports that legislation was filed on Monday to make it a crime to place a false emergency call to 911 in the State of Massachusetts. More than 300,000 calls a year taken at the wireless 911 center in Framingham are not for real emergencies. The non-emergency calls can tie up emergency lines, making it harder for callers with real emergencies to reach an operator. (See item 27)

Information Technology

28. October 8, IDG News Service – (National) Hacker breaks into eBay server, locks users out. A malicious hacker broke into an eBay Inc. server on Friday and temporarily suspended the accounts of a “very small” number of members, the company said. “We were able to block the fraudster quickly before any permanent damage had been done. At no point did the fraudster get any access to financial information or other sensitive information,” an eBay spokeswoman said. EBay has “secured and restored” the affected accounts and is calling the affected users, she said, without specifying how many accounts the hacker accessed and tinkered with. The perpetrator of that confidential data disclosure posted the names and contact information of 1,200 eBay members on the company’s Trust & Safety discussion forum, along with credit card numbers that were later determined to be invalid. EBay eventually concluded that the attacker obtained the information via a phishing scheme, tricking individual members into disclosing the data. Friday’s hack has quite a few eBay members rattled, judging by a long discussion forum thread about the incident. In that thread, some affected eBay members report receiving e-mails from a hacker identified as Vladuz saying that he had targeted them for posting forum comments that were critical of him. Vladuz has in the past reportedly stolen login information that has allowed him to post messages to eBay discussion forums as if he were an eBay employee.

29. October 8, Computerworld – (National) Adobe admits PDF exploit, posts workaround. Adobe Systems Inc. has confirmed that there is a critical bug in its most popular programs, but it does not yet have a patch that protects Windows XP users against attacks arriving as PDF files. In an advisory posted Friday, Adobe admitted that the flaw first disclosed by Petko Petkov, a U.K.-based security researcher, was real. The San Jose-based company also provided a multiple-step work-around in lieu of a permanent fix to its Adobe Acrobat software and its free Adobe Reader application. Adobe’s work-around requires editing the Windows registry, a daunting chore for most users, but it will protect against malicious PDF documents that exploit the “mailto:” URI (universal resource identifier) to trick users into downloading attack code. Mailto:, one of the most-frequently used URIs, launches the default e-mail client and opens a pre-address message when a link is clicked inside a Web browser. The terse description indicates that the PDF vulnerability is yet another protocol-handling bug. Those flaws have been a hot topic in security circles since July, when another researcher showed how Internet Explorer and rival Firefox could be used to run malicious code by exploiting invalid URIs. In fact, the debate over patching responsibility resumed on Friday, when a German analyst said IE7 brought new bugs to Windows XP.

Communications Sector

30. October 9, Government Technology – (National) Federal legislation would require E-911 for IP voice systems. IP telephony, which allows the user to take one telephone number to any location in the world, would now be required to be “located” for the purpose of emergency calls. The “911 Modernization and Public Safety Act of 2007” (H.R. 3403), would “Promote and enhance public safety by facilitating the rapid deployment of IP-enabled 911 and E-911 services, encouraging the nation's transition to a national IP-enabled emergency network and improve 911 and E-911 access to those with disabilities.” The Association of Public Safety Communications Officials (APCO) International and the National Emergency Number Association (NENA) announced their support of the bill, and NENA’s president said, “Our nation's 9-1-1 system is a vital public safety and homeland security asset. Every day 9-1-1 callers seek critical emergency assistance and are the eyes and ears helping others during emergencies in local communities and assisting with our nation's homeland security. Modern communication capabilities offer an opportunity to improve the system as we know it, but they also offer challenges. The 9-1-1 community must embrace and react to change quickly, to better serve the American public, industry and the mobile consumer in all emergencies. We need help from Congress to do so.”