Tuesday, October 23, 2007

Daily Report

· USA Today reports that changes in a Transportation Security Administration (TSA) policy, requiring pre-employment background checks for all new employees, are stirring controversy among airport representatives. Prior to October 1, when the new rule was enforced, the employees were issued IDs and could begin working while the clearances were pending. Because of the change, some airports reportedly do not have enough staff to process passengers or check people and luggage. (See item 10)

· According to The Associated Press, Georgia’s governor declared a state of emergency Saturday for the northern third of the state and asked President Bush to declare it a major disaster area. The emergency declaration might lead to the use of state funds allocated for drought. (See item 22)

Information Technology

30. October 22, IDG News Service – (National) With attack code circulating, RealPlayer fix coming. One day after Symantec researchers discovered software that attacked a critical unpatched vulnerability in RealNetworks’ media player, Real says that a fix for the issue is imminent. “Real has created a patch for RealPlayer 10.5 and RealPlayer 11 that addresses the vulnerability identified by Symantec,” wrote RealNetworks General Manager of Product Development in a Friday blog posting. “Real will make this patch available to users via this blog and our security update page later today,” he said. Users of RealOne Player, RealOne Player v2, and RealPlayer 10 should upgrade to the 10.5 version of the product or the RealPlayer 11 beta code and should install the patch, he said. The attack exploits a flaw in an ActiveX browser helper object, software that RealPlayer employs to help users who are experiencing technical difficulties, so the PC must be using the Internet Explorer browser to be affected by this particular attack, Symantec said. The attack only works on Windows systems, RealNetworks said. Linux, Mac and RealPlayer 8 users are not affected. Attackers were using a complicated network of advertising Web sites to launch the attack from a Web site that has been spotted hosting malicious code several times over the past two years, Symantec said. Users who do not have the patch can turn off ActiveScripting within IE as a workaround to the problem. Very technical users can also set kill bit on the Class identifier (CLSID) FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to disable the ActiveX control, Symantec said.
Source: http://www.infoworld.com/article/07/10/22/RealPlayer-fix-coming_1.html

31. October 22, Computerworld – (California) IT staff acts as wildfire advances on Pepperdine’s data center. The CIO of Pepperdine University had little warning that a wildfire was soon to threaten the campus’ data center when he woke without power at 5 a.m. Sunday. Within a matter of hours, brush fires came within 100 feet of the data center -- and there was a point, he said, where “we had serious concern that the data center itself was going to be jeopardized.” The CIO quickly left for the data center and, as he drove to it, could see light from the fire on the other side of a ridge. Other administrators were responding as well, and by 5:30 a.m., the campus administration had called a meeting of the university’s Emergency Operations Committee. Wildfires are an ongoing threat in the area, and the university is prepared for that contingency, as well as other threats. It routinely sends its backup tapes to Iron Mountain Inc. for protection. In addition, the latest tape backup copies were moved to a fireproof safe. The ERP applications were shut down, and the hard drives were removed and also safely stored. All that work was completed in 35 minutes, he said. It was still before 8 a.m. While the IT staff scrambled, the fire advanced toward the data center building and nearby university administration building. Firefighters from Los Angeles County and other jurisdictions acted immediately. There were about 25 firefighters in the way of the advancing fire “whose entire goal was to protect the buildings,” he said. “They were able to contain those fires and keep them from spreading further,” he said. Pepperdine’s University Data Center never went offline, ensuring the campus of network services, including voice communications.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9043421&intsrc=hm_list

32. October 21, IDG News Service – (National) Storm Worm now just a squall. The Storm Worm’s days may be numbered, according to a University of California researcher. The researcher said that, despite the intense publicity that the Storm network of infected computers has received, it has actually been shrinking steadily and is a shadow of its former self. On Saturday, he presented his findings at the ToorCon hacker conference in San Diego. Storm is not really a computer worm. It is a network of computers that have been infected via malicious e-mail messages and are centrally controlled via the Overnet peer-to-peer protocol. The researcher said he has developed software that crawls through the Storm network and thinks that he has a pretty accurate estimate of how big Storm really is. Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world’s most powerful supercomputer. But the real story is significantly less terrifying, he said. In July, for example, he said that Storm appeared to have infected about 1.5 million PCs, about 200,000 of which were accessible at any given time. He guessed that a total of about 15 million PCs have been infected by Storm in the nine months it has existed, although the vast majority of those have been cleaned up and are no longer part of the Storm network.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9043419&intsrc=hm_list

33. October 19, CNN – (International) Official: International hackers going after U.S. networks. About 140 foreign intelligence organizations are trying to hack into the computer networks of the U.S. government and U.S. companies, a top counterintelligence official said. The national counterintelligence executive told CNN it is not accurate to blame only the Chinese government for recent penetrations of government computer systems. Because it is easy for hackers to disguise where an attack originates, he said, the best course of action is to tighten up one’s own networks rather than to place blame. The nation’s electronic systems are too easy to hack, and the number of world-class hackers is “multiplying at bewildering speed,” he said. That, he said, has transformed the nature of counterintelligence: “If you can exfiltrate massive amounts of information electronically from the comfort of your own office on another continent, why incur the expense and risk of running a traditional espionage operation?” He also warned that hackers could create chaos by manipulating information in electronic systems the government, military and private industry rely on. “Our water and sewer systems, electricity grids, financial markets, payroll systems, air and ground traffic control systems ... are all electronically controlled, electronically dependent, and subject to sophisticated attacks by both state-sponsored and freelance terrorists,” he said. The government must develop a better system for warning the private sector and universities about attacks, he said, and some laws might need to change: “We’ve got to rethink the adequacy of our legal authorities to deal with the cyber thieves and the vandals who I call the Barbary pirates of the 21st century.”
Source: http://www.cnn.com/2007/US/10/19/cyber.threats/index.html

Communications Sector

34. October 21, IDG News Service – (National) AT&T sues Vonage for patent infringement. - AT&T Inc. on Friday filed a lawsuit against voice-over-IP (VoIP) provider Vonage Holdings Corp. seeking damages for alleged patent infringement. The lawsuit comes just days after Vonage settled a patent-infringement lawsuit with telecommunications provider Sprint Nextel Corp. In a filing with the U.S. District Court for the Western District of Wisconsin, AT&T alleged that Vonage willfully infringed an AT&T patent related to telephone systems that allow people to make VoIP calls using standard telephone devices. In the legal filing, AT&T said it tried to reach an agreement with Vonage to license the patent but failed, which forced the lawsuit. Vonage announced on October 8 that it settled its suit with Sprint Nextel for $80 million. As part of that agreement, Vonage agreed to license VoIP patents from Sprint, including more than 100 patents covering technology for connecting calls from a traditional phone network to an IP network. Vonage is also in the process of resolving a patent-infringement dispute with Verizon Communications Inc. Earlier this year, a court found that Vonage had infringed on Verizon patents and ordered an injunction that could have prevented Vonage from signing up new customers. Vonage won an injunction staying the order and is appealing the original infringement ruling. Vonage in August said it was close to rolling out work-arounds for two of the three patents Verizon claimed. Vonage is one of the largest independent VoIP providers in the U.S., with nearly 2.5 million customers.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9043420&taxonomyId=17&intsrc=kc_top

35. October 20, RCR Wireless News – (National) FTC works to quash call list urban legend. The Federal Trade Commission (FTC) faces a dilemma as it once again attempts to kill a wireless urban legend that just won’t die. “The Federal Trade Commission today reiterated that despite the claims made in e-mails circulating on the Internet, consumers should not be concerned that their cellular phone numbers will be released to telemarketers in the near future, and that it is not necessary to register cellular phone numbers on the national Do Not Call Registry to be protected from most telemarketing calls to cellular phones,” the agency stated. While the Do Not Call list accepts registrations of landline and wireless numbers alike, the Federal Communications Commission has a permanent ban on telemarketers using automated dialers to call cellular phone numbers. There are 145 million wireline and wireless numbers in the registry. The FTC has repeatedly posted “The Truth about Cellphones and the Do Not Call Registry” advisory several times since the program was crafted by the Federal Communications Commission and FTC in 2003. The agencies attribute rumors about telemarketers getting their hands on mobile-phone numbers and other falsehoods associated with the Do Not Call registry to an industry effort aborted several years ago to launch a wireless 411 directory. The FTC does not presently highlight the fact that under current law consumers must re-register with the Do Not Call Registry. The reason is the agency does not know whether legislation to make the registry permanent will be approved by Congress this year. In the meantime, an FTC spokesman said a major campaign to remind consumers to re-register will be rolled out in early 2008 if lawmakers fail to get legislation approved.
Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20071020/SUB/71019016/1005