Tuesday, November 13, 2007

Daily Report

• The Associated Press reports that the Department of Energy Secretary on Thursday defended plans to divert oil into the federal emergency reserve while still acknowledging that tight supplies likely are one reason for surging crude oil prices. The Strategic Petroleum Reserve, a system of salt caverns along the Louisiana and Texas coast, contains 694 million barrels of oil to be used in a supply emergency. The government is working to fill it to its 727 million barrel capacity. (See items 2)

CBS News reports that the National Transportation Safety Board (NTSB) said at a November 8 meeting in Washington that runway incursions are the greatest threat to aviation safety today. They warned that conditions are ripe for a runway accident and that the Federal Aviation Administration is not moving fast enough to establish a system that would automatically alert pilots when a collision is imminent. (See item 15)

Information Technology

29. November 11, Fox News – (National) MySpace invaded by phishing virus promising free gift card. An identity-stealing computer virus that masks itself as an offer for a free Macy's gift card has invaded the social networking site MySpace. The "phishing" scam reportedly is targeting the site's younger users, appearing as an email from a friend and prompting them to click on a link to retreive a $500 Macy's gift certificate. After clicking on the link, users are bumped to a fake MySpace log-in page and asked to reenter their username and password. There, the information is being stolen by the thirdparty "phisher."

30. November 9, Newsfactor.com – (National) Malware planted on MySpace once again. Exploit Prevention Labs has discovered that attackers are using R&B recording artist Alicia Keys’ page to spread their malware over the Web. Other artists were also targets of the Web-based attack. In March, McAfee reported that MySpace is increasingly becoming a breeding ground for the “scum of the Internet,” who try to capture personal information from members. In this case, website visitors are hit by an exploit, which installs malware in the background if they are not fully patched against the latest security vulnerabilities, and next they are presented with a fake codec, which tells them they need to install a codec to view the video. Specifically, visitors to these MySpace pages are directed to co8vd.cn/s. This appears to be a Chinese malware site. If the visitors accept the code installation, the site installs malicious software. You can view a video demonstration of the attack on YouTube. The hack has some interesting characteristics, the Chief Technology Officer at Exploit Prevention Labs explained. “Perhaps most interesting, the bad guys are using a creative hack we haven’t seen before: The HTML in the page contains some sort of image map, which basically makes it so you can click on anything over a wide area on the page and your click is directed to the malicious hyperlink,” he said. “We tested it and even the ads were affected.”

31. November 8, CNet News – (National) Multiplying Mac trojan not epidemic yet. Security firm F-Secure has discovered 32 variants of the Trojan that targets Mac operating systems, but claims about its powers have been wildly overstated, according to experts. A chief research officer at F-Secure said the Trojan was not an isolated incident, and those behind it seem “serious about targeting Mac users as well as Windows users. And they keep putting out slightly modified versions of the Trojan for the Mac too.” The Trojan is being disguised as a codec, a device used to decode digital streams. If it is downloaded, it alters a computer’s domain name system server, redirecting the machine to sites of the malware distributor’s choice. The prime purpose appears to be to make money when people click on ads served on the sites. Another F-Secure official said that while this shows that Macs are “starting to get interesting for the bad guys,” the Trojan does not mean Mac platforms are facing a malware epidemic.

Communications Sector

32. November 8, PR Newswire – (Maine) Verizon Wireless expands wireless broadband network across Maine. On Thursday, Verizon Wireless announced in a press release that it is expanding its wireless high-speed broadband network in Cumberland, Lincoln, Sagadahock, and York Counties in Maine through a recent enhancement to 49 existing cell sites.