Wednesday, November 14, 2007

Daily Report

The Associated Press reported that a suitcase began smoking Tuesday in a cargo area at Phoenix Sky Harbor International Airport. The fire department was called, and the bag was not found to contain explosives. A San Antonio-bound flight and the accompanying boarding area were evacuated. The bag’s owner, a passenger on the flight, was being questioned, officials said. The flight was delayed about one hour and no other flights were affected. (See item 12)

• According to Computerworld, Seagate Technology LLC confirmed Monday a Taipei Times report that about 1800 disk drives shipped from a contractor’s facility in Thailand with two Trojan horses preinstalled. In the Times, Taiwan’s Investigation Bureau said the Trojans “phone home” data stolen from the corrupted drives to a pair of Beijing-hosted Web sites, and that it suspected the involvement of Chinese authorities. Seagate said Monday that the only data captured were game-related passwords, that it had no evidence of Chinese involvement, and that it had stopped all shipments from the factory. (See item 29)

Information Technology

29. November 12, Computerworld – (International) Update: Maxtor drives contain password-stealing Trojans. Seagate Technology LLC has shipped Maxtor disk drives that contain Trojan horses that upload data to a pair of Chinese Web sites, the Taiwanese government’s security service warned this weekend. The Investigation Bureau said it suspected mainland China’s authorities were responsible for planting the malware on the drives at the factory. “The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved,” a story posted by the English language Taipei Times reported Sunday. Seagate confirmed Monday that some Maxtor Basics 3200 drives were infected out of the box, but the company said it had no proof that the Chinese government was involved. According to the newspaper, about 1,800 Seagate-made drives left a Thailand facility with a pair of Trojan horses preinstalled. The two Trojans, said the Investigation Bureau, “phone home” to a pair of Web sites hosted in Beijing and report all data recorded on the compromised drive. Seagate, however, countered that the only data captured by the on-disk Trojans and sent to the Chinese Web sites were game-related passwords. Internet records show that both sites -- and -- were registered with, one of China’s largest domain registrars. Much of the registration information, however, including the contact name and mailing address, appears to be bogus. The Investigation Bureau identified the infected drives as 500GB models and has demanded that the Taiwanese distributor pull all units from shelves. Of the 1,800 drives reportedly malware-equipped, 1,500 have been removed from the sales channel. The remainder had already been sold. For those customers Seagate will post a 60-day trial version of Kaspersky Labs’ antivirus software on its Web site.

30. November 12, PC World – (National) Apple iPhone update fixes security bug. Apple has pushed out its iPhone 1.1.2 firmware update to users of its popular mobile phone, fixing a widely publicized bug in the iPhone’s browser. Apple made the software available for download last Thursday, but on Monday it began pushing it out automatically to users via its iTunes updating mechanism. The iPhone uses iTunes to scan for security updates once per week, so users will gradually be offered this new firmware over the next seven days. The update fixes a bug in the way that the iPhone renders TIFF (Tagged Image File Format) images. The bug patch is a bit of a mixed blessing for iPhone enthusiasts. While it fixes a critical security vulnerability, that flaw had been used by iPhone developers in the unauthorized Jailbreak software that is used to run third-party applications. The update makes it difficult for users of brand-new iPhones to install Jailbreak. Apple has been in a tug of war with some developers who have had to circumvent Apple’s security measures in order to get their software to run on the iPhone. Apple initially wanted to prevent all third-party code from running directly on its mobile device, but in recent months the company has reversed course and promised to give developers a way to run their code on the iPhone. This software development kit (SDK) will become available in February 2008.

31. November 12, Computerworld – (National) WSUS sync snafu cripples enterprise update ability on eve of Patch Tuesday. A glitch in the software that most midsize and large businesses use to update their Microsoft applications and operating systems had some administrators scrambling a day before Patch Tuesday. If the problem in Windows Server Update Services (WSUS) is not fixed before tomorrow, administrators will not be able to download and deploy the vulnerability patches and other nonsecurity updates Microsoft Corp. has planned for Tuesday, said the director of security operations at security tools vendor nCircle Inc. “It appears that anybody who synced WSUS [with Microsoft’s Windows Update servers] today or yesterday is essentially DOA,” he said. The default WSUS setting is to sync daily. WSUS users began reporting the error this morning when they first accessed the WSUS console. According to those reports, the error read, “The WSUS administration console has encountered an unexpected error.” Several users, writing in a forum hosted by a third-party site dedicated to the update management software, suggested newly added WSUS products could be the source of the error. The SANS Institute’s Internet Storm Center, which also noted that it had received accounts of the WSUS error, pointed out that at least one administrator had posted a work-around. The fix, however, requires the user to issue several lengthy commands in Microsoft's free-to-download SQL Server Management Studio Express.

32. November 12, Computerworld – (National) Ex-security pro admits running huge botnet. A former security researcher admitted to hijacking a quarter of a million PCs, using spyware to steal bank and PayPal account information, and making money by installing adware on the massive botnet. He agreed Friday to plead guilty to four felony counts, including accessing protected computers, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. He faces a total of 60 years in prison and fines of $1.75 million for his part in building and then using the botnet. Several others, named only by their online monikers, were listed as accomplices. According to an assistant U.S. Attorney, the man, known online as “Acidstorm” and “Acid,” was the first to be charged under federal wiretap statutes for using a botnet. He and his co-schemers infected PCs with malware -- likely Trojan horses, although the court papers didn’t specify the malicious code -- that added the compromised systems to a botnet and then stole usernames and passwords stored by Microsoft Corp.’s Internet Explorer browser. IE, like other browsers, will save that information to speed future logons. He mined the data retrieved from the botnet to access multiple PayPal accounts as well as other financial accounts and then plundered them. Some of the looted PayPal funds were used to pay for more Web hosting space and bandwidth to continue spreading the malware and adding to the botnet, prosecutors said. The man was employed as a security consultant until early 2006. He used both work and home computers to oversee the botnet.

Communications Sector

33. November 13, The Associated Press – (International) China Mobile sets up on Mount Everest. China’s largest cell phone service provider successfully tested a transmission station on Mount Everest on Tuesday, making it possible for climbers and those on next year’s Olympic torch relay to make calls, a state news agency reported. China Mobile had to hire yaks and porters to help transport equipment up to the station site at 21,325 feet, the Xinhua News Agency said. The new station, along with two other China Mobile stations at 17,060 feet and 19,095 feet, would provide cell phone service along the entire Mount Everest climbing route, Xinhua said. It would also be put into use during next year’s Olympic torch relay, which will take the flame to the 29,035-foot summit.

34. November 12, Reuters – (International) Diplomats near deal on earmarking world radiowaves. An agreement on how to divide the world’s radio-frequencies among satellite operators, mobile phone companies and broadcasters is close, industry and diplomatic sources said on Tuesday. Insiders said participants in the month-long World Radiocommunication Conference, due to wrap up on Friday, were wrapping up a deal sharing out the spectrum used in wireless and satellite signals, a finite resource worth billions of dollars. “The details are being finalized,” said one participant to the Geneva talks, which have involved 2,600 people including corporate representatives from AT&T, Boeing, Nortel, Sharp, Intel and Qualcomm. The United States has been pushing for more high-quality spectrum to be earmarked for new mobile technologies, while resisting any loss in the frequencies accessed by the military, as well as for meteorology, maritime distress and safety. Radio waves are also fundamental for ensuring aircraft safety and natural disaster monitoring. Household devices such as garage-door openers also use such signals, though at a weak level. Because advanced mobile services are still being developed, and will not require extra spectrum space for several years, sources familiar with the Geneva talks said there was a reluctance to immediately reallocate frequencies in a radical way.

35. November 12, RCR Wireless News – (National) FCC grants Globalstar, Iridium Lband spectrum, ATC plans out for comment. The Federal Communications Commission agreed to divide mobile satellite service L-band spectrum between CDMA operator Globalstar Inc. and TDMA operator Iridium Satellite L.L.C., while soliciting public comment on a plan to give Globalstar ancillary terrestrial component authority on most of its MSS frequencies. The agency’s actions give Globalstar and Iridium each exclusive MSS use of 7.775 megahertz of spectrum in the L-band (1.6 GHz) and sets the stage for Globalstar to incorporate ATC in more than 19 megahertz of the 27.85 megahertz of spectrum it controls in the L-band and S-band (2.4-2.5 GHz). Globalstar petitioned the FCC in June 2006 to use supplemental terrestrial wireless facilities across all of its MSS frequencies, but the agency said doing so posed potential interference to Iridium and land-based wireless broadband networks. At the same time, the FCC is willing to allow Globalstar to integrate ATC in nearly twice as many a frequencies as currently authorized.