Tuesday, November 20, 2007

Daily Report

  • According to the Chicago Tribune, an apparent miscommunication Saturday between airtraffic controllers at a radar facility near Chicago caused two private planes flying incentral Wisconsin to pass closer than federal regulations allow. This is the second nearmiss error attributed to the facility in less than a week. (See item 12)
  • The Associated Press reported that a group representing the cattle industry filed an emergency request Friday in U.S. district court seeking to block the rule that was set to permit Canadian cattle over 30 months of age into the U.S. market starting Monday. More than two dozen nations suspended U.S. beef imports in 2003 after mad cow disease was found in a U.S. cow imported from Canada. (See item 16)

Information Technology

25. November 18, Computerworld – (National) Mozilla to fix 9-month-old Firefox bug as concerns grow. Mozilla Corp. will patch Firefox against a nine-month-old protocol handler bug, its chief security executive announced Friday, after researchers demonstrated that the vulnerability was more serious than first thought. The bug is another uniform resource identifier (URI) protocol handler flaw, and the news of an impending fix comes on the heels of Microsoft patching Windows to repair problems in the handlers it registers. Protocol handlers – “mailto:” is among the most familiar – let browsers launch other programs such as an e-mail client through commands embedded in a URL. But Firefox’s jar: protocol handler (the “.jar” extension stands for Java ARchive, a Zip-style compression format) does not check that the files it calls are really in that format. Attackers can exploit the flaw by uploading any content – malicious code, for example, or a malformed Office document -- to a Web site, then entice users to that site and its content with a link that includes the jar: protocol. Because the content executes in the security context of the hosting site, if that site (e.g., a commercial photosharing service) is trusted, then the malicious code runs as trusted within the browser, too. This cross-site scripting vulnerability was discovered in February and reported to Mozilla’s Bugzilla database early that month. But over the last two weeks, two more researchers demonstrated the danger of the vulnerabilities -- one of which allowed the researcher to access another user’s Gmail contacts list -- leading Mozilla to take action. According to Mozilla’s head of security strategy, the vulnerabilities “will be addressed in Firefox, which is currently in testing.” Until Mozilla patches the browser, users can block jar:-based cross-site scripting attacks with the newest version of NoScript.


26. November 17, IDG News Service – (National) Senate OKs restitution for cybercrime victims. The U.S. Senate has passed a bill that would allow victims of online identity theft schemes to seek restitution from criminals and expands the definition of cyberextortion. The Senate passed the Identity Theft Enforcement and Restitution Act by unanimous consent last week. The bill allows victims of identity theft to seek restitution for the time they spend to fix the problems. The bill would allow prosecutors to go after criminals who threaten to take or release information from computers with cyberextortion, and it would allow prosecutors to charge cybercriminals with conspiracy to commit a cybercrime. Current law only permits the prosecution of criminals who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer. The bill would also make it a felony to use spyware or keystroke loggers to damage 10 or more computers, even if the amount of damage was less than US$5,000. In the past, damage of less than $5,000 was a misdemeanor. The legislation, among other things, would also allow the federal prosecution of those who steal personal information from a computer even when the victim’s computer is in the same state as the attacker’s computer. Under current law, federal courts only have jurisdiction if the thief attacks from another state.


27. November 16, Computerworld – (National) Storm botnet spreading malware through GeoCities. Storm, the botnet-building Trojan horse, has come up with another twist to dupe users into infecting their PCs with malware, a security researcher said Friday. Longtime clients of the Russian Business Network (RBN), a notorious hacker- and malware-hosting network that mysteriously vanished last week after shifting operations from St. Petersburg, Russia, to Shanghai are involved in the attack, said Trend Micro Inc.’s network architect. Thursday, Trend watched as existing bots controlled by Storm were seeded with new spam templates that included links to sites on GeoCities, the free Web hosting service owned by Yahoo Inc. Friday, Storm kicked off the new attacks. “This has developed into a full-fledged attack vector,” he said. The GeoCities sites are infected with malicious JavaScript code that redirects the user’s browser to secondary URLs hosted in Turkey, he said. The Turkish URLs, meanwhile, try to persuade the user to download a new codec that is supposedly necessary to view images on the GeoCities sites. According to Trend Micro’s analysis, the bogus codec -- which claims to be for the 360-degree IPIX format -- is actually an identity- and information-stealing piece of malware. Fake codecs have become the latest choice of hackers, with several notable attacks recently relying on users’ naiveté about what a codec is, why it might be necessary and why they can be untrustworthy.


Communications Sector

28. November 19, Associated Press – (Iowa) Rogue cell phone dials 911 - again, and again and again. A rogue cell phone is not accepting calls, but it sure likes to dial 911 operators in eastern Iowa. Operators at the Black Hawk County Consolidated Communications Center said that they received about 400 calls from the same cell phone last week and that no one seems to be on the other line. “It will ring in, and it’s an open line. Sometimes it rings in and drops off,” said a dispatcher. Officials can’t locate the phone but have figured out that it is an old line not currently associated with a cell phone provider. Such phones, once charged up, can still place 911 calls under Federal Communications Commission rules set in 1994. The cell phone can’t receive calls, and emergency workers haven’t been able to track the owner through service records, either. “With this, we are pretty helpless,” said the center’s administrative supervisor. Officials are suspicious that it could be a prank - but they say it is not funny and potentially dangerous. Until the source of the calls is found or they stop, dispatchers still have to answer every call just in case someone is on the line with an emergency.

29. November 19, Multichannel News – (California) Handling California’s wildfires. Cable-system operators needed to keep in touch with widely dispersed, evacuated customers during recent wildfires in California. Service providers also had to assist neighborhoods in recovery efforts. They responded with an assortment of quick actions. Time Warner Cable’s L.A. South division contacted a local Rent-A-Center, which donated six big screen televisions to deliver video service at the National Orange Show Grounds in San Bernardino. A “Surf Shack” vehicle, normally used to market video, data and phone services, provided communications services to 3,000 evacuees. Charter Communications culled billing records to send a targeted e-mail to ZIP codes in Lake Arrowhead. Displaced residents could log onto charter.net from anywhere and find out when service had returned and to check billing credits. When fires cut off video and Internet service from its backbone on one side of a mountain, Internet service was routed through telephone cables on the other side. Time Warner Cable in San Bernardino also provided broadcast signals via the Charter phone lines. Cox Cable Orange County quickly wired the El Toro High School evacuation center. Phone numbers of destroyed homes were reserved for 18 months, for families who had to rebuild or repair homes. Email addresses will also be maintained. Forwarding of calls to cell phones was made free, for the displaced. Cox also wired eight evacuation centers in San Diego, offering free long-distance calls to fire victims to the U.S. and Mexico.