Thursday, November 29, 2007

Daily Report

• According to a USA Today report Wednesday, the Transportation Security Administration will take over background checks of 1.2 million aviation workers from the FAA starting in January. The move means licensed aviation workers will be checked against the FBI’s constantly-updated terror watch list, as opposed to the FAA’s impartial list. (See item 13)

• An Associated Press report Wednesday detailed steps being taken by Border Control and rescue personnel to prepare for the apprehension and rescue of illegal immigrants crossing the border often unprepared for the cold winter. In the past four years, the Border Control has recorded 27 deaths directly attributed to cold weather in its Tucson section alone. Agents carry emergency bags with blankets, rehydrants and other equipment, and specially trained search, rescue and trauma agents are ready treat hypothermia victims being transported for medical assistance. (See item 25)

Information Technology

26. November 28, IDG News Service – (National) Lotus Notes vulnerable to e-mail attack. A serious bug in IBM’s Lotus Notes software could be used by attackers to run unauthorized software on a victim’s PC, researchers at Core Security Technologies reported Tuesday. The flaw lies in the Autonomy KeyView software used by Lotus Notes to process Lotus 1-2-3 files. Core’s researchers found that when they opened a specially crafted Lotus 1-2-3 e-mail attachment in Lotus Notes, they could run unauthorized software on the PC. Although details of the flaw have not been published, and it has not been picked up by online criminals, it would not be hard for a determined attacker to write code that exploited the flaw, said Core’s chief technology officer. That’s because there have already been a number of similar KeyView bugs found this year, so sample exploit code for similar flaws can easily be found. “Previously there have been other flaws like this published for the same software development kit,” he said. “So anyone keeping track of that could write an exploit pretty quickly.” In the past year, security researchers have increasingly focused on these kinds of vulnerabilities, called file parsing bugs. Improvements in hacking software, called fuzzers, which send a barrage of data to programs in order to see if they can be made to act in unexpected ways, have made this type of research easier. The flaws researchers have found over the past two years involving file parsing bugs affect every major antivirus vendor, and many of them could allow attackers to run unauthorized code on a victim’s system, they say.

27. November 27, Computerworld – (Texas; International) Man indicted for allegedly emailing bomb threats to Texas airport. A grand jury in McAllen, Texas, indicted a U.S. citizen living in Mexico for allegedly e-mailing in bomb threats to an airport in McAllen. According to an affidavit, four different bomb threats were sent to the McAllen Miller International Airport online message board. Two of the threats, which were written in Spanish, were sent on August 22, and the other two were sent September 7 and September 10. All four threats were e-mailed in and used fake return email addresses. No bombs or explosives were found at the airport, according to the U.S. Department of Justice (DOJ). The DOJ contends that in the threat sent on September 7, the man demanded that airport workers deliver $20,000 to the reception desk area of a Holiday Inn hotel, but no one approached the hotel’s reception desk to claim the money. The man faces a maximum sentence of five years in prison and a $250,000 fine for each count.

28. November 26, Associated Press – (National) Heavy online shopping traffic causes Yahoo outages. The online holiday shopping blitz known as “Cyber Monday” proved to be too much to handle for Internet bellwether Yahoo Inc. The heavy traffic triggered computer outages that prevented sales from being completed at thousands of Web sites that depend on an e-commerce service offered by Sunnyvale, California-based Yahoo. The trouble began around 8:30 a.m. Pacific Standard Time Monday morning and continued into the early afternoon. The problems affected more than half of the roughly 40,000 sites that subscribe to Yahoo’s e-commerce service.

Communications Sector

29. November 28, Computerworld – (International) Report: Cell phone explosion may have killed man. Police in Cheongwon, South Korea, said a worker died Wednesday possibly because a cell phone battery exploded in his pocket, according to a report from the Associated Press. The report quotes an unnamed police official as saying, “We presume that the cell phone battery exploded,” but the official spoke on the condition of anonymity because the investigation is ongoing. The man was identified only as Suh, and was found dead at his workplace in a quarry Wednesday morning with a melted cell phone battery in his shirt pocket, according to the report. The AP quoted the Yonhap news agency as saying Suh’s body was examined by a doctor who said that Suh suffered a burn in the left chest area and had a broken spine and ribs. “It is presumed that pressure caused by the explosion damaged his heart and lungs, leading to his death,” the report quotes the doctor as saying. South Korea’s LG Electronics Inc. reportedly made the phone involved in the death, although the report quoted an LG official who said that a fatal explosion from the phone or its battery would be virtually impossible. An LG spokeswoman said the company is investigating the report and would only confirm that the phone is not sold in the U.S.