Tuesday, December 4, 2007

Daily Report

WKMG 6 and Rotornews reported that starting December 3, ten U.S. airports will begin requiring nearly all foreigners to have 10 fingerprints scanned under an expanded version of the US-VISIT migrant tracking system. Mexicans with border-crossing cards and most Canadians are exempt from the program. The system will be rolled out at eight other airports by March 2008. (See item 15)

• According to United Press International, a subcommittee of the U.S. Food and Drug Administration’s science board will release Tuesday a report stating that the nation’s food supply is at risk, as are the FDA’s regulatory systems. The report attributes the deficiencies to increasing demands on the FDA, as well as a lack of resources that have not increased in proportion to the demands. (See item 20)

Information Technology

32. December 3, IDG News Service – (National) Facebook admits Beacon tracks loggedoff users. Facebook has confirmed findings of a CA security researcher that the social networking site’s Beacon ad service is more intrusive and stealthy than previously acknowledged, an admission that contradicts statements made previously by Facebook executives and representatives. Facebook’s controversial Beacon ad system tracks users’ off-Facebook activities even if those users are logged off from the social-networking site and have previously declined having their activities on specific external sites broadcast to their Facebook friends, a company spokesman said via e-mail over the weekend. Although according to the spokesman, Facebook does nothing with the data transmitted back to its servers in these cases and deletes it, the admission will probably fan the flames of the controversy engulfing Beacon, which has been criticized by privacy advocates. The Facebook spokesman did not initially reply to a request for further explanation on how the Beacon action gets triggered if a user is logged off from Facebook, when the social-networking site’s ability to track its users’ activities should be inactive. It is also unclear whether Facebook plans to modify Beacon so it does not track and report on the off-Facebook activities of logged-off users. Beacon tracks certain activities of Facebook users on more than 40 participating Web sites, including those of Blockbuster and Fandango, and reports those activities to the users’ set of Facebook friends, unless told not to do so. Off-Facebook activities that can be broadcast to one’s Facebook friends include purchasing a product, signing up for a service and including an item on a wish list. The program has been blasted by groups such as MoveOn.org and by individual users who have unwittingly broadcast information about recent purchases and other Web activities to their Facebook friends. On Thursday night, Facebook tweaked Beacon to make its workings more explicit to Facebook users and to make it easier to nix broadcast messages and opt out of having activities tracked on specific Web sites. Facebook did not go all the way to providing a general opt-out option for the entire Beacon program, as some had hoped.

33. December 3, IDG News Service – (National) Attackers target unpatched QuickTime flaw. Attackers are trying to exploit an unpatched vulnerability in Apple’s QuickTime software that could let them run code on a victim’s computer, Symantec warned in a DeepSight Threat Management System alert issued Sunday. First observed on Saturday, the attacks appear to be aimed at Windows users, but Mac OS users could also be at risk since the QuickTime vulnerability in question affects both operating systems, the alert said. That vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first disclosed on November 23, and remains unpatched by Apple. Researchers have shown that the QuickTime vulnerability affects a range of operating systems, including Windows XP, Windows Vista, MacOS X 10.4, and the recently released MacOS X 10.5, also called Leopard. The vulnerability can be exploited through Internet Explorer, Firefox, Opera, and Safari. There are two types of attacks underway, Symantec said. In the first, victims’ computers are being redirected from an adult Web site, Ourvoyeur.net, to another Web site that infects the computer with an application called loader.exe, which can be saved to the computer as metasploit.exe, asasa.exe, or syst.exe. Once installed on a computer this application downloads another binary file, which Symantec identified as Hacktool.Rootkit, a set of tools that can be used to break into a system. Symantec said it was possible attackers had managed to compromise Ourvoyeur.net as part of the attack. The second attack also involves redirection, and Symantec is currently investigating the attack to determine what, if any, malicious code is involved. To protect systems from attack, Symantec recommended blocking access to affected sites. “Filter outgoing access to,,,,, and Additionally 2005-search.com, 1800-search.com, search-biz.org, and ourvoyeur.net should be filtered,” it said, adding IT managers can also block outgoing TCP access to port 554. Alternatively, IT managers could take more drastic steps. “As a last measure, QuickTime should be uninstalled until patches are available,” the alert said.

34. December 3, IDG News Service – (International) Shell, Rolls Royce reportedly hacked by Chinese spies. Great Britain’s domestic intelligence agency is warning that cybercrime perpetrated by China is on the rise following hacking attacks against Rolls-Royce and Royal Dutch Shell. The agency, known as MI5, recently sent letters to some 300 banks, accounting and legal firms warning that “state organizations” of China were plying their networks for information, according to the Times of London on Monday. The U.K. government refused on Monday to confirm the letters. However, the reported correspondence comes just a month after the U.K.’s top domestic intelligence officer warned of “high levels” of covert activity by at least 20 foreign intelligence agencies, with Russia and China as the most active. The Times, quoting an unnamed source, reported that Rolls-Royce’s network was infected with a Trojan horse program by Chinese hackers that sent information back to a remote server. Dutch Shell uncovered a Chinese spying ring in Houston, aimed at pilfering confidential pricing information for the oil giant’s operations in Africa, the paper said, citing “security sources.” The rise in hacking originating in China and Russia has been well-documented by security researchers. But it has been harder to distinguish between state-sponsored hackers and those just operating in the same geographic region, said a senior technology consultant for security firm Sophos PLC. Some 30 percent of the malicious software created is written by Chinese, he said, but about 17 percent of those programs are designed to steal the passwords of users who play online games rather than intended for industrial espionage, he said.

Communications Sector

35. December 3, Techlinks – (National) McAfee partners with Cox Communications to provide comprehensive security suite. In a press release Monday, McAfee, Inc. announced a partnership with the U.S. cable provider Cox Communications to deliver the Cox Security Suite powered by McAfee to all Cox High Speed Internet customers. “We recognize that safe and secure high-speed Internet access is critical to our customers, and we pride ourselves on offering powerful PC and online protection from viruses, hackers and spyware,” said the director of product development for Cox. “Our new security offering powered by McAfee will enable consumers to do everything from surfing the Web to shopping online with much greater peace of mind.” Under the terms of the agreement, the new Cox Security Suite powered by McAfee will launch in early 2008, and will help protect consumers from a wide variety of computer and Internet threats with McAfee VirusScan Plus, McAfee Privacy Service and McAfee SiteAdvisor. A McAfee rep said “the recently released National Cyber Security Alliance online security study showed more than 90 percent of consumers think they are protected against online threats, while less than half actually have sufficient protection. Our partnership with Cox will expand security education, while protecting their customers to help them enjoy the Internet the way it was designed to be used.”