Thursday, December 13, 2007

Daily Report

• The Star-Telegram reports that a pilot program featuring a carry-on-baggage screening machine will go on line Saturday at Dallas/Fort Worth Airport’s Terminal D north security checkpoint. The new system creates three-dimensional representations of a bag’s contents using technology similar to medical CT scans and does not require the contents to be removed. (See item 11)

• The Federal Emergency Management Agency announced that it would host Operation PANEX ‘07, a joint federal-state exercise to strengthen contingency plans for an influenza pandemic. The participants will involve key federal agencies including the Departments of Homeland Security, Health and Human Services, and Defense in partnership with their counterparts in the six New England states. (See item 23 )

Information Technology

24. December 12, IDG News Service – (National) US-CERT: Attackers targeting Microsoft Access files. Online criminals are exploiting a flaw in the Microsoft Office Access database to install unauthorized software on computers, the U.S. Computer Emergency Readiness Team (US-CERT) warned in a brief warning on Monday. USCERT offered few details on the attack, saying simply that the organization is “aware of active exploitation” of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims. These files are “designed for the sole purpose of executing commands,” so they should not be accepted from un-trusted sources, Microsoft said in a note on its Web site. The senior manager for Symantec Corp.’s security response expressed surprise at the attacks as .mdb files “are not something that the average user would come across on a daily basis…” and they “are blocked by default in most installations of Internet Explorer and Outlook Express.”

25. December 12, Register – (National) Three critical fixes star in patch Tuesday. Three of the seven patches Microsoft released on Tuesday were rated “critical,” which is the highest ranking Microsoft uses. These patches were meant to fix flaws in handling streaming media by Microsoft DirectX, bugs in Windows Media Format Runtime, and multiple vulnerabilities in Internet Explorer, all of which pose a severe risk. In all three cases, the vulnerabilities addressed by the update create a possible means for hackers and cyber-criminals to smuggle malware onto, or otherwise attack, vulnerable computers. Hackers are actively exploiting one of the flaws in IE to attack vulnerable machines, the SANS Institute’s Internet Storm Centre warns. The remaining four “important” updates address a number of flaws, including some in Windows Vista and a security bug in DRM software from Macrovision that comes bundled with Windows. In November, Macrovision issued a patch to address flaws in its SafeDisk utility that have become the target of various attacks by crackers.

26. December 12, – (Ohio) Ohio gets the message on data breaches. After announcing in September that a computer tape containing information on approximately 85,000 current and former state employees and another 47,000 tax payers had been stolen from a car, the State of Ohio has signed a contract with McAfee for 60,000 licenses of its Safe Boot encryption program. The Ohio breach occurred when a back-up computer tape was stolen out of a car that belonged to an employee of the state. That employee, an intern, was specifically tasked with transporting the tape, which contained names, Social Security numbers, and other identifying information on 64,467 state employees, 19,388 former employees, and another 47,245 tax payers. It was completely unencrypted, meaning the data would be easily accessible. The tape’s loss is expected to cost the state around $3 million in direct costs. The state will start using the new software early next year.

Communications Sector

27. December 10, Associated Press – (National) Young, poor prefer cell phones. More than one in eight households have cell phones but lack traditional, landline telephones, according to a federal study released Monday that tracks the country’s growing dependence on wireless phones. The data, reported twice a year, suggested that the number of households relying solely on cell phones may be growing more slowly than it had in the past. But the researchers said the slowdown might be due to changes in their survey, including altering the order of some questions and some of the wording. The growth of families reachable only by cell phone has been of special interest to the telephone industry, providers of 911 emergency services, and public and private polling organizations. The federal data showed once again that young, poor, male, and Hispanic people are likelier to have only wireless telephone service.