Monday, December 17, 2007

Daily Report

• The NRC announced that as a result of recent reports of inattentive security guards at some
nuclear power plants, operators of commercial nuclear power plants and certain fuel cycle
facilities must provide specific information to the agency on their security programs and
practices. The NRC will review the information to determine if additional regulatory
actions are warranted. (See item

• Reuters reports that federal health experts from the CDC will begin testing for
formaldehyde in trailers provided to people displaced by Hurricane Katrina after
complaints of health problems. The CDC is doing the job at the request of FEMA, who
bought the trailers to provide temporary housing for displaced Gulf Coast residents. (See

Information Technology

20. December 13, Reuters – (International) Russian computer program fakes chatroom flirting. Internet chatroom romantics beware: your next chat may be with a clinical computer, not a passionate person, trying to win your personal data and not your heart, an online security firm says. An Australian anti-virus software firm, PC Tools, has warned that the software could be abused by identity fraudsters trying to harvest people’s personal details online. The Russian site denied it was intended for identity fraud. A spokesman for PC Tools said the program had a “terrifyingly well-organized” interaction that could fool users into giving up personal details and could easily be converted to work in other languages. “As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” a Senior Malware Analyst at PC Tools said in a statement.

21. December 13, MacWorld – (National) QuickTime update fixes security issues. Apple released an update on Thursday for QuickTime that fixes several security issues in the application. Fixed in QuickTime 7.3.1 is the application’s handling of Real Time Streaming Protocol (RTSP) headers that allowed arbitrary code execution. This security issue was found in late November and a proof-of-concept was published days after it was discovered. The final security issues fixed in this update include multiple vulnerabilities in QuickTime’s Flash media handler. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe, according to Apple.

22. December 12, MacWorld – (International) iPhone malware attacks set to go big in 2008? Security researchers are warning that the iPhone may generate a new cybercrime wave, becoming “a primary target for hackers in 2008.” Researchers predict drive-by attacks in which malware is embedded into seemingly harmless data or images designed to attack iPhone via its web browser. Arbor Networks warns of a rise in ‘Chinese on Chinese’ cybercrime in the year ahead, noting a dramatic increase in attacks on Chinese language-specific software. This reflects fast-paced increases in Chinese computer users and increasing organization among China’s cybercriminals. “2007 was the year of the browser exploit, the data breach, spyware, and the storm worm. We expect 2008 to be the year of the iPhone attack, the Chinese Hacker, P2P network spammers, and the hijacking of the Storm botnet,” Arbor Networks said.

Communications Sector

Nothing to report.