Friday, February 1, 2008

Daily Report

• According to the Associated Press, the new rules for the types of identification U.S. or

Canadian citizens must present to cross into the country should not cause significant delays and will not be strictly enforced at first. These rules come into effect on January 31. (See item 15)

• The Associated Press obtained hundreds of pages of heavily censored files detailing the February 2006 “Cyber Storm” war game conducted by the DHS with the help of numerous other government departments and agencies. The exercise was run to test the nation’s hacker defenses, simulating what were described as plausible, detailed attacks against the technology industry, transportation lines, and energy utilities by anti-globalization hackers. A second run, “Cyber Storm 2,” is planned for March. (See item 27)

Information Technology

27. January 31, Associated Press – (National) Trains, bloggers are threats in US drill. It is the government’s idea of a really bad day: Washington’s Metro trains shut down. Seaport computers in New York go dark. Bloggers reveal locations of railcars with hazardous materials. Airport control towers are disrupted in Philadelphia and Chicago. Overseas, a mysterious liquid is found on London’s subway. Those incidents were among dozens of detailed, mock disasters confronting officials rapid-fire in the U.S. government’s biggest-ever “Cyber Storm” war game, according to hundreds of pages of heavily censored files obtained by the Associated Press. The Homeland Security Department ran the exercise to test the nation’s hacker defenses, with help from the State Department, Pentagon, Justice Department, CIA, National Security Agency, and others. The laundry list of fictional catastrophes – which include hundreds of people on “No Fly” lists suddenly arriving at airport ticket counters – is significant because it suggests what kind of real-world trouble keeps people in the White House awake at night. Imagined villains include hackers, bloggers, and even reporters. After mock electronic attacks overwhelmed computers at the Port Authority of New York and New Jersey, an unspecified “major news network” airing reports about the attackers refused to reveal its sources to the government. Other simulated reporters were duped into spreading “believable but misleading” information that worsened fallout by confusing the public and financial markets, according to the government’s files. The $3 million, invitation-only war game simulated what the U.S. described as plausible attacks over five days in February 2006 against the technology industry, transportation lines, and energy utilities by anti-globalization hackers. The incidents were divided among categories: computer attacks, physical attacks, or psychological operations. The exercise had no impact on the real Internet. Officials said they were careful to simulate attacks only using isolated computers, working from basement offices at the Secret Service’s headquarters in downtown Washington. However, the government’s files hint at a tantalizing mystery: In the middle of the war game, someone quietly attacked the very computers used to conduct the exercise. Perplexed organizers traced the incident to overzealous players and sent everyone an urgent e-mail marked “IMPORTANT!” reminding them not to probe or attack the game computers. The government is organizing another multimillion-dollar war game, Cyber Storm 2, to take place in early March.
Source:

http://news.yahoo.com/s/ap/20080131/ap_on_go_ca_st_pe/cyber_storm;_ylt=AjIUA7JpdaOB_a7rOwdWpLqDzdAF

Communications Sector

28. January 31, Associated Press – (International) Indian outsourcing firms hit hard by Internet outage. India’s lucrative outsourcing industry struggled Thursday to overcome Internet slowdowns and outages after cuts in two undersea cables sliced the country’s bandwidth in half. The disruption – which has hit a swath of users from Egypt to Bangladesh – began to affect much of the Middle East on Wednesday, when outages caused a slowdown in traffic on Dubai’s stock exchange. The cables, which lie off the coast of Egypt in the Mediterranean, were snapped as the working day was ending in India on Wednesday and the impact was not immediately apparent. But by Thursday, the Internet was sluggish across the country with some users unable to connect at all and others frustrated by spotty service. The Internet Service Providers’ Association of India said the country had lost half its bandwidth. In all, users in India, Pakistan, Egypt, Qatar, Saudi Arabia, the United Arab Emirates, Kuwait, and Bahrain were affected. Engineers in several countries were scrambling to reroute traffic to satellites and to other cables. The biggest impact to the rest of the world could come from the outages across India, where many U.S. companies outsource customer-service call centers and other back office operations. Officials said it could take a week or more to fix the cables, apparently cut north of the Egyptian port city of Alexandria. A top Egyptian telecommunications official said that workers would not know for sure what caused the cuts until they are able to get repair ships and divers to the area, though there was speculation a ship’s anchor was to blame. Rough weather and seas prevented repair ships from getting to the site Wednesday, the official said and it was unclear how soon they could get there. Even once the repair workers arrive at the site, it could take as long as a week to repair the cable, the official said. India has built up massive amounts of bandwidth in recent years and is likely to be able to handle the situation without major economic losses, analysts said.
Source:
http://www.foxnews.com/story/0,2933,326988,00.html

29. January 30, Ars Technica – (International) US tops world Connectivity Scorecard despite broadband ills. When it comes to using information technology well, people power is as important as wires, chips, and radio signals. That is one of the assumptions driving the new Connectivity Scorecard benchmark put together by a researcher from the London Business School. The study found that the U.S. takes the worldwide lead on “connectivity” when measured in this way, but sub-par broadband infrastructure holds the country back. The study was sponsored by Nokia Siemens, and it attempts to measure how “usefully connected” countries are, not just how much raw infrastructure they possess. As the author put it, only “smart” usage “helps make Connectivity a driver of productivity gains and hence economic growth.” Because of this focus, the scorecard rankings look a bit different than other, similar charts. Korea comes in tenth, for instance, even though it is a top performer on most technology metrics. According to the research, though, “very high performance in infrastructure is not matched by correspondingly high scores on usage measures, especially by businesses.” Despite being docked for broadband, the U.S. skill set and deep level of IT use among businesses put the country on top. Sweden and Japan take the next two spots. The highest possible score was ten, and the fact that no country scored higher than a seven shows that there is plenty of room for growth. No country did well on all metrics, either. Even the U.S., which led the field, did not rank first in any of the main areas (business, consumer, and government), and the report points out that certain functions like mobile banking are actually “better developed in African countries than in the U.S. or Canada.” Among developing economies, Russia and Malaysia took the top two spots for their high literacy rates and wide usage of IT.
Source:
http://arstechnica.com/news.ars/post/20080130-us-tops-world-connectivityscorecard-despite-broadband-ills.html

Thursday, January 31, 2008

Daily Report

• According to MSNBC, at least 17,000 bridges in the U.S. went more than two years between safety inspections. In an analysis of recently released federal records, researchers learned that included in that number were 2,728 bridges, which had already been labeled as deficient or obsolete. (See item 13)

• Medical News Today reports that researchers at the Georgia Tech Research Institute, in collaboration with Austin-based Stellar Micro Devices, Inc., have developed prototypes of a rapid, non-disruptive, and inexpensive method that could be used to decontaminate bioterrorism hazards in the future. Using flat panel modules that produce X-rays and ultraviolet-C light simultaneously, the researchers can kill anthrax spores in two to three hours without any lingering effects. The system also has the ability to kill anthrax spores hidden in places like computer keyboards without causing damage. (See item 18)

Information Technology

24. January 30, Computerworld – (National) New attack proves critical Windows bug ‘highly exploitable.’ Security researchers yesterday said they had discredited Microsoft’s claim that the year’s first critical Windows vulnerability would be “difficult and unlikely” to be exploited by attackers. On Tuesday, Immunity Inc. updated a working exploit for the TCP/IP flaw spelled out January 8 in Microsoft’s MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site. The exploit, which was released to customers of its CANVAS penetration testing software but is not available to the public, was a revised version of code first issued two weeks ago. “This demonstrates conclusively that the MS08-001 IGMPv3 vulnerability is highly exploitable,” Immunity’s chief technology officer, in a message to his security mailing list. The assertion challenged Microsoft’s earlier assessment that “there are a number of factors that make exploitation of this issue difficult and unlikely in real-world conditions.” Immunity did acknowledge that its newest exploit was not 100 percent reliable, however. Other security companies reacted to the revamped attack code and Flash proof by issuing new alerts. Symantec Corp., for instance, sent a new warning to customers of its DeepSight threat network. “The exploit demonstrates remote code execution,” noted Symantec. “The exploit works against Windows XP SP2 English Default [and shows] two Windows XP SP2 computers on a local subnet with firewall enabled being compromised.” It urged users who have not already deployed the patches Microsoft issued January 8 to do immediately. Previously, Immunity had called out the IGMP (Internet Group Management Protocol) vulnerability as a potential blockbuster for 2008. In a detailed analysis of the flaw and its exploitation, Symantec agreed that the reward to hackers would be large even if replicating Immunity’s work might be tough.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060118&source=rss_topic17

Communications Sector

25. January 30, Associated Press – (International) Damaged cable cuts Internet in Mideast. Internet outages disrupted business and personal usage across a wide part of the Middle East on Wednesday after an undersea cable in the Mediterranean was damaged, government officials and Internet service providers said. In Cairo, the Ministry of Communications and Information Technology said the cut in the international communications cable had led to a partial disruption of Internet services and other telecommunications across much of Egypt. Emergency teams were quickly trying to find alternative routes, including satellite connections, to end the disruptions, a minister said. But service was still slow or nonexistent by late afternoon Wednesday. A telecommunications expert at the Egyptian communications ministry said the government was “engaged in efforts to try and overcome the consequences of the problem” but cautioned that “solving this could take days.” Internet service also was disrupted in Dubai in the United Arab Emirates, which markets itself as a top Mideast business and luxury tourist hub. Both Internet service providers said international telephone service was also affected. One of the ISPs, DU, was completely down in the morning; browsing remained very slow even after DU restored Internet service by the afternoon. It was not clear what caused the damage to the cable. An official who works in the customer care department of DU blamed a fault on a submarine cable located between Alexandria, Egypt, and Palermo, Italy. A staffer at a Saudi ISP said that they were told that a cable rupture was the cause of the problem, which began early Wednesday.
Source: http://biz.yahoo.com/ap/080130/mideast_internet_outages.html?.v=5

Wednesday, January 30, 2008

Daily Report

• According to the Knoxville News Sentinel, three workers were contaminated with radioactivity January 16 while unpacking a shipping container at the EnergySolutions waste-processing facility in Oakridge, Tennessee. There reportedly were a number of problems with the waste shipment that arrived from the U.S. Enrichment Corp. (USEC) in Portsmouth, Ohio. A spokeswoman said the innermost container spilled some of its radioactive contents. However, there were several protective over-packs in the shipping container, so none of the material was released to the environment during the transportation from Ohio to Tennessee. (See item 5)

• The Associated Press reports that the airplane, which had been named in a threatening phone call, was moved to a remote part of Los Angeles International Airport after it landed Monday. An FBI spokeswoman said the move Monday afternoon was strictly precautionary and that the person who made the call to a law enforcement agency is under investigation. (See item 11)

Information Technology

23. January 29, Inquirer – (National) Cybercrooks come up with new ideas. Cybercriminals are apparently coming up with more crafty and sophisticated ways to hack data now that owners are installing firewalls and virus checkers. According to USA Today, the latest technique is to attack home network routers instead of PC hard-drives. Another uses hacked PCs to click on Internet adverts to generate ad payments. A senior researcher at security firm ScanSafe said that attacks were becoming more frequent and continue to grow increasingly more sophisticated in 2008. The router hack seems to be the brain child of one particular gang which has successfully used it to get money out of a Mexican bank. This involves sending out tainted e-mail greeting card that, when opened, give the intruders control of the recipient’s router. It only worked on one router model, but fortunately for the crooks it just happened to be one run by the bank. A Symantec spokesman said that the attack was so successful it was almost certain to be copied by others who would use other router brands.
Source:
http://www.theinquirer.net/gb/inquirer/news/2008/01/29/cybercrooks-comeideas

24. January 28, Dark Reading – (National) Exploit could taint forensics. What if a hacker could taint your forensics investigation with an exploit? That is one of the scarier risks associated with cross-site request forgery (CSRF), a common and stealthy vulnerability found in many Web applications. CSRF can be used by an attacker to force a user’s browser to conduct searches on behalf of the attacker, grab files or pages, post messages to online forums, and even make changes to the user’s Website accounts. So when an organization is conducting either its regular Internet monitoring of inappropriate use by its users, or a full-blown forensics investigation, a CSRF exploit could falsely implicate an innocent user, says a principal consultant with Mandiant, who will give a presentation on this topic at Black Hat D.C. next month. These investigations often rely on a user’s Web browser cache and history to reconstruct a user’s suspicious activity, so if the user’s machine is infected with CSRF, that data is not reliable and an innocent user could be mistakenly accused of wrongdoing when it was actually an attacker behind it. “Without them knowing it, the [exploit] could be transparently making Web pages and loading pages in the background they don’t know are there,” the consultant says. “And there’s also typically a lot of traffic going out from the browser as well.” A CSRF attack on the user’s browser eventually could be raised as a defense in a case, he notes, so an investigator needs to take that possibility that into account during an investigation. “Was the bad activity in the cache or history not actually done by that person? You need to proactively look at that.”
Source:
http://www.darkreading.com/document.asp?doc_id=144350

25. January 28, SC Magazine – (National) Super Bowl blitz begins: Bogus sites with malware pop up. Security researchers have warned that malware-laced bogus Super Bowl websites have begun appearing, the first wave of what is expected to be a major campaign of game-related cyberattacks. Trend Micro’s TrendLabs reported on its blog that it has detected two malware-infected sites with similar sounding URLs to the official Super Bowl XLII game site. According to TrendLabs, the two malware sites – including the words “www-superbowl.html” and “www-superbowlcom.html” in their URLs – were found in the servers of a Czech hosting provider believed to have been hacked. TrendLabs said in its blog posting that it contacted the Czech CERT and the Czech hosting provider after detecting the malicious code. The two malware sites are turning up in search results when users search Google for “Superbowl,” TrendLabs said. The vice president of security research at Websense told SCMagazineUS.com last week that the most likely form of attack to materialize in the run-up to the February 3 game will be botnet-generated phishing emails delivered in messages with Super Bowl related subjects.
Source:
http://www.scmagazineus.com/Super-Bowl-blitz-begins-Bogus-sites-withmalware-pop-up/article/104610/

Communications Sector

Nothing to report.

Tuesday, January 29, 2008

Daily Report

• According to the EE Times, cybersecurity standards to protect the nation’s power grid from disruption were approved by the Federal Electric Regulatory Commission (FERC) earlier this month. The new standards will require energy companies to identify and document risks and vulnerabilities and establish controls to secure critical assets from sabotage. (See item 3)

• CNN reports that a covert tester for the Transportation Security Administration managed to enter the Tampa International airport with a bomb strapped to his back, despite having setting off the scanner and having been patted down. TSA officials say this test demonstrates the type of systemic vulnerability that the agency is working to expose and address. (See item 10)

Information Technology

26. January 28, Computerworld – (National) Most malware is launched from legit web sites. The majority of Web sites serving up attack code are legitimate domains that have been hacked by criminals, according to security research firm Websense Inc. In a report released last week, San Diego-based Websense said that credible sites accounted for 51 percent of those classified as malicious. Hacking legitimate sites so that they can sling malware gives attackers distinct advantages, said the vice president of security research at Websense. He noted that hackers have been aided by “the growth in social networking sites and blogs, where security is just not one of the ingredients. Hackers are saying, ‘It’s easier to put our malware on these sites than to build our own.’”
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=cybercrime_and_hacking&articleId=311713&taxonomyId=82&intsrc=kc_top

27. January 27, Computerworld – (National) Windows Home Server vulnerable to critical bug, too. For the second time in three days, Microsoft Corp. added another product to the list of those vulnerable to a critical bug patched nearly three weeks ago. Windows Home Server, the company’s newest operating system, is also at risk to the vulnerabilities spelled out by the MS08-001 security bulletin, according to a Friday update. The advisory, first issued on January 8 -- and then fingered by researchers as the month’s most pressing -- was revised Wednesday, when Microsoft announced that Windows Small Business Server was at risk. Neither Windows Home Server nor Small Business Server had been among the versions mentioned in the original bulletin. The initial bulletin had pegged the threat to Windows Server 2003 as “important,” the second highest rating in Microsoft’s four-step scoring system. But it was later rated as “critical” for Windows Home Server and Small Business Server. According to Microsoft, the vulnerability can be exploited by sending malicious data packets to unsuspecting users, who could find their PCs infected with malware or under the control of others. Within 10 days of Microsoft posting its first patches, researchers had produced proof-of-concept exploits, claiming that the company had overestimated the difficulty in crafting attack code. Windows Home Server owners have been offered the patch via the software’s update mechanism, Microsoft said in the revised bulletin. Microsoft did not say why it had not identified Windows Home Server or Small Business Server as vulnerable and requiring repair when it first issued updates earlier this month.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9059378&intsrc=hm_list

Communications Sector

28. January 28, Wall Street Journal – (National) FCC pushes to overhaul subsidy program for rural phones. Alarmed at the growth of a multibillion-dollar federal phone-subsidy program, regulators are beginning an effort to curb costs and prevent consumers from paying more in fees. As soon as Monday, the Federal Communications Commission is expected to open for public comment several proposals to revamp the Universal Service Fund, which subsidizes phone services for low-income and rural customers. The program’s budget ballooned to about $7 billion last year from $5.2 billion in 2002 as more companies sought to tap the federal revenue stream -- a transfer of money collected from consumers through surcharges on phone bills. The charge is usually found on a phone bill itemized as a “federal universal service charge.” One proposed change calls for using a reverse-auction system to pick which phone companies receive multimillion-dollar payments for providing phone service in rural areas. A separate plan would lower the amount of money wireless companies receive to offer service in rural areas. For the first time, the FCC also will look into whether money should be set aside to subsidize broadband Internet lines.
Source:

http://online.wsj.com/article/SB120148455929220793.html?mod=googlenews_wsj

29. January 28, Associated Press – (National) Cell phone can read documents for blind. A National Federation of the Blind (NFB) cell phone that incorporates text-to-speech software will soon be commercially available. The software reads images photographed by the phone, allowing blind users to decipher anything that is photographed, whether it is a restaurant menu, a phone book or a fax. The phone can scan limited amounts of text, read it aloud, and even translate from other languages. Future versions of the device will recognize faces, identify rooms, and translate text from other languages for the blind and the sighted. The inventor plans to begin marketing the cell phone in February through KNFB Reading Technology. The software will cost $1,595 and the cell phone is expected to cost about $500.
Source:

http://news.yahoo.com/s/ap/20080128/ap_on_hi_te/blind_cell_phone;_ylt=AiCVvT3htQfQSe9eM16oO5H67rEF

Monday, January 28, 2008

Daily Report

• According to the Associated Press, a teenage passenger was arrested in Nashville for plotting to hijack a plane from Los Angeles to Nashville, the FBI said Friday. The official said the teen had handcuffs, rope, and duct tape in his bag and was believed to be traveling alone. The teen is believed to be suicidal, he said. (See item 11)

• KTAR 92.3 Phoenix reports that emergency personnel in Arizona are working overtime to make sure everyone stays safe during the upcoming Superbowl and Golf Tournament, both of which are taking place in the Phoenix area on the weekend of February 2. They have enhanced their biological and chemical terrorism surveillance systems within the State Public Health Laboratory. Authorities said there have been no terror threats against the Super Bowl to date. (See item 31)

Information Technology

27. January 24, Vnunet – (International) Stakeholders gear up for e-Crime Congress 2008. Over 500 delegates from global businesses, governments, and law enforcement agencies will meet in London in March at the e-Crime Congress 2008 to discuss cyberthreats and electronic crime. Identity theft and fraud continue to threaten security and consumer confidence, but last year saw an increasing number of attacks on the IT infrastructure of companies and governments. A senior architect at security firm MessageLabs told vnunet.com in a recent interview about a shadow economy in the underground world of hackers, which closely mimics traditional economic models.
Source:
http://www.vnunet.com/vnunet/news/2207989/stakeholders-tackle-cyber-crime

28. January 24, ZDNet News – (International) Symantec warns of router compromise. Security company Symantec has warned of an attack involving the subversion of routers. The security company said this was the first time it had seen such an attack “in the wild.” In the attack, which targeted users of an undisclosed Mexican bank, the intended victims received a spam e-mail claiming they had received an e-card, directing them to gusanto.com, a Spanish-language e-card site. However, the e-mail also had embedded HTML image tags that contained an HTTP get-request to the router to change its Domain Name System settings, according to Symantec’s U.K. manager of quality assurance. The HTTP get-request redirects traffic flowing over the router to a specific IP address when the user attempts to access six domain names that are banking-related. Symantec requested that ZDNet U.K. not publish the IP address. The attack is made possible by a cross-site scripting vulnerability in routers made by broadband-equipment company 2Wire that was reported in August last year, according to Symantec.
Source:
http://news.zdnet.com/2100-1009_22-6227502.html

Communications Sector

29. January 25, Post and Courier – (South Carolina) Task force to promote broadband access. A group of local community and business leaders has formed a task force to help roll out broadband Internet access to more of Charleston’s minorities and low-income residents. The 22-person council was announced this week by the Alliance for Digital Equality, a year-old Atlanta-based nonprofit devoted to finding ways to bridge the “digital divide” between minority and majority communities. South Carolina is plugging into broadband much more slowly than the rest of the country. At the end of 2006, 34 percent of South Carolina homes had a high-speed Internet line, compared with 46 percent of all U.S. homes, according to the Federal Communications Commission and the Census Bureau. The Alliance for Digital Equality is organizing similar councils in Atlanta, Detroit, Houston, and Miami. Its goal is to bring together elected officials, consumers and the business leaders to educate minority communities about the importance and benefits of broadband usage.
Source:

http://www.charleston.net/news/2008/jan/25/task_force_promote_broadband_access28590/

30. January 24, Computerworld – (National) FCC auction reaches $2.8B for 700-MHz wireless licenses. At the close of the first full day of bidding for 700-MHz wireless spectrum today, the Federal Communications Commission reported nearly $2.8 billion in provisional winning bids. There were 1,122 new bids filed in the second of two rounds that were held in the afternoon. The total value of all provisional bid winners jumped 15 percent from the morning bidding round, when $2.4 billion was offered. A total of 1,099 licenses can be bid upon, although only 902 had received bids by the end of the day. All the bids are filed anonymously and bidders are prohibited from publicly discussing their bids in an effort to reduce anticompetitive behavior, the FCC said.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=mobile_and_wireless&articleId=9058946&taxonomyId=15

Friday, January 25, 2008

Daily Report

• The Miami Herald is reporting Florida Power & Light (FPL) is facing $208,000 in federal fines because firing pins were removed from the weapons of Wackenhut guards at its Turkey Point nuclear power plant in Florida. The Nuclear Regulatory Commission’s announcement Tuesday listed four violations: two for “willfully failing to properly equip” armed guards, one for failing to promptly report the incident, and the fourth for providing incomplete and inaccurate information about the incident. (See item 6)

• According to Computerworld, an Arabic-language Web site, hosted on a server located in Tampa, Florida, is offering a new version of software that was designed to help al-Qaeda supporters encrypt their Internet communications. The tool is being distributed free of charge on a password-protected Web site that belongs to an Islamic forum known as al-Ekhlaas, according to Secure Computing and a blog posting by MEMRI. (See item 26)

Information Technology

25. January 24, IDG News Service – (National) Windows Small Business Server at risk from critical flaw. Microsoft said Wednesday that another one of its operating system products is susceptible to a critical vulnerability, first patched two weeks ago. In an update to its MSO8-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows’ networking software. The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product’s users were being offered patches via Microsoft’s various automatic update services. “Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure,” Microsoft said in its updated bulletin. The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft said that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system. Microsoft rates the flaw as “important” for Windows Server 2003, meaning that it would be more difficult for attackers to exploit the flaw on this operating system.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9058759&taxonomyId=17&intsrc=kc_top

26. January 23, Computerworld – (International) U.S. Web site said to offer strengthened encryption tool for al-Qaeda backers. An Arabic-language Web site hosted on a server located in Tampa, Florida, is apparently offering a new version of software that was designed to help al-Qaeda supporters encrypt their Internet communications. The new encryption tool is called Mujahideen Secrets 2 and appears to be an updated version of easier-to-crack software that was released early last year, said the vice president of technology evangelism at Secure Computing Corp. The tool is being distributed free of charge on a password-protected Web site that belongs to an Islamic forum known as al- Ekhlaas, according to Secure Computing and a blog posting by the Middle East Media Research Institute. MEMRI is a Washington-based organization that monitors what it describes as jihadist Web sites and publishes translations of online content originally posted in Arabic, Persian, or Turkish. The vice president said that he contacted the FBI about the al-Ekhlaas site and its contents last weekend. But as of Wednesday afternoon, the site was still up and running. A Reuters story posted January 18 and datelined Dubai, quoted the al-Ekhlaas Web site as saying that the new release was a “special edition” of the encryption tool created “in order to support the mujahideen in general and the Islamic State in Iraq in particular.” That organization was described by Reuters as being linked to al-Qaeda. Efforts by groups that support al-Qaeda to develop their own encryption tools appear to be driven by concerns about possible back doors being built into publicly available encryption software, the Secure Computing representative said. He added that the upgraded Mujahideen Secrets tool could cause problems for law enforcement and antiterrorism agencies that are tracking the activities of such groups.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=17&articleId=9058619&intsrc=hm_topic

Communications Sector

27. January 24, Burlington Free Press – (Vermont) Rural towns bundling a blueprint for broadband. Using Burlington Telecom’s municipal broadband network as a model, 22 rural Vermont towns are poised to pool their resources and launch a fiber-optic project that could go online by the end of 2009. Members of the East Central Vermont Community Fiber Network announced Wednesday that formal agreements are in the works from Windsor to Montpelier that would bring the strength of numbers – and attractive financing -- to universal broadband Internet coverage. The group’s leadership presented the project at a board meeting of the Vermont Telecommunications Authority held Wednesday. The presenters made no funding requests, but asked the state board for support with credit and regulatory hurdles. The chairman of the Strafford Selectboard said commercial broadband providers could not meet the needs of rural Vermonters. “These fiber-optic connections are absolute necessities; not luxuries,” he said. “We need them for our economical and cultural development.” More than 1,000 residents in his area have registered for service, he said. About half of the population targeted by the East Central Vermont Community Fiber Network has no broadband service. Earlier attempts to serve rural areas with broadband, including state-funded pilot wireless systems, have fallen short of fiber-optic’s technical advantages. The East Central Vermont Community Fiber Network, said one participant, would permit an “overlay” of wireless coverage that could accommodate data or voice transmissions.
Source:

http://www.burlingtonfreepress.com/apps/pbcs.dll/article?AID=/20080124/NEWS02/801240322/1007

Thursday, January 24, 2008

Daily Report

• Purdue University News reports that researchers at the university are working with the state of Indiana to develop a system that would use a network of sensor-equipped cell phones to detect radiation sources, including possible radiological “dirty bombs” and nuclear weapons. By adding sensitive, but small radiation sensors to cell phones, which already contain GPS locators, researchers say they could enable a network of phones to function as a tracking system. (See items 7)

• According to Reuters, a new GAO report states that vaccines and drugs will not be enough to slow or prevent a pandemic of influenza, which global health experts almost universally agree is overdue. Supplies of antiviral drugs are low and a vaccine would have to be formulated to match the precise strain causing the pandemic. (See item 25)

Information Technology

30. January 23, SCMagazineUS.com – (International) China has penetrated key U.S. databases: SANS director. An aggressive, non-stop campaign by China to penetrate key government and industry databases in the United States already has succeeded and the United States urgently needs to monitor all internet traffic to critical government and private-sector networks “to find the enemy within,” the SANS Institute’s director of research told SCMagazineUS.com. He said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China’s People’s Liberation Army. The “smoking guns” pointing to a government-directed effort are keystroke logs of the attacks, which have been devoid of errors usually found in amateur hack attacks, the use of spear phishing to gain entry into computer networks, and the massively repetitive nature of the assault, the SANS research director said. SANS earlier this week placed espionage from China and other nations near the top of its annual list of cybersecurity menaces, reporting that targeted spear phishing is the weapon of choice used in the assault on U.S. databases and those of its allies.
Source:
http://scmagazine.com/uk/news/article/778689/china-penetrated-key-usdatabases-sans-director/

31. January 22, ars technica – (National) Compromised web sites serve more malware than malicious ones. According to security firm WebSense, the number of legitimate web sites that have been hacked and are distributing or enabling various types of malware attacks is greater than the number of malicious sites created specifically for that purpose. The company’s latest report discusses this trend, along with the tremendous impact the Storm Worm had on the Internet through all of 2007. As WebSense states, there is a clear advantage to infecting a legitimate site that comes with its own built-in traffic and a user base. The type of theft varies depending on the site. Personal data and credit card information are the most obvious acquisition targets, but online gaming account theft and click-fraud are apparently common as well. It is well known that there are forums, discussion groups, and IRC channels devoted to the topics of which web sites are known to be vulnerable. The problem also runs deeper than simply educating administrators about security vulnerabilities in the software that they use -- locating the correct host provider for any particular web space can be difficult, and many sites do not fall off WebSense’s malicious site blacklist quickly, sometimes remaining there for weeks or even months after being notified of a problem.
Source:
http://arstechnica.com/news.ars/post/20080122-compromised-websites-servemore-malware-than-malicious-ones.html

32. January 22, Network World – (National) First case of “drive-by pharming” identified in the wild. The theory is now a reality. Symantec reported Tuesday that drive-by pharming, in which a hacker changes the DNS settings on a customer’s broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild. The first drive-by pharming attack has been observed against a Mexican bank: “It’s associated with an e-mail pretending to be from a legitimate Spanish-language e-greeting card company, Gusanito.com,” says Symantec Security Response’s principal researcher. Inside the e-mail is an HTML image tag but instead of displaying images, it sends a request to the home router to tamper with it. In the e-mail evidence Symantec has examined, the code seeks to change 2Wire DSL routers to point the user’s Web browser to a fraudulent bank site that mimics the site of one of the largest Mexican banks. “So, whenever you’d want to go to the bank site, instead of the real one, you’d get the attacker’s fake site,” he says. For the home PC user, the danger is that this drive-by pharming attack is “so silent and there’s only subtle telltale signs that it’s occurring,” he adds. A white paper last year from Symantec and the Indiana University School of Informatics coined the term. At the time the researchers detailed the JavaScript-based security threat and said such an attack could hit up to 50 percent of home broadband users. Drive-by pharming can occur because home router equipment is often left configured with default log-in and password information and never changed.
Source:
http://www.networkworld.com/news/2008/012208-drive-by-pharming.html

Communications Sector

33. January 23, Associated Press – (National) AT&T may begin monitoring online traffic. AT&T Inc. may begin monitoring traffic over its online network in an effort to stamp out theft of copyrighted material, its chief executive said Wednesday. The company’s CEO told a conference at the World Economic Forum that the company was still evaluating what it would do about peer-to-peer networks, one of the largest drivers of online traffic, but also a common way to illegally exchange copyright files. “It’s like being in a store and watching someone steal a DVD. Do you act?” he asked.
Source:
http://www.msnbc.msn.com/id/22801800/

Wednesday, January 23, 2008

Daily Report

• USA Today reported that this month, handheld black lights and magnifying glasses will be distributed to airport screeners at the nation’s 800 airport checkpoints. These will be used to spot possible forgeries or tampering. (See items 12)

• According to Homeland Security Today, security for Super Bowl XLII is being described as “unprecedented,” and will include both covert and overt measures. The federal government’s terrorism threat assessment of the upcoming game makes clear that, while the Intelligence Community “has not identified a credible terrorist threat to Super Bowl XLII and its related events,” one of the three “key findings” of the nine-page threat assessment is that “the threats of greatest concern” during events like this “include individuals impersonating law enforcement and other security personnel and insiders to facilitate attacks.” (See item 27)

Information Technology

25. January 21, Computerworld – (International) The Internet is down -- now what? According to the recent Business Roundtable report, “Growing Business Dependence on the Internet — New Risks Require CEO Action,” there is a 10 to 20 percent chance of a “breakdown of the critical information infrastructure” in the next 10 years, brought on by “malicious code, coding error, natural disasters, [or] attacks by terrorists and other adversaries.” An Internet meltdown would result in reduced productivity and profits, falling stock prices, erosion of consumer spending and potentially a liquidity crisis, the report says. The organization based its conclusions on earlier risk analyses done by the World Economic Forum in Geneva. The director of public policy at The Business Roundtable, an association of CEOs from large U.S. companies, says business executives often fail to realize how dependent they have become on the public network — for e-mail, collaboration, e-commerce, public- facing and internal Web sites, and information retrieval by employees. He also notes that disaster recovery and business continuity plans often fail to take into account the threat an Internet disruption poses to a company and its suppliers. Moreover, business executives often mistakenly believe that government will take the lead in restoring network services in the face of an Internet failure, he says. “What we wanted to do in this report is say to CEOs, ‘You may not realize that whole segments of your business are almost completely dependent on the Internet, and it’s not enough to have a few IT specialists to help you respond to problems as they come up.’”
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=309873&intsrc=hm_list

Communications Sector

26. January 22, TechWorld.com – (National) Malicious MMS worm hits Nokia handsets. Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks. Fortinet’s threat response team warned on Monday that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include the Nokia 6600, 6630, 6680, 7610, N70, and N72 handsets. The malware is disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3, or Love.rm. Fortinet warned this is deceiving users into unknowingly installing the malicious software onto their phones. Unlike Microsoft Windows, SymbianOS types files based on their contents and not their extensions, so it is worth noting that recipients of infected MMS would still be presented with an installation dialogue upon “clicking” on the attachment. “Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software,” warned Fortinet. After installation, the worm harvests all the phone numbers located in the phone’s contact lists and targets them with a viral MMS carrying a SISpacked (Symbian Installation Source) version of the worm. In addition to harvesting these numbers, the malware also sends itself to generated numbers as well. Interestingly, all these numbers are located in China so far and belong to the same mobile phone operator. Some of these numbers have been verified to belong to actual customers, rather than being premium service numbers. The manager of Fortinet’s Threat Response Team, EMEA, and the man who conducted the research and discovered this malicious activity, told Techworld that this is not just another ‘theoretical’ mobile worm that nobody will ever encounter. “It is actual spreading in the wild,” he said, “although numbers are still pretty low.”
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=mobile_and_wireless&articleId=9058330&taxonomyId=15

Tuesday, January 22, 2008

Daily Report

• The According to Network World and other sources, the Federal Energy Regulatory Commission Friday approved eight “critical infrastructure protection” standards intended to protect the electric-power grid operated by the nation’s utilities from coming under cyberattack. The final, complete text of FERC’s regulatory order is expected out in the next few days, and the commission did indicate it expected the energy industry to improve its power-control systems, if need be, to meet the new security guidelines, in spite of previously voiced concerns. (See item 2)

• CBS News reported that the FAA called an emergency meeting after another near mid-air collision at New Jersey’s Newark Liberty Airport Wednesday, the second near miss in two months. The FAA is investigating the incident and the possibility that a “procedural error” caused a temporary loss of communication with one of two Continental Airlines flights that at one point came within 600 feet of each other. (See item 13)

Information Technology

25. January 18, Computerworld – (International) Skype plugs critical bug with temp move. Hackers can exploit newly uncovered vulnerabilities in Skype Ltd.’s popular chat and VoIP software to overtake a Windows PC, security researchers said Thursday. By Friday morning, Skype had confirmed one of the bugs, slapped the highest-possible vulnerability rating on it and temporarily disabled the feature used to exploit the flaw. Early on Thursday, a noted Israeli researcher had spelled out what he called a “cross-zone scripting vulnerability” in Skype that could be leveraged by attackers armed with malicious video files. The way in, he explained, was through a security door that Skype left wide open. “Skype uses [Microsoft Corp.’s] Internet Explorer Web control to render internal and external HTML pages,” he said Thursday. If an attacker manages to inject a malicious script into any of those HTML pages, he can completely compromise the machine. In a demonstration, he posted a video file to the Dailymotion video-sharing service that, when called using the software’s Add Video to Chat feature, runs harmless arbitrary code. The exploit relied on a separate cross-site scripting vulnerability on Dailymotion, which is one of Skype’s video partners. The innocuous demo, however, could be replaced by attack code of the hacker’s choice. “An attacker can now upload a movie, set a kewl popular keyword, and own any user that will search for a video with those keywords through Skype,” he noted. Early Friday, Skype posted a security advisory that acknowledged the cross-zone scripting bug, saying that it affected all Windows versions of the software, including 3.5 and the most-up-to-date 3.6. Skype also pegged the flaw as a “10” in the Common Vulnerability Scoring System, the highest rating allowed by the security industry’s standard bug ranking system. Skype does not yet have a patch in place; so instead, it simply shut off access to Dailymotion. “Skype has temporarily disabled users’ ability to add videos from Dailymotion gallery until an official fix has been made available,” the security bulletin said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9057778&source=rss_topic17

26. January 17, IDG News Service – (National) Attack code released for critical Windows flaw. In what may be the first step toward a major security problem, security researchers have released attack code that will crash Windows machines that are susceptible to a recently patched bug in the operating system. The code is not available to the general public. It was released Thursday to security professionals who use Immunity’s Canvas computer security testing software. It causes the Windows system to crash, but does not let the attacker run malicious software on the victim’s system. “It reliably crashes Windows machines,” said Immunity’s chief technology officer. “In fact, it blue-screened our print server by accident -- this is a broadcast attack, after all.” That is the biggest concern for security experts who worry that a more dangerous attack may soon follow as researchers dig further into the vulnerability. The bug is particularly troublesome for two reasons. First, it affects a widely used Windows component that is turned on by default. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack. Microsoft patched the flaw in its MS08-001 update, released last week, but it takes time for enterprise users to test and install Microsoft’s patches. The flaw lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and the MLD (Multicast Listener Discovery) protocol, which are used to send data to many systems at the same time. The protocols are used by a range of applications including messaging, Web conferencing and software distribution products. Source: http://www.networkworld.com/news/2008/011708-attack-code-released-for-critical.html

27. January 17, InformationWeek – (National) Yahoo’s CAPTCHA security reportedly broken. Yahoo may soon see a surge in spam coming from Yahoo Mail accounts. “John Wane,” who identifies himself as a Russian security researcher, has posted software that he claims can defeat the CAPTCHA system Yahoo uses to prevent automated registration of free Yahoo Mail accounts. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a technique that presents an image depicting distorted text that people, but not machines, can identify. Large e-mail service providers like Google, Microsoft, and Yahoo present CAPTCHA images to users signing up for new accounts to make sure that there is a real person behind the registration information. These companies do so to discourage spammers from using automated methods to register thousands of free online accounts to send spam. CAPTCHAs are also used to prevent spam in blogs and other online forums, automated ballot stuffing for online polls, and automated password guessing attacks. “Few months ago, we received information that [a] Yahoo CAPTCHA recognition system exists in the wild with the recognition rate about 30%,” Wane says in a blog post. “So we decided to conduct few experiments. We explored Yahoo CAPTCHA and designed a similar system with even better recognition rate (about 35%).” Various automated methods exist to defeat CAPTCHA schemes, but the CAPTCHAs used by Google, Microsoft, and Yahoo have remained difficult for computers to crack. If the software works as advertised, and it is not clear that it does, it could force Yahoo and other companies to spend yet more money to defend against spammers. Source: http://www.informationweek.com/management/showArticle.jhtml;jsessionid=OABRKDXIVXPNAQSNDLPSKH0CJUNN2JVN?articleID=205900620

Communications Sector

28. January 18, RCR Wireless News – (National) National Research Council calls for further studies on cellphone radiation. A National Research Council report calls for more research into the potential health effects of long-term exposure to radiation emitted by cellphones and other wireless devices, with U.S. scientists anxious to gather more data on any risks posed to children, pregnant women and fetuses by handsets as well as base station antennas. “Although it is unknown whether children are more susceptible to radio-frequency exposure, they may be at increased risk because of their developing organ and tissue systems,” the NRC stated in a press release. “Additionally, specific absorption rates for children are likely to be higher than for adults, because exposure wavelength is closer to the whole-body resonance frequency for shorter individuals. The current generation of children will also experience a longer period of RF field exposure from mobile-phone use than adults, because they will most likely start using them at an early age. The report notes that several surveys have shown a steep increase in mobile-phone ownership among children, but virtually no relevant studies of human populations at present examine health effects in this population.”
Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20080118/FREE/192540885/1005

Friday, January 18, 2008

Daily Report

• The Associated Press reported that seven guards have been caught sleeping at the Y-12 nuclear weapons plant in Oak Ridge since 2000. Three were fired and the rest disciplined, said a spokesman for the National Nuclear Security Administration, a Department of Energy unit that oversees the Y-12 complex. (See items 6)

• According to Reuters, a World Health Organization report states that the H5N1 bird flu virus may sometimes stick to surfaces or get kicked up in fertilizer dust to infect people. After reviewing all know cases of human infection, the WHO found that 25 percent were unexplained. Most are passed directly from bird to people, but, very rarely, one person an infect another. (See item 23)

Information Technology

30. January 17, Computer Weekly – (International) Ikea plugs website security breach. Ikea has plugged a major hole in its website security that allowed hackers and phishers to use the “contact Ikea” function on the site to access the retail giant’s email system. The security flaw gave hackers and phishers full access to the resources of its email servers, allowing them to send bulk outbound mail via Ikea’s email servers. The chief technology officer of the IT security company Tier-3, said, “Ikea’s problems were caused because the contact template on the firm’s home page was inadequately secured, allowing hackers with criminal intentions to insert alternative e-mail addresses in a contact form. This basically allowed anyone with a little technical knowledge to generate millions of phishing and/or spam messages from Ikea’s mail servers using a simple script. The potential damage to the company’s reputation and possibility of email blacklisting could be significant.”
Source:
http://www.computerweekly.com/Articles/2008/01/17/228976/ikea-plugswebsite-security-breach.htm

31. January 16, Dark Reading – (National) Malware quietly reaching ‘epidemic’ levels. In separate studies released yesterday, two research firms now say that malware increased between 500 percent and 1,000 percent in 2007, and it shows no signs of slowing down. “The number of new strains of malware that appeared in 2007 increased tenfold with respect to the previous year,” said PandaLabs, Panda Security’s research arm, in a report issued yesterday. “Over the last year, PandaLabs has received an average of more than 3,000 new strains of malware every day. This represents a malware epidemic which -- although silent, with little media coverage and no widespread alerts -- is nevertheless dangerous.” The results indicate that signature-based defenses for malware are no longer effective, the research firm said. Some 72 percent of networks with more than 100 workstations -- and 23 percent of home users – are currently infected with malware, despite having operative antivirus or other signature based tools in place, Panda Labs said. Experts at AV-Test, an independent testing organization, also reported skyrocketing incidence of malware yesterday. After a detailed count, the organization said it identified nearly 5.5 million different malware files in 2007 -- more than five times as many as in 2006. And the trend is accelerating: The group already has identified more than 118,000 different malware files in the first two weeks of January. The results drove AV-Test to concur with Panda Labs’s assessment. “The figures clearly demonstrate that the signature-based approach of current anti-virus software is no longer appropriate,” the report said.
Source:
http://www.darkreading.com/document.asp?doc_id=143424

32. January 16, vnunet.com – (National) FBI warns of malicious email scam. The FBI has issued a warning to the public following a deluge of spam emails purporting to be from the agency. The bogus messages often include pictures of the FBI’s director, along with the organization’s official seal, letterhead and banner. “The FBI does not send out emails soliciting personal information from citizens,” said the agency. “The social engineering technique of using the FBI’s name is designed to intimidate and convince the recipient that the email is legitimate. The emails are typically a notification of a ‘lottery win’ or long-lost relative leaving an ‘inheritance.’ Other emails offer website monitoring containing malicious attachments and online auction scams. The warning comes just six months after the FBI issued a similar alert about spammers using trusted institutions to improve returns.
Source:
www.vnunet.com/2207367

Communications Sector

33. January 16, NetworkWorld.com – (National) Cisco warns of Unified Communications Manager heap overflow flaw. Cisco Wednesday released its first new security alert of the year: a warning that its Cisco Unified Communications Manager – formerly CallManager -- contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code. Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory. The products that are vulnerable are: Cisco Unified CallManager 4.0, Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c, Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3, and Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1. Cisco says it is not aware of any public announcements or malicious use of the vulnerability, which was reported to Cisco from TippingPoint.
Source:
http://www.networkworld.com/news/2008/011608-cisco-unifiedcommunications-flaw.html

Thursday, January 17, 2008

Daily Report

• According to the Daily Mail, America is considering forcing Britons and other visitors to go through tougher checks when they enter the country, due to the growing threat of terrorists from Europe. The head of the Department of Homeland Security explained that he had no plans to scrap the visa waiver program, but could force Britons and others to register online before traveling. (See items 11)

• The Associated Press reported that, in a plan announced Tuesday, more than 300 miles of salmon runs would be restored along the Klamath River. The proposal calls for the removal of four aging hydroelectric dams that have stood on the river for nearly a century; providing electricity for 70,000 customers, but also blocking salmon from reaching their spawning grounds. The proposal must be reviewed by federal agencies and the dams’ owner, PacifiCorp, which must agree to their removal. (See item 31)

Information Technology

23. January 16, IDG News Service – (National) Oracle fixes critical flaws in quarterly update. Oracle Corp. released 26 fixes across its product line in its latest critical patch update, nine of which repair flaws that are remotely exploitable. In an advisory listing the problems, Oracle advised administrators to patch their machines as quickly as possible. Five of the six vulnerabilities in Oracle’s Application Server can be exploited over a network without the need for a username or password, the company said. The same danger applies to three of seven vulnerabilities in the E-Business Suite and Applications and one of four problems in PeopleSoft Enterprise PeopleTools, Oracle said. In other products, the update includes one patch for Oracle’s Collaboration Suite and eight for various database products. Oracle fixed 51 vulnerabilities in its last critical patch update in October.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9057442&source=rss_news10

24. January 15, Infoworld – (International) Cyber-espionage moves into B2B. The practice of cyber-espionage is rapidly moving beyond the government sector and finding its way into the world of international business, according to experts with SANS Institute. While the United States and Chinese governments, most notably, have accused each other in recent years of carrying out surreptitious hacking campaigns aimed at stealing strategic information from their respective IT systems -- and many security experts believe that both countries, and many others, are actively engaging in such electronic warfare -- leaders with SANS maintain that the practice has recently begun to spill over into the private sector with greater frequency. According to the training institute’s latest research, cyber-espionage efforts funded by “well-resourced organizations” – including both government-backed and private efforts -- will expand significantly during 2008, in particular as overseas companies look to gain an upper hand in negotiating business deals with large companies based in the U.S. and Europe. In one common scenario, said the director of research for SANS, organizations in the process of establishing legitimate partnerships with such companies are willing to pay hackers to break into those firms’ IT systems to gather competitive information to gain an advantage at the bargaining table. More companies than ever before are finding that they have been victimized in such a manner based on the discovery of their sensitive data in the hands of hackers and other fraudsters who have been apprehended by law enforcement officials, the expert contends. “Cyber-espionage is clearly growing across the board. It was much bigger in 2007 than in previous years, and it is expanding slowly into economic espionage involving both businesses and government entities,” he said. “This really has a lot of significant implications because people who have never thought of themselves as targets for this type of attack have suddenly become a sweet spot, and many are not prepared to defend themselves.”
Source:
http://www.infoworld.com/article/08/01/15/Cyber-espionage-moves-into-B2B_1.html

25. January 15, IDG News Service – (National) Flash attack could take over your router. Security researchers have released code showing how a pair of widely used technologies could be misused to take control of a victim’s Web browsing experience. The code, published over the weekend by two researchers, exploits features in two technologies: The Universal Plug and Play (UPnP) protocol, which is used by many operating systems to make it easier for them to work with devices on a network; and Adobe Systems’ Flash multimedia software. By tricking a victim into viewing a malicious Flash file, an attacker could use UPnP to change the primary DNS (Domain Name System) server used by the router to find other computers on the Internet. This would give the attacker a virtually undetectable way to redirect the victim to fake Web sites. For example, a victim with a compromised router could be taken to the attacker’s Web server, even if he typed Citibank.com directly into the Web browser navigation bar. “The most malicious of all malicious things is to change the primary DNS server,” the researchers wrote. “That will effectively turn the router and the network it controls into a zombie which the attacker can take advantage of whenever they feel like it.” Because so many routers support UPnP, the researchers believe that “ninety nine percent of home routers are vulnerable to this attack.” In fact, many other types of UPnP devices, such as printers, digital entertainment systems and cameras are also potentially at risk, they added in a Frequently Asked Questions Web page explaining their research. The attack is particularly worrisome because it is cross-platform -- any operating system that supports Flash is susceptible -- and because it is based on features of UPnP and Flash, not bugs that could be easily fixed by Adobe or the router vendors.
Source:
http://www.networkworld.com/news/2008/011508-flash-attack-could-takeover.html

Communications Sector

26. January 15, NetworkWorld.com – (New York) Wireless LAN scan finds big security holes in NYC retailers’ wireless nets. There is bad news for some retailers at this week’s National Retail Federation trade show in New York City, where WLAN security company AirDefense disclosed the findings of its four-day scan of local retailers’ wireless nets. Security for retail wireless nets is still bad, though improving, AirDefense found after scanning nearly 800 stores in the five NYC boroughs between Thursday, January 10, and Sunday, January 13. About one third of the stores had no security at all, not even the minimal encryption provided by the flawed Wired Equivalent Privacy (WEP) protocol. Another third had weak encryption, such as WEP or the pre-shared key mode of the Wi-Fi Protected Access (WPA PSK) specification, which was originally intended as basic security for home or SOHO WLANs. The final third showed a quantum improvement, according to AirDefense’s chief security officer: the more advanced WPA2 specification, with 802.1X authentication brought down to every device, including handhelds, on the WLAN, and AES encryption, the strongest commercially available today. “These are the first retail stores we’ve seen with bulletproof [wireless] security,” he says.
Source:
http://www.networkworld.com/news/2008/011508-retailer-wlan-security.html