Wednesday, January 9, 2008

Daily Report

• According to WVEC 13 Hampton Roads, two pipe bombs found on railroad tracks in Newport News, Virginia, over the weekend were safely detonated. (See items 15)

• IDG News Service reported that Symantec Corp. said U.S. government agencies need to take additional steps to protect against cybersecurity problems after a series of congressional hearings and reports exposed several weaknesses in 2007. The U.S. Government Accountability Office also issued about a dozen reports in the last six months criticizing federal agencies for not fully implementing the GAO’s cybersecurity recommendations. (See item 31)

Information Technology

30. January 8, Register (National) Hackers turn Cleveland into malware server. Tens of thousands of websites belonging to Fortune 500 corporations, state government agencies, and schools have been infected with malicious code that attempts to engage in click fraud and steal online game credentials from people who visit the destinations, security researches say. More than 94,000 URLs had been infected by the fast-moving exploit, which redirects users to the uc8010-dot-com domain. The security company Computer Associates was infected at one point, as were sites belonging to the state of Virginia, the city of Cleveland, and Boston University. Malicious hackers were able to breach the sites by exploiting un-patched SQL injection vulnerabilities that resided on the servers, according to the CTO for the SANS Internet Storm Center. The injections included javascript that redirected end users to the rogue site, which then attempted to exploit multiple vulnerabilities to install key-logging software that stole passwords for various online games. According to a researcher for ScanSafe, the exploits forced end users to visit sites that pay third parties a fee in exchange for sending them traffic. She speculates the attackers signed up as affiliates of the sites and then profited each time an end user was infected. The malware also installed keyloggers on end user machines that stole passwords to various online games, another researcher said. He added that the uc8010-dot-com domain was registered in late December using a Chinese-based registrar, indicating the attackers were fluent in Chinese.
Source:
http://www.theregister.co.uk/2008/01/08/malicious_website_redirectors/

31. January 7, IDG News Service – (National) U.S. government needs new cybersecurity steps, Symantec warns. U.S. government agencies need to take additional steps to protect against cybersecurity problems after a series of congressional hearings and reports exposed several weaknesses in 2007, representatives of Symantec Corp. said. The government sector, including state and local governments, accounted for 26 percent of data breaches that could lead to identity theft in the first half of 2007, according to Symantec’s latest Government Internet Security Threat Report, published in September. The U.S. Government Accountability Office (GAO) also issued about a dozen reports in the last six months criticizing federal agencies for not fully implementing the GAO’s cybersecurity recommendations. While U.S. agencies have a set of cybersecurity rules set out in the Federal Information Security Management Act, agencies are not held accountable when they have breaches, said Symantec’s vice president for the public sector. Agencies do not lose funding from Congress after cybersecurity incidents, he said. Agencies can take more steps to fix problems, he added, such as to inventory IT assets, to develop comprehensive cybersecurity plans, do systematic vulnerability testing, have a data backup plan and back up frequently. There still seems to be interest from lawmakers in agency cybersecurity and breach notification, he said. The hearings and information requests from lawmakers are bringing to light multiple attacks and breaches at agencies, he said. “There’s no real mechanism requiring agencies to report breaches,” added Symantec’s federal government relations manager.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9056002&taxonomyId=17&intsrc=kc_top

32. January 7, Computerworld – (National) ‘Hacker safe’ Web site gets hit by hacker. On Friday, Geeks.com, a $150 million company specializing in the sale of computer-related excess inventory and manufacturers’ closeouts, began notifying an unspecified number of customers whose personal and financial data may have been compromised by an intrusion into the systems that run the online technology retailer’s Web site. The compromised information included the names, addresses, telephone numbers, and Visa credit card numbers of customers who had shopped at Geeks.com, according to a copy of the letter that was posted on The Consumerist blog. Its Web site prominently proclaims that it is tested on a daily basis by ScanAlert Inc., a vendor in Santa Clara, California, that agreed in October to be acquired by McAfee Inc. McAfee officials were not immediately available to comment on what might have happened at Geeks.com. A telephone operator at Geeks.com’s headquarters in Oceanside, California, said that she was unable to find anyone at the retailer who could comment about the incident. Last week’s notification included a number for non-U.S. residents to call, suggesting that the breach may have affected customers in other countries as well. According to a letter, which was signed by chief of security at Geeks.com, the intrusion has been reported to local law enforcement authorities, as well as to the U.S. Secret Service. The incident has also been reported to Visa without providing any indication of why only Visa card numbers appear to have been compromised.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9056004&source=rss_topic17

33. January 7, Network World – (International) Nugache worm kicking up a storm. Although the infamous Storm worm enters 2008 with a reputation as the world’s most dangerous botnet, security experts say there is an up-and-comer called Nugache. Nugache was first sighted about two years ago, but last month, hackers, believed to be tied to the notorious Russian Business Network online criminal mob, gave Nugache a facelift, copying many of the successful attributes of Storm, such as encryption, a rootkit, and the ability to spread as Web-borne malware. “Nugache now includes the ability to encrypt itself and every version that rolls out is generated a bit differently to obfuscate detection,” said the vice president of technology evangelism at Secure Computing. Nugache is now also peer-to-peer controlled to put it under a more decentralized command-and-control structure that makes it difficult to take down the botnet it can construct once it infects desktop machines. The rise of the Nugache botnet appears to already be giving the Storm botnet more competition. Prices as low as 1 million spam messages for $100 are being advertised online mainly because of the rise of Nugache, said the researcher. Business and consumers should be aware that Nugache could attempt to compromise their desktop machines in various ways, particularly through Web-based drive-by downloads. One way it has been seen spreading is through URLs embedded by attackers in blogs. “They will create the blog entry, then embed hundreds of key words and embed pointers to other blog entries, such as the second blog entry pointing back to the first entry,” he said. “Google rates you on how many other people point to your URL. So they’re getting down the science of artificially inflating their position in the search engine. They want these blog postings to show up on the top.”
Source:
http://www.networkworld.com/news/2008/010708-nugache-worm.html

Communications Sector

34. January 7, RCR Wireless News – (National) Industry challenges FCC’s emergency backup power rule. The Federal Communications Commission (FCC) is facing a gathering legal storm over its emergency back-up power rule. The new rule, among other things, calls for a minimum 24 hours of emergency back-up power for telecom assets inside central offices and eight hours for other facilities such as cell sites, remote switches, and digital loop carrier system remote terminals. “The FCC lacks authority to issue the rule,” Sprint Nextel told the U.S. Court of Appeals for the District of Columbia Circuit. “There is no provision in the Communications Act directing the commission to issue regulations requiring wireless carriers to adopt back-up power rules, and the commission’s attempt to rely on ‘ancillary jurisdiction’ … strains the reach of those provisions beyond the breaking point.” Cellphone industry associations CTIA and USA Mobility Inc., whose appeals of the back-up power rule have been consolidated, told the court expedited treatment of the appeal is justified because the back-up power rule “would impose overwhelming compliance costs, most of which would be incurred during the pendency of these cases.” The two parties also pointed to the FCC’s own admission that compliance with the back-up power rule could force carriers to take down cell sites critical to wireless communications, including emergency 911 services. The FCC told the court it does not oppose expedited treatment of back-up power appeal, but would vigorously oppose Sprint Nextel’s stay motion.
Source:

http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20080107/SUB/3392962/1005/allnews

35. January 6, Chicago Tribune – (National) Workers’ remote wireless access to documents lets hackers grab data. Smart phones are poised to become the next major security challenge for businesses. Consumer-oriented mobile phones, which have far fewer safety features, are increasingly taking on such PC-like characteristics as Wi-Fi connectivity, making them attractive to people who want to use them for work. In a Computing Technology Industry Association survey conducted this year of 1,070 small businesses in North America, 60 percent of firms said they have seen an increase in the past year in security issues related to the use of handheld computing devices. A specialist at Alternative Technology said the concern for businesses is whether these phones “will cause so much of a risk that they will eventually ... just be banned from corporate environments.” The increasing ease of working remotely is creating a growing set of security concerns for companies. So far, there have not been any high-profile epidemics of mobile viruses like the “I love you” worm for PCs that spread rapidly around the world in 2000. But developers have demonstrated the destructive potential of such worms. The “Cabir” virus, which first appeared in 2004, used Bluetooth technology to jump from phone to phone. Another virus, known as “Commwarrior.A,” replicated itself by sending a picture or text message to people in the infected device’s contacts list. Theft is a bigger issue now. While hacking once was about bragging rights or cyber vandalism, security industry officials say profit now largely drives attacks, as the kind of information traveling over wireless networks grows in volume and value.
Source:

http://www.freep.com/apps/pbcs.dll/article?AID=/20080106/BUSINESS07/801060605/1020

No comments: