Friday, February 29, 2008

Daily Report

• According to internal government documents obtained by ABC News, thousands of foreign student pilots who do not have the proper visas have been able to enroll in U.S. flight schools and obtain pilot licenses. Under laws passed in the wake of the September 11 attacks, American flight schools are only supposed to provide pilot training to foreign students who have been given a background check by the Transportation Security Administration and have a specific type of visa. (See item 15)

• The Milwaukee Journal Sentinel reports Milwaukee police are investigating the apparently intentional disruption of Milorganite fertilizer production this week at the Jones Island sewage treatment plant in Wisconsin. Six of 12 sewage sludge dryers used in Milorganite production had to be shut down Tuesday morning after a manually operated valve for a cold water pipe to a dryer had been opened. (See item 32)

Information Technology

29. February 27, InfoWorld – (National) eBay Red Team confab aims to help security officers. eBay is trying to help CISOs (chief information security officers) build a common front in the war against cybercrime. The company played host to chief security officers and a handful of technology vendors this week, holding its annual Red Team security conference at the company’s San Jose, California, campus, billing it as a networking opportunity for security professionals where they could discuss areas of common concern. “What we were trying to do was to get all the CISOs together,” said eBay’s CISO. “We’re dealing with similar problems, almost all of us.” While companies using Internet technology may be facing a common set of problems, they have not always shared information with their peers. That is because if news of a hacked server or a data breach is leaked to the press, it can become a public-relations disaster for the company involved. At this week’s conference, CISOs discussed common issues, including how they are pursuing cross-border investigations and what they think of the security products they were using. The second-ever Red Team conference ran Monday and Tuesday. The first day of the conference focused on CISO issues, while on day two, the discussion was opened up to security vendors such as iSight Partners and Cisco, which gave presentations on the state of security.
Source:
http://news.yahoo.com/s/infoworld/20080227/tc_infoworld/95624_1

30. February 27, Computerworld – (International) Finjan finds illegal database with more than 8,700 stolen FTP credentials. A fresh discovery by security vendor Finjan provides yet another example of how easy it is becoming for almost anyone to find the tools needed to break into, infect, or steal data from corporate Web sites. The vendor announced Wednesday that it has uncovered an illegal database containing more than 8,700 stolen FTP server credentials including user name, password, and server addresses. Anyone can purchase those credentials and use them to launch malicious attacks against the compromised systems. The stolen credentials belong to companies from around the world and include more than 2,500 North American companies, some of whose Web sites are among the world’s top 100 domains, according to Finjan’s CTO. The FTP credentials would allow someone with malicious intent to break into and upload malware to a compromised server with a click or two, he said. “You could pick any server you wanted in the list, pay for it,” and launch an attack with very little effort. A trading interface on the server hosting the illegal database allows purchasers to buy FTP server credentials based on the country in which the servers are located, or even by the Google ranking of the Web sites, he said. It also appears designed to give criminals looking to resell FTP credentials a better basis for pricing the stolen data, he said.
Source:

http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/27/Finjan-finds-illegal-database-with-stolen-FTP-credentials_1.html

Communications Sector

31. February 28, CNET News – (International) In Pakistan vs. YouTube, it’s not all about technology. The flap earlier this week in which Pakistan Telecom knocked YouTube.com off the Internet for two hours was unusual. It was not like when a court in Turkey blocked access to YouTube from within the country, or when China restricts Western news sites. Those were country-specific and intentional. The outage on Sunday was global and, as far as we know, unintentional. So what is to stop another Internet service provider -- especially a government-owned one -- from intentionally trying this trick? The short answer is that while the Internet is anarchic, it is not that anarchic. In fact, the way network providers handle Internet routing is very specific and carefully defined in a series of standards. Network providers -- called autonomous systems, or Ass -- are assigned unique ID numbers that are compiled by the Internet Corporation for Assigned Names and Numbers. While ICANN holds the master list of AS numbers, they are actually assigned by allocating large blocks of 1,000 or so at a time to regional address registries. And when one network provider misbehaves and broadcasts a false claim to be the proper destination for certain Internet addresses -- as Pakistan Telecom (AS 17557) did this week -- it is easy enough to figure out what is going on. The Internet may be run by computers, but it is managed by people who share tips and alert each other to potential network problems. Some of these discussions take place on public mailing lists; some occur in more private settings. Many of these network operators know each other personally through groups like NANOG, AfNOG, and SANOG. Human intervention, manual overrides, and personal relationships based on inperson meetings are not perfect: ideally, false broadcasts could be prevented completely through encryption-outfitted mechanisms like Secure BGP. But these less-formal relationships have worked remarkably well, and are (for now at least) the first line of defense against someone learning the lessons from Pakistan Telecom and attempting to do far more damage than merely taking out YouTube for a few hours.
Source:
http://www.news.com/8301-13578_3-9880244-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Thursday, February 28, 2008

Daily Report

• According to CNN, Power was restored Tuesday for most of Florida after a failed switch and fire at an electrical substation outside Miami triggered widespread blackouts across the state. The president of Florida Power & Light (FPL) said a disconnect switch failed at 1:08 p.m. at the automated substation west of Miami, and a piece of equipment that controls voltage caught fire about the same time. (See item 1)

• The Associated Press reports LAX will be getting the equivalent of street lights to prevent potential accidents. The system — called runway status lights — will rely on radar technology and red lights on the pavement at one of Los Angeles International Airport’s four runways and at various taxiways to tell pilots when it is safe to cross them or take off. (See item 12)

Information Technology

28. February 27, The Register – (National) InfoJack Trojan burrows into Windows CE machines. Hackers have created a Trojan capable of infecting mobile devices running Windows CE. The InfoJack Trojan spreads by either tricking mobile users into installing seemingly legitimate application installation files or if punters inadvertently use an infected memory card on vulnerable devices. The malware has been spotted circulating in China. InfoJack disables Windows Mobile application installation security. It sends the infected device’s serial number, operating system, and other information to the author of the Trojan (a factor that explains the name of the malware). Infected devices are left vulnerable to the injection of further malware strains by allowing unsigned applications to be installed without a warning. Once infected, the homepage on a device’s browser is changed. The malware contains a number of features designed to frustrate clean-up efforts by copying itself back onto disk to protect itself from deletion. Internet security firm McAfee warns that the Trojan has been distributed with Google Maps, applications for stock trading, and games. It adds that the Trojan’s website is no longer reachable, due in part to an investigation by Chinese law enforcement officials. InfoJack is not unprecedented. A very small number of PocketPC viruses have been created over the last four or five years and, in at least one case, a Trojan capable of infecting Windows CE has been seen in the lab. InfoJack differs from its predecessors because it has been spotted in circulation, albeit to a modest extent. The spread of the malware provoked security clearing house US CERT to issue an alert: http://www.uscert.gov/current/index.html#microsoft_wince_trojan.
Source:
http://www.theregister.co.uk/2008/02/27/infojack_trojan/

29. February 27, BBC News – (International) Details emerge on YouTube block. Pakistan has rejected claims that it was responsible for blocking global access to the YouTube video clip site. YouTube was hard to reach this week following action by Pakistan to block access inside its borders for its hosting of a “blasphemous” video clip. Analysis suggests the block was taken up by net hardware that routes data effectively cutting off the site. But a spokeswoman for Pakistan’s telecoms authority said the problem was caused by a “malfunction” elsewhere. The Peshawar office of the PTA issued a blocking order for YouTube last week in a bid to block access to a video clip the Pakistani government regarded as “very blasphemous.” Analysis by net monitoring firm Renesys shows that the problems getting through to YouTube began as a result of the action taken by Pakistan Telecom to implement the block. Essentially, Pakistan Telecom took over some of the net addresses assigned to YouTube. Crucially the path it offered to this group of addresses was faster than the usual one used by the hardware, or routers, that speed traffic around the internet. Pakistan Telecom let this address change propagate to the routers of one of its partners – PCCW. Routers are constantly in search of faster ways to get the data passing through them to its destination so news about this faster path started propagating across many of the net’s routers. However, because Pakistan Telecom was stopping the traffic reaching YouTube all the data reached a dead end. “While it is hard to describe exactly how widely this hijacked prefix was seen, we estimate that it was seen by a bit more than two-thirds of the internet,” said a Renesys company blog.
Source:
http://news.bbc.co.uk/2/hi/technology/7266600.stm

30. February 26, Computerworld – (National) ‘Cold Boot’ encryption hack unlikely, says Microsoft. Users can keep thieves from stealing encrypted data by changing some settings in Windows, a Microsoft Corp. product manager said as he downplayed the threat posed by new research that shows how attackers can inspect a “ghost” of computer memory. A senior product manager for Windows Vista security reacted Friday to reports last week about a new low-tech technique that could be used to lift the encryption key used by Vista’s BitLocker or Mac OS X’s FileVault. Once an attacker has the key, of course, he could easily access the data locked away on an encrypted drive. The method – dubbed “Cold Boot” because criminals can boost their chances by cooling down the computer’s memory with compressed gas or even liquid nitrogen –
relies on the fact that data does not disappear instantly when a system is turned off or enters “sleep” mode. Instead, the bits stored in memory chips decay slowly, relatively speaking. Cooling down memory to -58 degrees Fahrenheit (-50 degrees Celsius) would give attackers as long as 10 minutes to examine the contents of memory, said the researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems Inc. And when they pushed the envelope and submersed the memory in liquid nitrogen to bring the temperature down to -310 degrees Fahrenheit (-190 degrees Celsius), researchers saw just 0.17 percent data decay after an hour. But the Vista security blog contended that such a risk is unlikely, as an attacker would need physical access to a machine in “sleep” mode, rather than in “hibernate” mode or powered off. But even as the Vista security blog downplayed the chance of an attack, it also spelled out ways users of BitLocker – the full-disk encryption feature included in Vista Ultimate and Vista Enterprise – could protect their laptops from a Cold Boot.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9064899&intsrc=hm_list

31. February 26, CNET News.com – (National) Security experts warn of potential malicious AIR code. On Monday, Adobe Systems rolled out its new Web 2.0 development tool, Adobe Integrated Runtime, or AIR. Following its release were some concerns from the security community. AIR, formerly Adobe Apollo, is a runtime environment that allows developers use HTML, Flash, AJAX, Flex, and other Web 2.0 tools to create desktop applications. One such application built using Adobe AIR comes from Nickelodeon Online. But some security experts are concerned about local file access by AIR applications. Recently, Firefox experienced a vulnerability that could have allowed remote attackers to access a targeted file system. To mitigate this, Adobe says it implemented a sandboxing environment, however, Adobe’s documentation suggests that the sandboxes are less secure than a Web browser’s sandbox. Additionally, Adobe says that AIR applications need to be digitally signed, however, these certificates can be self-signed. And many users will ignore the warnings and run untrusted applications. Finally, there is the potential for Cross-Site Scripting (XSS), SQL injection, and local link injection. While these threats are not limited to Adobe AIR, developers could gain a false sense of security by relying only on AIR’s weaker sandbox protection. Adobe has also provided the following: an informative article titled “Introduction to AIR security” and a white paper; “AIR Security” (PDF). But the Sans Internet Storm Center site, notes that “many developers will be unaware of Adobe AIR security best practices or will knowingly take shortcuts that expose end users to attacks.”
Source:

http://www.news.com/8301-10789_3-9879587-57.html?part=rss&subj=news&tag=2547-1_3-0-20

Communications Sector

Nothing to Report

Wednesday, February 27, 2008

Daily Report

• According to CBS, a widespread power outage hit about 1 p.m. Tuesday, knocking out electricity for businesses, homes and traffic lights throughout south Florida. The outage apparently was caused by a blown transformer, a Florida Power & Light (FPL) spokesperson said. (See item 1)

• The Associated Press reports police in Banja Luka, Bosnia-Herzegovina, fired tear gas at Bosnian Serb rioters Tuesday to prevent them from storming the building of the U.S. Consulate after protests against Kosovo’s independence. A smaller group split away from the almost 10,000 peaceful protesters in Banja Luka and headed toward the U.S. Consulate, breaking shop windows along the way and throwing stones at police. (See item 30)

Information Technology

33. February 26, IDG News Service – (International) YouTube outage underscores big Internet problem. Sunday’s inadvertent disruption of Google’s YouTube video service underscores a flaw in the Internet’s design that could some day lead to a serious security problem, according to networking experts. The issue lies in the way Internet Service Providers (ISPs) share Border Gateway Protocol (BGP) routing information. BGP is the standard protocol used by routers to find computers on the Internet, but there is a lot of BGP routing data available. To simplify things, ISPs share this kind of information among each other. And that can cause problems when one ISP shares bad data with the rest of the Internet. That is what happened with YouTube this weekend, according to sources familiar with the situation. BGP data intended to block access to YouTube within Pakistan was accidentally broadcast to other service providers, causing a widespread YouTube outage. The chain of events that led to YouTube’s partial blackout was kicked off Friday when the Pakistan Telecommunication Authority (PTA) ordered the country’s ISPs to block access to YouTube because of an alleged anti-Islamic video that was hosted on the site. ISPs in Pakistan were able to block YouTube by creating BGP data that redirected routers looking for YouTube.com’s servers to nonexistent network destinations. But that data was accidentally shared with Hong Kong’s PCCW, who in turn shared it with other ISPs throughout the Internet. Because Pakistan’s BGP traffic was offering very precise routes to what it claimed were YouTube’s Internet servers, routers took it to be more accurate than YouTube’s own information about itself. Larger service providers typically validate BGP data from their customers to make sure that the routing information is accurate, but in this case, PCCW apparently did not do that, according to a researcher. This kind of accidental denial of service attack has happened before. By intentionally propagating bad BGP data, an attacker could knock a Web site off the Internet or even redirect visitor’s traffic to a malicious server, security experts said.
Source:
http://www.networkworld.com/news/2008/022608-youtube-outageunderscores-big-internet.html?fsrc=rss-security

34. February 26, TechWorld.com – (National) ‘Critical’ Linux kernel bugs discovered. Security researchers have uncovered three “critical” security flaws in a version of the Linux kernel used by a large number of popular distributions. The bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory. They could be exploited by malicious local users to cause denial-of-service attacks, disclose potentially sensitive information or gain “root” privileges, the group said. The bug affects all versions of the Linux kernel up to Version 2.6.24.1, which is patched. Distributions such as Ubuntu, TurboLinux, SUSE, Red Hat, Mandriva, Debian and others are affected. Researchers advised administrators to update their kernels immediately. Last month, a U.S. Department of Homeland Security bug-fixing scheme uncovered an average of one security glitch per 1,000 lines of code in 180 widely used open-source software projects.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9064684&source=rss_topic17

Communications Sector

35. February 26, Associated Press – (International) Group with Google and others building cross-Pacific broadband cable. A group of six international companies, including Google, is building a $300-million underwater fibre optic cable linking the United States and Japan. The trans-Pacific 10,000-kilometre broadband cable system called Unity will respond to the expected growth in data and Internet traffic between Asia and the United States, the companies said in a statement Monday. A signing ceremony was held Feb. 23, they said. Besides U.S. Internet search company Google Inc., the consortium -- also named Unity -- includes Bharti Airtel Limited, India’s leading integrated telecom services provider and Japanese telecommunications company KDDI Corp. The others are Malaysian Internet company Global Transit; Pacnet, a telecom company headquartered in Hong Kong and Singapore and SingTel, a leading Asian communications and mobile company. NEC Corp. and Tyco Telecommunications are suppliers for the project, set to be up and running in the first quarter of 2010. Construction begins immediately, Unity said. The cable will connect Chikura, near Tokyo, with Los Angeles and other U.S. West Coast points and the system connects to other Asian cable systems via Chikura, the companies said.
Source:
http://www.mytelus.com/ncp_news/article.en.do?pn=tech&articleID=2877324

36. February 25, Reuters – (National) FCC says will act on Web neutrality if needed. The head of the U.S. Federal Communications Commission said on Monday he is “ready, willing and able” to stop broadband providers that unreasonably interfere with subscribers’ access to Internet content. The comment by the FCC chairman came at the start of a day-long FCC hearing centering on allegations that some broadband providers such as telecommunications and cable companies have been improperly blocking or hindering some content. The dispute over so-called “network neutrality” pits open- Internet advocates against some service providers such as Comcast Corp, who say they need to take reasonable steps to manage traffic on their networks. The FCC chair acknowledged that broadband network operators have a legitimate need to manage the data flowing over their networks. But he said that “does not mean that they can arbitrarily block access to particular applications or services.” The hearing, which included testimony from officials with Comcast and Verizon, is aimed at determining what network management techniques are reasonable.
Source: http://news.yahoo.com/s/nm/20080225/wr_nm/internet_fcc_dc

Tuesday, February 26, 2008

Daily Report

• According to the Associated Press, Two United Airlines planes are being inspected after their wings touched at Dulles International Airport outside Washington, D.C. Officials say there are no reports of injuries. A spokesman for the Metropolitan Washington Airports Authority says a Boeing 737 and a smaller Embraer aircraft were preparing for departure Sunday evening when their wings touched. (See item 10)

• The Washington Post reports the number of U.S. Park Police officers has dropped to a 20-year low, with widespread vacancies in senior ranks, leaving the agency strapped, despite heightened concern about protecting the nation’s landmarks from terrorism, according to officers and a watchdog group. (See item 30)

Information Technology

24. February 25, IDG News Service – (International) YouTube blames Pakistani ISP for global site outage. Many users around the world could not access the YouTube site for about two hours on Sunday. The company blamed the outage on erroneous routing information introduced by a Pakistani Internet service provider. Pakistani authorities ordered ISPs there to block the site on Friday. Traffic to YouTube was misrouted for around two hours, rendering the site inaccessible for many users around the world, YouTube said on Monday. “We have determined that the source of these events was a network in Pakistan,” the company said, adding that it is still investigating the problem to prevent it from happening again. The Pakistan Telecommunication Authority (PTA) ordered the country’s ISPs to block users access to YouTube on Friday because of an inflammatory anti-Islamic video on the site, a representative of the Association of Pakistan Internet Service Providers said in a telephone interview on Monday. If the video is provocative, then it is better it is removed, rather than provoke unrest in Pakistan, he said, adding that he did not know the contents of the video. Access to YouTube is still blocked in Pakistan while the ISPs work with the PTA to narrow its order to block a single URL (Uniform Resource Locator) pointing to the video, he said. He expects the PTA to make an order to that effect later on Monday. Source: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/25/YouTube-blames-Pakistani-ISP-for-global-site-outage_1.html

25. February 24, Computerworld – (National) Critical VMware bug lets attackers zap ‘real’ Windows. A critical vulnerability in VMware Inc.’s virtualization software for Windows lets attackers escape the “guest” operating system and modify or add files to the underlying “host” operating system, the company has acknowledged. As of Sunday, there was no patch available for the flaw, which affects VMware’s Windows client virtualization programs, including Workstation, Player and ACE. The company’s virtual
machine software for Windows servers and for Mac- and Linux-based hosts are not at risk. The bug was reported by Core Security Technologies, makers of the penetration-testing framework CORE IMPACT, said VMware in a security alert issued last Friday. “Exploitation of this vulnerability allows attackers to break out of an isolated guest system to compromise the underlying host system that controls it,” claimed Core Security. According to VMware, the bug is in the shared-folder feature of its Windows client-based virtualization software. Shared folders let users access certain files – typically documents and other application-generated files – from the host operating system and any virtual machine on that physical system. “On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations,” confirmed VMware. VMware has not posted a fix, but it instead told users to disable shared folders.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9064319&source=rss_topic17

26. February 23, Computerworld – (National) Hackers ramp up Facebook, MySpace attacks. Hackers are actively exploiting an Internet Explorer plug-in that’s widely used by Facebook Inc. and MySpace.com members with a multi-attack kit, a security company warned Friday. The exploit directed at Aurigma Inc.’s Image Uploader, an ActiveX control used by Facebook, MySpace and other social networking sites to allow members to upload photos to their profiles, is just one of five in a new hacker tool kit being used by several Chinese attack sites, said Symantec Corp. Attacks begin when users receive spam or an instant message with an embedded link, said the Symantec analyst who authored the advisory. The link takes users to a bogus MySpace log-in page, which tries to steal members’ credentials as it also silently probes the their computers for vulnerabilities in Uploader, Apple Inc.’s QuickTime, Windows and Yahoo Music Jukebox. Although the Windows and QuickTime bugs were patched eight and 13 months ago, respectively, the Uploader and Yahoo vulnerabilities were made public and fixed only within the past few weeks. The Symnatec analyst noted the hackers’ fast reaction times. “[This demonstrates] how quickly attackers are leveraging new vulnerabilities,” he said. “It is unlikely that attackers will stop trying to leverage this vulnerability any time soon.” Symantec urged users to update the Image Uploader ActiveX control to Version 4.5.57.1.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9064298&taxonomyId=17&intsrc=kc_top

27. February 22, Techworld.com – (National) Hackers turn Google into vulnerability scanner. The hacking group Cult of the Dead Cow (CDC) this week released a tool that turns Google into an automated vulnerability scanner, scouring Web sites for sensitive information such as passwords or server vulnerabilities. CDC first achieved notoriety 10 years ago with its backdoor Back Orifice, which demonstrated in a highly public way just how easy it was to take unauthorized control of a Windows PC. The new tool, called Goolag Scan, is equally provocative, making it easy for unskilled users to track down vulnerabilities and sensitive information on specific Web sites or broad Web domains. This capability should serve as a wake-up call for system administrators to run the tool on their own sites before attackers get around to it, according to CDC. “We’ve seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large website, I’d be downloading this beast and aiming it at my site yesterday,” said a CDC representative. The tool is a stand-alone Windows .Net application, licensed under the open source GNU General Public License, which provides about 1,500 customized searches under categories such as “vulnerable servers,” “sensitive online shopping information,” and “files containing juicy information.”
Source:
http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/22/Hackers-turn-Google-into-vulnerability-scanner_1.html

Communications Sector

28. February 24, IDG News Service – (National) Wireless broadband test continues. A wireless broadband device tested by the U.S. Federal Communications Commission for interference with television and wireless microphone signals has not failed, as a broadcasting group claimed last week, members of the White Spaces Coalition say. The National Association of Broadcasters (NAB) on February 11 said a so-called prototype device submitted by Microsoft lost power during tests being run by the FCC. The power failure comes after another white spaces device malfunctioned in tests run by the FCC last year. But a tech advisor to the White Spaces Coalition and a former chief of the FCC’s Office of Engineering and Technology said that while the devices power supply failed after many hours of continuous testing, it did not interfere with television signals due to the power failure. The White Spaces Coalition, including Microsoft, Philips, Dell and Google, is asking the FCC to allow wireless devices to operate in the so-called white spaces of the television spectrum, space allocated for television signals but vacant.The coalition wants the white spaces opened up to give consumers more wireless broadband options, and the white spaces devices would be targeted at longer-range broadband than traditional Wi-Fi. If the FCC approves the devices this year, commercial white spaces wireless devices could be available as soon as late 2009. The FCC’s in-house testing of four devices will continue for a couple more weeks, then the agency will conduct field tests for up to eight weeks. A second white spaces device has experienced no power failure problems, said the coalition’s advisor.
Source:
http://news.yahoo.com/s/pcworld/20080224/tc_pcworld/142762

29. February 22, Telecom Asia – (International) Cable cuts raise security questions. The
security of the international submarine cable networks has been called into question by the severe disruptions caused by the recent series of cable cuts in the Mediterranean Sea. Those disruptions affected internet and phone services between Europe, the Middle East and South Asia. While services on the four broken undersea cables was restored by February 10, analysts suggest that the successive damage of these cables highlights the increased importance of reliability in the world’s undersea cable networks, which carry over 95 percent of the world’s international internet and telephone traffic. For years cable owners have been working hard to minimize accidental damage with different methods, such as making cable routes available to those that need to know (such as fishermen, navies and research vessels) and deliberately avoiding placing cables in high risk areas. Despite this, there is an unspoken assumption that the networks are safe from deliberate human sabotage. The recent spate of cable failures, however, has called this assumption into question, said a senior analyst at Ovum RHK. Conspiracy theories have gained ground quickly in cyberspace, despite cable owners’ claims that the cables were severed by ship anchors. The Ovum RHK analyst said while there could be several cause for the outages, there is the possibility of human attack, given the geographic position and the fact that undersea cables are a ripe target for those with an interest in wreaking havoc on international communications, whatever their motivation. “If ports, railways, gas pipelines and other types of networks are being secured against possible sabotage, we must similarly increase the security of undersea optical highways,” the analyst insisted. “Guaranteeing reliability is impossible, but an improvement on current hands-off approach is long overdue.” Source: http://www.telecomasia.net/article.php?type=article&id_article=7336

Monday, February 25, 2008

Daily Report

• According to the North Platte Bulletin, there is a train derailment accident somewhere in the U.S. every five hours, according to the Federal Railroad Administration (FRA). There were 1,696 derailments nationwide from all railroad companies, a reduction of 14 percent from 1,982 derailments in 2006. There were 1,722 hazmat releases nationally from United Pacific (UP) and 215 hazmat cars damaged or derailed. (See item 13)

• BBC reports that several hundred protesters attacked the U.S. and other embassies on February 23 in Serbia’s capital in anger at Western support for Kosovo’s independence. The UN Security Council condemned the attacks. The violence followed a peaceful rally by at least 150,000 people in the city. Later about 1,000 protesters smashed their way into the U.S. embassy, throwing flares through the window while others scaled walls to rip down the US flag. (See item 23)

Information Technology

27. February 22, Internet News – (International) Yo quiero antivirus. Malware goes multilingual. Cybercriminals are turning their targets on the growing markets around the world, creating localized content in native languages or targeting specific interests of that nation. That is the main takeaway from McAfee Avert Labs global malware trends Sage report, called “One Internet, Many Worlds.” For the longest time, Americans and English-speakers were the targets, but the crooks are going global. The growth of emerging markets like BRIC (Brazil, Russia, India and China) and EMEA (Europe, Middle East and Africa) has served to make them targets as well. “Two years ago, we couldn’t have had this conversation,” a security research and communications manager for McAfee’s Avert Labs, told InternetNews.com. “Most malware and spam was 95 to 98 percent English, directed at people who speak English. Now international malware is six to seven percent of the total instead of one to two percent, and it’s growing.” With 23 languages in the European Union alone, McAfee’s researchers found that cybercriminals are either hiring locally in different nations or swapping code written in different languages so they can target specific countries. The rise in international malware is just a logical follow on to the growth in international markets. The problem is only growing. At the start of the year, McAfee identified around 528 new pieces of malware per day. By the end of 2008, it expects to see 750 new pieces per day.
Source:

http://www.internetnews.com/security/article.php/3729626/Yo+Quiero+Antivirus+Malware+Goes+Multilingual.htm

28. February 21, Electronic Frontier Foundation – (National) Research team finds security flaw in popular disk encryption technologies. A team including the Electronic Frontier Foundation (EFF), Princeton University, and other researchers have found a major security flaw in several popular disk encryption technologies that leaves encrypted data vulnerable to attack and exposure. An EFF Staff Technologist and a member of the research team said “This new class of vulnerabilities shows it is not a sure thing. Whether your laptop is stolen, or you simply lose track of it for a few minutes at airport security, the information inside can still be read by a clever attacker.” The researchers cracked several widely used disk encryption technologies, including Microsoft’s BitLocker, Apple’s FileVault, TrueCrypt, and dm-crypt. These “secure” disk encryption systems are supposed to protect sensitive information if a computer is stolen or otherwise accessed. However, in a paper and video published on the Internet on Thursday, the researchers show that data is vulnerable because encryption keys and passwords stored in a computer’s temporary memory – or RAM – do not disappear immediately after losing power. Laptops are particularly vulnerable to this attack, especially when they are turned on but locked, or in a “sleep” or “hibernation” mode entered when the laptop’s cover is shut. Even though the machines require a password to unlock the screen, the encryption keys are already located in the RAM, which provides an opportunity for attackers with malicious intent. The research released Thursday shows that these attacks are likely to be effective against many other disk encryption systems because these technologies have many architectural features in common. Servers with encrypted hard drives are also vulnerable. The researchers have submitted the paper for publication and it is currently undergoing review.
Source:
http://www.eff.org/press/archives/2008/02/21-0

Communications Sector

29. February 21, TechWorld.com – (National) Researchers figure out how to crack GSM phone security. Two enterprising researchers claim to have figured out a way to eavesdrop on calls made using GSM mobile phones, cracking open its much-vaunted encryption. According to the two men who presented the technique at the Black Hat security conference in Washington this week, GSM calls can now be recorded over long distances and cracked open in half an hour using only $1,000 worth of field programmable gate array-aided computer equipment and a frequency scanner. Although GSM’s 64-bit A5 stream cipher has been theoretically vulnerable for some time, this is the first time anyone has demonstrated a way of doing it without investing in expensive, specialized equipment and without it taking years. According to one of the men, spend $100,000 on hardware and the crack can be done in only 30 seconds using massively parallel processing technology. His company, Pico Computing Inc., is now developing the fast version to sell to agencies such as law enforcement, but plans to give away the slower version for free. GSM is used all over the world by mobile phone companies, and is used in the U.S. by several networks, most notably AT&T and T-Mobile. It is considered to be secure enough that even criminals use it, simply cycling phones to avoid the theoretical risk of being tracked.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=mobile_and_wireless&articleId=9063899&taxonomyId=15&intsrc=kc_top

Friday, February 22, 2008

Daily Report

• According to the Reuters, Radioactive caesium chloride used in medical and research equipment can be used as a deadly ingredient in a “dirty bomb,” and U.S. leaders should try to curb its use, the U.S. National Research Council (NRC) said on Wednesday in a report commissioned by Congress. (See item 6)

• ABC Action News Tampa reports a Clearwater man trying to board a Southwest Airlines flight was arrested over the weekend after airport police found a box-cutter knife hidden inside a hollowed out book, according to airport officials. The man was attempting to go through a security checkpoint inside Concourse C Sunday around 7:30 am when a TSA screener saw the knife inside his backpack, according to his arrest report. (See item 14)

Information Technology

28. February 21, IDG News Service – (International) McAfee: Virus writers going local. Over the past two years, virus writers have increasingly targeted their malicious programs to users in different regions of the globe, creating programs that are specially designed to infect users in countries like Japan, Brazil, China, or Germany. The “taunting Trojan,” which goes after users of the Winny file-sharing program is an example of this phenomenon. Winny is file-sharing software that is incredibly popular in Japan, but virtually unknown outside of the region. Still, it has been the target of several malware programs, according to a security research and communications manager for McAfee Avert Labs. Previously, attackers would write programs that would affect the largest possible number of users, but that is no longer necessarily the case, he said. “What we’ve noticed over the last couple of years is that a growing amount of malware is localized.” McAfee believes that there are a few reasons behind this shift. For one thing, writers no longer want the worldwide attention and law enforcement action that was garnered by outbreaks such as Sasser and Netsky. And with users becoming more wary, hackers have to be crafty with their attacks – creating more targeted malware that victims are unlikely to have seen before. Another factor is that criminals are increasingly targeting their attacks to regions that have weak cybercrime enforcement, McAfee believes.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9063739&taxonomyId=17&intsrc=kc_top

29. February 21, Canwest News Service – (International) Quebec police bust alleged hacker ring. Quebec provincial police said Wednesday they have dismantled what they called the largest and most damaging computer-hacking network ever uncovered in Canada. During several action-packed early-morning hours Wednesday, provincial police and Royal Canadian Mounted Police officers dismantled the latest hacking ring by successfully carrying out 17 lightning-fast raids in 12 towns across Quebec, including Montreal. They collared 17 hacking suspects aged 17 to 26. All are male except for one, a 19-year-old woman. Police raiding parties also sealed and carted away dozens of hard drives and other computer components from the homes of each of the suspects. The actions of the group acts caused an estimated $45-million Candian in damages to governments, businesses, and individuals.
Source:
http://www.nationalpost.com/news/story.html?id=322372

30. February 20, Times – (International) Hacker breaks link between iTunes and the iPod. Software letting iTunes users copy music and video to mobile phones has been released by the notorious Norwegian hacker known as DVD Jon. The program allows people to drag and drop songs from iTunes into a folder on their desktop, which in turn copies the files to other devices such as mobile phones and games consoles via the web. In doing so, the software breaks the copy protection – known as ‘digital rights management’ or DRM – that is built into all music that is bought from iTunes. Music bought from iTunes can be played only on the iPod. DoubleTwist, DVD Jon’s company, maintains that its service is legal, but lawyers said that Apple would almost certainly seek to shut it down because the law now specifically targeted technologies which attempted to circumvent measures such as DRM.
Source:
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3403705.ece

Communications Sector

31. February 21, Canwest News Service – (National) T-Mobile tests mobile service to replace home phone service. T-Mobile will test an Internet calling plan designed to replace consumers’ home wireline-based phone service. The tests will be carried out in Dallas and in Seattle near T-Mobile’s U.S. headquarters. The tests are in addition to TMobile’s announcement earlier this week that it will offer complete wireless plans for $100 a month that include unlimited nationwide calling, text messaging, and data access.
Source:
http://www.nationalpost.com/news/story.html?id=322372

32. February 20, IDG News Service – (National) Update: BlackBerry network goes down again. BlackBerry users in North America were complaining of service problems again Wednesday morning. Users of the BlackBerry outage newsgroup began reporting problems at around 6 a.m. on the U.S. East Coast related to scheduled maintenance on Research In Motion Ltd.’s (RIM) network. The issue appeared to become progressively worse, initially affecting about half of users in the Americas but eventually affecting all customers, according to users of the newsgroup. RIM said it was not a system-wide outage. The problem affected only users of BlackBerry Internet Service (BIS) and not BlackBerry Enterprise Server (BES) customers, RIM said. BIS customers sign up for the service through their mobile operators. Enterprises often use a different setup, installing a BES to deliver corporate e-mail to BlackBerry devices. While messages to and from both BIS and BES users pass through RIM’s network operations centers, in this case, only the network components that handle BIS customers were affected.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063659&intsrc=hm_list

Thursday, February 21, 2008

Daily Report

• According to the WCVB 5 Boston, There are new concerns about the safety of the Ted Williams Tunnel in Boston, Massachusetts, because inspectors cannot reach thousands of epoxy bolts to ensure their strength. NewsCenter 5 reported that the issue is slowing safety inspections inside the tunnel. Inspectors are supposed to routinely check the ceiling bolts to make sure they are holding, but about 4,000 of the bolts cannot be seen because they are out of view. (See item 10)

• The Los Angles Times reports a cat-and-mouse game is portrayed by past and current inspectors, lawmakers, and an audit report that says the U.S. Department of Agriculture’s (USDA) Food Safety Inspection Service is easy to bypass and was failing to screen potentially sick cattle long before this week’s beef recall, the largest in U.S. history. (See item 17)

Information Technology

29. February 20, vnunet.com – (National) Hackers step up website attacks. Trend Micro has warned that hackers are intensifying attacks on legitimate websites to spread malware. The security firm’s 2007 Threat Report and 2008 Forecast debunked the myth about “not visiting questionable sites.” But legitimate sites with the latest sports news, or links in a search engine result, could potentially infect visitors with malware. Trend Micro explained that an underground malware industry has carved itself a thriving market by exploiting the trust and confidence of web users. Apple also had to contend with the Zlob gang, proving that even alternative operating systems are not safe havens for the online user. ‘Gromozon’, malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007. The Storm botnet expanded in scope last year, and Trend Micro researchers found proof that the botnet is renting its services to host fly-by-night online pharmacies, pump-and-dump scams, and even portions of its backend botnet infrastructure. Trend Micro found that nearly 50 percent of all threat infections came from North America last year, but that Asian countries are also experiencing growth. Around 40 percent of infections stem from that region. Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying web 2.0 technologies, particularly cross-site scripting and streaming. Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons to send spam or deploy spyware while users were shopping online. Based on the emerging trends of this year, Trend Micro forecasts that legacy code used in operating systems and vulnerabilities in popular applications will continue to be attacked in an effort to inject in-process malicious code. High-profile sites will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code. These sites include social networking, banking/financial, online gaming, search engines, travel, commercial ticketing, local government, news, jobs, blogs, and ecommerce sites for auctions and shopping. Communication services such as email, instant messaging and file sharing will continue to be abused by content threats such as image spam and malicious URLs.
Source:
http://www.vnunet.com/vnunet/news/2210040/hackers-step-website-attacks

30. February 19, IDG News Service – (National) DoS attack prevents access to WordPress.com blogs. The WordPress.com blog-hosting service suffered a denial-of-service (DoS) attack that began Saturday and was still preventing users from logging in or posting to their blogs on Tuesday. A spokesman for Automattic confirmed that the service experienced a DoS attack with spikes of up to 6 gigabits of incoming traffic, which was making some blogs inaccessible for about five to 15 minutes on Tuesday. Though service had mostly been restored, Automattic, which maintains WordPress.com, was still working on returning service to normal levels on Tuesday afternoon, he said. An employee at a New York-based company said on Tuesday afternoon that users there were unable to log in to their blogs and post comments for “most of the day.” However, the blogs were still able to be viewed publicly. WordPress.com users were notified via e-mail about the DoS attack. In the e-mail, the service provider said that the attack wasaffecting user log-in and causing some forums to be offline.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=spam__malware_and_vulnerabilities&articleId=9063440&taxonomyId=85

31. February 19, IDG News Service – (National) Microsoft scrambles to quash ‘friendly’ worm story. Microsoft is moving to counter some scathing comments regarding a security paper authored by researchers at its Cambridge, England, facility. The paper, “Sampling Strategies for Epidemic-Style Information Dissemination,” looks at how worms sometimes inefficiently spread their code. The research explores how a more efficient method could, for example, be used for distributing patches or other software. The advantage would be that patches could be distributed from PC to PC, rather than from a central server. That method would reduce the load on a server, and patches would be distributed faster. But the patches would have the same qualities as a computer worm, a generally malicious file. Since a story about the paper appeared on Thursday in the New Scientist magazine, the paper has been roundly assailed. A Microsoft spokesman said on Monday that the New Scientist story is not inaccurate. In response to the criticism, Microsoft said it does not intend to develop patch worms. The company also said it will continue to let customers decide how and when they apply security updates.
Source:
http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/19/Microsoft-scrambles-to-quash-friendly-worm-story_1.html

Communications Sector

32. February 19, Associated Press – (National) FCC must study bird-tower collisions. On Tuesday, the U.S. Court of Appeals for the District of Columbia Circuit sided with conservation groups that claimed the Federal Communications Commission violated government rules by approving communications towers that threaten migratory birds. The court is requiring the agency to conduct at least the minimal analysis on the environmental effect of cell, radio, television and other towers built in the Gulf Coast region, as the groups have requested. “This is a significant ruling ... because the D.C. Circuit is directing the FCC for the first time to carefully assess the impact of communication towers on birds,” said an attorney with Earthjustice, a public interest law firm, which represented the American Bird Conservancy Inc. and Forest Conservation Council. The groups want the FCC to assess the 6,000 towers in the Gulf Coast region and at least deal with the ones that pose the biggest problems to birds, said the American Bird Conservancy’s executive director for conservation advocacy. The U.S. Fish and Wildlife Service estimates that between 4 million to 50 million birds die every year colliding with communication towers as they cross the Gulf of Mexico during the fall and spring seasons. Towers at a certain height have lights that attract the birds, which fly into them, each other or the tower wires. In the ruling Tuesday, the court also said the FCC did not justify why it did not use federal wildlife experts to assess the environmental threat.
Source: http://news.yahoo.com/s/ap/20080219/ap_on_hi_te/communications_towers_court_ruling;_ylt=AkiRrK2h2Xi80OPu9MIddun67rEF

Wednesday, February 20, 2008

Daily Report

• According to the Associated Press, Amtrak is launching new security measures that include random screening of Amtrak passengers’ carry-on bags. In addition to the screening, counterterrorism officers with bomb-sniffing dogs will patrol platforms and walk through trains, and sometimes will ride the trains. Amtrak plans to roll out the new “mobile security teams” first on the Northeast Corridor between Washington and Boston, before expanding them to the rest of the country. (See item 17)

• The Associated Press reports the U.S. Department of Agriculture ordered Sunday the recall of 143 million pounds of beef from the Westland/Hallmark Meat Co. slaughterhouse in Chino, California, where operations were suspended after an undercover video surfaced showing crippled and sick animals being shoved with forklifts. Officials estimate that about 37 million pounds of the recalled beef went to school programs, but they believe most of the meat probably has already been eaten. (See item 22)

Information Technology

30. February 19, TMCnet – (National) Cisco issues security alerts for its unified communications products. Cisco has issued two security alerts relating to flaws in its unified communications products which could enable hackers to launch denial of service attacks or hack into company telephony systems and retrieve sensitive information, among other annoyances. According to published reports, one of the alerts concerns a flaw in certain Cisco Unified IP Phone models running its Skinny Call Control Protocol (SCCP) and/or Session Initiation Protocol (SIP). The other alert relates to a vulnerability which might enable a hacker to launch an SQL Injection attack affecting Cisco’s Unified Communications Manager software. Numerous models of Cisco’s SCCP- and SIP-based phones contain a buffer overflow vulnerability in the handling of DNS responses. The company said a hacker launching a specially-crafted DNS response might be able to trigger a buffer overflow and execute arbitrary code on a vulnerable phone. The company has already patched the vulnerability in SCCP firmware version 8.0(8) and SIP firmware version 8.8(0), but certain other versions are still vulnerable. Cisco has reportedly released free software updates to address the vulnerability in Unified Communications Manager, which could open it up to an SQL injection attack in the parameter key of the administrator and user interface pages. Such an attack could give a hacker access to usernames and password hashes that are stored in the database.
Source:
http://visualvoicemail.tmcnet.com/unified-communications/articles/20968-cisco-issues-security-alerts-its-unified-communications-products.htm

31. February 19, IDG News Service – (National) Opera, Firefox bug could export users’ Web history. A flaw in the way the Firefox and Opera browsers handle an image file could allow an attacker to see what Web sites a person has visited. The problem concerns how the two browsers handle a “.BMP” – or bitmap – image file, according to an advisory on Vexillium.org, which included a video illustrating the problem. A malicious bitmap file can be created that pulls other information from the browsers’ memory. Some of the information that can be captured is random, but at other times could be valuable, the advisory said. “The harvested data contains various information including parts of other Web sites, users’ favorites and history, and other information,” Vexillium.org said. Using the “canvas” HTML (Hypertext Markup Language) tag supported by the browsers, an attacker can capture the data. Then, using JavaScript, the information can be sent to a remote server. The flaw could also crash Firefox. The vulnerability affects Firefox 2.0.0.11 and previous versions of that browser, as well as the beta version of Opera 9.50.
Source:

http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/19/Opera-Firefox-bug-could-export-users-Web-history_1.html

32. February 18, ars technica – (National) New BotSniffer better able to detect botnets. Researchers at Georgia Tech have published a paper on BotSniffer – a program they have designed to detect and disable botnets. Botsniffer is not the only bot-detection program available, but the Georgia Tech research team believes that the program’s approach to the botnet issue results in a better correlation rate and a lower number of false positives. BotSniffer is designed to detect botnets using either IRC or HTTP protocols, i.e. “push” or “pull” botnets. The program uses a detection method referred to as “Spatial-Temporal Correlation and Similarity” when searching for the presence of a botnet over the network. Spatial-Temporal Correlation and Similarity relies on the assumption that all botnets, regardless of function, will have to communicate with a master node in order to receive updates and instructions. Unlike humans, botnets tend to communicate in a highly synchronized fashion. BotSniffer specifically watches for these types of “response crowd” communications. If a group of responses qualify as both consistent and synchronous, the systems in question are much more likely to be part of a botnet as opposed to a group of humans communicating with each other. Approaching the problem from this angle allows BotSniffer to theoretically detect the presence of a botnet even when overall network communication is low.
Source:
http://arstechnica.com/news.ars/post/20080218-new-botsniffer-better-able-todetect-foul-stench-of-botnets.html

Communications Sector

33. February 19, TechWorld.com – (National) Vodafone’s Blackberries get disaster shield. Vodafone Group PLC will offer its BlackBerry customers a high availability and disaster recovery service – good news for corporate users who fear losing e-mail access on the platform. Based on Neverfail’s disaster recovery technology, the Vodafone Neverfail High Availability Service for BlackBerry monitors the health of the entire email environment, including the server hardware, network infrastructure, application, and operating system. If any anomalies are identified, the service should immediately take action to prevent loss of service. The service promises to operate around the clock every day of the year. According to Vodafone, the service will either automatically attempt to restart applications before they fail, switch over to a secondary server, or alert the IT staff so that no downtime or loss of service is experienced. Once the issue is resolved, they are automatically switched back to the main servers, and neither users nor administrators are required to restart their applications. The service requires no SAN or Cluster technology, and supports LAN and WAN technology.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063318&source=rss_topic15

34. February 18, Agence France Presse – (International) Saboteurs may have cut Mideast telecom cables: UN agency. Damage to several undersea telecom cables that caused outages across the Middle East and Asia could have been an act of sabotage, the International Telecommunication Union said on Monday. “We do not want to preempt the results of ongoing investigations, but we do not rule out that a deliberate act of sabotage caused the damage to the undersea cables over two weeks ago,” said the UN agency’s head of development. Five undersea cables were damaged in late January and early February leading to disruption to Internet and telephone services in parts of the Middle East and south Asia. There has been speculation that the sheer number of cables being cut over such a short period was too much of a coincidence and that sabotage must have been involved. India’s Flag telecom revealed on February 7 that the cut to the Falcon cable between the United Arab Emirates and Oman was caused by a ship’s anchor. But mystery shrouds what caused another four reported cuts. “Some experts doubt the prevailing view that the cables were cut by accident, especially as the cables lie at great depths under the sea and are not passed over by ships,” said the UN representative on the sidelines of a conference on cyber-crime held in Qatar. The Falcon cable has since been repaired, along with the Flag Europe Asia cable which was damaged off Egypt’s Mediterranean coast. The status of the remaining cable is still unclear.
Source:

http://www.breitbart.com/article.php?id=080218163315.psfe6g65&show_article=1

Tuesday, February 19, 2008

Daily Report

• According to NBC News and MSNBC, a man gunned down five people last Thursday inside a lecture hall at Northern Illinois University before killing himself. Police said the man had recently “become erratic” after halting his medication and carried a shotgun to campus inside a guitar case. The university’s president said he knew of no connection between the attack and threats scrawled on a dormitory bathroom wall in December. (See item 27)

• The Associated Press reports that the FBI has put its domestic terror squads on alert for any threats against synagogues and other potential Jewish targets in the U.S. following the killing of a Hezbollah commander last Tuesday. U.S. law enforcement officials say there have been no specific threats so far against any Jewish centers. (See item 33)

Information Technology

29. February 14, Associated Press – (National) Use of rogue DNS servers on rise. Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc. The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means that people with compromised computers are sometimes being directed to the wrong Web sites – and often have no idea. The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society’s Network and Distributed System Security Symposium in San Diego. The fraud works like this: When a user with an affected computer tries to go to, for example, Google’s Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers. The hackers who hijack DNS queries are looking to steal personal information – from e-mail login credentials to credit data – and take over infected machines. The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos. The DNS system is a critical part of the Internet’s infrastructure, used to make sure computers know how to contact each other. People usually automatically use the DNS servers of their Internet providers, but the recent wave of attacks modifies the settings on victims’ computers to send traffic to rogue DNS servers.
Source:

http://ap.google.com/article/ALeqM5ifrgeDBfUGAvXtLH_vgVrKcm0s_wD8UPLR8O1

30. February 14, Techworld – (National) ‘Critical’ Linux kernel bugs discovered. Security researchers have uncovered “critical” security flaws in a version of the Linux kernel used by a large number of popular distributions. The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory. They could be exploited by malicious local users to cause denial of service attacks, disclose potentially sensitive information, or gain “root” privileges, according to security experts. The bug affects all versions of the Linux kernel up to version 2.6.24.1, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian, and others are affected. The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia. “In the 2.6.23 kernel, the system call functionality has been further extended resulting in ... critical vulnerabilities,” said iSEC Security Research in an advisory. Secunia disagreed about the bugs’ seriousness, giving them a less critical ranking. Exploit code for the vulnerabilities has been released publicly on the hacker site milw0rm.com, and Core Security Technologies has also developed a commercial exploit for the bugs, researchers said. Researchers advised system administrators to update their kernels immediately. Last month, a U.S. Department of Homeland Security bug-fixing scheme uncovered an average of one security glitch per 1,000 lines of code in 180 widely used open-source software projects. Secunia also previously discovered that the number of security bugs in open-source Red Hat Linux operating system and Firefox browsers far outstripped comparable products from Microsoft last year.
Source:
http://www.infoworld.com/article/08/02/14/Critical-Linux-kernel-bugsdiscovered_1.html

Communications Sector

31. February 14, IDG News Service – (National) Most analog cellular to fade away on Monday. You may think of sunsets as something nice to look at, but if you have an older cell phone or a home alarm system, there is one coming up on Monday that may not be so pretty. That day, the U.S. Federal Communications Commission will let mobile operators shut down their analog networks. It is called the “analog sunset” because those Advanced Mobile Phone System (AMPS) networks – which were first deployed in the 1980s and brought cellular service to millions of Americans – will finally disappear behind the digital networks that serve almost all mobile phones in use today. The biggest U.S. mobile operators, AT&T Wireless and Verizon Wireless, will close down their analog networks that day. At the same time, AT&T will turn off its first digital network, which uses Time-Division Multiple Access technology. (Sprint Nextel and T-Mobile USA do not have analog networks.) Calls to some small, rural mobile operators indicated that most of them plan to shut down AMPS, too. There are not many mobile phones out there that will go dark after the analog sunset, according to the big carriers, which have been warning subscribers about the change for months and offering them incentives to switch over. However, AMPS is not only used for cell phones. Many alarm companies use the system to alert police or fire departments to emergencies at homes or businesses. About three years ago, the Alarm Industry Communications Committee (AICC) industry group took a survey which revealed that just fewer than one million of the approximately 30 million monitored home and business alarm systems used an analog cellular network. About 850,000 of them used the system only as a backup in case the phone line was cut, he said. Alarm manufacturers are now replacing many of those analog systems with digital ones, said an AICC representative.
Source:
http://www.infoworld.com/article/08/02/14/Most-analog-cellular-to-fade-awayon-Monday_1.html

32. February 14, Reuters – (National) Mobile industry sees new security risks. Security systems can now block the first computer viruses attack on cell phones, but the mobile industry sees new risks stemming from upcoming open software platforms such as Google’s Android. Since 2004, viruses have been able to disable phones or swell phone bills through pricey messages or unwanted calls, leading to a new security technology market. “If Android becomes a fully open platform ... and when such a platform becomes more common, risks are greater than with the current platform kings such as Symbian,” said the head of research at security software firm F-Secure. Security specialists also pointed to potential risks arising from Apple’s plans to open its software platform to third party developers this month. While the risk of a cell phone getting infected is still relatively small, thousands of phones have seen problems. One in seven global mobile users has already been exposed to mobile viruses, either directly or they know someone whose phone has been infected, according to a McAfee study. Since the first mobile virus appeared in 2004, the number of different viruses, worms, or other types of malware has reached 395, F-Secure said, adding that the number of malware has increased only slightly in the last 12 months.
Source:
http://www.reuters.com/articlePrint?articleId=USL144082020080215