Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, July 1, 2008

Daily Report

• Alltech opened a state-of-the-art Center for Animal Nutrigenomics and Applied Animal Nutrition at its corporate headquarters in Kentucky. Researchers will analyze the health and performance status of livestock and the best nutritional interventions for peak production potential. (See item 18)

• The Federal Emergency Management Agency reports that hundreds of levees must be certified as sound over the next few years in order to be registered on government flood maps that are being updated. (See item 40)

Banking and Finance Sector

10. June 29, ZDNet – (National) HSBC sites vulnerable to XSS flaws, could aid phishing attacks. HSBC Holdings plc-owned domains are vulnerable to XSS flaws which could easily aid in a phishing attack. Evidently, major unwanted consequences could be a result of multiple cross-site scripting vulnerabilities affecting bank web sites. Scammers can register domains and set up fake bank web sites in a few minutes. With the help of bulk e-mailers they can phish personal sensitive data from thousands of unsuspecting web users. If they want to own HSBC’s e-banking customers, all they have to do is to register a “suspicious” looking domain like hscsbc.com which is currently available and then serve a phishing page. Source: http://blogs.zdnet.com/security/?p=1365

11. June 28, 13 Orlando – (Florida) Online e-mail scams. Two new scams are creating lots of problems. The first scam says it comes from Bank of America, with official looking letterhead with links that connect you with actual Bank of America sites. There is an e-mail explaining why you received this e-mail though Bank of America, which says it does not send out unsolicited e-mails. It also has the privacy and secure message that assures your account information is safe. Again, there are copies from the real Bank of America site that are pasted in to look official. Neither Bank of America, nor other banks, ever asks for any personal information over the Internet. If you click on the reply link and fill in the blanks, your account information will be stolen. The latest scam says a person has money and wants to send it to you. This time the e-mail claims to come from a U.S. Army sergeant who has found $8 million of Saddam’s money in barrels outside Saddam’s old palace. His brother-in-law was killed by a roadside bomb, and a dying British medical doctor gave him the package of money. He has survived two suicide bomb attacks, shot, and wounded. He can get it home to the U.S. to split with you if you just contact him as soon as possible. Source: http://www.cfnews13.com/Technology/YourTechnology/2008/6/28/online_email_scams.html

Information Technology


33. June 30, The Baltic Times – (International) Hackers place Soviet symbols on hundreds of websites. Foreign hackers broke into more than 300 Lithuanian websites and covered them with former Soviet symbols. The majority of websites were hosted on the servers of Hostex (formerly known as Microlink), the chief expert with the networks and information security department with the Communications regulatory authority (RRT), told BNS. “It seems to be a planned attack. Yet we cannot tell as yet which country it comes from”, he said. The head of RRT networks and information security department told a public radio station that the attackers mostly targeted the websites of private companies. While Lithuanian head of the Cabinet assures that state institutions are prepared for potential cyber attacks, the hackers also broke into the webpage of ruling Social Democrat party, chaired by the prime minister himself. Swear word filled Russian text was displayed with the flag of former Soviet Union in the background in the official website of the Lithuanian Social Democrat party. An analogous break in with the same text and same symbols took place Saturday morning in the official website of the Chief Official Ethics Commission. The Communications Regulatory Authority said Saturday it has no information on who might have broken into the commission’s website and defiled it. Source: http://www.baltictimes.com/news/articles/20723/


34. June 27, Wired Blogs – (National) Hacker launches botnet attack via P2P software. A 19-year-old hacker is agreeing to plead guilty to masterminding a botnet to obtain thousands of victims’ personal data in an anonymous scheme a federal cybercrime official described Friday as the nation’s first such attack in which peer-to-peer software was the “infection point.” The defendant launched the assault last year from his Cheyenne, Wyoming residence, and anonymously controlled as many as 15,000 computers at a time, said the chief of the Cyber and Intellectual Property Crimes Section for federal prosecutors in Los Angeles. As part of the deal, in which a judge could hand him up to five years imprisonment, the defendant has agreed to pay $73,000 in restitution, the government said. “It’s the first time that we know of that peer-to-peer software was used as the infection point,” the cyber chief said in an interview with Threat Level. The malware infection became commonly known as the Nugache Worm, which embedded itself in the Windows OS. According to the plea agreement, the worm was installed in various ways. “All of the data stored on the compromised machines would be available to defendant, including, but not limited to, credit card information,” according to the plea agreement. The agreement also said that he took control of financial accounts of his victims. Source: http://blog.wired.com/27bstroke6/2008/06/hacker-launches.html


Communications Sector

35. June 30, Computerworld – (International) NEC, Tyco plan Japan-U.S. cable. NEC Corp., based in Tokyo and Tyco Telecommunications based in Morristown, New Jersey, announced last week they have begun joint planning work on the Unity undersea high-speed fiber-optic link between the U.S. and Japan. The $300 million effort is funded by Google Inc., Bharti Airtel in New Delhi, Global Transit Communications in Kuala Lampur, KDDI Corp. in Tokyo, Pacnet Internet in Singapore, and Singapore Telecommunications Ltd. The cable will initially contain dual optical-fiber cables for both primary service and backup. It will link Chikura, located off the Japanese coast near Tokyo, to Los Angeles and other sites on the West Coast. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=networking_and_internet&articleId=321299&taxonomyId=16


36. June 27, SC Magazine – (National) Researchers reveal VoIP vulnerabilities. VoIPshield Laboratories has alerted companies that market voice over internet protocol (VoIP) systems of new security vulnerabilities. VoIP vulnerabilities, if successfully exploited, could affect brand reputation, internal productivity, and competitive advantage, researchers said. VoIPshield does not reveal specifics about the vulnerabilities to the public, VoIPshield Laboratories’ chief technology officer, told SCMagazineUS.com on Friday. “We don’t want to give hackers information to work from,” he said. Instead, under its disclosure policy, VoIPshield works with VoIP vendors to assist them in reproducing the vulnerabilities in their labs. VoIPshield classifies the vulnerabilities into different categories -- remote code execution; unauthorized access; denial of service; and information harvesting – and rates them according to their severity. The company said that by passing the information of their vulnerability research, the company hopes that vendors will be able to take action to create patches for potential exploits. Avaya, Cisco, and Nortel have acknowledged the latest vulnerabilities on their websites, and are issuing their own security advisories. VoIP vulnerabilities appear to be increasing because more security researchers are focused on finding them, a Gartner representative told SCMagazineUS.com. “Three to four years ago, there was far less focus on IP telephony vulnerabilities because the IP telephony installed base was much smaller,” he said. “In 2008, most of the widely deployed telephony systems have vulnerabilities that permit DOS attacks, privilege escalation and code execution attacks.” Source: http://www.scmagazineus.com/VoIPshield-reveals-VoIP-vulnerabilities/article/111918/

Department of Homeland Security Daily Open Source Infrastructure Report

Monday, June 30, 2008

Daily Report

• According to the Wall Street Journal, the National Transportation Safety Board’s call for retrofitting planes with fuel-tank designs, like those that exploded in TWA Flight 800, has been bogged down for more than a decade inside the Federal Aviation Administration. (See item 17)

• KVAL 13 Eugene reports that Oregon authorities are tightening security in Eugene in preparation for the Olympic trials. Authorities are setting up metal detectors and using bomb-sniffing dogs to check vehicles and garbage receptacles, and 60 armed officers will be stationed inside the venue. (See item 41)

Banking and Finance Sector

14. June 27, Computerworld – (National) Web firewalls trumping other options as PCI deadline nears. Companies scrambling to comply with a Web application security requirement due to take effect next week appear to be heavily favoring the use of Web firewall technologies over the other options that are available under the mandate, according to analysts. The mandate from the major credit card companies is the latest adjustment to the Payment Card Industry Data Security Standard (PCI DSS). Essentially, it requires all entities accepting payment card transactions to implement new security controls for protecting their Web applications. The controls have been a recommended best practice for nearly two years now, but starting June 30, they will become a mandatory requirement under PCI – especially for so-called Level 1 companies that handle more than 6 million payment card transactions a year. Under the requirement (PCI Section 6.6), merchants can choose to implement a specialized firewall to protect their Web applications, or to perform an automated or manual application code review and fix any flaws found. Companies also have the option of performing either a manual or an automated vulnerability assessment scan of their Web application environment, fixing any problems that are discovered during that process. The 6.6 requirement is designed to address growing concerns about vulnerable Web applications being exploited by malicious attackers to compromise payment data. The controls are supposed to protect Web applications from common threats like SQL Injection attacks, buffer overflows and cross-site scripting vulnerabilities. As with almost every other major PCI deadline so far, though, few companies are expected to be fully compliant with the PCI 6.6 requirement come June 30. But analysts say the companies that are compliant or heading in that direction appear to be favoring the Web firewall option. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9104118&source=rss_news10

15. June 26, Dark Reading – (National) Hacking the call center. The contact center mostly has been forgotten as a potential point of breach – even though customer service representatives take credit card numbers and outsourced help desk workers have access to your databases. That all soon could change. The Payment Card Initiative (PCI), for instance, also applies to call centers that handle credit card data, so PCI is driving a new generation of security tools that encrypt voice call recordings of phone transactions. RSA’s encryption technology, for instance, is now used to encrypt audio recordings handled by call center software vendor Verint Witness Actionable Solutions’ call recording applications. Even so, not all call centers are tuned into PCI, especially the smaller organizations. “We still find a real lack of awareness in the contact center community about PCI,” says the director of solutions marketing for Verint, who says it is mostly the company’s largest call center customers that have been asking about PCI. Verint’s software records calls in the centers. “Because that data is in an unstructured format – a Wave file, for example – companies are just starting to realize that it becomes an area of potential liability for them,” she says. Other products are emerging that come with a “blackout button” feature that prevents the credit-card number from being recorded on the call and thus not stored at the call center, for example. But credit card information is not the only exposure risk at these sites. Outsourcing-based call centers for IT and help desk support pose even more security problems. “This is a bigger and often more overlooked area, where PCI is not an issue. Credit card numbers aren’t involved, but a major issue is they have access to or a copy of your customer database,” says the vice president and research fellow at Gartner. “And many call centers that are outsourced use shared services. The same IT infrastructure that supports you is supporting” other organizations. Source: http://www.darkreading.com/document.asp?doc_id=157627

16. June 26, Finextra.com – (International) Toronto police bust ATM skimming gang. Police in Toronto have busted a sophisticated ATM skimming ring that used a network of ‘debit card laboratories’ to defraud bank customers of hundreds of thousands of dollars. The swoop on the Toronto crime ring followed a six-week surveillance operation and resulted in the arrest of eight local people. The gang used portable card skimmers to capture customer data at the cash machine for later download and transfer to counterfeit cards. The police raid on “two sophisticated labs” netted $120,000 cash and led to the arrest of eight suspects. Computers, skimmers, card-readers, moulding machines, embossers, tippers, counterfeit cards, cameras, overlays and valances, tools, and two-way communications devices were also seized. Theft and counterfeit payment cards have been a growing problem for the Canadian banking industry, which is making a gradual transition to chip-based technology. Police say over $100 million was lost to this type of activity in 2007, which involved 159,000 card holders. Source: http://finextra.com/fullstory.asp?id=18650

Information Technology

36. June 27, Financial – (National) Press Release: Leading IT vendors establish forum to drive global security response excellence and innovation. On June 26, five leading information technology vendors announced the creation of the Industry Consortium for Advancement of Security on the Internet (ICASI), a nonprofit organization that will enhance global IT security by proactively driving excellence and innovation in security response. Founded by Cisco, International Business Machines, Intel Corporation, Juniper Networks, and Microsoft Corp., ICASI provides a unique forum for global companies committed to proactively addressing complex, multi-product security threats and to better protecting enterprises, governments, and citizens, as well as the critical IT infrastructures that support them. According to Intel, the increasing sophistication of attacks and the integration of applications, now common in IT environments, pose real challenges for IT vendors. Online attacks occur more frequently and in more rapid succession, while often spanning international boundaries. To date there has not been a trusted vendor environment that allows companies to identify, assess, and mitigate multi-product, global security challenges together on the customers’ behalf. ICASI aims to fill this void. ICASI does not seek to respond to every product security issue that emerges, but rather the consortium is designed to respond to and ideally reduce the potential customer impact of global, multi-vendor cyber threats.

Source: http://finchannel.com/index.php?option=com_content&task=view&id=15867&Itemid=10

37. June 26, ZDNet Blogs – (International) ICANN and IANA’s domains hijacked by Turkish hacking group. The official domains of ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority were hijacked earlier today, by the NetDevilz Turkish hacking group which also hijacked Photobucket’s domain on June 18. ICANN is responsible for the global coordination of the Internet’s system of unique identifiers. These include domain names, as well as the addresses used in a variety of Internet protocols. IANA is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. NetDevilz left the following message on all of the domains: “You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us? haha :) (Lovable Turkish hackers group).” The following domains were hijacked, and some of them still return the defaced page – icann.net; icann.com; iana-servers.com; internetassignednumbersauthority.com; iana.com. The hackers are once again redirecting the visitors to Atspace.com, 82.197.131.106 in particular, the ISP that they used in the Photobucket’s DNS hijacking. The NetDevilz hacking group seems to be taking advantage of a very effective approach when hijacking domain names, and while they declined to respond to an email sent by Zone-H on how they did it, cross-site scripting or cross-site request forgery vulnerability speculations are already starting to take place. Source: http://blogs.zdnet.com/security/?p=1356

Communications Sector

38. June 27, ars technica – (National) NYPD, cities slam FCC Block D public safety network dream. The emergency managers of key city agencies are weighing in on that troublesome chunk of the 700MHz spectrum reserved for public safety – the D Block – telling the Federal Communications Commission that they can not wait for a lost cause. “The NYPD’s opinion, reinforced by conversations with commercial wireless carriers, is that there is simply no business case for a commercial wireless network operator to build a nationwide network that will meet public safety coverage and survivability standards,” the deputy chief and commanding officer of the New York City Police Department wrote to the FCC. The FCC received the statement on June 19. When the 700 MHz auction ended in mid March, no bidder offered the FCC’s minimal asking price for the block. An FCC audit of the D Block failure concluded that the plan had been loaded with too many expectations and uncertain variables. Now the FCC is running a new proceeding on how to redo the D Block auction, but NYPD says the plan just will not work. “Although public safety and commercial networks may share technology, they do not share the same mission,” the agency wrote. “Conflicts of interest arise that cannot be ignored. Public safety agencies require a robust network that will remain operational during virtually any circumstance; however, commercial network operators are motivated by commercial priorities to build networks that meet commercial requirements.” NYPD notes that the FCC’s first D Block scenario did not require the auction winner to build out a public safety band network in areas where it did not deploy its commercial system, thus making it “extremely unlikely that they would deploy their network in unprofitable rural or remote areas.” NYPD proposes that the FCC just assign portions of the D Block to local or regional public safety agencies. The department has already contracted with Northrop Grumman to build a broadband public safety data network on 2.5GHz leased spectrum, and expects to have the operation running by the end of the year. Source: http://arstechnica.com/news.ars/post/20080627-nypd-cities-slam-fcc-block-d-public-safety-network-dream.html


39. June 26, Associated Press – (National) Wireless hospital systems can disrupt med devices. Wireless systems used by many hospitals to keep track of medical equipment can cause potentially deadly breakdowns in lifesaving devices, such as breathing and dialysis machines, researchers reported Tuesday in a study that warned hospitals to conduct safety tests. Electromagnetic glitches occurred in almost 30 percent of the tests when microchip devices similar to those in many types of wireless medical equipment were placed within about one foot of the lifesaving machines. Nearly 20 percent of the cases involved hazardous malfunctions that would probably harm patients. Some of the microchip-based “smart” systems are touted as improving patient safety, but a Dutch study of equipment – without the patients – suggests the systems could actually cause harm. A U.S. patient-safety expert said the study “is of urgent significance” and said hospitals should respond immediately to the “disturbing” results. The wireless systems send out radio waves that can interfere with equipment such as respirators, external pacemakers, and kidney dialysis machines, according to the study. Researchers discovered the problem in 123 tests they performed in an intensive-care unit at an Amsterdam hospital. Patients were not using the equipment at the time. Source: http://www.mobile-tech-today.com/story.xhtml?story_id=60469

Department of Homeland Security Daily Open Source Infrastructure Report

Friday, June 27, 2008

Daily Report

• The Associated Press reports that Saudi Arabian authorities have arrested this year 520 people with suspected ties to Al Qaeda. Some of those arrested and detained were plotting attacks against an oil installation and “security target.” (See item 1)

• The National Intelligence Council chairman warned that global climate change could sap the country’s military forces – while fueling new conflicts around the world. He also reported that a number of active coastal military installations in the U.S. are at risk for damage, including two dozen nuclear facilities and numerous. (See item 12)

Banking and Finance Sector

Nothing to report

Information Technology

35. June 26, IDG News Service – (International) Antispam group outlines defenses to block botnet spam. A major anti-spam organization is pushing a set of new best practices for ISPs (internet service providers) to stop increasing volumes of spam from botnets. The guidelines, from the Messaging Anti-Abuse Working Group (MAAWG), were drawn up at a meeting in Germany last week and deal with forwarded e-mail and e-mail that is sent from dynamic IP (Internet Protocol) addresses. Many people forward their e-mail from one address to another, a relay that goes through their ISPs mail server. But many ISPs use automated tools that could begin blocking further e-mail to an address if a large volume of e-mail has come through. Legitimate messages would be blocked, too. ISPs can fix this by separating the servers that receive e-mail and ones that then forward e-mail. That way, ISPs can filter out spam coming into the accounts before forwarding, taking a look at the messages, and spotting which ones came from dodgy domains, he said. MAAWG’s second recommendation deals with the long-standing problem of PCs that have been infected with malicious software that sends spam. The PCs are part of botnets, or networks of computers that have been compromised by hackers. After a PC is infected, it will often start sending spam through port 25 straight onto the Internet. That contrasts with legitimate e-mail, which usually goes through the ISP’s mail server first before being sent on. MAAWG’s primary suggestion for ISPs is to block all machines on dynamic IP addresses that are sending e-mail on port 25 outside their own network unless there are special, legitimate circumstances. But MAAWG said that idea may not be possible for some ISPs, and its guidelines offer another alternative: ISPs should share information about their dynamic address space. That would let other ISPs refine their spam filters. Source: http://www.pcworld.com/businesscenter/article/147586/antispam_group_outlines_defenses_to_block_botnet_spam.html

36. June 25, SC Magazine – (International) Szirbi botnet causes spam to triple in a week. Malicious spam has tripled in volume in a week, most of it caused by the Srizbi botnet, according to research by the Marshal TRACE team. In the beginning of June, three percent of total spam was malware. However by the following week, that amount jumped to 9.9 percent. Malcious spam usually contains a URL linking to a malware-serving website. Since February, Srizbi has been responsible for nearly half of all spam, overtaking the previous record holder — the Storm botnet. Srizbi is a pernicious botnet, not just due to its size, but also because it implements an extremely fast mail-sending engine, a senior anti-spam technologist at messaging security vendor MessageLabs said. With Srizbi, botnet authors “moved the engine into the Windows kernel” “This allows it to send more mail per hour than a regular botnet.” Most of the recent malicious spam is capitalizing on two popular ways of social networking. One is to spoof the Classmates.com site by sending messages saying there is an update on friend information. The other is to send a video link with a message stating, “Here’s a link of you doing something stupid.” “The botnet is very good at keeping out of sight,” he added. “It changes frequently, making it more difficult to detect with malware scanners.” Source: http://www.scmagazineus.com/Szirbi-botnet-causes-spam-to-triple-in-a-week/article/111720/

37. June 25, Blocksandfiles.com – (International) USB thumb drives fingered as Trojan carriers. The Japanese newspaper Yomiuri Shimbun reports a local Trend Micro survey that says USB-carried Trojans are on the rise. The most damaging Trojan is called MAL OTORUN1 along with its derivatives. There were 58 infections of this through flash drives in February, which rose to 138 in March, 110 in April, and 150 last month. Source: http://blocksandfiles.com/article/5729

38. June 25, ComputerWorld – (International) Cleaning Chinese malware sites a ‘bigger challenge’ than in U.S., says researcher. More than half the sites spreading malicious code are hosted on Chinese networks, an anti-malware group said Wednesday. Of the over 213,000 malware-hosting sites analyzed last month by Stopbadware.org — a joint effort of researchers at Harvard University, Oxford University and several corporations, including Google Inc. and Sun Microsystems Inc. — 52% were hosted by servers running Chinese IP addresses. Of the top 10 networks serving malicious code, six are Chinese. The U.S. hosts 21% of the malware sites, giving it the dubious honor of second place. Stopbadware.org, which uses data collected by Google’s crawlers, would not speculate on what proportion of the sites, Chinese or otherwise, are deliberately hosting malicious code and what fraction are actually legitimate sites that have been hacked. But the dramatic year-to-year growth in the number of sites serving up malware is likely due to a boom in site hacking. The problem has become so acute, said Microsoft Corp. Tuesday, that it and Hewlett-Packard Co. joined forces to launch free tools that site developers and administrators can use to search for vulnerable code and block incoming attacks Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9103378&taxonomyId=17&intsrc=kc_top

Communications Sector

39. June 26, Xinhua – (International) African countries meet over submarine fiber optic cables. Ten African countries are meeting in Lome, Togo, to explore and work out ways to promote and enhance access to the deployment and use of fiber optic technologies across parts of West and Central Africa, according to official sources. The meeting, which began on Wednesday, will deliberate on ways to spur the implementation of the Agreement for Construction and Maintenance as well as contracts for the supply of the system, approved and signed by the governments of the ten countries. The ten countries, all member states of the Interim Committee for the Management Project of Fiber Optic Submarine Cables (WAFS), are scheduled to meet for two days in a bid to address the issue of communications in the sub-region, according to a statement issued by the organizers of the event. The WAFS project is intended to lay a series submarine fiber optic cables along the West African coast while passing through ten members, including Togo, Benin, Cameroon, Angola, the Republic of Congo, Gabon , Equatorial Guinea, the Democratic Republic of Congo, Botswana, and South Africa. These cables will be interconnected with other fiber optic cables, which are already existent in the West African sub-region. They will be used to provide broadband internet services in each of these countries. Source: http://news.xinhuanet.com/english/2008-06/26/content_8444681.htm

40. June 26, New York Times – (New York) More delays for cameras in subways. Aging fiber-optic cable in Brooklyn and Queens has become the latest obstacle to a planned high-tech system of surveillance cameras meant to safeguard the subway and commuter railroads, according to Metropolitan Transportation Authority officials. The system, which is expected to cost at least $450 million, is a crucial component of a larger program to thwart terrorist attacks on the region’s transportation network, but it has met repeatedly with technical problems and delays. On Wednesday, the authority’s board authorized the replacement of 84,000 feet of old fiber-optic cable, which was installed in the late 1980s. The replacement will cost $5 million and is being done as part of a separate project to build out the subway’s data network. According to a board document, tests on the cable showed that it had “many broken fibers unsuitable to carry the high bandwidth required” to transmit large amounts of data, which hindered the surveillance camera project. The document did not say how long it would take to replace the cable. Source: http://www.nytimes.com/2008/06/26/nyregion/26security.html?ref=nyregion

41. June 25, Network World – (National) Avaya, Cisco and Nortel face VoIP vulnerabilities. Voice-over-IP (VoIP) customers of Avaya, Cisco, and Nortel should look Wednesday for patches that correct newly found vulnerabilities that, if exploited, can result in remote code execution, unauthorized access, denial of service, and information harvesting. The vulnerabilities were found by VoIPshield Laboratories, the research division of VoIPshield Systems Inc., and reported earlier to the three vendors to give them time to develop patches for the flaws, said the president and chief executive officer of VoIPshield. He would not reveal more details because his company and the affected VoIP vendors agreed to a simultaneous announcement. Details of the vulnerabilities and the vendor responses are scheduled to be released Wednesday at noon Eastern Standard Time. The vulnerabilities affect voice servers -- VoIP PBXes -- and softphone software that runs on laptops and desktops. VoIPshield ranks most of the vulnerabilities found as either critical or high, the two most severe rankings on its four-step scale. Avaya, Cisco, and Nortel were chosen for vulnerability testing because they represent the bulk of IP PBX sales in North America. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9103318&taxonomyId=17&intsrc=kc_top