Thursday, June 12, 2008

Daily Report

• The Chicago Tribune reports that debris as small as a pebble on a runway poses a greater safety hazard on runways than plane collisions. The airline industry estimates that runway debris causes at least $1 billion in damage to commercial aircraft and it affects planes in about 70,000 incidents each year. (See item 17)

• WOWK 13 in Charleston reports that the West Virginia Department of Military Affairs and Public Safety, Homeland Security, and dozens of emergency offices across West Virginia will practice an emergency drill on how to deal with millions of people evacuated from the Washington - Baltimore region. (See item 29)

Banking and Finance Sector

12. June 10, Columbia Tribune – (Missouri) Phishing scam targets Central Missouri bank. Spammers are using Boone County National Bank’s logo in an e-mail message that asks recipients to click on a hyperlink and enter personal information. The message, which says “Notice” in the subject line, says that a statement is available for viewing and provides a link to access the statement. Although the bank’s name is spelled correctly in the logo, the message says, “Boone Country National Bank.” Source:

Information Technology

30. June 11, Associated Press – (National) Security hole exposes utilities to Internet attack. Attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, experts with Boston-based Core Security Technologies reported Wednesday. Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem. But the vulnerability could have counterparts in other so-called supervisory control and data acquisition, or SCADA, systems. And it is not clear whether all Citect clients have installed the patch. SCADA systems remotely manage computers that control machinery, including water supply valves, industrial baking equipment and security systems at nuclear power plants.Customers that use CitectSCADA include natural gas pipelines in Chile, major copper and diamond mines in Australia and Botswana, a large pharmaceutical plant in Germany and water treatment plants in Louisiana and North Carolina. For an attack involving the vulnerability that Core Security revealed Wednesday to occur, the target network would have to be connected to the Internet. That goes against industry policy but does happen when companies have lax security measures, such as connecting control systems’ computers and computers with Internet access to the same routers. A rogue employee could also access the system internally. Source:

31. June 11, TechNews World – (International) The Storm Worm’s elaborate con game. Security researchers at Cisco’s IronPort say they have pieced together the complex con operation behind the Storm Worm, a persistent Web threat. The botnet’s purpose, they say, was essentially to act as a virtual dealer of prescription – and often bogus – medication, sometimes enlisting work-from-home employees who thought they were doing legitimate tasks. Despite their discovery of a direct link to the funding sources behind the infamous Storm Virus, IronPort Systems researchers are doubtful law enforcement will ever catch the perpetrators. Still, improving technologies may help to block its continuing spread. IronPort announced its discovery of an online criminal ecosystem comprised of illegal pharmaceutical supply chain businesses that recruit botnets to send spam promoting their Web sites. By converting spam into high-value pharmaceutical purchases, these supply chain enterprises allow the monetization of spamming botnets, providing an enormous profit motivation for botnet attacks and continuous innovation. IronPort’s study points to these fake drug traffickers as large sources of funding for Storm virus technology. Among the more insidious related criminal activities involves the enlistment of workers to collect and deliver funds from phishing and fraud schemes that have been initiated through the Storm virus. Source:

32. June 11, TradeArabia News Service – (International) IronPort detects new trojan horse. IronPort Systems, a leading e-mail and web security products provider, has detected a new malicious Trojan Horse program. IronPort’s S-Series Web Reputation Filters were able to capture, identify, report and respond against the new internet threat, which uses a fake anti-spyware website,, to lure internet users to download a phony scanner containing the Trojan, the company said. It said the program has not been identified by other leading web security systems. The bogus website claims to be a free fix for a spyware; users who accept the offer unsuspectingly download the malicious Trojan. Unlike infectious malicious programs such as viruses, such Trojan horse codes do not propagate by self-replication but instead rely on the exploitation of an end-user. IronPort’s latest discovery reflects the prevalence of malevolent social engineering throughout the internet, where trickery is used to gather information or gain access to computer systems via the web. Source:

33. June 11, ZDNet Blogs – (International) Proof of Concept “carpet bombing” exploit released in the wild. In what appears to be an attempt to provoke Apple to reconsider its currently passive position on the severity of the dubbed as “carpet bomb” flaw, a working Proof of Concept exploit code has been released at a security blog. Safari for Windows puts downloads automatically to Desktop, which can potentially make a mess of Desktop. The security blog also mentions a new security threat in Safari for Windows, different than the “blended threat” described by Microsoft, and summarizes the whole fiasco about who is responsible for what: “Safari for Windows puts downloads to Desktop by default without a dialog box (such as the “File Download” dialog box in IE). Well, this is in fact a quite reasonable and convenient feature - downloading and saving requested file to user’s Desktop by default. This feature itself does not constitute a mistake. What really makes the “blended threat” is some problem in loading program library files (DLL) by Windows Internet Explorer (and probably others).” Source:

34. June 11, Associated Press – (International) Virus may be an extra on new high-tech gadgets. Some of today’s most popular gadgets are landing on store shelves with some unwanted extras from the factory – pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam. Computer users have been warned for years about virus threats from downloading suspicious files and opening suspicious e-mail attachments. Now they run the risk of picking up a digital infection just by plugging a new product into their PCs. Recent cases reviewed by the Associated Press include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear. In most cases, Chinese factories – where many companies have turned to keep prices low – are the source. Source:

35. June 10, Redmond Channel Partner – (National) Microsoft releases 7 patches, 3 critical. Microsoft released seven patches for its June rollout of security fixes. As expected, three are labeled “critical,” three “important” and one “moderate.” In total, the patches address about 10 separate vulnerabilities. All of the critical items plug holes vulnerable to remote code execution (RCE) exploits in Windows programs interacting with wireless protocol using voice and data for Bluetooth, Internet Explorer and Microsoft DirectX, an application programming function in Windows. Meanwhile, the important fixes are designed to block elevation of privilege and denial of service from would-be hackers in Windows Internet Name Service, Active Directory and Pragmatic General Multicast, a transport protocol in Windows programs used for file transfer and streaming media. The moderate patch applies to the kill bit function in Windows programs, a method by which a user can shut off an ActiveX control in IE. But it is the Bluetooth vulnerability, experts say that is most important to patch because it exemplifies the relatively nascent attack vector of wireless peripherals. “[The Bluetooth vulnerability] is noteworthy because user interaction is not required,” said a senior research manager for Symantec. “All that is required is for the device to have Bluetooth on and to be within range of the attacker. That’s something IT guys should look at first.” Source:

Communications Sector

36. June 10, Vermont Public Radio – (Vermont) State government demands explanation for Internet outages. State government demanded an explanation on Tuesday for a series of outages that knocked out Internet service across Vermont. Vermont’s Public Service Commissioner O’Brien made the demand in a formal letter to Level 3 Communications, the Colorado company that operates a the telecommunications network. There has been a failure in the Level 3 network three times in the past three weeks, including an outage of about a half hour Tuesday. The failures made it impossible for customers to access the Internet or make long-distance telephone calls unless they had a backup. The Commissioner says one of the state’s major concerns is the apparent lack of redundancy in Level 3’s network. He says it should have backup systems that would kick in when a problem crops up. Source:

37. June 10, WRAL 5 Raleigh – (North Carolina) Wilson residents get access to city-owned network. Wilson residents began signing up for community-provided internet, cable and phone service Tuesday. Over the past few years, the city has installed hundreds of miles of fiber-optic lines to create a network that competes with Time Warner. Wilson officials believe high-speed Internet technology is crucial to attracting new businesses. Soon the city will offer high-speed Internet, phone service and cable TV to any business or home in the city limits. Wilson officials said the fiber-optic network will be self-supportive and use no tax money. Only residents who choose to subscribe will pay for the system. Source:

No comments: