Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, July 10, 2008

Daily Report

• The Department of Homeland Security has solicited a proposal from a Canadian security company to develop a passenger stun bracelet. The bracelet is intended to incapacitate wearers on remote command and will allow crew members, using radio frequency transmitters, to quickly and effectively subdue hijackers. (See item 7)

• The U.S. Food and Drug Administration wants to add a “black box” warning detailing an increased risk of suicide connected with drugs used to treat seizures in people with epilepsy. (See item 19)

Banking and Finance Sector

Nothing to report

Information Technology

25. July 9, Register – (International) Zero day Word flaw exploited by Trojan. Microsoft warns that an unpatched Word vulnerability has become the subject of targeted attacks. The flaw - which is restricted to Microsoft Office Word 2002 Service Pack 3 - creates a mechanism for hackers to inject hostile code onto vulnerable systems. Redmond has published workarounds as a stop-gap measure while its researchers investigate the flaw in greater depth. In the meantime, Microsoft is keen to downplay alarm. “At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability, but we will continue to track this issue,” a post on its security response blog explains. The vulnerability has appeared in a number of samples on malware. A widening number of anti-virus firms have issued signature updates to defend against the threat. Symantec, acting on samples sent to it by handlers at the SANS Institute’s Internet Storm Centre, was the first to publish an advisory. The timing of the arrival of the exploit means Microsoft had insufficient time to respond before its regular Patch Tuesday update, a factor that’s unlikely to be a coincidence. The details of the flaw are still under investigation and will probably be withheld until a fix is unavailable. It is also unclear who the attack is targeting, though historically unpatched Word exploits are a particular favorite of Chinese hackers. Source:

26. July 8, TechWorld – (National) Botnets winning spam wars, says report. The world’s anti-spam systems are fighting a furious but hopeless battle against botnet spam, a new threat analysis from Commtouch has claimed. According to Commtouch’s zombie monitor, by the time that reputation and source analysis systems have identified compromised PCs and servers responsible for sending the spam that floods the Internet every day, most botnets will have shifted to using new machines. Given that the company reports there being an average of 10 million botnet ‘zombies’ active on any one day in the second quarter of 2008, the only way to of stem the spam tide is to filter it out in a reactive way using costly technologies at the ISP or gateway level. ISPs, meanwhile, are struggling to deal with the silent flow of outbound spam from their subscribers, leaving some at risk of having their IP address ranges blacklisted by other providers. This appears to be more of a problem for ISPs in developing countries, though two ISPs,, and Verizon, were identified by Commtouch as having, respectively, over 1.2 million, and 500,000 active zombies on their networks over a 30-day period. If the volume of spam being sent by compromised hosts shows no sign of slowing, botnets have continued to evolve in other ways. In the last month, Turkey has claimed the number one spot for having the most zombies between April and June of this year, followed by Brazil, Russia, Italy, and India. The U.S. is some way down the field in ninth place, a reflection of the fact that users there now have better protection against malware, with the UK for once not registering a separate entry in the top 20. Source:

27. July 8, Computerworld – (National) DNS hole prompts synchronized patching effort by IT vendors. In a rare synchronized security move, Microsoft Corp., Cisco Systems Inc. and other IT vendors today released software patches aimed at addressing a fundamental design flaw in the Domain Name System (DNS) protocol used to direct traffic on the Internet. The so-called DNS cache poisoning flaw was discovered earlier this year by a researcher at security services firm IOActive Inc., but it was not publicized until Tuesday. The vulnerability could allow attackers to redirect Web traffic and e-mails to systems under their control, according to the researcher, who said in an interview that the flaw exists at the DNS protocol level and affects numerous products from multiple vendors. Virtually every domain name server that resolves IP addresses on the Internet is vulnerable to the flaw and needs to be patched against it as quickly as possible to avoid potentially serious problems, such as companies having all of their network traffic re-routed to malicious Web sites or having employee e-mails captured by attackers, he said. Source:

Communications Sector

28. July 9, Tulsa World – (Oklahoma) Rock ‘n’ roll festival in Pryor may have cell towers reeling. Busy signals and dropped calls may be the norm in Pryor this week as a five-day music festival kicks off there Wednesday. Mayes County officials are expecting more than 100,000 people calling, texting, and sending pictures from their cell phones during the festival to jam area towers. “Cell phone towers can only handle so many calls,” said Mayes County’s emergency management director. “It’s causing us some problems.” The issue first came up last month during the four-day Country Fever music festival. He said it was the first time it has happened in that event’s six years. The mayor said dropped calls are becoming more frequent in the Pryor area, adding that he thinks more cell phone towers may be needed to accommodate increased cell-phone use in the area. Source:

No comments: