Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, July 24, 2008

Complete DHS Daily Report for July 24, 2008

Daily Report

• More than 75 percent of the bank Web sites surveyed in a University of Michigan study had at least one design flaw that could make customers vulnerable to cyber thieves after their money or even their identity. (See item 10)

• The national stockpile of antidotes is being built, the federal government is working with companies to develop vaccines and antidotes to biological threats and more technology is needed to detect an airborne biological hazard. (See item 32)

Banking and Finance Sector

9. July 23, Deseret News – (National) FBI warns of new e-mail scam. The Salt Lake City office of the Federal Bureau of Investigation (FBI) is warning of an e-mail scam purporting to come from the FBI director. It claims that a large amount of money has been deposited into customers’ bank account and that the FBI wants to know if it is terrorist-related. “The FBI advises the best thing to do if you receive this e-mail or one similar is to immediately file a complaint with the FBI, then delete it and ignore it,” an FBI Special Agent said in a statement. Source:,5143,700245267,00.html

10. July 23, Science Daily – (National) Potentially serious security flaws found in most bank websites. More than 75 percent of the bank Web sites surveyed in a University of Michigan study had at least one design flaw that could make customers vulnerable to cyber thieves after their money or even their identity. The study examined the Web sites of 214 financial institutions in 2006. These design flaws stem from the flow and the layout of these Web sites, according to the study. The flaws include placing log-in boxes and contact information on insecure web pages as well as failing to keep users on the site they initially visited. A researcher said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement. The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts. The design flaws that the team looked for are: placing secure login boxes on insecure pages, putting contact information and security advice on insecure pages, having a breach in the chain of trust, allowing inadequate user IDs and passwords, and e-mailing security-sensitive information insecurely. Source:

11. July 22, Web Host Industry Review – (National) Phishing attack uses Vegas theme. Internet intelligence firm Envisional has warned online banking customers about a new Vegas-themed phishing fraud that dupes them into revealing credit card information through fraudulent emails. The criminals behind the attacks claim to be from Visa, MasterCard and American Express and offer email recipients the chance to win $100,000 or an all-inclusive Las Vegas holiday package. Most phishing attacks come in the form of spam emails addressed to customers of a particular bank and manage to trick a few dozen victims. However, this new tactic threatens more victims, because it uses a single email to target online account holders with any one of 12 major banks, and appears to be more legitimate in that it allows the victim to personally select the right bank from a drop-down list. Envisional analysts say the latest email appears to be from an online travel website, with photos and write-ups depicting grand Las Vegas hotels. Those who click through to the website that offers further information are invited to choose their bank from a drop-down list, making them susceptible to phishing attacks. One further click takes them to a fraudulent web page that mimics the log-in page of the bank in question, with the username in one slot and password in the other. Source:

Information Technology

36. July 23, Independent – (International) Virus ‘has infected major Government websites’. Key U.K. Government websites have been infected by a virus that allows cyber-criminals to steal browsers’ personal details, it was reported today. More than a thousand government and consumer sites are said to have been hit, including some run by the National Health Service and a local council. The Times Online said the hackers are Eastern European and that security experts estimate at least two million computers worldwide have been affected. It reports that the Asprox virus is unlink other viruses; it sits undetected on mainstream sites and automatically installs itself on a user’s computer potentially allowing the hackers to have access to financial information. The director of malware research at SecureWorks, said Asprox “appears to be trying to build up the size of the botnet, infecting people through web pages by adding an IFRAME.” According to, the attacks occur on websites that are running Microsoft SQL-SVR (Server) that already have some sort of vulnerability. Source:

37. July 23, IDG News Service – (California) San Francisco’s mayor gets back keys to the network. San Francisco’s mayor met with a jailed IT administrator on Monday, convincing him to hand over the administrative passwords to the city’s multimillion-dollar wide-area network (WAN). The man made headlines last week when he was arrested and charged with four counts of computer tampering, after he refused to give over passwords to the Cisco Systems switches and routers used on the city’s FiberWAN network, which carries about 60 percent of the municipal government’s network traffic. Childs, who managed the network before his arrest, has been locked up in the county jail since July 13. The mayor secured the passwords without first telling Department of Telecommunications and Information Services (DTIS) about the meeting, according to DTIS’ chief administrative officer. The department now has full administrative control of the network, he said in an interview Tuesday night. Source:

38. July 23, IDG News Service – (National) With DNS flaw now public, attack code imminent. One day after a security company accidentally posted details of a serious flaw in the Internet’s Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon. Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said the chief technology officer at security vendor Immunity Inc. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. The author of one widely used hacking tool said he expected to have an exploit by the end of Tuesday. In a telephone interview, the author of the Metasploit penetration testing software agreed that the attack code was not going to be difficult to write. Source:

Communications Sector

39. July 23, Buffalo News – (New York) Strike possible Aug. 2 at Verizon. Union workers at Verizon have authorized a strike if talks fail to reach an agreement with the phone company by August 2, when the current contract expires. The Communications Workers of America (CWA) approved the strike authorization by a 91 percent vote, the union said Monday. Another phone-workers union, the International Brotherhood of Electrical Workers (IBEW), previously authorized a strike on July 11 if talks fail. The CWA and the IBEW are in talks with Verizon to replace their current five-year contracts. A total of 65,000 union workers from Virginia to Maine are covered by contracts that expire August 2. In Western New York, the two unions represent nearly 2,800 workers who install lines, maintain equipment and answer customer service calls at Verizon. Verizon said that contingency plans are in place to continue phone service in the event of a strike, and called the authorization votes a routine action. Source:

40. July 23, Tech Herald – (National) RIM offers critical patch for BlackBerry. Research in Motion (RIM) has released a security patch for businesses that rely on its BlackBerry PDA. The patch addresses vulnerabilities in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5 and BlackBerry Professional Software 4.1.4.A vulnerability exists in the PDF distiller of some versions of the BlackBerry Attachment Service. An e-mail message containing a specially crafted PDF file, which, when opened for viewing on a BlackBerry, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on. Rated ‘Critical,’ with a Common Vulnerability Scoring System (CVSS) score of 9.0, RIM advises everyone to patch as soon as possible. Source:

No comments: