Wednesday, January 23, 2008

Daily Report

• USA Today reported that this month, handheld black lights and magnifying glasses will be distributed to airport screeners at the nation’s 800 airport checkpoints. These will be used to spot possible forgeries or tampering. (See items 12)

• According to Homeland Security Today, security for Super Bowl XLII is being described as “unprecedented,” and will include both covert and overt measures. The federal government’s terrorism threat assessment of the upcoming game makes clear that, while the Intelligence Community “has not identified a credible terrorist threat to Super Bowl XLII and its related events,” one of the three “key findings” of the nine-page threat assessment is that “the threats of greatest concern” during events like this “include individuals impersonating law enforcement and other security personnel and insiders to facilitate attacks.” (See item 27)

Information Technology

25. January 21, Computerworld – (International) The Internet is down -- now what? According to the recent Business Roundtable report, “Growing Business Dependence on the Internet — New Risks Require CEO Action,” there is a 10 to 20 percent chance of a “breakdown of the critical information infrastructure” in the next 10 years, brought on by “malicious code, coding error, natural disasters, [or] attacks by terrorists and other adversaries.” An Internet meltdown would result in reduced productivity and profits, falling stock prices, erosion of consumer spending and potentially a liquidity crisis, the report says. The organization based its conclusions on earlier risk analyses done by the World Economic Forum in Geneva. The director of public policy at The Business Roundtable, an association of CEOs from large U.S. companies, says business executives often fail to realize how dependent they have become on the public network — for e-mail, collaboration, e-commerce, public- facing and internal Web sites, and information retrieval by employees. He also notes that disaster recovery and business continuity plans often fail to take into account the threat an Internet disruption poses to a company and its suppliers. Moreover, business executives often mistakenly believe that government will take the lead in restoring network services in the face of an Internet failure, he says. “What we wanted to do in this report is say to CEOs, ‘You may not realize that whole segments of your business are almost completely dependent on the Internet, and it’s not enough to have a few IT specialists to help you respond to problems as they come up.’”
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=309873&intsrc=hm_list

Communications Sector

26. January 22, TechWorld.com – (National) Malicious MMS worm hits Nokia handsets. Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks. Fortinet’s threat response team warned on Monday that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include the Nokia 6600, 6630, 6680, 7610, N70, and N72 handsets. The malware is disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3, or Love.rm. Fortinet warned this is deceiving users into unknowingly installing the malicious software onto their phones. Unlike Microsoft Windows, SymbianOS types files based on their contents and not their extensions, so it is worth noting that recipients of infected MMS would still be presented with an installation dialogue upon “clicking” on the attachment. “Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software,” warned Fortinet. After installation, the worm harvests all the phone numbers located in the phone’s contact lists and targets them with a viral MMS carrying a SISpacked (Symbian Installation Source) version of the worm. In addition to harvesting these numbers, the malware also sends itself to generated numbers as well. Interestingly, all these numbers are located in China so far and belong to the same mobile phone operator. Some of these numbers have been verified to belong to actual customers, rather than being premium service numbers. The manager of Fortinet’s Threat Response Team, EMEA, and the man who conducted the research and discovered this malicious activity, told Techworld that this is not just another ‘theoretical’ mobile worm that nobody will ever encounter. “It is actual spreading in the wild,” he said, “although numbers are still pretty low.”
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=mobile_and_wireless&articleId=9058330&taxonomyId=15

Tuesday, January 22, 2008

Daily Report

• The According to Network World and other sources, the Federal Energy Regulatory Commission Friday approved eight “critical infrastructure protection” standards intended to protect the electric-power grid operated by the nation’s utilities from coming under cyberattack. The final, complete text of FERC’s regulatory order is expected out in the next few days, and the commission did indicate it expected the energy industry to improve its power-control systems, if need be, to meet the new security guidelines, in spite of previously voiced concerns. (See item 2)

• CBS News reported that the FAA called an emergency meeting after another near mid-air collision at New Jersey’s Newark Liberty Airport Wednesday, the second near miss in two months. The FAA is investigating the incident and the possibility that a “procedural error” caused a temporary loss of communication with one of two Continental Airlines flights that at one point came within 600 feet of each other. (See item 13)

Information Technology

25. January 18, Computerworld – (International) Skype plugs critical bug with temp move. Hackers can exploit newly uncovered vulnerabilities in Skype Ltd.’s popular chat and VoIP software to overtake a Windows PC, security researchers said Thursday. By Friday morning, Skype had confirmed one of the bugs, slapped the highest-possible vulnerability rating on it and temporarily disabled the feature used to exploit the flaw. Early on Thursday, a noted Israeli researcher had spelled out what he called a “cross-zone scripting vulnerability” in Skype that could be leveraged by attackers armed with malicious video files. The way in, he explained, was through a security door that Skype left wide open. “Skype uses [Microsoft Corp.’s] Internet Explorer Web control to render internal and external HTML pages,” he said Thursday. If an attacker manages to inject a malicious script into any of those HTML pages, he can completely compromise the machine. In a demonstration, he posted a video file to the Dailymotion video-sharing service that, when called using the software’s Add Video to Chat feature, runs harmless arbitrary code. The exploit relied on a separate cross-site scripting vulnerability on Dailymotion, which is one of Skype’s video partners. The innocuous demo, however, could be replaced by attack code of the hacker’s choice. “An attacker can now upload a movie, set a kewl popular keyword, and own any user that will search for a video with those keywords through Skype,” he noted. Early Friday, Skype posted a security advisory that acknowledged the cross-zone scripting bug, saying that it affected all Windows versions of the software, including 3.5 and the most-up-to-date 3.6. Skype also pegged the flaw as a “10” in the Common Vulnerability Scoring System, the highest rating allowed by the security industry’s standard bug ranking system. Skype does not yet have a patch in place; so instead, it simply shut off access to Dailymotion. “Skype has temporarily disabled users’ ability to add videos from Dailymotion gallery until an official fix has been made available,” the security bulletin said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9057778&source=rss_topic17

26. January 17, IDG News Service – (National) Attack code released for critical Windows flaw. In what may be the first step toward a major security problem, security researchers have released attack code that will crash Windows machines that are susceptible to a recently patched bug in the operating system. The code is not available to the general public. It was released Thursday to security professionals who use Immunity’s Canvas computer security testing software. It causes the Windows system to crash, but does not let the attacker run malicious software on the victim’s system. “It reliably crashes Windows machines,” said Immunity’s chief technology officer. “In fact, it blue-screened our print server by accident -- this is a broadcast attack, after all.” That is the biggest concern for security experts who worry that a more dangerous attack may soon follow as researchers dig further into the vulnerability. The bug is particularly troublesome for two reasons. First, it affects a widely used Windows component that is turned on by default. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack. Microsoft patched the flaw in its MS08-001 update, released last week, but it takes time for enterprise users to test and install Microsoft’s patches. The flaw lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and the MLD (Multicast Listener Discovery) protocol, which are used to send data to many systems at the same time. The protocols are used by a range of applications including messaging, Web conferencing and software distribution products. Source: http://www.networkworld.com/news/2008/011708-attack-code-released-for-critical.html

27. January 17, InformationWeek – (National) Yahoo’s CAPTCHA security reportedly broken. Yahoo may soon see a surge in spam coming from Yahoo Mail accounts. “John Wane,” who identifies himself as a Russian security researcher, has posted software that he claims can defeat the CAPTCHA system Yahoo uses to prevent automated registration of free Yahoo Mail accounts. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a technique that presents an image depicting distorted text that people, but not machines, can identify. Large e-mail service providers like Google, Microsoft, and Yahoo present CAPTCHA images to users signing up for new accounts to make sure that there is a real person behind the registration information. These companies do so to discourage spammers from using automated methods to register thousands of free online accounts to send spam. CAPTCHAs are also used to prevent spam in blogs and other online forums, automated ballot stuffing for online polls, and automated password guessing attacks. “Few months ago, we received information that [a] Yahoo CAPTCHA recognition system exists in the wild with the recognition rate about 30%,” Wane says in a blog post. “So we decided to conduct few experiments. We explored Yahoo CAPTCHA and designed a similar system with even better recognition rate (about 35%).” Various automated methods exist to defeat CAPTCHA schemes, but the CAPTCHAs used by Google, Microsoft, and Yahoo have remained difficult for computers to crack. If the software works as advertised, and it is not clear that it does, it could force Yahoo and other companies to spend yet more money to defend against spammers. Source: http://www.informationweek.com/management/showArticle.jhtml;jsessionid=OABRKDXIVXPNAQSNDLPSKH0CJUNN2JVN?articleID=205900620

Communications Sector

28. January 18, RCR Wireless News – (National) National Research Council calls for further studies on cellphone radiation. A National Research Council report calls for more research into the potential health effects of long-term exposure to radiation emitted by cellphones and other wireless devices, with U.S. scientists anxious to gather more data on any risks posed to children, pregnant women and fetuses by handsets as well as base station antennas. “Although it is unknown whether children are more susceptible to radio-frequency exposure, they may be at increased risk because of their developing organ and tissue systems,” the NRC stated in a press release. “Additionally, specific absorption rates for children are likely to be higher than for adults, because exposure wavelength is closer to the whole-body resonance frequency for shorter individuals. The current generation of children will also experience a longer period of RF field exposure from mobile-phone use than adults, because they will most likely start using them at an early age. The report notes that several surveys have shown a steep increase in mobile-phone ownership among children, but virtually no relevant studies of human populations at present examine health effects in this population.”
Source: http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20080118/FREE/192540885/1005