Tuesday, February 19, 2008

Daily Report

• According to NBC News and MSNBC, a man gunned down five people last Thursday inside a lecture hall at Northern Illinois University before killing himself. Police said the man had recently “become erratic” after halting his medication and carried a shotgun to campus inside a guitar case. The university’s president said he knew of no connection between the attack and threats scrawled on a dormitory bathroom wall in December. (See item 27)

• The Associated Press reports that the FBI has put its domestic terror squads on alert for any threats against synagogues and other potential Jewish targets in the U.S. following the killing of a Hezbollah commander last Tuesday. U.S. law enforcement officials say there have been no specific threats so far against any Jewish centers. (See item 33)

Information Technology

29. February 14, Associated Press – (National) Use of rogue DNS servers on rise. Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc. The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means that people with compromised computers are sometimes being directed to the wrong Web sites – and often have no idea. The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society’s Network and Distributed System Security Symposium in San Diego. The fraud works like this: When a user with an affected computer tries to go to, for example, Google’s Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers. The hackers who hijack DNS queries are looking to steal personal information – from e-mail login credentials to credit data – and take over infected machines. The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos. The DNS system is a critical part of the Internet’s infrastructure, used to make sure computers know how to contact each other. People usually automatically use the DNS servers of their Internet providers, but the recent wave of attacks modifies the settings on victims’ computers to send traffic to rogue DNS servers.


30. February 14, Techworld – (National) ‘Critical’ Linux kernel bugs discovered. Security researchers have uncovered “critical” security flaws in a version of the Linux kernel used by a large number of popular distributions. The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory. They could be exploited by malicious local users to cause denial of service attacks, disclose potentially sensitive information, or gain “root” privileges, according to security experts. The bug affects all versions of the Linux kernel up to version, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian, and others are affected. The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia. “In the 2.6.23 kernel, the system call functionality has been further extended resulting in ... critical vulnerabilities,” said iSEC Security Research in an advisory. Secunia disagreed about the bugs’ seriousness, giving them a less critical ranking. Exploit code for the vulnerabilities has been released publicly on the hacker site milw0rm.com, and Core Security Technologies has also developed a commercial exploit for the bugs, researchers said. Researchers advised system administrators to update their kernels immediately. Last month, a U.S. Department of Homeland Security bug-fixing scheme uncovered an average of one security glitch per 1,000 lines of code in 180 widely used open-source software projects. Secunia also previously discovered that the number of security bugs in open-source Red Hat Linux operating system and Firefox browsers far outstripped comparable products from Microsoft last year.

Communications Sector

31. February 14, IDG News Service – (National) Most analog cellular to fade away on Monday. You may think of sunsets as something nice to look at, but if you have an older cell phone or a home alarm system, there is one coming up on Monday that may not be so pretty. That day, the U.S. Federal Communications Commission will let mobile operators shut down their analog networks. It is called the “analog sunset” because those Advanced Mobile Phone System (AMPS) networks – which were first deployed in the 1980s and brought cellular service to millions of Americans – will finally disappear behind the digital networks that serve almost all mobile phones in use today. The biggest U.S. mobile operators, AT&T Wireless and Verizon Wireless, will close down their analog networks that day. At the same time, AT&T will turn off its first digital network, which uses Time-Division Multiple Access technology. (Sprint Nextel and T-Mobile USA do not have analog networks.) Calls to some small, rural mobile operators indicated that most of them plan to shut down AMPS, too. There are not many mobile phones out there that will go dark after the analog sunset, according to the big carriers, which have been warning subscribers about the change for months and offering them incentives to switch over. However, AMPS is not only used for cell phones. Many alarm companies use the system to alert police or fire departments to emergencies at homes or businesses. About three years ago, the Alarm Industry Communications Committee (AICC) industry group took a survey which revealed that just fewer than one million of the approximately 30 million monitored home and business alarm systems used an analog cellular network. About 850,000 of them used the system only as a backup in case the phone line was cut, he said. Alarm manufacturers are now replacing many of those analog systems with digital ones, said an AICC representative.

32. February 14, Reuters – (National) Mobile industry sees new security risks. Security systems can now block the first computer viruses attack on cell phones, but the mobile industry sees new risks stemming from upcoming open software platforms such as Google’s Android. Since 2004, viruses have been able to disable phones or swell phone bills through pricey messages or unwanted calls, leading to a new security technology market. “If Android becomes a fully open platform ... and when such a platform becomes more common, risks are greater than with the current platform kings such as Symbian,” said the head of research at security software firm F-Secure. Security specialists also pointed to potential risks arising from Apple’s plans to open its software platform to third party developers this month. While the risk of a cell phone getting infected is still relatively small, thousands of phones have seen problems. One in seven global mobile users has already been exposed to mobile viruses, either directly or they know someone whose phone has been infected, according to a McAfee study. Since the first mobile virus appeared in 2004, the number of different viruses, worms, or other types of malware has reached 395, F-Secure said, adding that the number of malware has increased only slightly in the last 12 months.