Friday, February 22, 2008

Daily Report

• According to the Reuters, Radioactive caesium chloride used in medical and research equipment can be used as a deadly ingredient in a “dirty bomb,” and U.S. leaders should try to curb its use, the U.S. National Research Council (NRC) said on Wednesday in a report commissioned by Congress. (See item 6)

• ABC Action News Tampa reports a Clearwater man trying to board a Southwest Airlines flight was arrested over the weekend after airport police found a box-cutter knife hidden inside a hollowed out book, according to airport officials. The man was attempting to go through a security checkpoint inside Concourse C Sunday around 7:30 am when a TSA screener saw the knife inside his backpack, according to his arrest report. (See item 14)

Information Technology

28. February 21, IDG News Service – (International) McAfee: Virus writers going local. Over the past two years, virus writers have increasingly targeted their malicious programs to users in different regions of the globe, creating programs that are specially designed to infect users in countries like Japan, Brazil, China, or Germany. The “taunting Trojan,” which goes after users of the Winny file-sharing program is an example of this phenomenon. Winny is file-sharing software that is incredibly popular in Japan, but virtually unknown outside of the region. Still, it has been the target of several malware programs, according to a security research and communications manager for McAfee Avert Labs. Previously, attackers would write programs that would affect the largest possible number of users, but that is no longer necessarily the case, he said. “What we’ve noticed over the last couple of years is that a growing amount of malware is localized.” McAfee believes that there are a few reasons behind this shift. For one thing, writers no longer want the worldwide attention and law enforcement action that was garnered by outbreaks such as Sasser and Netsky. And with users becoming more wary, hackers have to be crafty with their attacks – creating more targeted malware that victims are unlikely to have seen before. Another factor is that criminals are increasingly targeting their attacks to regions that have weak cybercrime enforcement, McAfee believes.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9063739&taxonomyId=17&intsrc=kc_top

29. February 21, Canwest News Service – (International) Quebec police bust alleged hacker ring. Quebec provincial police said Wednesday they have dismantled what they called the largest and most damaging computer-hacking network ever uncovered in Canada. During several action-packed early-morning hours Wednesday, provincial police and Royal Canadian Mounted Police officers dismantled the latest hacking ring by successfully carrying out 17 lightning-fast raids in 12 towns across Quebec, including Montreal. They collared 17 hacking suspects aged 17 to 26. All are male except for one, a 19-year-old woman. Police raiding parties also sealed and carted away dozens of hard drives and other computer components from the homes of each of the suspects. The actions of the group acts caused an estimated $45-million Candian in damages to governments, businesses, and individuals.
Source:
http://www.nationalpost.com/news/story.html?id=322372

30. February 20, Times – (International) Hacker breaks link between iTunes and the iPod. Software letting iTunes users copy music and video to mobile phones has been released by the notorious Norwegian hacker known as DVD Jon. The program allows people to drag and drop songs from iTunes into a folder on their desktop, which in turn copies the files to other devices such as mobile phones and games consoles via the web. In doing so, the software breaks the copy protection – known as ‘digital rights management’ or DRM – that is built into all music that is bought from iTunes. Music bought from iTunes can be played only on the iPod. DoubleTwist, DVD Jon’s company, maintains that its service is legal, but lawyers said that Apple would almost certainly seek to shut it down because the law now specifically targeted technologies which attempted to circumvent measures such as DRM.
Source:
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3403705.ece

Communications Sector

31. February 21, Canwest News Service – (National) T-Mobile tests mobile service to replace home phone service. T-Mobile will test an Internet calling plan designed to replace consumers’ home wireline-based phone service. The tests will be carried out in Dallas and in Seattle near T-Mobile’s U.S. headquarters. The tests are in addition to TMobile’s announcement earlier this week that it will offer complete wireless plans for $100 a month that include unlimited nationwide calling, text messaging, and data access.
Source:
http://www.nationalpost.com/news/story.html?id=322372

32. February 20, IDG News Service – (National) Update: BlackBerry network goes down again. BlackBerry users in North America were complaining of service problems again Wednesday morning. Users of the BlackBerry outage newsgroup began reporting problems at around 6 a.m. on the U.S. East Coast related to scheduled maintenance on Research In Motion Ltd.’s (RIM) network. The issue appeared to become progressively worse, initially affecting about half of users in the Americas but eventually affecting all customers, according to users of the newsgroup. RIM said it was not a system-wide outage. The problem affected only users of BlackBerry Internet Service (BIS) and not BlackBerry Enterprise Server (BES) customers, RIM said. BIS customers sign up for the service through their mobile operators. Enterprises often use a different setup, installing a BES to deliver corporate e-mail to BlackBerry devices. While messages to and from both BIS and BES users pass through RIM’s network operations centers, in this case, only the network components that handle BIS customers were affected.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063659&intsrc=hm_list

Thursday, February 21, 2008

Daily Report

• According to the WCVB 5 Boston, There are new concerns about the safety of the Ted Williams Tunnel in Boston, Massachusetts, because inspectors cannot reach thousands of epoxy bolts to ensure their strength. NewsCenter 5 reported that the issue is slowing safety inspections inside the tunnel. Inspectors are supposed to routinely check the ceiling bolts to make sure they are holding, but about 4,000 of the bolts cannot be seen because they are out of view. (See item 10)

• The Los Angles Times reports a cat-and-mouse game is portrayed by past and current inspectors, lawmakers, and an audit report that says the U.S. Department of Agriculture’s (USDA) Food Safety Inspection Service is easy to bypass and was failing to screen potentially sick cattle long before this week’s beef recall, the largest in U.S. history. (See item 17)

Information Technology

29. February 20, vnunet.com – (National) Hackers step up website attacks. Trend Micro has warned that hackers are intensifying attacks on legitimate websites to spread malware. The security firm’s 2007 Threat Report and 2008 Forecast debunked the myth about “not visiting questionable sites.” But legitimate sites with the latest sports news, or links in a search engine result, could potentially infect visitors with malware. Trend Micro explained that an underground malware industry has carved itself a thriving market by exploiting the trust and confidence of web users. Apple also had to contend with the Zlob gang, proving that even alternative operating systems are not safe havens for the online user. ‘Gromozon’, malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007. The Storm botnet expanded in scope last year, and Trend Micro researchers found proof that the botnet is renting its services to host fly-by-night online pharmacies, pump-and-dump scams, and even portions of its backend botnet infrastructure. Trend Micro found that nearly 50 percent of all threat infections came from North America last year, but that Asian countries are also experiencing growth. Around 40 percent of infections stem from that region. Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying web 2.0 technologies, particularly cross-site scripting and streaming. Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons to send spam or deploy spyware while users were shopping online. Based on the emerging trends of this year, Trend Micro forecasts that legacy code used in operating systems and vulnerabilities in popular applications will continue to be attacked in an effort to inject in-process malicious code. High-profile sites will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code. These sites include social networking, banking/financial, online gaming, search engines, travel, commercial ticketing, local government, news, jobs, blogs, and ecommerce sites for auctions and shopping. Communication services such as email, instant messaging and file sharing will continue to be abused by content threats such as image spam and malicious URLs.
Source:
http://www.vnunet.com/vnunet/news/2210040/hackers-step-website-attacks

30. February 19, IDG News Service – (National) DoS attack prevents access to WordPress.com blogs. The WordPress.com blog-hosting service suffered a denial-of-service (DoS) attack that began Saturday and was still preventing users from logging in or posting to their blogs on Tuesday. A spokesman for Automattic confirmed that the service experienced a DoS attack with spikes of up to 6 gigabits of incoming traffic, which was making some blogs inaccessible for about five to 15 minutes on Tuesday. Though service had mostly been restored, Automattic, which maintains WordPress.com, was still working on returning service to normal levels on Tuesday afternoon, he said. An employee at a New York-based company said on Tuesday afternoon that users there were unable to log in to their blogs and post comments for “most of the day.” However, the blogs were still able to be viewed publicly. WordPress.com users were notified via e-mail about the DoS attack. In the e-mail, the service provider said that the attack wasaffecting user log-in and causing some forums to be offline.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=spam__malware_and_vulnerabilities&articleId=9063440&taxonomyId=85

31. February 19, IDG News Service – (National) Microsoft scrambles to quash ‘friendly’ worm story. Microsoft is moving to counter some scathing comments regarding a security paper authored by researchers at its Cambridge, England, facility. The paper, “Sampling Strategies for Epidemic-Style Information Dissemination,” looks at how worms sometimes inefficiently spread their code. The research explores how a more efficient method could, for example, be used for distributing patches or other software. The advantage would be that patches could be distributed from PC to PC, rather than from a central server. That method would reduce the load on a server, and patches would be distributed faster. But the patches would have the same qualities as a computer worm, a generally malicious file. Since a story about the paper appeared on Thursday in the New Scientist magazine, the paper has been roundly assailed. A Microsoft spokesman said on Monday that the New Scientist story is not inaccurate. In response to the criticism, Microsoft said it does not intend to develop patch worms. The company also said it will continue to let customers decide how and when they apply security updates.
Source:
http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/19/Microsoft-scrambles-to-quash-friendly-worm-story_1.html

Communications Sector

32. February 19, Associated Press – (National) FCC must study bird-tower collisions. On Tuesday, the U.S. Court of Appeals for the District of Columbia Circuit sided with conservation groups that claimed the Federal Communications Commission violated government rules by approving communications towers that threaten migratory birds. The court is requiring the agency to conduct at least the minimal analysis on the environmental effect of cell, radio, television and other towers built in the Gulf Coast region, as the groups have requested. “This is a significant ruling ... because the D.C. Circuit is directing the FCC for the first time to carefully assess the impact of communication towers on birds,” said an attorney with Earthjustice, a public interest law firm, which represented the American Bird Conservancy Inc. and Forest Conservation Council. The groups want the FCC to assess the 6,000 towers in the Gulf Coast region and at least deal with the ones that pose the biggest problems to birds, said the American Bird Conservancy’s executive director for conservation advocacy. The U.S. Fish and Wildlife Service estimates that between 4 million to 50 million birds die every year colliding with communication towers as they cross the Gulf of Mexico during the fall and spring seasons. Towers at a certain height have lights that attract the birds, which fly into them, each other or the tower wires. In the ruling Tuesday, the court also said the FCC did not justify why it did not use federal wildlife experts to assess the environmental threat.
Source: http://news.yahoo.com/s/ap/20080219/ap_on_hi_te/communications_towers_court_ruling;_ylt=AkiRrK2h2Xi80OPu9MIddun67rEF