Wednesday, March 5, 2008

Daily Report

• According to the Associated Press, a Union Pacific train has derailed in the Southern California desert town of Mecca, setting two tanker cars ablaze. One tanker car was carrying phosphoric acid, and another was carrying hydrochloric acid. Riverside County Fire captain said a one-mile radius has been set up around the accident site and no one is being let inside because of the potentially hazardous fumes. (See item 5)

• The Los Angles Times reports China in the last year has developed ways to infiltrate and manipulate computer networks around the world in what U.S. defense officials conclude is a new and potentially dangerous military capability. Computer network intrusions at the Pentagon and other U.S. agencies, think tanks, and government contractors last year “appeared to originate” in China, according to the report. (See item 34)

Information Technology

34. March 4, Los Angeles Times – (International) China’s computer hacking worries Pentagon. China in the last year has developed ways to infiltrate and manipulate computer networks around the world in what U.S. defense officials conclude is a new and potentially dangerous military capability, according to a Pentagon report issued Monday. Computer network intrusions at the Pentagon and other U.S. agencies, think -tanks, and government contractors last year “appeared to originate” in China, according to the report. In addition, computer intrusions in Germany, apparently by Chinese hackers, occur daily, along with infiltrations in France and Britain, the Pentagon said. The Pentagon report does not directly accuse the Chinese military or government of the attacks but says the incidents are consistent with recent military thinking in that country. A U.S. deputy assistant secretary said cyber-warfare was an area of growing concern, and he called on the Chinese to clarify their intentions.
Source:
http://www.1913intel.com/2008/03/04/chinas-computer-hacking-worries-pentagon/

35. March 4, TechWorld – (International) Criminals automate security testing. Cybercriminals are starting to resemble the legitimate software industry to such an extent that they even pre-test malware applications for effectiveness before rolling them out. That is according to PandaLabs, which has found forums on which criminals hook up with one another to push ahead with development of applications which can be used to test their creations against known security products. In a blog, the company analyses several of the malware-testing applications it has found to be in use recently, including the particularly effective KIMS, Scanlix, and Multi-AVs Fixer. Either tool can tell a malware author whether their application would be detected by one or more of a large range of anti-virus products. The main disadvantage of these is that they require a full copy of the security programs to be present locally, an onerous task given that this means having 15 or more programs installed at any one time in order to cover the field. Testing a malevolent application against security products is useful for any malware author, mainly because even quite crude applications have to attempt to disable security to have any chance of working. But carrying out testing application-by-application is bound to be hugely time-consuming. “Even if their creations were detected by one or two companies, they could still launch them, as they would affect all users with different security technologies,” said a PandaLabs representative.
Source:
http://www.networkworld.com/news/2008/030308-criminals-automate-security.Html

36. March 3, Network World – (National) Identity management critical for security, government IT shops say. A majority of government IT organizations say identity management is very important to securing their networks and will become even more so over the next five years, but that funding to keep pace is a major impediment to growth. The respondents also said they think identity management is relevant to national security, critical public infrastructure, and personal security; and, given the gravity of those issues, that personal privacy could suffer. The findings were part of a survey of 474 government IT professionals conducted by public-opinion research firm Pursuant, and funded by Quest Software. A majority of the respondents were civilians working for the federal government and not in the U.S. Department of Defense, according to Quest. Slightly more than 33 percent of the respondents said increased physical, data and information security was the top reason for building an identity-management system. Compliance with such government mandates as HSPD-12 – which lays out a policy for a common identification standard for federal employees and contractors – was the No. 2 reason at 32.1 percent. Protection of personal information (19 percent), and simplified internal data systems (2.5 percent) were the third and fourth reasons. The respondents said identity management was critical because they feared data breaches could have devastating consequences, including loss of personal privacy and data security, compromised critical public infrastructure, deflated national security, and increased financial terrorism.
Source:
http://www.networkworld.com/news/2008/030308-identity-management-critical-for-security.html

Communications Sector

37. March 3, Computer Weekly – (International) Counterfeit Cisco gear threatens network security. The seizure of £38m worth of counterfeit Cisco equipment has raised concerns over the security of networks. Last week the US Department of Justice and Department of Homeland Security seized more than 400 counterfeit Cisco network hardware and labels. The equipment included counterfeit network hardware, in particular network routers, switches, network cards and modules manufactured by Cisco. Penetration testing specialist SecureTest warned that government and communications networks could be infected with malicious firmware imported from places in the Far East, such as China. Unlike current malware, machine level hardware such as the chipsets used in routers and switches and other computer devices are rarely tested and may already have established back doors in communications systems across the country, the company said. Users looking to buy Cisco gear have very little guidance as to how to spot fake Cisco equipment, as any attempt at publishing guidance would simply alert the counterfeiters -- who would then be able to correct the differences between their products and the genuine article. In one message board a network administrator suggested people simply look at the price. “There are a lot of ways to spot fake Cisco, with a too good to be true low price being the very first one. However, it is too dangerous to ‘publicly disclose’ this information as the counterfeiters will use it to ‘correct’ their mistakes.” The problem for network administrators is that the counterfeit network equipment is very good and so it can be difficult to spot differences. UsedCisco.com has produced a guide that recommends, among other things, that users avoid buying used Cisco gear from eBay and direct from China, and that they check holograms and make sure documentation is written in English, using the same font and without spelling mistakes. In addition, serial numbers should be checked against Cisco’s database.
Source:
http://www.computerweekly.com/Articles/2008/03/04/229675/counterfeit-cisco-gear-threatens-network-security.htm