Friday, March 14, 2008

Daily Report

• According to the NBC News, the Department of Homeland Security and the FBI issued a joint bulletin Wednesday addressing an uncorroborated threat to Wall Street, a senior Homeland Security official confirmed. The intelligence was characterized as “fragmented” pieces from various undisclosed sources. (See item 13)

• The Associated Press reports Southwest Airlines Co. canceled flights Wednesday and temporarily grounded 43 planes to examine if they were sound enough to carry passengers, the latest twist in the low-cost carrier’s saga of missed safety inspections and civil penalties. The groundings affected about 8 percent of Southwest’s fleet, and came as the airline faces a $10.2 million civil penalty for continuing to fly nearly 50 planes that had not been inspected for cracks in their fuselages. (See item 17)

Information Technology

33. March 13, New York Times – (National) Video road hogs stir fear of internet traffic jam. According to some industry groups, analysts, and researchers, the threat of surging growth in the amount of data on the internet stems mainly from the increasing visual richness of online communications and entertainment — video clips and movies, social networks and multiplayer games. Moving images require far more bandwidth than text and audio files. Last year, by one estimate, the video site YouTube, owned by Google, consumed as much bandwidth as the entire Internet did in 2000. In a widely cited report published last November, a research firm projected that user demand for the Internet could outpace network capacity by 2011. The title of a debate scheduled next month at a technology conference in Boston sums up the angst: “The End of the Internet?” But the Internet traffic surge represents more a looming challenge than an impending catastrophe. Even those most concerned are not predicting a lights-out Internet crash. An individual user, they say, would experience Internet clogging in the form of sluggish download speeds and frustration with data-heavy services that become much less useful or enjoyable. Some researchers are less worried — at least in the short term. A professor at the University of Minnesota, estimates that digital traffic on the global network is growing about 50 percent a year, in line with a recent analysis by Cisco Systems, the big network equipment maker. That sounds like a daunting rate of growth. Yet the technology for handling Internet traffic is advancing at an impressive pace as well. The router computers for relaying data get faster, fiber optic transmission gets better, and software for juggling data packets gets smarter. “The 50 percent growth is high. It’s huge, but it basically corresponds to the improvements that technology is giving us,” the professor, a former AT&T Labs researcher said, adding that demand is not likely to overwhelm the Internet.
Source:
http://www.nytimes.com/2008/03/13/technology/13net.html?em&ex=1205553600&en=4d97ca2365bff48c&ei=5087%0A

34. March 13, IDG News Service – (International) Password-stealing hackers infect thousands of Web pages. Hackers looking to steal passwords used in popular online games have infected more than 10,000 Web pages in recent days. The Web attack, which appears to be a coordinated effort run out of servers in China, was first noticed by McAfee researchers on Wednesday morning. Within hours, the security company had tracked more than 10,000 Web pages infected on hundreds of Web sites. McAfee is not sure how so many sites have been hacked, but “given how quickly some of these attacks have come on, it does seem like some automation has gone on,” said a researcher with McAfee’s Avert Labs. In the past, attackers have used search engines to scour the Internet for vulnerable Web sites and then written automated tools to flood them with attacks, which ultimately let criminals use legitimate sites to serve up their malicious code. The infected Web sites look no different than before, but the attackers have added a small bit of JavaScript code that redirects visitors’ browsers to an invisible attack launched from the China-based servers. This same technique was used a year ago, when attackers infected the Web sites of the Miami Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl XLI football game. The attack code takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch. If the code is successful, it then installs a password-stealing program on the victim’s computer that looks for passwords for a number of online games, including the Lord of the Rings Online. These online game passwords are a popular hacker target, in part because many online gaming resources can be stolen and then sold for cash.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=cybercrime_and_hacking&articleId=9068219&taxonomyId=82&intsrc=kc_top

35. March 12, Associated Press – (International) Security card chip can be hacked. The Dutch interior affairs minister says a technology being used in up to a billion security cards around the world can easily be hacked. The “Mifare” chip technology owned and licensed by NXP Semiconductors is frequently used in public transport systems such as London’s “Oyster” card. It is also used by corporations and governments in “swipe” access cards. Researchers at the Radboud University in Nijmegen, Netherlands have “developed a method by which a large number of (Mifare) chip-cards is relatively easy to crack and duplicate.” A Dutch politician wrote in a letter to Parliament that she was preparing supplemental security measures for some government buildings as a result. She said the chip is used in an estimated 2 million cards in the Netherlands and a billioglobally — though Mifare’s Web site gives a total of 500 million, and it was not clear whether the vulnerability to hackers would apply to all versions of the chip.
Source:
http://news.yahoo.com/s/ap/20080312/ap_on_hi_te/techbit_netherlands_security_2

Communications Sector

36. March 12, Tech Web – (National) Hackers report breaking iPhone 2.0. Hackers calling themselves the iPhone Dev. Team have reported breaking into the iPhone firmware upgrade that ships with the recently launched software development kit for the smartphone. The group reported late Tuesday it had “decrypted the disk image and jail-broken the firmware.” In essence, the hackers had found a way to run applications on the firmware without a development certificate from Apple. If true, the hack calls into question whether Apple will be able to maintain the tight-fisted control it wants on iPhone application development. Meanwhile, Apple on Wednesday reported more than 100,000 downloads of the iPhone SDK in the first four days following its launch. Source: http://news.yahoo.com/s/cmp/20080313/tc_cmp/206903250;_ylt=AmRlDZA.croa.jqPaZ_wuauDzdAF

Thursday, March 13, 2008

Daily Report

• According to the Associated Press, a state fire marshal says a Danvers chemical plant in Massachusetts that exploded in November 2006 was storing twice the combustible substances it was permitted to keep. Twenty people were hurt, but there were no deaths. (See item 6)

• The Associated Press reports a common new technology for monitoring defibrillators is vulnerable to hacking and even to reprogramming that could stop the devices from delivering a lifesaving shock, according to research to be released Wednesday and due to be presented and published May 19 at a conference of the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy. (See item 26)

Information Technology

34. March 12, IDG News Service – (National) Two years after patch, another IE FTP flaw. A flaw in the way Microsoft’s Internet Explorer browser processes FTP commands could let attackers steal or erase data from a victim’s FTP site. The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives an attacker a way of hijacking the victim’s FTP sessions. But a successful attack would be very hard to accomplish and would only work in very precise, targeted attacks, security experts said. The attacker would need to know the victim’s username on the FTP server and the victim would have to already be logged into the server, using IE. Under those conditions, the victim could be sent a malicious FTP link that would then execute commands on the victim’s FTP server. The FTP problem does not affect IE 7, Microsoft said Tuesday. The software vendor has not heard of any attacks that take advantage of this vulnerability and has determined that any successful attack would only lead to the unauthorized disclosure of data, the company said in a statement.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9067998&taxonomyId=17&intsrc=kc_top

35. March 11, Computerworld – (National) Researcher posts attack code for RealPlayer bug. A noted ActiveX researcher yesterday revealed a bug in RealNetworks’ RealPlayer that could be exploited by attackers to hijack Windows machines running Internet Explorer. The researcher, who has uncovered other ActiveX control vulnerabilities in MySpace, Facebook, and Yahoo software in the last two months, posted findings to the Full Disclosure security mailing list on Monday that fingered RealPlayer as flawed. “It is possible to modify heap blocks after they are freed and overwrite certain registers, possibly allowing code execution,” he said in his message to the mailing list. He also posted proof-of-concept attack code and said he is trying to come with a working exploit. Danish vulnerability tracker Secunia rated the RealPlayer bug as “highly critical,” its second-highest ranking, and it said that the flawed ActiveX control – the “rmoc3260.dll” file is the culprit – can be exploited by the usual method of tricking users into visiting malicious or compromised Web sites. Secunia confirmed the vulnerability, and added that at minimum, the newest build of RealPlayer 11 is “buggy.”
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=spam__malware_and_vulnerabilities&articleId=9067859&taxonomyId=85

36. March 11, InformationWeek – (National) Microsoft patch Tuesday fixes a dozen Office flaws. Microsoft on Tuesday fixed 12 vulnerabilities in four security bulletins, all of which affect Microsoft Office. The chief technology officer of Shavlik Technologies says the fact that all the vulnerabilities found reside in Microsoft Office supports the current belief that client-side vulnerabilities are more likely to bear fruit for hackers than the server side vulnerabilities. MS08-014 (maximum severity of Critical) addresses a zero-day vulnerability in Microsoft Office Excel that Microsoft acknowledged in January. It could allow an attacker to take over an affected system if the victim opens a maliciously crafted Excel file. The manager of the vulnerability research lab at Qualys, said that macro vulnerabilities in Excel have been a recurring problem for about a decade. While exploits for the Excel flaw have been spotted in the wild, he said that damage appears to be relatively limited. He also said it is difficult to be certain, because not all damage arising from exploitation of the vulnerability has been publicized. The usual method of exploiting this kind of flaw is enticing a user to open a file. “This is a concern because there’s no simple firewall adjustment that can address this,” he said. MS08-015 (maximum severity of Critical) addresses a new, privately reported vulnerability in Microsoft Office Outlook. The flaw could allow an attacker to read and re-route a user’s e-mail messages. MS08-016 (maximum severity of Critical) repairs two new, privately reported vulnerabilities in Microsoft Office 2000. The vulnerabilities could allow an attacker to subvert an affected system. MS08-017 (maximum severity of Critical) fixes two new, privately reported vulnerabilities in Microsoft Office Web Components. As above, these flaws could allow attackers to take control of an affected system. The four bulletins affect various versions of Microsoft Office. In the case of MS08-014, Mac versions of Office 2004 and Office 2008 are also affected.
Source:
http://news.yahoo.com/s/cmp/20080312/tc_cmp/206903046;_ylt=AoMVsxgQlxEh_tGTzZQay2ODzdAF

Communications Sector

37. March 12, Reuters – (International) Mobile firms seek India govt. meeting on BlackBerry. Mobile phone operators are seeking more talks to discuss Indian government security concerns, which a newspaper said, could lead to the termination of BlackBerry services in India, an industry official said on Wednesday. The Business Standard, citing unnamed sources, reported that Indian security agencies want BlackBerry-manufacturer Research in Motion (RIM) to give them access to algorithms needed to decrypt messages, or face a termination of the service at the end of March. “Government wants some security concerns to be addressed and we are trying for an effective dialogue with the security agencies and the department of telecommunications,” said the director general of the nine-member Cellular Operators’ Association of India. The paper said security agencies, the department of telecommunications, RIM executives and Indian operators offering BlackBerry services would meet on March 14, although this could not be confirmed. One analyst said it would not make sense for RIM to disclose its algorithms as that was their competitive advantage. The Business Standard said BlackBerry had an estimated 400,000 subscribers in India, while a program manager of ICT practice for South Asia andMiddle East at consultancy Frost & Sullivan put it at more than half a million. RIM’s spokesman for India said BlackBerry services were offered in India by four providers, Vodafone, Bharti Airtel, Reliance Communications and BPL Mobile.
Source: http://news.yahoo.com/s/nm/20080312/tc_nm/blackberry_india_dc;_ylt=AqFDB7gV7as98Gm6uBggJSX67rEF

38. March 11, St. Louis Business Journal – (Missouri) Verizon Wireless upgrades emergency services to St. Louis customers. Verizon Wireless users in St. Louis County who dial 911 for emergency services will now be able to have their location pinpointed within 150 meters thanks to a plan ratified by the wireless company and St. Louis County. The federal government requires wireless carriers to provide E911 service to its customers. Under the new plan, the enhanced 911 (E911) Phase II service allows authorities to identify the estimated location of customers within 150 meters or less when they make an emergency call. E911 Phase II should be available within the next four months, Verizon said. Source: http://www.bizjournals.com/stlouis/stories/2008/03/10/daily29.html?ana=from_rss