Tuesday, April 1, 2008

Daily Report

• The Daily Record reports two people were detained near Picatinny Arsenal in New Jersey. Authorities are investigating photos taken around the area of the base late Sunday afternoon by two individuals who then fled the scene. (See item 24)

• According to Fox News, the FBI considers eco-terrorism the number one domestic terrorism threat. Law enforcement has made strides prosecuting cells, but it has been unable to end the arsons that have plagued developments encroaching on rural lands in the West. The FBI currently has 180 ongoing eco-terror investigations and over the last several years has tied them to some 1,800 criminal acts. (See item 32)

Information Technology

27. March 31, Computerworld – (National) Office exploit hits the street. Attack code that targets a recently patched vulnerability in Microsoft Corp.’s Office suite has gone public, a security company said today as it urged users to update immediately. The exploit, which was posted yesterday to the Milw0rm.com Web site, takes advantage of one of two flaws fixed by Microsoft in its MS08-016 security update. Microsoft issued the update on March 11 as part of a four-bulletin batch. “The exploit that is currently available uses a PowerPoint file to leverage the vulnerability on Office XP SP3,” said a Symantec Corp. analyst in an alert to customers of the company’s DeepSight threat network. “The payload is designed to execute the ‘calc.exe’ calculator program on Windows. However, it will not be difficult to modify this exploit to add a malicious payload.” According to the analyst, the rigged PowerPoint file triggers the “Microsoft Office File Memory Corruption Vulnerability,” one of the two vulnerabilities addressed by MS08-016. Microsoft said earlier this month that the flaw is rated “critical” for users of Office 2000 and “important” for Office XP and Office 2003 on Windows machines and Office 2004 for Mac. However, the company acknowledged that if successful, an attack against any of the four versions could result in the attacker wresting control of the machine from its rightful owner. Microsoft spelled out two possible attack vectors: enticing users to a malicious Web site that hosts a specially rigged file or feeding users malformed files as e-mail attachments. Customers are strongly advised to install the patches from the bulletin MS08-016 if they are not installed already, especially considering the availability of this exploit,” said Symnatec.

28. March 31, Macworld.co.uk and IDG News Service – (International) Sophos warns of Mac Trojan malware. Security consultant Sophos is warning of the appearance of money-grabbing Trojan horse malware aimed at Macs. The Imunizator Trojan makes false claims that Macs have privacy problems as part of its attempt to install itself. Sophos advises users not to panic. The Trojan, also known as Troj/MacSwp-B, tries to scare Mac users into purchasing unnecessary software by claiming that privacy issues have been discovered on the computer. “Windows users are no stranger to scareware like this, but it is rarer on the Mac. Nevertheless, the discovery of this Trojan horse does follow fast on the heels of other malware that has been identified on Mac OS X in recent months,” said a senior technology consultant for Sophos. “Cybercrime against Mac users may be small in comparison to Windows attacks, but it is growing. Mac users need to learn from the mistakes made by their Windows cousins in the past and ensure that they have defenses in place, are up-to-date with patches and exercise caution about what they run on their computer.” Sophos experts note that the new Trojan horse is closely related to another piece of Mac scareware, MacSweeper, which was being deployed in an attack via online adverts on ITV.com and the website of the Radio Times last month. Earlier this year Sophos published its annual Security Threat Report, which described how financially motivated hackers had targeted Macs for the first time in 2007.

29. March 31, Register – (International) Apple lags MS in security response. Apple is far
behind Microsoft in security patch responsiveness, according to a study by security researchers from IBM. The two researchers, from IBM’s X-Force security division, analyzed several years of vulnerability disclosures and patching processes from various vendors. They found that Apple is getting worse at dealing with security problems while Microsoft is improving. Apple is experiencing more vulnerabilities, longer patching times, and more attacks on unpatched vulnerabilities, according to the duo, who presented their findings at a presentation entitled 0-day Patch – Exposing Vendors (In)Security Performance at last week’s Black Hat conference in Amsterdam.

Communications Sector

30. March 31, Fox News – (International) Study: Cell phones could be more dangerous than cigarettes. A study by an award-winning cancer expert shows that cell phone use could kill more people than smoking. According to the U.K.’s Independent newspaper, the study shows that there is a growing body of evidence that using handsets for 10 years or more can double the risk of brain cancer. The expert – one of the world’s top neurosurgeons – based his assessment on the fact that three billion people now use the phones worldwide. That is three times higher than people who smoke. Smoking kills some five million globally each year. He warned that people should avoid using handsets whenever possible and called on the phone industry to make them safer. France and Germany have already warned against the use of mobile phones, especially by children, it is reported. The study is said to be the most damning indictment of cell phone use. According to the Independent, cancers take at least 10 years to develop, which has influenced earlier studies showing relative safety when using cell phones.

31. March 30, IDG News Service – (International) Common mobile security doesn’t cut it, hackers say. The security of the most widely used standard in the world for transmitting mobile phone calls is dangerously flawed, putting privacy and data at risk, two researchers warned at the Black Hat conference in Europe last week. The two researchers showed at Black Hat in the U.S. last month how it was possible to break the encryption on a GSM (Global System for Mobile Communications) call in about 30 minutes using relatively inexpensive off-the-shelf equipment and software tools. The hack means they could listen in on phone calls from distances of up to 20 miles (32 kilometers) or farther away. They are still refining their technique, which involves cracking the A5/1 stream cipher, an algorithm used to encrypt conversations. In about another month, they will be able to crack about 95 percent of the traffic on GSM networks in 30 minutes or faster with more advanced hardware. Their research has been motivated in part by the absence of a more secure encryption method despite years of warnings about GSM. “Ultimately we are hoping that the mobile operators actually initiate a move to secure their networks,” one said. “They’ve had about 10 years, and they haven’t done it. In my opinion, there is only one language that they speak: that’s called revenue. As soon as they lose the revenue, they will actually change.”