Thursday, April 10, 2008

Daily Report

• The New York Times reports American Airlines said late Tuesday that it expected to cancel as many as 500 flights to re-inspect its fleet of 300 MD-80 jetliners to make sure a wiring bundle in the wheel wells was stowed properly. (See item 16)

• According to the Associated Press, the infrastructure that delivers water to the nation’s cities is badly aging and in need of repairs. The U.S. Environmental Protection Agency says utilities will need to invest more than $277 billion over the next two decades on repairs and improvements to drinking water systems. Water industry engineers put the figure at about $480 billion. (See item 23)

Information Technology

31. April 9, Dark Reading – (International) Symantec chairman calls for information-centric approach to security. The chairman and CEO of Symnatec says anti-virus tools are not enough anymore. It is time for the industry to move away from protection of infrastructure and toward an “information-centric” security model, he said yesterday in his keynote address at the RSA Security Conference. “What we need is a fundamental shift,” he said. “We need a risk-based approach that addresses data at rest and in motion. I need to know what sensitive information do I have, how is it stored, and how is it used. I need to set rules for archiving and encryption, and those policies must be aligned across the business.” The comments echoed themes that reverberate through this year’s RSA conference: that enterprise security teams need to focus more on data than on infrastructure, and more on business than on security. The Symnatec chief called for improvements in intelligent archiving and content-aware security systems that can distinguish sensitive data and apply distinct policies for its storage and protection. He also called for the evolution of digital rights management technology to help protect companies’ intellectual property at both the legal and logical levels. His remarks were offered in the context of data gleaned from Symantec’s most recent threat report, which suggests that information is becoming a commodity among criminals and that companies should do more to protect it. Symantec estimates that as many as 50 million individuals’ personally identifiable information has been exposed in the past year, and credit card numbers can now be purchased on the black market for as little as 40 cents. Source:

32. April 9, – (International) 60% of UK websites plagued by encryption and cross-site scripting vulnerabilities. Web application security tests show that 60 percent of UK sites are plagued with internet encryption and cross-site scripting vulnerabilities. The finding forms part of NTA’s Annual Web Application Security Report 2008, which analyzed data gathered from web application security tests performed for a wide range of industry sectors, including finance, government, education, IT, law, and retail. In addition, the security tests found that more than three-quarters of websites tested contained one or more medium-level risk that may enable external users to gain unauthorized access or disrupt service availability. The technical director at NTA Monitor said, “Weak SSL encryption vulnerabilities may cause sessions to be compromised. All SSL should have strong encryption of at least 128 bits, which is almost impossible to crack.” He said that a number of applications are vulnerable to cross-site scripting attacks, which enable a hostile web site to cause potentially malicious code such as JavaScript commands to misdirect or compromise an end user’s browser. This can enable an attacker to collect sensitive information such as passwords and card payment details. Source:

33. April 9, – (International) Security threats revealed: Beware the metasploit. ‘Pass the hash’ and metasploit are two of a new breed of emerging security threats facing corporate IT departments. The key security threats facing businesses range from mutations of established methods – such as malware or phishing – to less well-known ones, such as metasploit releases and ‘pass the hash’ attacks. The most dangerous new security threats were revealed by experts at the RSA security conference in San Francisco this week. Among the less familiar new threats are metasploit releases, which target networks by simultaneously attacking a number of vulnerabilities (up to 200) on different platforms including Windows, Linux, and the iPhone. ‘Pass the hash’ attacks, which use stolen password hashes to access other systems in a targeted network – avoiding more time-consuming password cracking – were also singled out. Although this approach has been around for some time, it is only now that it is becoming prevalent. Website attacks, which plant browser exploits to compromise users, are also becoming more a problem, as they are able to target well known, high-traffic sites. A major threat is browser scripting attacks, which use web browsers to get through corporate firewalls, allowing access to confidential information. While not new, the development of botnets remains a big security concern because the “fast flux” approach used by attackers to protect their robotic networks is making the life of botnet investigators difficult. The security experts also warned about the threat from malware being spread through embedded devices, such as memory sticks, which is now one of the main ways harmful code is brought into businesses. Source:,39024888,39184609,00.htm

Communications Sector

34. April 8, CommsDay – (International) Ships impounded in Dubai after undersea cable cuts. Two ships have been impounded by Dubai authorities in relation to a series of submarine cable cuts which wreaked havoc on Indian and Middle Eastern service earlier this year. It was confirmed yesterday that the Dubai Port Trust has impounded the MV Hounslow and MT Ann on suspicion of causing breakages to the Reliance Globalcom Flag Europe-Asia cable, which was damaged along with the SEA-ME-WE 4 and Falcon cables in early February. An official from Reliance Globalcom said the company had given the details of the two ships to Dubai authorities after studying satellite imagery of ship movements around the breakage area, according to Indian newspaper The Hindu. “The matter has been brought to the notice of appropriate authorities which are taking necessary action,” the official said. The owners and captains of the two ships are set to be questioned in Dubai over the incident. In early February, four Middle Eastern undersea cables suffered service disruptions over a five-day period, sparking a rash of unfounded conspiracy theories blaming groups from Islamic extremists to the US Secret Service. SEA-ME-WE 4 and Flag were severed off Alexandria in Egypt, while the Falcon system was hit in the Persian Gulf between the United Arab Emirates and Oman. Another unnamed cable suffered outages between Qatar and the UAE. ISPs in India reported bandwidth cuts between 50 and 60 per cent after the cable cuts. At the time of the cuts, a Flag spokesperson said that ships in Alexandria had been asked to anchor in a different place to normal, around 8.4km off the beach. The company said an anchor had cut the Flag cable but reported multiple cuts causing problems to a number of other companies. Source: