Monday, April 14, 2008

Daily Report

According to the Glasgow Daily Record, detailed research on British oil refineries and terminals was found on a computer memory stick at the home of an alleged ringleader of the liquid bomb terror plot, Woolwich Crown Court heard Thursday. Prosecutors said the information on the stick could refer to possible targets. (See item 1)

• CNN reports sensitive and stolen U.S. military items are being sold on eBay and Craigslist, according to a report by the Government Accountability Office. Government investigators posing as buyers were able to purchase a dozen prohibited military items on the popular online selling sites. (See item 8)

Information Technology

29. April 11, IDG News Service – (National) Oracle to ship critical database fixes next week. Oracle Corp. plans to release patches for a slew of products next week, including fixes for two vulnerabilities in its database software. In total, Oracle plans to release 41 bug fixes Tuesday, but users are likely to pay particular attention to two bugs in the database that can be exploited over a network without a username and password. Oracle plans to ship 17 database fixes in all. News of next week’s patches was announced Thursday on the company’s Web site. More details will be released on Tuesday, but Oracle said that Versions 9i, 10g and 11g of its database are affected. The next most-patched product will be Oracle’s E-Business Suite, with 11 bug fixes affecting the Advance Pricing, Application Object Library, Applications Framework, Applications Manager and Applications Technology stack components. Three fixes each are expected for the company’s Application Server and PeopleSoft products. The Siebel SimBuilder and Enterprise Manager software will also be patched next week, Oracle said. Source:

30. April 10, Computerworld – (National) Attacks begin against critical Patch Tuesday bug. Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon – and the only version of Windows not at risk is the unfinished Windows XP Service Pack 3 (SP3). Fortunately, attackers’ incompetence means that these initial sorties have been unsuccessful, Symantec Corp. said in a brief warning to customers of its DeepSight threat service. “The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008,” said Symantec in its alert. On Tuesday, Microsoft Corp. patched two bugs, both pegged as “critical,” in Windows’ GDI, or graphics device interface, one of the core components of the operating system. According to Microsoft, every current version of Windows, including the very newest, Vista SP1 and Server 2008, is open to attack. The vulnerabilities can be triggered by malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) image files, Microsoft noted in its accompanying advisory. Analysts on Tuesday fingered the GDI bugs as the most dangerous of the 10 disclosed and patched by Microsoft that day. They noted similarities between the two new vulnerabilities and others revealed in late 2005, which were extensively exploited by attackers for months afterward. Source:

31. April 10, Wired – (International) Espionage against pro-Tibet groups, others, spurred Microsoft patches. Computer intruders targeting pro-Tibetan groups, U.S. defense contractors and government agencies slipped in through previously unknown security holes in Microsoft Office, prompting Microsoft to issue a flurry of patches to the software suite in 2006 and 2007, according to computer security experts. These attacks, which appeared to have originated in China, began in early 2006 when the attackers started sending e-mails to victims with booby-trapped Word documents and Excel spreadsheets attached. “We are seeing more and more spying done with Trojans, a shift that has happened in the last two years,” the chief research officer for software security vendor F-Secure, told RSA conference attendees Thursday morning. The Pentagon and pro-Tibet groups have previously acknowledged the intrusions, but the researcher is the first to link the cyber espionage to a series of patches that Microsoft pushed out without explanation. Microsoft did not immediately reply to a request for comment. Another F-Secure researcher notes that from 2005 through early 2006, Microsoft issued few patches for its Office suite. But soon after there was an explosion of patches for critical bugs that could be used to infect a computer, including a record 26 patches in October, 2006, that fixed four critical bugs in Microsoft Office applications. Those fixes, he says, appeared contemporaneously with the rise of targeted attacks on defense companies, nonprofits and government agencies. “They now have an incentive to begin looking for bugs and exploiting them,” he said. “Bad guys are finding these things fast.” Source:

32. April 10, Network World – (National) Botnet economy runs wild. Cybercriminals have created a global business with a supply chain every bit as organized and sophisticated as that of any legitimate business. The difference is that cybercrime takes advantage of unsuspecting consumers and insecure businesses to steal untold amounts of money. According to security experts and spam fighters speaking at a panel discussion on Wednesday at the RSA Conference, the modern, online criminal ecosystem starts with botnets, which are consumer or college PCs that have been taken over by hackers. A cybercriminal can easily go online and buy a bot-herd. In fact, the manager of security programs at the Internet2 networking consortium and the University of Oregon said there are 5 million to 5.5 million botnets in active rotation at any time. Of course, cybercriminals need only a few hundred spambots to send out millions of spam e-mails. Today, a cybercriminal can hire programmers to come up with the latest and greatest types of spam, such as image spam or spam put into PDF attachments. Spammers send test runs through ISPs to see what types of spam get through the easiest, said Larry (who refused to disclose his last name) from the spam-fighting SpamHaus Project. The types of spam include the traditional “pump and dump” stock-manipulation spam, plus spam for a variety of products. Cybercriminals have become so good at it that they use phishing to fool customers into going to a fake pharmaceutical site and actually fulfill orders for drugs so they can get repeat business. Source:

Communications Sector

33. April 10, The Denver Post – (Colorado) DSL, wireless outage hangs up metro area. A hardware failure resulted in the loss of broadband service for Qwest business and residential customers in the Denver area Thursday afternoon. A Qwest spokeswoman confirmed that the Denver-based phone and Internet service provider experienced “a hardware issue at its Denver main central office.” “It affected broadband and data services. Services were out for approximately an hour,” she said. “We’re still evaluating the scope.” She did not say exactly how many customers and businesses were affected by the outage, stating that the company was still evaluating the problem. Along Denver’s 16th Street Mall, home to several office towers and workplaces for thousands, service was fine at Qwest’s Solutions Center. The same could not be said for clients who came into the shop looking for answers. A customer-service representative contacted through Qwest’s technical support number at 7 p.m. said the DSL outage was continuing in some places but that it did not affect analog lines. He said there was no estimated time when service would be restored but advised customers that service could be out for 24 to 48 hours. The spokeswoman said that time frame was “inaccurate.” An AT&T spokeswoman said its wireless customers were affected because some cell sites are fed by Qwest switches. She said other wireless carriers also were hit. Source:

34. April 10, Broadband Genie – (International) Fears for mobile broadband overload. With the success of mobile broadband taking off faster than anyone could have expected, there are now concerns that European networks’ ability to handle the new traffic has almost reached its capacity. Speaking on the subject, the CEO of 3 confirmed that there are now seven times more customers using mobile broadband since the introduction of the technology and reports suggest that networks are now preparing for this unexpected surge in mobile data usage. Before introducing data dongles to the UK, 3 tested out the technology in smaller European markets such as Sweden and Austria, and although the service seemed to work fine, it did not give enough indication of problems that could arise with the UK’s higher demand. The CEO explained: “With mobile broadband, we have seen blockages in areas we didn’t expect, but these have been easy to fix in the short term.” He continued, “We had capacity issues in Sweden and Austria and they were harder to identify… Backhaul and capacity are relevant, and we need to have solutions in place. We are working on it already.” Source: