Monday, May 19, 2008

Daily Report

• According to Newsday, National Guard troops that have stood guard at four upstate New York nuclear power plants since shortly after the September 11, 2001, terrorist attacks are being withdrawn this summer. (See item 10)

• The Associated Press reports investigators have concluded that two military helicopters were vandalized on the production line at a Boeing factory near Philadelphia, the U.S. Defense Department said Thursday as it offered a reward in the case. (See item 11)

Information Technology

33. May 15, InformationWeek – (National) Zero-day Internet Explorer vulnerability published. An Israeli security researcher on Wednesday published details about a zero-day vulnerability in Microsoft Internet Explorer. Last week, the researcher held a “treasure hunt” on his site, where he had hidden the exploit code. He declared “George the Greek” the contest winner in conjunction with the publication of details about the vulnerability. “Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its ‘Print Table of Links’ feature,” he explained in a post on summarizing his proof-of-concept exploit. “This feature allows users to add to a printed Web page an appendix which contains a table of all the links in that Web page.” According to the post, an attacker can add a maliciously crafted link to any Web page that accepts user generated content that, under certain circumstances, lets the attacker take control of the user’s machine when he or she tries to print the page. Users of Internet Explorer 7.0 and 8.0b on fully patched Windows XP systems are vulnerable. Users of Windows Vista with User Account Control (UAC) enabled may only be subject to information leakage. Earlier versions of Internet Explorer may also be affected. The researcher said that he alerted Microsoft to the problem on Tuesday and that the company is planning a fix. In the meantime, he advises not using the “Print Table of Links” feature when printing Web pages. Source:

34. May 15, – (International) Shape-shifting malware hits the web. Security experts have warned that new developments in malware are allowing criminals to stay one step ahead of security software. The head of the cyber-crime division at the Swiss Justice and Police Department said in an interview last week that viruses and other malware now have the capability to change their signature every few hours. This means that the attackers are often one step ahead of protection software. The chief technology officer at Tier-3, a behavioral analysis IT security firm, echoed the remarks. “Self-changing code designed to dynamically evade recognition is a fact of life,” he said. “It automatically adapts to the anti-spam and anti-malware engines that it encounters.” Unfortunately the know-how and construction kits used to create this shape-shifting threat are now readily available and are unleashing a wave of malware based on social engineering techniques. “Highly targeted emails containing personalized information and shape-shifting Trojan attachments are the latest development,” he said. “Each positive infection increases the ‘hit rate’ for the next wave of emails sent out by the self-learning automated engines used by sophisticated attackers.” He believes that a non rules-based monitoring process must be set up to defend all ingress and egress points covering SMTP, DNS, HTTP(s), IM etc. “Once this is in place, defense against shape-shifting threats becomes possible as does the removal of any previously established covert data leakage channels that will be revealed and dealt with,” he said. Source:

35. May 15, Computerworld – (Texas) NASA moves to save computers from swarming ants. A flood of voracious ants is heading straight for Houston, taking out computers, radios and even vehicles in their path. Even the Johnson Space Center has called in extermination experts to keep the pests out of their sensitive and critical systems. The ants have been causing all kinds of trouble in five Texas counties in the Gulf Coast area. Because of their sheer numbers, the ants are short-circuiting computers in homes and offices, and knocking systems offline in major businesses. When IT personnel pry the affected computers open, they find the machines loaded with thousands of ant bodies. “These ants are raising havoc,” said a professor of entomology at Texas A&M University in College Station. “They’re foraging for food, and they’ll go into any space looking for it. In the process, they make their way into sensitive equipment.” The ants have been dubbed Crazy Rasberry ants after Tom Rasberry, owner of Budget Pest Control in Pearland, Texas. He first tackled this particular type of ant back in 2002. Since then, the problem has only escalated. Rasberry told Computerworld that the ants have caused a lot of trouble for one Texas chemical company in particular. Not wanting to name the company, he said the ants shorted out three computers that were running a pipeline that brought chemicals into the plant. The ants took down two computers last year and one in 2006, affecting flow in the pipeline each time. “I think they go into everything, and they don’t follow any kind of structured line,” said Rasberry. “If you open a computer, you would find a cluster of ants on the motherboard and all over. You’d get 3,000 or 4,000 ants inside, and they create arcs. They’ll wipe out any computer.” Source:

Communications Sector

36. May 15, Network World – (International) SQL injection attack in ‘third wave,’ says IBM. A SQL injection attack that has affected at least a half-million Web sites has entered a “third wave” that is more resistant than previous versions to traditional security measures, according to IBM security researchers. “I’ve been tracking SQL injections for the last five or six years. This is some of the most intricate obfuscation I’ve ever seen,” said a research manager for the X-Force technology at IBM’s Internet Security Systems division. A SQL injection is an attack against a database-driven Web site in which the hacker executes unauthorized SQL commands by taking advantage of insecure code on systems connected to the Internet. SQL injections are among the most common Web attacks, partly because a hacker needs little beyond a Web browser and knowledge of SQL queries. These most recent attacks, however, are “extremely complex” and hard to detect until it’s too late, he noted. Hackers are randomly targeting IP addresses throughout the world, looking for any Web site that would accept such an injection, he said. Many successful, widely trusted retail Web sites are being affected. Internet surfers who navigate to infected sites are redirected to “exploitation sites” that simply look broken, with error messages and missing content. The users then are attacked with malware and added to a growing botnet, he says. Source:

37. May 15, – (National) Congress approves Farm Bill, broadband funds included. Congress today passed a new Farm Bill -- against the threat of a presidential veto -- that would provide loans for rural broadband deployment. The American Cable Association (ACA) welcomed the news. “This bill has traveled a long road, but our hope is that it will have been worth the wait for the unserved communities throughout the country that will benefit from the increased funds and refocused attention of the broadband deployment effort,” said the president and CEO of the ACA. The National Telecommunications Cooperative Association, whose members also include small rural providers, did not immediately return a request for comment. The Farm Bill would, in part, reform the Rural Utilities Service’s Rural Broadband Access Loan and Loan Guarantee Program. That would help providers, co-ops and companies more easily build out in the rural United States. Source: