Thursday, June 12, 2008

Daily Report

• The Chicago Tribune reports that debris as small as a pebble on a runway poses a greater safety hazard on runways than plane collisions. The airline industry estimates that runway debris causes at least $1 billion in damage to commercial aircraft and it affects planes in about 70,000 incidents each year. (See item 17)

• WOWK 13 in Charleston reports that the West Virginia Department of Military Affairs and Public Safety, Homeland Security, and dozens of emergency offices across West Virginia will practice an emergency drill on how to deal with millions of people evacuated from the Washington - Baltimore region. (See item 29)

Banking and Finance Sector

12. June 10, Columbia Tribune – (Missouri) Phishing scam targets Central Missouri bank. Spammers are using Boone County National Bank’s logo in an e-mail message that asks recipients to click on a hyperlink and enter personal information. The message, which says “Notice” in the subject line, says that a statement is available for viewing and provides a link to access the statement. Although the bank’s name is spelled correctly in the logo, the message says, “Boone Country National Bank.” Source:

Information Technology

30. June 11, Associated Press – (National) Security hole exposes utilities to Internet attack. Attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, experts with Boston-based Core Security Technologies reported Wednesday. Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem. But the vulnerability could have counterparts in other so-called supervisory control and data acquisition, or SCADA, systems. And it is not clear whether all Citect clients have installed the patch. SCADA systems remotely manage computers that control machinery, including water supply valves, industrial baking equipment and security systems at nuclear power plants.Customers that use CitectSCADA include natural gas pipelines in Chile, major copper and diamond mines in Australia and Botswana, a large pharmaceutical plant in Germany and water treatment plants in Louisiana and North Carolina. For an attack involving the vulnerability that Core Security revealed Wednesday to occur, the target network would have to be connected to the Internet. That goes against industry policy but does happen when companies have lax security measures, such as connecting control systems’ computers and computers with Internet access to the same routers. A rogue employee could also access the system internally. Source:

31. June 11, TechNews World – (International) The Storm Worm’s elaborate con game. Security researchers at Cisco’s IronPort say they have pieced together the complex con operation behind the Storm Worm, a persistent Web threat. The botnet’s purpose, they say, was essentially to act as a virtual dealer of prescription – and often bogus – medication, sometimes enlisting work-from-home employees who thought they were doing legitimate tasks. Despite their discovery of a direct link to the funding sources behind the infamous Storm Virus, IronPort Systems researchers are doubtful law enforcement will ever catch the perpetrators. Still, improving technologies may help to block its continuing spread. IronPort announced its discovery of an online criminal ecosystem comprised of illegal pharmaceutical supply chain businesses that recruit botnets to send spam promoting their Web sites. By converting spam into high-value pharmaceutical purchases, these supply chain enterprises allow the monetization of spamming botnets, providing an enormous profit motivation for botnet attacks and continuous innovation. IronPort’s study points to these fake drug traffickers as large sources of funding for Storm virus technology. Among the more insidious related criminal activities involves the enlistment of workers to collect and deliver funds from phishing and fraud schemes that have been initiated through the Storm virus. Source:

32. June 11, TradeArabia News Service – (International) IronPort detects new trojan horse. IronPort Systems, a leading e-mail and web security products provider, has detected a new malicious Trojan Horse program. IronPort’s S-Series Web Reputation Filters were able to capture, identify, report and respond against the new internet threat, which uses a fake anti-spyware website,, to lure internet users to download a phony scanner containing the Trojan, the company said. It said the program has not been identified by other leading web security systems. The bogus website claims to be a free fix for a spyware; users who accept the offer unsuspectingly download the malicious Trojan. Unlike infectious malicious programs such as viruses, such Trojan horse codes do not propagate by self-replication but instead rely on the exploitation of an end-user. IronPort’s latest discovery reflects the prevalence of malevolent social engineering throughout the internet, where trickery is used to gather information or gain access to computer systems via the web. Source:

33. June 11, ZDNet Blogs – (International) Proof of Concept “carpet bombing” exploit released in the wild. In what appears to be an attempt to provoke Apple to reconsider its currently passive position on the severity of the dubbed as “carpet bomb” flaw, a working Proof of Concept exploit code has been released at a security blog. Safari for Windows puts downloads automatically to Desktop, which can potentially make a mess of Desktop. The security blog also mentions a new security threat in Safari for Windows, different than the “blended threat” described by Microsoft, and summarizes the whole fiasco about who is responsible for what: “Safari for Windows puts downloads to Desktop by default without a dialog box (such as the “File Download” dialog box in IE). Well, this is in fact a quite reasonable and convenient feature - downloading and saving requested file to user’s Desktop by default. This feature itself does not constitute a mistake. What really makes the “blended threat” is some problem in loading program library files (DLL) by Windows Internet Explorer (and probably others).” Source:

34. June 11, Associated Press – (International) Virus may be an extra on new high-tech gadgets. Some of today’s most popular gadgets are landing on store shelves with some unwanted extras from the factory – pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam. Computer users have been warned for years about virus threats from downloading suspicious files and opening suspicious e-mail attachments. Now they run the risk of picking up a digital infection just by plugging a new product into their PCs. Recent cases reviewed by the Associated Press include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear. In most cases, Chinese factories – where many companies have turned to keep prices low – are the source. Source:

35. June 10, Redmond Channel Partner – (National) Microsoft releases 7 patches, 3 critical. Microsoft released seven patches for its June rollout of security fixes. As expected, three are labeled “critical,” three “important” and one “moderate.” In total, the patches address about 10 separate vulnerabilities. All of the critical items plug holes vulnerable to remote code execution (RCE) exploits in Windows programs interacting with wireless protocol using voice and data for Bluetooth, Internet Explorer and Microsoft DirectX, an application programming function in Windows. Meanwhile, the important fixes are designed to block elevation of privilege and denial of service from would-be hackers in Windows Internet Name Service, Active Directory and Pragmatic General Multicast, a transport protocol in Windows programs used for file transfer and streaming media. The moderate patch applies to the kill bit function in Windows programs, a method by which a user can shut off an ActiveX control in IE. But it is the Bluetooth vulnerability, experts say that is most important to patch because it exemplifies the relatively nascent attack vector of wireless peripherals. “[The Bluetooth vulnerability] is noteworthy because user interaction is not required,” said a senior research manager for Symantec. “All that is required is for the device to have Bluetooth on and to be within range of the attacker. That’s something IT guys should look at first.” Source:

Communications Sector

36. June 10, Vermont Public Radio – (Vermont) State government demands explanation for Internet outages. State government demanded an explanation on Tuesday for a series of outages that knocked out Internet service across Vermont. Vermont’s Public Service Commissioner O’Brien made the demand in a formal letter to Level 3 Communications, the Colorado company that operates a the telecommunications network. There has been a failure in the Level 3 network three times in the past three weeks, including an outage of about a half hour Tuesday. The failures made it impossible for customers to access the Internet or make long-distance telephone calls unless they had a backup. The Commissioner says one of the state’s major concerns is the apparent lack of redundancy in Level 3’s network. He says it should have backup systems that would kick in when a problem crops up. Source:

37. June 10, WRAL 5 Raleigh – (North Carolina) Wilson residents get access to city-owned network. Wilson residents began signing up for community-provided internet, cable and phone service Tuesday. Over the past few years, the city has installed hundreds of miles of fiber-optic lines to create a network that competes with Time Warner. Wilson officials believe high-speed Internet technology is crucial to attracting new businesses. Soon the city will offer high-speed Internet, phone service and cable TV to any business or home in the city limits. Wilson officials said the fiber-optic network will be self-supportive and use no tax money. Only residents who choose to subscribe will pay for the system. Source:

Wednesday, June 11, 2008

Daily Report

• According to the Wall Street Journal, U.S. aviation regulators have proposed mandatory inspections of hundreds of Boeing Co. jetliners to check for potential fuel-system problems. The FAA said the move applies to nearly all Boeing jetliner models. (See item 20)

• The Milwaukee Journal Sentinel reports that three of the ten dams that failed or were compromised Monday in Wisconsin have not been inspected since 1993. State law mandates that all large dams be inspected once every 10 years. (See item 51)

Banking and Finance Sector

14. June 10, Washington Post – (District of Columbia) Tax suspect’s guidance on software left D.C. at risk. The tax manager charged as the mastermind of the biggest fraud in the District’s history helped play a role in designing the agency’s computer system while she was allegedly stealing millions of dollars a year, current and former employees said. Following her input, officials left her small unit out of the new software system, making it easier for her to escape detection as she allegedly produced fake checks that prosecutors say amounted to $50 million. Directors in the scandal-plagued tax department now want to scrap the $135 million system rather than try to upgrade it to make it more secure. The chief financial officer’s technology manager says the system, installed between 2000 and 2004, is too outdated and clumsy to be worth fixing. A chief financial officer has budgeted $10 million for a search for a new program that can process the city’s income, business, and real estate taxes. The Accenture computer system is not directly to blame for the embezzlement scandals that have racked the agency, officials said. Rather, the fault lies with the decisions of what was left out of it. Source:

15. June 10, Wichita Eagle – (National) SEC alleges 1,300 ripped off in oil, gas fraud. The U.S. Securities and Exchange Commission (SEC) filed an amended case Monday against several area businessmen and oil and gas companies alleging fraud that ripped off more than 1,300 investors. The case involves about $156 million raised from investors across the country and Canada, which likely makes it the largest SEC case -- monetarily -- ever filed in Kansas, a spokesman said. Defendants in the case, the SEC says, sold securities “by making numerous representations, omissions, half-truths, and outright falsehoods.” Defendants include Wichita and Hutchinson businessmen, and others from Kansas and California as well as Hutchinson, Wichita, and Oklahoma companies. Investigators say the defendants raised money through 22 purported oil-and-gas equipment-leasing and pipeline joint ventures set up to evade securities laws. They lured investors, the SEC says, through the promise of annual returns of 25 to 40 percent and an initial public offering that they said would result in returns as high as three to eight times the investments. Money was supposed to be used to buy and refurbish about 59 oil-and-gas rigs, but only eight are operating, the SEC’s complaint says. The company was never taken public. Source:

16. June 9, KFDM 6 Beaumont – (Texas) Orange Savings Bank warning community about internet scam. Orange Savings Bank in Orange, Texas, tells KFDM it has been inundated with calls from customers and non-customers asking about solicitation emails and calls that seemed to be sent ‘by’ the ‘bank’. The email asks the receiver to call a certain number to learn about recent activity on a bank account with Orange Savings. Another email floating around claiming to be from Orange Savings warns the person about a fraud attempt against the bank and offers a link to complete a security prevention program. The Orange Savings Bank president says he and his staff members, along with the FBI, have been fighting this ‘phishing’ form of fraud for the past three months. The bank says the scammers are choosing their potential victims randomly, ’not’ through the bank’s records. Source:

17. June 9, WSLS 10 Roanoke – (Virginia) Phishing scam targets Bank of Floyd customers. A new phishing e-mail scam targets Bank of Floyd customers. The e-mail claims the recipients’ online account has expired, and if they want to continue using the bank’s online service, they have to renew their account. If they do not, the e-mail threatens to deactivate and delete the online account. The e-mail then gives a link to click on. That link takes the victims to a website where the criminals ask them to enter their personal information in, so they can use it. Source:

18. June 9, BBC – (National) Card fraud at Northern Rock in U.S. Current account customers of the Northern Rock have been stopped from using their debit cards in the U.S. to buy items in stores. The nationalized bank said it taken this measure to counter some apparent frauds on its debit cards there. The current account holders can still use their debit cards in U.S. cash machines or anywhere else world-wide. A bank spokesman said the fraud had affected “very few” people and the block on the cards was temporary. “As a result of this potentially fraudulent activity we are temporarily blocking debit card transactions made in the U.S., or via a U.S. merchant,” he said. Northern Rock said the transactions appeared to involve cards that had been cloned rather than stolen. The bank does not disclose how many current account holders it has, but it is thought to number in only the tens of thousands. The Northern Rock first noticed the frauds in the last few days of last week. Source:

Information Technology

44. June 9, Personal Computer World – (International) Malware fears boost sales of USB blocks. Drive locks that prevented machines being infected via floppy disks are making a comeback in a new form – to block USB ports. Sales of floppy locks dropped when the major malware threat moved online, though there remained a risk that disks could be used to bypass network monitoring to steal data. Electronics supplier Lindy reports a surge in sales of devices that block unauthorized used of USB ports, which have become a major source of infection according to security company ESET. The biggest problem is malware called INF/Autorun, which exploits the Windows facility for running programs automatically when a USB drive is plugged in. USB locks simply place a cover over a port that can be removed with a key. ”Completely disabling a port isn’t a viable option for companies, so USB port blocks are a cost-effective means of mitigating the risk from malware, data theft and the installation of unwanted files and programs,” said a Lindy product manager. Source:

45. June 9, ComputerWorld – (International) Opera adds anti-malware to nearly final browser. Opera Software ASA will include anti-malware and drive-by download defenses in Version 9.5 of its flagship browser, which is now in beta but close to a final release, the company said today. Part of Opera’s “Fraud Protection,” which until now has included only antiphishing tools, puts up messages that warn users when they are about to visit a site that is a known malware host or that has been hacked to serve up Trojan horses, worms and other malicious code. The list of blackballed sites is provided by HauteSecure, said an Opera spokesman. HauteSecure already provides a free tool bar for users of Microsoft Corp.’s Internet Explorer and Mozilla Corp.’s Firefox browsers. The browser queries Oslo-based Opera’s servers each time a page is requested, and it retrieves a HauteSecure-created blacklist for any compromised pages in that domain. Source:

Communications Sector

46. June 10, Rutland Herald – (Vermont) Internet service in state disrupted by outage; fiber optic cable blamed. Many state businesses found their Internet service interrupted by a problem on the lines provided by Level 3 Communications, according to Vermont’s Chief Information Officer. He said state officials had been contacted by Level 3 Communications, a national network that provides fiber optic services, and been told the company was working on a problem that seemed to have been caused by a cut in a fiber cable or cables leading into Albany. Service around Rutland County was reported interrupted. Service has been restored. Source:

47. June 10, Spectrum Daily News – (Utah) Phone service is interrupted. Telephone and Internet service was interrupted for many residents in Southern Utah for most of Monday evening when a fiber-optic cable was damaged near Pintura. A Qwest spokesman said no crews from the telephone company were working, and it was not clear as of Monday night exactly what had happened to cause the problem. The disruption affected land lines and cell phones, as well as some ATM machines and credit card machines inside businesses. Qwest repair crews were on the scene Monday night and expected to have service restored by midnight. Source: