Friday, June 13, 2008

Daily Report

• The Associated Press reports that an emergency shutdown of a reactor at the Indian Point nuclear power plant was caused by radio frequency signals from a worker’s digital camera. The March 23 incident prompted Entergy to change its photography procedures. (See item 11)

• According to RCR Wireless News, the American Bird Conservancy and the Forest Conservation Council called for a freeze on all tower registrations and re-registrations until the Federal Communications Commission complies with environmental statutes at issue in a court ruling earlier this year. Conservationists point to studies showing avian mortality could be reduced drastically by requiring new towers to be outfitted with pulsing white or red lights. (See item 33)

Banking and Finance Sector

14. June 12, Ozarks First – (Kentucky) Latest bank scam uses text messages. In Christian County, Kentucky, several Sheriff’s departments’ cell phones, along with others, have received a text claiming to be from Empire Bank. The message says the person’s account has been closed and gives a number to call to reactivate it. Law enforcement officials say the message should be deleted. Source:

15. June 12, Asbury Park Press – (National) Feds capture man in Lakewood wanted in $4M bank-fraud scheme. A two-day stakeout by U.S. Marshals resulted in the arrest of a Lakewood, New Jersey, man for an alleged multimillion dollar bank fraud scheme in Austria, police and the U.S. Marshals Service said. The man was arrested Tuesday on charges he participated in a fraud scheme that cost his alleged victims more than $4 million. He was wanted for commercial fraud, inducing others to commit a breach of fiduciary trust and committing fraudulent bankruptcy. The complaint alleged he had cheated more than 43 European investors and 15 Austrian banks. Prosecutors did not specify what the alleged fraud involved or say whether the supposed fraudulent transactions took place in the U.S. or Europe. Source:

16. June 12, Associated Press – (National) BBB: Scammers using nonexistent address to lure people. The Better Business Bureau (BBB) says a company is using a nonexistent Sioux Falls address to lure people to what the agency has labeled an advance fee loan scam. Warburg Lending Bureau has placed classified ads in newspapers across the U.S. and lists 200 North Phillips Avenue, Suite 401, as the address. The Commerce Building sits at 200 North Phillips - but it does not have a fourth floor. The Better Business Bureau says Warburg sends consumers a legitimate-looking contract to sign and return to an address in Canada. Then, they are told they have to prepay the first four installments. Subsequently, people are told on several more occasions that they have to send in even more money before they can get their loan funds. Source:

Information Technology

31. June 12, Dark Reading – (International) Verizon study links external hacks to internal mistakes. A study published yesterday by Verizon Business offers a new look at one of security’s oldest problems and arrives at a new conclusion: While most breaches are executed by external attackers, the attacks are usually facilitated by security failures that were overlooked by internal staff, often for a long period of time. In the study, which was generated by analyzing data from more than 500 forensic investigations conducted between 2004 and 2007, Verizon reports that 73 percent of data breaches resulted from external sources. This includes breaches caused by business partners, a source of vulnerability that increased fivefold during the study. Only 18 percent of breaches were caused by insiders. But that does not mean internal parties do not contribute to the problem, Verizon asserts. In fact, the study also reveals that 62 percent of data breaches can be attributed to a significant error in internal behavior. Sixty-six percent of the breaches involved data that the victim organization did not know was on the system, and 75 percent of breaches are discovered by a third party, rather than someone inside the organization. These seemingly contradictory bits of evidence -- that most breaches are perpetrated by outsiders but facilitated by errors inside -- indicate that most security breaches are crimes of opportunity, in which a door is left open and attackers simply walk in, Verizon suggests. In fact, the study states specifically that 83 percent of attacks resulting in breaches are “not highly difficult” for the attacker. Eighty-five percent are the result of “opportunistic attacks,” rather than targeted schemes, and 87 percent of the breaches probably could have been avoided through the proper enforcement of security controls, Verizon says. Source:

32. June 12, – (International) Major security sites hit by cross-site scripting bugs. The Web sites of three of the security industry’s best-known companies include security flaws that could be used to launch scams against customers, according to a new report. The report, from security watchdog site XSSed, verified 30 cross-site scripting (XSS) vulnerabilities across the sites of McAfee, Symantec and VeriSign. The flaws could be used to launch scams or implant malicious code on the systems of visiting users, according to XSSed. Recent research has shown that attackers are increasingly -- even predominantly -- now using legitimate sites to host their malware, a tactic that makes the malware distribution sites more difficult to shut down. XSSed said its results show that even major security firms are not exempt from the problem. In January, XSSed found that 60 Web sites that had received a “Hacker Safe” certification from McAfee Inc.’s ScanAlert service were in fact vulnerable to XSS attacks. McAfee and other major security firms have downplayed the seriousness of XSS flaws, compared with, for instance, vulnerabilities that allow an attacker direct access to customer data stored on a server. In recent months, the real-world exploitation of XSS flaws has boomed, exploiting major Web sites such as, PayPal and a major Italian bank. Last week, ScanSafe Ltd. reported that 68 percent of all malware it blocked in May was found on legitimate sites that had been hacked, more than quadruple the level of a year earlier. Source:

Communications Sector

33. June 12, RCR Wireless News – (National) Conservationists call for freeze on tower registrations. Conservationists called for a freeze on all tower registrations and re-registrations until the Federal Communications Commission complies with environmental statutes at issue in a court ruling earlier this year, likely signaling no let-up in a long-running feud over how to protect migratory birds from collisions with tall communications structures. The controversy, dating back to 2002, involves FCC licensing of 6,000 towers in the Gulf Coast. The American Bird Conservancy and the Forest Conservation Council argued the towers were illegally licensed because federal regulators failed to first assess potential implications for migratory birds under the National Environmental Policy Act, the Endangered Species Act and the Migratory Bird Treaty Act. The U.S. Court of Appeals for the District of Columbia Circuit -- in a 2-1 ruling on February 19 -- said the FCC “failed to apply the proper NEPA standard, to provide a reasoned explanation on consultation under the ESA and to provide meaningful notice of pending tower applications.” In March, the FCC began a new rulemaking in response to the D.C. Circuit’s order. Cellular industry association CTIA, wireless infrastructure association PCIA, the National Association of Tower Erectors and the National Association of Broadcasters petitioned the FCC last month for an expedited rulemaking on issues raised in the court ruling. Conservationists point to studies showing avian mortality could be reduced drastically by requiring new towers to be outfitted with pulsing white or red lights (rather than steady burning red lights); requiring red lights on existing towers to be retrofitted with pulsing lights; restricting the use of guy wires; and other measures. The industry is not keen on costly and time-consuming retrofitting or change-out options, particularly any which conflict with Federal Aviation Administration, state or local regulations. Source: