Department of Homeland Security Daily Open Source Infrastructure Report

Monday, August 18, 2008

Complete DHS Daily Report for August 18, 2008

Daily Report

• The Dallas Morning News reports that federal regulators have proposed $7.1 million in fines against American Airlines for a string of violations that include deferring maintenance and violations of employee drug-testing rules. (See item 12)

• According to the Asbury Park Press, the Pentagon has suspended an Air Force plan to establish a Cyber Command that would protect the United States from attacks on its electronic infrastructure. (See item 30)

Banking and Finance Sector

Nothing to report

Information Technology

30. August 15, Asbury Park Press – (National) Cyber Command plan, sought for McGuire, is suspended. The Pentagon has suspended an Air Force plan to establish a Cyber Command that would protect the United States from attacks on its electronic infrastructure, for which McGuire Air Force Base was a potential headquarters. The initiative might be falling victim to a turf battle within the federal Department of Defense. A memo circulated this week announced that budget and personnel transfers for the project have been put on hold. Meanwhile, a senior military commander told the Associated Press that computer defense and offense would be better sited within U.S. Strategic Command, which has the military responsibility for cyberspace across all services and commands. The former secretary of the Air Force, who was fired earlier this year, had been the chief patron of creating a cyber command. Source:

31. August 15, IDG News Service – (National) Peer-to-peer client UTorrent fixes serious vulnerability. One of the most popular programs used by some to illegally share files under copyright has patched a serious software vulnerability. The problem affects the P-to-P (peer-to-peer) program uTorrent as well as BitTorrent Mainline, another program based on the uTorrent code. It has been classified as “highly critical,” the second most severe ranking of risk, by Secunia, a security vendor in Denmark. Both programs use the BitTorrent protocol, which has become the most popular method of file sharing worldwide, according to iPoque, a company based in Leipzig, Germany, that specializes in traffic-management appliances for ISPs. The programs collect pieces of a particular file from other computers around the world and assemble it. The vulnerability can be exploited if a user downloads a malicious torrent, which is a text file that coordinates the downloading of content. The problem causes a stack overflow, which can allow an attacker to upload other malicious software to a PC. The bug was in the software for at least two years, wrote the researcher who is credited with the find and has written a short paper describing the problem. Source:

Communications Sector

32. August 15, USA Today – (International) Dropped calls plague iPhone 3G, and not just in U.S. Since the launch of the next-generation iPhone, Apple’s message boards have been flooded with complaints of dropped calls and poor 3G connectivity indicated by few or no “bars” on the phone’s display. From New York to Stockholm, 3G iPhone owners are complaining loudly about connection failures — sometimes repeatedly — during calls. The problem typically occurs when the device attempts to move from 3G to another network. According to people familiar with the matter, the culprit appears to be the 3G chipset provided by Infineon Technologies, a German chipmaker. Sources declined to be identified because they are not authorized to talk about the problem publicly. According to these sources, AT&T and Apple are working on a software fix. The fix, which will be available remotely via iTunes, could be ready as early as next week, they said. Source: