Department of Homeland Security Daily Open Source Infrastructure Report

Friday, October 24, 2008

Complete DHS Daily Report for October 24, 2008

Daily Report


 The Los Angeles Times reports that the number of deaths and serious injuries associated with prescription drug use rose to record levels in the first quarter of this year, with 4,825 deaths and nearly 21,000 injuries, the Institute for Safe Medication Practices said Wednesday. (See item 26)

26. October 23, Los Angeles Times – (National) Prescription drug injuries and deaths reach record levels. The number of deaths and serious injuries associated with prescription drug use rose to record levels in the first quarter of this year, with 4,825 deaths and nearly 21,000 injuries, the Horsham, Pennsylvania-based Institute for Safe Medication Practices said Wednesday. Those numbers represent a nearly threefold increase in deaths from the previous quarter and a 38 percent increase in injuries from last year’s quarterly average. The most dangerous medications were the anti-smoking drug Varenicline, which was linked to 1,001 injuries and 50 deaths in the three-month period ending in March, and the blood thinner heparin, which was associated with 779 injuries and 102 deaths. The data came from voluntary reports of adverse effects to the Food and Drug Administration, which made the data public after stripping information that identified victims. Because the reporting is voluntary, researchers have speculated that fewer than 10 percent of adverse events actually make it into the system Source:,0,3402124.story

 According to the Environment News Service, more than 190 million acres of federal land in 12 western states will be opened for development of geothermal energy resources, the U.S. Secretary of the Interior announced Wednesday. (See item 41)

41. October 22, Environment News Service – (National) Geothermal development planned for western public lands. More than 190 million acres of federal land in 12 western states will be opened for development of geothermal energy resources, the U.S. Secretary of the Interior announced Wednesday. The Secretary noted that 90 percent of the nation’s geothermal resources lie on federal land. The plan would identify about 118 million acres of public lands managed by the U.S. Bureau of Land Management and 79 million acres of National Forest Service lands for future geothermal leasing. If the newly announced plan is implemented, new geothermal energy could meet the needs of 5.5 million homes, capacity to serve a further 6.5 million by 2025. Lands closed to geothermal leasing will remain closed. Lands within a unit of the National Park System, such as Yellowstone National Park, for instance, will continue to be unavailable for leasing. Source:


Banking and Finance Sector

9. October 22, Bloomberg – (National) Moody’s, S&P employees doubted ratings, e-mails say. Lawmakers on Capital Hill criticized the role played by Moody’s, S&P, and Fitch Ratings in the global credit freeze. The companies in recent months have downgraded thousands of mortgage-backed securities, as delinquencies have soared and home values have fallen. The Securities and Exchange Commission in a July report found the credit-rating companies improperly managed conflicts of interest and violated internal procedures in granting top rankings to mortgage bonds. The executives of the credit-rating companies said in testimony that they were unprepared for the sharp drop in home prices and were making improvements. The House Oversight and Government Reform Committee chairman accuses the firms of colossal failures asserting they became focused more on profits at the expense of investor security. Calling reforms undertaken so far by rating firms inadequate, a former Moody’s managing director of credit policy urges what he calls sweeping management changes, firing of those associated with issuing faulty ratings, and more transparency and simplicity. Source: See also:

10. October 22, Financial Times – (National) U.S. capital injection sets up bank consolidations. The U.S. government’s planned $125 billion capital injection into nine financial groups is set to unleash another wave of consolidation as banks scramble to use the cash on takeovers and bolt-on acquisitions, according to Wall Street executives. Senior bankers say that some institutions, such as JPMorgan Chase, Citigroup and Morgan Stanley, are looking to deploy part of the government funds to plug strategic holes by acquiring rivals, assets or people. Others, like Goldman Sachs, Wells Fargo and Bank of America are expected not to enter the takeover fray immediately and use the cash infusion to increase their lending capacity and bolster their balance sheets instead. Recent speculation has focused on mergers between second-tier regional banks, which are yet to apply to receive the government aid. However, industry executives say the large financial groups that have already agreed to sell preferred shares and warrants to the government in return for the cash injection will move first. Source:

Information Technology

32. October 23, IDG News Service – (International) Microsoft to rush out emergency windows patch. The company offered few details on why it was releasing the emergeny security patch software update, which is rated critical for users of Windows 2000, Windows XP, and Windows Server 2003. The update will be released at 10:00 am, Pacific time on October 23, said a Microsoft spokesman in a blog posting published late October 22nd. In an advisory on the issue, Microsoft explained that the flaw is considered to be a less serious risk for users of the Windows Vista and Server 2008 operating systems. This latest vulnerability, however, appears to be unknown to the security community. For Microsoft to rush out this type of emergency update, it must consider the bug to be very serious, said an organizer of the CanSecWest hacking conference in an instant message interview. Source:

33. October 23, SearchSecurity – (International) Cisco warns of security appliance flaws. Cisco Systems Inc. warned of multiple flaws in its ASA 5500 Series Adaptive Security Appliances and PIX Security Appliances that could be used by an attacker to bypass security controls and gain access to critical systems. The appliances are used to provide a variety of network security features to address Voice over Internet Protocol (VoIP) security, VPN connections for remote employees and firewall services. Cisco’s advisory warned of a Windows NT domain authentication bypass vulnerability, IPv6 denial of service flaw and crypto accelerator memory leak vulnerability. Cisco said its ASA and PIX devices could be susceptible to VPN authentication bypass since they support Microsoft Windows server operating systems, which are vulnerable to a Windows NT Domain authentication flaw. Appliances configured for IPSec or SSL-based remote access VPN may be vulnerable, Cisco said. The IPv6 denial-of-service flaw could cause an IPv6 packet to force ASA and PIX devices to reload. Cisco said devices running software versions from 7.2(4)9 or 7.2(4)10 that have IPv6 enabled are vulnerable to this issue. ASA appliances are vulnerable to a crypto accelerator memory leak vulnerability. Source:,289142,sid14_gci1335757,00.html

34. October 22, CNET News – (International) Keystrokes can be recovered remotely. Wired keyboards, like those found on desktop PCs, emit electromagnetic waves that can be read remotely, according to two Swiss researchers. Researchers of the Swiss Security and Cryptography Laboratory at LASEC/EPFL were able to recover keystrokes from wired keyboards at a distance up to 20 meters (about 65 feet), even through walls, simply by reading the electromagnetic emanations of the peripheral device. The experiments focused on wired keyboards attached to a computer either by PS/2 or USB connections. Source:

35. October 22, IDG News Service – (International) Student gets jail for crashing university servers. A 22-year-old University of Pennsylvania student has been sentenced to three months in prison and probation time, following a worldwide botnet computer bust. He had been facing as much as five years in prison on a computer fraud charge after he was rounded up as part of the FBI’s “Operation Bot Roast II.” He was also fined $30,000 and must pay $6,100 in restitution to the University of Pennsylvania, which was affected by an online distributed denial-of-service (DDOS) attack that he helped orchestrate in February 2006. The student wanted to wage an online war with three Internet Relay Chat networks and a now-defunct Web site called Authorities say he was angry after being banned from at least one of the forums, and he talked a teenaged New Zealand hacker into launching a DDOS attack against the networks. In late February, a Penn server used to host configuration information for the botnet attack was so swamped with queries from the botnet network that it was inadvertently knocked offline. Source:

Communications Sector

Nothing to report