Department of Homeland Security Daily Open Source Infrastructure Report

Monday, October 27, 2008

Complete DHS Daily Report for October 27, 2008

Daily Report

Headlines

 According to the New York Times, radio-frequency identification tags used in two new types of border-crossing documents in the United States are vulnerable to snooping and copying, a researcher said on Thursday. (See item 15)

15. October 23, New York Times – (National) Researchers find problems with RFID passport cards. Radio-frequency identification tags (RFID) tags used in two new types of border-crossing documents in the United States are vulnerable to snooping and copying, a researcher said on Thursday. United States Passport Cards and enhanced driver’s licenses (EDLs) issued by the U.S. Department of State and state of Washington contain RFIDs that can be scanned at border crossings without being handed over to agents. Both were introduced earlier this year for border crossings by land and water only, and cannot be used for air travel. The information in these tags could be copied on to another tag, which might be used to impersonate the legitimate holder of the card if Homeland Security agents at the border did not see the card itself, the researchers said. Another danger is that the tags can be read from as far as 150 feet away in some situations, so criminals could read them without being detected. Although the tags do not contain personal information, they could be used to track a person’s movements through ongoing surveillance. Source: http://www.nytimes.com/external/idg/2008/10/23/23idg-Researchers-fin.html

 NewsFactor Network reports that, according to a national survey commissioned by Office Depot, 40 percent of small U.S. businesses admit they are not prepared for a disaster. One-third said they have no plans to prepare. (See item 37)

37. October 23, NewsFactor Network – (National) Small firms are unprepared for disaster. According to a national survey, 40 percent of small U.S. businesses admit they are not prepared for a disaster. One-third said they have no plans to prepare. The survey of 5,000 small business professionals, commissioned by Office Depot, did show that small businesses located in natural disaster-prone regions (coastal areas or the Midwest) are far more inclined to prepare for disasters. But nationally speaking, a full 25 percent of business owners said they would rather deal with a disaster when it occurs than get ahead of a potential problem. Source: http://www.newsfactor.com/news/Small-Firms-Unprepared-for-Disaster/story.xhtml?story_id=113003OSW9AA

Details

Banking and Finance Sector


12. October 24, Wall Street Journal – (National) SEC’s Cox backs merger of agency with CFTC. The Securities and Exchange Commission Chairman said he strongly supports merging his agency with the Commodity Futures Trading Commission. His endorsement came during a tense House Oversight Committee hearing where lawmakers sought to hold him, the former Federal Reserve chairman, and the former Treasury Secretary accountable for lax regulation leading up to the financial crisis. Congressional leaders are aiming to change oversight procedures. Appeals for merging the agencies have not led to substantive changes, partly because neither the Agricultural committee, who oversees the CTFC, nor the Banking and Finance committees who oversee the SEC, are willing to cede jurisdiction. The chairman of the SEC also suggested establishing a bipartisan task force to develop a future regulatory oversight structure. Source: http://online.wsj.com/article/SB122480710183665011.html?mod=googlenews_wsj


13. October 24, CNN Money – (National) PNC to buy National City. PNC announced Friday it would acquire regional bank National City in an all-stock deal worth $5.2 billion. The sale would create the nation’s fifth-largest U.S. bank based on deposits. Making the announcement before Friday’s opening bell, Pittsburgh-based PNC said it would also get a capital injection from the government by selling $7.7 billion worth of preferred stock as part of a federal program aimed at propping up the nation’s banking system. Source: http://money.cnn.com/2008/10/24/news/companies/bank_stocks/index.htm?postversion=2008102409


14. October 24, WDIV 4 Detroit – (Kentucky; Michigan) Scammers using DTE to steal customer’s identity. Police said people are getting a voice message telling them their DTE Energy bill is overdue and their electric service is about to get cut off. When customers return the call the automated voice asks the customers to state their Social Security number and other personal information after the tone. The Federal Bureau of Investigation has traced the 800 number to Kentucky. The operation has been shut down previously but has resurfaced. Source: http://www.clickondetroit.com/news/17793838/detail.html


Information Technology


34. October 23, IDG News – (International) Attack code for critical Microsoft bug surfaces. Just hours after Microsoft posted details of a critical Windows bug, a new attack code that exploits the flaw has surfaced. It took developers of the Immunity security testing tool two hours to write their exploit, after Microsoft released a patch for the issue Thursday morning. Software developed by Immunity is made available only to paying customers, which means that not everyone has access to the new attack, but security experts expect that some version of the code will begin circulating in public very soon. Microsoft took the unusual step of rushing out an emergency patch for the flaw October 23, two weeks after noticing a small number of targeted attacks that exploited the bug. The vulnerability was not publicly known before October 23; however, by issuing its patch, Microsoft has given hackers and security researchers enough information to develop their own attack code. Source: http://www.itworld.com/windows/56655/attack-code-critical-microsoft-bug-surfaces

See also: http://www.siliconrepublic.com/news/article/11662/cio/microsoft-releases-critical-patch-trojan-virus-on-the-loose


Communications Sector


Nothing to report