Department of Homeland Security Daily Open Source Infrastructure Report

Friday, November 14, 2008

Complete DHS Daily Report for November 14, 2008

Daily Report

Headlines

 KXTV 10 Sacramento reports that the 11th floor of the California Environmental Protection Agency was evacuated as a hazmat crew examined the contents of a package that sickened a number of employees. Authorities said the package came by routine delivery Tuesday. (See item 20)

20. November 13, KXTV 10 Sacramento – (California) Unknown substance triggers illness, evacuations at Cal-EPA. The 11th floor of the California Environmental Protection Agency was evacuated as a hazmat crew examined the contents of a package that sickened a number of employees. A captain with the Sacramento Fire Department said 13 people were taken to area hospitals with breathing difficulties. Outside the building, emergency responders administered oxygen to a number of others. There were also complaints of eye irritation. Employees told News10 that the substance, a liquid, smelled like sulfur. The workers’ symptoms began after a package sent from a household hazardous waste facility arrived at the EPA building. The package contained large manila envelopes according to a Cal EPA spokesperson. She said several reports were on some paper inside the envelopes and for some reason the reports were wet. When workers pulled the reports out of the envelope an odor made them feel sick. Authorities said the package came by routine delivery Tuesday. After it was opened employees took it to the Cal-EPA loading dock where hazmat specialists assessed it. There are 3,500 workers in the building. They were allowed to stay inside and were not in any danger during the emergency. Source: http://www.news10.net/news/story.aspx?storyid=50430&catid=2

 According to the Ocala Star-Banner, an unauthorized intruder accessed a University of Florida College of Dentistry computer server containing personal information of more than 344,000 current and former dental patients, UF announced Wednesday. (See item 33)

33. November 12, Ocala Star-Banner – (Florida) Hacker accesses 344,000 UF dental patient records. An unauthorized intruder accessed a University of Florida College of Dentistry computer server containing personal information of more than 344,000 current and former dental patients, UF announced Wednesday. The information included names, addresses, birth dates, Social Security numbers and dental procedure information for patients dating back to 1990. The breach was discovered October 3, when college staff members were upgrading the server and found software had been remotely installed on it, according to the university. While UF officials have no evidence the intruder used the information for fraudulent purposes, letters were mailed to 336,234 people who had information on the system to alert them. The university lacked mailing addresses for nearly 8,250 additional patients with data on the server. The system was subsequently rebuilt with more stringent security controls. UF officials are in the process of screening up to 60,000 more computers to ensure appropriate safeguards are in place. Source: http://www.ocala.com/article/20081112/ARTICLES/811120299/0/news

Details

Banking and Finance Sector


12. November 13, CNNMoney.com – (National) Consumer debt gets bailout attention. The Treasury Secretary said Wednesday that the government would broaden the reach of its $700 billion bailout plan to support non-bank financial institutions that provide consumer credit, such as credit cards and auto loans. In this second stage of the bailout, officials also hope to attract private capital, possibly through matching investments, to give the government’s injections more heft. The Treasury Secretary also said the government is no longer planning to buy troubled mortgage assets, the original goal of the plan. Therefore, it must come up with new ways to help homeowners and slow the tide of foreclosures, which it had hoped to do once it owned the troubled loans. “Approximately 40 percent of U.S. consumer credit is provided through securitization of credit card receivables, auto loans and student loans and similar products. This market, which is vital for lending and growth, has for all practical purposes ground to a halt,” the secretary said. Source: http://money.cnn.com/2008/11/12/news/economy/paulson/index.htm


13. November 13, Washington Post – (National) New rules for banks target online gambling. The Treasury Department and the Federal Reserve Bank yesterday issued new regulations spelling out how banks and other financial institutions must comply with a 2006 law that bans many forms of Internet gambling. Running 120 pages, the regulations detail how banks must identify and block illegal Internet gambling transactions beginning in January. Companies involved in processing online payments have complained that the task will be difficult and costly. Source: http://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111202668.html?sub=AR


14. November 11, Bloomberg – (National) Citi, Fannie, Freddie to halt some foreclosures. Mortgage companies Fannie Mae and Freddie Mac and Citigroup Inc. plan to cut home-loan payments for hundreds of thousands of borrowers facing foreclosures, following similar moves by the nation’s biggest banks. Fannie Mae and Freddie Mac will reduce principal or interest rates on some loans and extend the terms of others, according to the Federal Housing Finance Agency, which seized control of Fannie and Freddie in September. Congress has been urging financial-services companies to work with borrowers after foreclosures rose to the highest on record in the third quarter. JPMorgan Chase & Co., the biggest U.S. bank, said last month it would stop foreclosures on some loans as it works to make payments easier on $110 billion of problem mortgages, while Bank of America Corp. said it has modified 226,000 loans this year. Source: http://www.bloomberg.com/apps/news?pid=20601213&sid=aHDnJt8WRFBo&refer=home


Information Technology


41. November 13, Register – (International) Firefox update fixes four critical flaws. Users of Firefox need to update their browser software again following the publication of patches by Mozilla on November 12. Both supported versions of Firefox need patching but the 2.x version of the popular open source browser is most in need of a retool. Firefox 2.0.0.18 addresses 11 security vulnerabilities, six of which are classified as critical. Firefox 3.0.4 addresses nine security vulnerabilities, four of which are critical. The critical flaws in Firefox 3.x cover a vulnerability in the session restore feature that could allow cross-site scripting attacks and a separate memory corruption flaw as well as code injection risks involving the nsFrameManager and http-index-format parser of the browser. Firefox 3.0.4 also fixes a slew of stability and performance glitches. Mozilla’s developers urge those left behind on the Firefox 2.x release to upgrade to Firefox 3.x, warning that it will stop issuing stability and security patches for the older release next month. The SeaMonkey internet application suite evolved from the same code base as Mozilla’s Application Suite and needs patching against the same 11 flaws as Firefox 2.x. Seamonkey, a community-driven project separate from Mozilla, advises users to upgrade to Seamonkey 1.1.13. Source: http://www.theregister.co.uk/2008/11/13/firefox_update/


42. November 13, San Jose Mercury News – (International) Cybercrime crusaders shut down shadowy Web hosting operation. When cybercrime crusaders this week persuaded Internet service providers to disconnect a shadowy Web hosting operation called McColo, there was an instant 40 percent drop in spam and other “badness’” across some e-mail networks, security experts say. McColo, which operated from servers in San Jose, California, was alleged to be a conduit for illicit activities, according to a “Cyber Crime USA” report issued November 11 by an alliance of private-sector Internet security advocates. But bringing the people behind McColo to justice, these experts say, may prove much more difficult in an age when the technology has outpaced the reach of the law — particularly when the culprits may be crime syndicates in Eastern Europe. The activities hosted by McColo were disrupted, experts say, but may be quickly revived over the Web. Following the shutdown, Trend Micro found a 40 percent drop in spam on its filters to corporate clients, said an advanced threats researcher for the Cupertino Company. Source: http://www.mercurynews.com/ci_10968568?source=rss


Communications Sector

Nothing to report