Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, December 17, 2008

Complete DHS Daily Report for December 17, 2008

Daily Report


 The Associated Press reports that airspace restrictions and procedures implemented around Washington, D.C., after the September 11th attacks are now permanent, the Federal Aviation Administration announced on Monday. (See item 10)

10. December 15, Associated Press – (District of Columbia) FAA makes special flight rules around D.C. permanent. Airspace restrictions and procedures implemented around Washington after the September 11th attacks are now permanent. The Federal Aviation Administration (FAA) announced on Monday that a final rule issued by the agency makes the special flight rules permanent. The secure airspace is made up of a pair of concentric rings consisting of a 15-nautical mile radius and 30-nautical radius around Ronald Reagan Washington National Airport. Within the outer ring, pilots must file a flight plan, establish two-way radio communications with air traffic control, and operate the aircraft transponder on an assigned code. But the inner ring is restricted to flights authorized by the FAA and the Transportation Security Administration. The area is smaller than the Air Defense Identification Zone that went into effect in February 2003. Source:

 According to the Associated Press, authorities say that U.S. embassies in Germany and Romania received letters Tuesday containing a suspicious white powder. (See item 21)

21. December 16, Associated Press – (International) U.S. embassies in Europe receive white powder. Authorities say that U.S. embassies in Germany and Romania received letters Tuesday containing a suspicious white powder. Both embassies say the envelopes are being investigated by American and local authorities. Police in Berlin say that initial tests indicate that the letter received at the embassy’s facility on Clayallee, where many of the downtown embassy’s consular services are housed, was not dangerous. The embassy in Bucharest was closed briefly after receiving the letter. Source:


Banking and Finance Sector

9. December 16, CNNMoney – (National) Credit card crackdown coming soon. Cash-strapped consumers might get some welcome news on Thursday when regulators vote to rein in controversial credit card practices. The proposed rules, which have received overwhelming consumer support, prohibit banks from practices like raising the interest rates on pre-existing credit card balances unless a payment is over 30 days late, and applying payments in a way that maximizes interest penalties. The Federal Reserve Board, the Office of Thrift Supervision, and the National Credit Union Administration, are all expected to approve the regulation. The rules are expected to take effect by 2010. “It will fundamentally change the relationship between cardholders and banks,” said a spokesman from the American Bankers Association. If approved, the Fed’s rules will mean an end to double-cycle billing, which averages out the balance from two previous bills. That means that consumers who carry a balance can get hit with retroactive interest on their previous month’s bill even if they have already paid that off. Consumers would also be given a reasonable amount of time to make payments, and payments would be applied to higher-rate balances first to reduce interest penalties and fees. Credit card statements would clearly list the time of day that a payment is due, and any changes to accounts would be in bold or listed separately. And, finally, no more universal defaults, a policy which allows credit card issuers to increase the interest rate on one card if a customer misses a payment on another card. Source:

Information Technology

27. December 16, PC World – (International) Internet Explorer is unsafe ... still. A malignant security flaw found in all versions of Microsoft’s Internet Explorer browser has yet to be fixed, and the problem is spreading. Microsoft detailed the flaw in a security update blog post six days ago. Since then, the problem has spread across the globe, hitting at least two million computers. Unlike other computer exploits, this one does not require users to click on fishy links or download mysterious software. Instead, it plagues computers that simply open an infected Web page. Internet Explorer is currently used by 69 percent of Web surfers. The flaw hides inside the data binding function of the browser and causes IE to quit unexpectedly and reopen vulnerable to hackers. So far, most of the attacks have been geographically centered on China and have been used for the purposes of stealing computer game passwords. But with a flaw as wide as this, the possibilities of nefarious action could include the massive theft of personal information such as administrative computer passwords and financial data. Even though there is currently no patch for this problem, Microsoft has offered a variety of workarounds. Most involve disabling or crippling the “oledb32.dll” file. Other methods include setting Internet and local intranet security zones to “high” and configuring Internet Explorer to prompt before running Active Scripting or to disabling Active Scripting. Source:

28. December 16, DarkReading – (International) Zero-Day exploits on IE7 could spread to other Microsoft browsers. The zero-day vulnerability in Internet Explorer 7 can also be found in other versions of the Microsoft browser, but exploits can be avoided through a series of workarounds, Microsoft said yesterday. The zero-day vulnerability reported has led to exploits that are still in the wild, confirmed in a security bulletin issued December 15. Although the attacks so far have been only against versions of IE7, Microsoft also conceded that IE versions 5, 6, and the 8.2 beta are also potentially vulnerable. “The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer,” Microsoft says. “When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.” Attacks that exploit the vulnerability continue, and there are likely to be more, Microsoft says. “Current trending indicates that there may be attempts to utilize SQL injection attacks against Websites to load attack code on those Website,” the company says. Microsoft is recommending a series of “workarounds” that are designed to prevent the attacks: Protected Mode in Internet Explorer 7 and Internet Explorer 8 Beta 2 in Windows Vista limits the impact of the vulnerability. By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. An attacker who successfully exploits this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. Source:;jsessionid=IB30M5GKIBMCYQSNDLPCKHSCJUNN2JVN?articleID=212500604

Communications Sector

29. December 16, Associated Press – (Texas) Test to jam cell phones smuggled into prison nixed, citing federal law. A scheduled demonstration of an electronic device that jams cell phone signals, rendering a phone inside a prison useless, has been canceled four days before it was to have been held, according to Texas prison officials. The demonstration was scheduled at the state jail in Austin by Florida-based vendor CellAntenna but prison officials nixed it Monday, saying such a test would violate federal law. Death row has been the most highly visible source of illegal cell phone activity since a condemned inmate in October made threatening calls, prompting a statewide prison lockdown and shakedown for contraband that prison officials said turned up 132 phones, 118 phone chargers and 183 inmate-made weapons. More phones and phone equipment then turned up on death row after the lockdown ended last month. South Carolina recently had a successful demonstration of the jamming device. Officials said it successfully blocked cell calls inside a prison — without interfering with nearby cell traffic. Source: