Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, January 13, 2009

Complete DHS Daily Report for January 13, 2009

Daily Report

Headlines

 KOVR 13 Sacramento reports that radical animal rights activists have threatened to send letter bombs to two University of California at Davis researchers. (See item 16)

16. January 11, KOVR 13 Sacramento – (California) Two UC Davis researchers receive bomb threats. Radical animal rights activists have threatened to send letter bombs to two University of California at Davis researchers, according to authorities. The group has reportedly carried out a bombing in the past. An online posting by a group calling itself the Revolutionary Cells Animal Liberation Brigade identified the two university researchers by name on Saturday night, saying that they had sent them a nasty surprise through the mail. The threat accuses the two researchers at the California National Primate Research Center of torturing primates. UC Davis security is on high alert. The group that made the threat is the same group that claimed responsibility for bombing an Emeryville building and a failed car bombing attempt on a UCLA professor. No suspicious packages have been found in either researcher’s mailbox, and one of the researchers said his mail is being screened at the post office. Other researchers at the Primate Center have been warned to be careful when opening their mail. Source: http://cbs13.com/local/letter.bomb.threats.2.905783.html

 According to the Wall Street Journal, an Ohio company recalled its creamy peanut butter after Minnesota health authorities identified the sandwich spread as the likely source of a wave of salmonella infections in the state. (See item 17)

17. January 11, Wall Street Journal – (Minnesota; Ohio) Peanut butter suspected in Salmonella outbreak. An Ohio company recalled its creamy peanut butter after Minnesota health authorities identified the sandwich spread as the likely source of a wave of salmonella infections in the state. Minnesota investigators found that every one of the 30 people with recent salmonella infections in that state had eaten peanut butter before falling ill, and confirmed in the “overwhelming majority” of those cases that the victims had eaten King Nut brand, according to a state Department of Health spokesman. The Minnesota salmonella strain matches the bacteria that have sickened at least 369 people in 41 other states since early September, although Minnesota authorities have not connected the peanut butter to the national outbreak. King Nut said it had purchased the peanut butter from Peanut Corp. of America of Lynchburg, Virginia, and sold it under the King Nut and Parnell’s Pride brands. King Nut distributed it to universities, restaurants, hospitals, and other institutional food services. The company said the contamination was in an open container “in a large, institutional kitchen,” raising the possibility of cross-contamination. Source: http://online.wsj.com/article/SB123172133257172179.html?mod=googlenews_wsj

Details

Banking and Finance Sector


7. January 12, Reuters – (National) FDIC faces $10 bln IndyMac loan exposure – paper. The Federal Deposit Insurance Corp. (FDIC) may be facing up to $10 billion in previously unknown liabilities tied to mortgages failed lender IndyMac sold to Fannie Mae, the New York Post said. Such a liability to the FDIC’s $34.6 billion insurance fund would leave the agency less able to deal with the number of bank failures expected this year, the paper said. The FDIC agreed on January 2 to sell IndyMac’s assets to a consortium of private equity and hedge fund firms, including Dune Capital Management and J.C. Flowers & Co. The FDIC, which has run IndyMac since its failure on July 11, undertook as part of the deal to share losses on a portfolio of IndyMac loans. Source: http://www.reuters.com/article/privateEquity/idUSBNG10892720090112


8. January 10, Champaign News Gazette – (Illinios) Police warn of text message scam. Police in Champaign, Illinois, are investigating an ongoing text message scam that attempts to get the receiver to provide their account number. Dozens were sent out about 7:30 p.m. January 9 to area residents. The message, which appears to be from a local bank, advises the recipient that their card has been deactivated. To reactivate their card, the recipient is told to call a phone number and provide their account number and pin number. The information is used to fraudulently remove funds from the recipient’s account. Source: http://www.news-gazette.com/news/local/2009/01/10/police_warn_of_text_message_scam


9. January 10, Oshkosh Northwestern – (Wisconsin) Police warn of text message scam. Police in Oshkosh, Wisconsin, are warning residents not to respond to text messages appearing January 10 on area cell phones purporting to be from Associated Bank. The message asks recipients to “Please verify your Associated Bank account (unusual activity),” and directs the recipient to call a toll-free number. The Winneconne police chief said his department has been deluged with calls from people concerned about the message. He said the message is a scam designed to collect account information. Source: http://www.thenorthwestern.com/article/20090110/OSH0101/901100330/1128/OSH01

10. January 9, MarketWatch – (National) Changes urged in doling out of $700 billion bailout. A key lawmaker called on January 9 for Congress to impose stricter requirements on how the government uses the second half of a $700 billion financial bailout fund as a separate oversight panel blasted the handling of the first half. The House Financial Services Committee chairman detailed legislation that would condition the release of the second half of the bailout funds on a number of changes, including a series of restrictions on executive compensation, requiring more monitoring and accountability on banks, and imposing more conditions on auto companies receiving funds. The chairman also said the bill would direct more help to small banks, and that he expects the measure would redirect much of the capital infusion by the government away from the larger financial institutions. Source: http://www.marketwatch.com/news/story/changes-urged-doling-out-financial/story.aspx?guid={E5CE2612-1B2E-40EB-A2BF-EE9C9FF4FA20}



Information Technology

28. January 12, ComputerWeekly – (International) Experts reveal 25 coding errors that let in hackers. International security organizations have unveiled a list of 25 common programming errors that cause security vulnerabilities and expose IT users to cyber attack. Nine of the errors involve insecure interaction between software components, nine relate to risky resource management, and seven deals with access control. The U.S.-funded collaboration project is managed by the Mitre and Sans Institute and brings together security experts from more than 30 global organizations. The project is aimed at helping software producers to code more securely by focusing on actual errors and providing information on how to avoid them. The project will also enable end user organizations to get suppliers to certify their code is free of these programming errors. The Sans Institute said it was shocking that most of these common security errors are not understood by programmers. Programmers are not widely taught to avoid these errors and commercial software producers seldom check for them. Source: http://www.computerweekly.com/Articles/2009/01/12/234179/experts-reveal-25-coding-errors-that-let-in-hackers.htm


29. January 9, ZDNet – (International) Firefox team stops collecting data to ensure user privacy. The Firefox team decided this week to stop collecting unique identifiers that link crash reports from the same user. During the somewhat heated debate during an extended session of its weekly meeting, opponents said the practice violates user privacy, while proponents say having the data visible could help them fix bugs and solve bottlenecks faster — even though they claim to have never used it before. Opponents won the debate by arguing that user privacy trumps any development issue. After the meeting, an engineering chief summed up the issue this way: “The discussion at the end of the meeting was around what data we should and shouldn’t be collecting with crash reports, whether or not that data becomes publicly visible on our Crash Reporter developer website,” the engineer wrote in response to questions submitted by ZDNet. “The questions in the discussion centered around the value in keeping unique identifiers that allow us to associate two crashes from the same user. While there is value in being able to do this easily, the potential cost to user privacy felt high, and so some were arguing that we shouldn’t have the crash reporter client on user’s machines send these unique identifiers,” he wrote. “That argument prevailed, and the change will be made such that unique identifiers will no longer be sent. We’ll also purge the database of the ones we’ve collected (but not actually even used) to date and instead find new ways of drawing the correlations required for data analysis which don’t have as high a risk to user privacy.” Source: http://blogs.zdnet.com/open-source/?p=3274

Communications Sector

Nothing to report.

No comments: