Department of Homeland Security Daily Open Source Infrastructure Report

Friday, July 31, 2009

Complete DHS Daily Report for July 31, 2009

Daily Report

Top Stories

 According to the Associated Press, one person was killed and several injured in an explosion on Wednesday at Mueller Industries, a copper tubing plant, in Fulton, Mississippi. (See item 9)


9. July 29, Associated Press – (Mississippi) 1 dead, several hurt in Miss. copper tubing plant explosion. One person was killed and others injured in an explosion on July 29 at a copper tubing plant in northeast Mississippi, emergency officials said. An official with Mueller Industries said the company in Fulton is still assessing the damage. Authorities were unsure how the explosion happened. The plant was evacuated after the blast and the fire extinguished about an hour later. Officials said a hazmat team decontaminated people who had chemicals on them. Memphis, Tennessee-based Mueller Industries makes copper tube and fittings, among other products. Source: http://www.suntimes.com/news/nation/1692377,w-mississippi-copper-tubing-plant-explosion-072909.article


 WFAA 8 Dallas reports that the Federal Aviation Administration confirmed that it will require 1,400 airplane mechanics certified at Tobias Aerospace Services in San Antonio, Texas to retest or have their licenses revoked. FAA officials said they became concerned last fall that mechanics were being improperly licensed at the airplane mechanic testing facility. (See item 17)


17. July 30, WFAA 8 Dallas – (Texas) FAA to order retesting of 1,400 airplane mechanics. The Federal Aviation Administration (FAA) confirmed that it will require 1,400 airplane mechanics certified at a San Antonio facility to retest or have their licenses revoked. FAA officials said they became concerned last fall that mechanics were being improperly licensed at Tobias Aerospace Services, an airplane mechanic testing facility. Their concerns were triggered by the unusually high success rate and volume of mechanics tested and certified by an individual who is an FAA-designated mechanical examiner. Tobias has certified mechanics for eight years. Possible conflicting test dates and paperwork irregularities submitted by Tobias and mechanic applicants spurred further FAA questions. “In the course of reviewing the airmen’s applications and the certificates that were issued, the inspectors began to have a number of questions about the qualifications of those applications,” said an FAA flight standards regional manager in Dallas. Records show mechanics traveled to Tobias Aerospace from all over the United States, Asia, Latin America and South America to undergo oral and practical examinations. Tobias certified 150 to 250 mechanics each year; one year about 300 were certified. The controversy surrounding the retesting spreads far beyond Texas to Boeing in Seattle. Several Boeing mechanics told News 8 that they came to Tobias Aerospace to gain certification in order to command higher wages once they passed the test. Now they will have to be recertified. Boeing and FAA officials said the mechanics in question should not raise safety concerns because they assemble planes with multiple levels of supervision and quality assurances. Records show Tobias is no longer an examiner. The FAA shut down Tobias Aerospace when it began investigating last fall. Source: http://www.wfaa.com/sharedcontent/dws/wfaa/latestnews/stories/wfaa090729_mo_faa.8d867fd6.html


Details

Banking and Finance Sector

14. July 30, Wall Street Journal – (National) Senate probes banks for meltdown fraud. A Senate panel has subpoenaed financial institutions, including Goldman Sachs Group Inc. and Deutsche Bank AG, seeking evidence of fraud in last year’s mortgage-market meltdown, according to people familiar with the situation. The congressional investigation appears to focus on whether internal communications, such as email, show bankers had private doubts about whether mortgage-related securities they were putting together were as financially sound as their public pronouncements suggested. Collapsing values for many of those securities played a big role in precipitating last year’s financial crisis. According to people familiar with the matter, the Senate Permanent Subcommittee on Investigations also has issued a subpoena to Washington Mutual Inc., a Seattle thrift that was seized by regulators in last year’s financial crisis and is now largely owned by J.P. Morgan Chase & Co. It appears likely that several other financial institutions also have received subpoenas. Subcommittee investigators declined to comment. A Goldman Sachs spokesman declined to comment on the subpoena. Deutsche Bank didn’t immediately respond to a request for comment. The subpoenas are the latest in a series of moves by Congress to trace the roots of the financial crisis. Source: http://online.wsj.com/article/SB124890898142691729.html


15. July 30, Wall Street Journal – (National) FDIC poised to split banks to lure buyers. The Federal Deposit Insurance Corp., grappling with the worst banking crisis since the 1990s, is poised to start breaking failed financial institutions into good and bad pieces in an effort to drum up more interest from prospective buyers. The strategy, which is likely to begin soon, is aimed at selling the most distressed hunks of failed banks to private-equity firms and other types of investors who may be more willing than traditional banks to take a flier on bad assets. The traditional banks could then bid on the deposits, branches and other bits of the failed institution that are appealing. “We want banks to participate in the resolution process, but we know it’s a tough time for banks to participate in the resolution process,” said a senior adviser to the FDIC Chairman. He made the comments on July 29 during a presentation to a community-banking conference in New York sponsored by Keefe, Bruyette & Woods Inc., a boutique investment firm that specializes in financial services. Regulators have seized 64 banks this year as the credit crisis continues to wreak havoc on small institutions that have been hit hard by the collapse in housing prices and deteriorating commercial real estate. Although the banks are technically seized by other regulators, it is the FDIC’s job to dispose of the assets in a cost-effective manner. The FDIC has found buyers for most of the failed institutions, but many prospective bidders are leery of taking on bad loans from a shuttered bank. That remains the case despite the FDIC’s efforts to encourage bidders by providing loss-sharing agreements in about 40 of this year’s bank failures. Source: http://online.wsj.com/article/SB124891131732891921.html


Information Technology


33. July 29, Spamfighter News – (International) Computer virus Hidrag.a rapidly spreading across networks. Security researchers have found Hidrag.a, a computer virus, which spreads through browser exploits, network shares and IRC (Internet Relay Chat), as reported by Pc1news on July 10, 2009. Researchers state that once the virus is executed, it stays inside the system’s memory and attempts to infect .scr and .exe files running on the infected PC. In addition, Hidrag.a might establish a backdoor that allows an intruder to make an unhindered entry to the infected computer, putting possible banking and financial data at risk. After execution, Hidrag.a makes its own duplicate copy of approximately 36K in size and plants it on the Windows directory by naming it svchost.exe, according to the researchers. Following this, the virus registers the ‘.exe’ file within the auto-run key of the PC’s registry. The researchers also state that Hidrag.a has a connection with various other files like setup.exe, malware.exe and NoDNS.exe. In fact, other security companies also analyzed this virus. While Symantec and McAfee refer Hidrag.a as W32.Jeefo, Microsoft refers it as Jeefo.A. Other names given to Hidrag.a are Jeefo-3, Virus.Parite.B, TROJ_FLOOD.AF, and so on. Meanwhile, the security researchers said, the malicious Hidrag.a virus has caused the maximum number of infections in the United States where an aggregate of 43,601 strains of malevolent web traffic has been reported. China, which follows the United States, has as many as 42,597 strains of malevolent traffic owing to Hidrag.a. Along with these nations, Brazil, Japan and India are other countries that are infected with the malicious Hidrag, while the United Kingdom, Germany, France, Italy and Russia have also been infected. Source: http://www.spamfighter.com/News-12803-Computer-Virus-Hidraga-Rapidly-Spreading-Across-Networks.htm


34. July 29, CNET News – (International) Report finds fake antivirus on the rise. Malware posing as antivirus software is spreading fast with tens of millions of computers infected each month, according to a report to be released on July 29 from PandaLabs. PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. In a year, that number had grown to 111,000. And in the second quarter of 2009, it reached 374,000, the technical director of PandaLabs said in a recent interview. “We’ve created a specific team to deal with this,” he said, of the rogue antivirus software that issues false warnings of infections in order to get people to pay for software they don’t need. The programs also typically download a Trojan or other malware. PandaLabs found that 3 percent to 5 percent of all the people who scanned their PCs with Panda antivirus software were infected. Using that and worldwide computer stats from Forrester, PandaLabs estimates there could be as many as 35 million computers infected per month with rogue antivirus programs. About 3 percent of the people who see the fake warnings fall for it, forking over $50 for an annual license or $80 for a lifetime license, according to the technical director. Last September, a hacker was able to infiltrate rogue antivirus maker Baka Software and discovered that in one period an affiliate made more than $80,000 in about a week, said a PandaLabs threat researcher. A Finjan report from March estimated that fake antivirus distributors can make more than $10,000 a day. Source: http://news.cnet.com/8301-27080_3-10298253-245.html


35. July 28, Windows IT Pro – (International) User feedback leads to network resiliency in SQL Server backup tool. British developer Red Gate Software has released the latest version of its SQL Backup tool with new network resilience functions, self-healing log shipping and improved compression capabilities. The Cambridge-based firm encourages interaction with its customers and the wider database admin and developer community with initiatives like its popular SQLServerCentral.com website. It says that the software’s new version 6 features are a response to feedback from users who complain about continued reliance on flaky networks. If there is a hiccup on the line when they are writing backups across networks then it is nearly always a case of having to start all over again. RedGate’s SQL Backup Pro 6 product manager explains: “Let’s say you’ve transferred half the file across the network and then there’s a temporary outage in the network, SQL Backup will pause for a configured length of time, maybe thirty seconds, and then try again and it will do that ten times. Those are both configuration settings that you can adjust. And when it tries again, if it makes a connection, if it was just a short-term outage, it then picks up from where it’s already transferred, so if you’d already transferred half the file it then tries to transfer the remaining half.” Many DBAs use log shipping as a way of keeping a standby copy of a SQL Server instance on a separate machine, often at a disaster recovery site. Again, connection can be low-bandwidth and suffer from outages that can disrupt this process, meaning manual fixes often have to be made after the fact. Source: http://windowsitpro.com/article/articleid/102547/user-feedback-leads-to-network-resiliency-in-sql-server-backup-tool.html

Communications Sector

Nothing to report.

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, July 30, 2009

Complete DHS Daily Report for July 30, 2009

Daily Report

Top Stories

 According to the Columbus Dispatch,authorities are continuing to dig into the cause of a blast that injured eight employees at the Austin Powder Co. explosives plant in Vinton County, Ohio on Tuesday. (See item 4)


4. July 29, Columbus Dispatch – (Ohio) At least 8 workers injured in blast at explosives plant. Authorities are continuing to dig into the cause of a blast that injured eight employees — one critically — at a Vinton County explosives plant on July 28. Medical helicopters were summoned to the Austin Powder Co. to fly three injured employees to Ohio State University Medical Center in Columbus, the sheriff’s office said. Other injured workers were treated at the scene, the Associated Press said. The state fire marshal’s office and the U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives were investigating the blast at the rural plant, which sits along Rt. 677. Investigators were awaiting the all-clear by an ATF explosives specialist before examining the remains of the building that was flattened by the explosion, said the spokesman for the state fire marshal. The company’s transportation manager said the explosion occurred in a building where detonator cordage, a kind of explosive fuse material, is made. The plant, located about 60 miles south of Columbus on a sparsely populated back-country road east of McArthur, manufactures industrial blasting agents. Source: http://www.columbusdispatch.com/live/content/local_news/stories/2009/07/29/powder.ART_ART_07-29-09_B3_2AEK5FF.html?sid=101


 The Times Herald-Record reports that a man working for the company that services the Sullivan County, New York sheriff’s telephone network and other county lines disabled the system on July 10, putting “the public in danger,” according to the sheriff’s office. The man has since been fired from FrontRunner Network Systems. (See item 41)


Item 41 is located in the Communications Sector below


Details

Banking and Finance Sector

9. July 29, Detroit News – (Michigan) Billionaire Boys Club execs accused in $53M Ponzi scheme. The promises made by the Billionaire Boys Club investment firm were annual returns of 8 percent to 12 percent and no management fees. Money could be withdrawn at any time. But the only people who benefited from the Southfield-based business were the two men running it and their families, according to the Securities and Exchange Commission. The two men are charged by the SEC with running a Ponzi scheme that defrauded 440 investors of $53.2 million since 2006. The men had told investors that their profits would result from real estate investments. Instead, the duo used $11.3 million from recent investors to pay the high returns of earlier investors, said the SEC in a release issued on July 28. Of the $53.2 million invested with them, the men spent $7.2 million on themselves and $14 million for soliciting new clients, said the SEC. That left the firm with $20.7 million to invest in real estate, but the firm owes $128 million on the highly leveraged properties, said the SEC. “In short, the fraud defendants have run BBC (Billionaire Boys Club) Equities into the ground,” the SEC said in a complaint. “Their malfeasance has rendered it financially insolvent.” Source: http://www.detnews.com/article/20090729/METRO02/907290372/Feds--Two-lived-lavishly-on-investors--$53-million


10. July 29, Miami Herald – (Florida) Dozens charged in $40 million mortgage-fraud scheme. Forty-one people have been charged with taking part in a $40 million mortgage-fraud scheme, federal authorities said on July 28 in Miami. An acting U.S. attorney said the fraud involved a network of fake purchasers, crooked mortgage brokers and cooperative bank employees who arranged for inflated mortgages. In mortgage-fraud scams typical during the boom, a team of mortgage professionals, often including attorneys, mortgage brokers and appraisers, would pay stand-in buyers to use their identities to get mortgages for the purchase of inflated properties. They would often never make payments on the loans and the homes would soon enter foreclosure. At a news conference, acting U.S. attorney said the 41 people, all but one are from South Florida, were the most recent in an investigation of mortgage fraud that began in September 2007 with a multiagency task force, including the U.S. Secret Service, the Postal Inspection Service, FBI, Federal Deposit Insurance Corp., the U.S. Department of Housing and Urban Development, and state and local police agencies. Others involved in the scam included title agents and attorneys, the acting U.S. attorney said. Source: http://www.miamiherald.com/news/broward/story/1161591.html


11. July 29, Associated Press – (Ohio) Ohio Chase bank building evacuated in scare over device used to cut off long-winded speakers. Thousands of people in Ohio cleared out of JPMorgan Chase & Co.’s largest office complex because of a device normally meant to clear a podium. An evacuation was launched on July 28 at Chase’s McCoy Center in Columbus when an employee reported a suspicious item in a conference room. The Columbus Fire Captain says it was a black box with lights, wires and a timer. A Chase spokesman says investigators eventually learned it was a timing device for use in presentations. He says the lights warn a speaker when it is time to wrap up. Fire officials say during the evacuation, several people were overcome by summer heat in the parking lot and were treated by paramedics. Source: http://www.fox8.com/news/sns-ap-us-odd--timer-scare,0,496739.story


12. July 28, MarketWatch – (Arizona) SEC files charges in alleged $197 million mortgage fraud. The Securities and Exchange Commission said on July 28 it has charged four individuals and a Phoenix-based company with securities fraud for raising more than $197 million from investors for an alleged mortgage-lending scheme. The SEC said in a statement that its complaint, filed in federal court in Phoenix, charges Radical Bunny LLC and its four managing members with falsely telling investors that their funds would be used by Mortgages Ltd. for commercial real-estate development, when in fact the money was ultimately used for a small range of risky loans. “Even to friends and family, they repeatedly overstated the safety of the investment and their knowledge of the underlying business to which they lent investor funds,” said the director of the SEC’s Los Angeles office, in a statement. The SEC alleges that the four used semi-annual meetings at a luxury golf resort in Scottsdale, Arizona, to persuade attendees to invest in Radical Bunny, while ignoring the fact that the investors’ money was being shifted into riskier projects. Source: http://www.marketwatch.com/story/sec-sues-over-alleged-197-million-mortgage-fraud-2009-07-28


Information Technology


38. July 28, IDG News Service – (International) Iphone SMS attack to be unleashed at Black Hat. Apple has just over a day left to patch a bug in its iPhone software that could let hackers take over the iPhone, just by sending out and SMS (Short Message Service) message. The bug was discovered by a noted iPhone hacker, who first talked about the issue at the SyScan conference in Singapore. At the time, he said he had discovered a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code. Since then he has been working hard, and he now says he has been able to take over the iPhone with a series of malicious SMS messages. In an interview on July 28, he said he will show how this can be done during a presentation at the Black Hat security conference in Las Vegas on July 30 with another security researcher. “SMS is an incredible attack vector for mobile phones,” said an analyst with Independent Security Evaluators. “All I need is your phone number. I don’t need you to click a link or anything.” The analyst reported the flaw to Apple about six weeks ago, but the iPhone maker has yet to release a patch for the issue. Apple representatives could not be reached for comment, but the company typically keeps quiet about software flaws until it releases a patch. Source: http://www.pcworld.com/businesscenter/article/169245/iphone_sms_attack_to_be_unleashed_at_black_hat.html


39. July 28, SC Magazine – (International) Browser SSL warnings shown to be ineffective. New research shows that Secure Socket Layer (SSL) warnings, used in web browsers to indicate a problem with a web page’s certificate or the potential for a man-in-the-middle (MITM) attack, are ineffective. “The big takeaway is that computer security warnings are not an effective way of addressing computer security,” a study researcher and co-author, an associate professor of computer science, engineering and public policy at Carnegie Mellon University, told SCMagazineUS.com on July 28. “People don’t read warnings and don’t understand them when they do read them.” The study, conducted by Carnegie Mellon University researchers during 2008, tested 400 internet users’ behaviors when SSL warnings were displayed on Firefox 2, 3 and Internet Explorer 7. Researchers wrote a paper based on the study called, “Crying Wolf: An Empirical Study of SSL Warning Effectiveness” and will present their findings August 14 at the USENIX Security Symposium in Montreal. The study found that the different web browsers had different approaches to dealing with warnings, and that Firefox (3.0) made it more difficult for users to override the warnings and proceed to the page, the researcher said. But, still the warnings on all three browsers were largely ineffective, and one browser did not manage to communicate the risks any better than another. By not paying attention to SSL warnings, or being unable to understand them, a user is more susceptible to falling for phishing attacks, the researcher said. The worse-case scenario is when an attacker has launched an MITM attack, and the user connects to a bogus site. If a user gets a warning about an invalid certificate, ignores it, then tries to buy something on the site, the user could be handing their credit card information over to attackers. Source: http://www.scmagazineus.com/Browser-SSL-warnings-shown-to-be-ineffective/article/140717/

Communications Sector

40. July 29, The Register – (International) BIND crash bug prompts urgent update call. A vulnerability in BIND creates a means for miscreants to crash vulnerable Domain Name System servers, posing a threat to overall internet stability as a result. Exploits targeted at BIND (Berkeley Internet Name Domain Server) version 9 are already in circulation, warns the Internet Software Consortium, the group which develops the software. ISC urges sys admins to upgrade immediately, to defend against the “high risk” bug. Sys admins are urged to upgrade BIND servers to versions 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 of the software, which defend against the flaw. The vulnerability involves BIND servers that act as a master (slave systems are unaffected) and involves problems in dealing with malformed update messages, which can be used to cause a server to crash, as explained in a security alert by ISC. Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert. BIND is used on a great majority of DNS servers on the Internet. DNS maps between easy-to-remember domain names, understood by humans, and their corresponding numerical IP addresses, needed by computers. Simply put, the system can be compared to a phone book for the internet. Playing with this system creates a means to possibly derail surfing and email delivery, among many other undesirable effects. Source: http://www.theregister.co.uk/2009/07/29/bind_flaw/


41. July 29, Times Herald-Record – (New York) Worker disables several Sullivan County offices’ phones, authorities say. A Hyde Park man working for the company that services the Sullivan County sheriff’s telephone network and other county lines knocked out the system July 10, putting “the public in danger,” according to the sheriff’s office. A 55-year-old is accused of logging in remotely that evening and disabling the system. He was an employee for Rochester-based FrontRunner Network Systems, which has the contract to maintain the system. He has since been fired, the Undersheriff said. A trace by Verizon telephone technicians came back to the suspect’s residence in Hyde Park. During the outage, callers to the sheriff’s offices in Monticello would get a continuously ringing signal, while the phone would not ring on the other end. The interruption knocked out phones in the jail and patrol divisions. County Court and the district attorney’s office were also affected. Because it was after hours, the outage did not cause many problems to the court and DA’s offices, but did create an emergency for deputies overnight. “This was a serious incident that put the public in danger,” the sheriff said. The network is located in the courthouse basement in Monticello. Deputies and county officials scrambled to restore partial service that evening. Full service was restored the next day. Source: http://www.recordonline.com/apps/pbcs.dll/article?AID=/20090729/NEWS/907290336


42. July 28, Computerworld – (International) Data centers go underground. With a renewed focus on data center outsourcing and space in high availability facilities in short supply, investors have snapped up and renovated abandoned mines and military bunkers in the hopes of cashing in. An increase in extreme weather events, heightened concerns about security since the September 11th attacks and the need to provide higher levels of security to comply with regulatory requirements have made these spaces more attractive to some organizations. Before deciding to go underground, IT executives need to identify potential limitations, experts say. Ceiling height can be a challenge to providing sufficient airflow. Another concern is that while computer systems may be protected in a bunker, critical infrastructure needed during a disaster, such as generators, fuel tanks, and air conditioning cooling towers, may be above ground. That could be a problem if the catastrophe is a tornado, warns the chief technology officer at Westec Intelligent Surveillance. Another consideration is that these underground facilities tend to be in rural, out-of-the-way locations. The facilities may be too far away from a company’s primary data center, and finding local lodging for staff in a disaster situation may be difficult. The vice president and general manager at HP Critical Facilities says that security is the primary benefit of using an underground facility to host a primary or secondary data center. But for most of his clients, the ability to get people to the backup data center in a hurry, connectivity options, and finding a facility that meets budget are priorities. Underground facilities usually do not beat out above-ground sites in his clients’ evaluations, he says. The primary benefit of such sites, says an analyst with Gartner Inc., is that they are designed to be highly resilient — often to military specifications. That is important for some government data centers. “But for most commercial enterprises, it probably will not be such a major requirement,” he says. Source: http://www.thestandard.com/news/2009/07/28/data-centers-go-underground?page=0%2C0


43. July 27, Network World – (International) Cisco’s storage team looks to boost IBM mainframe performance, security. Cisco is trying to enhance storage performance on the IBM mainframe as well as on third-party SAN products with new features added to its MDS 9000 storage networking product line. The goal is to enhance security and accelerate data traffic over distances as great as 20,000 kilometers, halfway around the world, Cisco says. “By improving data security and accelerating data backup and disaster recovery, these new capabilities…help IT organizations build next generation data centers that take advantage of technologies like data replication and virtualization and respond quickly to changing business needs,” Cisco said in an announcement on July 27. Various upgrades to Cisco’s MDS NX-OS software will be available to partners at the end of July, and should be available to customers in the fall from resellers such as IBM, EMC, HP and NetApp, says Cisco’s storage networking software product line manager. A new feature called XRC Acceleration will improve replication speed, the manager says. XRC (also known as z/OS Global Mirror) is a mainframe application that replicates data across distances and is popular with financial institutions. By buffering data at remote sites, Cisco’s XRC Acceleration speeds up that replication process, he says. The feature was developed jointly by IBM and Cisco. “This solution accelerates data traffic traveling very long distances over the wide-area network reducing bandwidth consumption and shrinking update windows, while eliminating the need for costly, separate channel extension products,” Cisco says. Source: http://www.computerworld.com/s/article/9135970/Cisco_8217_s_storage_team_looks_to_boost_IBM_mainframe_performance_security

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 29, 2009

Complete DHS Daily Report for July 29, 2009

Daily Report

Top Stories

 CNET News reports that Network Solutions is investigating a breach on its servers that may have led to the theft of credit card data of 573,928 people who made purchases on Web sites hosted by the company. Networks Solutions notified 4,343 of its nearly 10,000 e-commerce merchant customers on July 24 about the breach. (See item 13)


See item 13 in the Banking and Finance Sector below


 According to the Star-Ledger, eleven letters containing suspicious white powder have been mailed to government and private offices in Bergen and Passaic counties, New Jersey over the past 10 days, the FBI said on Monday. In each case, the powder was in an envelope that was inside another envelope. (See item 20)


20. July 28, Star-Ledger – (New Jersey) FBI investigates 11 letters with unknown white powder. Eleven letters containing suspicious white powder have been sent to government and private offices in North Jersey over the past 10 days, the FBI said Monday. No one has been injured and initial tests showed the powder did not appear to be dangerous, authorities said. However, the mailings prompted temporary shutdowns throughout Bergen and Passaic counties while hazmat units investigated. The FBI, the lead agency in the investigation, released few details. In each case, the powder was in an envelope that was inside another envelope. Since July 17, the agency said, letters were sent to locations in Totowa, Clifton, Wayne, Ringwood, Woodland Park and Fair Lawn. Final testing on the first three letters concluded there was no evidence of biological agents, an FBI spokesman said. The agency would not say where the letters were sent, but the Fair Lawn Police Department confirmed one was received by the Police Chief on Friday morning. That same morning, another letter was delivered to the law office of Vivino & Vivino in Wayne. The office was evacuated for about two hours before emergency crews declared the substance was not dangerous, police officials said. Partners at the firm were not available for comment Monday. The FBI is working with the U.S. Postal Inspection Service and local and county investigators on the case. Source: http://www.nj.com/news/ledger/jersey/index.ssf?/base/news-14/1248744331271530.xml&coll=1


Details

Banking and Finance Sector

13. July 27, CNET News – (International) Network Solutions breach exposes nearly 600,000. Network Solutions is investigating a breach on its servers that may have led to the theft of credit card data of 573,928 people who made purchases on Web sites hosted by the company. Networks Solutions notified 4,343 of its nearly 10,000 e-commerce merchant customers on July 24 about the breach. It affects 573,928 cardholders whose name, address, and credit card number were exposed between March 12 and June 8, saia spokeswoman for Network Solutions. Mysterious code was discovered in early June on servers hosting e-commerce customer sites during routine maintenance, she said. Thecompany called in a third-party forensics team to help with the investigation, and the team was able to crack some of the code on July 13, determining that it could be related to credit card data, she added. Credit card transactions were intentionally diverted by an unknown source from certain Network Solutions servers to servers outside, Network Solutions wrote in an e-mail to merchant customers. “So we notified law enforcement and began the process of notifying our customers,” the spokeswoman said. “At this point, we don’t have a reason to believe that (the data) has been used, but we are working with the credit card companies,” nonetheless. Network Solutions also is payingto have credit-monitoring specialist TransUnion help the merchants notify their customers according to data breach notification laws in effect in certain states. Affected consumers will get 12 months of free credit-monitoring services. It is unknown how the malicious code got onto the system and where it came from, the spokeswoman said. Source: http://news.cnet.com/8301-27080_3-10296817-245.html


14. July 27, MarketWatch – (National) SEC to let disclosure requirement on short sales expire. The Securities and Exchange Commission on July 27 said it would no longer require hedge funds and other institutional investors to provide short-sale position data to the agency regularly, and that the ban on “naked” shorting would be made permanent.“Naked” short selling happens when an investor sells shares short without first having borrowed them. The regulator also said it was taking other steps to increase the public availability of information related to short sales, including an effort that would make public short-sale volume and transaction data. “These actions should provide a wealth oinformation to the commission, other regulators, investors, analysts, academics and the media,” the SEC said in a statement. The regulator introduced a rule in 2008 to limit “naked” shorting by requiring broker-dealers to promptly purchase or borrow securities to deliver on a short sale. That was set to expire July 31 and the SEC said on July 27 it made the rule permanent. Short sales, or bets against securities, are a common tool used by hedge funds and the proprietary trading desks of investment banks. Source: http://www.marketwatch.com/story/sec-2009-07-27


15. July 27, Bloomberg – (International) Montreal’s Earl Jones, accused in Ponzi scam, iarrested. A Montreal financial adviser accused by regulators of running a Ponzi schemethat defrauded clients of as much as C$50 million ($46 million) was arrested on July 27 by Quebec provincial police. The Autorite Des Marches Financiers, the Montreal-based securities regulator for Quebec, announced on July 10 it would freeze the adviser’s bankaccounts after receiving complaints from investors in Montreal and other parts of Canada and the United States. The adviser’s business has “all the hallmarks of a Ponzi scheme,” a spokesman for the regulator said in a July 14 interview. The defendant is “in police custody presently,” a lawyer at Montreal firm Stein & Stein, who filed a July 10 bankruptcy petition against the defendant’s company on behalf of at least one client, wrote in an e-mail. “In addition we have instituted a petition in bankruptcy on July 27 against the defendant personally and have had an interim receiver appointed to his personal assets.” Source: http://www.bloomberg.com/apps/news?pid=20601082&sid=aN_RSkhhoE68


Information Technology


36. July 27, CNN – (International) Whatever happened to the Conficker worm? The hugely talked-about computer worm, Conficker, seemed poised to wreak havoc on the world’s machines on April Fool’s Day. And then nothing much happened. But while the doom and gloom forecast for the massive botnet, a remotely controlled network that security experts say infected about 5 million computers, never came to pass, Conficker is still making some worm hunters nervous. A program director at SRI International, a nonprofit research group, said Conficker infects millions of machines around the world. And the malware’s author or authors could use that infected network to steal information or make money off of the compromised computer users. “Conficker does stand out as one of those bots that is very large and has been able to sustain itself on the Web,” which is rare, said the program director who also is a member of the international group tracking Conficker. Still, computer users, even those infected with Conficker, have not seen much in the way of terrifying results. After the botnet relaunched April 1, it gained further access to an army of computers that the program’s author or authors could control. The only thing the author or authors have done with that power, though, is to try to sell fake computer-security software to a relatively small segment of Conficker-stricken computers, the program director said. The lack of a major attack has led some people in the security community to assume that the worm is basically dead. The chief research officer with F-Secure, an Internet security company, says the people who created Conficker would have launched a major offensive by now if they were going to. The chief research officer, who is scheduled to speak about the Conficker botnet next week at Black Hat, a major computer security conference, said he thinks whoever made Conficker did not mean for the worm to get so large, as the size of the botnet drew widespread attention from the security community and the media. “This gang, they knew their stuff. They used cutting-edge technology that we had never before…I’ve been working in viruses for 20 years, and there were several things that I’d never seen at all,” he said. “That, to me, would tell that perhaps this is a new group or a new gang, someone who tried it for the first time.” He added, “The more experienced attackers don’t let their viruses or their worms spread this widely. They, on purpose, keep their viruses smaller in size in order to keep them from headlines.” Veteran botnet creators tend to hold the size of the malicious networks to about 2,000 to 10,000 computers to keep from being noticed, he said. Source: http://www.cnn.com/2009/TECH/07/27/conficker.update/index.html


37. July 27, DarkReading – (International) Nearly half of companies lack a formal patch management process. An open initiative for building a metrics model to measure the cost of patch management found that one-fourth of organizations do not test patches when they deploy them, and nearly 70 percent do not measure how well or efficiently they roll out patches, according to survey results released on July 27. Project Quant, a project for building a framework for evaluating the costs of patch management and optimizing the process, also rolled out Version 1 of its metrics model. Project Quant is an open, community-driven, vendor-neutral model that initially began with financial backing from Microsoft. “Based on the survey and the additional research we performed during the project, we realized that despite being one of the most fundamental functions of IT, patch management is still a relatively immature, inconsistent, and expensive practice. The results really reinforced the need for practical models like Quant,” said the founder of Securosis and one of the project leaders of the initiative. The survey of around 100 respondents was voluntary; participation was solicited mainly via metrics and patch management organizations, so the organizers say the respondents were most likely organizations that take patch management seriously: “The corollary to this interpretation is that we believe the broader industry is probably LESS mature in their patch management process than reflected here,” the report says. Even so, more than 40 percent of them have either no patch management process or an informal one in place. And 68 percent said they do not have a metric for measuring how well they deploy patches, such as the time it takes them to deploy a patch, etc. One-fourth said they do not do any testing before they roll out a patch, and 40 percent rely on user complaints to validate the success of a patch, according to the survey. And more than 50 percent do not measure adherence to policy, including compliance when it comes to patching. Source: http://www.darkreading.com/database_security/security/vulnerabilities/showArticle.jhtml?articleID=218600827


Communications Sector

38. July 28, CNET News – (National) Cisco looks to ride smart-grid data deluge. Cisco is betting that utilities are more likely to invest in new data centers than new power plants in the coming years. The tech giant is developing a suite of smart-grid products designed to add networking smarts to the existing grid, including routers for substations and home energy-monitoring systems. But a large chunk of the $20 billion per year in smart-grid spending that Cisco anticipates is in traditional data centers. Since smart-grid technologies rely on a steady flow of information, Cisco expects that utilities will need to invest in more sophisticated IT systems, said the director of Data Center Solutions and a member of a Cisco smart-grid team. Once utilities put in smart meters, their data processing and storage needs explode. Instead of sending a person to read meters once a month, information for billing or other applications can be sent back once a day, once an hour, or even every few minutes. If utilities are regulated to reduce peak-time usage, their IT needs shoot up even higher. Demand response, where a utility can turn down energy use at participating customer sites, requires utilities to poll information regularly from a potential large number of locations. “The requirements are for huge amounts of data to be involved when you have these more advanced pricing models where the goal is to mitigate power generation,” the director said. “The catcher’s mitt for that data is the data center.” By cutting peak-time usage, utilities can avoid turning on auxiliary ‘peaker plants’ to supply electricity on a given day or, potentially, avoid building new power plants to meet growing demand. Source: http://news.cnet.com/8301-11128_3-10296404-54.html


39. July 27, Urgent Communications – (National) TerreStar successfully tests dual-mode smartphone over satellite network. Satellite communications provider TerreStar Corp. successfully has placed a VoIP-based call from one dual-mode smartphone handset to a second smartphone over its satellite network, the chief technology officer said. TerreStar’s plan is to build, own and operate North America’s first next-generation integrated mobile satellite and terrestrial communications network, which will provide universal access and tailored applications over conventional commercial wireless devices. Traditionally, satellite devices required large antennas to receive signals, which increased the weight and size of the handsets carried by first-responders working in remote locations. In June, the company launched its next-generation TerreStar 1 satellite so it could test whether a signal could be received by antennas in smaller form factors found in consumer handsets, such as smartphones. Source: http://urgentcomm.com/networks_and_systems/news/terrestar-tests-dual-mode-smartphone-20090727/