Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, March 25, 2009

Complete DHS Daily Report for March 25, 2009

Daily Report


 According to the Associated Press, Grand Forks officials closed the Point Bridge between Grand Forks, North Dakota and neighboring East Grand Forks, Minnesota due to the rising Red River. (See item 13)

13. March 23, Associated Press – (North Dakota) Bridge closed in Grand Forks. Grand Forks officials are closing the Point Bridge between Grand Forks and neighboring East Grand Forks, Minnesota. A city spokesman says the bridge usually closes when the Red River reaches a level of 45 feet. He says that is not expected to happen until March 26, but city officials are doing it early because they think the river will rise quickly. He also says snow and ice in the forecast will make it more difficult to close the bridge. Two other bridges link the two cities. The Sorlie Bridge also is expected to be closed this week. The Kennedy Bridge would close if the river reaches a river level of about 52 feet. The Greenway in Grand Forks and East Grand Forks has been closed. Source:

 The National Park Service reports that Mount Redoubt volcano in Lake Clark National Park, Alaska erupted Monday, sending ash clouds to 50,000 feet and spreading ash in small amounts at least 120 miles to the northeast. The Regional Office in Anchorage has reactivated its incident command team. (See item 36)

36. March 24, National Park Service – (Alaska) Mount Redoubt erupts. Mount Redoubt volcano erupted early March 23, sending ash clouds to 50,000 feet and spreading ash in small amounts at least 120 miles to the northeast. The 10,190-foot stratovolcano is located in Lake Clark National Park, about 100 miles southwest of Anchorage, Alaska. A park historian said the small community of Port Alsworth, where the park’s field offices are located, did not have any ashfall, but the sulpherous, rotten-egg smell lingered for at least a couple of hours until the winds shifted. The volcano provided seismic hints of activity for several weeks prior to the March 23 eruption. The ash resulted in some cancelled commercial airline flights, particularly those headed north or west from Anchorage. Ash made a thin and spotty dusting in Talkeetna, where the south district ranger station of Denali National Park is located. One small community north and west of Anchorage reported that a quarter inch of ash had fallen. Redoubt last erupted in 1989 in an event that lasted four months and included over 23 major explosive events. Regional Office employees in Anchorage are under instructions this week to take some precautionary measures by covering computers and phones. The office air handling systems are also being shut down at night. Volcanic ash is a very fine material, and has very sharp edges which can damage everything from electronics to eyes and lungs. The regional office has also reactivated its incident command team, which is providing daily early morning telephone message updates to employees regarding the volcano and what, if any, effects it is having on normal office operations. Contingency plans have also been updated over the past several weeks to have dust masks on hand at the office, to utilize a system keeping any ash from being tracked in the building, and to provide advice to employees on home emergency supplies, vehicle use, and maintenance, and other ash-related issues. Source:


Banking and Finance Sector

11. March 23, Wall Street Journal – (National) FDIC chief says new plan won’t save all banks. The Federal Deposit Insurance Corp. chairman said the public-private partnership to buy bad loans from banks will not help prevent all lenders from failing, but it could help many clean up their balance sheets and make them healthier. “There will need to be a consulting process with the primary regulator, and we will ultimately decide participation and eligibility,” the FDIC chairwoman said on a conference call. “There may be some banks beyond help,” but the program will help many others, she said. The government plan could actually be “very profitable” for taxpayers, and the chairwoman was still reviewing how much of the upside the government would share with private investors. “I do think there is significant profit making potential here,” she told reporters in a conference call. She plans to seek public comment on some of the major issues in the coming weeks. The FDIC will collect premiums to participate in the program, and its guarantees will not expose the depleted deposit insurance fund to more losses. Instead, potential losses will come out of a new reserve fund that is capitalized by both the government and private investors. In fact, the chairwoman said the guarantee fees will actually help replenish the bank deposit insurance fund. The FDIC is going to cite its “systemic risk” authority to implement the new program, which gives it more flexibility in how the system is designed. Source:

Information Technology

32. March 23, RedOrbit – (International) Cybercriminals manipulate search engines to sell fake software. According to research cited by BBC News, some cybercriminals could be earning as much as $10,000 a day by deceiving users into downloading their fake security software. Finjan, a computer security firm, reported new research that shows many cyber criminals continue to use so-called “scareware” to trick Web surfers into believing their computer is infected with a virus. Fraudsters use deceptive pop-up advertisements to convince users to buy their fake anti-virus software. “They are misleading people with evidence that their machine is infected with viruses and they are encouraging them to download and buy software that basically does nothing,” said the chief technology officer at Finjan. In order to reach susceptible Web users, the cybercriminals manipulate Web searches to direct them to the site where they are informed of a fake computer infection. In March 2009, the Anti-Phishing Working Group counted 9,287 fake anti-malware programs being sold on the Web in December 2008. That number accounted for a 225 percent increase since January 2008. Source:

33. March 23, IDG News Service – (International) Free tool from HP scans for Flash vulnerabilities. Hewlett-Packard has released a free development tool that finds vulnerabilities in Flash, Adobe System’s widely used but occasionally buggy interactive Web technology. The tool, SWFScan, is designed for developers without security backgrounds, the company said on one of its blogs. It was built by HP’s Web Security Research Group. HP said SWFScan joins other tools that can spot problems with Flash, such as Flare and SWFIntruder. But HP said SWFScan is the only one that can be used with Flash versions 9 and 10; ActionScript 3, Flash’s scripting language; and Flex, an open-source Web application framework used by Adobe. SWFScan will decompile ActionScript 2 and 3 into original source code and perform static analysis, looking for more than 60 vulnerabilities including data leakage, cross-site scripting vulnerabilities, and cross-domain privilege escalation, HP said. The tool highlights troublesome lines in source code and will also provide remediation advice. It will format a vulnerability report, as well as allow the export of source code for work in other tools, HP said. HP said it tested SWFScan on some 4,000 Flash applications and found that 35 percent violated Adobe’s best security practices. Sixteen percent of applications for Flash player 8 and earlier contained cross-site scripting vulnerabilities. Fifteen percent of those applications with login forms had user names or passwords hard coded into the application, HP said. HP cautioned that the tool only looks at the part of a Flash application that runs in a browser and not those parts running on a server. Source:

34. March 23, Core Security Technology – (International) Core security finds vulnerability trio in HP OpenView. Core Security Technologies, provider of CORE IMPACT solutions for comprehensive enterprise security testing, on March 23 issued an advisory disclosing multiple vulnerabilities that could affect millions of organizations using HP’s OpenView systems and network management software. An engineer from CoreLabs, the research arm of Core Security, determined that a trio of vulnerabilities in HP OpenView Network Node Manager (NNM) can be exploited remotely via buffer overflow to compromise mission-critical servers within an organization using the software. Upon making the discovery, CoreLabs immediately alerted HP’s Software Security Response Team to the vulnerabilities, and the two companies have since coordinated efforts to ensure that a patch could be created and made available to protect users of the program. CoreLabs experts uncovered the trio of reported vulnerabilities in HP OpenView NNM, which offers remote network system event and performance monitoring, while investigating other previously reported flaws in the software, and an HP-issued security patch meant to address those issues. Source:

Communications Sector

35. March 23, IDG News Service – (International) Skype will let its VOIP service talk to SIP phone switches. Skype is diving deeper into the business phone market with a system that lets companies integrate their existing, open VoIP phone systems with Skype’s proprietary VoIP service. The new offering, called Skype for SIP, uses Session Initiation Protocol (SIP) to exchange signaling between PBXs and the free or inexpensive voice service. The latest PBXes support SIP, a signaling protocol designed to span IP-based phones, software clients, and other components of unified communications systems. Business users will be able to make and take Skype VoIP calls using all the features of their internal switches, according to the company, a division of eBay. Enterprises are widely adopting IP-based phone switches as they replace aging circuit-switched units. Some vendors already offer equipment or services to link Skype’s network to other types of telephone system. Skype’s latest move, however, could enable its customers to do without such third-party products. Source: