Department of Homeland Security Daily Open Source Infrastructure Report

Monday, April 6, 2009

Complete DHS Daily Report for April 6, 2009

Daily Report

Top Stories

 According to the Associated Press, the Navy is trying to determine whether traces of chemicals from an abandoned Camp Peary disposal site have leaked into the Waller Mill Reservoir, the main source of drinking water for Williamsburg, Virginia. (See item 22)


22. April 2, Associated Press (Virginia) Williamsburg reservoir checked for contamination. The Navy is trying to determine whether traces of chemicals from an abandoned Camp Peary disposal site have leaked into the Waller Mill Reservoir, Williamsburg’s main source of drinking water. Navy officials say that the source of the contamination is a World War II-era swimming pool originally used to train Navy Seabees. It then was used sometime in the 1970s as a general dumping site for construction materials, including polychlorinaed biphenyls, or PCBs. PCBs have been found on site and on a drainage pathway under Interstate 64 that directs stormwater runoff from Camp Peary into the reservoir. Camp Peary and the Naval Facilities Engineering Command are removing the chemicals and will help with monitoring the reservoir. Source: http://www.timesdispatch.com/rtd/news/state_regional/article/williamsburg_reservoir_checked_for_contamination/247172/


 Bloomberg reports that a gunman opened fire at the offices of a refugee aid organization in Binghamton, New York on Friday, killing at least 12 people and taking dozens hostage. (See item 36)


22. April 2, Associated Press (Virginia) Williamsburg reservoir checked for contamination. The Navy is trying to determine whether traces of chemicals from an abandoned Camp Peary disposal site have leaked into the Waller Mill Reservoir, Williamsburg’s main source of drinking water. Navy officials say that the source of the contamination is a World War II-era swimming pool originally used to train Navy Seabees. It then was used sometime in the 1970s as a general dumping site for construction materials, including polychlorinaed biphenyls, or PCBs. PCBs have been found on site and on a drainage pathway under Interstate 64 that directs stormwater runoff from Camp Peary into the reservoir. Camp Peary and the Naval Facilities Engineering Command are removing the chemicals and will help with monitoring the reservoir. Source: http://www.timesdispatch.com/rtd/news/state_regional/article/williamsburg_reservoir_checked_for_contamination/247172/


Details

Banking and Finance Sector

Nothing to report.


Information Technology


31. April 3, IDG News Service – (International) Hackers seize on zero-day flaw in Microsoft’s PowerPoint. Microsoft Corp. warned on April 2 that hackers are actively exploiting a software vulnerability in PowerPoint, the company’s presentation application. There is no patch yet for the bug, which could allow an attacker to completely control a computer. It affects Office 2000 Service Pack 3, Office XP SP3, Office 2003 SP3, and Office 2004 for Mac, Microsoft said in an advisory. Office 2007 is unaffected. Microsoft said it has seen limited, targeted attacks. The Danish security company Secunia ranked the problem as “extremely critical,” its most severe rating. Secunia said the vulnerability “is caused due to an unspecified error that may result in access to an invalid object in memory when parsing a specially crafted PowerPoint file.” Microsoft advised users to not open or save Office files that come from untrusted sources. If the file is opened, users will not have much of an indication that it is a malicious file. To be hacked, a user would either have to download a malicious file hosted on a Web site or open a file sent through e-mail, Microsoft said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131040&intsrc=news_ts_head


32. April 2, eWEEK – (National) Bill would grant President unprecedented cyber-security powers. The Cybersecurity Act of 2009 introduced in the Senate would allow the President to shut down private Internet networks. The legislation also calls for the government to have the authority to demand security data from private networks without regard to any provision of law, regulation, rule, or policy restricting such access. The headlines were all about creating a national cyber-security czar reporting directly to the President, but the Cybersecurity Act of 2009 introduced April 1 in the U.S. Senate would also give the President unprecedented authority over private-sector Internet services, applications, and software. According to the bill’s language, the President would have broad authority to designate various private networks as a “critical infrastructure system or network” and, with no other review, “may declare a cyber-security emergency and order the limitation or shutdown of Internet traffic to and from” the designated the private-sector system or network. The 51-page bill does not define what private sector networks would be considered critical to the nation’s security, but the Center for Democracy and Technology says it could include communications networks in addition to the more traditional security concerns over the financial and transportation networks and the electrical grid. The bill would also impose mandates for designated private networks and systems, including standardized security software, testing, licensing, and certification of cyber-security professionals. Source: http://www.eweek.com/c/a/Security/Bill-Grants-President-Unprecedented-Cyber-Security-Powers-504520/


33. April 2, eWEEK – (International) Security researcher to unveil database server hack at Black Hat Europe. A security researcher plans to demonstrate attacks that use SQL injection as a stepping stone to take full control of database servers at the upcoming Black Hat Europe conference. If successfully exploited, the attacks give the hacker complete control over the database server operating system, file system, and the rest of the internal network machines. SQL injection consistently rates as one of the top vulnerabilities affecting Web applications. But for all the attention paid to it, one researcher feels the full impact of SQL injection has yet to be fully demonstrated in public. This month at Black Hat Europe, a security researcher plans to rectify that by exploring ways SQL injection can be used in a multistage attack to threaten an internal network. The presentation will focus on how to exploit a single vulnerability in a Web application to get complete control of the database server and endanger the internal network as a whole, he explained. His presentation will cover MySQL, PostgreSQL, and Microsoft SQL Server running on either Linux or Windows in combination with the PHP, ASP, and ASP.Net Web application programming languages. Among other things, the attacks he will demonstrate can be used to achieve file access on the database’s underlying file system and operating system memory protection bypass. Source: http://www.eweek.com/c/a/Security/Security-Researcher-to-Unveil-Database-Server-Hack-at-Black-Hat-Europe-646681/


34. April 1, DarkReading – (International) Core security discloses critical vulnerabilities in Sun Calendar Express. Core Security Technologies has issued an advisory disclosing critical vulnerabilities that could affect large numbers of end users and organizations using Sun’s Java System Calendar Express Web server software. Core Security Technologies consultants working with CoreLabs, the research arm of Core Security, unearthed multiple vulnerabilities in Sun’s Calendar Express scheduling software, a remote access element of Sun’s Java Communications Suite, which if compromised could allow attackers to target users of the technology through both cross-site scripting (XSS) and denial-of-service (DoS) campaigns. Upon making the discoveries, CoreLabs immediately alerted the Sun Security Coordination Team to the vulnerabilities, and the two companies have since synchronized efforts to ensure that patches could be created and made available to protect users of the program. Sun’s Calendar Express technology is aimed primarily at organizations seeking to offer their users remote access to internal scheduling and messaging tools. This leads CoreLabs researchers to believe that any attackers who become familiar with the reported vulnerabilities could potentially use the flaws to get their hands on sensitive business or personal data or to take systems offline via DoS. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=216402496

Communications Sector

35. April 2, Longmont Times-Call – (Colorado) Cut cable kills Qwest for 2,000 customers. About 2,000 Qwest customers in Longmont were still without phone or Internet service the evening of April 1 after workers cut a cable earlier in the day. Contractors for Qwest were working near Fifth Avenue and Kimbark Street at about noon on April 1 when a worker bored through some of Qwest’s underground cable, a company spokeswoman said. Company officials are not sure how many individual residential and commercial customers were affected, but she estimated about 2,000 because about 2,800 actual lines were affected. City offices two blocks south at Third Avenue and Kimbark lost phone and Internet service, Longmont’s chief information officer said. The city immediately contacted Qwest to start repairs, and phone and Internet service has been restored to city offices. A City spokesman said Qwest had a permit to work in the area to install new conduits and fiber optics. Because of the nature of the repairs, service would be restored a few customers at a time, rather than in one big block. Source: http://www.timescall.com/news_story.asp?ID=15400