Apparently some individuals are trying to retrieve copies of DHS reports that are more than 10 days old. DHS only retains the last 10 days…no more. Please read the header above to learn how to obtain older reports.

Thursday, October 14, 2010

Complete DHS Daily Report for October 14, 2010

Daily Report

Top Stories

•After dropping steadily for much of the summer, levels of tritium at one of the Pilgrim nuclear plant’s monitoring wells in Plymouth, Massachusetts have skyrocketed above federal drinking water standards again, the Quincy Patriot Ledger reports. (See item 6)

6. October 13, Quincy Patriot Ledger – (Massachusetts) Pilgrim tritium levels back above federal drinking water standards. After dropping steadily for much of the summer, levels of a radioactive isotope at one of the Pilgrim nuclear plant’s monitoring wells have skyrocketed above federal drinking water standards again. Officials at Entergy Corp., the company that owns the Plymouth, Massachusetts plant, and the Nuclear Regulatory Commission (NRC) are vexed by the elevated levels of tritium seen in a monitoring well. They have been trying to pinpoint the source since tritium levels rose to more than 25,000 picocuries per liter (ppl) in July in a monitoring well installed in the spring. That was the first time the well had tritium levels that exceeded the Environmental Protection Agency’s 20,000 ppl standard for drinking water. For many successive weeks, tritium levels fell considerably, at one point dropping to 1,830 ppl September 13. But the Entergy spokesman said the tritium levels in that well rose to 22,000 ppl September 20, and then to 25,000 ppl September 27. The Entergy spokesman said the elevated levels of tritium are no threat to Plymouth’s drinking water supplies because most of the groundwater on the Pilgrim site flows into the Cape Cod Bay, and the nearest underground drinking water source is more than 2 miles away. Source:

•According to BBC News, 2.2 million U.S. personal computers were part of botnets, making the United States the tops in the world in that category, reveals a 240-page Microsoft report. See item 40 below in the Information Technology Sector


Banking and Finance Sector

10. October 12, Chadron Record – (Nebraska) Chadron police warn against bank scam. The Chadron, Nebraska Police Department has recently received several calls from Chadron citizens about a text message they have been receiving on their cells phones. The text message gives an alert notifying the recipient that they have had a credit card or bank card deactivated. The text message provides a 1-877 number for the recipient to contact to reactivate the card. If one calls the 1-877 number, it asks for the input of the 16 digit credit card number to reactivate the card. This information is then used by the scammers to gain access to bank accounts using an ATM. The Chadron Police Department advises anyone who receives a similar text message to not call the number. If one feels there’s a problem with a credit card or bank account, one should contact the bank personally. Source:

11. October 12, Costa Mesa Daily Pilot – (California) Pair plead guilty in mortgage fraud scheme. Following the lead of their Newport Coast, California ringleader who was convicted last month, a Fountain Valley couple pleaded guilty October 12 to being part of a mortgage fraud scheme that netted more than $3.6 million from Orange County banks. The 35 year-old female suspect pleaded guilty to conspiracy to commit a crime with an enhancement for the loss totaling more than $500,000. She was sentenced to 20 days in jail and probation. Her husband pleaded guilty to six counts of grand theft and conspiracy with an enhancement. He was sentenced to 1 year in jail and probation. The two are the latest to be convicted of a fraud scheme that involved three homes and targeted at least five different banks. A 46 year-old male suspect pleaded guilty in September to leading the scheme and was sentenced to 5 years in prison. The 46 year-old suspect owned Money Lending One in Westminster, and recruited others to get multiple mortgage loans on homes in Fountain Valley, Corona and Rosemead. She and her accused partner allegedly put fake job titles and incomes on home loan applications to get more money. They or the homeowners would apply for loans at different banks, in each case not informing the bank of the other loans. Source:

12. October 12, DarkReading – (National) PCI compliance means getting your app security together. Many companies’ applications still do not meet the security standards outlined in the Payment Card Industry (PCI) Data Security Standards, according to a recent study. During the 18-month study, which was published the week of October 4, security firm Veracode scanned the binary code of more than 2,900 applications on behalf of its clients. Its findings are sobering: Nearly six out of every 10 applications had an “unacceptable” level of security; more than eight out of 10 applications failed to catch classes of Web application vulnerabilities required for remediation under PCI DSS. While the customers eventually fixed the flaws, most enterprises’ applications fail to meet with PCI standards — a rather low bar for Web application security said the senior director of security research at Veracode. “These [enterprises in the study] are the organizations that are proactive about security,” the official said. “These are the ones that decided, yes, we are going to scan our applications and try and figure out what the vulnerabilities are and fix them. There are other organizations out there that are not going to scan and are not doing anything as far as security is concerned.” Source:

13. October 12, The New New Internet – (National) Credit-card crime up as unemployment climbs. Credit-card crime is soaring to unprecedented levels in the United States, with a 32 percent rise in the amount of fraudulent attempts to buy goods online, by mail order, or by phone in the first half of this year, and a payment fraud prevention company predicts the continuing rise in unemployment and the increasing ingenuity of fraudsters are partly to blame. Crooks with stolen or cloned cards prefer to use them in situations where the cards do not have to be physically handed over,

making e-commerce sites constant –- and perfect –- targets for scammers. “In the first 6 months of 2010, our figures show that attempted ecommerce payment fraud reached an estimated value of $1.14 billion,” said the CEO of Retail Decisions. “We predict this could reach $2.83 billion by the end of the year –- increasing by 32 percent compared to the $2.14 billion total recorded in 2009.” In contrast, the fraud situation seems to be improving in the U.K., where the market is predicted to see a 12 percent decrease this year, thanks to industry initiatives such as chip and PIN, and the increasing use of sophisticated fraud-detection tools by retailers and banks. “This is a stark warning for U.S. merchants and consumers to protect themselves against payment fraud,” the CEO said. “Merchants must ensure they have a dynamic fraud-prevention solution in place that can adapt quickly to changes in the way fraudsters operate.” Source:

For more stories, see items 45 and 46 in the Information Technology Sector

Information Technology

40. October 13, BBC News – (International) Two million U.S. PCs recruited to botnets. The United States leads the world in numbers of Windows PCs that are part of botnets, reveals a 240-page Microsoft report. More than 2.2 million U.S. PCs were found to be part of botnets in the first 6 months of 2010. Brazil had the second highest level of infections at 550,000. Infections were highest in South Korea where 14.6 out of every 1,000 machines were found to be enrolled in botnets. The report took an in-depth look at botnets which, said the head of security and identity at Microsoft U.K., now sit at the center of many cybercrime operations. A botnet called Lethic sent out 56 percent of all botnet spam sent between March and June even though it was only on 8.3 percent of all known botnet IP addresses. In the 3 months between April and June 2010, Microsoft cleaned up more than 6.5 million infections, which is twice as much as the same period in 2009. The statistics in the report were gathered from the 600 million machines that are enrolled in Microsoft’s various update services or use its Essentials and Defender security packages. Source:

41. October 13, The H Security – (International) Oracle patches Java and enterprise products. As part of its October patch day, Oracle has released updates for Java and many of its enterprise products. The Java updates fix a total of 29 vulnerabilities spread across versions 6.0, 5.0, and 1.4.2 on all supported platforms. Oracle gives 15 of the vulnerabilities a Common Vulnerability Scoring System (CVSS) score of 10.0, the highest possible level of severity. Users should waste no time in installing JDK, JRE 6 Update 22 or updates for older Java branches. The updates for enterprise products fix 85 security-related bugs in Oracle’s database products, Oracle Application Server, Oracle E-Business Suite, StarOffice, PeopleSoft, and other products. One of the vulnerabilities in the database can be remotely exploited by unauthenticated attackers. The updates also fix vulnerabilities in (formerly Sun) Solaris, with one bug in the RPC service scoring 10.0 on CVSS. Source:

42. October 12, The Register – (International) Ruskie gang hijacks Microsoft network to push penis pills. For the past 3 weeks, Internet addresses belonging to Microsoft have been used to route traffic to more than 1,000 fraudulent Web sites maintained by a notorious group of Russian criminals, publicly accessible Internet data indicates. The 1,025 unique Web sites push Viagra, Human Growth Hormone, and other pharmaceuticals through the Canadian Health&Care Mall. They use one of two IP addresses belonging to Microsoft to host their official domain name system servers, search results from Microsoft’s own servers show. The authoritative name servers have been hosted on the Microsoft addresses since at least September 22, according to a researcher who first uncovered the hijacking. The Register independently verified his findings with other security experts, who were able to determine that and — which are both registered to Microsoft — are housing dozens of DNS servers that help convert the pharmacy domain names into the numerical IP addresses that host the sites. The most likely explanation, they said, is a machine on Microsoft’s campus has been programmed to do so, probably after it became infected with malware. A Microsoft spokeswoman said she was investigating the findings. Source:

43. October 12, CNET News – (International) Microsoft fixes record 49 holes, including Stuxnet flaw. In a record Patch Tuesday, Microsoft released updates October 12 for Windows, Internet Explorer, and the .NET framework that feature fixes for 49 holes, including one being exploited by the Stuxnet worm. The release plugs one (MS10-073) of the remaining two holes, and the company said in a blog post that the final hole will be addressed in an upcoming security bulletin. Meanwhile, Microsoft provided a priority list for the 16 bulletins being released, which fix 6 holes that are rated “critical.” Four vulnerabilities are singled out because there are likely to be exploits developed for them, according to a Microsoft blog that assesses the risks of the various vulnerabilities. Source:

44. October 12, CNET – (International) Opera delivers fixes in security, usability. Plugged security holes and stability fixes come to fans of the Opera browser as its Norwegian publisher released version 10.63 October 12. Available for Windows, Mac, and Linux, Opera 10.63 patches numerous problems that could have posed security risks, including a cross-domain check bypass that allowed data theft, a site address spoof, a reload and redirect problem that also could have allowed spoofing and cross-site scripting, and a flaw that caused JavaScript to run in the wrong security context after manual interaction. Other problems that were addressed include Opera Link freezing on start-up and a ramping up of CPU usage to 100 percent when starting Opera. Source:

45. October 12, IDG News Service – (International) Microsoft tool now roots out Zeus malware. Two weeks after law enforcement broke up one of the criminal gangs behind the Zeus malware, Microsoft has taken steps to make it harder for criminals to install the software on PCs. On October 12, Microsoft started detecting Zeus with its Malicious Software Removal Tool (MSRT) — a widely used virus removal program that is free for Windows users. That should make it harder for the many criminals who use Zeus to keep running their software on computers that do not have antivirus software installed — often an easy target up until now. According to a September 2009 study by security vendor Trusteer, 45 percent of Zeus-infected machines have either no antivirus software or an out-of-date product. On the other hand, Zeus has been effective at avoiding the type of detection that Microsoft is now adding to its MSRT. According to that same report, 55 percent of Zeus infections were on machines that did have working antivirus programs installed. Source:

46. October 11, Network World – (International) Oracle database admins acknowledge security gaps. Database security is rife with pitfalls, according to 430 Oracle database administrators surveyed by the Independent Oracle Users Group (IOUG). Results of the survey, which was released in September 2010, found that fewer than 30 percent encrypt personally identifiable information in all their databases, while about 75 percent acknowledge their organizations do not have a means to prevent privileged database users from reading or tampering with human resources, financial, or other business application data in their databases. Close to half of the respondents said a user with “common desktop tools” either could gain unauthorized direct access to sensitive information stored in databases or they were not sure about it. Another 64 percent said they do not monitor database activity — and less than one-third of those monitoring are watching for sensitive reads and writes. The IOUG respondents responding in the survey hail from the telecom sector, education, government, financial services, healthcare, manufacturing, and the retail industry. In the survey, 6 percent said they were aware of an enterprise data breach, compromise, or tampering over the past year, 16 percent said they did not know, and 79 percent said they were not aware of it. Source:

Communications Sector

47. October 13, Ars Technica – (Massachusetts) Pirate radio: a revolt that just won’t die (even with $30,000 fines). Until a few days ago, Datz Hitz was broadcasting gospel and Caribbean music to Boston, Massachusetts neighborhoods Mattapan and Dorchester — plus news and live discussion about local cultural and neighborhood events. Its 99.7 FM signal had a range of a few city blocks — maybe 1 mile on good days. One of the staffers described the operation as a community radio station. But October 1, the Federal Communications Commission (FCC) hit this local service with a proposed $30,000 fine. Datz Hitz is a pirate operation, which has no legal FCC license. Now it just streams over the Internet. The Commission’s enforcement bureau got wise to Datz Hitz in the usual way. One year ago, a licensed broadcaster in the area complained about interference with its signal. So authorities drove out to Mattapan in a signal-detection van, looking for the tell-tale homemade tower and coax line stringing out of a basement or attic, which they found. The government left a Notice of Unauthorized Operation with the house, then met with the station’s owners, warning them to shut the station down. The station closed — at least for a day or two. When the FCC rechecked on the situation this February, Datz Hitz was back up and running, hence the proposed $30,000 penalty. A Datz Hitz spokesperson said the station has a lawyer and will appeal the fine. Source:

48. October 9, WLBZ 2 Bangor – (Maine) High-speed internet upgrade begins. After 2 years of planning, construction is starting on a big upgrade to Maine’s high-speed internet system. It is called the Three Ring Binder, and supporters say it will help grow Maine’s economy and improve everything from education to health care. Leaders of the Maine Fiber Company, which is building the system, held a ribbon-cutting in Brunswick to celebrate construction of the first five miles of the binder system, and announce that work is about to start on several hundred more miles this fall. The Three Ring Binder is planned to build 1,100 miles of fiber optic cable in three “rings” or loops covering much of the state. The project was awarded $25 million in federal stimulus funding (targeted at broadband expansion in rural areas), and Maine Fiber also raised $7.5 million in private investment. The Binder is designed to bring high speed, high capacity broadband service to areas of the state where it is unavailable, unreliable or prohibitively expensive. The system will not connect directly to the customers. Instead, this “middle mile” service will allow local internet service providers to connect to the new binder cable, which will give them access to high speed broadband at a low cost. Source:

For another story, see item 42 above in the Information Technology Sector