Wednesday, March 9, 2011
Complete DHS Daily Report for March 9, 2011
Daily Report
Top Stories
• The Center for Public Integrity reports an audit by the U.S. Department of Agriculture’s Inspector General found the agency’s process for testing ground beef for E. coli is flawed. (See item 23)
23. March 7, Center for Public Integrity – (National) USDA audit says E. coli testing in ground beef is flawed. The U.S. Department of Agriculture (USDA) has found its process for testing for E. coli in ground beef is flawed and may be missing bacteria during tests. These findings come from an audit released March 7 by the agency’s Inspector General (IG). It warns the current sampling method “is not designed to yield the statistical precision that is reasonable for food safety or to verify that plant controls or interventions are working as intended.” The audit makes four recommendations for improving inspections of the nearly 4 billion pounds of ground beef produced annually in the United States. These recommendations include developing a redesigned sampling program to provide “higher confidence” in the testing regime. The audit was done at the request of a U.S. Representative from Connecticut. The IG warned that, in situations where E. coli is present in 1 percent of the inspected bin, the current screening method would miss it more than half the time. Or, as the report puts it, “if the contamination level is very low, FSIS (Food Safety and Inspection Service) is more likely to miss contamination than to detect it.” Source: http://www.publicintegrity.org/blog/entry/3000/
• According to ABC News, a U.S. marshal was shot and killed, and two other law enforcement officers were injured while serving a warrant near St. Louis, Missouri. (See item 39)
39. March 8, ABC News – (Missouri) St. Louis shootout ends with U.S. Marshal and suspect dead. A U.S. marshal was shot in the head and killed March 8 while serving an arrest warrant near St. Louis, Missouri, setting off a standoff that ended with two other officers injured and the suspect killed. The marshal was taken to a hospital where he died, the U.S. Marshals Service said in a statement. The officers were attempting to serve an arrest warrant at the suspect’s home in the St. Louis suburb called Dutchtown, when the man opened fire with a semi-automatic pistol as the officers tried to enter the home. A shot fired at the St. Louis police officer ricocheted off his bullet-proof vest and entered his shoulder. He appears to have suffered a broken shoulder, sources said. The injured marshal is believed to have been shot in the leg or foot. When authorities arrived at the suspect’s home, he told them, “I’m only going out in a body bag,” ABC News radio affiliate KTRS reported. Three children were removed from the home before shots were fired. Source: http://abcnews.go.com/US/us-marshals-cop-wounded-st-louis-shootout/story?id=13084122
Details
Banking and Finance Sector
11. March 8, BNO News – (California) Ten Americans indicted after scamming more than $1.5 million from elderly victims. Ten Americans have been indicted on federal charges of running a so-called advance fee scheme that targeted elderly victims in the United States with promises of millions of dollars in inheritances — but only if they paid money upfront to facilitate the transfer of the promised bequests.The U.S. Attorney’s Office for the Central District of California March 7 released the first details about the cases. One suspect, who is a Nigerian national, allegedly orchestrated the domestic part of the scheme, which sent spam e-mails to thousands of potential victims. The senders of the e-mails falsely claimed to have control of millions of dollars in inheritance money in Nigeria, and they falsely told victims they would receive inheritance money if the victims paid a variety of advance fees for taxes or documentation. The suspect and his associates allegedly claimed to be attorneys, bankers, diplomats or other government officials, all of which was designed to convince victims they were dealing with legitimate professionals. The indictment alleged the suspects lured victims by initially demanding relatively small amounts of money. But once the victims paid the modest amounts, they were asked to wire increasingly larger amounts — as much as $35,000, according to the court documents. This so-called Nigerian 419 scam — which references to the section of the Nigerian criminal code that deals with fraud — allegedly bilked at least two dozen victims, most of whom were elderly, who collectively lost more than $1.5 million. Three of the ten defendants were arraigned March 7 in district courtt, where they pleaded not guilty and were ordered to stand trial later this year. The investigation into the 419 scam was initiated by the Treasury Inspector General for Tax Administration after one of the fraudsters allegedly impersonated an IRS agent to convince a victim to pay fictitious taxes. Source: http://channel6newsonline.com/2011/03/ten-americans-indicted-after-scamming-more-than-1-5-million-from-elderly-victims/
12. March 8, Norfolk Virginian-Pilot – (Virginia) 2 guilty of trying to defraud Navy credit union. Two men have pleaded guilty to fraud charges in an attempt to defraud nearly a half-million dollars from the Navy credit union. One suspect of Norfolk, Virginia, pleaded guilty March 7 in U.S. District Court to two charges related to credit union fraud. His accomplice of Virginia Beach, Virginia, pleaded guilty last month to credit union fraud and aggravated identity theft. The two admitted that between 2009 and 2010, they tried to cash $460,000 in checks obtained with stolen identities. They netted about $160,000, according to a court filing. One man admitted he stole the identities of customers at Navy Federal Credit Union, and then he and his accomplice obtained loan checks for bogus used car and motorcycle purchases. They also used unidentified third parties to help cash the checks. One, who is in jail, will be sentenced May 2 while his accomplice remains free pending sentencing June 6. Source: http://hamptonroads.com/2011/03/2-guilty-trying-defraud-navy-credit-union
13. March 8, Daily Stamford – (Connecticut) New Canaan man pleads guilty in ponzi scheme. A New Canaan, Connecticut man accused of defrauding people in a Ponzi scheme pleaded guilty March 7 in federal court and now faces up to 70 years in prison. The suspect pleaded guilty to five federal charges in U.S. District Court in Bridgeport. He owns and operates the Michael Kenwood Group, which operated several hedge funds in Stamford. “This investigation has revealed that [the suspect] operated a massive Ponzi scheme that has defrauded foreign investors of hundreds of millions of dollars,” said a U.S. attorney for Connecticut. “While the precise dollar losses will not be known for some time, based on this fast-moving investigation, we believe this case represents the largest white-collar prosecution ever brought by this office.” According to federal and FBI officials, from 2006 to February 2011, the suspect engaged in a scheme to defraud his investors, creditors, and the Securities and Exchange Commission (SEC). He allegedly created fraudulent documents as well as a fictitious asset verification letter falsely representing that one of his hedge funds had at least $275 million in credits as a result of outstanding loans even though he knew it did not have such credits. In addition, authorities said, the suspect misled investors, creditors, and the SEC about the true performance of the funds. The suspect pleaded guilty to two counts of wire fraud, one count of securities fraud, one count of investment adviser fraud, and one count each of conspiracy to obstruct justice, to obstruct an official proceeding and to defraud the SEC. Source: http://www.thedailystamford.com/news/new-canaan-man-pleads-guilty-ponzi-scheme
14. March 7, Perry County Times – (Pennsylvania) Harrisburg man charged with 3 bank robberies. State police have arrested a Harrisburg, Pennsylvania man and charged him with seven bank robberies, including three in Perry County. The suspect, 25, of the 2800 block of Canby Street, is being held on $750,000 bail in Adams County Prison. He is charged in connection with robberies of First National Bank of Liverpool December 30 and January 24, and of the PNC Bank in Duncannon February 18. State police in Gettysburg also have charged the suspect with an Adams County bank robbery February 18 that occurred prior to the robbery of the PNC Bank. East Pennsboro Township police have charged him with robberies November 23 and December 9 at the PNC Bank in Enola. Assisting in the investigations were the FBI Task Force, state police’s bureau of emergency and special 0perations, the state police troop H vice unit, and the East Pennsboro, and Camp Hill police departments. Source: http://www.pennlive.com/perry-county-times/index.ssf/2011/03/harrisburg_man_charged_with_3.html
15. March 7, San Francisco Chronicle – (California) Alleged Concord bank robber tentatively identified by Danville Police. The man who police said is responsible for several bank robberies around the Bay Area since February, including one in Concord, California February 24, has been tentatively identified by the Danville Police Department. The suspect robbed a bank in Danville March 7. According to Danville police, the suspect robbed the Chase Bank location at 661 San Ramon Valley Boulevard. A male, in his 20s, described as African American or Middle Eastern, wearing a white turban, approached a teller and demanded money. No weapon was seen and no one was injured during the robbery. The suspect received an estimated $20,000 from the teller and then fled the bank on foot. Witnesses told responding officers they had seen a person matching the suspect’s description running north from the scene. The FBI is assisting Danville police and a suspect has been tentatively identified. Source: http://www.sfgate.com/cgi-bin/blogs/incontracosta/detail?entry_id=84532
For another story, see item 45 below
Information Technology
41. March 8, Softpedia – (International) Google patches remote code execution Android Market vulnerability. Google has fixed a critical vulnerability in the Android Market Web site that allowed potential attackers to remotely install rogue apps on visitors’ devices. The bug stemmed from a simple cross-site scripting (XSS) weakness in the form used to publish new applications and was discovered by a security researcher at Duo Security. He explained that insufficient input validation in the application description form allowed the insertion of malicious code in the resulting application page. The code could have been used to trigger a remote app installation procedure through the INSTALL_ASSET functionality. This type of installation, which is considered a feature of the Android Market, was criticized because it does not display any prompt on the user’s device asking for confirmation. Source: http://news.softpedia.com/news/Google-Patches-Remote-Code-Execution-Android-Market-Vulnerability-188116.shtml
42. March 8, H Security – (International) Vulnerabilities in STARTTLS implementations. Vulnerabilities in implementations of the STARTTLS protocol for establishing an encrypted TLS connection could allow commands to be injected into a connection. According to a description by the discoverer of the problem, a Postfix developer, the key point is commands are injected into the connection before it has been secured/encrypted, but are only executed once the secure connection has been established. The developer illustrated the problem with an example involving securing SMTP with TLS. A client sends “STARTTLS\r\n”; using a man-in-the-middle attack an attacker changes this to “STARTTLS\r\nRSET\r\n”. The client and server then establish a TLS connection. The server then regards the injected RSET command added during the unprotected phase as if it has been transferred subsequent to the TLS connection being established. The RSET command in this example is relatively innocuous as it is a harmless protocol reset command, but other commands could be injected in a similar fashion. Source: http://www.h-online.com/security/news/item/Vulnerabilities-in-STARTTLS-implementations-1203760.html
43. March 8, Softpedia – (International) Microsoft detects spikes in SWF malware attacks using embedded JavaScript. Microsoft has seen spikes in the number of attacks using SWF malware that embed malicious JavaScript and warn this technique might become more prevalent. SWF-based malware is not new. It is commonly used to exploit vulnerabilities in Adobe Flash Player in order to install further threats on computers. The new trojan identified by Microsoft and dubbed Trojan:SWF/Jaswi.A targets CVE-2010-0806, an arbitrary code execution vulnerability in Internet Explorer 6 and 7. However, what sets it apart is the way the JavaScript-based exploit is launched. Most SWF malware use the getURL function to redirect users to malicious sites, but Jaswi.A uses a function called ExternalInterface.call() to initiate the injection. If successful, the attack downloads a file called uusee(dot)exe, which is a Chinese password stealer known as PWS:Win32/Lolyda(dot)AU. Source: http://news.softpedia.com/news/Microsoft-Sees-Spikes-in-SWF-Malware-with-Embedded-JavaScript-188253.shtml
44. March 8, H Security – (International) USB driver bug exposed as ‘Linux plug&pwn’. A researcher from MRW InfoSecurity has reported a bug in the Caiaq USB driver that could be used to gain control of a Linux system via a USB device. The bug is caused by the device name being copied into a memory area with a size of 80 bytes using strcpy() without its length being tested. A crafted device with a long device name could thus write beyond the limits of this buffer, allowing it to inject and execute code. Because the driver is included, and automatically loaded, in most Linux distributions, to execute code in kernel mode an attacker would merely have to connect such a device to a Linux system’s USB port. MRW said it has assembled a suitable USB device for this purpose, boasting in a Tweet of a “Linux plug&pwn.” Source: http://www.h-online.com/security/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html
45. March 8, Help Net Security – (International) Illegal online pharmacies target mobile users. As witnessed by Cyveillance, fake pills pushers have begun targeting mobile device users. The look of regular Web sites is not optimized for mobile browsing — the font size is usually too small and navigation is too difficult. So, the scammers running some illegal online pharmacies have decided that there is enough interest to warrant the setting up of Web sites optimized for mobile device interaction. They even incorporated a .mobi Internet domain for the site. But apart from these cosmetic changes, the danger for users remains the same: fake pills that can endanger their health and unsecured, unencrypted payment processing that may result in their credit card details getting stolen and misused. Source: http://www.net-security.org/malware_news.php?id=1658
46. March 7, Softpedia – (International) Private open-source software security mailing list shuts down after hacking. A private mailing list — referred to as Vendor-Sec — used by Linux and FreeBSD vendors to coordinate responses to critical vulnerabilities was closed down after its server was compromised and destroyed by hackers. “...I noticed a break-in into the lst.de machine last week [the week of February 27], which was likely used to sniff email traffic of vendor-sec,” the moderator announced on the OSS Security mailing list March 3. “This incident probably happened on Jan. 20 as confirmed by timestamp, but might have existed for longer,” he added. Before deciding on what course of action to take regarding the decade-old mailing list, he asked for input from people in the open-source software security industry about its usefulness in the current context. But, before any meaningful discussion had a chance to start, the hackers realized they were detected, re-entered, and destroyed the system.
For another story, see item 47 below
Communications Sector
47. March 8, The Register – (International) IPv6 intro creates spam-filtering nightmare. The migration towards IPv6 will make it harder to filter spam messages, service providers warn. While the expansion to IPv6 allows far more devices to have a unique Internet address, it creates many problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail sources. Spam-filtering technology typically uses blacklists as one key component in a multi-stage junk mail filtering process that also involves examining message contents. “The primary method for stopping the majority of spam used by e-mail providers is to track bad IP addresses sending e-mail and block them – a process known as IP blacklisting,” explained a senior solutions architect at spam-filtering company Cloudmark. “With IPv6, this technique will no longer be possible and could mean that e-mail systems would quickly become overloaded if new approaches are not developed.” Other technologies also track IP addresses for various purposes, including filtering out sources of denial of service attacks, click fraud, and search engine manipulation. Source: http://www.theregister.co.uk/2011/03/08/ipv6_spam_filtering_headache/
No comments:
Post a Comment