Friday, November 25, 2011

Complete DHS Daily Report for November 25, 2011

Daily Report

Top Stories

• A leaking tanker truck dropped a sticky substance over 40 miles of the Pennsylvania Turnpike, disabling more than 100 cars. – WTXF 29 Philadelphia (See item 14)

14. November 23, WTXF 29 Philadelphia – (Pennsylvania) Pa. turnpike goo disables 100 cars. A leaking tanker truck dropped a sticky substance over a nearly 40-mile stretch of the Pennsylvania Turnpike in Pennsylvania, disabling more than 100 cars that had their tires covered in the gooey muck. A turnpike spokesman said a leaking valve on a tanker carrying driveway sealant spread the gunk over the eastbound lanes of the Turnpike between New Castle and the Oakmont Service Plaza November 22. The spokesman said workers initially tried plowing the mess off the roadway but switched to covering it with sand to help it dry. Traffic was moving normally November 23, but turnpike officials said some state police and maintenance vehicles had to be towed after getting stuck. The spokesman said the turnpike set up a phone number to help motorists filing insurance claims. Source:

• Chicken livers contaminated with Salmonella Heidelberg have sickened 179 people in 6 states, the Centers for Disease Control and Prevention reported November 22. – Food Safety News (See item 18)

18. November 23, Food Safety News – (National) 179 Salmonella chicken liver cases in 6 states. Chicken livers contaminated with Salmonella Heidelberg have now sickened 179 people in 6 states, the Centers for Disease Control and Prevention (CDC) reported November 22. That is 22 more cases in 4 more states than the CDC reported November 9. The kosher broiled chicken livers, sold by Schreiber Processing Corp. of Maspeth, New York, under the MealMart brand, were recalled November 8. The chicken livers were distributed to New York, New Jersey, Pennsylvania, Maryland, Minnesota, Ohio, Rhode Island, and Florida. In its latest report on the outbreak, the CDC said New York now identified 99 cases of Salmonella infection linked to the chicken livers, New Jersey confirmed 61 related cases, Pennsylvania 10, Maryland 6, Ohio 2, and Minnesota 1. The illnesses began in March and continued through October. Source:


Banking and Finance Sector

12. November 23, Wilkes-Barre Citizens Voice – (Pennsylvania) Ammonia-filled balloon used to rob Dallas Twp. bank. A man used a balloon he claimed was filled with "acid" as a threat to rob a Luzerne National Bank branch in Dallas Township, Pennsylvania, November 22. The suspect, who wore a two-tone black and dark gray jacket and concealed his identity with a black ski mask and a hood over his head, entered the bank and held up a balloon and told people in the bank it contained "acid," according to the Dallas Township police chief. After demanding cash, the balloon broke as the man left the bank, though it turned out to contain ammonia. The man escaped and was being sought by police November 23. Source:

13. November 22, Orange County Register – (California) ‘Bubble Wrap Bandit' suspected in bank robbery. A man authorities call the "Bubble Wrap Bandit" is believed to have carried out a robbery November 22 at a Garden Grove, California bank, FBI officials said. A man walked into a U.S. Bank branch and handed the teller a note indicating a robbery and claiming he had a weapon, although no weapon was seen, an FBI spokeswoman said. The man left the bank with an undisclosed amount of money. Officials believe the man is also linked to a robbery September 1 at a Wells Fargo branch in Anaheim, in which a note was also used, a threat of a weapon was made, and an undisclosed amount was stolen. FBI officials believe the robber is the "Bubble Wrap Bandit," who is suspected of carrying out four robberies in Los Angeles in 2009 and 2010, including a Bank of the West in La Mirada, a Chase Bank in South Gate, a Bank of the West in Bell Gardens, and a Citibank in Bell Gardens. The robber reportedly earned his nickname after he was seen carrying bubble wrap during one of the earlier holdups. Source:

For another story, see item 32 below in the Information Technology Sector

Information Technology

32. November 23, Softpedia – (International) Xbox Live accounts targeted by massive phishing campaign. There is much confusion related to the issue of Xbox live accounts forcefully taken by cybercriminals, Softpedia reported November 23. While some feared a massive hacking operation was behind the incident, Microsoft claims the accounts fell victim to phishing. Xbox forums have been flooded with complaints from members who believe their accounts were taken over by hackers, but the official Xbox Live UK Facebook page claims no hacking was involved. The Sun published an article in which they revealed many users around the world reported the credit cards attached to their Live accounts were used to make small purchases, the average loss being estimated at $80 per account holder. In response to the article, Xbox UK issued a statement denying Xbox Live was hacked. “Microsoft can confirm that there has been no breach to the security of our Xbox LIVE service. In this case, a number of Xbox LIVE members appear to have recently been victim of malicious ‘phishing’ scams,” reads the statement. Source:

33. November 23, H Security – (International) FFmpeg updates fix security bugs. Versions 0.7.8 and 0.8.7 of the open source FFmpeg tool and library collection have been released. According to a news post on the project's homepage, the maintenance and security updates to the 0.7.x and 0.8.x branches of FFmpeg fix a number of bugs found in previous releases and address three vulnerabilities. The updates correct issues that could be exploited by an attacker to cause a denial-of-service condition or potentially compromise an application that uses FFmpeg –- well-known open source software that uses the library collection and includes the VLC Media Player, MPlayer, and Perian. An attack on FFmpeg would typically require the user to open a maliciously crafted media file or streaming URL. The vulnerabilities addressed in the update include errors in the QDM2 decoder and "vp3_dequant()" function that could be used to trigger a buffer overflow, as well as a problem in a number of functions that could lead to out-of-bounds reads. Source:

34. November 23, IDG News Service – (International) Google protects HTTPS-enabled services against future attacks. Google modified the encryption method used by its HTTPS-enabled services including Gmail, Docs, and Google+ in order to prevent current traffic from being decrypted in the future when technological advances make it possible, IDG News Service reported November 23. The majority of today's HTTPS implementations use a private key known only by the domain owner to generate session keys that are subsequently used to encrypt traffic between the servers and their clients. This approach exposes the connections to so-called retrospective decryption attacks. "In 10 years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today's email traffic," explained a member of Google's security team. To mitigate this relatively low, but real security risk, Google implemented an encryption property known as forward secrecy, which involves using different private keys to encrypt sessions and deleting them after a period of time. In this way, an attacker who manages to break or steal a single key will be unable to recover a significant quantity of e-mail traffic that spans months of activity, the member of Google's security team said. Source:

Communications Sector

35. November 22, KITV 4 Honolulu – (Hawaii) PBS Hawaii will resume shooting schedule. Three days after a fire cut power and production of local shows for the PBS Hawaii television station, a new shooting schedule was set up thanks to donated studio time. The station was gutted by a fire November 18, which started when a studio light exploded and flames swept through the building. Smoke poured from the studio as the ceiling and insulation burned. During the emergency, some important items were saved, including cameras. The smoke and flames did an estimated $1 million in damage to the studio, and its high-tech equipment. PBS Hawaii went back on the air a day later. Many employees who came into work were forced to wear masks to filter out the smell while others worked from home. Also, soot was spread in the fire. Specially trained crews will be cleaning equipment for weeks. Source:

For another story, see item 34 above in the Information Technology Sector