Monday, April 30, 2012

Complete DHS Daily Report for April 30, 2012

Daily Report

Top Stories

• A court required a man and his companies to pay a $5 million penalty for running a foreign currency scam that cheated at least 500 investors out of $85 million. – U.S. Commodity Futures Trading Commission See item 10 below in the Banking and Finance Sector

• Forty more illnesses were added to the multi-state outbreak linked to Salmonella-contaminated sushi tuna, bringing the total cases to 200 in 26 states. – Food Safety News

18. April 27, Food Safety News – (National) Multistate outbreak linked to raw sushi grows to 200 cases. Forty more illnesses were added to the multi-state outbreak linked to Salmonella-contaminated sushi tuna, the Centers for Disease Control and Prevention (CDC) reported April 26. The CDC also announced that health officials grouped a second strain of Salmonella Nchanga into the outbreak investigation. As of late the week of April 23, the CDC said there were 160 confirmed cases of Salmonella Bareilly linked to the same outbreak. Now, it is reporting 190 illnesses in 21 states linked to Salmonella Bareilly, and 10 illnesses in 5 states linked to Salmonella Nchanga. The product implicated, known as “tuna scrape,” is raw yellowfin tuna that has been shaved and recovered from tuna bones, which is served raw in sushi products, particularly spicy tuna rolls. The Nacaochi Scrape fish product was imported from India and has been recalled by the California-based distributor, Moon Marine USA. At least two more people were hospitalized since the CDC’s last update, bringing the total to 28. New York reported the most cases, with 35 sickened. Massachusetts had 24 cases. Maryland had 20 cases, while New Jersey had 19. Wisconsin reported 16, Illinois 15, Georgia 11, and Virginia 10. Connecticut had eight cases, followed by Pennsylvania with seven, and Rhode Island with six. Texas and Missouri were reporting four cases. South Carolina, North Carolina, and Louisiana each reported three. Alabama, Mississippi, and Washington, D.C. each had two. Arkansas and Florida reported one case. Source: http://www.foodsafetynews.com/2012/04/multistate-outbreak-linked-to-raw-sushi-grows-to-200-cases/

• A hacker who released source code from hypervisor VMware, a platform that runs guest operating systems for many businesses and organizations, threatened to release more data May 5. The source code could allow malicious actors to take advantages of vulnerabilities in such systems. – InformationWeek See item 36 below in the Information Technology Sector

• A researcher said a remotely exploitable vulnerability exists in all current versions of the Oracle database server. It allows an attacker to intercept traffic and execute arbitrary commands on the server.Threatpost See item 37 below in the Information Technology Sector

Details

Banking and Finance Sector

7. April 27, Philadelphia Inquirer – (Pennsylvania; New Jersey) Glenside broker among six charged in loan-fraud case. Federal prosecutors in Philadelphia indicted a business-loan broker and his business partner April 26 on charges of fraud, conspiracy, and money-laundering, alleging the pair “defrauded more than 800 victims out of more than $10 million,” according to a statement from a U.S. attorney, FBI special agent-in-charge, and a U.S. Internal Revenue Service acting special agent-in-charge. The defendant is the founder and chairman of Philadelphia-based Remington Capital Group and related companies. Also charged with fraud were four brokers. According to the indictment, between 2005 and 2011 the two men and their brokers “fraudulently induced hundreds of people to pay Remington fees in excess of $10,000 apiece, based on false representations that Remington had lenders and/or investors ready to provide financing for the victims’ projects.” Victims included a New Jersey developer trying to raise $27.5 million for a Camden project and a Pennsylvania developer trying to raise $22 million for a solar electric farm, the indictment said. In many cases, according to the indictment, the suspect never had funding lined up but “fraudulently” took fees anyway. Source: http://www.philly.com/philly/business/149140135.html

8. April 26, Minneapolis Star Tribune – (Minnesota) Ex-Centennial Mortgage executive pleads guilty to bank fraud. A former executive with Centennial Mortgage and Funding Inc. pleaded guilty April 26 in a Minneapolis federal court to defrauding various banks to cover the company’s losses and fund its operations. The executive was an accountant, senior vice president, and chief financial officer for the mortgage company in 2007 and 2008, when the alleged fraud took place. The government contended he was responsible for $8 million in losses. Centennial, a mortgage lender, had warehouse lines of credit with various banks, including American Bank. The executive admitted misleading lenders about the status of existing mortgage loans to get them to advance Centennial more money; helping conceal defaults on existing mortgage loans; hiding the fact that about 23 mortgage loans were double-funded; and kiting checks between Centennial’s various bank accounts. He used the money he obtained for payroll and other operating expenses, the government said. He said he did not do all those things personally, but he failed to inform the financial institutions about what he knew and aided others in the alleged fraud. Source: http://www.loansafe.org/ex-centennial-mortgage-executive-pleads-guilty-to-bank-fraud-2

9. April 26, Seattle Times – (Washington) Columbia City bank damaged by Molotov cocktail. A bank in the Columbia City section of Seattle damaged overnight April 26 when someone threw a Molotov cocktail at the side of the building, according to Seattle police. When employees arrived April 26, they discovered a broken window and burn marks on the side of the building. A police account of the incident said it appeared the gasoline-filled bottle struck and scorched the side of the bank. It did not cause significant damage. Source: http://blogs.seattletimes.com/today/2012/04/columbia-city-bank-damaged-by-molotov-cocktail/

10. April 26, U.S. Commodity Futures Trading Commission – (California; National) Federal court enters order settling CFTC $85 million forex fraud action against a California resident and his companies SNC Asset Management, Inc. and SNC Investments, Inc. The U.S. Commodity Futures Trading Commission (CFTC) obtained a federal court supplemental consent order requiring a defendant and his companies, SNC Asset Management, Inc., and SNC Investments, Inc., to pay a $5 million civil monetary penalty, the CFTC announced April 26. The court’s supplemental consent order, filed in California, resolves a CFTC complaint that charged the defendants with operating an $85 million fraudulent foreign currency (forex) scam. According to the consent order, the defendants fraudulently solicited at least $85 million from at least 500 customers to trade forex. The defendants in their solicitations falsely claimed to be operating successful forex trading firms and guaranteed monthly returns generated by their trading, the order finds. These representations, and subsequent fictitious account statements depicting profitable returns on individual accounts, created the false impression the defendants were trading forex profitably, the order finds. However, only a small percentage of the $85 million solicited was traded and the defendants’ limited trading resulted in losses, according to the order. Rather than trade on behalf of customers, the defendants misappropriated customer funds for personal use. In a related criminal action, the defendant pleaded guilty April 9, 2010 to conspiracy to commit wire fraud and conspiracy to commit money laundering. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6245-12

11. April 26, Fox Business Network – (New York; National) NYSE receives credible cyber threat against website. The New York Stock Exchange (NYSE) received a credible threat to disrupt its external Web site as part of an apparent cyber attack attempt against many U.S. exchanges, the Fox Business Network reported April 26. The threat, which is not tied to NYSE’s trading systems, prompted the Big Board to beef up security and monitoring for a potential cyber attack, sources familiar with the matter said. The April 26 threats centered around a potential denial-of-service attack strictly focused on the exchange’s external Web site, and having nothing to with its trading systems, a source said. The cyber threat appears to be tied to an anti-capitalistic online posting by a cyber group called “L0NGwave99” that promised to hit stock exchanges with a denial of service attack April 26 in support of the “great and rooted 99% movement.” In addition to the NYSE, the group claimed it will put “into a profound sleep” the Web sites of the Nasdaq Stock Exchange, BATS, the Chicago Board of Options Exchange, and the Miami Stock Exchange. While the posting said it would start the operation at 9 a.m., none of those exchanges appeared to be suffering any Web site difficulties as of early the afternoon of April 26. Source: http://www.foxbusiness.com/industries/2012/04/26/nyse-receives-credible-cyber-threat/

Information Technology

33. April 27, Softpedia – (International) One vulnerable site can serve multiple cybercriminal groups, experts find. Security researchers found that a single vulnerable Web site may be used by a number of cybercriminal organizations, each one altering the site to serve its own purposes. In many cases, Web sites are compromised and altered to lead visitors to domains that push fake antivirus programs, which lately have become a great way for cyber criminals to earn a profit. A Zscaler expert explained that once the criminals overtake the site, they rely on Blackhat SEO techniques to increase traffic towards their malicious plots. In order to do this, they set up two different pages on the compromised domain. First, they create a spam page that search engines, security scanners, and blacklisting mechanisms see as harmless. This page does not contain obfuscated code and performs the redirect via a PHP or .htaccess file. The second page contains the redirect to a site in charge of performing the attack on users. More recently, researchers identified many overtaken Web sites designed to send users to fake antivirus were also infected with a malicious piece of JavaScript, which held an IFRAME injection that pointed to several different locations. Source: http://news.softpedia.com/news/One-Vulnerable-Site-Can-Serve-More-Cybercriminal-Groups-Experts-Find-266737.shtml

34. April 27, H Security – (International) PHP 5.4.1 and PHP 5.3.11 released. The PHP developers released the first update for PHP 5.4, the latest version of their popular scripting language, and an update to PHP 5.3, the older stable branch of the language. The developers said “All users of PHP are strongly encouraged to upgrade” to the new releases. PHP 5.4.1 has more than 20 bug fixes, including some related to security. One security bug concerned insufficient validating of the upload name, which then led to corrupted $_FILES indices. Another notable change was open_basedir checks being added to readline_write_history and readline_read_history. The PHP 5.3.11 upate fixes nearly 60 bugs including correcting a regression in a previously applied security fix for the magic_quotes_gpc directive. A new debug info handler was also added to DOM objects, and the developers added support for version 2.4 of the Apache Web server. Source: http://www.h-online.com/security/news/item/PHP-5-4-1-and-PHP-5-3-11-released-1561184.html

35. April 27, The Register – (International) Ghost of HTML5 future: Web browser botnets. During a presentation at the B-Sides Conference in London, England, April 25, a senior threat researcher at Trend Micro outlined how HTML5 could be used to launch browser-based botnets and other attacks. The new features in the revamped markup language — from WebSockets to cross-origin requests — could cause major issues for the information security arena and turn browsers such as Chrome and Firefox into complete cybercrime toolkits. Many attack scenarios involve using JavaScript to create memory-resident “botnets in a browser,” the researcher warned, which can send spam, launch denial-of-service attacks, or worse. Because an attack is browser-based, anything from a Mac OS X machine to an Android smartphone can run the platform-neutral code, simplifying the development of malware. Creating botnets by luring users into visiting a malicious Web page, as opposed to having them open a booby-trapped file that exploits a security flaw, offers many advantages to hackers. Malicious Web documents held in memory are difficult to detect with traditional file-scanning antivirus packages, which seek out bad content stored on disk. JavaScript code is also very easy to obfuscate, so network gateways that look for signatures of malware in packet traffic are easy to bypass — and HTTP-based attacks pass through most firewalls. Source: http://www.theregister.co.uk/2012/04/27/html5/

36. April 26, InformationWeek – (International) VMware breached, more hypervisor source code to come. Hypervisors — such as VMware ESXi and Xen — provide the platform on which virtualized guest operating systems run, and are therefore a core component of any business’s virtual infrastructure. A 2010 study from IBM found that 35 percent of all vulnerabilities in a virtualized environment could be traced to the hypervisor. Those vulnerabilities are cause for concern in the wake of VMware’s April 23 confirmation that source code dating to 2003 and 2004 was publicly released by a hacker billing himself as Hardcore Charlie. Furthermore, he said the release was a “sneak peak” of the 300 MB of VMware source code he said is in his possession, which he said will be publicly released May 5. Charlie said he obtained the VMware kernel source code via March attacks against China Electronics Import & Export Corporation. Source: http://www.informationweek.com/news/security/attacks/232901025

37. April 26, Threatpost – (International) Critical bug reported in Oracle servers. There is a critical remotely exploitable vulnerability in all of the current versions of the Oracle database server that can enable an attacker to intercept traffic and execute arbitrary commands on the server. The bug, which Oracle reported as fixed in the most recent Critical Patch Update (CPU), is only fixed in upcoming versions of the database, not in currently shipping releases, and there is publicly available proof-of-concept exploit code circulating. The vulnerability lies in the TNS Listener service, which on Oracle databases functions as the service that routes connection requests from clients to the server itself. A researcher said he discovered the vulnerability several years ago and then sold the details of the bug to a third-party broker, who reported it to Oracle in 2008. Oracle credited the researcher for reporting the bug in its April CPU, but he said in a post on the Full Disclosure mailing list the week of April 23 that the flaw was not actually fixed in the current versions of the Oracle database server. Source: http://threatpost.com/en_us/blogs/critical-bug-reported-oracle-servers-042612

For more stories, see items 11 above in the Banking and Financial Services Sector and 39 below in the Communications Sector

Communications Sector

38. April 27, WLUC 6 Marquette – (Michigan) Verizon Wireless service outages. Verizon Wireless was having outages in parts of the central and western Upper Peninsula of Michigan April 27, according to the Michigan State Police. Service started returning to areas around 10:30 a.m. Call service seemed to be impacted, but data and text was working during the outage. Source: http://www.uppermichiganssource.com/news/story.aspx?list=~\home\lists\search&id=747093#.T5rEDNkwJI4

39. April 26, IDG News Service – (International) Engineers look to fix Internet routing weakness. Information technology engineers are studying what may be an easier way to fix a long-existing weakness in the Internet’s routing system that has the potential to cause major service outages and allow hackers to spy on data, IDG News Service reported April 26. The problem involves the routers used by every organization and company that owns a block of Internet Protocol (IP) addresses. Those routers communicate constantly with other routers, updating internal information — often upwards of 400,000 entries — on the best way to reach other networks using a protocol called Border Gateway Protocol (BGP). Changes in that routing information are distributed quickly to routers around the world in as few as 5 minutes. But the routers do not verify the route “announcements,” as they are called, are correct. Mistakes in entering the information — or a malicious attack — can cause a network to become unavailable. It can also cause, for example, a firm’s Internet traffic to be circuitously routed through another network it does not need to go through, opening the possibility the traffic could be intercepted. The attack is known as “route hijacking,” and cannot be stopped by any security product. The solution is to have routers verify the IP address blocks announced by others’ routers actually belong to their networks. Source: http://www.computerworld.com/s/article/9226657/Engineers_look_to_fix_Internet_routing_weakness?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&utm_content=Google+Read

40. April 26, San Juan Journal – (Washington) Telephone and cellular phone service restored on Orcas. Telephone systems were back up and running on Orcas Island in Washington State April 26, according to the county Department of Emergency Management (DEM). Telephone connections, as well as cellular phone systems, went down early April 26 on Orcas. Century Link reportedly fixed failures in its systems by early the afternoon of April 26, the DEM said. While phone systems were inoperable, the Orcas Island Fire Department and local team of amateur radio operators handled 9-1-1 calls after the outage interrupted emergency calls on Orcas to the sheriff’s department headquarters in Friday Harbor. Source: http://www.sanjuanjournal.com/news/149146835.html

For another story, see item 35 above in the Information Technology Sector

Friday, April 27, 2012

Complete DHS Daily Report for April 27, 2012

Once again, apologies to all for the delay in this report! I normally obtain the full report directly from DHS at 5AM EDST. Today, it became available at 09:45AM

Daily Report

Top Stories

An international operation April 26 shut down dozens of Web sites, including many in the United States, which offered for sale information from about 2.5 million credit cards as well as other private data. – BBC News See item 13 below in the Banking and Finance Sector

A report found the Florida Highway Patrol lieutenant who ordered the reopening of a fog- and smoke-shrouded interstate shortly before a series of crashes killed 11 people was unaware of the agency’s procedures. The lieutenant also had no formal training in opening and reopening roads. – Associated Press

17. April 26, Associated Press – (Florida) Report: Fla. Highway Patrol erred in opening smoke-shrouded I-75 before crashes that killed 11. A Florida Highway Patrol lieutenant who ordered the reopening of a fog- and smoke-shrouded interstate highway shortly before a series of crashes killed 11 people was unaware of the agency’s procedures and had no formal training in opening and reopening roads, a state report said April 26. The Florida Department of Law Enforcement report concluded troopers made errors but found no criminal violations. A highway patrol sergeant expressed concerns about reopening Interstate 75 in north Florida in January, after heavy smoke from a wildfire had forced its closure. But a lieutenant gave the order because he was worried keeping the highway closed also would be dangerous. At least a dozen cars, pickup trucks, and a van, six semi-trailer trucks, and a motorhome collided in six separate fatal crashes in north Florida near Gainesville. Some vehicles burst into flames, making it difficult to identify the victims. Smoke from a wildfire mixed with fog blanketed the highway where it cut through Paynes Prairie State Park. Source: http://www.washingtonpost.com/national/fla-highway-patrol-set-to-release-report-on-fog--smoke-shrouded-i-75-crash-that-killed-11/2012/04/26/gIQAsvmXiT_story.html

• Cyberattacks on the U.S. federal government's IT systems skyrocketed 680 percent in 5 years, an official from the Government Accountability Office testified at a Congressional hearing. – Infosecurity

39. April 25, Infosecurity – (National) Cyberattacks on U.S. federal IT system soared 680% in five years. Cyberattacks on the federal government's IT systems skyrocketed 680 percent in 5 years, an official from the Government Accountability Office (GAO) testified the week of April 23 on Capitol Hill. Federal agencies reported 42,887 cybersecurity incidents in 2011, compared with just 5,503 in 2006, the director of information issues for the GAO told a House Homeland Security Committee panel. The incidents reported by the agencies included unauthorized access to systems, improper use of computing resources, and the installation of malicious software, among others. The GAO official said the sources of the cyberthreats included criminal groups, hackers, terrorists, organizational insiders, and foreign nations. “The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques, such as attacks that may combine multiple techniques. Using these techniques, threat actors may target individuals, businesses, critical infrastructures, or government organizations,” he testified. The federal government's IT systems continue to suffer from "significant weaknesses" in information security controls, he said. Eighteen of 24 major federal agencies have reported inadequate information security controls for financial reporting for fiscal year 2011, and inspectors general at 22 of these agencies identified information security as a major management challenge for their agency, he told the House panel. ”Reported attacks and unintentional incidents involving federal, private, and infrastructure systems demonstrate that the impact of a serious attack could be significant, including loss of personal or sensitive information, disruption or destruction of critical infrastructure, and damage to national and economic security,” he warned. Source: http://www.infosecurity-magazine.com/view/25393/cyberattacks-on-us-federal-it-system-soared-680-in-five-years/

• Researchers found that equipment using RuggedCom's industrial networking gear has a password that is easy to crack, which can give attackers the means to sabotage myriad industrial operations. The researchers said that for years, the firm did not warn the power facilities, military facilities, and municipal traffic departments that use its technology about the flaw. – Ars Technica See item 49 below in the Information Technology Sector

Details

Banking and Finance Sector

13. April 26, BBC News – (National; International) Credit card 'info for sale' websites closed in global raids. Dozens of Web sites offering credit card details and other private information for sale have been taken down in a global police operation, BBC News reported April 26. Britain's Serious Organized Crime Agency (SOCA) said the raids in Australia, Europe, the United Kingdom, and the United States were the culmination of 2 years of work. Two Britons and a man from Macedonia were arrested, with 36 sites shut down. Some of the Web sites have been under observation for 2 years. During that period the details of about 2.5 million credit cards were recovered — preventing fraud, according to industry calculations, of about $809 million. The head of SOCA's cyber crime unit said criminals were selling personal data on an "industrial" scale. He said traditional "bedroom" hackers were being recruited by criminal gangs to write the malware or "phishing" software that steals personal data. Other information technology experts are used to write the code that enables the Web sites to cope, automatically, with selling the huge amounts of data. Joint operations April 26 in Australia, the United States, Britain, Germany, the Netherlands, Ukraine, Romania, and Macedonia led to the Web sites being closed down. Source: http://www.bbc.co.uk/news/uk-17851257

14. April 25, Associated Press – (Florida) FBI: South Florida bank robberies on rise. The FBI said bank robberies are on the rise in south Florida in fiscal year (FY) 2012 and may surpass the totals for each of the past 2 years, the Associated Press reported April 25. The FBI's Miami Field Office said there were 49 bank heists between October 1, 2011 and the end of March in Florida counties stretching from Martin to Monroe. Those numbers are up 25 percent compared with the same time frame in FY 2011. If the trend holds, south Florida could see 100 bank stickups in FY 2012. That compares with 75 in FY 2011 and 87 in FY 2010. FBI agents said most robberies are non-violent and do not involve the display of a weapon. About half of the FY 2012 bank robberies in south Florida have been solved. Source: http://www.businessweek.com/ap/2012-04/D9UC1ENG0.htm

15. April 25, Reuters – (National; International) Former Morgan Stanley star in China pleads guilty. A former Morgan Stanley executive has pleaded guilty to conspiring to evade internal controls required by a U.S. anti-bribery law, in a case that underlines the fall of a once high-flying dealmaker for the firm in China. The executive, who was a managing director in Morgan Stanley's real estate investment and fund advisory business, also settled related charges with securities regulators April 25, and agreed to roughly $3.7 million in sanctions and a permanent bar from the industry. The defendant secretly arranged to have millions paid to himself and a Chinese official and disguised the payments as finder's fees charged to Morgan Stanley, regulators said. Such payments violated the Foreign Corrupt Practices Act, which bars bribes to officials of foreign governments, the U.S. Securities and Exchange Commission (SEC) said. Morgan Stanley, which cooperated in the government's investigation, was not charged. The former executive had a personal friendship with the former chairman of a Chinese state-owned entity, Yongye Enterprise (Group) Co., which had influence over the success of Morgan Stanley's real estate business in Shanghai, the SEC said. He secretly arranged for both of them to acquire a valuable Shanghai real estate interest from a Morgan Stanley fund, it said. Source: http://www.reuters.com/article/2012/04/25/us-sec-morgan-stanley-idUSBRE83O1DY20120425

16. April 24, Associated Press – (California) 2 dozen arrested at Wells Fargo meeting, protest. Authorities have arrested about two dozen people who demonstrated inside and outside Wells Fargo's annual shareholders meeting April 24 in San Francisco. A San Francisco police sergeant said police arrested 20 protesters. At least 14 of them were inside the meeting in the city's financial district. Six others were arrested for trespassing. He said the San Francisco Sheriff's Department arrested another four people. The bank protest drew several hundred protesters criticizing the San Francisco-based company for pursuing home foreclosures, predatory lending, not paying enough taxes, and investing in private prison companies. Dozens of officers were stationed around the Merchant's Exchange Building in the city's financial district ahead of the 1 p.m. meeting. Bank stockholders were asked to show certificates or other proof of ownership before being corralled past gates erected in front of the doors. Source: http://www.businessweek.com/ap/2012-04/D9UBIU9O0.htm

For more stories, see items 39 above in Top Stories

Information Technology

44. April 26, H Security – (International) Security improvements in Opera 12 beta. A beta of version 12 of the Opera Web browser was released with privacy and security-focused improvements. The browser now runs plugins out-of-process and includes optimizations for better SSL handling. Running plugins in their own process not only improves the smoothness and stability of the browser but also can limit the damage from some plug-in exploit. Privacy is enhanced with support for the "Do Not Track" (DNT) header, which is used to tell Web sites the browser user wishes to opt-out of online behavioral tracking. The DNT header is designed to help users retain their privacy when faced with online advertising networks that use cookies and other Web technologies to recognize them and serve them tailored advertising. Source: http://www.h-online.com/security/news/item/Security-improvements-in-Opera-12-beta-1559714.html

45. April 26, Help Net Security – (International) Hotmail remote password reset 0-day bug found, patched. A critical security flaw affecting Microsoft's Hotmail was detected almost simultaneously by Vulnerability Lab researchers and a Saudi Arabian hacker and, until a temporary fix was made by Microsoft April 20, it was used by hackers to hijack users' Hotmail/Live account. "The vulnerability allows an attacker to reset the Hotmail/MSN password with attacker chosen values. Remote attackers can bypass the password recovery service to setup a new password and bypass in place protections (token based)," explained Vulnerability Lab's researchers. Source: http://www.net-security.org/secworld.php?id=12818&utm

46. April 26, Softpedia – (International) Expert accidentally finds how DoS attacks can be launched via Google. A computer scientist working at New York University learned Google can be used to launch successful denial-of-service (DoS) attacks against sites with minimal effort. The researcher explained it started when he saw Amazon Web Services was charging him with 10 times the usual amount because of large amounts of outgoing traffic. After analyzing traffic logs, he was able to determine that every hour a total of 250 gigabytes of traffic was sent out because of Google’s Feedfetcher, the mechanism that allows the search engine to grab RSS or Atom feeds when users add them to Reader or the main page. It appears Google does not want to store the information on its own servers so it uses Feedfetcher to retrieve it every time, thus generating large amounts of traffic. This enabled the expert to discover how a Google feature can be easily used to launch attacks against a site simply by gathering several big URLs from the target and putting them in a spreadsheet or a feed. If the feed is placed into a Google service or a spreadsheet and the image(url) command is used, a DoS attacks is initiated. Source: http://news.softpedia.com/news/Expert-Accidentally-Finds-How-DOS-Attacks-Can-Be-Launched-Via-Google-266613.shtml

47. April 26, Computerworld – (International) Obstinate' Conficker worm infests millions of PCs years later. April 25, Microsoft said the long-suppressed Conficker botnet is still actively infecting millions of new machines, giving Windows enterprise users a 2.5-year problem. Conficker infected or tried to infect 1.7 million Windows PCs in the fourth quarter of 2011, 3 years after it first appeared. The 1.7 million was an uptick of 100,000 from the previous quarter, said Microsoft. The worm first appeared in the fall of 2008, exploiting a just-patched Windows vulnerability. It soon morphed into a more effective threat, adding new attack techniques, including one that relied on weaknesses in Windows XP's and Vista's AutoRun feature. By January 2009, some security firms estimated Conficker compromised millions of PCs. Concern about Conficker reached a crescendo when the media reported it would update itself April 1, 2009. Because of the size of the Conficker botnet — estimates ran as high as 12 million — and other mysteries, hype ran at fever pitch. In the end, Conficker's April 1 update passed quietly. However, the worm, although prevented from communicating with its makers, has not completely disappeared. According to Microsoft, detections of Conficker jumped 225 percent since 2009. The current size of the Conficker botnet — those PCs now infected — is approximately 7 million, Microsoft claimed. Source: http://www.computerworld.com/s/article/9226619/_Obstinate_Conficker_worm_infests_millions_of_PCs_years_later

48. April 26, IDG News Service – (International) Most of the Internet's top 200,000 HTTPS websites are insecure, group says. Ninety percent of the Internet's top 200,000 HTTPS-enabled Web sites are vulnerable to known types of secure sockets layer (SSL) attack, according to a report released April 26 by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy, and reliability problems. It is based on data from a new TIM project called SSL Pulse, which uses automated scanning technology developed by security vendor Qualys to analyze the strength of HTTPS implementations on Web sites in the top 1 million published by Web analytics firm Alexa. SSL Pulse checks what protocols are supported by HTTPS-enabled Web sites, the key length used for securing communications, and the strength of the supported ciphers. An algorithm is used to interpret scan results and assign a score between 0 and 100 to each HTTPS configuration. The score is then translated into a grade, with A being the highest (over 80 points). Half of the almost 200,000 Web sites in Alexa's top 1 million that support HTTPS received an A for configuration quality. The sites use a combination of modern protocols, strong ciphers, and long keys. Despite this, only 10 percent of the scanned Web sites were deemed truly secure. Seventy-five percent — around 148,000 — were found to be vulnerable to an attack known as BEAST, which can be used to decrypt authentication tokens and cookies from HTTPS requests. Source: http://www.computerworld.com/s/article/9226623/Most_of_the_Internet_39_s_top_200_000_HTTPS_websites_are_insecure_group_says

49. April 25, Ars Technica – (International) Backdoor in mission-critical hardware threatens power, traffic-control systems. Equipment running RuggedCom's Rugged Operating System networking gear has an undocumented account that cannot be modified and a password that is trivial to crack. According to researchers, for years the company did not warn the power utilities, military facilities, and municipal traffic departments using the industrial-strength gear the account can give attackers the means to sabotage operations that affect the safety of many people. The backdoor uses the login ID of "factory" and a password recovered by plugging the media access control (MAC) address of the targeted device into a simple Perl script, according to a post published April 23 to the Full Disclosure security list. To make unauthorized access easy, paying customers of the Shodan computer search engine can find the IP numbers of more than 60 networks that use the vulnerable equipment. The first thing users who telnet into them see is its MAC address. Equipment running the Rugged Operating System act as the switches and hubs that connect programmable logic controllers to the computer networks used to send them commands. They may lie between the computer of a electric utility employee and the compact disk-sized controller that breaks a circuit when the employee clicks a button on their screen. To give the equipment added power, Rugged Operating System is fluent in the Modbus and DNP3 communications protocols used to natively administer industrial control and supervisory control and data acquisition systems. The U.S. Navy, the Wisconsin Department of Transportation, and Chevron are just three of the customers who rely on the gear, according to RuggedCom's Web site. Source: http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars?utm

For more stories, see items 13 above in the Banking and Finance Sector, 39 above in Top Stories and 50 and 51 below in the Communications Sector

Communications Sector

50. April 25, Norfolk Virginian-Pilot – (Virginia) Verizon working to fix outage in Norfolk. Several hundred Verizon Communications Inc. customers in Norfolk, Virginia, lost telephone and Internet service after April 20, when a contractor for another company damaged underground cables. The contractor cut into two Verizon underground cables serving about 700 lines, a Verizon spokesman wrote in an e-mail. Verizon learned of the extent of the outage over the April 21 weekend, he wrote. Because some customers have more than one line into their homes or businesses, the number who lost service is likely less than 700, he wrote. The company hoped to replace the cable and restore service for all customers by April 26. The process is complicated because the conduit carrying the damaged cables had no room for additional lines, requiring repair workers to find an alternate path for the replacement cable, the spokesman wrote. Source: http://hamptonroads.com/2012/04/verizon-working-fix-outage-norfolk

51. April 25, Whidbey Examiner – (Washington) Outage angers Whidbey Telecom customers. Residents on Whidbey Island, Washington endured 5 days of electronic frustration the week of April 23 as Whidbey Telecom suffered a complete breakdown of its e-mail service during an equipment upgrade. The problems began April 20 as technicians worked on making changes to the equipment that handles e-mail. Customers had been warned in advance that a temporary outage was possible. But throughout the weekend of April 21, customers reported not being able to send or receive e-mail. For residential customers, it was mostly an inconvenience. But for small businesses that rely on the locally owned telecommunications firm for e-mail service, the outage that dragged on into the beginning of the week of April 23 had begun to threaten their bottom line. By about 8:30 a.m. April 25, some customers confirmed that their e-mail service was up and running again. Source: http://www.whidbeyexaminer.com/main.asp?SectionID=1&SubSectionID=1&ArticleID=7622

For another story, see item 45 above in the Information Technology Sector