[ISN] InfoSec News Mailing List

Pennsylvania's Web security officer leaves post a week after talking about PennDOT hacking incident

InfoSec News: Pennsylvania's Web security officer leaves post a week after talking about PennDOT hacking incident: http://www.pennlive.com/midstate/index.ssf/2010/03/pennsylvanias_web_security_off.html
By JAN MURPHY The Patriot-News March 10, 2010
Last week, Pennsylvania's chief information security officer Robert Maley was at an information security conference in San Francisco talking [...]

The FBI supply chain illustrated

InfoSec News: The FBI supply chain illustrated: http://blogs.csoonline.com/the_fbi_supply_chain_illustrated
By Robert McMillan Security Blanket 2010-03-09
While FBI Director Robert Mueller was talking about possible threats to the U.S. supply chain at the RSA Conference last week, staffers at the [...]

Colorado Springs man allegedly sabotaged TSA computers

InfoSec News: Colorado Springs man allegedly sabotaged TSA computers: http://www.denverpost.com/ci_14648083
By Howard Pankratz The Denver Post 03/10/2010
A former employee of the Transportation Security Administration has been indicted by the Denver federal grand jury for attempting to sabotage TSA computers that enable TSA airport personnel to spot potential terrorists before they board airliners.
Douglas James Duchak, 46, of Colorado Springs, worked for the TSA from August 2004 through October 2009.
According to the indictment, Duchak sent a code or virus into computers at the TSA's Colorado Springs Operations Center in the attempt to disable the TSA computer system, which receives information from the government's Terrorist Screening Database and the U.S. Marshal's Service Warrant Information Network.
The indictment said that the TSA computer system is critical in "vetting of individuals" who are attempting to gain access to "secure areas of the nation's transportation system."
The indictment said that Duchak's duties included updating the databases with new information.
He allegedly inserted a virus programmed to spread on a specific date to destroy the computer system.
[...]

Zeus botnets suffer mighty blow after ISP taken offline

InfoSec News: Zeus botnets suffer mighty blow after ISP taken offline: http://www.theregister.co.uk/2010/03/10/massive_zeus_takedown/
By Dan Goodin in San Francisco The Register 10th March 2010
At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend [...]

WhitePages.com halts ad networks over malware

InfoSec News: WhitePages.com halts ad networks over malware: http://news.cnet.com/8301-27080_3-10466753-245.html
By Elinor Mills InSecurity Complex CNet News March 10, 2010
WhitePages.com has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware.
"On Monday morning WhitePages received reports from users [about] malware in the form of a fake antivirus upsell program that we believe originated (against our terms) from a third-party advertising network serving ads on our website, in addition to other websites," a WhitePages spokeswoman said in an e-mail late Tuesday.
"We immediately suspended the networks in question at which time the reports from users subsided," she wrote. "We are working diligently to prevent this from happening in the future."
A representative for the Senate's Committee on Environment and Public Works said on Tuesday that officials were looking at WhitePages.com and Drudge Report as possible sources of malware that had affected Senate computers the day before.
Matt Drudge denied the accusation on his site and accused the committee of politicking. But several CNET readers reported that they too had been hit with the malware when they visited the Drudge Report Web site, a conservative news aggregator that sometimes authors stories too.
[...]

Thailand approves extradition of credit card hack suspect

InfoSec News: Thailand approves extradition of credit card hack suspect: http://www.theregister.co.uk/2010/03/08/thailand_extradites_hacking_suspect/
By Dan Goodin in San Francisco The Register 8th March 2010
A criminal court in Thailand has approved the extradition to the US of a Malaysian man suspected of participating in credit card thefts of more [...]

RSA: Cybersecurity A Joint Fed, Industry Effort

InfoSec News: RSA: Cybersecurity A Joint Fed, Industry Effort: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=223200125
By J. Nicholas Hoover InformationWeek March 8, 2010
Government officials played a starring role at the annual RSA Conference last week, laying out their plans for government cybersecurity, [...]

Cybersecurity program has serious defects, GAO says

InfoSec News: Cybersecurity program has serious defects, GAO says: http://gcn.com/articles/2010/03/08/cnci-assessment-030810.aspx
By William Jackson GCN.com March 08, 2010
Implementing the Comprehensive National Cybersecurity Initiative, a broad program intended to protect the nation.s cyber infrastructure, has been hampered by a lack of coordination and transparency, according to the Government Accountability Office.
"CNCI is unlikely to fully achieve its goal of reducing potential vulnerabilities, protecting against intrusion attempts, and anticipating future threats to federal information systems unless roles and responsibilities for cybersecurity activities across the federal government are more clearly defined and coordinated," the GAO concluded in a November briefing to the staff of the House Armed Services subcommittee on Terrorism, Unconventional Threats and Capabilities.
The GAO also concluded that too much of the initiative, which was spelled out in National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, has remained classified.
"Since the approval of NSPD-54/HSPD-23, few elements of CNCI have been made public," the GAO briefing said. "While certain aspects and details of CNCI must necessarily remain classified, the lack of transparency regarding CNCI projects hinders accountability to Congress and the public. In addition, current classification may make it difficult for some agencies, as well as the private sector, to interact and contribute to the success of CNCI projects."
[...]

Ford Motor Rolls Out New Security Features To Prevent Car-Hacking

InfoSec News: Ford Motor Rolls Out New Security Features To Prevent Car-Hacking: http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163
By Kelly Jackson Higgins DarkReading March 08, 2010
Automobile giant Ford Motor this year will debut vehicles with built-in WiFi -- along with enhanced security features to prevent data breaches via its new cars.
Ford has offered the so-called Sync technology service it co-developed with Microsoft in most of its Ford, Lincoln, and Mercury vehicles since 2008. The technology lets drivers run their Bluetooth-enabled mobile phones and digital media players via their vehicles and use voice commands to operate them, for instance.
The automaker announced today that the second generation of its Sync technology -- due out later this year and to include a full Windows CE operating system with a new driver interface called MyFordTouch -- will come with a built-in browser and secured WiFi access. It will first debut in the 2011 Ford Edge and 2011 MKX Lincoln, and later, in the 2010 Ford Focus.
"We really began to focus on the security side when we began launching Sync, and it was [originally] for working with phones and media players," says Jim Buczkowski, director of Ford electronics and electrical systems engineering. "Now we're extending that system connectivity to include WiFi as another data path for customers in their vehicles ... and we're extending that security model for protecting WiFi."
[...]

Backdoor found in Energizer Duo USB battery charger

InfoSec News: Backdoor found in Energizer Duo USB battery charger: http://news.cnet.com/8301-27080_3-10465429-245.html
By Elinor Mills InSecurity Complex CNet News March 8, 2010
Software that can be downloaded for use with the Energizer Duo USB battery charger contains a backdoor that could allow an attacker to remotely take control of a Windows-based PC, Energizer and US-CERT is warning.
"The installer for the Energizer Duo software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory," the U.S. Computer Emergency Readiness Team said in an advisory on Friday. "Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Its capabilities include the ability to list directories, send and receive files, and execute programs."
The Windows software was made available via a download with the Energizer Duo Charger, Model CHUSB, Energizer said in a statement.
The battery maker said it does not know how the Trojan got into the software. "Energizer has discontinued sale of this product and has removed the site to download the software," the statement said. "Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software."
[...]

FDIC: Hackers took more than $120M in three months

InfoSec News: FDIC: Hackers took more than $120M in three months: http://www.computerworld.com/s/article/9167598/FDIC_Hackers_took_more_than_120M_in_three_months?taxonomyId=17
By Robert McMillan IDG News Service March 8, 2010
Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. [...]

Tokyo's Cyber Emergency Centre at the vanguard of hacking defence

InfoSec News: Tokyo's Cyber Emergency Centre at the vanguard of hacking defence: http://technology.timesonline.co.uk/tol/news/tech_and_web/article7053320.ece
By Leo Lewis The Times March 8, 2010
Across one wall of a Thunderbirds-style command centre a huge map of the world keeps a running log of global cyber-attacks. Bloodcurdling names [...]

The Corporate Side of Snooping

InfoSec News: The Corporate Side of Snooping: http://www.nytimes.com/2010/03/07/business/07shelf.html
By DEVIN LEONARD Off the Shelf The New York Times March 5, 2010
IT'S easy to understand how Washington reporters can become jaded. They are constantly being spun by the same gang of politicians and lobbyists [...]

Microsoft's tax-for-hacks 'horrible' idea, say security experts

InfoSec News: Microsoft's tax-for-hacks 'horrible' idea, say security experts: http://www.computerworld.com/s/article/9166458/Microsoft_s_tax_for_hacks_horrible_idea_say_security_experts?taxonomyId=17
By Gregg Keizer Computerworld March 5, 2010
Microsoft's idea that the fight against malware could be funded by an Internet tax is "horrible," an analyst said Thursday as other experts weighed in on a recent comment by the company's security chief.
Earlier this week, Scott Charney, Microsoft's vice president for its Trustworthy Computing group, said that while there are plenty of ways to combat malware, scrub infected PCs and take down botnets, no one wanted to foot the bill.
"Maybe markets will make it work," Charney said, but then added that an Internet usage tax might be the solution. "You could say it's a public safety issue and do it with general taxation," Charney said.
"The idea of a general Net tax is a horrible idea," said John Pescatore, Gartner's security analyst. "Why not a tax on all retail goods for a standard antishoplifting service all merchants would have to use?" A business, he said, can now select what it thinks is the best anti-malware solution, but that choice would presumably vanish if funding for battling the bad guys went national.
[...]

Facebook founder Mark Zuckerberg 'hacked into emails of rivals and journalists'

InfoSec News: Facebook founder Mark Zuckerberg 'hacked into emails of rivals and journalists': http://www.dailymail.co.uk/news/worldnews/article-1255888/Facebook-founder-Mark-Zuckerberg-hacked-emails-rivals-journalists.html
By Mail Foreign Service 06th March 2010
Facebook founder Mark Zuckerberg has been accused of hacking into the email accounts of rivals and journalists. [...]

Westin Bonaventure Los Angeles latest victim of hotel hackers

InfoSec News: Westin Bonaventure Los Angeles latest victim of hotel hackers: http://content.usatoday.com/communities/hotelcheckin/post/2010/03/hackers-breach-westin-bonaventure-los-angeles-networks-cybercriminal/1
By Barbara De Lollis USA TODAY Hotel Check-In March 07, 2010
You may have to monitor your credit card statements - and even place a [...]

Linux Advisory Watch: March 6th, 2010

InfoSec News: Linux Advisory Watch: March 6th, 2010: +----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 6th, 2010 Volume 11, Number 10 | | | [...]

At RSA, Some Security Pros Don't Practice What They Preach

InfoSec News: At RSA, Some Security Pros Don't Practice What They Preach: http://www.darkreading.com/vulnerability_management/security/encryption/showArticle.jhtml?articleID=223101624
By Tim Wilson DarkReading March 05, 2010
SAN FRANCISCO -- RSA Conference 2010 -- You'd think the behavior of wireless users at one of the industry's biggest security conferences [...]

Iowa Homeland Security Web site "compromised"

InfoSec News: Iowa Homeland Security Web site "compromised": http://www.desmoinesregister.com/article/20100304/NEWS/100304002/1001/Iowa-Homeland-Security-Web-site-compromised
By WILLIAM PETROSKI dmreg.com March 4, 2010
The Iowa Homeland Security and Emergency Management Division's Web site has been "compromised," a state official said today. [...]

Nation's cybersecurity suffers from a lack of information sharing

InfoSec News: Nation's cybersecurity suffers from a lack of information sharing: Forwarded from: Richard Forno <rforno (at) infowarrior.org>
Talk about a blast from the past!
This article could be ripped from FCW's archives with only the dates and names changed .... I mean, didn't we hear industry and gov folks say the same thing in 1997, 2000, 2003, 2005, 2007 and 2009 about critical infrastructure protection, Y2K, homeland security, etc? Heck, the Nation even has a "National Strategy for Information Sharing" issued by the White House. Lot of good that's done, too.
Yet after 15 years or so we're *still* talking about the same problems and obstacles to overcome involved with both information-sharing and infosec in general, in both human and technical terms.
...but that's okay, we can always levy a Charney-charge [1] on everyone to help subsidize the industry instead. This is the decade of bailing folks out, isn't it?
Same stuff, different year. And folks wonder why I am so damn cynical about this industry.
-rf
[1] http://blog.seattlepi.com/microsoft/archives/196494.asp
On Mar 4, 2010, at 01:18 , InfoSec News wrote:
[...]

New BlackEnergy Trojan Targeting Russian, Ukrainian Banks

InfoSec News: New BlackEnergy Trojan Targeting Russian, Ukrainian Banks: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=223101487
By Kelly Jackson Higgins DarkReading March 04, 2010
SAN FRANCISCO -- RSA Conference 2010 -- Russian hackers have written a more sophisticated version of the infamous BlackEnergy Trojan associated [...]

White House Cyber Czar: 'There Is No Cyberwar'

InfoSec News: White House Cyber Czar: 'There Is No Cyberwar': http://www.wired.com/threatlevel/2010/03/schmidt-cyberwar/
By Ryan Singel Threat Level Wired.com March 4, 2010
Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United [...]

Heartland Aftershocks: Still at Risk?

InfoSec News: Heartland Aftershocks: Still at Risk?: http://www.bankinfosecurity.com/articles.php?art_id=2264
By Linda McGlasson Managing Editor Bank Info Security March 4, 2010
Earlier this week, First National Bank of Durango, CO came forward to reveal that as many as 5,000 of its customers were at risk because of [...]

Secunia Weekly Summary - Issue: 2010-09

InfoSec News: Secunia Weekly Summary - Issue: 2010-09: ========================================================================
The Secunia Weekly Advisory Summary 2010-02-25 - 2010-03-04
This week: 64 advisories [...]

FBI Director: Hackers have corrupted valuable data

InfoSec News: FBI Director: Hackers have corrupted valuable data: http://www.computerworld.com/s/article/9166378/FBI_Director_Hackers_have_corrupted_valuable_data?taxonomyId=17
By Robert McMillan IDG News Service March 4, 2010
Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday.
The United States has been under assault from these targeted spear-phishing attacks for years, but they received mainstream attention in January, when Google admitted that it had been hit and threatened to pull its business out of China -- the presumed source of the attack -- as a result.
FBI Director Robert Mueller called these attacks a threat to the nation's security on Thursday, speaking at the RSA Conference in San Francisco. "Just one breach is all they need in order to open the floodgates," he said, speaking about the hackers behind these intrusions. "We have seen not only a loss of data, but also a corruption of that data."
Mueller did not say exactly what he meant by corruption of data, but security experts worry that if attackers are able to alter source code, they might put back-doors or logic bombs in the software they gain access to.
[...]