Man accused of threatening to kill Obama, blow up Mall of America. A 20-year-old southwestern Colorado man has been indicted on charges of threatening to kill the U.S. President and blow up the Mall of America in Bloomington. The man was indicted January 27 in federal court in Denver. A warrant has been issued for his arrest, and authorities declined to discuss his whereabouts. He faces one count each of transmission of threats and falsely threatening to use explosives. The man emailed the FBI eight days before the President was inaugurated, the indictment alleges, and wrote: “I’m going to assassinate the new president of the United States of America. PS you have 48 hours to stop it from happening.” Federal court records also say he emailed the FBI with a threat against the mall: “I have rigged 40 pounds of C4 [a moldable plastic explosive] ... and my favorite TNT to 7 cars outside the Mall of America.” Mall officials were “notified immediately” by the FBI and Bloomington police of the threat, said the executive vice president of business development. The mall was given the all-clear after 16 to 18 hours once it was determined that “the threat wasn’t valid” and a search of the giant retail and entertainment complex turned up nothing suspicious.
Source: http://www.startribune.com/local/38608537.html?elr=KArksLckD8EQDUoaEyqyP4O:DW3ckUiD 3aPc:_Yyc:aUUsZ

Suspicious pipe-like device found taped to airport fuel truck. The Dane County Bomb Squad disarmed a suspicious device found taped to the side of a fuel truck at the Middleton Airport on February 1. Middleton police said a suspicious man was seen driving a black Ford F-150 pickup truck around the hangars and fuel pit at around 8 a.m. on February 1. The man left after being confronted by airport personnel, WISC-TV reported. Authorities said the same man was seen again in the area of the airport gate. They said at around 4:30 p.m., a suspicious, pipe-like device was observed affixed to the side of a fuel truck at the airport. The fuel truck was in close proximity to other fuel storage tanks. All flights were diverted from the airport, and the surrounding area was evacuated by Middleton police and fire departments. The Dane County Bomb Squad took the pipe-like device to an open field to render it safe, WISC-TV reported.
Source: http://www.channel3000.com/news/18617508/detail.html

Suspicious package found at Port Everglades. Port Everglades was closed to vessel traffic as investigators inspected a suspicious package at a terminal for nearly two hours on February 1. A K-9 unit detected something suspicious in luggage of a passenger who was boarding a ship around 4:30 p.m. The terminal had to be evacuated and vessels, including several cruise ships, were unable to dock. The package contained electronics that caused the dog to be alarmed.
Source: http://www.wptv.com/news/local/story/Suspicious-package-found-at-Port-Everglades/fY3Xg0wpqkWF2QTKLjkdMA.cspx

Los Angeles hotel chemical dump sparked terrorism fear. Employees of a luxury hotel in downtown Los Angeles sparked fears of terrorism two weeks ago when they allegedly dumped nearly 100 gallons of chlorine and muriatic acid down a rooftop drain, the Los Angeles Times reported Saturday. Fumes from a storm drain outside the Standard hotel spread to a nearby subway station early on January 19, causing two or more people to vomit and producing a burning feeling in the eyes and lungs of a Los Angeles County sheriff’s deputy. “Chlorine is not naturally occurring…and the subway is a venue we anticipated as a target. So I thought this was actually a terrorist attack,” said the head of the FBI’s WMD response team in Los Angeles. His team, along with hazardous material crews from the Los Angeles Police and Sheriff’s departments, searched the subway station before discovering the source of the gas near the hotel. An adjacent intersection had to be closed off for hours because fumes were still emanating from the storm drain. Maintenance personnel at the hotel, which has a rooftop pool, first acknowledged dumping a limited amount of chlorine down the drain. Under continued pressure from the FBI, they admitted that much more of the chemical had been dumped. The company that owns the hotel was formally accused Thursday of knowingly disposing of hazardous waste, a charge that carries a fine up to $500,000.
Source: http://www.globalsecuritynewswire.org/gsn/nw_20090202_2660.php

Drive-by ‘war cloning’ attack hacks electronic passports, driver’s licenses. With a $250 used RFID scanner he purchased on eBay and a low-profile antenna tucked away in his car, a security researcher recently drove the streets along Fisherman’s Wharf in San Francisco, where he captured and cloned a half-dozen electronic passports within an hour. The researcher, who is the technical lead for research and testing in information security at eBay, coined this newest RFID attack “war cloning.” The security weaknesses of the EPC Gen 2 RFID tags have been well-known for some time. These tags are being used in the new wallet-sized passport cards that the U.S. Department of Homeland Security offers under the new Western Hemisphere Travel Initiative for travel to and from Western Hemisphere countries. Unlike previous RFID hacks that have been conducted within inches of the targeted ID, his hack can scan RFID tags from 20 feet away. “This is a vicinity versus proximity read,” he says. “The passport card is a real radio broadcast, so there’s no real limit to the read range. It’s conceivable that these things can be tracked from 100 meters — a couple of miles.” He says the RFID chip technology found in traditional passport books is better because it has encryption and authentication features. He suggests the Federal Government replace the e-passport RFID chips with the RFID chips used in the passport books.
Source: http://www.darkreading.com/security/privacy/showArticle.jhtml;jsessionid=35LA4DR1HIG4KQSNDLRSK HSCJUNN2JVN?articleID=213000321

Suspicious package at police station. Police in North Wales, Pennsylvania discovered a suspicious package on February 6 on the steps of their own police station. The discovery was made around 8:00 a.m. in the 300 bock of School Street. A police robot was on the scene. There is no word on what was in the package, or who may have left it.
Source: http://abclocal.go.com/wpvi/story?section=news/local&id=6644677

Alleged threat locks down 4 schools. Four schools in northeast Cheatham County were locked down for a few hours on February 4 after police said a serious threat was made to people who attend one or more of the schools. Authorities said they were concerned about the safety of the students after they could not locate a former student from Sycamore High School who is accused of making the threats. The schools that were locked down were Pleasant View Elementary, Sycamore Elementary, Sycamore High School and East Cheatham Elementary. Hundreds of students were affected by the lockdown. Students were allowed to leave the schools with their parents. A half-day was previously scheduled for teacher in-service, and dismissal had been planned for 12:45 p.m. It was unclear what kind of threat the former student was accused of making. The Cheatham County School Board said that was the only information they were releasing at this time.
Source: http://www.msnbc.msn.com/id/29016006/

House approves national center for campus safety. On February 3 the House approved the creation of an office in the Justice Department to help university security forces train for and prevent violent incidents such as those that hit Virginia Tech and Northern Illinois University in recent years. The National Center for Campus Public Safety would issue grants to campus safety agencies, encourage research into improved college safety and conduct training. The center would be run through the Justice Department’s Community Oriented Policing Services (COPS) program, said a representative from Virginia, who co-sponsored the bill with a congressman from Texas.
Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2009/02/03/national/w124803S73.DTL&type=politics

In the AAW Forum, we have often spoken of our wonderful troops, and the job they are doing in defending us from terror.

Yet I have seen very little talk of what we can do. Yes, us home folk who aren't wearing cammo, or toting military issue weaponry. (If you are, please don't tell me about it! LOL)

What can regular citizens do?

I wanted to start a thread to discuss it.

Here are some ideas:
1) InfraGard - a private, not-for-profit group sponsored by the FBI that is tasked with protecting 17 sectors of critical infrastructure as indentified in the National Infrastructure Protection Plan (NIPP)
2) LEPC Committees - Local Emergency Planning Committees are under the aegis of the state DHS. They have to do with hazardous materials safety.
3) School Safety Commissions/Committees - Some states mandate such committees to help schools develop school safety plans

Info will be given on each. What are some things you can do in your neck of the woods?

We all have a vested interest in protecting our homeland.

The Minutemen.

I will lock and load.

8 post offices receive letters with threat of bombings. Eight southern Minnesota post offices are on alert after each received a bomb threat. Eight letters, all delivered sometime during the week of February 2-6, were sent to postmasters, warning that bombs would be placed at their offices “as part of a succession of eight Post Office bombing incidents,” according to a memo sent to post office employees. The post offices targeted by the letters were in the 560 ZIP code area: Mankato, North Mankato, St. James, Lake Crystal, Madelia, New Ulm, Sleepy Eye and Le Center. An official with the U.S. Postal Inspection Service said that the incident remains under investigation and that each building was swept for explosives. Nothing was found. He declined to discuss details of the letter, citing the investigation.
Source: http://www.startribune.com/local/39265182.html?elr=KArksLckD8EQDUoaEyqyP4O:DW3ckUiD 3aPc:_Yyc:aUUF

First U.S. case of Marburg hemorrhagic fever documented in Denver. Rocky Mountain News reported that Marburg hemorrhagic fever, a rare disease caused by a virus indigenous to Africa, was discovered in a patient who had returned from a trip to Uganda. The patient, who has not been identified, sought treatment and was released. A follow-up testing in June 2008 revealed that the patient had contracted the deadly Marburg virus, which exhibits though flu-like symptoms. The Centers for Disease Control notified Lutheran Medical Center in Denver of its findings in January. The patient, while in Uganda, had visited a python cave in Maramagambo Forest in Queen Elizabeth Park. They came into contact with fruit bats, which can be Marburg virus carriers. Lutheran Medical Center is working with various local, state, and national health agencies to determine whether anyone on staff may have contracted the deadly virus, which has an 80 percent mortality rate, while in proximity or in contact with the patient or with any testing samples of the patient.
Source: http://www.associatedcontent.com/article/1457525/first_u_s_case_of_marburg_hemorrhagic.html

Police at ‘dead end’ in attack on Ark. doctor. Detectives are “at a dead end” in their investigation of a bombing that severely injured the chairman of Arkansas State’s medical board, a police chief said Friday. No witnesses have come forward with information about who entered the victim’s driveway to plant the homemade bomb. Materials collected from the bomb site have been sent to a U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives laboratory in Atlanta. The victim is in critical condition and unable to speak. As chairman of the medical board, he oversaw the licensing of 12,000 physicians, but he also had a primary-care practice a mile from the site of the bombing. The bomb, planted near the front of the doctor’s sport utility vehicle, detonated as he prepared to leave home for a medical board meeting in Little Rock.
Source: http://www.msnbc.msn.com/id/29057451/ See also: http://www.nytimes.com/2009/02/07/us/07explode.html

Computer virus shuts down Houston Municipal Courts. Houston shut down part of its municipal court operations on February 6, cancelling hearings and suspending arrests for minor offenses after a computer virus infected hundreds of its machines. City officials said they expected the problems to extend at least through February 9. It was unclear how the virus got into the system, but officials promised a thorough investigation. They could not say when they hoped to have the virus removed from the city network. The disruption cascaded through city departments, leading police to temporarily abandon making some arrests for minor offenses. Officials also briefly disconnected the Houston Emergency Center. Although some emergency communications, such as dispatching, are routed through the center, police experienced no major disruptions, officials said. By the afternoon of February 6, officials said the virus appeared to be contained to 475 of the city’s more than 16,000 computers. But the problems it caused grew so severe that city officials made an emergency purchase order for up to $25,000 to bring in Gray Hat Research, a technology security company that began trying to eradicate it through the early morning hours on February 6. The city’s deputy director of information technology said officials suspected the infection was a form of Conficker, the latest super virus that has breached at least 10 million computers worldwide as of late January, including the government health department in New Zealand and defense systems in France.
Source: http://www.chron.com/disp/story.mpl/headline/metro/6250411.html

Possible pipe bomb located in parking lot of Junction Shopping Center this afternoon. On February 8, at approximately 2:50 p.m., a Tuolumne County Sheriff’s deputy was flagged down by a citizen in the Junction Shopping Center parking lot. The citizen located a suspicious device in the parking lot area near Gottschalks and McDonalds. The deputy noticed the device looked similar to a pipe bomb. The device was a metal pipe, sealed at both ends. The area was immediately secured and a safety perimeter was established. The Calaveras County Sheriff Bomb Unit detonated the device in place and rendered it safe. At this time, it is unknown who left the device.
Source: http://thepinetree.net/index.php?module=announce&ANN_user_op=view&ANN_id=10444

Hazmat team investigates suspicious powder in envelope. Marion County School Board officials were briefly evacuated from their offices on February 9 after a secretary opened up an envelope filled with an unknown white powder. The school board secretary opened up the letter, addressed to the school system in care of the school superintendent, and saw the powder, a Marion County Schools spokesman said. The Ocala Fire Rescue HAZMAT team shut off the air conditioner and secured the envelope. The building was evacuated, and the secretary’s desk was bleached, an Ocala Fire Rescue Battalion chief said. The Marion County Health Department will conduct testing to determine what the powder is.
Source: http://www.ocala.com/article/20090209/ARTICLES/902090/0/NEWS?Title=HAZMAT_team_investigates_suspicious_pow der_in_envelope

Police clear Boise Towne Square Mall after “suspicious device” evacuation. Shortly before midnight February 9, Boise police bomb technicians wrapped up an investigation into five “suspicious devices” found at the Boise Towne Square Mall. Officers said all the devices, all similar in appearance, were hoaxes. The devices were apparently meant to look like viable explosive devices. Boise police bomb sniffing dogs made additional rounds to discover if any further devices were in the mall. Now that the mall area has been deemed safe, Boise Police detectives are also beginning their investigation into who may have put the devices in the popular shopping area, causing an evacuation of about 2,000 people. The first device was found shortly before 7 p.m. near the center court area. Mall security called Boise police, who initially cleared an area of 300 feet around the device and alerted the department’s bomb squad to respond, officials said. A second device was found at about 7:30 p.m. At that time, police made the decision to evacuate the entire mall. Boise Police Department, mall security and citizens inside the mall found additional devices. Police are not aware of any threats made to the mall area or elsewhere.
Source: http://www.idahopress.com/news/?print=true&id=19755

Man arrested with rifle said he had delivery for Obama. Police arrested a man near the U.S. Capitol on Tuesday after he drove up to one of the building’s barricades with a rifle in his vehicle and told officers that he had a delivery for the U.S. President, a Senate spokesman said. The 64 year old man, of Winnfield, Louisiana, was charged with possession of an unregistered firearm and unregistered ammunition. The man drove up to the north barricade at the Capitol late Tuesday afternoon, saying he had a delivery for the President, a police sergeant said. After further questioning, the man admitted he had a rifle in his truck. He was arrested and taken to police headquarters for processing, she said. A search of his truck turned up several rounds of ammunition, the sergeant said. Police also checked the area around the barricade, but found nothing hazardous.
Source: http://edition.cnn.com/2009/CRIME/02/10/obama.threat/index.html?iref=mpstoryview

Suspicious object brings bomb squad to courthouse again. Hillsboro police closed First Avenue between Main and Lincoln streets for 90 minutes on the morning of February 9 after a suspicious object was found inside the Washington County Courthouse during a routine security sweep. A security officer spotted a small, purple cloth bag sitting under a bench inside the east side courthouse building at about 10:30 a.m., said a Hillsboro Police Department official. Inside the bag, the guard found a fist-sized metal pipe with end caps on both sides and a 6-inch yellow wire protruding from one end, the police official said. Hillsboro police were contacted, and the Portland Police Bureau Bomb Squad arrived at around 10:45 a.m. The item was quickly scooped up by a bomb-handling technician and placed in a small bomb-proof trailer. According to the police spokesman, the bomb squad took the item to an undisclosed location for further examination and likely detonation.
Source: http://www.oregonlive.com/news/argus/index.ssf?/base/news/123429541630910.xml&coll=6

69 computers missing from nuclear weapons lab. The Los Alamos nuclear weapons laboratory in New Mexico is missing 69 computers, including at least a dozen that were stolen last year, a lab spokesman said. No classified information has been lost, a spokesman said. The watchdog group Project on Government Oversight on Wednesday released a memo dated February 3 from the Energy Department’s National Nuclear Security Administration that said 67 computers were missing, including 13 that were lost or stolen in past 12 months. The lab was initiating a month-long inventory to account for every computer, the spokesman said. The computers were a cybersecurity issue because they may contain personal information like names and addresses, but they did not contain any classified information, he said. Also missing are three computers that were taken from a scientist’s home in Santa Fe, New Mexico, on January 16, and a BlackBerry belonging to another employee was lost “in a sensitive foreign country,” according to the memo and an e-mail from a senior lab manager.
Source: http://www.google.com/hostednews/ap/article/ALeqM5g6QEPXqw-PCm21HnDYwg3sbGm5HAD969OPC81

Unknown powder found in federal offices in Texas. The FBI headquarters in El Paso was evacuated February 11 after two people in the mail room were exposed to a white powdery substance in a letter that was addressed to a former Massachusetts governor and Republican Presidential candidate. An FBI spokeswoman said a field test showed the material found February 11 was not hazardous but more extensive tests are pending. The employees who came in contact with the powder were treated at the scene by emergency medical personnel. Everyone else in the federal law enforcement building, which houses about 200 FBI employees and nearly 100 U.S. Drug Enforcement Agency personnel, was sent home while hazardous materials crews worked to identify the substance. An FBI spokeswoman said the powder was in a piece of mail addressed to the Republican official with a return address of the FBI office in El Paso. She said that it appeared that the letter was sent to the FBI address after being returned as undeliverable.
Source: http://news.yahoo.com/s/ap/20090212/ap_on_re_us/fbi_powder_scare

White powder mailed to Clermont office. Clermont County employees have been warned to be careful opening mail after an envelope addressed to a local government office was found to contain a suspicious white powder. The substance was discovered in an envelope addressed to a Clermont County office, which has some mail delivered to and sorted at a US Bank facility in the Linwood neighborhood of Cincinnati, an FBI agent said. The Cincinnati Fire Department’s hazardous materials team responded and analyzed the powder. “The preliminary tests on the powder, which was inside the letter, (showed) there was no dangerous material,” said the FBI official. “No one at the scene showed any sign of any reaction to any type of harmful substance.” The letter has been sent to the Ohio Department of Health’s Laboratory Response Network for further analysis. FBI and U.S. Postal Service inspectors are investigating.
Source: http://news.cincinnati.com/article/20090211/NEWS01/302110065

Authorities: Powder found in mailbox not a health threat. Colorado state and local emergency officials are continuing to investigate after a suspicious powder was found on February 9 inside a Rocky Mount mailbox, although initial tests indicate the substance was not hazardous. Crews worked on scene for several hours to identify the white powder discovered inside a residential mailbox in the Sportsman Trail subdivision, before sending a sample of the substance to Greenville for testing. Authorities quarantined the area shortly after the powder was reported at 1 p.m., but officials said late on February 9 that it did not seem as if the substance posed a health threat. The Rocky Mount Fire Department was joined in responding by Nash County Emergency Services and the Rocky Mount Police Department. Officials with the Nash County Division of Emergency Management were notified and placed on standby.
Source: http://www.rockymounttelegram.com/news/authorities-powder-found-in-mailbox-not-a-health-threat-424263.html

Suspicious packages disrupt Lancaster Mall. A portion of Lancaster Mall was evacuated February 11 for several hours while Salem police investigated three reported suspicious devices, none of which turned out to be a threat, police said. The first package was reported by mall security about 10:30 a.m. near the Macy’s department store doors. The bomb squad cordoned off the Macy’s parking lot and evacuated the store, adjacent stores in the mall and eventually Sports Authority. The bomb squad’s robot inspected the first package, which appeared to be a suitcase left in the shrubbery. The robot destroyed the suitcase. Meanwhile, two more suspicious packages were found as officers checked the area. Both turned out to be harmless. One was a black plastic bag with leaves inside, police said. Lancaster Mall was reopened by 1:15 p.m. By 1:30 p.m., business resumed as normal, the Lancaster Mall manager said.
Source: http://www.statesmanjournal.com/article/20090212/NEWS/902120359/1001 See also: http://www.kptv.com/news/18692353/detail.html

Bomb squad detonates device. Police are investigating whether an explosive device found at a Redwood City apartment February 11 was planted by someone who once stayed with the resident, a Redwood City police captain said. Redwood City police responded to a report of a suspicious package in an apartment at approximately 4:39 p.m. February 11. Responding officers determined the fabric-like cylinder contained explosive material and called the San Mateo County Bomb Squad. The woman at the apartment reportedly received the suspicious device at approximately 3:30 p.m., but waited an hour before calling police. She took the device in and out of her purse several times and eventually left it on her porch before calling 911, police said. The apartment complex and area around the apartment was evacuated. The bomb squad examined and detonated the device on the woman’s porch. This process caused minor damage to the wall outside the apartment’s living room. There were no injuries related to the incident, police said. The incident is currently under investigation by the Redwood City Police Department.
Source: http://www.smdailyjournal.com/article_preview.php?id=105539

Disruptive passenger halts train. More than 200 Amtrak passengers waited four hours on February 16 as police dogs cased a train for a bomb. The train was stopped just short of the North Carolina Highway 46/U.S. Highway 301 intersection in Garysburg after a passenger announced he was carrying a bomb. A Northampton County Emergency Management Coordinator said the passenger became unruly and during an altercation claimed a bomb was on the train. According to another passenger who was sitting several seats away from the man, the individual in question began acting in an erratic manner. “He started acting weird. Then he smacked somebody in the seat beside me and a guy just came up and grabbed him and held him down. Once he had him down, the guy got quiet. I didn’t hear him say anything about a bomb. Once the police came he didn’t struggle.” Passengers reported they were held on the train for approximately two hours before they were allowed to exit. The man was taken into custody and law enforcement reportedly found what is suspected to be PCP in the man’s carry-on bag.
Source: http://www.rrdailyherald.com/articles/2009/02/18/news/doc499b28d7c9d22658714270.txt

Pipe bombs found during early morning traffic stop. Four pipe bombs were discovered inside a vehicle stopped for an equipment violation early in the morning on February 17, according to the Anchorage Police Department. A nearby road was closed down for a short time, and two suspects were held for questioning by the FBI and the Bureau of Alcohol, Tobacco, Firearms and Explosives. A broken mirror led to the traffic stop at about 3 a.m. at the corner of Northern Lights Boulevard and Boniface Parkway. That is when the officer saw what looked like four bombs inside the vehicle. The bombs — described by the Anchorage Police Department as “very powerful” — were removed from the car and destroyed. Anchorage police were unable to provide information on why the bombs were in the car or where the driver was headed. The FBI says the explosives were not related to terrorist activity.
Source: http://www.ktuu.com/Global/story.asp?S=9859622

Middletown police hit with “swatting” 911 calls. Middletown, New York, police say they are investigating prank emergency calls that are part of a trend of computer-based phone fraud sweeping the country. Known as “swatting,” so called because they are aimed at eliciting police SWAT team responses, the calls exploit a weakness in the 911 calling system, making them virtually untraceable. A Middletown police official said five such calls were made from January 20-22, prompting police in Middletown to respond to the high school and to locations on Linden Avenue and Wickham Avenue. He said one of the calls was of a fake bomb threat to the high school and the other two reported incidents involved guns and fighting. Perpetrators of the calls typed in their messages to an operator at a hearing impaired communications service in Utah, which then relayed the message by voice to Orange County 911. Middletown Police grew suspicious after several of the calls came in with untraceable origins. The communications company, Sorenson Communications of Salt Lake City, refused to release the IP addresses of the computers used for the prank, citing federal communications regulations prohibiting the release of such information.
Source: http://www.recordonline.com/apps/pbcs.dll/article?AID=/20090217/NEWS/90217052

Man held after bomb squad summoned in Clarion. A West Virginia man was arrested February 17 after he left a piece of luggage near propane tanks at the Wal-Mart in Clarion. The 24 year old man, of Beckley, was charged with disorderly conduct, criminal mischief, and facsimile weapons of mass destruction. State police said he rolled the luggage into the store and then back outside, where he left it near the propane tanks, located near the store’s front entrance. The state police bomb squad determined the bag did not contain a bomb. The man was spotted on store security cameras and eventually arrested in Shippenville, state police said. He was jailed in lieu of $30,000 bond.
Source: http://www.post-gazette.com/pg/09048/949692-100.stm

Police: Be on lookout for Army shells. Police are asking people to be on the lookout for large artillery shell casings after a number of spent shells were located behind a beaches strip mall. Police were notified on February 16 of several empty 105-millimeter Army shell casings on a pallet behind a strip mall in Atlantic Beach. None of them were loaded or dangerous, but it appeared that some of them were removed, prompting the police to alert the public. “Our concern is that some of the ordinance casings could be live and we need to try and recover them to make sure they are safe,” said a Jacksonville Sheriff’s Office (JSO) sergeant. He said they do know where the shells came from, but investigations by both the JSO’s bomb squad and military authorities are under way. People in the area said the shell casings had been stacked there for up to three months and people might have taken them to sell metal to make some money.
Source: http://www.news4jax.com/news/18733619/detail.html#-

http://www.nationalterroralert.com/updates/2009/02/19/syria-building-chemical-weapons-plant/

Syria Building Chemical Weapons Plant
Submitted by national on Thursday, 19 February 2009

Syria has been conducting extensive construction work on a chemical weapons facility in the country’s northwest, satellite images obtained by the defense analyst group Jane’s reveal.

‘Syria building chemical weapons plant’

The images of a chemical weapons facility identified as al-Safir were taken by several commercial sources from 2005 to 2008, the analyst group said.

Imagery obtained by DigitalGlobe’s WorldView-1 satellite shows that extensive construction has taken place at the facility, as well as at an adjacent missile base, the group wrote. In addition, the images showed that the site contained a number of the “defining features of a chemical weapons facility.”

Al-Safir is home to a chemical weapons production facility and a missile base that holds a significant part of Syria’s long-range Scud D ballistic missiles, according to foreign reports. The Scud D has a range of 700 kilometers and al-Safir is reported to have several dozen underground fortified bunkers where the launchers and the missiles are stored.

Reported raids on federal computer data soar. Reported cyberattacks on U.S. government computer networks climbed 40 percent during 2008, federal records show, and more infiltrators are trying to plant malicious software they could use to control or steal sensitive data. Federally tracked accounts of unauthorized access to government computers and installations of hostile programs rose from a combined 3,928 incidents in 2007 to 5,488 in 2008, based on data provided to USA Today by the U.S. Computer Emergency Readiness Team (US-CERT). “Government systems are under constant attack,” says the counterintelligence chief in the Office of the Director of National Intelligence. “We’re seeing … a dramatic, consistent increase in cyber crime and intelligence activities.” The government does not publicly detail the number or types of attacks that succeed. A commission of government officials and private experts reported in December 2008 that the departments of Defense, State, Homeland Security, and Commerce all have suffered “major intrusions” in which sensitive data were stolen or compromised.
Source: http://www.usatoday.com/news/washington/2009-02-16-cyber-attacks_N.htm

Black Hat DC: U.S. must consider impact of ‘militarization’ of cyberspace. The United States is unprepared to respond to a cyber-Katrina or cyberwarfare attack and must consider three hot-button issues as the new Administration formulates its cybersecurity strategy: the role of the intelligence community, cyberweapons deployment, and who should be in charge of the nation’s response to a cyberattack, said a cybersecurity and homeland security expert on February 18 during his keynote address at the Black Hat DC conference. The expert, who worked on the U.S. President’s transition team but is not part of the new Administration, had been mentioned as a front-runner for a possible cybersecurity czar position in the Administration. The expert emphasized that he was not speaking on behalf of the Administration, and he would not discuss what recommendations he has given the U.S. President and his team. “Who is in charge [in the event of] a cyber-Katrina?” said the expert, who served on homeland security councils for both previous Administrations and is now a security consultant with Good Harbor. “Is it the FCC? DHS? Commerce? The White House? No one has an answer to that, and that’s pretty darn scary.” As the new Administration fleshes out its policies for cybersecurity, the industry should consider a topic that historically has been “a little taboo.” he says: “The militarization of cyberspace.” The Administration is currently conducting a 60-day review of the nation’s cybersecurity.
Source: http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=214500702&subSection=Attacks/breaches

Independence Mall shoppers and shop owners evacuated. For the second time in three months, Independence Mall shoppers and store owners found themselves out in the cold rather than buying and selling. Police evacuated the mall at about 10:30 a.m. February 18 after smoke began spilling out of the FYE store and into neighboring stores and common areas. Customers in the mall’s anchor stores, Macy’s, Target, and Sears, continued shopping for several minutes, unaware of the smoke, a police chief said. “The mall has separate alarm systems for the anchor stores, and they (shoppers) apparently didn’t hear the general alarms,” he explained. “They were out about 10 minutes later.” No injuries were reported. A heating system motor on the roof caught fire, sending smoke into the mall, a deputy fire chief said. Fire officials gave the go-ahead for people to go back inside, opening shortly after 1 p.m. The mall’s general manager said business was back to normal by 3 p.m.
Source: http://www.patriotledger.com/news/x286842367/Independence-Mall-shoppers-and-shop-owners-evacuated

Raygun jumbo: ‘Long duration’ ground blasts begin. Energy weapon maker Northrop Grumman has announced further successful ground tests for the mighty laser cannon installed in America’s prototype nuke-blasting jumbo jet. Northrop says that “multiple long-duration, lethal” blasts were fired in ground tests, allowing engineers to “tune” the mighty megawatt-range energy gun and tweak its chemical fuel mix. The firm says that the settings will now be left in place for further trials, including the actual shootdown of a real ICBM set for later this year. It seems that in this case a “long-duration” blast is one lasting three seconds or so. However, the company’s energy-cannon chief said the laser could easily have kept blazing for longer, but this would have destroyed or melted the ground test equipment. According to Northrop, these latest tests saw the death ray coming straight out of the laser into measuring gear. The next step will be similar firings, but this time with the combat-intensity beam passing through the fire-control systems and coming out of the jumbo’s distinctive swiveling nose turret into a “range simulator.” The culmination of the flight test program will be an attempt to blow up an actual ballistic missile as it boosts upward from its launch pad, the mission the blaster-jumbo is designed for. Northrop, along with partners Boeing and Lockheed, believe this will take place before next year.
Source: http://www.theregister.co.uk/2009/02/19/abl_ground_tests_full_power/

Lexington police blow up “suspicious” bag; Dell laptop destroyed. Lexington police blew up a suspicious-looking bag on February 19 left by a customer at the 210 East High Street post office, destroying the Dell laptop that was inside. The Hazardous Device Unit, Lexington police’s bomb squad, X-rayed the bag and determined it was no threat. The team used a robot to retrieve and blow up the bag at 4:56 p.m. A police sergeant said police received a call shortly before 3 p.m. from the post office saying a customer briefly stood in line, and then walked out, leaving behind a “suspicious” bag. A post office employee said the woman who left the package asked some of the other customers what to do with the item, and when she did not get a satisfactory answer, she put the bag on a waste can and left.
Source: http://www.kentucky.com/181/story/700316.html

Pilots landing at Seattle-Tacoma airport report lasers. Pilots on 12 jetliners landing at Seattle-Tacoma International Airport on February 22 reported that someone was shining a green laser light into their cockpits, bringing renewed attention to a problem that has plagued pilots since the introduction of cheap laser pointers several years ago. The planes, targeted during a 20-minute period, all landed safely. But the incident led to pilots simultaneously trying to avoid being temporarily blinded by the light while trying to help authorities pinpoint its source, believed to be about a mile north of the airport. Air traffic controllers continuously cautioned pilots about the light during the episode. Laser attacks on aircraft have increased in recent years, according to the Federal Aviation Administration. There have been 148 incidents this year, an FAA spokeswoman said.
Source: http://www.cnn.com/2009/US/02/23/washington.plane.lasers/index.html?iref=newssearc

Suspicious package found at post office. There were some tense moments at a Cincinnati post office on February 24 after a worker discovered a suspicious package in the building. A worker at the U.S. post office in Queensgate called 911 to report finding the suspicious substance just after midnight. According to emergency radio reports, the employee told crews the sandy substance caused her hand to turn red after touching it. An expert was called to the scene to test the substance, and officials later determined it was not hazardous.
Source: http://www.wcpo.com/news/local/story/Suspicious-Package-Found-At-Post-Office/4v_rnIP3hE6rY_cODItBGQ.cspx

Suspicious package found at Portsmouth Naval Medical Center. A parking garage at Portsmouth Naval Medical Center was closed and K-9 and explosive ordinance disposal units called in to investigate a suspicious package, a spokeswoman said. The suspicious package was discovered at 4:46 p.m. on February 23, said a naval spokesman. Emergency responders also checked the parking garage for any other suspicious packages. The parking garage was cleared at about 9:10 p.m. when investigators determined the package was someone’s personal belongings, said the naval spokesman.
Source: http://hamptonroads.com/2009/02/suspicious-package-found-naval-medical-center-portsmouth

Meth makers leave behind a toxic trail at motels. Methamphetamine “cooks” are secretly converting hundreds of motel and hotel rooms into covert drug labs — leaving behind a toxic mess for unsuspecting customers and housekeeping crews. The dangerous contaminants can lurk on countertops, carpets and bathtubs, and chemical odors that might be a warning clue to those who follow can be masked by tobacco smoke and other scents. Motels can be an attractive alternative for drug makers seeking to avoid a police raid on their own homes. U.S. Drug Enforcement Administration records obtained by the Associated Press show that states reported finding evidence of drug-making in 1,789 motel and hotel rooms in the past five years — and that is just those the authorities found. The toxins can linger for days if meth lab hygienists wearing hazmat suits do not clean living areas. The cleanups cost anywhere from $2,000 to $20,000. Even short-term exposure to vapors and residue where the drug is smoked or cooked can cause eye and skin irritation, vomiting, rashes, asthma problems and other respiratory issues. The volatile labs can be set up in less than four hours inside a hotel or motel room, according to the American Hotel and Lodging Association. Methods vary for making the drug, but the equipment can be simple enough to fit in a single backpack: a large soft drink bottle with some rubber tubing, duct tape, batteries, refrigerant packs and a decongestant that contains ephedrine or pseudoephedrine.
Source: http://www.google.com/hostednews/ap/article/ALeqM5hURpCyvmobWZxgcVbt83u2oHLvUwD96HCFBG0

Red laser targets news helicopter. Montgomery County, Maryland, police are searching for the person who pointed a red laser beam at WJLA-TV’s helicopter Wednesday morning. WJLA complained that someone in the area of Whittington Terrace and Caddington Avenue pointed the laser at their helicopter while it was flying for its morning news show.
Source: http://www.nbcwashington.com/news/local/Red-Laser-Targets-News-Helicopter.html

Unattended bag found at Dulles; floor evacuated. A spokesperson with the Metropolitan Washington Airports Authority reports that an unattended bag near the United Airlines ticket counter forced an evacuation of a portion of the ticketing level at Dulles International Airport on the evening of February 24. He says the Virginia State Police EOD team was called to the scene. The explosives team evaluated the bag and reportedly cleared the scene around 8 p.m. Authorities say no one was injured. At this time, there is no word about what was inside the bag.
Source: http://www.wjla.com/news/stories/0209/598132.html?ref=rs

Animal rights extremists arrested. After months of intense federal, state, and local investigation, four animal rights extremists have been arrested in connection with a series of harassing incidents directed toward University of California researchers. On February 20, the Federal Bureau of Investigation arrested the four suspects, all of whom hail from California, saying their protests violated the federal Animal Enterprise Terrorism Act. Two of the suspects are former UCSC students. University of California officials lauded the arrests. “Our students, staff, and faculty…deserve to work and live in a safe environment, without fear that they and their families will be targets of violent actions and threats,” said the dean of physical and biological sciences at UCSC in a statement. If convicted, the suspects face up to five years in prison.
Source: http://pubs.acs.org/cen/news/87/i09/8709news4.html

IG: Energy cannot account for nuclear materials at 15 locations. A number of institutions with licenses to hold nuclear material reported to the Energy Department in 2004 that the amount of material they held was less than agency records indicated. But rather than investigating the discrepancies, Energy officials wrote off significant quantities of nuclear material from the department’s inventory records. That is just one of the findings of a report released on February 23 by the Energy Department Inspector General that concluded “the department cannot properly account for and effectively manage its nuclear materials maintained by domestic licensees and may be unable to detect lost or stolen material.” Auditors found that Energy could not accurately account for the quantities and locations of nuclear material at 15 out of 40, or 37 percent, of facilities reviewed. The materials written off included 20,580 grams of enriched uranium, 45 grams of plutonium, 5,001 kilograms of normal uranium and 189,139 kilograms of depleted uranium. “Considering the potential health risks associated with these materials and the potential for misuse should they fall into the wrong hands, the quantities written off were significant,” the report stated. Auditors also found that waste processing facilities could not locate or explain the whereabouts of significant quantities of uranium and other nuclear material that Energy Department records showed they held. More than 100 academic and commercial institutions and government agencies lease nuclear materials that are owned by Energy. The department, along with the Nuclear Regulatory Commission, is supposed to track these materials through the centralized accounting system known as the Nuclear Materials Management and Safeguards System, or NMMSS.
Source: http://www.govexec.com/dailyfed/0209/02309kp1.htm

Explosives found in storage. A stockpile of illegal explosives was discovered in a Searcy, Arkansas storage unit on February 24. Found in a rental space at The Storage House were 1.5 pounds of TNT, several 2.5 pound sticks of C-4, a time fuse, 26 non-electric blasting caps, black powder and artillery simulator shells. “Nobody really knows,” the Searcy fire chief said of how the items got into the 15’ by 30’ unit with a garage-style door. He said the items are regulated and should not have been there, and another official confirmed that possession and use of the items, which could have been used to remove stumps or rocks during construction, were subject to federal and state law. “It looks like that at one time the guy worked for the Arkansas Power and Light Company,” the official said, noting the items could have been stolen but probably were not. “Years ago these things were not regulated as they are today. Some of these items may have been as much as 15 years old.” The bomb squad coordinator for the Arkansas State Police took possession of the items and with an agent from the Bureau of Alcohol, Tobacco, and Firearms took the explosives to Camp Robinson for disposal.
Source: http://www.thedailycitizen.com/articles/2009/02/25/news/top_stories/top01.txt

Md. man arrested for shining laser at news helicopter. A Silver Spring man who shined a laser pointer at a news helicopter was arrested Wednesday morning, Montgomery County Police said. Officers responded to the man’s home, where they found him holding the laser that he shined at the passing helicopter because it annoyed him, police said; he then shined it in an officer’s face. The man was arrested and charged with one count of disorderly conduct, three counts of reckless endangerment, and two counts of prohibited use of a laser pointer.
Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/02/25/AR2009022503006.html?wprss=rss_metro

Chicago man arrested for allegedly targeting Obama with HIV-infected blood. A man from the U.S. President’s hometown of Chicago has been arrested for allegedly sending the President and his staff envelopes containing HIV-infected blood, in the hopes of killing or harming them. It is only the second time ever that HIV-infected blood has been sent with malicious intent through the U.S. mail system, a spokesman for the U.S. Postal Inspection Service said. In the weeks leading up to the President’s inauguration, the suspect, an Ethiopian refugee in his late 20’s, sent an envelope addressed to the current President to offices of the Illinois government in Springfield, Illinois, according to court documents. The envelope contained a series of unusual items, including a letter with reddish stains and an admission ticket for the President’s election-night celebration in Chicago’s Grant Park. Court documents said the suspect, who takes drugs to treat a mental illness, later told FBI agents he is “very sick with HIV” and cut his fingers with a razor so he could bleed on the letter. Hazmat teams were called in after the envelope was opened, and offices of the Illinois Department on Aging and the Department of Revenue were locked down for nearly two hours, locking 300 staffers in their offices, court documents said. After the suspect was arrested, he was placed in a Chicago correctional facility. He has yet to be formally charged. A judge ordered he receive a mental examination to see if he is fit for trial, but as of two weeks ago, the court could not locate a translator to conduct the examination, according to court documents.
Source: http://www.foxnews.com/politics/first100days/2009/02/27/chicago-man-arrested-allegedly-targeting-obama-hiv-infected-blood/

Bomb threat empties banks. At 1:50 p.m. February 25, Alamosa Police were notified that a bomb threat had been called into the main trunk line at San Luis Valley Federal Bank’s building. Police, Alamosa firefighters, and EMTs responded to the scene and found the bank’s customers and staff already being ushered out of the building and to a safe location in a parking lot south of the structure. A deputy police chief said the next day that a soft-spoken female, in a calm voice, called the bank and said “a bomb is going to go off.” No bomb was found, but information was developed. Police are currently seeking an interview with a person the deputy chief described as ‘dissatisfied, disgruntled’ who was involved in a disturbance at the Mariposa branch earlier in February and whose account had been closed by the bank. The crime, false reporting of an explosive device, is a class four felony in Colorado. There were no injuries reported during the evacuations.
Source: http://www.alamosanews.com/V2_news_articles.php?heading=0&story_id=11889&page=72

Arrest in weekend bomb threats; caller to mall still at large. A Chico man, whose family said is developmentally challenged, has been arrested on suspicion of placing bomb threat calls to the Chico Wal-Mart and Raley’s Supermarket last weekend. Police found nothing suspicious at either location. The 28-year-old man was contacted by Chico police February 25 and voluntarily appeared to be interviewed. After questioning, he was arrested and charged with filing a false bomb report. Police said the allegation can be charged as either a misdemeanor or a felony, and do not know if the suspect’s disability will be a factor in the crime. The suspect told police he was angry at Raley’s for being accused of starting a fire in a bathroom trash bin on February 10. His motive for the bomb threat against Wal-Mart is unknown. Police said the man is not a suspect in bomb threat calls made to the Chico Mall and Kohl’s Department Store February 25.
Source: http://www.msnbc.msn.com/id/29418604/#storyContinued

Marine 1 blueprints found on file-sharing network. A Cranberry, Pennsylvania company that monitors peer-to-peer file-sharing networks discovered what it said to be a potentially serious security breach involving the U.S. President’s helicopter. Tiversa employees found engineering and communications information about Marine One at an IP address in Tehran, Iran. “We found a file containing entire blueprints and avionics package for Marine One, which is the president’s helicopter,” said the CEO of Tiversa. The company was able to trace the file back to its original source. “What appears to be a defense contractor in Bethesda, Md., had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,” the CEO said. Tiversa also found sensitive financial information about the cost of the helicopter on that same computer. The CEO said someone from the company most likely downloaded a file-sharing program, typically used to exchange music, not realizing the potential problems. “When downloading one of these file-sharing programs, you are effectively allowing others around the world to access your hard drive,” said the Tiversa CEO. The CEO has notified the government immediately and said appropriate steps are being taken. “They are working through a process to maintain the security of the president,” the CEO said. Iran is not the only country that appears to be accessing this type of information through file-sharing programs. “We’ve noticed it out of Pakistan, Yemen, Qatar, and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence,” added the Tiversa CEO.
Source: http://www.wpxi.com/news/18818589/detail.html

Bomb found outside Macomb tavern. Police in Macomb, Illinois say an active bomb was found by the beer garden of a Macomb bar frequented by Western Illinois University students. Officers say the suspected improvised explosive device was found late Saturday morning at the Change of Pace Bar. Members of the state bomb squad came to Macomb with robotic equipment to secure the bomb, which was later destroyed at a secure location. The McDonough County Sheriff’s Department said the bomb was a small device with some shotgun shells hooked to it and a radio attached. He said it could have been sensitive to cell phone calls nearby.
Source: http://www.chicagotribune.com/news/chi-ap-il-macombbomb,0,7528610.story

Bomb scare leads to shopping center evacuation. An investigation into a suspicious package at a FedEx Kinko’s in Henderson snarled traffic at the Stephanie Street-Interstate 215 interchange on February 28 for more than two hours. The package was carrying some kind of food, said Henderson police officials on the scene. Henderson police and fire units were called to the shopping center, which is anchored by a Gold’s Gym, about noon after employees of the FedEx Kinko’s noticed a noise coming from a package, police said. Most of the stores near the FedEx Kinko’s are vacant. Only a gyro shop and a dentist’s office are nearby, and they were closed, police officials said. However, the Pit Stop Car Wash, about 100 yards from the shipping store, closed and evacuated voluntarily, police said. Workers waited on the opposite side of the car wash while police and fire officials sent robots into the store to investigate the package. Metro Police K-9 units were used to search the area. The area was declared safe, and Stephanie Street reopened about 2:30 p.m.
Source: http://www.lasvegassun.com/news/2009/feb/28/bomb-scare-leads-shopping-center-evacuation/

Chico man arrested for second time in three days for alleged bomb threats. A 28-year-old Chico man was arrested for the second time within three days after he allegedly made a bomb threat February 27 at the Fit One Athletic Club on the Skyway in Chico, California. A Fit One receptionist received a call at 3:06 p.m. from a man who allegedly claimed there was a bomb in the building, police said. Chico police and fire personnel responded to the club, which remained open during the incident. Officers found nothing suspicious after a search. Chico police detectives arrested the man after interviewing him at his workplace, according to a detective. Detectives also discovered that he had allegedly held a knife to the throat of a co-worker at about the same time of the bomb threat. He was arrested on suspicion of three incidents of making bomb threats and assault with a deadly weapon. He was taken to Butte County Jail in Oroville where bail was set at $75,000. Police originally arrested him on February 25 for allegedly filing false bomb reports the weekend of February 20 at Wal-Mart and Raley’s Supermarket. His family has said he is developmentally challenged.
Source: http://www.chicoer.com/news/ci_11807080

Explosive device found near El Dorado area casino. The Red Hawk Casino was closed for a short time early February 27, when El Dorado Sheriff’s deputies found an explosive device during a traffic stop near the casino. A woman who was stopped on a vehicle code violation on Red Hawk Parkway in Shingle Springs was found to have a warrant for her arrest and was driving without license, authorities said. Deputies arrested the woman and while searching her vehicle allegedly found marijuana, methamphetamine and an improvised explosive device. The device, known as a cricket, was a small CO2 canister altered to resemble a pipe bomb and had “lethal capabilities.” Because of the danger of moving it, the bomb squad destroyed the device on scene.
Source: http://www.rgj.com/article/20090227/NEWS18/90227048/1321/NEWS

one word of advice....buy guns now before bama passes 5billion% taxes on them......common look at the gov...they are so corrupt that yes you can and have the right to protect yourself not some fat politician sittting in DC looking all high and mighty

Police continue fertilizer theft investigation. The Frederick, Maryland Police Department is continuing its investigation into the weekend theft of at least 8,000 pounds of fertilizer from the Southern States store. At least 6,000 pounds of 19-19-19 fertilizer and 2,000 pounds of urea were taken from a secured storage shed in the rear of the business between Saturday and Sunday, a police lieutenant said. There is nothing to indicate that this is anything other than a theft, he said. The Criminal Investigations Division will continue to investigate, he said. The Maryland Coordination Analysis Center along with all federal agencies, including the Federal Bureau of Investigation field office, have been notified of the theft.
Source: http://www.fredericknewspost.com/sections/news/display.htm?StoryID=87156

Two arrested for bomb found in Solomon mailbox. Dickinson County Sheriff’s officers arrested a 19-year old man and a juvenile on charges of attempted arson and conspiracy. Sheriff’s officers and other emergency personnel were sent to a residence in Solomon on February 6 after a resident found a device in a mailbox. The device was later identified as a homemade hydrochloric acid bomb, according to a press release from the sheriff’s office. The two suspects were arrested on February 26. The adult suspect was taken to the Dickinson County Jail. The juvenile will be summoned to court, the release reads.
Source: http://www.saljournal.com/news/story/dickinson-county-bomb-bust-3209

Florence man arrested on bomb possession charge. A Florence man is accused of trying to build a bomb to retaliate against his former employer, according to a press release from the Florence County Sheriff’s Office. The 48-year-old man is charged with possession of a destructive device (bomb), Florence County Detention Center booking reports show. The suspect was arrested Friday, February 27 after deputies received a tip he had bomb-making materials at his residence, according to the release. Investigators, along with the sheriff’s office’s bomb detection K9 unit and a State Law Enforcement Division bomb squad, searched the suspect’s residence and found material that could be used to make an explosive device. An investigation revealed the suspect had made threats against his former employer, the Salvation Army Thrift Store, according to the release.
Source: http://www.scnow.com/scp/news/local/pee_dee/article/florence_man_arrested_on_bomb_possession_charge/36252/

Carrell Clinic computer hacker arrested. An Arlington, Texas, man has been arrested by federal authorities who accuse him of using his contract security guard post at the Carrell Clinic in Dallas to hack into the clinic’s computers, compromising various hospital systems while planning a larger attack on the system’s computers. The defendant, who is also known as the hacker “GhostExodus” and “PhantomExodizzmo” was arrested by the FBI Friday, according to a statement released by the acting U.S. Attorney for the Northern District of Texas. He is charged in the indictment with computer intrusion, but could be facing additional charges depending on the outcome of a grand jury’s investigation, a spokeswoman for the U.S. Attorney’s office said Tuesday.
Source: http://www.bizjournals.com/dallas/stories/2009/06/29/daily21.html

D.C. area health officials see rise in summertime flu cases. Hospital emergency rooms and doctor’s offices across the
-12-
Washington region are reporting a higher-than-normal number of flu cases during a time of year when such infections are rare, a signal that the H1N1 virus continues to spread. Officials at Washington Adventist Hospital said they have seen 68 flu cases in June compared with 11 in May. Officials at Inova Health systems say they have treated more flu cases during a single week this month than during the peak week of flu season in February. Many of those being treated are school-age children, officials said. Medical experts say the unusually high number of cases might be due in part to increased vigilance among the public and health officials because of the attention given to H1N1. The new strain has perplexed medical researchers who are studying its potential long-term effects. They theorize that younger patients may be getting infected at higher rates because they may not have developed immunity to the strain. The Centers for Disease Control and Prevention’s most recent surveillance report for June 14-20 said there had been a higher than normal number of flu cases nationally for this time of year. The federal authorities said it is too early to tell whether those who contract H1N1 now will be immune in the fall when the flu season kicks into high gear.
Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/06/29/AR2009062903925.html

Bahrain says two targeted U.S. ships. U.S. Navy ships in Bahrain were the target of an alleged terror attack, prosecutors claimed in court Tuesday. Two Bahrainis, accused of smuggling weapons into the country, planned to attack U.S. ships and personnel at Mina Salman, say prosecutors. The two men, aged 22 and 21, were arrested on April 26 when police allegedly seized machine guns, weapons, computer discs and other evidence from their homes in East Riffa. Both appeared for the first time Tuesday before the High Criminal Court, where they denied plotting terror attacks and smuggling weapons and ammunition into the country. Police believe the pair had met abroad with members of a terrorist cell, al-Qaeda. Their arrest came after National Security Agency received information that the 22-year-old unemployed man, of Jordanian origin, had intensified contacts with the cell in Iran. Officers obtained a search warrant and found tapes, CDs, computers, bank statements and exchange company documents in his house. He then led police to the other — a 21-year-old junior customs officer — who possessed the smuggled weapons.
Source: http://www.military.com/news/article/bahrain-says-two-targeted-us-ships.html?col=1186032310810&ESRC=topstories.RSS

Zeus Trojan variant steals FTP login details. A new Trojan malware has been detected harvesting FTP account information from compromised computers. The number of affected accounts identified by Prevx, a maker of computer security software, rose from 66,000 on June 24 to 74,000 two days later. According to the director of research at Prevx, the Trojan is highly infectious. “We rate this infection as critical,” he said in a blog post on June 28. “The infection has a ‘China Syndrome’ potential. It includes a cyclic infection which leverages infected PCs to programmatically modify hi-volume Web sites to infect additional users who become part of the cycle. More users leads to more discovery of Web site admin credentials which in turn leads to more Web sites being modified to serve the infection which leads to more infected users.” The malware infects visitors to compromised Web sites using malicious JavaScript code. The malicious script redirects visitors to Web sites hosting exploit kits, which test visitors’ computers to find vulnerabilities in installed operating systems and applications to exploit. If a vulnerability is found and successfully exploited, malware is installed, a variant of the Zeus family. It scans compromised machines for FTP credentials and then posts those credentials to a Web server in the Cayman Islands. It also enlists the victim’s computer to further spread the infection.
Source: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218102149

PA man accused of bomb threat Prosecutors have until Wednesday afternoon to file criminal information against a Port Angeles, Washington, man accused of threatening to bomb some local retail stores. The man is being held on $5,000 bail in the County Jail for investigation of a Threat to Bomb or Injure Property. The man allegedly claimed to be an Aryan extremist who had planted six explosive devices in the Safeway stores and Wal-Mart in Port Angeles seven days earlier. His statement also claimed that the explosives were set to go off in one hour, or if they were tampered with. The man also stated that if the explosives were discovered, his friends would set them off remotely.
Source: http://www.konp.com/local/4880

Burlington hotel evacuated after remnants of meth lab found. Burlington, North Carolina, police evacuated the Royal Inn & Suites hotel after an employee cleaning a room found evidence of a possible meth lab. The employee found a damaged room. The room showed evidence of a fire and had a strong chemical odor. The assistant police chief says the evidence is an indication of a possible portable meth lab because it is not in the room anymore. If so, this will be the first confirmed portable meth lab in Burlington, he said, though other surrounding agencies have investigated them.
Source: http://www.digtriad.com/news/local/article.aspx?storyid=126467&catid=57

Ex-Prof gets 4 years for passing secrets. A federal judge sentenced a retired University of Tennessee professor to four years in prison Wednesday for passing sensitive information from a U.S. Air Force contract to two research assistants from China and Iran. The Plasma physics expert was found guilty in September on all 18 counts of conspiracy, fraud and violating the Arms Export Control Act. The case marked the first time the government used the export control act to crack down on the distribution of restricted data, not hardware, to foreigners in a university setting. Prosecutors said the convict allowed the two graduate students to see sensitive information while they researched a plasma-guidance system for unmanned aircraft. The convict, 71, testified at trial that he did not believe he broke the law because the research had yet to produce anything tangible. He said he received only about $6,000 from the contract.
Source: http://www.military.com/news/article/exprof-gets-4-years-for-passing-secrets.html?ESRC=topstories.RSS

Fake plastic scam foiled, 23 arrests. Twenty-three people have been arrested in Melbourne, Sydney and Spain over a huge credit card scam that police say has cost the Australian economy close to $5 million. The federal police say the group was run out of Sydney and spent about $6 million on 1,200 fake credit cards since March 2009. They say the group made and distributed more than 200 fake credit cards a week. After investigating since December, officers carried out 11 raids in Sydney and Melbourne on July 1 and allegedly uncovered credit card making facilities. Five men were arrested in Sydney, as well as a man and a woman in Melbourne. Among them was a 53-year-old from Homebush Bay, in western Sydney, who police say was running the syndicate. The ringleader allegedly obtained credit card numbers stolen from people in Spain, the United Kingdom, and Malaysia, using skimming machines at ATMs and online. Police say he then passed the details onto a 35-year-old in Potts Point, in inner Sydney, who made credit cards using fake names. Police say the ringleader handed the credit cards on to 11 people in Sydney and Melbourne, who were directed to buy about $500,000 worth of goods per week, including gift cards, electronics, phone cards, stamps, cigarettes and alcohol. Officers say the goods were then sold overseas, and the shoppers were given a percentage of the value of the goods they bought.
Source: http://www.abc.net.au/news/stories/2009/07/02/2614454.htm?section=justin

Swine flu virus outbreak plagues campus. As of June 26, seventeen confirmed cases and more than 20 suspected cases of the new H1N1 flu virus have been reported on campus, Duke University officials said. The cases of the H1N1 virus, commonly known as swine flu, emerged from seasonal camp employees and students participating in on-campus summer programs, including Duke’s Talent Identification Program, the American Dance Festival and youth summer science and writing camps. All affected programs are located on East Campus and the virus has not yet spread to West Campus, said the executive director of Student Health. Duke is working closely with the Durham County Public Health Department and Duke’s infectious disease specialist to discuss protocols on how to handle the situation. Students, faculty and staff have not been officially alerted of the swine flu outbreak on campus because the chances of contracting swine flu are low, unless someone comes in direct contact with an infected person, said the vice president for public affairs and government relations.
Source: http://media.www.dukechronicle.com/media/storage/paper884/news/2009/07/01/News/Swine.Flu.Virus.Outbreak.Plagues.Campus-3749958.shtml

Apple patching serious SMS vulnerability on iPhone. Apple is working to fix an iPhone vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the phone. The attack in question exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service), said a security researcher, during a presentation at the SyScan conference in Singapore on July 2. He did not provide a detailed description of the SMS vulnerability, citing an agreement with Apple. The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator’s network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet, the researcher said. Apple is working to patch the vulnerability and expects to have a fix ready later this month, before the researcher discusses the attack in greater detail during a planned presentation at the Black Hat USA conference in Las Vegas.
Source: http://www.pcworld.com/article/167758/apple_patching_serious_sms_vulnerability_on_iphone .html

‘Mafiaboy’: cloud computing will cause Internet security meltdown. A reformed black-hat hacker, better known as the 15-year-old “mafiaboy” who, in 2000, took down Websites CNN, Yahoo, E*Trade, Dell, Amazon, and eBay, says widespread adoption of cloud computing is going to make the Internet only more of a hacker haven. “It will be the fall of the Internet as we know it,” the hacker said on June 30 during a Lumension Security-sponsored Webcast event. “You’re basically putting everything in one little sandbox…it’s going to be a lot more easy to access,” he added, noting that cloud computing will be “extremely dangerous. This is not the last you’re going to hear of this,” he said. A security and forensics expert for Lumension says cloud computing, indeed, will open up new avenues of risk. “We haven’t even handled the fundamentals of [securing it] in our existing environments,” the expert said during an interview after the Webcast. “Now we’re going to push it up to the cloud?” “Aside from the fact that the fundamental protocols are easily manipulated…social networking and dumpster diving have been going on a long time and are still extremely effective. The scariest aspect for business owners is their own employees compromising [them],” the hacker said. “Dumpster diving, social networking, and internal corporate sabotage will be the No. 1 threat. It’s imperative that corporations take a closer look at their employees.”
Source: http://www.darkreading.com/securityservices/security/attacks/showArticle.jhtml?articleID=218102139

Tamiflu resistant H1N1 from Hong Kong more worrying than earlier findings. All cases of Tamiflu resistance are not created equal. So while the first three instances of swine flu infection with Tamiflu-resistant viruses were reported in the past week, it was Number 3, not Number 1 that put influenza experts on edge. Public health authorities in Hong Kong announced Friday they have found a case of Tamiflu resistance in a woman who h
ad not taken the drug. That means she was infected with swine flu viruses that were already resistant to Tamiflu, the main weapon in most countries’ and companies’ pandemic drug arsenals. The two earlier cases, reported from Denmark and Japan, involved people who had been taking the medication. While always unwelcome, that type of resistance is known to occur with seasonal strains and may be less of a threat to the long-term viability of this key flu drug. There is currently no evidence Tamiflu-resistant viruses are spreading widely. Still, some experts see the Hong Kong case as a warning Tamiflu’s role in this pandemic may not be as long-lived as pandemic planners would like.
Source: http://www.google.com/hostednews/canadianpress/article/ALe3UoN6Q7mYOA

Man found with bomb. Police arman early Saturday who had a bomb in a backpack that he may have been preuse at a school in the area, officials said. The 29 year-old suspect, from Hudsowas found with an explosive device just before 3 a.m. Saturday, said the Huds
police chief. It consisted of a metal can with explosive powder inside and a fuse, the police chief said. The suspect had it in a backpack that he had when police chased and caught him Monday morning, the chief said. The State Police bomb squad X-rayed the device and confirmed it was an explosive device, the police chief said. The squad took possession of the device and took it to Albany for analysis, authorities said. The FBI was notified of the incident and is conducting its own investigation into the matter. The suspect was arrested in woods near Martindale Terrace after police got calls from people in the area that a man was walking down the street acting strangely, police said. Officers arrived in the area and the man fled into the woods but was quickly caught, the police chief said. A Hudson Falls police detective said residents of the area where the suspect was walking believed he made a comment about using a bomb at a school. The suspect works as a geologist for a company that designs nuclear power plants and had recently been working in the United Arab Emirates, the detective said. He would not talk to police for several hours after he was taken into custody, but the detective said he eventually told police he had been drinking and made the bomb to detonate for a Fourth of July celebration. He was “very distraught” over personal issues, the detective said.
Source: http://www.poststar.com/articles/2009/07/05/news/local/14986646.txt

Adobe to patch ColdFusion bug next week. Adobe Systems will have a patch ready next week for a flaw in its ColdFusion web development software that other security authorities say could result in a hacked system. The problem lies in the FCKEditor rich text editor, which is installed with ColdFusion 8, Adobe said on its security blog. Adobe also listed in its warning three steps that could in the meantime mitigate an attack. FCKEditor is an open-source application that handles file uploads and file management, but the feature is supposed to be disabled in the version embedded on a ColdFusion server, wrote a ColdFusion consultant who writes a blog called CodFusion. In some cases, the connector that enables the feature is left on. “If left on, this means a hacker might be able to directly call the file manager system to upload files and take control of the server,” he wrote. “FCKEditor has had some history on being exploited by this type of attack.” The SANS Internet Storm Center said it had seen a “high number” of websites running ColdFusion that had been compromised.
Source: http://www.pcadvisor.co.uk/news/index.cfm?newsid=118633

McAfee glitch causes havoc for IT admins. A recent VirusScan update from McAfee caused mayhem for some IT administrators over the weekend, after it falsely reported that a range of critical system files were infected with a Trojan. The problem became apparent when users began posting to the company’s forums, complaining of false positives and even some cases of the dreaded blue screen of death. The issue seems to affect only those users running an outdated version of the VirusScan engine, but some running the latest version also reported false positives, although not with critical system files. McAfee has acknowledged a problem, and has released another update which corrects it. However, it appears that machines affected by the glitch will have to be repaired manually, as the quarantined files cannot easily be returned to their original locations. “Last Friday, McAfee was made aware of some incorrect identification when using no longer supported versions of the software,” explained a McAfee spokesman. “Customers reporting this issue have been confirmed to be running VirusScan Enterprise 7.1 or 8.0i specifically with the 5100 scanning engine that has not been supported for 18 months.” “Customers running 5200 or a newer scanning engine version have not been impacted. Current versions are VSE8.7 and scanning engine 5301. The incorrect identification was resolved in the daily release on Friday July 3rd.” The company has created an entry in its KnowledgeBase detailing the issue and offering potential fixes for those affected.
Source: http://www.v3.co.uk/v3/news/2245491/mcafee-update-glitch-causes

June malware report – something’s phishy. June marked an increase in malware and the “highest rate of phishing attacks to date” on the Web, Fortinet’s latest report on online threats found. The threat management vendor released on July 6 its latest monthly report, which highlighted the current reign of Trojan horses and “disappointing” anti-spam campaigns. Of the overall 108 newly-reported vulnerabilities in June, 62 were active exploits, indicating an “all-time high” of 57.4 percent, Fortinet said. Fortinet said the majority of overall activity came from the United States, which contributed 22 percent of all reported exploits. A significant proportion of the attacks were traced back to Asia — specifically, Singapore, Japan and Korea, which ranked second, third and fourth place, respectively. Some 13.57 percent of all attacks originated in Singapore. Online games sites hosted the most number of Trojans, followed by Zbot variants W32/Zbot.M and W32/Zbot.V, which climbed to second and third place, respectively. The Zbot malware spreads keylogging and data-siphoning Trojans through e-cards sent via e-mail, directing users to malicious sites. Another commonly used malware redirecting visitors to infected sites was the JS/PackRedir.A, which moved up 36 positions on the list to fifth position, said Fortinet.
Source: http://news.zdnet.com/2100-9595_22-318200.html

Al-Qaeda cell was preparing to attack pipeline. An international Al-Qaeda cell, based in the northern Sinai Peninsula, is suspected of being involved in plans to attack gas pipelines running between Israel and Egypt. According to Egyptian media, the plan was to strike Israeli ships passing through the Suez Canal. Ten people, allegedly behind a February bomb attack at Cairo’s famous Khan el-Khalili market, have been under suspicion since a police raid uncovered arms and information from a hideout used by the group. The cache of explosives included anti-tank weapons, car bombs and personal explosive belts. Two Palestinians, five Egyptians, a Belgian, a Briton and a French citizen are among the suspected cell members. It is believed the European members probably entered Egypt through underground tunnels near Rafah into the Gaza Strip. They allegedly received money for their mission and moved back to Egypt through the tunnels, at which time they allegedly carried out the Cairo attack. It has been suggested the cell was controlled by a Palestinian-based commander of an al-Qaeda group. He has lived in the Gaza Strip since fleeing Egypt three years ago.
Source: http://www.southkoreanews.net/story/515743

Waverly teen accused of using pipe bombs to destroy mailboxes. A Waverly, Missouri, teen was arrested Saturday, July 4, and charged with three felonies in connection with a string of mailbox explosions in northern Saline County. Sheriff’s deputies received a report Saturday from rural Malta Bend residents who said their mailbox had been destroyed. They told deputies they had heard an explosion that rattled the windows of their home. Deputies discovered the remains of a homemade pipe bomb made of PVC tubing and fireworks, according to the report. During the investigation another report came in from a Grand Pass resident who also reported a mailbox destroyed by an explosive device. While driving in the area, a deputy encountered three trucks, one of which was driven by the suspect. The deputy said he observed empty fireworks boxes in the bed of the truck. After questioning, the suspect allegedly showed the deputy an unexploded device made of PVC tubing and fireworks.
Source: http://www.marshallnews.com/story/1552563.html

Nine held in Tunisia terror plot. Tunisian police have charged nine men — including two air force officers — with plotting to kill U.S. servicemen during joint military exercises. A lawyer for the accused said they were charged with attempting to steal weapons and launch terrorist attacks. Tunisia, a staunch U.S. ally, backed the previous U.S. Presidential Administration’s war on terror. It has battled Islamist militancy in recent years and jailed around 1,000 people suspected of planning to help fight U.S.-led forces in Iraq. The nine men arrested will probably face trial next month, their defense lawyer told Reuters news agency. He said two of the suspects are officers from a Tunisian military base in the coastal town of Bizerte, 37 miles north-west of the capital Tunis. Government officials were not available for comment.
Source: http://news.bbc.co.uk/2/hi/africa/8137442.stm

Microsoft warns of hole in Video ActiveX control. Microsoft on July 6 warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site. There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog. This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files. Since there are no by-design uses for the ActiveX Control within Internet Explorer, Microsoft is recommending that users implement a workaround outlined in the security advisory. Customers can automatically implement the workaround by following the instructions under “Fix It For Me” in the Knowledge Base article for advisory number 972890 on the Microsoft support site. Even though Windows Vista and Windows Server 2008 are not affected by the vulnerability, Microsoft is recommending that users of those products also use the workaround. Microsoft is working on a security update and will release it when the quality is at the appropriate level for broad distribution, the company said.
Source: http://news.cnet.com/8301-1009_3-10280141-83.html?part=rss&tag=feed&subj=News-Security

Under cyberthreat: defense contractors. The defense industry faces “a near-existential threat from state-sponsored foreign intelligence services” that target sensitive IP, according to a report by the Internet Security Alliance, a nonprofit organization. Northrop Grumman experienced the implications of that threat firsthand recently. According to a Frontline investigation that aired June 23, reporters were able to purchase an unencrypted hard drive of a Northrop Grumman employee in Ghana for $40. The drive reportedly contained hundreds of documents about government contracts. “It’s gotten to a point where it has a name for itself: the APT or ‘advanced persistent threat,’ meaning that they are well resourced, highly sophisticated, clearly targeting companies or information, and they’re not giving up in that mission,” said a former FBI agent and foreign counterintelligence expert. “Attribution is probably one of the biggest problems for our nation, both from a defensive and an offensive posture as a country. Obviously we know that the likes of China and Russia have the greatest capabilities, like the U.S., from an espionage perspective. But we are starting to see quite a capability in the organized crime, criminal aspect. Clearly you’re seeing this with a lot of the credit-card or financially motivated crimes that are occurring…Most of the attacks in about the last three to four years have [involved] legitimate credentials. The analogy would be that they had a set of keys to your home and they know the codes to your alarm system at home so they can enter and leave as they please, without leaving a track unless you’re looking for things like entering during an abnormal hour of the day when you’re at work. Obviously, Northrop is a world-class operation when it comes to both offensive attack and exploitation of networks and defense, which is my area of expertise.”
Source: http://www.businessweek.com/technology/content/jul2009/tc2009076_873512.htm?chan=technology_technology+in dex+page_top+stories

U.S., German intel: Al Qaeda plots multiple attacks on U.S.-, Israel-bound airliners. Western anti-terror agencies have warned that a group of 15-20 al Qaeda terrorists, who were trained in Pakistan and Algeria to hijack and blow up airliners, deployed secretly to at least six European and Middle East countries in early July. They are standing ready to carry out multiple terrorist attacks. The terrorists are believed to have landed in Britain, Germany, France, Italy, Turkey and Egypt. The dates to watch, local authorities were warned, were July 4, July 7, the fourth anniversary of the 7/7 attacks on the British transport system in which 52 people died, and July 8-9, when the G8 summit meets in the Italian town of L’Aqila. The U.S. President will fly in from talks with Russian leaders in Moscow. Al Qaeda planners, say the Western sources, know it is extremely hard to break through the massive security cordons protecting summit leaders. They are therefore planning to hijack passenger planes of airlines belonging to the targeted states and blow them up in mid-air. DEBKAfile’s counter-terror sources report the first specific red alert on July 4, referred to the possible hijack of Turkish Airways planes taking off from Turkish airports for U.S. destinations or Tel Aviv. According to WTOP 103.5 Washington, D.C., Turkish Airlines flies directly to New York and Chicago.
Source: http://www.debka.com/headline.php?hid=6169 See also: http://www.wtop.com/?nid=778&sid=1711695

North Korean agency suspected in cyber-attack. South Korea’s intelligence agency suspects that North Korea may have been behind an Internet attack that on Tuesday and Wednesday targeted government Web sites in South Korea and the United States, lawmakers in Seoul told news agencies. Twenty-six Web sites in the two countries, including the office of South Korea’s president and the defense ministry, were targeted, the South Korean National Intelligence Service said in a statement. In the United States, the attack targeted Web sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers. “The attacks appear to have been elaborately prepared and executed at the level of a group or a state,” the agency said. Eleven Web sites in the United States had problems similar to those that occurred in South Korea, the Korean Information Security Agency said. Some members of the intelligence committee in the National Assembly were told by intelligence officials that North Korea or its sympathizers were prime suspects in the attacks, according to Yonhap, the South Korean news agency, which cited unnamed legislators. The attacks were described as “distributed denial of service,” an operation that hacks into personal computers and commands them to overwhelm certain Web sites with a blizzard of data. U.S. government officials declined Tuesday night to confirm the agencies affected by the attack. A Department of Homeland Security spokeswoman said that the agency was aware of ongoing attacks and that the government’s Computer Emergency Response Team had issued guidance to public and private sector Web sites to stem the attacks. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, the New York Stock Exchange, and the Washington Post.
Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/07/08/AR2009070800066.html?nav=hcmodule

Trend Micro discovers new ransomware ‘WORM_RANSOM.FD.’ According to Trend Micro security researchers, they have detected a new ransomware that proliferates through an e-mail on the internet. Trend Micro have called the malware WORM_RANSOM.FD that seems as a mass mailing computer worm, but a detailed analysis of it has revealed that it contains a deadly payload. It has been discovered that WORM_RANSOM.FD downloads from remote websites when visitors access those sites or it may download secretly by other malware on the targeted system. While the deadly payload does not affect some files with extensions such as .dry, .rwg, .vxd, .dll, .inl and .exe, the malware is capable of encrypting all files stored in the targeted computers using Blowfish algorithm. Hence, the malware makes the files useless. Moreover, the worm makes a registry entry (ies) that allows it to do automatic execution whenever the system startup. Interestingly, the new ransomware WORM_RANSOM.FD does not follow the function of a typical ransomware which demands money for restoring encrypted files. Instead it gives a user three options to choose from to restore the affected files.
Source: http://www.spamfighter.com/News-12686-Trend-Micro-Discovers-New-Ransomware-WORM_RANSOMFD.htm

Argentina’s banks to shut Friday as swine flu measure. Argentina’s private-sector banks on July 8 said they will join a special public-sector holiday scheduled for July 10 as part of a nationwide effort to contain the spread of the A/H1N1 swine flu. “The banks which are part of the Argentine Association of Banks…adhere to the administrative holiday for July 10,” the association said in a statement. The July 10 special holiday rolls on from the July 9 Independence Day holiday, and authorities believe people will use the long weekend as an excuse to stay home, and therefore help slow the spread of the virus as winter takes hold. The Central Bank said it will also be closed on July 10. The Argentine health ministry on July 5 reported that the official death toll in Argentina from swine flu has reached 60, and there are a total of 2,485 officially confirmed cases. However, many believe the official numbers lag the actual rate of infection, and that the real numbers are much higher.
Source: http://www.nasdaq.com/aspx/stock-market-news-story.aspx?storyid=200907081038dowjonesdjonline000 636&title=update-argentinas-banks-to-shut-friday-as-swine-flu-measure

McAfee warns of new Mac malware attack. Researchers at McAfee Avert Labs have warned that a new malware attack for Mac OS X systems has been spotted in the wild. Known informally as ‘Puper’, the Trojan disguises itself as a video program for OS X systems called ‘MacCinema’. The attack appears as a disk image which launches an installer application for the fictional MacCinema software. Once the installer completes its task, the user becomes infected with a script file named ‘AdobeFlash’. The malicious script then launches itself every five hours, and attempts to download and launch other malware on the infected system.
This latest attack is similar to others which have targeted OS X users in recent months, often enticing the user to download and install the malware by posing as a video player or ‘codec’ plug-in required to view movie files.
Source: http://www.v3.co.uk/v3/news/2245704/mac-malware-attack-spotted

Apple plugs dangerous Safari security holes. Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks. The vulnerabilities affect Safari for Windows (XP and Vista) and Mac OS X. The patch solves an issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects. The patch also takes care of a memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references.
Source: http://blogs.zdnet.com/security/?p=3720

I would say they are not involved, I dont see them helping with 4H, Scouting, Little Leage, or the numerous other things that go on, Nor do I see them joining service orgs or fraternal orgs or groups, taking part in community service clubs, all of those things.
I was working on Ft. Richardson and the elementary school on base proudly said the pledge of allegience every morning. It was announced over the loud speaker so the neighborhood could hear it. It was very encouraging.

We all have a vested interest in protecting our homeland.

I have a vested interest in protecting me and my own.

I served my country and the libs (and by extension, those that voted for The Won), are crapping all over it, by abusing the freedoms myself and others fought for and defended.

When the crap hits the fan and the pampered, spoiled-rotten, entitlement society buys a clue and shows me their interest in actually standing up for life, liberty and the pursuit of happiness... I'll back them up. Until that time... they're on their own.

I have a vested interest in protecting me and my own.

I served my country and the libs (and by extension, those that voted for The Won), are crapping all over it, by abusing the freedoms myself and others fought for and defended.

When the crap hits the fan and the pampered, spoiled-rotten, entitlement society buys a clue and shows me their interest in actually standing up for life, liberty and the pursuit of happiness... I'll back them up. Until that time... they're on their own.

So it's all about "what has my country done for me lately?"

Text message scammers quietly prey on regional banks. Law enforcement and security experts say that for more than a year now, scammers have been using scam text messages to prey on small regional banks and their customers. And according to a report set to be released on July 14 by Cisco Systems, the problem has only been getting worse in recent months. “It’s a serious problem,” said a security researcher with Cisco. Here is how the scam works. The criminals pick a bank, say a credit union in Medford, Oregon, then they bombard every phone in Medford’s 541 area code with a phishing message sent by SMS (Short Message Service) telling the victims to call a fake 800 number that looks like it is from a local credit union. Because they are targeting a bank in the region, the bad guys have a pretty good chance of hitting real customers who may not have heard about the scam. The scammers use the open-source asterisk software to set up a fake voice-operated system and steal information when people enter their account numbers, passwords and other sensitive information to authenticate themselves on the system. When the criminals use this information to transfer money overseas, the banks take the loss. By targeting regional banks, the scam has managed to stay somewhat under the radar and not attract a lot of attention, said a computer crimes specialist with the National White Collar Crime Center. Big banks have large security teams set up to tackle this type of fraud, but with a regional institution such as a credit union, “their entire IT team for the bank might be only five people,” he said. Another problem for the banks is that the scam subverts one of the main techniques that banks and security experts have been trying to drill into their customer’s heads for years now, the specialist said. “We always say, ‘If you have any questions, call your bank, or they’ll call you.’ Well SMS is pretty close to calling your bank. It gets to the point where it’s like, ‘What do we tell people to do now?’”
Source: http://www.computerworld.com/s/article/9135372/Text_message_scammers_quietly_prey_on_regional_ban ks

Egypt arrests group it says plotted Suez attacks. Egyptian authorities arrested 25 people on suspicion of plotting attacks on oil pipelines and ships in the Suez Canal, the interior ministry said in a statement on Thursday. The group, which Egypt said had links to al-Qaida, was made up of two dozen Egyptians — most of them engineers and technicians — and their Palestinian leader. They also had contacts with militants in the Gaza Strip, the ministry said. “They believe in takfiri and jihadi thought,” a ministry statement said, referring to the radical Sunni Muslim ideology espoused by groups like al-Qaida. The group planned to use explosives rigged with mobile phone-activated detonators against shipping in the busy Suez Canal, and learned about explosives from al-Qaida militants on jihadi Web sites, the statement said. One of the suspects in the case announced on July 9 crossed into the Gaza Strip to meet up with the Palestinian Army of Islam group to receive instructions on attacking vital and important targets in Egypt, the ministry said. A group by that name did once operate in Gaza, but was later dismantled by the local Hamas rulers. Also July 9, a security official in northern Sinai said 1,550 pounds (700 kilograms) of TNT destined for Palestinian militants in the Gaza Strip was found during a search of a storage area outside the city of el-Arish in the northern Sinai Peninsula. The official, speaking on condition of anonymity because he was not authorized to speak to the media, said no arrests were made. In Lebanon, meanwhile, a military court convicted 12 Palestinians, also described as inspired by al-Qaida, of committing terrorist attacks. Five of them were sentenced in absentia and given life in prison. All the defendants, most of whom are Palestinians, were members of the militant Fatah Islam group, which battled Lebanese troops for three months in northern Lebanon in 2007. The 12 were found guilty of carrying out bomb attacks in the north and south of the country and establishing an armed gang with the aim of attacking people and weakening state authority.
Source: http://www.google.com/hostednews/ap/article/ALeqM5i_GCwpmlQ9nMiAwKBHw3C16EwOUAD99B5ERO0

Tampering suspected in 22-car Ind. derailment. Authorities say dozens of rail cars barreled about four miles down a western Indiana rail line without anyone in control, with 22 cars derailing after crashing into a barrier at the end of the line. No one was injured by the derailment on July 8 in Sullivan, and officials suspect someone tampered with the cars that had been parked in long-term storage at a former Sullivan County coal mine. State police say the cars were carrying potash, a mineral used in the production of agricultural fertilizer. Authorities do not believe it poses any threat to the rural area about 25 miles south of Terre Haute. An Indiana Rail Road Co. spokesman says the clean up is expected to cost nearly $1 million. The company is offering a $20,000 reward for information about the tampering.
Source: http://www.chicagotribune.com/news/chi-ap-in-storagecarsderail,0,565960.story

Vandals blow up mailboxes, garbage cans. Police are looking for vandals responsible for blowing up mailboxes and garbage cans overnight in Seattle’s Ballard neighborhood. One plastic garbage can was blown into pieces after some kind of explosive was placed inside. Mailboxes in the area were also targeted, and one at Northwest 95th Street was blown off its post. Residents reported hearing explosions between 1:30 and 2 a.m. Thursday. Gunpowder marks could be seen on some of the damaged trash cans.
Source: http://www.kirotv.com/news/20004055/detail.html

Police arrest last 4 protesters blocking logging. The last of the protesters suspended in trees and homemade structures to block a timber sale on the Elliott State Forest were arrested on July 9. The Oregon Department of Forestry said logging could resume as early as July 10 on the Umpcoos Ridge No. 2 timber sale. Twenty-seven people were arrested over two days and sent to jail in Roseburg, where they were to face charges of interfering with an agricultural operation, the state police lieutenant said. Activists said they hoped to protect native forest that serves as fish and wildlife habitat, and prevent the release of carbon that would contribute to global warming. About 50 activists took up positions blocking a road leading to the logging operation on July 6, culminating an annual gathering of Earth First and Cascadia Rising Tide activists. About half of them left when warned that arrests would begin. A Department of Forestry spokesman said trenches dug in the logging road as part of the blockade had to be repaired and a safety check done of the logging site before loggers could return to work.
Source: http://www.kgw.com/sharedcontent/APStories/stories/D99B5S1O3.html

U.S. plans for autumn swine flu vaccination campaign. The United States is planning for a vaccination campaign against the new H1N1 flu that could move into schools and community centers, the Health and Human Services Secretary said on Thursday. She led off a “summit” of state and territorial officials to tell them what the federal government plans to do if the new swine flu virus continues its spread. It has killed at least 429 people globally and caused the first 21st century pandemic. U.S. officials say at least 1 million people in the United States have been infected, most with a mild to moderate case. Although federal health officials lead an annual seasonal influenza vaccination campaign, this one is likely to be different, she said. The new flu appears to hit older children and young adults harder, in contrast to seasonal viruses that disproportionately afflict the old. “We are likely to have a different target population,” she said. “We will be seeking partnerships with schools potentially and other vaccination sites.”
Source: http://www.reuters.com/article/healthNews/idUSTRE5683ZJ20090709?sp=true

84 sick cadets isolated at Air Force Academy. The Air Force Academy says 84 cadets with flu-like symptoms have been isolated and are being tested for swine flu. An Academy spokeswoman told the Gazette in Colorado Springs Thursday that most of the cadets are members of the incoming freshman class who began training June 25. She said the cadets under isolation in a dormitory began coughing and showing other upper respiratory symptoms over the past two days. The academy has contacted the U.S. Centers for Disease Control and Prevention and the Air Force Surgeon General’s office. The spokeswoman says tests have been sent to a laboratory in San Antonio for analysis, and results are expected within 24 hours.
Source: http://www.google.com/hostednews/ap/article/ALeqM5gp1gViXUMPLBjbAhs3EOHOJtbExgD99B8KDG0

Twitter suspends accounts of users winfected computers. Twitter is suspending the accounts of some users whose comphave fallen victim to a well-known piece of malicious software that has targeted othsites such as Facebook and MySpace. The malware, Koobface, is designed to spreaitself by checking to see if person is logged into a social network. It will then post fraudulent messages on the person’s Twitter account trying to entice friends to clicklink, which then leads to a malicious Web site that tries to infect the PC. The populamicroblogging service has had a strong impact as a new communication platform. Bis also being targeted by fraudsters and hackers, who are using it as a way to infect people’s PCs with malicious software. Twitter is the latest site to be targeted by a Koobface variant, said a senior security advisor for Trend Micro. Other sites have included Bebo, Hi5, Friendster and LiveJournal, according to the U.S. Computer Emergency Readiness Team.
Source: http://www.pcworld.com/businesscenter/article/168201/twitter_suspends_accountssers_with_infected_comput ers.html

“Space Internet” to link planets by 2011. NASA missions are planning to adopt the Disruption Tolerant Networking (DTN) system, or “Space Internet,” which has the potential to link planets, by the year 2011. According to a report in National Geographic News, the DTN system, which has entered another phase of testing, will allow astronauts to Google from the moon or tweet their observations from space. But DTN provides far more than a connection to check email. It is also essential for simplifying space command and control functions-such as power production or life-support systems-crucial for future space initiatives. “You need an automated communications technology to sustain planetary exploration on the scale that NASA and others want to perform over the next decade,” said a senior research associate at BioServe Space Technologies at the University of Colorado, Boulder. “DTN enables the transition from a simple point-to-point network, like a walkie-talkie, to a true multimode network like the Internet,” he added. After a decade of development, DTN has advanced quickly over the past year, and NASA missions are planning to adopt the network by 2011.
Source: http://story.albuquerqueexpress.com/index.php/ct/9/cid/89d96798a39564bd/id/517325/cs/1/

NYPD probes beheading of Statue of Liberty replica seen on YouTube video. Police in New York City are scrambling to locate the producers of a YouTube video that depicts a stolen replica of the Statue of Liberty blindfolded, beheaded and smashed into pieces — a display that one terror expert says is intended to “instill fear” in everyday Americans. The 59-second video shows the 8-foot, 200-pound replica statue, which was stolen from a Brooklyn coffee shop last month, being decapitated and pulverized — accompanied by the words “We don’t want your freedom” and “Death to America.” A NYPD detective told FOXNews.com that investigators are searching for whoever stole the statue. That individual or individuals could face charges of criminal possession of stolen property and grand larceny or petit larceny. Computer experts are also trying to determine who posted the video, the detective said. The video, which was dated July 4, was sent anonymously to the New York Daily News and to the owner of Vox Pop, a coffee shop known for left-wing-leaning political debate. The clip had been viewed at least 2,500 times as of midday Thursday. A $250 reward has been offered for the statue’s return, the Post reported. Calls to the FBI in New York were not immediately returned.
Source: http://www.foxnews.com/story/0,2933,531062,00.html?test=latestnews

Terrebonne Parish bolsters security at its pump stations. Residents have become more active at watching for and reporting suspicious activity after Terrebonne officials publicized a rash of battery thefts at drainage pump stations across the parish, officials said on July 8. Since the parish released information about the thefts, no batteries have been taken, which can be attributed to residents’ calling in to report suspicious cars and people around stations, the Public Works director told the Parish Council. In Terrebonne, local government controls 70 pump stations that drain about 80 percent of the parish’s populated areas. The lack of a battery, necessary to start the pumps, puts the communities they drain at risk of flooding during heavy rain or storms, said a councilman. “We do in fact have a plan,” he told the council. “A lot of it I prefer to keep private.” A few of the planned measures: Red lights on the outside of stations will turn on when a battery is missing; the lights will alert station attendants and residents, who can call the drainage department; welded metal straps now hold the batteries in place; other interior and exterior, non-visible security measures; marking batteries with a brand only known by parish officials; Houma Police and the Terrebonne Parish Sheriff’s Office; random checks by station attendants so potential thieves will not know when they could be caught; and continued Sheriff’s Office and Houma Police patrols of stations. Another councilman said the changes will help both the parish and the public be more involved in protecting pump stations.
Source: http://www.houmatoday.com/article/20090709/ARTICLES/907099915/1211/NEWS01?Title=Terrebonne-Parish-bolsters-security-at-its-pump-stations

UW-Madison: Study suggests H1N1 virus more dangerous than suspected. A new, highly detailed study of the H1N1 flu virus shows that the pathogen is more virulent than previously thought. Writing in a fast-tracked report published Monday in the journal Nature, an international team of researchers led by a University of Wisconsin-Madison virologist provides a detailed portrait of the pandemic virus and its pathogenic qualities. In contrast with run-of-the-mill seasonal flu viruses, the H1N1virus exhibits an ability to infect cells deep in the lungs, where it can cause pneumonia and, in severe cases, death. Seasonal viruses typically infect only cells in the upper respiratory system. “There is a misunderstanding about this virus,” the lead researcher said. “People think this pathogen may be similar to seasonal influenza. This study shows that is not the case. There is clear evidence the virus is different than seasonal influenza.” The ability to infect the lungs is a quality frighteningly similar to those of other pandemic viruses, notably the 1918 virus, which killed tens of millions of people at the tail end of World War I. There are likely other similarities to the 1918 virus, says the lead researcher, as the study also showed that people born before 1918 harbor antibodies that protect against the new H1N1 virus.
Source: http://www.wisbusiness.com/index.iml?Article=164263

Gunman surrenders to police at Kan. VA med center. Officials say a gunman who entered a Veterans Affairs medical center in Topeka, Kansas, surrendered without hurting anyone and is now a patient at the hospital. A Veterans Affairs spokesman said the man is a U.S. military veteran who served in the wars in Iraq and Afghanistan. He says the man had pulled out a gun and threatened himself Sunday in the emergency room of Colmery-O’Neil VA Medical Center. No one was hurt.
Source: http://www.google.com/hostednews/ap/article/ALeqM5hDCah4s03LpuWa-Qnv1xw0NkuwdwD99D71500

Fourth person pleads guilty to illegally accessing confidential passport files. A fourth individual pleaded guilty today to illegally accessing numerous confidential passport application files. The 27 year-old suspect, of Washington, D.C., pleaded guilty before the U.S. Magistrate Judge in the District of Columbia to one-count criminal information charging him with unauthorized computer access. According to court documents, from August 2003 through July 2004, the suspect worked as a contract employee for the State Department as a file assistant. According to plea documents, the suspect admitted he had access to official State Department computer databases in the regular course of his employment, including the Passport Information Electronic Records System (PIERS), which contains all imaged passport applications dating back to 1994. The imaged passport applications on PIERS contain, among other things, a photograph of the passport applicant as well as certain personal information including the applicant’s full name, date and place of birth, current address, telephone numbers, parent information, spouse’s name and emergency contact information. These confidential files are protected by the Privacy Act of 1974, and access by State Department employees is strictly limited to official government duties. In pleading guilty, the suspect admitted that between June 22, 2004, and July 15, 2004, he logged onto the PIERS database and viewed the passport applications of more than 75 celebrities and their families, actors, models, musicians, athletes, record producers, family members, a politician and other individuals identified in the press. The suspect admitted that he had no official government reason to access and view these passport applications, but that his sole purpose in accessing and viewing these passport applications was idle curiosity.
Source: http://www.usdoj.gov/opa/pr/2009/July/09-ag-672.html

Researcher says IE bug could spread quickly. A critical ActiveX vulnerability used by hackers to exploit Microsoft Corp.’s Internet Explorer browser is a prime candidate for another Conficker-scale attack, security experts said. On July 6, just hours after security companies reported that thousands of compromised sites were serving up exploits, Microsoft acknowledged the flaw in the ActiveX control that can be accessed using IE. The bug has been used by hackers since at least June 9. Microsoft said it will issue a patch for the flaw on July 14. The vulnerability “exposes the whole world and can be exploited through the firewall,” said the chief research officer at security software vendor AVG Technologies USA Inc. “That’s better than Conficker, which mostly did its damage once it got inside a network.” Conficker exploited a Windows flaw that Microsoft had thought dire enough to fix outside its usual update schedule in October 2008. The worm exploded into prominence in January, when a variant infected millions of machines that remained unpatched. Microsoft confirmed the latest flaw shortly after security researchers at Danish firms CSIS Security Group AS and Secunia said that thousands of hacks of legitimate Web sites over the July 4 weekend had exploited the bug. The hackers took advantage of the bug to reroute users to a malicious site, which in turn downloads and launches a multiexploit hacker tool kit.
Source: http://www.computerworld.com/s/article/340930/Researcher_Says_IE_Bug_Could_Spread_Quickly?taxono myId=17

Apple still mute to iPhone complaints. The iPhone 3GS has been an undeniable marketplace hit since its release on June 19, and will likely continue to soar in sales despite three customer complaints that have surfaced recently. The big three gripes: the iPhone 3GS battery life is dismal, the 3GS overheats, and there is a serious SMS vulnerability. The most serious of the iPhone’s problems concerns a new SMS vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the iPhone. A security expert, who hacked a Mac via Safari in 10 seconds at this year’s PWN2Own contest, said in a presentation that the weakness is in the way iPhones handle text messages. The seriousness of this problem has spurred Apple’s intent; Apple is reportedly working on a patch that should be available later this month. “I believe that the SMS vulnerability may be the most pressing, since stories of hijacked, zombie, misbehaving iPhones are more likely to leave a long-lasting negative impression than are the heat and battery life issues,” said a Forrester analyst.
Source: http://www.pcworld.com/article/168265/apple_still_mute_to_iphone_complaints.html

Swine flu vaccine taking longer than expected. A fully tested swine flu vaccine may not be available until the end of the year, a vaccine expert at the World Health Organization (WHO) said on July 13. Countries could use emergency measures to get the vaccines out faster if they decide they are needed, the director of WHO’s Initiative for Vaccine Research said during a news conference in London, the Associated Press reported. The problem: The swine flu viruses being used to develop a vaccine are only producing about half as much “yield” to make vaccines as regular flu viruses. So the WHO has asked its network of laboratories to produce a new set of viruses as soon as possible. Before countries can start any large-scale swine flu vaccination campaigns, the vaccines need to be vetted by regulatory authorities for safety issues, the AP reported.
Source: http://www.healthday.com/Article.asp?AID=628989

U.S. State Dept. workers beg Clinton for Firefox. U.S. State Department workers have begged the U.S. Secretary of State to let them use Firefox. “Can you please let the staff use an alternative web browser called Firefox?” a worker asked the U.S. Secretary of State during the July 10 State Department town hall meeting. “I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn’t use this browser. It was approved for the entire intelligence community, so I don’t understand why State can’t use it. It’s a much safer program.” Presumably, the State Department is using Microsoft’s Internet Explorer. The State Department has yet to respond to the questions about its Firefox-less browsing mandate.
Source: http://www.theregister.co.uk/2009/07/13/firefox_and_us_state_department/

HTC smartphones left vulnerable to Bluetooth attack. If a user has an HTC smartphone running Windows Mobile 6 or Windows Mobile 6.1, the user may want to think twice before connecting to an untrusted device using Bluetooth. A vulnerability in an HTC driver installed on these phones can allow an attacker to access any file on the phone or upload malicious code using Bluetooth, a Spanish security researcher warned on July 14. “HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service,” a security researcher said in an e-mail exchange. HTC handsets running Windows Mobile 5 are not affected. For the attack to work, the targeted device must have Bluetooth enabled and file sharing over Bluetooth activated. “This connection can be done either by standard Bluetooth pairing or taking advantage of the Bluetooth MAC spoofing attack,” the researcher said, referring to a process where the attacking device attempts to convince the target that it is another device on its list of paired devices. The directory traversal vulnerability allows an attacker to move from a phone’s Bluetooth shared folder into other folders, giving them access to contact details, e-mails, pictures or other data stored on the phone. They can use this access to read files or upload software, including malicious code. Because the driver, obexfile.dll, is an HTC driver, only handsets from the company are affected. However, HTC is the world’s largest manufacturer of Windows Mobile handsets, selling phones under its own brand as well as making phones under contract for other companies. That means millions of users are potentially vulnerable.
Source: http://www.pcworld.com/businesscenter/article/168358/htc_smartphones_left_vulnerable_to_bluetooth_attac k.html

New York official: Tagged site stole identities. New York’s attorney general charged on July 9 that Tagged.com stole the identities of more than 60 million Internet users worldwide, by sending e-mails that raided their private accounts. The attorney general said he plans to sue the social networking Web site for deceptive marketing and invasion of privacy. “This company stole the address books and identities of millions of people,” the attorney general said in a statement. “Consumers had their privacy invaded and were forced into the embarrassing position of having to apologize to all their e-mail contacts for Tagged’s unethical, and illegal, behavior.” Started in 2004 by Harvard math students, Tagged calls itself a “premier social-networking destination.” The California-based company claims to be the third-largest social networking site after Facebook and MySpace, with 80 million registered users. The attorney general said Tagged acquired most of them fraudulently, sending unsuspecting recipients e-mails that urged them to view private photos posted by friends. When recipients tried to access the photos, the attorney general said they would in effect become new members of the site, without ever seeing any photos. Recipients’ e-mail address books would then be lifted, the attorney general said.
Source: http://www.enterprise-security-today.com/story.xhtml?story_id=67676&full_skip=1

DDoS worm starts damaging infected systems. The malware responsible for the recent denial of service attacks against many U.S. and South Korean government and commercial websites has received an update to damage the computers it infected. Starting with July 10, the worm began to rewrite HDD Master Boot Records (MBR), leaving the zombie computers unbootable. Recently, it was reported that serious distributed denial of service (DDoS) attacks had affected the stability of many websites operated by large organizations or the governments of United States and South Korea. Experts later concluded that a botnet of over 60,000 computers, infected with an updated Mydoom variant, had been used to launch the attacks. Security researchers from FireEye warn that, even though the DDoS has stopped, the impact of this malware might prove to be a lot bigger. Everything started with a DDoS component being shipped to computers infected with a particular strain of Mydoom, a worm dating back to the beginning of 2004. The attackers planned for the DDoS to start on July 4 (Independence Day) and to end on July 10. The worm drops a file called mstimer.dll and loads it as a windows service named “MS Timer Service.” The purpose of this component is to check the date and if it matches July 10 to execute yet another file, called wversion.exe. Originally, wversion.exe contained instructions to uninstall the timer service, suggesting that its authors intended for it to self-destroy. However, a malware researcher at FireEye explains that another, much more destructive version of wversion.exe was deployed shortly before July 10. The new version features a three-step plan to destroy data on the infected computers. First, it rewrites 512 bytes of every hard disk in the system, not only the one used to boot from. The first 512 bytes of a hard disk are used to store the Master Boot Record and Volume Boot Record, which are employed to store information about the file system and partitions. The new data written over the MBR and VBR includes a string reading “Memory of the Independence Day.” The second destructive step targets the personal files and documents stored on the hard disks. The component searches for files with one of 37 extensions, including .pdf, .doc, .ppt, and proceeds to compressing and password-protecting every one of them.
Source: http://news.softpedia.com/news/DDoS-Worm-Starts-Damaging-Infected-Systems-116551.shtml

Researchers to release tool that silently hijacks EV SSL sessions. If a user thinks they are safe from man-in-the-middle (MITM) attacks as long as they are visiting an Extended Validation SSL (EV SSL) site, then think again: Researchers will release a new tool at Black Hat USA later this month that lets an attacker hack into a user’s session on an EV SSL-secured site. Two researchers, who in March first demonstrated possible MITM attacks on EV SSL at CanSecWest, will release for the first time their proxy tool at the Las Vegas conference, as well as demonstrate variations on the attacks they have discovered. The Python-based tool can launch an attack even with the secure green badge displaying on the screen: “It doesn’t alert the user that anything fishy is going on,” says the principal consultant at Intrepidus and one of the researchers. All it takes is an attacker having a non-EV SSL certificate for a Website, and he or she can hijack any SSL session that connects to it. That is because the Web browser treats the EV SSL certificate with the same level of trust as an SSL domain-level certificate. “There’s no differentiation between the two certs beyond the green badge,” the consultant says. If an attacker has a valid domain-level certificate, he can spoof EV SSL connections and execute an MITM attack, with access and view of all sensitive data in the session, all while the unsuspecting victim still sees that reassuring green badge displayed by his browser.
Source: http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=218500176

Senate increases security funding for religious groups. The U.S. Senate passed a bill that increases funding for the protection of civil, religious and community institutions against terrorist attacks. The Homeland Security Appropriations Bill allocated an additional $5 million in federal resources for a total of $20 million to safeguard high-risk nonprofit organizations. The increase in funding is in part a response to recent plots targeting religious institutions, including a foiled plan to bomb several synagogues in New York and the shooting attack at the U.S. Holocaust Memorial Museum in Washington.
Source: http://jta.org/news/article/2009/07/13/1006500/senate-allocates-20-million-for-the-protection-of-non-profit-and-religious-organizations

Bomb suspect jailed. A 37-year-old man has been charged with possession of what police say was a dangerous, homemade bomb in Norton. Police say they removed chemicals from his apartment used to make explosives, in addition to a homemade bomb police found in the trunk of his car July 6. Residents of the apartment house were evacuated for about an hour as police removed boxes from the suspect’s apartment. He was arrested July 6 on South Worcester Street after police received a tip from a confidential informant that he was going to explode a homemade bomb at Lyons Field at Harvey and Dean streets, the assistant district attorney said. Before they stopped his car, police went to Lyons Field, where there were about 40 children and adults at a Little League game, the assistant district attorney said. The field is about 75 yards from the suspect’s home. After an officer pulled over his car and discovered the suspected bomb in the truck, police and fire officials shut down the area and evacuated nearby homes for about three hours. The device was exploded in an isolated area by the state police bomb squad. “This was a very dangerous, explosive device that was in a very volatile state,” said a police prosecutor detective lieutenant. Police seized a 3-foot cardboard tube, a plastic bag with wires, and a 3-inch plastic “mortar” shell made from gunpowder and other chemicals which the suspect told police he bought on the Internet from a company in Virginia.
Source: http://www.thesunchronicle.com/articles/2009/07/08/news/5266691.txt

Ticking package prompts bomb squad call in Washington. A ticking package that prompted employees at a Westport, Washington, post office to call police has been determined to be a hoax. Westport police tell KBKW News that the package was found to contain some sort of a clock with wires and some fireworks. The package was found outside the building Monday night. U.S. postal inspectors are investigating the incident, saying that hoax devices can cause panic. A note was found with the box, but authorities did not disclose what it said.
Source: http://www.seattlepi.com/local/6420ap_wa_ticking_package.html

Yemeni official: Intelligence warn of attacks. Security was upgraded in Yemen’s capital this week after intelligence reports warned of attacks planned against the U.S. embassies in Algeria and Yemen, a senior security official said Tuesday. The official, who spoke on condition of anonymity because he was not authorized to speak to the media, did not reveal the origin of the intelligence. In the wake of the report, the chief of the intelligence issued directives Monday to increase security around diplomatic missions in the capital and elsewhere in the country. A copy of the directive was shown to the Associated Press. Yemen’s Interior Ministry also issued a statement Monday in which it said it was increasing security around foreign diplomatic missions and commercial interests as a “preventive measure” against potential “terrorist attacks.” The move came as a Yemeni court sentenced six al-Qaida militants to death after convicting them of a string of attacks a year earlier, including a deadly assault on the U.S. embassy in September which left 19 people dead.
Source: http://news.yahoo.com/s/ap/20090714/ap_on_re_mi_ea/ml_yemen_attack_warning

TPS selected for federal grant to improve emergency preparedness. Tulsa Public Schools is among 108 school districts across the U.S. selected for a federal grant to improve emergency preparedness. The U.S. Department of Education just awarded $26 million in grants through the Readiness and Emergency Management for Schools program. The grants may be used to coordinate with local responders, such as fire and police departments, conduct drills and exercises, buy emergency supplies and equipment, and train employees and students on emergency response procedures.
Source: http://www.tulsaworld.com/news/article.aspx?subjectid=298&articleid=20090714_298_0_TulsaP68983

I wrote a grant that got one of these for my school corporation in Indiana.

Bomb squad detonates suspicious devices. A bomb squad unit with the Yakima Training Center detonated two suspicious devices that were dropped off at the Kittitas Sheriff’s Office. They destroyed the devices shortly after 3 p.m. on Tuesday. It is not known whether they were explosives. Police and sheriffs blocked roadways and redirected traffic during the afternoon.
Source: http://www.kndo.com/Global/story.asp?S=10725639&nav=menu484_6_5

Probe into cyberattacks stretches around the globe. British authorities have launched an investigation into the recent cyberattacks that crippled Web sites in the U.S. and South Korea, as the trail to find the perpetrators stretches around the world. On July 13, the Vietnamese security vendor Bach Khoa Internetwork Security (Bkis) said it had identified a master command-and-control server used to coordinate the denial-of-service (DDoS) attacks, which took down major U.S. and South Korean government Web sites. A command-and-control server is used to distribute instructions to zombie PCs, which form a botnet that can be used to bombard Web sites with traffic, rendering the sites useless. The server was on an IP (Internet Protocol) address used by Global Digital Broadcast, an IP TV technology company based in Brighton, England, according to Bkis. That master server distributed instructions to eight other command-and-control servers used in the attacks. Bkis, which managed to gain control of two of the eight servers, said that 166,908 hacked computers in 74 countries were used in the attacks and were programmed to get new instructions every three minutes. But the master server is not in the U.K.; it is in Miami, according to one of the owners of Digital Global Broadcast, who spoke to IDG News Service on July 13. The server belongs to Digital Latin America (DLA), which is one of Digital Global Broadcast’s partners. Digital Global Broadcast was notified of a problem by its hosting provider, C4L, the owner said. His company has also been contacted by the U.K.’s Serious Organized Crime Agency (SOCA). A SOCA official said she could not confirm or deny an investigation.
Source: http://www.computerworld.com/s/article/9135532/Probe_into_cyberattacks_stretches_around_the_globe ?taxonomyId=17

BlackBerry update bursting with spyware. An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life. Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain. It was, it seems, the battery issue that alerted users to something being wrong. Closer examination seems to indicate that all instances of the application were expected to register with a central server, which could not cope with the traffic — thus forcing all the instances to repeatedly attempt to connect while draining the battery. A more phased reporting system might have escaped detection completely. The update is labelled: “Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality.” The signed JAR file, when opened, reveals an application housed in a directory named “/com/ss8/interceptor/app”, which conforms to the Java standard for application trees to be named the reverse of the author’s URL. No one from Etisalat, RIM, or SS8 is saying anything about the issue, despite the fact that the application appears remarkably difficult to remove.
Source: http://www.theregister.co.uk/2009/07/14/blackberry_snooping/

Snooping through the power socket. Security researchers found that poor shielding on some keyboard cables means useful data can be leaked about each character typed. By analyzing the information leaking onto power circuits, the researchers could see what a target was typing. The attack has been demonstrated to work at a distance of up to 15m, but refinement may mean it could work over much longer distances. “Our goal is to show that information leaks in the most unexpected ways and can be retrieved,” wrote two individuals of security firm Inverse Path, in a paper describing their work. The research focused on the cables used to connect PS/2 keyboards to desktop PCs. Usefully, said the pair, the six wires inside a PS/2 cable are typically “close to each other and poorly shielded.” This means that information travelling along the data wire, when a key is pressed, leaks onto the earth (ground in the U.S.) wire in the same cable. The earth wire, via the PC’s power unit, ultimately connects to the plug in the power socket, and from there information leaks out onto the circuit supplying electricity to a room. Even better, said the researchers, data travels along PS/2 cables one bit at a time and uses a clock speed far lower than any other PC component. Both these qualities make it easy to pick out voltage changes caused by key presses. A digital oscilloscope was used to gather data about voltage changes on a power line and filters were used to remove those caused by anything other than the keyboard.
Source: http://news.bbc.co.uk/2/hi/technology/8147534.stm

Online pranksters wreak havoc at hotels, restaurants nationwide. Often imitated and deviously duplicated, a group called PrankNET appears to be at the center of a growing trend that has harried hoteliers and restaurateurs for months and is now being investigated by the Federal Bureau Investigation. The head of PrankNET, who goes by the online name “dex” and has been behaving badly since 2000, leads an online chat system where he and fellow pranksters collaborate. Members of PrankNET chat online, stream their calls live on an Internet radio show and post their greatest hits to a YouTube page, a popular breeding ground for more pranks. During their calls they often drop the name of a security corporation or say they are phoning from a hotel’s front desk to lend themselves an air of credibility — and to get their victims to do surprising things. In February, Dex’s work made headlines when he called a KFC in Manchester, New Hampshire, and convinced workers there to douse the restaurant with fire suppression chemicals, evacuate the building and strip outside in freezing temperatures. Dex accomplished all of this by pretending to be their boss from a corporate office. The sheer difficulty of tracing prank calls placed online, and the social-networking programs used by pranksters, has increased their visibility and daring.
Source: http://www.foxnews.com/story/0,2933,532241,00.html

Chinese-born man convicted of espionage. A Chinese-born engineer was convicted on July 16 of stealing trade secrets critical to the U.S. space program in the nation’s first economic espionage trial. A federal judge found a former Boeing Co. engineer guilty of six counts of economic espionage and other charges for taking 300,000 pages of sensitive documents that included information about the U.S. space shuttle and a booster rocket. Federal prosecutors accused the 73-year-old stress analyst of using his 30-year career at Boeing and Rockwell International to steal the documents. They said investigators found papers stacked throughout his house that included sensitive information about a fueling system for a booster rocket — documents that Boeing employees were ordered to lock away at the close of work each day. They said Boeing invested $50 million in the technology over a five-year period. The judge convicted the engineer of six counts of economic espionage, one count of acting as a foreign agent, one count of conspiracy, and one count of lying to a federal agent. He was acquitted of obstruction of justice. The Economic Espionage Act was passed in 1996 to help the government crack down on the theft of information from private companies that contract with the government to develop U.S. space and military technologies.
Source: http://www.nytimes.com/aponline/2009/07/16/us/AP-US-Economic-Espionage.html?_r=2&ref=global-home

Information stealing phishing e-mail targets Chase customers. The Consumer Protection Board (CPB) of New York State has issued a warning to Chase Bank customers that they could be attacked by a phishing scam involving e-mails that seek personal information in the pretext of upholding new security measures. CPB and Chase have been receiving complaints from anxious customers who have got an e-mail that asks them to urgently fill in a form with details including personal identifiable credentials. Citing fresh security measures apparently launched at Chase, the fake e-mail explains that it is important that recipients complete the form. Meanwhile, the e-mail appears legitimate just as one in a typical phishing scam. Additionally, it displays a web-link and asks the recipients to click on the link. However, the link leads to a fake website where personal information is stolen from the consumers i.e. after the e-mail gets a customer to follow the web-link and access the bogus site, solicitations are made for the customer to enter his confidential information like employment details, credit card number and other personal information. Nevertheless, security researchers stated customers who have replied with their information to these fraudulent messages might become victims since the form solicits their name, phone number, address along with passwords, bank account details, Social Security number, credit card details as well as other sensitive data.
Source: http://www.spamfighter.com/News-12730-Information-Stealing-Phishing-E-mail-Targets-Chase-Customers.htm

Boast leads to arrest in NY Starbucks bombing. A man who allegedly set off a small bomb at a Starbucks coffee shop on May 25 was arrested after he made the mistake of bragging about his exploit to friends, police said on July 15. New York City police commissioner told reporters that a17 year-old male was arrested the night of July 14 at his Manhattan apartment after a police investigation revealed that he bragged to his friends about planting the explosive outside an Upper East Side Starbucks. The male allegedly told his friends prior to the explosion that “Project Mayhem” was about to begin, the commissioner said, and that they should watch the news on Memorial Day. The male suspect was a fan of the movie “Fight Club” and imitated the lead character from the film, the police commissioner said. The movie, released in 1999, also includes a scene in which a Starbucks is destroyed. The commissioner said there is no evidence at this time to suggest that suspect was behind other recent small explosions in the city, such as the bombings at the Times Square Army recruiting center and the Mexican consulate. The suspect made the small explosive out of a plastic bottle, firework powder, a metal cap and electrical tape, the commissioner said. The blast, at 3:30 a.m. on Memorial Day, damaged a nearby bench and shattered the store’s windows, the commissioner said. No one was injured in the explosion, but the bomb was powerful enough to have caused serious injuries if anyone had been nearby, the commissioner added. The suspect has been charged with arson, criminal possession of a weapon and criminal mischief, he added.
Source: http://www.cnn.com/2009/CRIME/07/15/new.york.starbucks.explosion/index.html

Backpack tossed out of truck prompts scare at Tacoma hospital. A backpack thrown out of a truck driving by St. Joseph Hospital prompted a security scare on Wednesday night. Witnesses saw a red truck carrying two men pull up to the entrance of the emergency room around 6:45 p.m. One of the men then threw the backpack out the car window, yelling something indecipherable before speeding away in the truck. Officials evacuated the emergency room and diverted all incoming trauma cases to Tacoma General Hospital as a precaution. The bomb squad arrived on the scene.
Source: http://www.komonews.com/news/local/50907582.html

Swine flu confirmed in 67 at AF academy. Sixty-seven Air Force cadets have tested positive for swine flu and are being isolated at the Air Force Academy in Colorado Springs, a spokesman for the academy said Tuesday. The outbreak is the single largest in Colorado, which up until last week had 146 confirmed cases of the H1N1 virus, according to the State Public Health and Environment Department. Academy officials first became concerned last week when a growing number of incoming freshman cadets, who began basic training in June, started falling ill with flu-like symptoms. One hundred cadets have been isolated in a dormitory, and test results from an Air Force epidemiology laboratory in Texas found that 67 had contracted swine flu.
Source: http://www.military.com/news/article/swine-flu-confirmed-in-67-at-af-academy.html?ESRC=topstories.RSS

Spammers, virus writers abusing URL shortening services. Purveyors of spam and malicious software are taking full advantage of URL-shortening services like bit.ly and TinyURL in a bid to trick unwary users into clicking on links to dodgy and dangerous Web sites. Fortunately, with the help of a couple of tools and some common sense, most Internet users can avoid these scams altogether. According to alerts from anti-virus vendors McAfee, Symantec and Trend Micro, the latest to abuse these services is the Koobface worm, which targets users of social networking sites like Facebook (Koobface is an anagram of Facebook) and Myspace. It is now also spreading via microblogging service Twitter. Koobface arrives as a message that urges users to click on a link to a video, which invariably leads to a site that prompts the visitor to install a missing video plug-in. The fake plug-in turns the user’s system into a bot that can be used for a variety of criminal purposes, from spamming to attacking other computers and spreading the worm. At the same time, URL shortening services appear to be fueling a massive ongoing commercial spam campaign.
Source: http://voices.washingtonpost.com/securityfix/2009/07/spammers_virus_writers_abusing.html?wprss=security fix

Researchers rate all six Microsoft patches as critical. Microsoft on July 14 released six bulletins as part of its monthly patch cycle. Three of the bulletins cover critical flaws, including two unpatched zero-day vulnerabilities. Three other bulletins address important risks that security researchers said can quickly escalate to critical. The CTO of Qualys said Microsoft’s advisories should be addressed immediately because they allow an attacker to take complete control of a victim’s computer. Microsoft proxy server ISA 2006 has a vulnerability rated as important that allows remote unauthenticated users to access the server. However, paired with a knowledge of the administrator’s username, attackers can take full control of the server. Because administrator usernames are often easy to guess, the CTO said, this vulnerability deserves special attention if IT organizations are using ISA with the Radius configuration. Likewise, MS09-030 is an advisory for the Publisher component in the MS Office 2007 suite rated as important, but can be used to take full control of a system if the victim is logged in as administrator. If an organization uses Publisher or has it installed as part of Office 2007, this should be treated as critical as well, the CTO said.
Source: http://www.enterprise-security-today.com/story.xhtml?story_id=67785

Firefox 3.5 vulnerability rated ‘highly critical.’ US-CERT on July 14 warned about vulnerability in the new Firefox 3.5 browser that could allow a remote attacker to execute malicious code. Proof-of-concept exploit code was posted on July 13 on Milw0rm.com, an exploit code aggregation site, so it is likely that the vulnerability is being actively exploited. The vulnerability is related to the way Firefox 3.5 processes JavaScript code. Mozilla has acknowledged the vulnerability and has a fix that is being tested. “The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,” the company said on its security blog. “The vulnerability can be mitigated by disabling the JIT in the JavaScript engine.
Source: http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=218500486

Latest malware trick: outsourcing quality assurance. Creators of Waledac malware enlisted the Conficker botnet as a tool to spread malware of their own, marking the first time Conficker was made available for hire, according to Cisco’s mid-year security report. This was symptomatic of a wider trend Cisco noted of malware purveyors using established business practices to expand their illegal enterprises. Cisco likened the arrangement between Waledac and Conficker to a partner ecosystem, a term Cisco uses to describe its collaboration with other vendors. Waledac used the Conficker distribution channel to send spam and to expand its own botnet, Cisco says. Malware distributors are also outsourcing their quality assurance programs to services provided by the likes of virtest.com, Cisco says. For a fee the site tests malicious files against the latest versions of 26 virus-scanning software products to determine whether the anti-virus software can detect the malware. Cisco says running the malware through this screening results in malware that is 10 to 20 times more effective than it would be otherwise, and frees up the attackers to work on other products rather than test how detectable their current exploits are.
Source: http://www.networkworld.com/news/2009/071409-cisco-security.html

UN health agency gives up on counting swine flu. The World Health Organization says it will stop counting individual cases of swine flu. Tracking individual swine flu cases is too overwhelming for countries where the virus is spreading widely, the agency says in a statement. WHO will no longer issue global totals of swine flu cases, although it will continue to track the global epidemic. WHO says countries should look for signs the virus is mutating, such as changes in the way swine flu is spreading, surges in hospital visits or more severe cases. The agency asks countries to report their first confirmed cases, then provide weekly case numbers with a description of their outbreaks. WHO had reported nearly 95,000 cases including 429 deaths worldwide. But the numbers are outdated, with Britain estimating it had 55,000 new cases the week of July 6 alone.
Source: http://www.google.com/hostednews/ap/article/ALeqM5j5ArhIKTisx0eFmTGjgoSNUOK1cQD99G4O400

Twitter calls lawyer over hacking. The microblogging service Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs. TechCrunch has made public some of the 310 bits of material it was sent. It posted information about Twitter’s financial projections and products. “We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts...or publishes these stolen documents,” said a co-founder of Twitter. In a blog posting he wrote that “About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. “From the personal account, we believe the hacker was able to gain information which allowed access to this employee’s Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company.” The co-founder went on to stress that “the attack had nothing to do with any vulnerability in Google Apps.” He said this was more to do with “Twitter being in enough of a spotlight that folks who work here can be a target.” It is believed a French hacker who goes by the moniker “Hacker Croll” illegally accessed the files online by guessing staff members’ passwords.
Source: http://news.bbc.co.uk/2/hi/technology/8153122.stm

Microsoft sues alleged IM spammers, phishers. Microsoft is bringing out the big guns to combat instant message spam and phishing attacks done to users of its Live Messenger network. The Redmond, Washington-based software giant filed a civil lawsuit on July 16 in King County Superior Court in Seattle against Funmobile, Mobilefunster, and several individuals, who Microsoft says is responsible for the intentional misuse of the service to gain the personal information of its users. In the suit, Microsoft cites a multitude of attacks including IMs that appear to be coming from users they know, as well as phishing attacks that mimic the look and feel of an outside service, or an official Microsoft support page. Microsoft says that the successful use of these tactics has let third parties obtain these users’ personal account information, then exploit it by sending mass spam and phishing messages to the contacts of users whose accounts have been breached. In a post on Microsoft’s security blog Microsoft on the Issues, Microsoft’s associate general counsel of Internet safety enforcement said the company hopes the suit will accomplish three things. One is to stop companies and individuals from continuing the attacks through injunction. Microsoft also intends to “recover monetary damages,” as well as send a message to other parties who would try similar tactics. Microsoft counts the number of its Windows Live Messenger users at more than 320 million, although the suit makes no mention of how many of those users have been affected by the privacy attacks. However, it does say that the attacks have put a strain on the servers that run the service, as well as its security teams, which have to monitor and combat incoming attacks. In the meantime, the company is urging users of its Live Messenger service and other Live services not to give other people their log-in information.
Source: http://news.cnet.com/8301-27076_3-10289104-248.html

Turkish hacker hits Portland Web sites. A handful of Portland Web sites became the unsuspecting targets of Turkish hackers over the weekend of July 11. The home page of the Central Northeast Neighbors was replaced by a message claiming the site had been cracked by a Turkish hacker. Five other sites were also hit. The owner of the company that hosts and services the sites said the hacker simply erased the homepage and replaced it with his own. The owner keeps all the files and data on private servers. He hosts more than 30 sites, but only a handful were hacked. He said there is no way of knowing who is really responsible. “I suspect he’s in Turkey, (but) I don’t know where he is,” the owner said. “I think these people do this just to show he can do it.” A Google search on July 15 showed numerous sites claiming to be hacked. All sites were running as normal by July 15.
Source: http://www.kptv.com/technology/20075160/detail.html

Ireland’s largest ISP may be under attack. Ireland’s largest Internet service provider has been experiencing performance problems for more than a month, and some researchers believe it has become the victim of multiple DNS poisoning attacks. Users first began complaining of slow response times at the end of May, according to online bulletin boards. Some users also complained that their Web queries were being redirected to other sites. Many of those queries ended up at the same advertising site, which suggests a DNS compromise, according to a blog by a security researcher at Trend Micro. Complaints from Eircom users reportedly intensified at the beginning of July, and the week of July 6 the ISP issued a statement that confirmed the problem: “Customers may have recently experienced delays in web browsing and may have been unable to access the Internet,” the statement said. “In some cases, customers may have been redirected to incorrect Websites. This issue has been caused by an unusual and irregular volume of internet traffic being directed onto our network, and this impacted the systems and servers that provide access to the Internet for our customers. Eircom is working continuously to minimize the impact for customers and has taken a number of steps, including software updates and hardware interventions, to fully restore Internet service.” But the week of July 13, users again are reporting problems using the ISP’s services. In a second statement issued July 14, the ISP conceded that the problem may be a second attack. “While it is too early to confirm, Eircom believes that [this week’s performance issues are] related to an unprecedented volume of traffic deliberately directed at our network which has caused difficulties for customers over recent days,” the company says.
Source: http://www.darkreading.com/securityservices/security/attacks/showArticle.jhtml?articleID=218501038&subSection=Attacks/breaches 37

Mozilla denies vulnerability as exploitable in new version of Firefox. A flaw discovered in the new version of Firefox is not exploitable, said Mozilla on July 19, responding to reports of another susceptibility in the browser. The vulnerability, originates from the software’s Unicode text handling system which let a remote attacker to execute arbitrary code through Web sites Mozilla on July 17 had announced the availability of Firefox 3.5.1 to fix a critical security vulnerability traced in the browser’s new TraceMonkey JavaScript engine. But reports by security researchers at the Internet Storm Centre revealed vulnerability in Firefox 3.5.1 which might lead to code injection. BM Internet Security Services and the National Vulnerability Database have reported vulnerability as critical. The vulnerability, originates from the software’s Unicode text handling system which let a remote attacker to execute arbitrary code through Web sites. If the visitor hits the affected page, the software breaks downs, launching denial of service attack. There is no defense available at the moment other than deactivating Java script which is not practical for many web users.
Source: http://www.themoneytimes.com/featured/20090720/mozilla-denies-vulunerability-exploitable-new-version-firefox-id-1077048.html

Clever attack exploits fully-patched Linux kernel. A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews. The exploit code was released on July 17 by an individual who works for grsecurity, a developer of applications that enhance the security of the open-source OS. While it targets Linux versions that have yet to be adopted by most vendors, the bug has captured the attention of security researchers, who say it exposes overlooked weaknesses. Linux developers “tried to protect against it and what this exploit shows is that even with all the protections turned to super max, it’s still possible for an attacker to figure out ways around this system,” said a senior security researcher at Immunity. “The interesting angle here is the actual thing that made it exploitable, the whole class of vulnerabilities, which is a very serious thing.” The vulnerability is located in several parts of Linux, including one that implements functions known as net/tun. Although the code correctly checks to make sure the tun variable does not point to NULL, the compiler removes the lines responsible for that inspection during optimization routines. The result: When the variable points to zero, the kernel tries to access forbidden pieces of memory, leading to a compromise of the box running the OS.
Source: http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/

Memory-hogging bug offers universal browser crash exploit. Security researchers have published details of a security flaw that can crash multiple browsers across multiple platforms. There are many more flaws out there that are more serious, but the security shortcomings in JavaScript’s DOM (Document Object Model) are nonetheless noteworthy because the issue affects Firefox, Safari, Opera, Chrome and Internet Explorer to a lesser or greater extent. Even smartphones, such as the iPhone and Nokia N95, as well at the Sony PS3 might be forced to crash using the approach, obliging users to reset devices. The flaw works by tricking a browser into allocating huge chunks of memory, behavior likely to result in a crash. Using JavaScript’s DOM (Document Object Model) to create a selection menu on a web page with a very high value sets up the trick. H Security explains that the coding trickery results in a huge allocation of memory. This is not in itself a problem if the memory area is defined as read only, but problems arise in the many cases where browsers fail to stop overwrites, leading to two processes trying to get at the same portion of memory at the same time and therefore provoking browser crashes. The flaw presents a browser crash rather than malware injection risk in all cases. Crashing is most easily achieved on IE, with all versions of Microsoft’s browser affected. Versions of Ubuntu running Konquerer might be forced to reboot if exposed to attacks based on the bug because of a memory management failure issue.
Source: http://www.theregister.co.uk/2009/07/17/universal_browser_crash_bug/

Beware debit card scam. Watchdog is passing on a warning from the South Carolina Department of Consumer Affairs alerting state residents about a debit card scam. Midlands residents are being targeted, but consumer affairs warns that the scam is expected to spread across the state. Consumer affairs says people are receiving calls claiming their debit cards have been blocked and are told to respond to automated instructions to “unblock” or “re-activate” their cards. Reports from consumers indicate the scam is targeting both cell phones and landlines. The scam is designed to obtain sensitive bank account numbers, and consumer officials urge people to avoid answering the phone or hang up immediately if they receive a call from the following number: 520-882-7767. The number belongs to an Arizona heating and cooling company and is fraudulently being used without the company’s permission to perpetrate the scam, officials said.
Source: http://www.postandcourier.com/news/2009/jul/21/warning_watch_out_new_debit_card_scam89825/

Flu vaccine for fall won’t protect against swine virus. The Food and Drug Administration approved a seasonal flu vaccine on Monday, in plenty of time to protect people against the three standard flu strains expected to spread this fall. The agency warned, though, that the seasonal vaccine will not guard H1N1 influenza, which has caused more than 40,000 cases and 260 deaths in the United States and its territories. Its novelty is what makes it so dangerous. Most people, particularly those younger than 50, haven’t been exposed to the new virus or viruses like it, so they are relatively defenseless against infection. On June 11, the World Health Organization issued its highest infectious-disease alert, declaring that a flu pandemic had begun. The pandemic flu virus only compounds the already considerable threat posed by seasonal influenza, which results in about 200,000 hospitalizations and 36,000 deaths every year.
Source: http://www.usatoday.com/news/health/2009-07-20-fluvaccine_N.htm

Blackberry maker questions Etisalat software upgrade. Research in Motion (RIM), the Canadian company that produces the BlackBerry mobile e-mail device, has distanced itself from a recent software patch sent to its UAE customers by Etisalat, and called into question statements made by the operator. In a statement mailed to the media, RIM said the Etisalat software, labeled as “spyware” by a prominent mobile security company, is “not a patch and it is not a RIM authorized upgrade.” “RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application,” it said. “Independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry hand-held, but rather to send received messages back to a central server.” Like Etisalat, RIM has said little on the software patch since reports of its negative effects on handsets and intended function as an e-mail monitoring and tool emerged last week. The company cancelled scheduled interviews with the local media and has not replied to requests for comment. But in the eight-page statement, the company took issue with Etisalat’s response, which described the patch as “required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.” According to the RIM document, “in general terms, a third-party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low-level radio communications protocols that would be involved in making such improvements.” “In this case, Etisalat appears to have distributed a telecommunications surveillance application,” it added, saying that it “does not endorse the development of this type of software for any platform.”
Source: http://www.thenational.ae/apps/pbcs.dll/article?AID=/20090721/BUSINESS/707219986/-1/SPORT

Naked video of ESPN reporter used to spread virus. If a user happens to come across a Web site that claims to feature video footage of an ESPN sportscaster naked, do not click on it. Clever hackers are using the demand for the video to spread a computer virus, according to anti-virus and security company Sophos.
Source: http://www.seattlepi.com/tvguide/408278_tvgif20.html

F-secure – detection radar fails to identify sophisticated phishing attacks. According to security company F-Secure, samples of well-designed targeted attacks evidently suggest that while maintaining a suspicious approach does a lot to keep up security, some particularly risky attacks might just pass users’ notice. Targeted attacks, also called spear phishing attacks, generally send a carefully crafted electronic message to specially selected individuals. The e-mails are well written without the usual errors and typos that normally accompany malicious e-mail campaigns. They are much fewer in number but comparatively more harmful than ordinary attacks. For its analysis, F-Secure cited seven samples that used lures for infecting targeted persons in various organizations so that their computers could be accessed. The security vendor says that all attack codes would plant malware on the victims’ computers, but these attacks’ targets remain unknown. Among the five samples, one message uses German language and another Russian. If anybody viewed the .doc or .pdf files, they perhaps will not find anything missing. These messages have the chances of getting blocked if users’ security software is up-to-date. Further, targeted attacks that exploit software flaws could also be prevented if users already have security patches installed, provided the attacks chase un-patched zero-day vulnerabilities. The company says that till May 2009, the file format that was abused to the maximum was the PDF format. However, during 2008, F-Secure detected nearly 1,968 files in targeted attacks among which DOC, i.e. Microsoft Word file, was the most widely used file type representing 34.55 percent. The changes seen in the popularity of file types was chiefly due to more security flaws in Adobe Reader/Acrobat compared to in Microsoft Office software, security analysts stated. They further added that these targeted assaults had been increasing very fast everywhere. Moreover, in similar news, CPP the life support organization indicated that in the United Kingdom, over 77 percent of people got phishing e-mails spoofing banks during June 2008-May 2009.
Source: http://www.spamfighter.com/News-12754-F-Secure-Detection-Radar-Fails-to-Identify-Sophisticated-Phishing-Attacks.htm

Adobe doles out bug-filled PDF Reader to users. Adobe delivers an out-of-date version of Reader to users who download the popular application from its Web site, a security company warned on July 20. The edition Adobe currently offers includes at least 14 security vulnerabilities that have been patched by the company in the last two months. Danish vulnerability tracking vendor Secunia first noticed that Adobe was offering an outdated Reader when users of its Personal Software Inspector (PSI) utility, which scans Windows PCs for unpatched applications, started complaining when the tool said they were running a vulnerable version, even though they had just downloaded the PDF viewer. “There was some confusion about Adobe Reader,” said the manager of the PSI partner program. “Users had downloaded the latest Reader, but still PSI was telling them that it was vulnerable.” At first, Secunia suspected that PSI was throwing off a “false positive,” but that was not the case. “Adobe.com ships software with known vulnerabilities,” the manager said. The version now hosted on Adobe’s Web site is Reader 9.1, an edition that was released March 10 to plug several holes, including one that had been actively exploited by hackers since at least January 9, 2009. Adobe has issued two security updates since then. The first, released May 12, patched another “zero-day” bug in Reader, while the second, issued June 9, fixed at least 13 critical flaws reported by outside researchers and secretly patched an unspecified number of bugs found by Adobe’s own security team. Computerworld confirmed that Adobe’s Web site offers Reader 9.1 to users who download the application. Adobe did not reply to a request for comment on why it posts an out-of-date edition on its site.
Source: http://news.idg.no/cw/art.cfm?id=9993F159-1A64-6A71-CE634C98EC3363A7

Lexington rescue workers destroy fake bomb. Several downtown streets were blocked and some residents were asked to stay in their houses for several hours the night of July 20 after a fake bomb was found behind the Carnegie Center for Literacy and Learning in Lexington, Kentucky. People going in and out of the center reported a device lying on top of a trash can at the bottom of the steps at the back of the building at about 6 p.m., said a police sergeant. The building and Gratz Park were evacuated, feeder streets leading into the block were closed, and people who live in the area were asked to stay inside. The item, which looked like a bomb, was x-rayed and found not to have a charge, the sergeant said. It was then destroyed using a water cannon.
Source: http://www.kentucky.com/211/story/868544.html

Defend the homeland: read a book.

Congress must do more to protect grid from cyber, nuclear attacks. Congress should pass measures to protect the nation’s electric grid against electromagnetic pulses emitted after a nuclear blast, witnesses told a hearing on July 21. When a nuclear warhead detonates at altitudes between 25 and 250 miles, it emits a high-altitude electromagnetic pulse, or EMP, which disrupts and damages electronic systems, including electric grids, the chairman of the Commission to Assess the Threat to the United States From Electromagnetic Pulse told the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. Geomagnetic storms that occur from significant changes in solar wind pressure can have a similar impact, he said. The chairman recommended that a bill, H.R. 2195, which would amend the Federal Power Act, address the threat of a cyberattack against the electric grid and address electromagnetic threats from nuclear EMP attacks and large-scale geomagnetic storms. Other critics have said the bill would not prompt owners and operators of electrical facilities to do their part to enhance cybersecurity and should be expanded to address other components of the nation’s critical infrastructure such as transportation and water. NERC released 40 Critical Infrastructure Protection standards designed to defend critical infrastructure from cybersecurity threats and is working on additional standards that are expected to have initial industry approval by the fourth quarter of 2009, said its chief security officer. NERC also might incorporate into security standards elements of the National Institute of Standards and Technology’s Special Publication 800-53, which provides recommended security controls for federal information systems. These standards do not address EMP directly, though NERC is looking into the threat. Federal government should hold emergency authority to take action in case of an attack, but should not set standards for protection of the electric grid, he added. “Preparedness and awareness efforts like the assessments, alerts and standards are necessary, but not sufficient, to protect the system against specific and imminent threats,” he said. “NERC firmly believes that additional emergency authority is needed at the federal level to address these threats, and NERC supports legislation that would give an agency or department of the federal government necessary authority to take action.”
Source: http://www.nextgov.com/nextgov/ng_20090721_4170.php?oref=topstory

Intruder caused ammonia leak, officials say. An official with Magellan Midstream Partners says an intruder tampered with an ammonia pipeline that caused a massive leak in Pawnee County on Saturday. In an email Monday, the government and media affairs director said, “Initial indications are that the release was caused by the unauthorized opening of a valve by an unknown third party. Magellan is working with local law enforcement authorities as part of the continued investigation.” The Pawnee County Sheriff’s office alerted Magellan about 1:30 a.m. on Saturday when ammonia began leaking from the pipeline. The undersheriff says the area is secured by a chain link fence. Law enforcement is investigating the incident as a criminal case. As many as 100 people were evacuated from a five square mile area around Skedee. Hazmat crews sealed the leak by that afternoon, and residents were allowed to return home. The Magellan Midstream Partners pipeline runs from Verdigris to Enid, then up to Minnesota.
Source: http://www.kjrh.com/content/news/2viewgc/story/Intruder-caused-ammonia-leak-officials-say/Za4wgEm1gk-6hoybjcE1CQ.cspx

Buckhead MARTA station opens after scare. The Buckhead MARTA station re-opened at 1:55 p.m. July 21 — three hours after authorities began investigating a suspicious package. The package was discovered shortly after 11 a.m. outside the station. The MARTA police assistant chief said the contents of the package had not been determined at 12:30 p.m. The station, which is on Peachtree Road, was evacuated, and a “bus bridge” was set up to transport passengers between the Lindbergh Center rail station to the south and the Medical Center station to the north. Police also closed Peachtree Road adjacent to the station. Peachtree Road was reopened to vehicles shortly before 12:30, but the station remained closed the assistant police chief said. Police also evacuated nearby buildings, including the Atlanta Financial Center.
Source: http://www.ajc.com/news/atlanta/buckhead-marta-station-opens-96852.html?cxntlid=homepage_tab_newstab

White powder scare No. 2. The city of Sebring, Florida, was again disrupted by the arrival of suspicious envelopes, and the target this time was the Highlands County Sheriff’s Office. Just after 2 p.m. Tuesday, two envelopes containing a suspicious white powder arrived at the sheriff’s office in the mail, according to the sheriff’s chief of staff. Approximately 40 employees were evacuated from the first and second floors a few minutes later as one letter was delivered to each level. Once outside, department heads were busy checking to make sure all their staff members were out of the building. Emergency responders quickly arrived on the scene and began taping the area off. The threat did not disrupt 911 dispatchers or Highlands County Jail officials and operations continued as usual. The substance found inside the envelopes has tested negative for anthrax or any other biochemical.
Source: http://www2.highlandstoday.com/content/2009/jul/21/211754/sheriffs-office-evacuates-after-suspicious-envelop/

Report: federal documents detail iPods overheating, catching fire. Apple iPods have burned users or caught fire more than a dozen times, but neither the company nor the federal government has disclosed this to the public, according to a Seattle television station. In a report posted on its Web site on July 22, KIRO-TV says it used the Freedom of Information Act to get more than 800 pages of Consumer Product Safety Commission documents regarding iPod-related injuries and property damage. Within the documents were details of at least 15 separate incidents where iPods overheated, sparked, smoked, caused burns or caught fire, KIRO-TV said. The station became interested when an individual of Arlington, Washington, was mystified by a penny-sized burn on her chest in November 2008. “At first I thought, how in the heck did I get burned?” she told a KIRO-TV reporter. “Then I remembered that I had my iPod right there.” KIRO-TV filed an FOIA request in December 2008, but said the CPSC documents took seven months to arrive, delayed by Apple lawyers filing several exemptions. A 14 year old of Portland, Oregon, described being burned by an iPod Nano she had gotten for Christmas in 2007, one of the incidents mentioned in the documents. “I picked it up and it was really hot, and so my first instinct was to drop it so I didn’t burn myself,” she told KIRO-TV. “But I looked at my hand and it was red and it started to get swollen.” Other incidents included a teenage girl’s bedside chair catching fire when an iPod overheated, and another iPod catching fire aboard a ship with thousands of people aboard. An Apple representative had no official comment.
Source: http://www.foxnews.com/story/0,2933,534275,00.html See also: http://www.kirotv.com/money/20089894/detail.html

Report: Cyber expert shortage may hinder government in protecting Web sites, internal systems. U.S. federal government agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found. The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are “on their own and sometimes working at cross purposes or in competition with one another.” The report, scheduled to be released on July 22, arrives in the wake of a series of cyberattacks in July that shut down some U.S. and South Korean government and financial Web sites. The recruiting and retention of cyber workers is hampered by a cumbersome hiring process, the failure to devise government-wide certification standards, insufficient training and salaries, and a lack of an overall strategy for recruiting and retaining cyber workers, the study said. “You can’t win the cyber war if you don’t win the war for talent,” said the president of the Partnership for Public Service, a Washington-based advocacy group that works to improve government service. “If we don’t have a federal work force capable of meeting the cyber challenge, all of the cyber czars and organizational efforts will be for naught.” The study was drafted by the partnership and Booz Allen Hamilton as the U.S. Administration struggles to put together a more cohesive strategy to protect U.S. government and civilian computer networks.
Source: http://www.latimes.com/news/nationworld/politics/wire/sns-ap-us-internet-security,1,5665316.story

Firefox 3.0.12 patches five critical problems. Mozilla on July 21 released Firefox 3.0.12, an update to the open-source browser that fixes five critical security vulnerabilities and fixes a handful of other bugs. “We strongly recommend that all Firefox 3.0.x users upgrade to this latest release,” Mozilla said on its developer blog. “If you already have Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting ‘Check for Updates...’ from the Help menu.” Version 3.0.12 fixes five critical problems and one high-level security problem, according to the Mozilla security advisory site. Mozilla is trying to move people to the newer Firefox 3.5, which offers faster JavaScript program execution, new privacy features, and a handful of technologies geared for more powerful Web applications. And Mozilla is pushing the new browser hard. Security and stability fixes for the 3.0.x series will end in January 2010.
Source: http://news.cnet.com/8301-1009_3-10292587-83.html?part=rss&tag=feed&subj=News-Security

Open-source firmware vuln exposes wireless routers. A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made by Linksys and other manufacturers that allows attackers to remotely penetrate the device and take full control of it. The remote root vulnerability affects the most recent version of DD-WRT, a piece of firmware many router users install to give their device capabilities not available by default. The bug allows unauthenticated users to remotely gain root access simply by luring someone on the local network to a malicious website. “This means someone can even post some crafted [img] link on a forum and a dd-wrt router owner visiting the forum will get owned,” a user wrote in this posting to Milw0rm. “A weird vulnerability you’re unlikely to see in 2009. Quite embarrassing I would say.” Messages sent through the DD-WRT website to the software designers were not returned by time of publication, but comments posted to this user forum thread said the vulnerability affected the most recent builds, prompting a user by the name of autobot to declare the vulnerability a “mini code red.” The bug resides in DD-WRT’s hyper text transfer protocol daemon, which runs as root. Because the httpd does not sanitize user-supplied input, it is vulnerable to remote command injection. While the httpd does not listen on the outbound interface, attackers can easily access it using CSRF (cross-site request forgery) techniques.
Source: http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/

Explosive found in Goodwill drop box in Arvada. Police are looking for whoever left a military explosive device in a Goodwill store drop box in Denver, Colorado on or the day before July 21. The device, thought to be a claymore mine, was found by a Goodwill employee familiar with mines used by the military. A bomb squad that removed the device was not sure whether it was functional. The strip mall surrounding the drop box and store was evacuated.
Source: http://www.denverpost.com/news/ci_12887579

Electric Grid
July 22, 2009 by national

Legislation must allow fast action in case of physical attacks, like an EMP pulse, or cyber attacks against the electric grid, experts say

Although some have considered an Electromagnetic Pulse (EMP) on the nation’s electric grid unlikely, experts told a panel of the House Homeland Security Committee Tuesday that if the US completely ignores the possibility of such an attack, the possibility of an attack gets much higher.

“Some in government have taken the position that EMP attack and geomagnetic storm disruption are low-probability events…” said William Graham, chairman for the Commission to Assess the Threat to the United States from Electromagnetic Pulse, a congressionally mandated commission to study the risk of EMP pulses. “By ignoring large scale, catastrophic EMP vulnerability, we invite such attack on our infrastructure by adversaries looking to attack us where we are weak, not where we are strong.”

A high-altitude EMP is the result of the detonation of a nuclear warhead at altitudes between 40-400 km above the Earth’s surface, Graham told the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.

“The immediate effects of EMP are disruption of, and damage to, electronic systems and electrical infrastructure,” Graham said. “EMP is not reported in the scientific literature to have direct effects on people.”

Subcommittee chairwoman Yvette Clarke (D-NY) said the risk of an EMP attack or cyber attack is a significant threat to homeland security.

“Many nation states, like Russia, China, North Korea, and Iran, have offensive cyber attack capabilities, while terrorist groups like Hezbollah and al Qaeda continue to work to develop capabilities to attack and destroy critical infrastructure like the electric grid through cyber means,” Clarke said.
http://www.nationalterroralert.com/updates/2009/07/22/house-panel-examines-emp-cyber-terror-threats-to-electric-grid/

Defend the homeland: read a book.

Bump.

Pipe bomb found near North Mountain Park. Employees at the Bonneville Power Administration on North Mountain Avenue in Ashland, Oregon found an active pipe bomb near the power plant at about 1 p.m. on July 22 during a routine grounds check, police said. The Oregon State Police Bomb Squad had deactivated the homemade bomb by about 3:20 p.m. and no one was injured in the incident, said a lieutenant with the Ashland Police Department. “Once the device was dismantled the bomb techs confirmed that the device was a good pipe bomb,” the lieutenant wrote in a release. Despite it’s proximity to the power plant, which supplies the city with electricity, police do not believe the bomb was intended to harm a particular place or group, he said. “It’s unknown how or why it ended up in the location it was found,” he said. “It doesn’t look like anybody was targeted at this time.” As of the afternoon of July 22, police had no leads on who may have been responsible for the bomb, he said. The bomb will be sent to the Oregon State Crime Lab.
Source: http://www.dailytidings.com/apps/pbcs.dll/article?AID=/20090722/NEWS01/907229996/-1/NEWSMAP

U.S. citizen admits al Qaeda ties. A U.S. citizen pleaded guilty earlier this year to attempting to kill American soldiers overseas and providing material support to al Qaeda, including information about the New York transit system, according to court documents unsealed July 22 in Brooklyn federal court. The U.S. citizen, 26 years old, born in the New York borough of Queens, became an al Qaeda militant after receiving training from the terrorist organization outside the U.S., according to criminal charges brought by the U.S. attorney in Brooklyn. The militant is cooperating with authorities and provided them with information about possible terror plots on rail targets in New York, according to a person familiar with the matter. Also, an affidavit he has provided is expected to be entered in court in Belgium as part of a different terrorism case. In another indication of cooperation, he has waived his right to an indictment by a grand jury and pleaded guilty in January to charges brought directly by the government. A sentencing date has not been set, typically a sign prosecutors want to wait until criminal cases against others are completed so a defendant can receive credit for cooperation. He has admitted he attempted to fire rockets at a U.S. military base in Afghanistan last September, according to the documents. He was apprehended in Pakistan in November and currently is in custody in New York, said people familiar with the matter. Court documents say he received training from al Qaeda between March and August of last year, and also provided the group with “specialized knowledge” of the New York transit system and Long Island Railroad. The Metropolitan Transit Authority of New York, which said he has never been an employee, said it has been cooperating with authorities, and that there was “never an imminent threat to the system.”
Source: http://online.wsj.com/article/SB124831838104074909.html?mod=googlenews_wsj

Canada reports first case of Tamiflu-resistant A/H1N1 flu. Canada on Wednesday reported its first case of Tamiflu-resistant A/H1N1 flu virus, in a man who had been given the drug to prevent infection. A 60-year-old man from Quebec province was given the flu antiviral after his son fell ill with the pandemic virus. But he came down with the flu anyway. It was believed the resistance arose in his body. But he recovered quickly and did not require hospital treatment. There is no evidence he transmitted the resistant virus to anyone else. This is the world’s fourth such case since the new A/H1N1 virus was discovered in April. Japan has since reported its second case, the world’s fifth such case.
Source: http://news.xinhuanet.com/english/2009-07/23/content_11755881.htm

U.S. trials for H1N1 vaccine announced. In a race to beat the flu season, medical institutes across the United States will begin human trials for a new H1N1 flu vaccine starting in early August, the University of Maryland announced Wednesday. In the hope of getting the vaccine to those who will need it most by October, the clinical trials will enroll as many as 1,000 adults and children at 10 centers nationwide, said officials at the Center for Vaccine Development at the University of Maryland School of Medicine, which will lead the effort. The trials will measure the safety and effectiveness of the vaccine. The research is a first step toward U.S. health officials’ goal of developing a safe and effective vaccine against H1N1, also known as swine flu, which has been declared a global pandemic by the World Health Organization.
Source: http://www.cnn.com/2009/HEALTH/07/22/swine.flu.vaccine.trials/

Swine flu hits Navy group visiting Hawaii. Three visiting Navy ships with sailors quarantined with flu-like symptoms will leave for San Diego today after 69 sailors and Marines were confirmed to have had H1N1 swine flu. The amphibious assault ship Boxer, the dock landing ship Comstock, and the cruiser Lake Champlain will be heading back to the West Coast after a seven-month deployment, the Navy said. Thousands of sailors and Marines from the ship grouping have been on leave in the Islands since Friday. Meanwhile, the amphibious transport dock ship New Orleans, which had been outside Pearl Harbor, will pull into port today for a visit, officials said. All four ships in the Boxer Amphibious Ready Group have crew members quarantined with flu-like symptoms, but the Navy yesterday could not say how many are in isolation in medical wards on the ships. A spokeswoman for the Navy’s Third Fleet in San Diego said the ships have stopped sending samples to the Centers for Disease Control and Prevention for H1N1 confirmation because swine flu already has been identified. Sailors in quarantine are being treated as if they have H1N1.
Source: http://www.military.com/news/article/swine-flu-hits-navy-group-visiting-hawaii.html?ESRC=topstories.RSS

Hacking dossier exposes U.S. military embarrassment. The British courts have seen details of numerous intrusions by hackers into some of the U.S. military’s most sensitive systems. The list of violated military agencies is detailed in a document published exclusively by Computer Weekly on July 22, a Crown Prosecution Service review of U.S. evidence against the UFO hacker. The suspect’s lawyers used the CPS’ ‘Review Note 3’ to support their argument in the High Court that U.S. evidence against the UFO hacker is too weak to secure a prosecution in the United Kingdom and unlikely even to uphold allegations against the suspect in the United States. The document nevertheless demonstrates how vulnerable U.S. military computer systems were to attack before and after the September 11th attacks. The United States has accused the hacker of accessing, copying, altering, and deleting files from U.S. military systems. But the United Kingdom’s public prosecutor said the United States did not have enough evidence to bring him to trial. The dossier of hacks claims that hackers installed Remotely Anywhere on machines belonging to US 902nd Military Intelligence, a counter-intelligence unit at Fort Meade, Maryland, prior to March 6, 2002.
Source: http://www.computerweekly.com/Articles/2009/07/22/237005/hacking-dossier-exposes-us-military-embarrassment.htm

Adobe promises patch for seven-month old Flash flaw. Adobe Systems Inc. on July 23 admitted its Flash and Reader software have a critical vulnerability and promised it would patch both next week. One security researcher, however, said Adobe’s own bug-tracking database shows that the company has known of the vulnerability for nearly seven months. In a security advisory posted around 10 p.m. Eastern time on July 22, Adobe acknowledged that earlier reports were on target. “A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems,” the company said. The “authplay.dll” mentioned in the advisory is the interpreter that handles Flash content embedded within PDF files, and is present on any machine equipped with Reader and Acrobat. Adobe said it would patch all versions of Flash by July 30, and Reader and Acrobat for Windows and Mac no later than July 31. Until a patch is available, Adobe said users could delete or rename authplay.dll, or disable Flash rendering to stymie attacks within malformed PDF files. Adobe did not offer any similar workaround for Flash and could only recommend that “users should exercise caution in browsing untrusted websites.”
Source: http://www.computerworld.com/s/article/9135826/Adobe_promises_patch_for_seven_month_old_Flash_fla w

Vietnam security firm in trouble after tracking hackers. The Vietnam Computer Emergency Response Team (VNCERT) has received an “official complaint” from its South Korean counterpart, the Korea Internet Security Center (KrCERT), about a Vietnamese cyber-security firm’s efforts to track down the source of computer virus attacks on Web sites in South Korea and the U.S., officials said on July 22. The virus attacks earlier this month on sensitive government and business Web sites in the U.S. and South Korea caused widespread concern. The source of the attacks was variously reported to be North Korea, Britain and elsewhere. “I am very frustrated with this case because I had not expected the way people would respond to our help,” said the director of leading Vietnamese cyber security company Bach Khoa Internetwork Security (BKIS). Shortly after the cyber-attacks were made public in early July, the BKIS center claimed to have traced the source of the attacks to a master server in Britain. Vietnamese media for the past few days quoted officials from VNCERT, the state-agency authorized to handle incidents that originate in Vietnam networks as well as reported by any foreign persons or institutions, as saying BKIS had breached Vietnamese and international rules during its investigation of the cyber-attacks. VNCERT said it had received an “official complaint” on July 16 from its Korean counterpart KrCERT, stating the South Korean agency had never requested BKIS to help investigate the attacks, as BKIS had claimed. “It is a very sensitive case,” said the director. “BKIS is only a small centre, but successful in finding the origin of attackers, and then we get in trouble.”
Source: http://www.enterprise-security-today.com/story.xhtml?story_id=67902

Adobe investigating zero-day bug in Flash. Researchers on July 22 said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers. The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent. Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said the principal researcher at Purewire, a Web security services provider. In a post on its Web site, Adobe said it “is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information.” “The authors of the exploit have managed to take a bug and turn it into a reliable exploit using a heap spray technique,” a researcher wrote on a Symantec Security blog post. “Typically an attacker would entice a user to visit a malicious Web site or send a malicious PDF via e-mail,” he writes. “Once the unsuspecting user visits the Web site or opens the PDF this exploit will allow further malware to be dropped onto the victim’s machine. The malicious PDF files are detected as Trojan.Pidief.G and the dropped files as Trojan Horse.”
Source: http://news.cnet.com/8301-27080_3-10293389-245.html?part=rss&tag=feed&subj=News-Security

Protecting industrial networks against evolved cyber threats. According to the head of Air Liquide’s U.S. Operations Control Center (OCC) in Houston, Texas, hackers over the past year have increased their focus on finding vulnerabilities in technologies at gas, energy, and manufacturing plants, with the intent of causing disruption to operations. Basic technologies like firewalls are no longer enough to stop threats as new variants and attack vectors are created, he says. OCC evaluated a list of network intrusion prevention solutions and selected Top Layer Security’s IPS 5500 solution. The bypass mode on the Top Layer IPS 5500 enabled OCC to plug the device into its network and immediately identify many active attacks originating from countless sources. A number of these threats were initiated by compromised computers that had not been patched with the latest Microsoft security updates, which alerted OCC to revise its patching process along the way.
Source: http://www.controleng.com/article/316214-Protecting_Industrial_Networks_against_Evolved_Cyb er_Threats.php

Landstown HS suspect to be tried as adult. The alleged mastermind of an apparent plot to bomb Landstown High School in Virginia Beach will be tried as an adult, a judge ruled July 22. The suspect is now 18 and was 17 at the time he was arrested. He is accused of making explosives in his home which officers say he then planned to take to the school on the anniversary of the Columbine massacre. The Juvenile Court Judge allowed the publication of the man’s identity, saying it is already widely known after being published in the paper. The judge closed the certification hearing at the request of defense attorneys.
Source: http://www.wvec.com/news/topstories/stories/wvec_local_072209_landstown_bomb_threat_trail.6573 6727.html

Microsoft admits it can’t stop Office file format hacks. Microsoft’s plan to “sandbox” Office documents in the next version of its application suite is an admission that the company cannot keep hackers from exploiting file format bugs, a security analyst said on July 23. “What’s been happening is that Office has lots of vulnerabilities,” said Gartner’s primary security analyst. “For the past 18 months, hackers have been fuzzing Office file formats,” he said, referring to the practice of “fuzzing,” a tactic that relies on automated tools that drop random data into applications to see if, and where, breakdowns occur. Fuzzing has been a hacker’s best friend: Microsoft has repeatedly had to patch file format vulnerabilities in Office applications, most recently in July when it fixed a flaw in Publisher 2007 and in June, when it patched seven vulnerabilities in Excel and two more in Word. “What’s happening is that the bad guys are using fuzzing tools to find vulnerabilities in Office, and now Microsoft is saying, ‘Okay, we can’t find, let alone fix, every vulnerability. So here’s a way to put a sandbox around the vulnerability.” The sandbox technique mentioned is a new addition to Office 2010, the upcoming upgrade to Microsoft’s bestselling Windows application suite. According to a senior security program manager with the Office team, Office 2010 will sport something called “Protected View” that isolates Word, Excel and PowerPoint files in a read-only environment. The sandbox, said the program manager in a post to a company blog this week, will have “minimal access to the system, and no access to your other files and information. Even if the file is malicious, it can’t get out of the sandbox and do harm to your computer or data.”
Source: http://www.computerworld.com/s/article/9135852/Microsoft_admits_it_can_t_stop_Office_file_format_ hacks

This article will self-destruct: Tool to make online personal data vanish. Computers have made it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer. The University of Washington has developed a way to make such information expire. After a set time period, electronic communications such as e-mail, Facebook posts and chat messages would automatically self-destruct, becoming irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them. The team of UW computer scientists developed a prototype system called Vanish that can place a time limit on text uploaded to any Web service through a Web browser. After a set time text written using Vanish will, in essence, self-destruct. A paper about the project went public on July 22 and will be presented at the Usenix Security Symposium Aug. 10-14 in Montreal. The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered. In the current Vanish prototype, the network’s computers purge their memories every eight hours. (An option on Vanish lets users keep their data for any multiple of eight hours.) Unlike existing commercial encryption services, a message sent using Vanish is kept private by an inherent property of the decentralized file-sharing networks it uses.
Source: http://www.sciencedaily.com/releases/2009/07/090721113309.htm

I've seen this thread hundreds of times, but never looked in here. Great posts. Keep it up!

I've seen this thread hundreds of times, but never looked in here. Great posts. Keep it up!

Thanks, BB. How's it hangin'?

Pandemic survey finds 1 in 6 public health workers unlikely to respond. Approximately 1 in 6 public health workers said they would not report to work during a pandemic flu emergency regardless of its severity, according to a survey led by researchers at the Johns Hopkins Bloomberg School of Public Health. The findings are a significant improvement over a 2005 study conducted by the same research team, in which more than 40 percent of public health employees said they were unlikely to report to work during a pandemic emergency. The new study suggests ways for improving the response of the public health workforce. The results are published in the July 24 edition of the journal PLoS ONE. The online survey was conducted among 1,835 public health workers in Minnesota, Ohio, and West Virginia from November 2006 to December 2007. The survey analysis was based on the Extended Parallel Process Model (EPPM), which postulates that willingness to follow instructions in an emergency is based on an individual’s perception of a threat’s validity and belief that the actions taken can be feasibly accomplished and will have a positive impact on the threat.
Source: http://ohsonline.com/articles/2009/07/27/pandemic-survey-finds-1-in-6-public-health-workers-unlikely-to-respond.aspx

Swine flu sufferers pass bug to at least two others, study says. Swine flu sufferers pass the bug to about two other people, fostering its spread, according to the first published study of the pandemic strain’s infectiousness in the Southern Hemisphere. Researchers in New Zealand and the Netherlands used mathematical modeling to estimate the transmission potential of the new H1N1 strain, also known as swine flu. In New Zealand, where winter weather is fanning the worst flu season in more than a decade, the virus may be spreading more easily than it did in Mexico, where it emerged more than four months ago. The research, published in Friday’s New Zealand Medical Journal, may help public health officials in North America and Europe anticipate what to expect when the pandemic virus circulates there next winter. The reproduction number in New Zealand is 1.96, meaning that up to 79 percent of people could potentially catch the germ during the epidemic, said one of the study’s authors.
Source: http://www.bloomberg.com/apps/news?pid=20601124&sid=adrAANGzz3r4

Theft used stealthy computer code. The world suddenly seemed a lot smaller in late June, following the theft of $415,000 from a bank account belonging to Bullitt County government. Investigators say Ukrainian criminals hacked their way into Bullitt government computers using malicious code also used to hijack $6 million from banks in the United States, United Kingdom, Spain and Italy in 2007. Federal investigators are still trying to determine where the Bullitt taxpayers’ funds have gone. An FBI spokesman from the Louisville office said the investigation may take several more weeks. But computer experts say the malicious code, which Bullitt officials identified as “ZeuS,” is a stealthy type of trojan software popular among hackers. A trojan is a program that appears legitimate but actually performs illicit activity. Bullitt County and its bank, Elizabethtown-based First Federal Savings Bank, are just beginning to grapple with the ramifications left in ZeuS’ wake. Bullitt officials said the culprits hacked into an e-mail to gain access to county government passwords and used them to withdraw funds from an account used to pay county employees. Bullitt County recovered $105,813.06 of the $415,989.17 discovered missing June 29 by reversing transactions in accounts still containing the stolen money.
Source: http://www.courier-journal.com/article/20090727/ZONE10/907270320/Theft+used+stealthy+computer+code

FBI to investigate Placentia library hacking. The FBI is hunting down the hackers that hijacked the Placentia Public Library Web site the morning of July 24, a bureau official said the same afternoon. “The FBI will open and investigation into this incident,” said an FBI spokeswoman. The spokeswoman, who works out of the bureau’s Los Angeles field office, said that the FBI has a special unit that investigates “cyber crimes, computer intrusions, defacements, more traditional crimes like fraud and child exploitation.” Visitors to the Placentia Library Web site were greeted by an image of a flapping flag with a crescent moon and star behind a portrait of famed Turkish leader Mustafa Kemal Ataturk. Underneath was the phrase “Editaarruz is back.” A group calling itself the “Federal Atack Team” has apparently hacked www.placentialibrary.org — disabling the site completely. The word “taarruz” means “attack” or “offensive” in the Turkish language.
Source: http://www.ocregister.com/articles/site-web-search-2506225-google-placentia

Critical out-of-band patch for Internet Explorer 8. Microsoft is cooking a security refresh for Internet Explorer 8, and earlier supported versions of the browser, that will be released on July 28. According to the Redmond company, the IE update will be accompanied by a security bulletin for Visual Studio. The software giant underlined that, although two separate security bulletins were scheduled for release come July 28, both updates were designed to resolve a single, overall security problem. The move comes as a necessity to ensure that customers benefit from the broadest protections possible explained the director of MSRC. “While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported,” the director noted. The patches coming July 28 are what Microsoft refers to as out-of-band security updates.
Source: http://news.softpedia.com/news/Critical-Out-of-Band-Patch-for-Internet-Explorer-8-117601.shtml

Hackers may slip through hole found in Adobe tools. Cybercriminals may have a clear path to spread mayhem on computers this week by taking advantage of a newly discovered vulnerability in Adobe’s ubiquitous Flash video player and Acrobat Reader, the widely used tool for opening PDF documents. Since early July, troublemakers have been e-mailing PDF files with corrupted Flash video clips and hacking into websites to implant them. These clips, when activated, enable attackers to quickly install malicious programs on the user’s computer. Criminals typically take control of PCs, turning them into obedient “bots.” The number of attacks could soar this week as Adobe scrambles to develop an emergency patch by July 31. The company recently began issuing security patches once a quarter, with the next update scheduled on Sept. 8. “The volume of cybercrime has been increasing, so we’ve stepped up our efforts to supply best-in-class security,” says Adobe’s senior vice president and general manager of business productivity. But even that might not solve the problem. Adobe alerts computer users every seven days about software updates that can include security patches, but users often defer installing such updates. The security firm has already found a booby-trapped e-mail sent to a corporate executive.
Source: http://www.usatoday.com/tech/news/computersecurity/2009-07-26-adobe-hackers_N.htm

HP researchers develop browser-based darknet. Two researchers for Hewlett-Packard have created a browser-based darknet, an idea that c
ould make it easier for businesses to keep eavesdroppers from uncovering confidential formation. Darknets are encrypted peer-to-peer networks normally used to communicate in files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary servers. However, two HP researchers plan during the week of August 3 to demonstrate a browser-based darknet called “Veiled,” which they claim requires little proficiency to set up and run. “This will really lower the barriers to participation,” one of the researchers told ZDNet UK. “If you want to create a darknet, you can send an encrypted e-mail saying, ‘Here’s the URL.’ When (the recipient visits) the Web site, the browser can just get (the darknet application) going.” The researchers are scheduled to demonstrate the technology next week at the Black Hat security conference in Las Vegas.
Source: http://news.cnet.com/8301-1009_3-10295761-83.html

CDC predicts H1N1 virus to affect 40% of Americans. The Center for Disease Control and Prevention’s Advisory Committee on Immunization Practices will meet Wednesday to decide on an approach for inoculating Americans against the H1N1 virus. That comes after the agency projected that the virus could affect up to 40 percent of the U.S. population. The CDC’s prediction includes both individuals who contract the swine flu and an estimated number of people who will forgo work to take care of sick friends or family members. The CDC also predicts that anywhere between 90,000 and “several hundred thousand” Americans could die of swine flu or swine flu-related illnesses over the course of the next two years, according to an Associated Press report. To derive this estimate, the CDC used the Asian Flu pandemic of 1957 as a model. An effective vaccine strategy, however, could curb the effects of the virus’ spread, officials say. There are 160 million doses of H1N1 vaccine on order by the U.S. government. These will be ready for distribution in October, pending the success of trials currently underway in Australia and scheduled to begin next week in the United States, HealthDay reported.
Source: http://www.mcknights.com/CDC-predicts-H1N1-virus-to-affect-40-of-Americans/article/140676/

Health officials warn of H1N1 virus spread in S California. Health officials have warned of a spread of the A/H1N1 flu virus in Southern California when students return to the schools in September, a report said on Monday. After hundreds of students having been sent home from summer camps in the region in recent weeks due to flu-like symptoms, health officials said they are worried about what would happen when the school year begins, local television channel KABC reports. California health officials have received reports of flu outbreaks at 16 camps in eight counties, according to the report. Although most reported flu cases have been mild, some health workers fear that a vaccine may not be available in time to stop the spread of the virus.
Source: http://news.xinhuanet.com/english/2009-07/28/content_11784853.htm

Falls Church man sentence in terror plot is increased to life. A Falls Church man convicted of plotting with al-Qaeda to kill the former U.S. President was resentenced to life in prison Monday after the judge said his release would threaten “the safety of the American citizenry.” The suspect had been given a 30-year prison term after he was convicted in 2005 of joining an al-Qaeda conspiracy to mount a series of September 11-style attacks and assassinations in the United States. The U.S. Court of Appeals for the 4th Circuit upheld the conviction last year but sent the case back for resentencing, indicating that the sentence should be more severe. U.S. District Judge obliged on Monday, saying he had reevaluated the case and concluded that the danger of ever releasing the suspect is too great. “I cannot put the safety of the American citizenry at risk,” he said, citing the suspect’s “unwillingness to renounce the beliefs that led to his terrorist activities.” Prosecutors said the suspect had taken credit for originating the plot against the former President, which had not advanced beyond the talking stage. They said the plot included crashing airplanes, killing members of Congress, and bombing nightclubs and public gatherings.
Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/07/27/AR2009072701384.html?hpid=moreheadlines

Whatever happened to the Conficker worm? The hugely talked-about computer worm, Conficker, seemed poised to wreak havoc on the world’s machines on April Fool’s Day. And then nothing much happened. But while the doom and gloom forecast for the massive botnet, a remotely controlled network that security experts say infected about 5 million computers, never came to pass, Conficker is still making some worm hunters nervous. A program director at SRI International, a nonprofit research group, said Conficker infects millions of machines around the world. And the malware’s author or authors could use that infected network to steal information or make money off of the compromised computer users. “Conficker does stand out as one of those bots that is very large and has been able to sustain itself on the Web,” which is rare, said the program director who also is a member of the international group tracking Conficker. Still, computer users, even those infected with Conficker, have not seen much in the way of terrifying results. After the botnet relaunched April 1, it gained further access to an army of computers that the program’s author or authors could control. The only thing the author or authors have done with that power, though, is to try to sell fake computer-security software to a relatively small segment of Conficker- stricken computers, the program director said. The lack of a major attack has led some people in the security community to assume that the worm is basically dead. The chief research officer with F-Secure, an Internet security company, says the people who created Conficker would have launched a major offensive by now if they were going to. The chief research officer, who is scheduled to speak about the Conficker botnet next week at Black Hat, a major computer security conference, said he thinks whoever made Conficker did not mean for the worm to get so large, as the size of the botnet drew widespread attention from the security community and the media. “This gang, they knew their stuff. They used cutting-edge technology that we had never before…I’ve been working in viruses for 20 years, and there were several things that I’d never seen at all,” he said. “That, to me, would tell that perhaps this is a new group or a new gang, someone who tried it for the first time.” He added, “The more experienced attackers don’t let their viruses or their worms spread this widely. They, on purpose, keep their viruses smaller in size in order to keep them from headlines.” Veteran botnet creators tend to hold the size of the malicious networks to about 2,000 to 10,000 computers to keep from being noticed, he said.
Source: http://www.cnn.com/2009/TECH/07/27/conficker.update/index.html

Black Hat: Smart meter worm attack planned. An employee of IOActive intends to unleash a worm on a smart meter at the Black Hat security conference on July 30. Smart grid, the emerging power distribution infrastructure upgrade, may not be the bright idea its name suggests. In the rush to modernize the way electricity moves, security appears to be an afterthought. At Black Hat on July 30, the employee, a senior security consultant with IOActive, plans to conduct a worm attack on a smart meter, a part of the smart grid that is being installed at consumers’ homes around the country. The worm, he claims, can copy itself from one smart meter to the next in a neighborhood, ultimately causing power outages and rendering the smart meter inoperable. “Many of the security vulnerabilities we found are pretty frightening and most smart meters don’t even use encryption or ask for authentication before carrying out sensitive functions like running software updates and severing customers from the power grid,” he said in a statement. The IOActive president and CEO said much the same thing in March when he testified before the Committee of Homeland Security and the Department of Homeland Security. “Based on our research and the ability to easily introduce serious threats, IOActive believes that the relative security immaturity of the smart grid and AMI markets warrants the adoption of proven industry best practices including the requirement of independent third-party security assessments of all smart grid technologies that are being proposed for deployment in the nation’s critical infrastructure,” he said.
Source: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=218700250

First-responders prep for school incident. In a Special Tactics and Response (S.T.A.R.) team drill of the Clute, Texas, police department on June 22, a bus in the Brazoswood High School parking lot is full of students from 12 to 17 years old and being “terrorized” by a lone gunman. The man is “father” to one of the students and going through a divorce and a child custody dispute.
“This drill has never been done before, and with the problems today with student shootings in the past several years, it has become a major concern of ours,” the drill’s lead operative said. “New legislation is in the works, but not passed yet, that would allow for concealed handguns on school premises. We want to be prepared so as not to be caught off guard.” Involved in the drill were members of the S.T.A.R. squad, Clute’s police, EMS and fire departments.
Source: http://thefacts.com/story.lasso?ewcd=97dbd333895f00bd

Napolitano to unveil new antiterror plans. The Secretary of the Department of Homeland Security Secretary is expected to outline Wednesday the Administration’s domestic approach to preventing terrorist attacks — a strategy that will rely in large measure on refining and expanding initiatives launched under the previous President. On Wednesday, the Homeland Security Secretary will outline a strategy to prevent terrorism that incorporates officials at every level of government nationwide, the first major statement on counterterrorism strategy from the new Administration. One element of the new approach will be the expansion of a pilot program started during the previous Administration to train police to report such suspicious behavior as the theft of keys from a facility that keeps radiological waste.
Source: http://online.wsj.com/article/SB124882460649888397.html

On Fox and Friends this morning, Napolitano was asked, point blank, by Doocy if she would say that this meant that the programs established under Bush were effective. I couldn't hear the rest of the interview as some soft shoe music began blaring out of the speakers as Ms. Napolitano began her attempts to dance away from answering that.

Anti-terrorism drills to take place across S. Fla. Law enforcement officers across South Florida chased down “terrorists” on Wednesday in a large scale anti-terrorism drill. Beginning at 7:00 a.m. Wednesday, the Region 7 Southeast Regional Domestic Security Task Force, comprised of Palm Beach, Broward, Miami-Dade and Monroe County agencies, participated in the training exercise called “Operation Cassandra.” The objective of “Operation Cassandra” is to test the regions resources, response and capabilities during a simulated threat by a fictitious terrorist group directed at multiple locations simultaneously throughout South Florida. Dozens of law enforcement agencies and medical facilities teamed up for the operation.
Source: http://cbs4.com/local/anti.terror.drill.2.1104601.html

Iphone SMS attack to be unleashed at Black Hat. Apple has just over a day left to patch a bug in its iPhone software that could let hackers take over the iPhone, just by sending out and SMS (Short Message Service) message. The bug was discovered by a noted iPhone hacker, who first talked about the issue at the SyScan conference in Singapore. At the time, he said he had discovered a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code. Since then he has been working hard, and he now says he has been able to take over the iPhone with a series of malicious SMS messages. In an interview on July 28, he said he will show how this can be done during a presentation at the Black Hat security conference in Las Vegas on July 30 with another security researcher. “SMS is an incredible attack vector for mobile phones,” said an analyst with Independent Security Evaluators. “All I need is your phone number. I don’t need you to click a link or anything.” The analyst reported the flaw to Apple about six weeks ago, but the iPhone maker has yet to release a patch for the issue. Apple representatives could not be reached for comment, but the company typically keeps quiet about software flaws until it releases a patch.
Source: http://www.pcworld.com/businesscenter/article/169245/iphone_sms_attack_to_be_unleashed_at_black_hat.htm l

Browser SSL warnings shown to be ineffective. New research shows that Secure Socket Layer (SSL) warnings, used in web browsers to indicate a problem with a web page’s certificate or the potential for a man-in-the-middle (MITM) attack, are ineffective. “The big takeaway is that computer security warnings are not an effective way of addressing computer security,” a study researcher and co-author, an associate professor of computer science, engineering and public policy at Carnegie Mellon University, told SCMagazineUS.com on July 28. “People don’t read warnings and don’t understand them when they do read them.” The study, conducted by Carnegie Mellon University researchers during 2008, tested 400 internet users’ behaviors when SSL warnings were displayed on Firefox 2, 3 and Internet Explorer 7. Researchers wrote a paper based on the study called, “Crying Wolf: An Empirical Study of SSL Warning Effectiveness” and will present their findings August 14 at the USENIX Security Symposium in Montreal. The study found that the different web browsers had different approaches to dealing with warnings, and that Firefox (3.0) made it more difficult for users to override the warnings and proceed to the page, the researcher said. But, still the warnings on all three browsers were largely ineffective, and one browser did not manage to communicate the risks any better than another. By not paying attention to SSL warnings, or being unable to understand them, a user is more susceptible to falling for phishing attacks, the researcher said. The worse-case scenario is when an attacker has launched an MITM attack, and the user connects to a bogus site. If a user gets a warning about an invalid certificate, ignores it, then tries to buy something on the site, the user could be handing their credit card information over to attackers.
Source: http://www.scmagazineus.com/Browser-SSL-warnings-shown-to-be-ineffective/article/140717/

BIND crash bug prompts urgent update call. A vulnerability in BIND creates a means for miscreants to crash vulnerable Domain Name System servers, posing a threat to overall internet stability as a result. Exploits targeted at BIND (Berkeley Internet Name Domain Server) version 9 are already in circulation, warns the Internet Software Consortium, the group which develops the software. ISC urges sys admins to upgrade immediately, to defend against the “high risk” bug. Sys admins are urged to upgrade BIND servers to versions 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 of the software, which defend against the flaw. The vulnerability involves BIND servers that act as a master (slave systems are unaffected) and involves problems in dealing with malformed update messages, which can be used to cause a server to crash, as explained in a security alert by ISC. Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert. BIND is used on a great majority of DNS servers on the Internet. DNS maps between easy-to-remember domain names, understood by humans, and their corresponding numerical IP addresses, needed by computers. Simply put, the system can be compared to a phone book for the internet. Playing with this system creates a means to possibly derail surfing and email delivery, among many other undesirable effects.
Source: http://www.theregister.co.uk/2009/07/29/bind_flaw/

Athlete describes bomb attack at World Outgames. Danish police arrested a 31-year-old man caught after tossing a third bomb and charged him with a hate crime, according to Danish media. The first bombing occurred around 2 p.m. during a men’s track event. After a brief delay and with everyone assuming the first blast was a prank, the race was set to resume. A second bomb was tossed. The suspect was carrying a backpack containing another half-dozen or so bombs, a Seattle native and track event participant stated. The Seattle runner was injured by the second bombing and had to under surgery to have shrapnel removed from some of limbs. The devices that exploded on the track were described as being powerful, about nine inches in length, with blue plastic covering and a fuse that burning after it landed. The World Outgames 2009 in Copenhagen, Germany run July 25- August 2. The games host more than 5,000 participants from more than 90 nations, mostly from Europe, North America and Australia.
Source: http://www.outsports.com/os/index.php/component/content/article/52-outgames2009/255-athlete-describes-bomb-attack-at-world-outgames

Pipe bomb found on beach of popular resort town. Ocean City police say a civilian found an apparent pipe bomb on the beach of the resort town. It happened July 28 at about 1:50 p.m. on 40th Street and the beach. Police evacuated the area for about an hour. Using robotic equipment, technicians with the Ocean City bomb squad successfully removed the device. Technicians found that it was an improvised explosive device and rendered it safe. The incident is under investigation by the Ocean City Fire Marshal’s office.
Source: http://www.foxnews.com/story/0,2933,535192,00.html

Air Force tests anti-ground C-130 laser. An Air Force C-130 incinerated a dummy ground target by firing a megawatt-class chemical oxygen iodine laser at White Sands Missile Range, New Mexico during a June 13 test of the service’s Advanced Tactical Laser (ATL), Boeing officials said. The test flight originated from nearby Kirtland Air Force Base, New Mexico. The ATL, configured to deploy on a C-130, is designed to destroy ground targets while moving with little or no collateral damage. The roughly $200 million ATL program began in late 2002. Several more flight tests are planned for this summer.
Source: http://www.armytimes.com/news/2009/07/defense_atl_test_072909/

Thanks, Ronald Reagan!

Lafourche first responders drill for Columbine-style school shooting. Law enforcement officials from Lafourche Parish, Louisiana, staged a mock school-shooting incident Wednesday morning at a local school to train police on the latest procedures to deal with someone opening fire at an educational facility. “Local first-responders will respond to the incident and use the training they’ve received over the past few years…to respond and be critiqued,” the sheriff said. Standard protocol for such situations has changed in the aftermath of the Colorado massacre at Columbine High School, the sheriff said, adding that protocol now calls for first-responding officers to actively seek and engage the shooter(s). Prior to Columbine, it was standard procedure for responding officers to secure the perimeter, then await the arrival of S.W.A.T. members. Officials said the drill is a cooperative effort between the Sheriff’s office, the Lafourche Parish School Board, Central
Lafourche High School, the Louisiana State Police and their SWAT team, Acadian
Ambulance, St. Anne Hospital, and the Lafourche Parish Office of Emergency
Preparedness.
Source: http://www.wwl.com/Lafourche-first-responders-drill-for-Columbine-
sty/4896729

Computer virus Hidrag.a rapidly spreading across networks. Security researchers have found Hidrag.a, a computer virus, which spreads through browser exploits, network shares and IRC (Internet Relay Chat), as reported by Pc1news on July 10, 2009. Researchers state that once the virus is executed, it stays inside the system’s memory and attempts to infect .scr and .exe files running on the infected PC. In addition, Hidrag.a might establish a backdoor that allows an intruder to make an unhindered entry to the infected computer, putting possible banking and financial data at risk. After execution, Hidrag.a makes its own duplicate copy of approximately 36K in size and plants it on the Windows directory by naming it svchost.exe, according to the researchers. Following this, the virus registers the ‘.exe’ file within the auto-run key of the PC’s registry. The researchers also state that Hidrag.a has a connection with various other files like setup.exe, malware.exe and NoDNS.exe. In fact, other security companies also analyzed this virus. While Symantec and McAfee refer Hidrag.a as W32.Jeefo, Microsoft refers it as Jeefo.A. Other names given to Hidrag.a are Jeefo-3, Virus.Parite.B, TROJ_FLOOD.AF, and so on. Meanwhile, the security researchers said, the malicious Hidrag.a virus has caused the maximum number of infections in the United States where an aggregate of 43,601 strains of malevolent web traffic has been reported. China, which follows the United States, has as many as 42,597 strains of malevolent traffic owing to Hidrag.a. Along with these nations, Brazil, Japan and India are other countries that are infected with the malicious Hidrag, while the United Kingdom, Germany, France, Italy and Russia have also been infected.
Source: http://www.spamfighter.com/News-12803-Computer-Virus-Hidraga-Rapidly-Spreading-Across-Networks.htm

Clampi virus targets companies’ financial accounts. Cybersecurity experts are racing to tame a fast-spreading computer virus that takes deadly aim at financial accounts that are universally used by businesses. The virus, called Clampi, “is pretty scary,” says the editor of DarkReading, a technology security news site. “It’s worth worrying about.” At least 500,000 computers have been infected by Clampi since March, and it is spreading “by leaps and bounds,” a researcher told cybercrime experts meeting recently at the Black Hat security conference in Las Vegas. Anti-virus programs can detect and block Clampi, but the attackers are adept at tweaking it so it gets through, the researcher says. Clampi is one of a few dozen “banking Trojans” that target online financial transactions. But unlike some that prey on consumers’ online banking accounts, the criminals behind Clampi “are going after bigger fish,” primarily companies, says a senior analyst at anti-virus firm F-Secure. Windows PCs can pick up the Clampi infection when a user clicks on a tainted Web page, including ones on innocuous-looking legitimate sites that have been hacked. An infected PC then waits to see if the user logs into personal accounts at any of 4,600 Web pages for a wide array of businesses and government agencies, and their banks. It then sets a trap to obtain the user name and password of network administrators who have clearance to access all of an organization’s Windows PCs. It logs on as the administrator, then spreads companywide. Attackers are then able to wire cash transfers to “mule” accounts they control using banks’ automated clearinghouse (ACH) systems. Because Clampi and other banking Trojans are so ubiquitous, businesses should make online financial transactions only on PCs dedicated to those tasks, and that are not used for e-mail, accessing social networks or browsing the Internet, the researcher says.
Source: http://www.usatoday.com/tech/news/computersecurity/2009-07-30-clampi-computer-virus_N.htm

Influenza pandemic: Gaps in pandemic planning and preparedness need to be addressed. The U.S GAO released a report on July 29 stating that gaps still remain in current pandemic preparations. GAO’s work points out that while a number of actions have been taken to plan for a pandemic, including developing a national strategy and implementation plan, many gaps in pandemic planning and preparedness still remain. This statement covers six thematic areas: (1) leadership, authority, and coordination; (2) detecting threats and managing risks; (3) planning, training, and exercising; (4) capacity to respond and recover; (5) information sharing and communication; and (6) performance and accountability. “The current H1N1 pandemic should serve as a powerful reminder that the threat of a pandemic influenza, which seemed to fade from public awareness in recent years, never really disappeared,” GAO’s report summary stated. “While federal agencies have taken action on 13 of GAO’s 24 recommendations, 11 of the recommendations that GAO has made over the past 3 years have not been fully implemented. With the possibility that the H1N1 virus could become more virulent this fall or winter, the administration and federal agencies should use this time to turn their attention to filling in the planning and preparedness gaps GAO’s work has pointed out.”
Source: http://www.gao.gov/products/GAO-09-909T

Presidential motorcade, safe house info revealed in P2P data leak. Earlier this year, Tiversa, Inc., a firm which monitors peer-to-peer (P2P) file sharing services, discovered leaked information about the President’s helicopter on a computer in Iran. On July 29, the company’s CEO told the House Oversight and Government Reform Committee that Tiversa has discovered even more extremely sensitive documents, this time on the LimeWire file-sharing network. According to Computerworld, the files included information about a Secret Service safe house for the President’s family, and the Pentagon’s network infrastructure. The files also contained specific details about motorcade routes, and every nuclear facility in the United States. As a result, the committee chairman plans to introduce a bill which would ban P2P sharing on all government computers and networks. The committee also lambasted the LimeWire chairman (who was present) for allegedly not implementing tighter security measures which had been requested by the government two years ago. A U.S. representative said that the “recent LimeWire leaks range from appalling to shocking.” But, Tiversa also issued the committee a warning two years ago, when a board member and retired-General said that the “American people would be outraged” if they knew the full extent of the sensitive information being leaked through file-sharing networks.
Source: http://www.switched.com/2009/07/30/presidential-motorcade-safe-house-info-revealed-in-p2p-data-lea/
See also: http://www.crn.com/software/218900042;jsessionid=4S1I1ZMMPKYEGQSNDLPSKH0CJUNN2 JVN

Apple computers vulnerable to new cyber attacks, expert warns. Apple Mac computers are not foolproof and can be manipulated by hackers despite their virus-free reputation, a security expert has warned at a conference in Las Vegas. A Mac researcher said at the Black Hat security conference, which is one of the top conferences in the industry, that while Mac viruses remain rare they will become more popular as Apple gains market share. The researcher demonstrated a type of software that is designed to run on certain systems to steal information or control a computer. The “Machiavelli” technique effectively took advantage of vulnerabilities in Apple’s software that many users ignore, as the Mac computer is often marketed by Apple as hardware that does not attract viruses. “There is no magic fairy dust protecting Macs,” he told The Age. The researcher, who co-wrote “The Mac Hacker’s Handbook” with another computer researcher, pointed to research that shows Apple held 9 percent of the computer market in the second quarter of the year. The two also said that because the Mac software holds more code than Microsoft’s Windows operating system, there are more opportunities for hackers to take advantage of the software.
Source: http://www.smartcompany.com.au/information-technology/20090731-apple-computers-vulnerable-to-new-cyber-attacks-expert-warns.html

Adobe patches 12 Flash bugs, 3 caused by Microsoft. Adobe on July 30 patched 12 vulnerabilities in Flash Player, including three it inherited from faulty Microsoft development code and one that hackers have been exploiting for at least a week. In a security advisory published on July 30, Adobe briefly spelled out the dozen vulnerabilities, 10 that were pegged as potentially leading to hijacked systems or with hackers executing their own malware on a machine. The vulnerabilities affect the Windows, Mac, and Linux versions of Flash Player. Still to patch: the Solaris edition. Last week, Adobe had promised that it would patch Flash on July 30 after reports surfaced of attacks against both Flash and Adobe Reader, a popular PDF viewer. Hackers have been attacking users running Flash through drive-bys hosted on compromised Web sites, and targeting people running Reader via a bug in the Flash interpreter baked into that program. Reader and Adobe Acrobat are slated for an update on July 31. Adobe also took care of three vulnerabilities within Flash that were the result of the company’s developers using a buggy Microsoft code “library” when they built the program. On July 29, Adobe confirmed that it had used Microsoft’s flawed development code, specifically the Active Template Library (ATL), a code library included with Visual Studio, to create both Flash Player and Shockwave Player. The latter was patched that same day.
Source: http://www.computerworld.com/s/article/9136116/Adobe_patches_12_Flash_bugs_3_caused_by_Microsoft? taxonomyId=86

Anti-theft software could create security hole. A piece of anti-theft software built into many laptops at the factory opens a serious security hole, according to research presented on July 30. The “Computrace” software, made by Vancouver-based Absolute Software Corp., is part of a subscription service that is used to find lost or stolen computers. Many people do not know it is on their machines, but it is included in computers from the biggest PC makers. The software is built into computers at the factory because that embeds it so deeply that even the extreme act of uninstalling the operating software will not delete it. The software is included in a part of the computer known as the BIOS, which refers to programs used to boot the computer. The service Absolute sells can be valuable because sensitive data can be purged remotely from a stolen machine. The computer is still able to reach out to a specially designated Web site for instructions even if a criminal is tampering with the machine. But research by two individuals with Boston-based Core Security Technologies, and presented on July 30 at the Black Hat security conference in Las Vegas, shows it can cut two ways. If a criminal has infected a computer that has the Computrace technology, he can take deep control of a machine. That is because he is able to modify the computer’s settings to maintain a connection with that machine even if the operating software is uninstalled then reinstalled, an extreme way, but sometimes the only way, to make sure a computer is cleaned of viruses.
Source: http://www.msnbc.msn.com/id/32228651/ns/technology_and_science-security/

Single misplaced ‘&’ caused latest IE exploit. A security hole in Internet Explorer that opened the browser to hackers since early July was caused by a single typo in Microsoft’s code. An errant ampersand (“&”) took the blame for the exploit, admitted Microsoft in a blog published on July 28 at its Security Development Lifecycle (SDL) Web site. A security program manager at Microsoft explained in his blog that the typo corrupted the code of an ActiveX control used by the browser. The control was created by Microsoft using an older library of code, which Howard admitted has flaws. Because of those flaws, the typo caused the code to write untrusted data, exposing the browser to the bad guys. Outside of its regular Patch Tuesday routine, Microsoft issued an emergency fix for IE, which it said would block attempts to exploit the flaw in ActiveX controls. Development tools like Microsoft’s own Visual Studio use the same library of code, known as Active Template Library (ATL). On the same day it released the emergency patch for IE, the company also released a Visual Studio fix. The manager said the typo would have been difficult to spot in a review of the code, and that none of Microsoft’s code analysis methods would have uncovered it either.
Source: http://news.cnet.com/8301-10805_3-10298697-75.html

Quogue woman charged with photographing air base. A Quogue, Long Island woman with two guns in her car was arrested after she was found taking pictures of the Air National Guard base in Westhampton Beach on the night of July 30, according to the Suffolk County Sheriff’s Office. The woman, who had an XM-15 assault rifle and a shot gun along with a cache of ammunition in her car, took photos of the perimeter of the base at Gebreski Airport on a number of prior occasions as well, guardsman reportedly told deputy sheriffs. A Southampton Town Police officer spotted her when she returned after she had been warned not to return by guardsmen, sheriffs said. She was charged with criminal trespass and was arraigned at Southampton Town Justice Court where she pleaded not guilty and was ordered held on $50,000 bail at Suffolk jail. The Sheriff’s Office reported the incident to the FBI’s Joint Terrorism Task Force as well as the Department of Homeland Security, who are investigating.
Source: http://www.longislandpress.com/2009/08/01/quogue-woman-charged-with-photographing-air-base/

Multiple Adobe security holes closed. Adobe has released an out-of-cycle patch for its Flash Player, AIR, Reader and Acrobat software, closing more than 10 vulnerabilities that potentially left users open to attack. It closes a recent vulnerability in Flash that was highlighted by Symantec and actively exploited in the wild. It also fixes 11 other flaws, including three that fixed problems in vulnerable Microsoft code (its Active Template Library (ATL)). All of the fixed vulnerabilities were critical, with most having the potential to allow an attacker to take over a user’s system. Details of how to update the Adobe software can be found in its security bulletin. Adobe is planning its next regular quarterly security update for Adobe Reader and Acrobat on 13 October.
Source: http://www.itpro.co.uk/613459/multiple-adobe-security-holes-closed

Hackers reveal security vulnerability in trusted sites. A nefarious new tactic used by hackers works similar to a telephone tap, intercepting information between computers and the trusted Web sites they visit. Hackers at last week’s Black Hat and DefCon security conferences revealed a significant flaw in the way Web browsers filter untrustworthy sites and block users from accessing them. The flaw allows cybercriminals who penetrate a network to establish a secret eavesdropping position, enabling them to capture passwords, credit card numbers and other private data flowing between computers on that network and the Web sites users believe are safe. In an even more worrisome scheme, a hacker could hijack the auto-update feature on a victim’s computer, and trick it into automatically installing malicious code from the attacker’s Web site. In that case, the computer would simply believe the code was a valid update coming from the software manufacturer.
Source: http://www.redorbit.com/news/technology/1730542/hackers_reveal_security_vulnerability_in_trusted_s ites/

Surveillance camera hack swaps live feed with spoof video. Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface. At the Defcon hacker conference in Las Vegas, the Viper Lab researchers demonstrated new additions to UCSniff, a package of tools for sniffing internet-based phone conversations. The updates offer tools that streamline the process of intercepting video feeds, even when they are embedded in voice-over-internet-protocol traffic. The researchers showed how a companion tool called VideoJak can be used to tamper with video surveillance feeds in museums and other high-security settings. As several hundred conference attendees looked on, they displayed a live feed of a water bottle that was supposed to be a stand in for a precious diamond egg. When someone tried to touch the bottle, the video caught the action in real time. Then they fired up VideoJak. When the bottle was touched again, the video, which presumably would be piped to a security guard, continued to show the bottle was safe and sound. “We used UCSniff to actually capture valid stream for 20 seconds and then we played it against the security guy receiving the traffic,” the director of Sipera’s Viper Labs said in an interview afterward. “So he saw the room was just sitting there unmolested while the person was actually taking the diamond egg.” A separate demo showed a live teleconference that was being secretly intercepted so the video feeds of both participants could be logged in real time. Both attacks convert the intercepted feeds to a raw H.264 video file and from there to a simple AVI file.
Source: http://www.theregister.co.uk/2009/08/01/video_feed_hacking/

U.S. weighs risks of civilian harm in cyberwarfare. Fears of collateral damage are at the heart of the debate as the Presidential Administration and its Pentagon leadership struggle to develop rules and tactics for carrying out attacks in cyberspace. While the former Administration seriously studied computer-network attacks, the current Administration is the first to elevate cybersecurity — both defending American computer networks and attacking those of adversaries — to the level of a White House director, whose appointment is expected in coming weeks. But senior White House officials remain so concerned about the risks of unintended harm to civilians and damage to civilian infrastructure in an attack on computer networks that they decline any official comment on the topic. And senior Defense Department officials and military officers directly involved in planning for the Pentagon’s new “cybercommand” acknowledge that the risk of collateral damage is one of their chief concerns. “We are deeply concerned about the second- and third-order effects of certain types of computer network operations, as well as about laws of war that require attacks be proportional to the threat,” said one senior officer.
Source: http://news.cnet.com/U.S.-weighs-risks-of-civilian-harm-in-cyberwarfare/2100-7348_3-6249945.html

Apple releases a security patch for the iPhone. An Apple fix on July 31 could keep a hacker away from a user’s iPhone. Apple has released a software fix for a serious vulnerability in the iPhone, a day after two prominent computer-security researchers demonstrated at a top industry conference, Black Hat, that they could wreak havoc on the devices with a simple SMS message. The test attack they created takes advantage of a flaw in the way the iPhone handles text messages. During their demonstration, the researchers showed that a hacker could gain complete control over all iPhone functions, including making calls, visiting Web sites, accessing personal information on devices, and turning on its camera and microphone. Crucially, attackers could also use the device to send more malicious messages, potentially causing a “mass-gadget hijacking,” as Forbes put it on July 28. “Someone could pretty quickly take over every iPhone in the world with this,” one of the researchers told Forbes, the first to report the flaws. The researchers said they notified Apple of the problem more than a month before their presentation at Black Hat. The company had yet to release the patch, so they decided to publicize their discovery in an effort to push Apple to act. An outcry that followed the Forbes story and the researchers’ presentation seems to have done just that. “This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone,” Apple said in an e-mailed statement. To reassure concerned customers, Apple also tried to correct erroneous reports that malicious attackers had actually struck, stressing that no such episodes had occurred.
Source: http://gadgetwise.blogs.nytimes.com/2009/07/31/apple-releases-a-security-patch-for-the-iphone/

Man accused of hacking CTA radio. A 20-year-old man was charged with endangering people’s safety by interfering with Chicago Transit Authority (CTA) radio transmissions. The CTA says the radio hacker posed a threat to trains, buses, and riders. The Federal Bureau of Investigation (FBI) says the man bought a commercially available radio a year ago and programmed it to transmit and receive CTA frequencies. Initially, investigators say he began with prank calls. “It escalated to the point where he began issuing orders to train operators and bus operators,” said an FBI spokesman. It is alleged that at one point he gave orders that allowed a Blue Line train operator to bypass a red light. Another time, the FBI says he reversed previously given orders to a Green Line operator and told him he did not have to stand at the station. The CTA says early on its control center employees began to recognize his voice and eventually recorded his calls and blocked most of them from reaching train and bus operators. The CTA says he made more than 300 radio calls on CTA frequencies, most during the past month and half. Technology experts say his ‘playing around’ was not easy to do. While buying a radio and listening to frequencies is not against the law, hacking into a radio system takes some time and luck. “Even most secure systems could eventually be broken into,” said a professor from the Illinois Institute of Technology.
Source: http://abclocal.go.com/wls/story?section=news/local&id=6945913

Pneumonia vaccine may help limit swine flu deaths. In years past, the nation’s attempts to prevent flu-related deaths have focused on limiting transmission of the virus through widespread vaccination programs. This year, with school starting up well before a vaccine for the pandemic H1N1 influenza virus will be available, there will be little that can slow the spread of the virus for the next few months. However, public health authorities say most of the serious consequences linked to the virus are the result of pneumonia, and an underused vaccine called Pneumovax can prevent, or at least limit, such complications in many patients. The vaccine, made by Merck & Co., stimulates the body’s ability to neutralize the bacteria responsible for many cases of pneumonia, and it has the potential to prevent an estimated one-third of pneumonia deaths linked to swine flu.
Source: http://www.latimes.com/features/health/la-sci-pneumonia4-2009aug04,0,6872284.story

U.S. revises swine flu strategy. The Presidential Administration is finalizing guidelines that would scale back when the federal government recommends closing schools in response to the swine flu pandemic, several people involved in the deliberations said Monday. Such guidance would mark a change in the government’s approach from this spring, when health officials suggested that schools shut down at the first sign of the H1N1 virus. They later relaxed that advice. This fall, federal authorities would recommend closures only under “extenuating circumstances,” such as if a campus has many children with underlying medical conditions, a senior U.S. health official involved in the talks said. The official added that discussions are continuing that and no final decision has been made. Schools also might be advised to close if many students or staff members are already sick or otherwise absent, officials said.
Source: http://www.msnbc.msn.com/id/32277813/ns/health-more_health_news//

Marines ban Twitter, Myspace, Facebook. The U.S. Marine Corps has banned Twitter, Facebook, MySpace and other social media sites from its networks, effective immediately. “These internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries,” reads a Marine Corps order, issued on August 3. “The very nature of SNS [social network sites] creates a larger attack and exploitation window, exposes unnecessary information to adversaries and provides an easy conduit for information leakage that puts OPSEC [operational security], COMSEC [communications security], [and] personnel… at an elevated risk of compromise.” The Marines’ ban will last a year. It was drawn up in response to a late July warning from U.S. Strategic Command, which told the rest of the military it was considering a Defense Department-wide ban on the Web 2.0 sites, due to network security concerns. Scams, worms, and Trojans often spread unchecked throughout social media sites, passed along from one online friend to the next. “The mechanisms for social networking were never designed for security and filtering. They make it way too easy for people with bad intentions to push malicious code to unsuspecting users,” a Stratcom source told Danger Room. Yet many within the Pentagon’s highest ranks find value in the Web 2.0 tools. The Chairman of the Joint Chiefs of Staff has 4,000 followers on Twitter. The Department of Defense is getting ready to unveil a new home page, packed with social media tools. The Army recently ordered all U.S. bases to provide access to Facebook. Top generals now blog from the battlefield.
Source: http://www.wired.com/dangerroom/2009/08/marines-ban-twitter-myspace-facebook/

Names of juveniles in Charles City pop bomb case released. The names of the two juveniles arrested in connection with the discovery of a series of pop bottle bombs in Charles City have been released. The 14 and 15-year old suspects, both of Charles City, were charged in Floyd County Juvenile Court Monday morning with possession of explosive or incendiary materials or devices. Ten pop bottle bombs were discovered on the grounds of Washington Elementary School during the past two weeks. Two were discovered July 20, seven were found July 26 and another was placed the evening of July 28 and found July 29. Four of the pop bottles had exploded, according to authorities. When the devices explode, acid or other chemicals can spray out. The bombs were made with common kitchen products containing acid.
Source: http://www.globegazette.com/articles/2009/08/03/news/latest/doc4a772f63c6d86482424112.txt

Apple sneaks out data leakage patch. Apple has released an upgrade for its GarageBand audio editing application that includes a security patch not mentioned in the update announcement. According to Apple’s support web site, GarageBand 5.1 “addresses general compatibility issues, improves overall stability, and fixes a number of other minor issues”. But a security advisory reveals that the update includes a fix for a security flaw in GarageBand that allows Safari browser users’ web activity to be tracked by third parties and advertisers. The advisory says that when GarageBand is opened, Safari’s preferences are changed to always accept cookies. The default preference is to accept cookies only for the sites being visited. Apple warns that the altered setting may allow third parties and advertisers to track a user’s web activity.
Source: http://www.computerweekly.com/Articles/2009/08/04/237166/apple-sneaks-out-data-leakage-patch.htm

AES encryption not as tough as you think. Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought. In a soon-to-be-published paper, five researchers show that the 256-bit version of AES is susceptible to several so-called related-key attacks that significantly diminish the amount of time it takes to guess a key. One technique against the 11-round version of the cipher can be completed in 270 operations; an improvement that a cryptographer says was strong enough to be “almost practical.” Another attack uses only two related keys to crack the complete key of a nine-round version in 239 time, a vast improvement over the 2120 time of the best previous attack. A third attack breaks a 10-round version in 245 time. Like previous attacks on AES, the latest techniques are still wildly impractical, cryptographers say. But because most of the world depends on the encryption standard to keep sensitive records and communications secure from outsiders, the findings are nonetheless significant. AES is also the foundation of several candidates for a new cryptographic hashing algorithm called SHA-3 that will be adopted by the U.S. National Institute of Standards and Technology. “When you’re trying to build a system with a long life span, you want to have ciphers that are very conservative, so if there is a new attack that comes along, you have a long safety margin,” says the president and chief scientist at Cryptography Research, a San Francisco-based consultancy. “If you’re trying to design a system that will be in the field for 30 years, you start worrying about stuff like this.”
Source: http://www.theregister.co.uk/2009/08/03/new_crypto_attack/

Twitter starts filtering links to malware sites. Micro-blogging site Twitter has begun filtering links to known malware sites. The tactic, noticed by security researchers on August 3 but yet to be officially announced by Twitter, is designed to prevent surfers straying onto sites packed with dangerous exploits. Adoption of the approach follows the increased targeting of Twitter by worms, spam and account hijacking attacks over recent weeks. The widespread use of URL shortening in Twitter messages (which can be no longer than 140 characters) makes it easy to hide the true destination of links. A blog posting by an individual of F-Secure explains how surfers are served up a warning message when they attempt to follow a link from Twitter towards a known bad site. A security researcher at Kaspersky Lab adds that Twitter appears to be using Google’s Safe Browsing API. “It won’t catch everything but is definitively a step forward,” he adds.
Source: http://www.theregister.co.uk/2009/08/03/twitter_applies_malware_filter/

Homeland Security Chief: Flu will get jump on vaccine. The Homeland Security Secretary said Tuesday that pandemic flu probably will flare up soon after schools open in the fall, before vaccine is available. The Secretary also acknowledged that there would not be enough pandemic flu vaccine for everyone, at least in the early stages of the flu season. “There will be prioritization of vaccinations,” she told members of the USA TODAY editorial board. The flu strain causing the pandemic, a new H1N1 virus also known as swine flu, is especially dangerous because it differs from every other known flu virus. As a result, most people are defenseless against it. That makes a vaccine the keystone of any effort to prevent illness and save lives. The first batches of the vaccine are due in mid-October. The Secretary said this year’s flu season probably will be severe but not as severe as the 1918 pandemic, the world’s worst. In 1918, flu killed at least 675,000 people in the United States and up to 50 million worldwide. She said that it is more likely that the pandemic would mirror 1957, when flu killed about 70,000 people in the United States and 1 million to 2 million people worldwide, according to the Centers for Disease Control and Prevention. Last week, a panel of experts advised the CDC that the first vaccinations should go to pregnant women; parents and contacts of children younger than 6 months; health care workers; all children and young adults; and all non-elderly adults with chronic medical conditions. The government recommends vaccinations for seasonal and swine flu.
Source: http://www.usatoday.com/news/health/2009-08-04-swinefluoutbreak-pandemic_N.htm

Mozilla shuts Firefox e-store after security breach. Mozilla shuttered its online store on August 4 after finding out that the firm it hired to run the backend operations of the company’s e-tailing business had suffered a security breach. It was unclear whether the vendor, St. Louis-based GatewayCDI, which bills itself as a “promotional products distributor and incentive company,” notified Mozilla or whether the browser maker found out about the breach some other way. “On August 4, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach,” Mozilla said in a warning on its Web site. “Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised.” Mozilla also took the international edition of its e-store offline as a precaution, although that effort is maintained by a separate partner. On August 5, both stores displayed messages that they were “closed for maintenance;” neither message, however, spelled out the reason. Mozilla’s announcement did not detail the extent of the breach, what information hackers might have accessed or stolen, or how the breach happened. GatewayCDI was not available late Tuesday, and there was no notice on its site that it had sustained a breach. “Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised,” said Mozilla. “GatewayCDI is currently investigating their systems and determining the cause and extent of the breach.”
Source: http://www.computerworld.com/s/article/9136264/Mozilla_shuts_Firefox_e_store_after_security_breac h?taxonomyId=88

Scareware package mimics Windows Blue Screen of Death. Miscreants have developed a scareware package that mimics Windows’ infamous Blue Screen of Death. Prospective marks are presented with a seemingly crashed system, along with a text warning that they need to buy “security software” to clean up their systems. But the SystemSecurity rogue package on offer has no utility other than scamming people out of their money. Variants of SystemSecurity have been around since at least February 2009. However, the Blue Screen of Death trick is a new social engineering innovation, only spotted in variants of the attack last week by anti-spyware firm Sunbelt Software. SystemSecurity usually makes its way onto compromised Windows PCs via fake video codec installations. Users normally install the bogus code (actually a Trojan horse malware) after following links in spam emails ostensibly inviting them to view video clips.
Source: http://www.theregister.co.uk/2009/08/04/bsod_scareware/

12 viruses, per computer, per hour. Network Box, a security firm, announced that email viruses have increased by about 300 percent in the last three months alone, with reports showing that in July of this year the number of virus threats on the Internet peaked at about 12 viruses per customer every hour, the highest it has been in 2009. The largest source of Internet threats is the United States which is responsible for 16.59 percent, closely followed by Brazil at 14.11percent and Korea at 6.2 percent. India has shown a large increase in virus threats at 5.2 percent. An Internet security analyst with Network Box says that due to the large amount of middle class citizens in India who now have computers without a clear regulation system, there are many illegal copies of operating systems without updates that occur automatically, thus once they become infected they start to spread malware continuously without concern. The United States still tops the list of security threats, but it should be noted that the percentage is down from 21 percent in June while also reducing the amount of spam spread from the country to 10.2 percent from 11.2 percent. The bright news on the horizon may also be that malware writers are not creating new malware in the last several months, according to Symantec MessageLabs’ latest intelligence report. However, even this is tainted with the news from Symantec that spammers are becoming much more active with the use of multi-lingual messages.
Source: http://www.securitywatch.co.uk/2009/08/04/12-viruses-per-computer-per-hour/

Virus arms race primes malware numbers surge. Half (52 percent) of new malware strains only stick around for 24 hours or less. The prevalence of short lived variants reflects a tactic by miscreants aimed at overloading security firms so that more damaging strains of malware remain undetected for longer, according to a study by Panda Security. The security firm, based in Bilbao, Spain, detects an average of 37,000 new viruses, worms, Trojans and other security threats per day. Around an average of 19,240 spread and try to infect users for just 24 hours, after which they become inactive as they are replaced by other, new variants. Virus writers — increasingly motivated by profit — try to ensure their creations go unnoticed by users and stay under the radar of firms. It has now become common practice for VXers to review detection rates and modify viral code after 24 hours. The practice goes towards explaining the growing malware production rate. The amount of catalogued malware by Panda was 18 million in the 20 years from the firm’s foundation until the end of 2008. This figure increased 60 percent in just seven months to reach 30 million by 31 July 2009.
Source: http://www.theregister.co.uk/2009/08/13/malware_arms_race/

WordPress bug resets admin password. Developers of the widely used WordPress blogging software have released an update that fixes a vulnerability that let attackers reset the administrator password. The bug in version 2.8.3 is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required, according to this alert published on the Full-Disclosure mailing list. The flaw lurks in some of the PHP code that fails to properly scrutinize user input when the password reset feature is invoked. According to WordPress documentation here, the bug has been fixed by changing a single line of code so the program checks to make sure the input supplied for the new password is not an array. If it is, the user gets an error message and must try again. After this article was first published, version 2.8.4 was released. That would appear to be the end of it, but two security researchers wonder aloud here whether it would have made more sense to check instead whether the input is a string. After this article was first published, WordPress documentation showed the suggestion from security researchers was being formally adopted.
Source: http://www.theregister.co.uk/2009/08/12/wordpress_password_reset_bug/

CA auto-immune update trashes systems. A beserker update to CA eTrust anti-virus software created confusion on August 12. The 33.3.7051 update labeled a large number of binaries (.DLL and .exe files) — including some components of eTrust itself — as infected with something called StdWin32. These files were sent off to quarantine, resulting in disabled systems that may be far from easy to recover. Users are strongly advised to block the update. Temporarily disabling on-access scanning, normally a bad idea, might also be worth considering. Several Register readers have informed us of the problem. “CA have got it so wrong with this update that the Anti-Virus is even renaming core elements of its own program directory, to be honest E-Trust could be deemed a virus in itself,” one
correspondent notes. CA issue a statement on August 12 explaining that the glitch was
due to an engine overhaul that had obviously gone wrong, it said that it has developed a
remediation tool.
Source: http://www.theregister.co.uk/2009/08/12/ca_auto_immune_update/

It's back, folks. Sorry it's been gone for so long, but I thought with the increased chatter.......

From the Energy Sector:
Boston mayor wants to block Yemeni tankers from Boston Harbor. The mayor of Boston says it is unsafe to allow tankers delivering liquefied natural gas from Yemen into Boston Harbor; “They cannot be coming into a harbor like Boston, where there is less than 50 feet between the tankers and residential areas,’ the mayor says of Yemeni tankers. The mayor said on December 31 that he will ask Boston’s lawyers to see whether the city can block Yemeni tankers from delivering liquefied natural gas into Boston Harbor, calling such deliveries “wrong.’’ The mayor and several other public officials said they would press for the tankers’ cargo — destined for an LNG terminal in Everett as soon as next month — instead to be unloaded away from the city, in light of the failed Christmas Day attempt by a Nigerian man, who trained in Yemen, to blow up a U.S. airliner over Detroit. The Globe reported last week that shipments of liquefied natural gas from Yemen are scheduled to arrive for the first time in Boston as early as February. Coast Guard officials are reviewing the plan and said they have not yet decided whether the shipments will be allowed to enter the harbor and dock at the LNG terminal in Everett. “Their paramount concern is the safety and security of the Port of Boston,” a Coast Guard spokesman said.
Source: http://homelandsecuritynewswire.com/boston-mayor-wants-block-yemeni-tankers-boston-harbor?page=0,0

Device could aid in radiation detection. Engineers at the Y-12 National Security Complex in Tennessee have developed a system that makes a small quantity of highly enriched uranium appear to radiation detectors as a larger cache of fissile material, a development that could aid in testing the scanning machines, the Knoxville News Sentinel reported. A sphere that combines aluminum with 1.6 ounces of highly enriched uranium emits gamma rays like those of a 5.5-pound supply of bomb-grade uranium, said the head of the Y-12 site’s nuclear technology and nonproliferation program. Ultimately, the device could help test radiation detectors at U.S. ports and border crossings without the same amount of security and administrative oversight required to transport larger amounts of weapon-grade uranium between test sites. “It doesn’t offer the same target that a real 2 1/2 kilograms of material would,” said the Y-12 General Manager. “What they’re looking for is to make sure that if something were to come into the country that we could detect it,” he added. The site’s Highly Enriched Uranium Equivalent Test Sphere Project has only produced a single prototype sphere to date, but additional devices are slated to be built.
Source: http://www.globalsecuritynewswire.org/gsn/nw_20100106_1938.php

MSP’s Lindbergh terminal reopens after ‘false alarm’ bomb scare. A battered pink bag used by workers in baggage claim sparked a security scare at the Minneapolis-St. Paul International Airport on Tuesday. There was a 90-minute evacuation of parts of the Lindbergh Terminal. A bomb-sniffing dog reacted as though something suspicious was on the bag, which is used to mark the end of a line of luggage from a flight, at carousel No. 12, which is used by Continental and Frontier airlines. About half of the airport’s baggage-claim area was closed off, as were ticketing areas above, starting at about 2 p.m. A portion of the roadway closest to those areas was also shut down, creating a traffic back-up into the airport. The areas were re-opened at around 3:30 p.m. after members of the Bloomington Police Department’s bomb squad determined it was a false alarm.
Source: http://www.startribune.com/lifestyle/travel/80731457.html?elr=KArks:DCiUBcy7hUiD3aPc:_Yyc:aUHD YaGEP7eyckcUX

Newark airport’s security cameras not recording during Sunday breach. Cameras that might have shown the man who walked through security Sunday at Newark, New Jersey, Liberty International Airport were not recording during the incident, a federal official said Tuesday. A Transportation Security Administration (TSA) spokeswoman said TSA-funded and Port Authority-installed and -operated cameras were running but not recording at the time of the security breach on Sunday evening, which led officials to shut Terminal C for hours and rescreen thousands of passengers. She said TSA investigators instead scrutinized security tapes recorded by Continental Airlines’ cameras in an unsuccessful attempt to identify the individual. She said Continental and TSA/Port Authority have separate sets of cameras at the terminal, but she would not say how many or how long those operated by the Port Authority had not been recording.
Source: http://edition.cnn.com/2010/TRAVEL/01/06/new.jersey.security.breach/

TSA workers caught using drugs. The Transportation Security Administration faces allegations that its employees at Los Angeles International Airport were caught on tape using drugs, CBS affiliate KCAL reports. The investigation began late last year when a TSA agent was arrested for allegedly counterfeiting parking passes at the employee parking lot. In his house, police found a videotape. On it was an after hours party where other TSA agents were allegedly using drugs. TSA sources say the tape was turned over to investigators. Each employee identified was ordered to take a drug test. TSA will not say how many, but each one who failed was fired, according to news reports. The Federal Security Director at LAX says, “We don’t tolerate drugs. We don’t tolerate narcotics.” He would not talk specifics, but said the agency has random drug testing, and claims the employees would have been caught even without the video. None of the employees was charged with any crimes. Even the TSA agent caught counterfeiting parking passes was not prosecuted because no one he sold to would come forward.
Source: http://www.cbsnews.com/stories/2010/01/06/national/main6061326.shtml

Dutch probe: Airline bombing suspect likely had explosives on him before reaching Amsterdam. Dutch investigators said Tuesday they found no evidence that a Nigerian suspected of trying to blow up a U.S.-bound airliner contacted accomplices at Amsterdam’s airport, and that he already had the explosives on him when he arrived on a connecting flight. The suspect flew to Schiphol Airport from Lagos, Nigeria, before boarding a Northwest Airlines flight to Detroit on Christmas Day. He allegedly tried to blow up the plane by injecting chemicals into a package of pentrite explosive concealed in his underwear. Investigators checking more than 200 hours of security camera footage from Schiphol’s shopping mall in the transfer area and departure gate say he underwent a security interview and check and did nothing unusual in his three-hour stopover. Earlier, authorities said the suspect went through a routine baggage check and scan by a metal detector before boarding. “Investigations so far have uncovered no indication that the suspect contacted possible accomplices at Schiphol, left the transfer area or behaved suspiciously,” the National Prosecutor’s Office said. As well as studying video footage, investigators have seized the airline seat the suspect occupied from Lagos to Amsterdam and sent it for forensic tests to check for traces of explosives. They also are interviewing passengers and crew on the Lagos-Amsterdam flight and ground staff ranging from security officers to check-in staff and cleaners at Schiphol.
Source: http://www.kfsm.com/news/nationworld/sns-ap-eu-netherlands-airline-attack,0,1177887.story

Dutch probe: Airline bombing suspect likely had explosives on him before reaching Amsterdam. Dutch investigators said Tuesday they found no evidence that a Nigerian suspected of trying to blow up a U.S.-bound airliner contacted accomplices at Amsterdam’s airport, and that he already had the explosives on him when he arrived on a connecting flight. The suspect flew to Schiphol Airport from Lagos, Nigeria, before boarding a Northwest Airlines flight to Detroit on Christmas Day. He allegedly tried to blow up the plane by injecting chemicals into a package of pentrite explosive concealed in his underwear. Investigators checking more than 200 hours of security camera footage from Schiphol’s shopping mall in the transfer area and departure gate say he underwent a security interview and check and did nothing unusual in his three-hour stopover. Earlier, authorities said the suspect went through a routine baggage check and scan by a metal detector before boarding. “Investigations so far have uncovered no indication that the suspect contacted possible accomplices at Schiphol, left the transfer area or behaved suspiciously,” the National Prosecutor’s Office said. As well as studying video footage, investigators have seized the airline seat the suspect occupied from Lagos to Amsterdam and sent it for forensic tests to check for traces of explosives. They also are interviewing passengers and crew on the Lagos-Amsterdam flight and ground staff ranging from security officers to check-in staff and cleaners at Schiphol.
Source: http://www.kfsm.com/news/nationworld/sns-ap-eu-netherlands-airline-attack,0,1177887.story
Rise up Patriots, We can all contribute in some way to expose terrorism, and the fatalities if we fail!

Fifth letter containing suspicious substance found at UC Irvine. Another envelope containing a suspicious substance was discovered at UC Irvine on January 6, the fifth such letter found on campus this week. In the latest case, an assistant to an associate professor of arts felt something granular in an envelope she was about to open and notified authorities. Like all the suspicious envelopes discovered since Monday at UC Irvine, it had an Idaho postmark. Campus officials said they have taken steps to scrutinize incoming mail and sent out warnings to not open unexpected letters from Idaho. Tests on the substances in the previous letters, which included the message “black death,” found them to be harmless. Nevertheless, today’s incident was handled like the others — by an Orange County Fire Authority hazardous materials team. All five letters were sent to faculty members in a variety of departments. Aside from that, a pattern as to who is being targeted has yet to emerge, said a university spokeswoman. “At first the only pattern was that they were all women,” she said. “This latest one” — sent to a male associate professor of arts — “breaks that pattern.”
Source: http://latimesblogs.latimes.com/lanow/2010/01/5th-letter-containing-suspicious-powder-found-at-uci.html

Man, bag results in incident at airport. Administration officials are investigating an incident at Philadelphia International Airport, in which a plane had to turn back to the terminal. Officials say a Somilian national, who had cleared security, was waiting in line to board the plane when he asked someone to watch his carryon bag. Other passengers became suspicious and asked security officials to search the man. While officials found nothing in the bag, the man was taken into custody by federal authorities for immigration issues and did not board the plane. After the plane was taxiing towards the runway, other passengers were concerned about the man’s luggage being on the plane. The plane turned back and passengers were evacuated. The man’s bags were checked and nothing was found.
Source: http://abclocal.go.com/wpvi/story?section=resources/traffic&id=7206934

Western intel warns Gulf states of Qaeda attacks: report. Western intelligence has warned energy-rich Gulf states that Al-Qaeda is on the verge of launching attacks mainly on ships after regrouping in the past few months, the Al-Qabas daily reported Thursday. Citing unnamed Kuwaiti security sources, the daily said that Al-Qaeda has trained operatives in the region to carry out attacks on war, commercial, and passenger vessels in the Gulf and Arabian Sea. Western intelligence has urged Gulf states to boost security measures to provide protection for ships, especially oil and gas tankers, the Kuwaiti security sources said. The Al-Qaeda network has been able to regroup over the past few months, taking advantage of deteriorating security in Somalia and Yemen, and has successfully established command and control bases in the two countries, the sources said. They added that Qaeda operatives in Somalia have in recent weeks captured advanced weapons from government forces and transferred them to their counterparts in Yemen.
Source: http://www.google.com/hostednews/afp/article/ALeqM5giFz8SbH7-rzSAV_Y-Pjby-wwYfw

Goodbye kiss provoked Newark airport scare: report. The security scare that shut Newark Liberty International Airport for hours and delayed thousands of passengers was caused by a man who slipped into a secure area to give a woman one last goodbye kiss, a newspaper reported on Thursday. A videotape of the Newark incident shows the man embracing a woman at the C-1 security checkpoint before she passes through passenger screening, the Star-Ledger newspaper of New Jersey said, citing unnamed security officials who have viewed the tape. The man, who was not a passenger, walks past a spot where a Transportation Security Administration (TSA) officer should have been stationed to move closer to the woman, the paper said. The woman holds up a rope meant to keep unscreened people out of the secure area so that the man can pass underneath, and they walk hand-in-hand toward the boarding area before disappearing from view, the paper reported. The man left the airport and has not been identified. The TSA officer who was working that area has been placed on administrative leave. A U.S. Senator from New Jersey is attempting to make the video public, a spokesman for the Senator said. “After viewing video of the security breach, I am even more outraged by the lapse that occurred,” the Senator told the Star-Ledger.
Source: http://www.reuters.com/article/idUSTRE6063J820100107

Group: Internet posts indicate threat to Navy in Persian Gulf. Messages posted recently by prominent contributors to jihadist Web sites are seeking specific information on U.S. military targets in hopes of carrying out an attack on Navy ships in the Persian Gulf, according to the Washington, D.C.-based Middle East Media Research Institute (MEMRI). One post on the jihadi forum Al-Falluja calls for information such as the “name of the particular naval unit to be targeted, its exact location, the number of troops on board the warship and their ranks, familial status, where their families live, the type of weapons the warship carries…and the number of nuclear bombs onboard,” reads a report compiled by MEMRI. “The postings that have come out recently are from al-Qaida in the Arabian Peninsula…from some of their leaders and some of the main people and…head moderators,” MEMRI’s executive director said. The Naval Criminal Investigative Service warned U.S. Naval Forces Central Command/5th Fleet of the threats on December 31, said a Navy spokesman. Citing security reasons, he declined to say whether the Navy changed any force-protection measures or policies or tactics as a result of the threats. It was the specificity and the call for personal familial information that led NCIS to caution 5th Fleet, a Navy official said. A December 30 Al-Falluja post called for a gathering of intelligence on U.S. Navy targets. Included on the post were diagrams and a dated picture of the USS Enterprise aircraft carrier. The photos, however, are from open-source Web sites, said MEMRI’s executive director, and easily attainable. “Anyone who thinks our enemies don’t monitor what our sailors, families and commands are doing via the Internet and social media had better open their eyes,” wrote a master chief petty officer in a message posted Wednesday on the Navy’s Web site. “These sites are great for networking, getting the word out and talking about some of our most important family readiness issues, but our sailors and their loved ones have to be careful with what they say and what they reveal about themselves, their families or their commands.”
Source: http://www.stripes.com/article.asp?section=104&article=67112

Fake Secret Service agent arrested. Federal authorities have arrested and charged a man for entering U.S. Health and Human Services headquarters by posing as a U.S. Secret Service agent — with false credentials and a badge — who needed to meet with the Health Secretary. The U.S. Attorney’s Office says the 46-year-old suspect was arrested Tuesday, January 5. Documents filed in U.S. District Court say somebody recognized him from photos circulated at HHS as a warning that he was barred from the building. It was unclear why the individual was not allowed at the HHS offices.
Source: http://www.denverpost.com/headlines/ci_14145707

Fighter jets scrambled again because of unruly airline passenger. In the second such incident in three days, fighter jets escorted a diverted commercial flight on Friday after an unruly passenger caused alarm onboard. The military sent up two F-16s in response to reports of an unruly passenger aboard AirTran Flight 39, the North American Aerospace Defense Command said in a statement. The passenger had become belligerent and refused to leave the restroom, an airline spokesman told CNN on Friday. The passenger appeared to be intoxicated, he said. NORAD dispatched the fighters at 1:44 p.m. ET, escorting the aircraft to a safe emergency landing in Colorado Springs, Colorado, officials said. The passenger was detained there and FBI agents from Denver, Colorado, were called to question passengers.
Source: http://www.wibw.com/nationalnews/headlines/81069172.html

White House calls for IT boost to fight terrorism. The White House report on the failed bombing attempt of a U.S airliner on Christmas Day highlights the challenges U.S intelligence agencies face in correlating terrorism-related information gathered from multiple databases and sources. The review, released on January 7, identified an overall failure by intelligence agencies to “connect the dots,” despite having enough information at their disposal to have potentially disrupted the botched attack. The problem, according to the report, was not a lack of information sharing between government agencies but a failure by the intelligence community to “identity, correlate and fuse into a coherent story all of the discrete pieces of intelligence held by the U.S. government.” In listing the various causes for this failure, the report noted that information technology within the counter-terrorism community “did not sufficiently enable the correlation of data that would have enabled analysts to highlight the relevant threat information.”
Source: http://www.computerworld.com/s/article/9143517/White_House_calls_for_IT_boost_to_fight_terrorism

Sick passenger on “Do Not Board” list flies out of Philly. An investigation has been launched to find out why a man with an extremely contagious disease was allowed to fly out of Philadelphia International Airport. The man, who is infected with Tuberculosis, boarded US Airways flight 401 bound for San Francisco around 6 p.m. Saturday, Centers for Disease Control (CDC) officials said. He made it onto the flight even after being added to a “Do Not Board” list provided to the TSA and airlines from the CDC, officials confirmed. The agency adds people afflicted with dangerous, contagious diseases to the list to prevent the spread of infection in the controlled air environment of an airplane. That information is then relayed to the TSA who in turn notifies the airlines. Sources say officials realized the man was not fit to travel while he was on the plane and that he was quickly quarantined upon arrival in San Francisco. US Airways is notifying passengers who were on the flight, sources said. CDC officials believe the risk to passengers is low due to the length of the flight. A US Airways spokesperson says the airline is working with the TSA and CDC to figure out where the fault in the “Do Not Board” system occurred.
Source: http://www.msnbc.msn.com/id/34815230/ns/local_news-philadelphia_pa/

4 students arrested, charged for making ‘terroristic’ threats. Four high school students were arrested and charged Monday, after making terroristic threats against their school on Facebook, police said. According to investigators, the teens — all students at Belleville High School — talked about blowing up or setting fire to the school on the social media website. The alleged threats were found by a fellow student who immediately alerted school officials. The school was evacuated around 11:30 a.m. and students were sent home by the superintendent after police were notified, authorities said. A search of the school conducted by the Essex County Sherriff’s Office Bomb Squad turned up nothing unusual. Of the students arrested were two 16-year-old females, one 17-year-old female and a 17-year-old male. The suspects were not identified because of their ages, police said. All four students are being charged with causing a false public alarm, making terroristic threats and conspiracy.
Source: http://www.wpix.com/news/local/wpix-teens-charged-for-threats,0,4487930.story

ELF member pleads guilty to placing bomb in Pasadena condo project. A man who admitted being a member of the radical environmental group Earth Liberation Front— or ELF, as it’s known — pleaded guilty in federal court today to placing a gasoline-filled bomb in a Pasadena condominium project that was under construction in 2006, authorities said. The 44- year-old man pleaded guilty in U.S. District Court in Los Angeles to one count of conspiracy to commit arson. The man placed the bomb in the Vista del Arroyo Bungalows project, which was being built directly under the Colorado Bridge in Pasadena, federal prosecutors said. He lighted the device and then fled the scene; but the timer failed, so it did not ignite. The crime remained unsolved until 2009 when investigators matched DNA extracted from the incendiary device to a sample of his DNA in a law enforcement database. He is scheduled to be sentenced April 5 and faces a maximum of five years in federal prison, the U.S. attorney’s office said.
Source: http://latimesblogs.latimes.com/lanow/2010/01/elf-member-pleads-guilty-to-placing-bomb-in-pasadena-condo-project.html

Pipe bomb shuts Red Bluff River Park. Members of the Shasta County bomb squad destroyed a pipe bomb early Saturday afternoon on Willow Street. Police received reports of a pipe bomb lying in the street between Hal’s Eat ‘Em Up and Tom’s Glass and Muffler Center around 8 a.m. and quickly moved to seal off the block. At one point, traffic on main street was halted as the Shasta County Bomb Squad’s robot was used to move the pipe to Red Bluff River Park at the end of Willow Street. Hal’s was closed temporarily as a precaution. The bomb itself was a black plastic pipe about six inches in length, sealed on both ends, and with an unlit fuse sticking out. It was destroyed shortly after noon when officers, using the robot, moved it to the edge of Red Bluff River Park and shot it with a clay, 12-gauge bullet, Shasta County sheriff’s officer said. The bomb did not ignite when shot, but had been concealing a black powder, the officer said. Police did not have any suspects or leads as of Saturday afternoon.
Source: http://www.redbluffdailynews.com/news/ci_14165485

4 men removed from plane at Metro Airport. Reports of unusual behavior on board a Northwest Airlines plane from Amsterdam to Detroit caused a brief incident at Detroit Metro Airport. A Metro Airport spokesman said the crew on board Flight 243 requested that authorities meet the plane when it landed. The crew says four passengers did not comply with instructions. Once the plane landed, it remained on the tarmac for about 15 minutes while authorities removed four men from the plane. The rest of the passengers were taxied to the terminal where they were allowed to get off the plane. The spokesman says the incident was not a serious threat. The plane had 245 passengers and 12 flight attendants on board.
Source: http://www.wxyz.com/mostpopular/story/4-Men-Removed-from-Plane-at-Metro-Airport/yobO6bCvc0KRcUTp9wAePg.cspx

Suspect in Northwest Airlines bomb plot had round-trip ticket. The alleged Christmas Day airline bomber had purchased a round-trip ticket — not a one- way fare, as has been widely reported — the presidential administration told congressional aides in a closed briefing Tuesday. According to a person who attended the meeting, the administration also said it was not unusual for international air travelers to buy their tickets using cash, as the suspect had done. Up to 20 percent of overseas flights are cash transactions, Department of Homeland Security officials told House and Senate aides. The man has been charged with smuggling explosives, concealed in his underwear, aboard a Northwest Airlines flight from Amsterdam to Detroit. The device failed to detonate but caused a fire that injured the Nigerian-born suspect.
Source: http://www.latimes.com/news/nation-and-world/la-na-terror-ticket13-2010jan13,0,1686825.story

TSA: Security fails to spot gun at Mont. airport. Officials say security screeners at a Bozeman-area airport failed to spot a gun in a passenger’s luggage last month, but the man turned himself in when he realized his error. A Transportation Security Administration spokesman said in a written statement Wednesday that the unidentified man became aware that he had the firearm in his carryon luggage as he was boarding December 13 at Gallatin Field. The gun was confiscated and the passenger was allowed to continue on the flight. The incident occurred nearly two weeks before the alleged Christmas Day attempt to blow up a U.S. airliner reawakened widespread concern over airline safety.
Source: http://www.seattlepi.com/national/1110ap_us_airport_security_breach.html

Lemon Bay High School student is charged in bomb threat. Authorities arrested a 17-year-old Lemon Bay High School student Wednesday in connection with a November bomb threat at the school. According to the Charlotte County Sheriff’s Office, the girl reportedly left a note in one of the bathrooms on November 20 warning “there will be a bomb at 12:09, we will all die.” It was written on toilet tissue, detectives said. The school was evacuated, while deputies went through the school and found nothing. The girl was charged with threatening to place/discharge a destructive device and disruption of an educational institution. She was booked at the Charlotte County Jail.
Source: http://www.heraldtribune.com/article/20100114/ARTICLE/1141069/-1/NEWSSITEMAP

Sens to DoD: Find extremists in ranks. A Senate committee on Wednesday urged the Defense Department to take firmer steps to combat the threat of Islamist extremism within the military’s ranks, calling the current procedures inadequate for heading off possible attacks like the shootings at Fort Hood, Texas, that left 13 people dead. The recommendations by leaders of the Homeland Security and Governmental Affairs Committee come as the Pentagon is preparing to release an internal review of the Fort Hood massacre. That review, directed by two former senior defense officials, will propose ways to improve the military’s ability to identify service members who may be a danger to others and quicken reaction times by emergency response teams. In a January 13 letter to the Defense Secretary, the committee’s top Republican and the senior Independent Senator, contend the threat of “homegrown terrorism” inspired by violent Islamic extremism is growing and the military is not exempt. As a result, the Defense Department’s existing policies for dealing with personnel that become involved in gangs and racist groups need to be expanded to cover new avenues of violence, the two Senators say. Not only will that head off future attacks, it will protect Muslim-Americans in the military from suspicion, they said.
Source: http://www.military.com/news/article/sens-to-dod-find-extremists-in-ranks.html?col=1186032310810&ESRC=topstories.RSS

Thousands of birds to be killed at Pa. airport. Officials plan to poison as many as 15,000 European starlings at University Park Airport more than three years after a commercial airline struck a flock there. The U.S. Department of Agriculture (USDA) plans to use a pesticide on the starlings to help reduce the bird-strike risk, the airport director said. On August 19, 2006, a commercial airliner ran into a flock after takeoff, suffered engine damage, and had to return to the airport. The Federal Aviation Administration’s wildlife strike database reports that the Air Wisconsin-owned Canadair jetliner, flying for US Airways, sustained “substantial” damage, the Centre Daily Times reported. A USDA spokeswoman said that the starling flock found in the area had about 15,000 to 20,000 birds, and that the department planned to kill about 90 percent of them.
Source: http://www.philly.com/philly/news/new_jersey/81649687.html

Possibility of plots prompts more checks for explosives at airports. The Department of Homeland Security moved January 14 to increase random checks for explosives at American airports after officials cited a heightened concern over possible terror plots against the aviation system. Counterterrorism officials said that recent intelligence tips had hinted at a planned attack by Qaeda operatives, but that the threat information was vague and did not specify a particular target or date. Still, after failing to anticipate the attempted Christmas Day bombing of a Northwest Airlines flight, government officials said they wanted to take every precaution. “We must remain vigilant about the continued threat we face” from Al Qaeda,” the Homeland Security Secretary said in a statement. “We are facing a determined enemy and we appreciate the patience of all Americans and visitors to our country, and the cooperation of our international partners as well as a committed airline industry.” The measures will include random checks with explosive-detection devices of passengers or baggage at locations around some American airports, not just at security checkpoints, one Homeland Security Department official said. The devices search for trace amounts of explosives as a sign that someone might be carrying a bomb. Air marshals will also more frequently board flights on certain unidentified routes, officials said. Canine teams and so-called behavior detection officers — which have been deployed in larger numbers since the December 25 episode — will continue to patrol airports, looking for suspicious activity or explosives. Three American counterterrorism officials declined the evening of January 14 to say what prompted the new travel advisory. But they suggested that they had seen an increase in tips about a possible attack from Al Qaeda in the Arabian Peninsula, the Yemen-based group that claimed credit for the failed December 25 plot.
Source: http://www.nytimes.com/2010/01/15/us/15secure.html

Cleaning crews find threatening letter on parked US Airways jet. Authorities say a cleaning crew found a threatening letter on a parked US Airways aircraft, but no explosives or other dangers were discovered. A spokesman for Fort Lauderdale-Hollywood International Airport says a member of the crew came across the note early the morning of January 11. The plane had arrived hours earlier from Charlotte, and no passengers were aboard. The spokesman said the note said something about damaging the plane, but he did not specify the exact message. Security officials used dogs to check the plane. The Transportation Security Administration says the plane was cleared and later returned to Charlotte as scheduled.
Source: http://www.usatoday.com/travel/flights/2010-01-13-us-airways-threat-note_N.htm

U.S. notes Al Qaeda Olympic threat. The U.S. government is advising American sports fans traveling to Vancouver for the 2010 Winter Olympics to watch out for Al-Qaeda and other extremists, especially on transit and in restaurants, churches and other areas outside official venues. “Al-Qaeda’s demonstrated capability to carry out sophisticated attacks against sizable structures — such as ships, large office buildings, embassies and hotels — makes it one of the greatest potential threats to the Olympics,” the U.S. State Department said in a fact sheet on the Games posted on its website. No specific credible threats have been identified, the U.S. government said. However, Americans planning to attend Olympic events or participate in large-scale public gatherings during the Winter Games should use caution and be alert to their surroundings, the advisory said. Americans are advised to be especially alert when outside Olympic venues. “As security increases in and around Olympic venues, terrorists could shift their focus to more unprotected Olympic venues, open spaces, hotels, railway and other transportation systems, churches, restaurants, and other sites not associated with the Olympics.”
Source: http://www.ctvolympics.ca/about-vancouver/news/newsid=25959.html