Thursday, November 29, 2007
Daily Report
• According to a USA Today report Wednesday, the Transportation Security Administration will take over background checks of 1.2 million aviation workers from the FAA starting in January. The move means licensed aviation workers will be checked against the FBI’s constantly-updated terror watch list, as opposed to the FAA’s impartial list. (See item 13)
• An Associated Press report Wednesday detailed steps being taken by Border Control and rescue personnel to prepare for the apprehension and rescue of illegal immigrants crossing the border often unprepared for the cold winter. In the past four years, the Border Control has recorded 27 deaths directly attributed to cold weather in its Tucson section alone. Agents carry emergency bags with blankets, rehydrants and other equipment, and specially trained search, rescue and trauma agents are ready treat hypothermia victims being transported for medical assistance. (See item 25)
26. November 28, IDG News Service – (National) Lotus Notes vulnerable to e-mail attack. A serious bug in IBM’s Lotus Notes software could be used by attackers to run unauthorized software on a victim’s PC, researchers at Core Security Technologies reported Tuesday. The flaw lies in the Autonomy KeyView software used by Lotus Notes to process Lotus 1-2-3 files. Core’s researchers found that when they opened a specially crafted Lotus 1-2-3 e-mail attachment in Lotus Notes, they could run unauthorized software on the PC. Although details of the flaw have not been published, and it has not been picked up by online criminals, it would not be hard for a determined attacker to write code that exploited the flaw, said Core’s chief technology officer. That’s because there have already been a number of similar KeyView bugs found this year, so sample exploit code for similar flaws can easily be found. “Previously there have been other flaws like this published for the same software development kit,” he said. “So anyone keeping track of that could write an exploit pretty quickly.” In the past year, security researchers have increasingly focused on these kinds of vulnerabilities, called file parsing bugs. Improvements in hacking software, called fuzzers, which send a barrage of data to programs in order to see if they can be made to act in unexpected ways, have made this type of research easier. The flaws researchers have found over the past two years involving file parsing bugs affect every major antivirus vendor, and many of them could allow attackers to run unauthorized code on a victim’s system, they say.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9049439&intsrc=hm_list
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9049263&taxonomyId=17&intsrc=kc_top
Source:
http://extra.examiner.com/linker/?url=http%3A%2F%2Fcbs5%2Ecom%2Flocal%2FYahoo%2Ee%2Ecommerce%2E2%2E596040%2Ehtml
29. November 28, Computerworld – (International) Report: Cell phone explosion may have killed man. Police in Cheongwon, South Korea, said a worker died Wednesday possibly because a cell phone battery exploded in his pocket, according to a report from the Associated Press. The report quotes an unnamed police official as saying, “We presume that the cell phone battery exploded,” but the official spoke on the condition of anonymity because the investigation is ongoing. The man was identified only as Suh, and was found dead at his workplace in a quarry Wednesday morning with a melted cell phone battery in his shirt pocket, according to the report. The AP quoted the Yonhap news agency as saying Suh’s body was examined by a doctor who said that Suh suffered a burn in the left chest area and had a broken spine and ribs. “It is presumed that pressure caused by the explosion damaged his heart and lungs, leading to his death,” the report quotes the doctor as saying. South Korea’s LG Electronics Inc. reportedly made the phone involved in the death, although the report quoted an LG official who said that a fatal explosion from the phone or its battery would be virtually impossible. An LG spokeswoman said the company is investigating the report and would only confirm that the phone is not sold in the U.S.
Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=networking_and_internet&articleId=9049579&taxonomyId=16