• United States



by CSO Contributor

Ridge Warns Iraq War Could Raise Terror Threat; E-Mail Vulnerability Found; Critical Hole Found in Flash Player; BT Scheme to Fight ID Fraud; Bomb Blast in Philippines Kills at Least 19

Mar 04, 20034 mins
CSO and CISOData and Information Security

Ridge Warns Iraq War Could Raise Terror Threat

According to a story in The New York Times, Al Qaeda and other terrorist groups have vowed to carry out strikes in the United States in the event of an American war against Iraq. And with comments made yesterday, Homeland Security chief Tom Ridge made it clear that the administration took the threats seriously. “There may be more threats, there have been more threats, if we go to war,” he told the press. The Times says Ridge spoke as if war was a certainty and the public needed to prepare itself for the possibility of a terrorist strike. Even while acknowledging that a war to oust Saddam Hussein and disarm Iraq was likely to increase the domestic terror threat, Ridge insisted that it was a necessary step in combating terrorism. E-Mail Vulnerability FoundDigitalMASS. The story reports that Atlanta-based ISDS and Sendmail Inc., of Emeryville, Calif., said that fixes for the vulnerability were available from the Sendmail website. According to a CNET story on the topic, the Sendmail flaw has become the first test for the newly minted Department of Homeland Security and its cyberdefense arm. The agencys Directorate of Information Analysis and Infrastructure Protection worked with security company Internet Security Systems (ISS), which discovered the flaw, and with Sendmail to create a patch while keeping news of the issue from leaking to those who might exploit the vulnerability. IDG News Service reports that the flaw could have a wide ranging impact, akin to the Microsoft Corp. SQL Server vulnerability that spawned the recent Slammer worm, according to an ISSs published advisory. “It’s quite a dangerous vulnerability because an exploit could be contained in the e-mail message itself. The attacker doesn’t need to set up an elaborate system to launch the attack. They could just send an e-mail message to a server, and if the server is vulnerable the attack would be launched,” said Dan Ingevaldson of ISS.

An Internet security provider and the company that handles the majority of Internet e-mail have issued a joint statement identifying a security flaw that could allow hackers to intercept e-mail messages sent between computer networks, according to a story in

Critical Hole Found in Flash today, says the security flaw affects version 6 of the Macromedia Flash Player, which was released a year ago this month and has been installed on an estimated 75 percent of personal computers worldwide, according to the company. As well as fixing the latest vulnerability, the new version serves as a cumulative patch, fixing other security flaws reported since the product’s release. No user problems have been reported, but Macromedia advises users to download the new version immediately.

IDG News Service also reports that Macromedia warned Monday of what it called a critical security flaw in the latest version of its Flash animation player and advised users to install a new version that it released on its website to fix the problem. The story, on

BT Scheme to Fight ID FraudBBC News Service today. The system called URU (You Are You) is designed to make identity mix-ups such as the recent arrest of pensioner Derek Bond in South Africa as one of the FBI’s most wanted men far less common, developers told the BBC. Organizations needing to check identities enter the details of the person and the system then trawls through databases such as the Electoral Roll, the Death Register and the Post Office Address File. In early phases, the system will only use name, address and the number in the corner of every household electricity bill which is unique to that property. The BBC reports that there are an estimated two billion transactions in the U.K. each year which require authentication of identity, 800 million alone in government.

British Telecom (BT) and data capture company DB Group have launched an ID verification scheme that they hope will become the universal system for government and businesses wanting to check identities on the Web, according to the

Bomb Blast in Philippines Kills at Least 19Washington Post. Wire reports vary, but apparently an explosive devise was placed in a box or backpack in or around a shelter near the arrival terminal, where many people were taking cover from rain while they waited. No one claimed responsibility for the blast. President Gloria Macapagal Arroyo called an emergency meeting of the cabinet oversight committee, which discusses internal security issues, for Tuesday evening.

At least 19 people were killed, including one American, and 100 wounded on Tuesday when a bomb exploded at an airport in Davao, the second biggest city in the Philippines, according to a story in todays