Security Bytes: CA fixes eTrust Antivirus flaws

Online thieves steal $700,000 from personal accounts, researchers expose e-passport vulnerability; and arrests are made in the VA security breach case.

CA fixes eTrust Antivirus flaws
Attackers could crash certain applications or take control of machines by exploiting multiple security holes in CA's eTrust Antivirus WebScan, the French Security Incident Response Team (FrSIRT) warned in an advisory. "These flaws are due to input validation and buffer overflow errors when handling malformed files and components, which could be exploited by attackers or malware to cause a denial of service or execute arbitrary commands," FrSIRT said. The problems affect CA eTrust Antivirus WebScan version 1.1.0.1047 and prior. CA has addressed the flaws in version 1.1.0.1048.

Online thieves steal $700,000
Hackers who accessed the ATM information of 800 retail customers have pillaged personal accounts, stealing up to $700,000 in the last two months, investigators say. According to published reports, customers in Modesto and Carmichael, California, and Ashland, Oregon, who used ATM cards to buy merchandise at retail discount chain Dollar Tree have reported withdrawals they didn't authorise. The U.S. Secret Service is investigating the thefts, though the agency isn't offering specifics on what it has found so far.

Researchers expose e-passport vulnerability
Researchers have uncovered a significant flaw in the electronic passports the U.S. and other countries are starting to introduce. Online outlaws could exploit the vulnerability to clone embedded secret code and enter countries illegally, German computer security expert Lukas Grunwald warned at the Black Hat USA 2006 and Defcon security conferences in Las Vegas last week. In one demonstration Friday, he showed how personal information stored on the documents could be copied and transferred to another device. The research also raises concerns about the use of radio-frequency identification (RFID) technology, which some countries use in passports to help border officials identify forgeries and automate the processing of international visitors. U.S. officials plan to start embedding RFID in passports this fall.

Arrests made in VA security breach case
Two teenagers were arrested on 5 August in the theft of a laptop and hard drive containing secret data on up to 26.5 million U.S. veterans and military personnel. The U.S. Department of Veterans Affairs confirmed in late May that records for every veteran discharged from the military since 1975 were stolen from the home of an agency employee . The VA later revealed the breach also put active duty personnel at risk for identity fraud. The laptop and hard drive were turned in to the FBI in late June after a $50,000 reward was offered. Saturday, police arrested Jesus Alex Pineda, 19, and Christian Brian Montano, 19, both of Rockville, Maryland, U.S., in connection with the theft. According to published reports, Pineda was charged with first-degree burglary and theft over $500 while Montano was charged with first-degree burglary, conspiracy to commit first-degree burglary, theft over $500 and conspiracy to commit theft over $500.

Read more on IT risk management