Daily Report Friday, January 5, 2007

Daily Highlights

The Washington Times reports federal officials are recommending new security measures to protect the nation's half.dozen liquefied natural gas facilities from a terrorist attack, after a break.in at a Massachusetts operation last summer went undetected for nearly a week. (See item 3)
The Department of Homeland Security on Wednesday, January 3, announced the issuance of the final rule for the Transportation Worker Identification Credential program, which enhances port security by checking the backgrounds of workers before they are granted unescorted access to secure areas of vessels and maritime facilities. (See item 14)
The Associated Press reports Rhode Island officials canceled school Thursday, January 4, for more than 20,000 students while health experts search for any connection between a suspected case of meningitis and a second.grader's encephalitis death two weeks ago. (See item 22)

Information Technology and Telecommunications Sector

29. January 04, InfoWorld — Cisco buys e.mail security firm for $830 million. Cisco Systems Inc. said on Thursday, January 4, that it was buying IronPort Systems Inc. of San Bruno, CA, for $830 million in cash and stock. The deal for privately held IronPort, which makes e.mail, Web, and security management appliances, will add expertise in spam and messaging security to Cisco's security portfolio. Cisco plans to use that technology as part of its Self.Defending Network framework, the company said in a statement. The deal is expected to close in the third quarter of Cisco's fiscal year 2007, which ends in April.
Source: http://www.infoworld.com/article/07/01/04/HNciscoironport_1. html

30. January 04, New York Times — U.S. bars lab from testing electronic voting. A laboratory that has tested most of the nation’s electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality.control procedures and could not document that it was conducting all the required tests. The company, Ciber Inc. of Greenwood Village, CO, has also come under fire from analysts hired by New York State over its plans to test new voting machines for the state. New York could eventually spend $200 million to replace its aging lever devices. Experts on voting systems say the Ciber problems underscore longstanding worries about lax inspections in the secretive world of voting.machine testing. The action by the federal Election Assistance Commission seems certain to fan growing concerns about the reliability and security of the devices. Ciber, the largest tester of the nation’s voting machine software, says it is fixing its problems and expects to gain certification soon. Experts say the deficiencies of the laboratory suggest that crucial features like the vote.counting software and security against hacking may not have been thoroughly tested on many machines now in use.
Source: http://www.nytimes.com/2007/01/04/washington/04voting.html?r ef=us

31. January 04, Reuters — Three cell phone makers are sued over Bluetooth technology. A United States research institute has sued three cell phone makers, accusing them of violating a patent for Bluetooth technology. The Washington Research Foundation, which markets technology from universities and other nonprofit research institutions in Washington State, is seeking damages from Nokia, Samsung Electronics and Panasonic, owned by Matsushita, contending that the three companies were using a radio frequency receiver technology patented by a University of Washington scientist in 1999. The suit was filed December 21 in Federal District Court in Seattle. The claim appears to restrict itself to Bluetooth devices sold or used in the United States, which means any ruling will affect around 15 to 20 percent of total global sales of Bluetooth mobile phones and headsets in the near term, according to Neil Mawston, an analyst at the market research group Strategy Analytics. But Ben Wood, a consultant at CCS Insight, said the implications for the standard could be more serious if the foundation’s claim was successful. “A standard which everyone assumes to be royalty.free is now at risk of becoming a chargeable element inside mobile phones and other devices,” he said.
Source: http://www.nytimes.com/2007/01/04/technology/04bluetooth.htm l

32. January 04, Security Focus — IE users at risk for 284 days in 2006. Exploits and unpatched critical vulnerabilities put the users of Internet Explorer (IE) at risk 77 percent of the time last year, according to the latest number crunching by Brian Krebs of the Washington Post's Security Fix blog. Based on data published by Microsoft and interviews with researchers, Krebs found that critical security issues remained unpatched in IE for 284 days during 2006. The Mozilla Foundation's Firefox browser only suffered a single period of vulnerability lasting nine days, according to the analysis.
Source: http://www.securityfocus.com/brief/400

33. January 03, CNET News — Adobe flaw could spawn Web attacks. A security weakness in the ubiquitous Acrobat Reader software could be a boon for cybercrooks, security experts warned Wednesday, January 3. An error in the Web browser plug.in of Adobe Systems' tool lets cybercrooks co.opt the address of any Website that hosts an Adobe PDF file for use in attacks, Symantec and VeriSign iDefense said. An attacker could construct seemingly trusted links and add malicious JavaScript code that will run once the link is clicked, they said. "This vulnerability makes it possible for cross.site.scripting (XSS) attacks to occur, to steal cookies, session information, or possibly create a XSS worm," said Ken Dunham, director of the Rapid Response Team at VeriSign iDefense. The Adobe vulnerability could spark a rise XSS attacks, Symantec said. Such attacks in the past relied on flaws in Websites, but with the Adobe Reader bug there is now a widely used client.side application that allows cross.site.scripting attacks.
Source: http://news.com.com/Acrobat+flaw+could+spawn+Web+attacks/2100.1002_3.6147038.html

34. January 02, New York Times — Rolling Wi.Fi hotspot to be offered in rental cars. Try connecting to a high.speed wireless network from a car, and you are pretty much limited to one method: rigging your laptop computer with a special modem and subscribing to a costly, and sometimes temperamental, wireless service. But a start.up wireless technology company based in San Francisco is expected to announce this week that it has reached an agreement with a rental car company to provide a rolling Wi.Fi hotspot to customers by March. For $10.95 a day, the rental car company will issue motorists a notebook.size portable device that plugs into a car’s power supply and delivers a high.speed Internet connection. A mobile Wi.Fi hotspot that lets laptops and personal digital assistants link to the Internet without the benefit of wires represents an important step toward what technology experts call the “connected car.” Users of these new Wi.Fi hotspots still must contend with technological limitations, like bandwidth restrictions and, for vehicles with too few auxiliary power outlets for all passengers who want to be online at the same time, battery consumption.
Source: http://www.nytimes.com/2007/01/02/technology/02avis.html?_r=1&adxnnl=1&oref=slogin&adxnnlx=1167919850.OdcMiLY20XTeAqD5K5VT/w