Monday, May 14, 2007

Daily Highlights

The Los Angeles Times reports a jumbo jet barreling down a runway at Los Angeles International Airport came as close as 50 feet to a turboprop on a nearby taxiway, in the latest such incident to point up safety concerns with the airfield's layout. (See item 11)
·
President Bush signed a directive, called National Security Presidential Directive 51 and Homeland Security Presidential Directive 20, outlining a strategy for preparing the federal government to continue running during a national emergency such as a terrorist attack or a natural disaster. (See item 33)

Information Technology and Telecommunications Sector

38. May 11, SC Magazine — Apple fixes two Darwin Streamer flaws. Apple on Thursday, May 10, released fixes for two critical vulnerabilities in its open−source server technology designed for developers who need to stream media across platforms. The Cupertino, CA−based computing giant said the flaws, affecting Darwin Streamer Server 5.5.4 and all prior versions, may allow remote attackers to cause a system crash or execute arbitrary code.
Additional information is available from Apple: http://docs.info.apple.com/article.html?artnum=305495
Source: http://scmagazine.com/us/news/article/656972/apple−fixes−two−darwin−streamer−flaws/

39. May 10, Computerworld — Hackers hijack Windows Update's downloader. Hackers are using the file transfer component used by Windows Update to sneak malware past firewalls, Symantec researchers said Thursday, May 10. The Background Intelligent Transfer Service (BITS) is used by Microsoft Corp.'s operating systems to deliver patches via Windows Update. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows Vista, is an asynchronous file transfer service with automatic throttling−−so downloads don't impact other network chores. It automatically resumes if the connection is broken. Although BITS powers the downloads delivered by Microsoft's Windows Update service, Oliver Friedrichs, director of Symantec's security response group, said that there was no risk to the service itself. "There's no evidence to suspect that Windows Update can be compromised. If it has a weakness, someone would have found it by now. Microsoft was unable to immediately respond to questions about unauthorized BITS use.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9019118&intsrc=hm_list