Friday, May 25, 2007

Daily Highlights

KSBI−TV reports on Wednesday night, May 23, Tulsa, Oklahoma's International Airport came to a stand still when a surge knocked out power; planes sat on the runway while workers drove bags to the front of the airport into the hands of passengers, because the inbound baggage conveyor system did not work. (See item 15)
·
The Bush administration on Wednesday, May 23, pressed senior Chinese officials to bolster the safety of food exports, a key issue for U.S. consumers after melamine, a chemical used in plastics and fertilizers, surfaced in imported pet food. (See item 20)

Information Technology and Telecommunications Sector

27. May 24, InformationWeek — Philadelphia launches wi−fi access test zone. Philadelphia, PA, has approved a 15−square−mile Wi−Fi test zone. About 5,000 paying customers are expected to sign up by July and 12,000 by the end of the year. Consumers in the 15−square−mile test area can sign up beginning Thursday, May 24. Free access will be offered to city residents and visitors in several designated access areas throughout the city.
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=199701767

28. May 24, CNET News — Flawed Symantec update cripples Chinese PCs. A Symantec antivirus signature update mistakenly quarantined two critical system files in the Simplified Chinese version of Windows XP last week, crippling PCs throughout China. According to the Chinese Internet Security Response Team (CISRT), users of Norton Antivirus, Norton Internet Security 2007 and Norton 360 who installed an antivirus signature update released by Symantec on May 17 could not reboot their PCs. The update reportedly mistook two Windows system files−−"netapi32.dll" and "lsasrv.dll"−−as the Backdoor.Haxdoo Trojan horse. The two files were subsequently quarantined. CISRT said the flawed Symantec update only affects users of the Simplified Chinese version of Windows XP Service Pack 2 that have been patched with a particular Microsoft software fix available since November 2006. According to Symantec China's Website, affected customers can resolve the problem by initiating another LiveUpdate, if they have not restarted their PCs after installing the flawed update. Systems that have already been restarted can be returned to the previous state by recovering the two system files from the Windows XP disc.
Source: http://news.com.com/Flawed+Symantec+update+cripples+Chinese+PCs/2100−1002_3−6186271.html?tag=cd.lede

29. May 23, US−CERT — Microsoft Office ActiveX control vulnerability. US−CERT is aware of reports of a vulnerability in a Microsoft Office 2000 ActiveX control. Excessive data passed to the OUACTRL ActiveX control may result in a buffer overflow allowing arbitrary code execution or causing a denial−of−service condition. This vulnerability was fixed in the Microsoft UA Control Vulnerability update, which is included in Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=1e9388cc−76fa−40cf−a84a−6284f5a15533&displaylang=en
Source: http://www.us−cert.gov/current/index.html#microsoft_office_activex_control_vulnerability

30. April 30, Government Accountability Office — GAO−07−368: Information Security: FBI Needs to Address Weaknesses in Critical Network (Letter Report). The Federal Bureau of Investigation (FBI) relies on a critical network to electronically communicate, capture, exchange, and access law enforcement and investigative information. Misuse or interruption of this critical network, or disclosure of the information traversing it, would impair FBI’s ability to fulfill its missions. Effective information security controls are essential for ensuring that information technology resources and information are adequately protected from inadvertent or deliberate misuse, fraudulent use, disclosure, modification, or destruction. GAO was asked to assess information security controls for one of FBI’s critical networks. To assess controls, GAO conducted a vulnerability assessment of the internal network and evaluated the bureau’s information security program associated with the network operating environment. This report summarizes weaknesses in information security controls in one of FBI’s critical networks. GAO recommends several actions to fully implement an information security program. In a separate classified report, GAO makes recommendations to correct specific weaknesses. FBI agreed with many of the recommendations but disagreed with the characterization of risk to its information and noted that it has made significant strides in reducing risks. GAO believes that increased risk remains.
Highlights: http://www.gao.gov/highlights/d07368high.pdf
Source: http://www.gao.gov/cgi−bin/getrpt?GAO−07−368