Thursday, October 4, 2007

Daily Report

The Associated Press reports that a chemical fire killed five maintenance workers at a hydroelectric plant near Georgetown, Colorado. The victims, working to reseal a pipe, survived the initial blaze, but were trapped 1000 feet below ground and died before rescue personnel could arrive. (See item 1)

According to documents obtained by The Associated Press, the government is preparing to conduct the largest terrorism exercise ever during which three fictional “dirty bombs” go off, crippling transportation arteries in two major U.S. cities and Guam. The event, to take place October 15-19, has stirred some controversy among politicians still waiting for published results of the last major exercise in 2005. (See item 10)

Information Technology

22. October 2, Computer World – (National) Could Adobe be vulnerable to an AIR attack? Adobe Systems Inc.’s moves to support rich Internet applications are exposing the software vendor – and its developers and users – to the threat of more Web-based malware and efforts to take advantage of security holes in its products. For instance, a British security researcher claimed last month that an unpatched vulnerability in Adobe’s Portable Document Format (PDF) technology could be exploited to take control of systems running Windows XP; at the time, Adobe said it was researching the reported flaw. In January, Adobe issued a patch to fix a vulnerability in its PDF-based Adobe Reader and Acrobat software that left systems open to cross-site scripting attacks. There are also potential vulnerabilities lurking in Adobe’s newer, less mature technologies, such as its still-in-beta Adobe Integrated Runtime (AIR) software. The AIR framework enables Web applications built with HTML or AJAX to run offline. The problem is that doing so exposes users of AIR-based applications to many of the same security issues that other users face, if not more of them, according to an analyst at ZapThink LLC. “The current generation of spyware, virus and malware [detection] products have no visibility into running AIR programs,” he wrote in an e-mail. “As such, there is a high possibility for malicious AIR applications to spread into the wild.”

23. October 2, Computer World – (National) Web 2.0, social networking can endanger corporate security, analyst says. With the Web becoming central to the way companies do business, cybercriminals are taking increasing advantage of Web 2.0 and social networking sites to launch attacks, said an International Data Corporation analyst at Kaspersky Lab Inc.’s Surviving CyberCrime conference in Waltham, Massachusetts on Tuesday. With the increased blending of people’s private lives with their corporate lives, employees’ personal lives become intermingled with the interactions they have at work with customers, fellow employees, partners and suppliers, he said. “So that creates a perforated perimeter where there isn’t a hard, fast separation between the corporate world and the personal world,” he said. The problem is that employees do not always follow their companies’ security policies – probably because they do not know what those policies are, just as they do not know what their companies’ acceptable use policies are. The latest threats to network security are now coming from collaborative and Web 2.0 environments, he said, where employees casually click on links that could lead them to malware. And they are coming from the wide variety of devices that may be accessing private as well as corporate networks, he said. “We’re seeing a change in the threat environment,” he said. “Instead of malicious code being distributed as e-mail attachments, we’re seeing more and more that they’re being embedded in Web 2.0 links.”


Communications Sector

24. October 2, Lansing State Journal – (Michigan) Cell phone tower gets bad reception from some. T-Mobile wants a special land use permit to construct a 125-foot monopole telecommunications tower on the southern edge of Grandhaven Manor, a senior housing complex in Lansing, Michigan. If approved, the tower would enhance cell phone reception and could be used by other wireless companies. Opponents say that the council should adopt a moratorium on telecommunications towers until Lansing has a comprehensive plan on future locations. T-Mobile’s proposal will go to the city council’s Development and Planning Committee, where it could die without two votes.