Friday, October 26, 2007
- According to Associated Press and Seattle Times reports, a congressional investigation revealed a shortage of laboratories needed to test the thousands of people who might be exposed to radiation if a “dirty bomb” detonated in a major city. The report, prepared for the House Committee on Science and Technology, also found that the available tests address only 6 of the 13 radiological isotopes that would likely be used in a dirty bomb. (See items 4 & 27)
- Fox News reported Thursday that California officials raised a bounty for suspects behind the biggest in a string of deadly wildfires that are responsible for at least 10 deaths, more than 1,500 destroyed homes and nearly half a million scorched acres. Local and state officials have combined with the FBI to hunt down suspects responsible for the blazes. Two suspects were arrested and another died in a gunfight with police. (See item 31)
28. October 25, Computerworld – (Louisiana) Encrypt data stored off site, warns Louisiana agency. The loss of unencrypted storage media from an Iron Mountain Inc. vehicle last month renewed calls for IT managers to better protect data stored off site. The Louisiana Office of Student Financial Assistance (LOFSA) said the unencrypted data lost from the vehicle of its contractor on Sept. 19 included the names, birth dates and Social Security numbers of thousands of state residents. The state agency administers several state scholarship programs as well as the state’s 529 College Savings Plan. “LOFSA was in the process of developing our disaster and recovery plan, but [the loss] occurred before we could get it in place and establish it as a standard plan,” said the agency’s assistant executive director and chief operating officer this week. In a statement, Boston-based Iron Mountain blamed the theft on “a driver [who] did not follow established company procedures when loading the container onto his vehicle.” The statement also noted that the company “encourages” its customers to encrypt backup data. Iron Mountain’s CEO said the firm is working hard to eliminate human error by its employees.
29.October 24, Computerworld – (National) IBM fixes four flaws in Notes e-mail, Domino server. IBM patched four vulnerabilities in its Notes and Domino e-mail software to plug holes that could be used to access information or infect systems with malicious code. Collectively ranked as “moderately critical” by Copenhagen-based bug tracker Secunia ApS, the four vulnerabilities involve Notes’ Internet Message Access Protocol (IMAP) service; its scripting language, LotusScript; the Domino server’s command console; and how both Notes and Domino map memory in Windows when they're used in a shared environment such as Citrix. “Lotus Domino is prone to a vulnerability that may allow attackers to access other users’ sessions,” said Symantec Corp. in an advisory posted today. “If the Lotus Notes client is used in a Microsoft Terminal Services or Citrix environment, users can read each other’s Lotus Notes session data, including items such as e-mail,” the Symantec advisory said. “This vulnerability could also be used to write to the memory mapped files, [allowing] an attacker to potentially inject active content such as Lotus Script.” IBM issued security bulletins today for each vulnerability, and provided links to updates to Versions 7.0.3 and 8.0 that patch the problems. The updates can also be downloaded from the Lotus Upgrade Central Web site.
30. October 24, Reuters – (National) Security firm says hackers can divert Vonage calls. Hackers with a Vonage Holdings Corp. phone subscriber’s name and telephone number could intercept Internet phone calls by exploiting a weakness in the system, a security firm said on Wednesday. A Vonage spokesman declined comment on the report by Sipera Systems of Richardson, Texas, which said it informed Vonage of the problem more than a month ago. Vonage had not responded, he said. Vonage, which has almost 2.5 million customers, was a pioneer in the business of selling low-cost phone services that use the Internet to connect calls instead of traditional phone wires. While crooks have been long been able to hack into traditional phone lines, they’ve had to physically tap into telephone wires to do so. Without proper security measures, Internet phone providers risk exposing their customers to such attacks from far away as hackers use the Web to access their networks, said Sipera’s founder and chief technology officer of Sipera. “This guy could be in Russia and Vonage thinks it's John Smith. People think they're calling John Smith and instead they get this guy,” he said.