Thursday, February 7, 2008
• According to the Associated Press, firefighters contained early Wednesday a massive fire that erupted at about 10 p.m. Tuesday at the Columbia Gulf Natural Gas pumping station in Macon County, Tennessee, after a line of severe storms moved through Tennessee. The company shut off the gas on both sides of the station. (See item 2)
• The Daily Journal reports that a man who fled from members of the National Guard near the Oyster Creek nuclear power plant in Lacey Township, New Jersey, prompted a massive search at the plant Tuesday afternoon. The individual was last seen on foot walking north on the Garden State Parkway at milepost 70.4. (See item 8)
25. February 5, InfoWorld – (International) Remote worker security still lax. Despite having a greater awareness of the security risks posed by careless computing habits and personal Internet activity carried out on corporate laptops, many remote workers continue to do things that imperil the safety of themselves and their employers, according to a new report from Cisco. As part of its annual study on the security awareness and online behavior of remote workers – based on interviews with 2,000 telecommuters carried out by researchers from InsightExpress – Cisco experts said that people appear to have acquired a false sense of security when it comes to the use of their company-issued computers and other corporate IT assets. Despite the fact that the IT security community has done a much better job in recent years of keeping people informed of the latest and greatest malware attacks and social engineering schemes, remote workers keep falling for the same types of tricks as they always have – in part because they believe that they are now protected by more advanced security technologies, said a special assistant to the CTO at Cisco. In fact, in just one year’s time, the number of respondents to the survey who expressed a belief that the Internet is “getting safer” increased from 48 percent 12 months ago to more than 56 percent in
2008. The trend was particularly evident in some parts of the world where Internet use is growing the fastest, and where people believe that their governments are going to greater lengths to protect individual users, such as Brazil (71 percent), India (68 percent), and China (64 percent). By using their company-issued devices to head to corners of the Internet where attacks are more prevalent – such as on e-commerce sites, social-networking portals, and independent Web properties – workers are putting their employers at risk of exploit by malware and other threats, the expert said.
26. February 5, Computerworld – (International) Skype plugs critical cross-zone scripting hole. Skype Ltd. today patched a critical vulnerability that forced it to dump several features from its VoIP and chat software to prevent attackers from hijacking Windows PCs. In a security advisory issued Tuesday, Skype said it fixed the underlying flaw publicized by an Israeli researcher nearly three weeks ago. The vulnerability, which was called a cross-zone scripting bug, could be exploited with rigged video files that leveraged a security flaw in the way Skype rendered HTML. At root, the researcher said, was the fact that Skype, which uses Internet Explorer’s Web control to handle internal and external HTML pages, ran the control in a low-security mode. After he and others posted proof-of-concept code for the exploit, Skype temporarily plugged the hole by first ditching connections to the Dailymotion video-sharing service. Six days later, it severed the line to Metacafe, another partner that provides video-sharing services, when an even more serious exploit was pointed out. Last week, the researcher spotted yet another Skype problem, this time in the SkypeFind command, which lets users recommend businesses to others and write reviews of those businesses. In its security alert today, Skype claimed that all three of the exploits – the two related to Dailymotion and Metacafe and the third connected to SkypeFind – had been quashed by the patched Skype, which is now available for download. Users can download the patched Skype – Version 184.108.40.206 for Windows – from the service’s Web site. Existing Skype users can update by using the software’s “Check for Updates” command under the Help menu.
27. February 6, Computerworld – (International) Study: Mobile call quality still has a way to go. A study of the voice quality experienced on 630 million live mobile phone calls conducted in 12 countries last year showed that 39 percent of the calls did not meet the industry’s minimum standard for voice quality. Mobile voice quality was much better in the U.S. and Europe, where just 23 percent of calls fell below the industry minimum, according to a study by Ditech Networks Inc., a telecommunications equipment supplier based in California. But the quality was much worse in rapid-growthmarkets such as India and South America, where 59 percent of mobile calls fell below the industry minimum. The study is the biggest of its kind ever conducted. It was done with the cooperation of 16 mobile network carriers in 12 countries over periods of up to six weeks in 2007, Ditech officials said. Three major U.S. carriers participated, although Ditech would not disclose their names. Ditech’s study helped the carriers learn that up to half the calls in some regions were adversely affected by ambient noise in the caller’s environment. Ambient noise could be a passing motorcycle or the sounds of a nearby crowd, a representative said. Echo, often caused by the mobile handsets, was a problem in as many as 11 percent of all calls in some regions, he said. And “voice level mismatch” was a problem on up to 28 percent of all calls in some regions. Voice level mismatch is when a caller seems to be speaking too loudly or too softly.
28. February 5, BBC News – (International) Work begins to repair severed net. Work has begun to repair two damaged internet cables in the Mediterranean Sea that were severed last week. Flag Telecom, one of the firms responsible for the cables, says it will take about a week to be fixed. The break has caused disruption to net services in the Middle East and India. The cause is still not known. Repairs will involve a team of about 50 people, including navigation experts and cable engineers, said Flag Telecom. The ship that will repair the first severed cable is already in place, with repairs underway, while the second vessel is expected to begin work on Tuesday. “It will be a highly technical job and should take a week to complete,” a spokesperson for Flag Telecom told the BBC News website. The cause of the damage has not been officially confirmed, but there have been reports that the breaks were related to a tanker dragging its anchor along the sea bed. However, the Egyptian communications ministry has denied any ships were in the area at the time of the break.