Wednesday, February 27, 2008

Daily Report

• According to CBS, a widespread power outage hit about 1 p.m. Tuesday, knocking out electricity for businesses, homes and traffic lights throughout south Florida. The outage apparently was caused by a blown transformer, a Florida Power & Light (FPL) spokesperson said. (See item 1)

• The Associated Press reports police in Banja Luka, Bosnia-Herzegovina, fired tear gas at Bosnian Serb rioters Tuesday to prevent them from storming the building of the U.S. Consulate after protests against Kosovo’s independence. A smaller group split away from the almost 10,000 peaceful protesters in Banja Luka and headed toward the U.S. Consulate, breaking shop windows along the way and throwing stones at police. (See item 30)

Information Technology

33. February 26, IDG News Service – (International) YouTube outage underscores big Internet problem. Sunday’s inadvertent disruption of Google’s YouTube video service underscores a flaw in the Internet’s design that could some day lead to a serious security problem, according to networking experts. The issue lies in the way Internet Service Providers (ISPs) share Border Gateway Protocol (BGP) routing information. BGP is the standard protocol used by routers to find computers on the Internet, but there is a lot of BGP routing data available. To simplify things, ISPs share this kind of information among each other. And that can cause problems when one ISP shares bad data with the rest of the Internet. That is what happened with YouTube this weekend, according to sources familiar with the situation. BGP data intended to block access to YouTube within Pakistan was accidentally broadcast to other service providers, causing a widespread YouTube outage. The chain of events that led to YouTube’s partial blackout was kicked off Friday when the Pakistan Telecommunication Authority (PTA) ordered the country’s ISPs to block access to YouTube because of an alleged anti-Islamic video that was hosted on the site. ISPs in Pakistan were able to block YouTube by creating BGP data that redirected routers looking for’s servers to nonexistent network destinations. But that data was accidentally shared with Hong Kong’s PCCW, who in turn shared it with other ISPs throughout the Internet. Because Pakistan’s BGP traffic was offering very precise routes to what it claimed were YouTube’s Internet servers, routers took it to be more accurate than YouTube’s own information about itself. Larger service providers typically validate BGP data from their customers to make sure that the routing information is accurate, but in this case, PCCW apparently did not do that, according to a researcher. This kind of accidental denial of service attack has happened before. By intentionally propagating bad BGP data, an attacker could knock a Web site off the Internet or even redirect visitor’s traffic to a malicious server, security experts said.

34. February 26, – (National) ‘Critical’ Linux kernel bugs discovered. Security researchers have uncovered three “critical” security flaws in a version of the Linux kernel used by a large number of popular distributions. The bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory. They could be exploited by malicious local users to cause denial-of-service attacks, disclose potentially sensitive information or gain “root” privileges, the group said. The bug affects all versions of the Linux kernel up to Version, which is patched. Distributions such as Ubuntu, TurboLinux, SUSE, Red Hat, Mandriva, Debian and others are affected. Researchers advised administrators to update their kernels immediately. Last month, a U.S. Department of Homeland Security bug-fixing scheme uncovered an average of one security glitch per 1,000 lines of code in 180 widely used open-source software projects.

Communications Sector

35. February 26, Associated Press – (International) Group with Google and others building cross-Pacific broadband cable. A group of six international companies, including Google, is building a $300-million underwater fibre optic cable linking the United States and Japan. The trans-Pacific 10,000-kilometre broadband cable system called Unity will respond to the expected growth in data and Internet traffic between Asia and the United States, the companies said in a statement Monday. A signing ceremony was held Feb. 23, they said. Besides U.S. Internet search company Google Inc., the consortium -- also named Unity -- includes Bharti Airtel Limited, India’s leading integrated telecom services provider and Japanese telecommunications company KDDI Corp. The others are Malaysian Internet company Global Transit; Pacnet, a telecom company headquartered in Hong Kong and Singapore and SingTel, a leading Asian communications and mobile company. NEC Corp. and Tyco Telecommunications are suppliers for the project, set to be up and running in the first quarter of 2010. Construction begins immediately, Unity said. The cable will connect Chikura, near Tokyo, with Los Angeles and other U.S. West Coast points and the system connects to other Asian cable systems via Chikura, the companies said.

36. February 25, Reuters – (National) FCC says will act on Web neutrality if needed. The head of the U.S. Federal Communications Commission said on Monday he is “ready, willing and able” to stop broadband providers that unreasonably interfere with subscribers’ access to Internet content. The comment by the FCC chairman came at the start of a day-long FCC hearing centering on allegations that some broadband providers such as telecommunications and cable companies have been improperly blocking or hindering some content. The dispute over so-called “network neutrality” pits open- Internet advocates against some service providers such as Comcast Corp, who say they need to take reasonable steps to manage traffic on their networks. The FCC chair acknowledged that broadband network operators have a legitimate need to manage the data flowing over their networks. But he said that “does not mean that they can arbitrarily block access to particular applications or services.” The hearing, which included testimony from officials with Comcast and Verizon, is aimed at determining what network management techniques are reasonable.

No comments: