Friday, January 25, 2008
• The Miami Herald is reporting Florida Power & Light (FPL) is facing $208,000 in federal fines because firing pins were removed from the weapons of Wackenhut guards at its Turkey Point nuclear power plant in Florida. The Nuclear Regulatory Commission’s announcement Tuesday listed four violations: two for “willfully failing to properly equip” armed guards, one for failing to promptly report the incident, and the fourth for providing incomplete and inaccurate information about the incident. (See item 6)
• According to Computerworld, an Arabic-language Web site, hosted on a server located in Tampa, Florida, is offering a new version of software that was designed to help al-Qaeda supporters encrypt their Internet communications. The tool is being distributed free of charge on a password-protected Web site that belongs to an Islamic forum known as al-Ekhlaas, according to Secure Computing and a blog posting by MEMRI. (See item 26)
25. January 24, IDG News Service – (National) Windows Small Business Server at risk from critical flaw. Microsoft said Wednesday that another one of its operating system products is susceptible to a critical vulnerability, first patched two weeks ago. In an update to its MSO8-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows’ networking software. The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product’s users were being offered patches via Microsoft’s various automatic update services. “Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure,” Microsoft said in its updated bulletin. The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft said that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system. Microsoft rates the flaw as “important” for Windows Server 2003, meaning that it would be more difficult for attackers to exploit the flaw on this operating system.
26. January 23, Computerworld – (International) U.S. Web site said to offer strengthened encryption tool for al-Qaeda backers. An Arabic-language Web site hosted on a server located in Tampa, Florida, is apparently offering a new version of software that was designed to help al-Qaeda supporters encrypt their Internet communications. The new encryption tool is called Mujahideen Secrets 2 and appears to be an updated version of easier-to-crack software that was released early last year, said the vice president of technology evangelism at Secure Computing Corp. The tool is being distributed free of charge on a password-protected Web site that belongs to an Islamic forum known as al- Ekhlaas, according to Secure Computing and a blog posting by the Middle East Media Research Institute. MEMRI is a Washington-based organization that monitors what it describes as jihadist Web sites and publishes translations of online content originally posted in Arabic, Persian, or Turkish. The vice president said that he contacted the FBI about the al-Ekhlaas site and its contents last weekend. But as of Wednesday afternoon, the site was still up and running. A Reuters story posted January 18 and datelined Dubai, quoted the al-Ekhlaas Web site as saying that the new release was a “special edition” of the encryption tool created “in order to support the mujahideen in general and the Islamic State in Iraq in particular.” That organization was described by Reuters as being linked to al-Qaeda. Efforts by groups that support al-Qaeda to develop their own encryption tools appear to be driven by concerns about possible back doors being built into publicly available encryption software, the Secure Computing representative said. He added that the upgraded Mujahideen Secrets tool could cause problems for law enforcement and antiterrorism agencies that are tracking the activities of such groups.
27. January 24, Burlington Free Press – (Vermont) Rural towns bundling a blueprint for broadband. Using Burlington Telecom’s municipal broadband network as a model, 22 rural Vermont towns are poised to pool their resources and launch a fiber-optic project that could go online by the end of 2009. Members of the East Central Vermont Community Fiber Network announced Wednesday that formal agreements are in the works from Windsor to Montpelier that would bring the strength of numbers – and attractive financing -- to universal broadband Internet coverage. The group’s leadership presented the project at a board meeting of the Vermont Telecommunications Authority held Wednesday. The presenters made no funding requests, but asked the state board for support with credit and regulatory hurdles. The chairman of the Strafford Selectboard said commercial broadband providers could not meet the needs of rural Vermonters. “These fiber-optic connections are absolute necessities; not luxuries,” he said. “We need them for our economical and cultural development.” More than 1,000 residents in his area have registered for service, he said. About half of the population targeted by the East Central Vermont Community Fiber Network has no broadband service. Earlier attempts to serve rural areas with broadband, including state-funded pilot wireless systems, have fallen short of fiber-optic’s technical advantages. The East Central Vermont Community Fiber Network, said one participant, would permit an “overlay” of wireless coverage that could accommodate data or voice transmissions.