Tuesday, January 29, 2008
• According to the EE Times, cybersecurity standards to protect the nation’s power grid from disruption were approved by the Federal Electric Regulatory Commission (FERC) earlier this month. The new standards will require energy companies to identify and document risks and vulnerabilities and establish controls to secure critical assets from sabotage. (See item 3)
• CNN reports that a covert tester for the Transportation Security Administration managed to enter the Tampa International airport with a bomb strapped to his back, despite having setting off the scanner and having been patted down. TSA officials say this test demonstrates the type of systemic vulnerability that the agency is working to expose and address. (See item 10)
26. January 28, Computerworld – (National) Most malware is launched from legit web sites. The majority of Web sites serving up attack code are legitimate domains that have been hacked by criminals, according to security research firm Websense Inc. In a report released last week, San Diego-based Websense said that credible sites accounted for 51 percent of those classified as malicious. Hacking legitimate sites so that they can sling malware gives attackers distinct advantages, said the vice president of security research at Websense. He noted that hackers have been aided by “the growth in social networking sites and blogs, where security is just not one of the ingredients. Hackers are saying, ‘It’s easier to put our malware on these sites than to build our own.’”
27. January 27, Computerworld – (National) Windows Home Server vulnerable to critical bug, too. For the second time in three days, Microsoft Corp. added another product to the list of those vulnerable to a critical bug patched nearly three weeks ago. Windows Home Server, the company’s newest operating system, is also at risk to the vulnerabilities spelled out by the MS08-001 security bulletin, according to a Friday update. The advisory, first issued on January 8 -- and then fingered by researchers as the month’s most pressing -- was revised Wednesday, when Microsoft announced that Windows Small Business Server was at risk. Neither Windows Home Server nor Small Business Server had been among the versions mentioned in the original bulletin. The initial bulletin had pegged the threat to Windows Server 2003 as “important,” the second highest rating in Microsoft’s four-step scoring system. But it was later rated as “critical” for Windows Home Server and Small Business Server. According to Microsoft, the vulnerability can be exploited by sending malicious data packets to unsuspecting users, who could find their PCs infected with malware or under the control of others. Within 10 days of Microsoft posting its first patches, researchers had produced proof-of-concept exploits, claiming that the company had overestimated the difficulty in crafting attack code. Windows Home Server owners have been offered the patch via the software’s update mechanism, Microsoft said in the revised bulletin. Microsoft did not say why it had not identified Windows Home Server or Small Business Server as vulnerable and requiring repair when it first issued updates earlier this month.
28. January 28, Wall Street Journal – (National) FCC pushes to overhaul subsidy program for rural phones. Alarmed at the growth of a multibillion-dollar federal phone-subsidy program, regulators are beginning an effort to curb costs and prevent consumers from paying more in fees. As soon as Monday, the Federal Communications Commission is expected to open for public comment several proposals to revamp the Universal Service Fund, which subsidizes phone services for low-income and rural customers. The program’s budget ballooned to about $7 billion last year from $5.2 billion in 2002 as more companies sought to tap the federal revenue stream -- a transfer of money collected from consumers through surcharges on phone bills. The charge is usually found on a phone bill itemized as a “federal universal service charge.” One proposed change calls for using a reverse-auction system to pick which phone companies receive multimillion-dollar payments for providing phone service in rural areas. A separate plan would lower the amount of money wireless companies receive to offer service in rural areas. For the first time, the FCC also will look into whether money should be set aside to subsidize broadband Internet lines.
29. January 28, Associated Press – (National) Cell phone can read documents for blind. A National Federation of the Blind (NFB) cell phone that incorporates text-to-speech software will soon be commercially available. The software reads images photographed by the phone, allowing blind users to decipher anything that is photographed, whether it is a restaurant menu, a phone book or a fax. The phone can scan limited amounts of text, read it aloud, and even translate from other languages. Future versions of the device will recognize faces, identify rooms, and translate text from other languages for the blind and the sighted. The inventor plans to begin marketing the cell phone in February through KNFB Reading Technology. The software will cost $1,595 and the cell phone is expected to cost about $500.