Tuesday, March 25, 2008

Daily Report

According to the Asbury Park Press, the U.S. Nuclear Regulatory Commission (NRC) recently responded to concerns regarding radiation emissions from Oyster Creek Generating Station, telling Ocean County officials the power plant meets all of its radiation safety requirements. (See item 7)

• Local6.com Orlando reports a chunk of a US Airways wing separated during a flight from Orlando to Philadelphia and cracked a passenger’s window. Officials said somewhere over Baltimore on Saturday, a panel from the left wing of a US Airways 757 flew off and hit the plane. (See item 12)

Information Technology

26. March 24, Washington Technology – (National) Virtualization to the rescue. Charlotte County, Florida, has implemented a plan to protect critical information systems and ensure that first responders will continue to have access to important data, including the county’s geographic information system. They use the GIS to locate important resources and structures such as water mains. The traditional way to build an IT infrastructure is to have a separate server for each application. With virtualization, multiple applications are loaded onto a single piece of hardware that is divided into virtual servers. Traditional servers are often underused, running at two to ten percent of their potential utilization. Virtualization allows agencies to reclaim some of those unused resources.

27. March 23, Techworld – (National) Holes plugged in Kerberos Security System. The Massachusetts Institute of Technology developers of the Kerberos authentication system have released patches for several serious security holes, which could allow remote attackers to obtain sensitive information, shut down a system, or execute malicious code. The first problem is with the Kerberos Key Distribution Center (KDC) and involves the way the KDC handles incoming krb4 requests. The problem can be exploited to crash the KDC server, execute malicious code, or disclose memory, according to MIT. The second problem is in the way the KDC sends responses for krb4 requests, which can be exploited to disclose potentially sensitive stack memory via a specially crafted krb4 request. Exploitation for these first two bugs requires that krb4 support is enabled in the KDC; it is disabled by default in newer versions. These bugs affect Kerberos 5 versions 1.6.3 and earlier. The third bug is in the Kerberos RPC library when handling open file descriptors. Under certain conditions, an attacker could send an overly large number of RPC connections, causing a memory corruption and allowing the execution of malicious code. This bug affects Kerberos 5 versions 1.2.2 to 1.3 and 1.4 through 1.6.3, according to MIT. Independent security firm Secunia gave the bugs a “highly critical” ranking.

28. March 22, IDG News Service – (National) Microsoft warns of new attack on Word. Microsoft on Friday warned that cyber criminals may be taking advantage of an unpatched flaw in the Windows operating system to install malicious software on a victim’s PC. The reported attack, now under investigation by Microsoft, involves a malicious Word document, but there may be other ways of exploiting the flaw, Microsoft said. The flaw lies in the Jet Database Engine that is used by a number of products including Microsoft Access. Microsoft is investigating whether other programs may also be exploited in this type of attack. Although this kind of unpatched, “zero day” attack is always cause for concern, Microsoft downplayed the risk, calling it “limited.” Following its usual policy, Microsoft did not say when – or if – it planned to patch the bug. But in a statement sent to the press, the company did not rule out the possibility of an emergency patch, released ahead of its next set of security updates, which are expected on April 8.

Communications Sector

29. March 24, Reuters – (National) Google tells FCC of “white space” airwave plans. Internet search engine Google Inc gave U.S. regulators on Monday a proposal for allowing the airwaves between broadcast channels to be used for mobile broadband services. In comments filed with the Federal Communications Commission (FCC), Google said it would propose an enhanced system to prevent wireless devices operating in the so-called “white space” from interfering with adjacent television channels and wireless microphones. The FCC currently is testing equipment to see if they can make use of the white space spectrum without interfering with television broadcasts. However, the idea is opposed by U.S. broadcasters and makers of wireless microphones, who fear the devices would cause interference. A proposal being studied by the FCC would create two categories of users for the airwaves: one for low-power, personal, portable devices, and a second group for fixed commercial operations. The proposal would require that the devices include technology to identify unused spectrum and avoid interference. Source: http://news.yahoo.com/s/nm/20080324/wr_nm/google_fcc_dc;_ylt=AuDthEAE8.9_GSCXwIgXFoz6rEF