Daily Report Tuesday, December 12, 2006

Daily Highlights

The HeraldNet reports thieves, in a quest for copper wire, carted off thousands of feet of downed power lines during the recent snowstorm that struck Snohomish County, Washington, slowing efforts to restore electricity and endangering their lives. (See item 3)
The Department of State's Bureau of Diplomatic Security in partnership with the Department of Homeland Security is distributing hundreds of wanted terrorist posters −− identifying 26 known terrorists −− at U.S. airports during the holiday season. (See item 15)
The Department of Homeland Security has announced the results of the national interoperability baseline survey of first responders and law enforcement officials that assesses progress in achieving interoperable communications; approximately two−thirds of emergency response agencies across the nation use interoperable communications in varying degrees. (See item 30)

Information Technology and Telecommunications Sector

31. December 11, IDG News Service — Project checks Java code for security bugs. Fortify Software and the FindBugs project have launched a free service that will scan open−source Java software for bugs in the code. The Java Open Review project (JOR) lets open−source projects run audits of their source code using Fortify's source code analysis software and the University of Maryland's FindBugs tool. With developers focusing on more secure software development practices, the Java community needs more advanced bug−finding tools like JOR, said Barmak Meftah, vice president of product and services, with Fortify. "Everybody understands that the cheapest and easiest point to find and fix security bugs is at the time of implementation," he said.
JOR Project Website: http://opensource.fortifysoftware.com/welcome.html;jsessionid=ECB74504E47DB4531F9EAEF9F34ECC46
Source: http://www.infoworld.com/article/06/12/11/HNcheckjavacode_1. html

32. December 11, CNET News — Second zero−day flaw found in Word. A second security vulnerability has been discovered in Microsoft Word in less than a week. The zero−day flaw, which is could let an attacker gain remote access to a person's system, affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003, according to a Microsoft security advisory posted Sunday night, December 10. Word 2007 is not affected, Microsoft said. Security provider Secunia said Monday that it is rating this latest Word security flaw as "extremely critical" because it is unpatched and because malicious attackers are currently exploiting the vulnerability.
Microsoft security advisory: http://blogs.technet.com/msrc/archive/2006/12/10/new−report−of−a−word−zero−day.aspx
Secunia advisory: http://secunia.com/advisories/23205/
Source: http://news.com.com/Second+zero−day+flaw+found+in+Word/2100−1002_3−6142531.html?tag=nefd.top

33. December 11, CNET News
Microsoft pitching Vista security feature. Microsoft is pitching a security feature in Windows Vista as a boon for consumer online safety, but others think its benefits lie elsewhere. The software maker is promoting the use of Windows Security Center, a feature in the long−awaited operating system, as a way for Websites and third−party software programs to gauge the security status of customer PCs. This could be used to deny computers that aren't fully protected access to online services, which ultimately is good for user safety, Microsoft said. Microsoft is actively pitching the possibility of the PC security checks to banks and online retailers. The feature was actually introduced in Windows XP Service Pack 2, in August 2004, but Microsoft hasn't talked about it much. Though they say Microsoft's goal is noble, others don't expect many consumer Websites or online services to start conducting PC security checks. According to Microsoft's own data, about 70 percent of consumers aren't running up−to−date anti−virus protection. That's a large number of potential customers a business could lose, analysts said.
Source: http://news.com.com/Playing+it+safe+with+Windows+Vista/2100−7355_3−6142265.html?tag=nefd.top