Thursday, November 15, 2007
• The San Francisco Chronicle reported that the pilot of the freighter that struck the Bay Bridge in California last week and spilled 58,000 gallons of fuel told his attorney and NTSB investigators that failures in the ship’s radar helped lead to the incident. The pilot said he was forced to rely on what turned out to be the captain’s faulty interpretation of an electronic chart display with which the pilot was not familiar. He also blamed poor communication between himself and the ship’s officers. (See item 13 )
• According to an Agence France Presse report, veterinary authorities in England confirmed Tuesday an outbreak of a potentially lethal strain of the H5N1 bird flu virus in Suffolk, northeast of London eastern England. Officials said that they were doing their utmost to ensure the disease did not spread, ordering the slaughter of more than 6,000 poultry at the site, and insuring the anti-viral drug Tamiflu had been given to all those involved in the poultry cull. (See item 22)
28. November 14, IDG News Service – (National) Researcher: Half a million database servers have no firewall. Think your database server is safe? You may want to double check. According to a security researcher, there are nearly half a million database servers exposed on the Internet, without firewall protection. The researcher looked at just over 1 million randomly generated Internet Protocol (IP) addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle’s database. He found 157 SQL servers and 53 Oracle servers. Litchfield then relied on known estimates of the number of systems on the Internet to arrive at his conclusion: “There are approximately 368,000 Microsoft SQL Servers... and about 124,000 Oracle database servers directly accessible on the Internet,” he wrote in his report, due to be made public next week. This is not the first time that the researcher, managing director of NGSSoftware, has conducted this type of research. Two years ago, he released his first Database Exposure Survey, estimating that there were about 350,000 Microsoft and Oracle databases exposed. This 2007 version of the Database Exposure Survey is set to be published Monday on his Databasesecurity.com Web site. IDG News was given a preliminary copy of the findings. With no firewall, databases are exposed to hackers, putting corporate data at risk. He said that, given the amount of press generated by corporate data breaches over the past two years, it is amazing to find that there are more databases exposed than ever before.
29. November 13, Computerworld – (National) Microsoft patches URI bug, ancient DNS flaw. Microsoft Corp. today released two security bulletins that fixed a pair of flaws in Windows, including a vulnerability that had been the root of a months-long debate over patching responsibility. One of the updates was rated critical, Microsoft’s highest threat ranking, while the other was pegged as important, the next-lowest notch in the company's four-step scoring system. MS07-061 patched the Uniform Resource Identifier (URI) protocol handler bug in Windows XP and Windows Server 2003 that Microsoft admitted was its job to fix only after months of denying that a vulnerability existed in its software. In a security advisory posted October 11, Microsoft owned up to the flaw. The vulnerability has been exploited in the wild for weeks, most recently by a wave of attacks using rigged PDF files. The other bulletin issued today, dubbed MS07-062, patches a DNS cache poisoning vulnerability in Windows 2000 SP4, and Windows Server 2003 SP1 and SP2.
30. November 14, WBBM Chicago – (National) Feds resurrect plan to connect urban doctors, rural patients. Federal plans to link urban doctors with patients in rural areas and Indian reservations have been resurrected by the head of the Federal Communications Commission. Speaking in Chicago, the FCC chairman outlined the $400,000 Rural Health Care pilot program which he says will link 6,000 hospitals, clinics and research facilities in 43 states. This is actually the second try for the same result. An earlier effort to link rural hospitals with urban specialists failed because the hospitals could not afford the expensive broadband links needed to transmit medical information like x-rays and MRIs. He told medical information specialists meeting in Chicago that the network will be useful should there be a coordinated terrorist attack covering scattered sites across the country. He says rural patients sometimes receive substandard care because their doctors may not have the specialized training available at high-volume teaching hospitals. The $400 million in federal funding will allow rural hospitals to form networks which can then connect to second-generation systems called Internet 2 and LambdaRail. It will cover 43 states and three U.S. territories.