Thursday, April 19, 2007

Daily Highlights

Computerworld reports a database intrusion by foreign hackers may have compromised Social Security numbers and other sensitive data belonging to more than 14,000 current and former employees at Ohio State University. (See item 15)
The New York Times reports the first vaccine against avian flu has won government approval; the vaccine is directed against the H5N1 strain of influenza virus, which some public health experts say could possibly spark a deadly epidemic of flu in humans. (See item 25)·

Information Technology and Telecommunications Sector

34. April 18, IDG News Service — Microsoft: DNS patch to potentially come by May 8. Microsoft hopes to fix by May 8 a critical flaw in Windows Domain Name System (DNS) servers that is being exploited by online criminals, the company said late Tuesday, April 17. Microsoft has been under pressure to address the flaw, reported last week, since software that exploits it has now been widely disseminated, and criminals are beginning to use it in attacks. On Monday, security experts confirmed that variants of the Rinbot worm (also called Nirbot by some vendors) had been scanning networks for vulnerable systems and then attempting to exploit the DNS bug. Microsoft characterizes the level of attacks as "not widespread."
Source: l

35. April 18, Associated Press — BlackBerry service being restored. BlackBerry service was being restored Wednesday morning, April 18, after an overnight outage that left millions of users without mobile access to their e−mail on the popular device. Research in Motion Ltd., the Canadian company that provides the devices and e−mail service, said the service interruption began Tuesday night, affecting users in North America. "Root cause is currently under review, but service for most customers was restored overnight and RIM is closely monitoring systems in order to maintain normal service levels," the statement from RIM said. It wasn't immediately clear whether the problems affected all cellular carriers that offer BlackBerry service.

36. April 18, InformationWeek — Hackers attack PowerPoint more than Microsoft Word. For the first time, PowerPoint has surpassed Microsoft Word as the most common exploit vector, and hackers are increasingly pinpointing their enterprise attacks, according to a report out Wednesday, April 18, from MessageLabs. There's one specific gang that's running up the numbers on PowerPoint attacks. Most of the attacks are originating from an IP address within Taiwan, noted the MessageLabs report. The company also pointed out in its study of March messaging attacks that hackers are foregoing the traditional widespread attack for targeted attacks. Instead of spamming out hundreds of thousands of e−mails to try to trick users into divulging critical information, a hacker sends one very specific e−mail to one or two people in a specific position inside the same company.
Source: eID=199100538

37. April 17, eWeek — Wireless problems played part in chaos at Virginia Tech. The inability of students and others at Virginia Tech in Blacksburg, VA, to make cell phone calls during the April 16 shooting tragedy added to the chaos surrounding the events of the day. Many students reported being unable to gain access to the wireless phone system either to place a voice call or to send text messages. The reason appeared to be due to a massive increase in wireless call volume, according to carriers serving the Virginia Tech campus. Verizon Wireless spokesperson John Johnson acknowledged that for awhile during the heaviest call volumes on April 16, some calls did not go through. "We did see some call blocking," Johnson said. "We did also see some heavy text message traffic." Cingular/AT&T's Mark Siegel said that his company also saw very heavy call volumes, but saw no call blocking. "We had no problems with text messaging," Siegel noted. "It's a great alternative in these situations." Part of the problem, notes Verizon's Johnson, is that wireless companies have to build their networks to handle the demand that they anticipate. "We are engineered to handle heavy call volume there [Blacksburg]. But of course you can't engineer for a tragedy on this scale," he said.

38. April 17, Associated Press — Digital TV will cause analog blackout. Federal Communications Commission (FCC) Commissioner Michael Copps on Tuesday, April 17, called for greater efforts to educate the public about a government−mandated switch−over to digital television signals in two years. Copps, appearing alongside fellow Commissioner Deborah Taylor Tate, told the annual convention of the National Association of Broadcasters that there was a possibility of serious disruptions when analog TV signals go off the air on February 17, 2009. When the change to digital television or "DTV" occurs, viewers who don't have digital−compatible televisions and use traditional antennas won't be able to view broadcast TV signals unless they have a digital converter box. With the deadline less than two years away, concerns have been growing that not enough people are aware of the switch−over or what will need to be done to make sure their sets still work. Many are also concerned that not enough is being done to prepare for a smooth switch−over. Digital converter boxes aren't in stores yet and aren't likely to go on sale until next January, about a year before the change. Copps called for more efforts in both the private and public sector to educate the public about the issue.
Source:− fcctv17−ON.html

39. April 17, IDG News Service — Update: Oracle glitch leaves critical Windows flaw unpatched. Some Oracle Corp. customers using the Windows operating system will have to wait another two weeks to receive a critical software update to their database software, thanks to a glitch that came up in testing the company's latest patches. On Tuesday, April 17, Oracle unveiled its quarterly release of software patches, fixing not only database flaws, but also bugs in a host of other applications. In total, the patches fix 36 vulnerabilities, 13 of which relate directly to the database. However, the most serious database flaw discussed in April's Critical Patch Update will not actually become available for users of the version of Oracle's database until April 30, due to an issue that was uncovered in testing, said Darius Wiles, a manager with Oracle Security Alerts. The bug affects only the Windows platform and is patched on all other supported versions of the database, he added. That flaw, known as DB01, is in the Core RDBMS (relational database management system) used by Oracle's database. It can be remotely exploited over the network and unlike most of the database flaws, an attacker does not need to have authentication rights to the database to exploit the problem.

40. April 16, Federal Communications Commission — FCC begins inquiries on broadband data and deployment. The Federal Communications Commission (FCC) on Monday, April 16, announced two proceedings focused on evaluating broadband deployment. The first is a Notice of Inquiry (NOI) under Section 706 of the Telecommunications Act of 1996 into whether broadband services are being deployed to all Americans in a reasonable and timely fashion. The second is a Notice of Proposed Rulemaking exploring ways to collect information the Commission needs to set broadband policy in the future. Both actions recognize the critical importance of broadband services to the nation’s present and future prosperity. The NOI is the fifth such inquiry conducted by the Commission under Section 706 of the Telecommunications Act of 1996, which requires the Commission to determine whether broadband services are being deployed to all Americans in a reasonable and timely fashion. Among the questions the Commission asks in the NOI is how to define broadband in light of the rapid technological changes occurring in the marketplace, including the development of higher speed services and new broadband platforms. The Commission will also focus on the availability of broadband, including in rural and other hard−to−serve areas; on whether consumers are adopting new services; and on the level of competition in the marketplace.
Source:−272365 A1.pdf