Thursday, May 24, 2007

Daily Highlights

Reuters reports forecasters urge the oil industry to stockpile supplies away from the U.S. Gulf Coast, which they predict will be hit by hurricane−force winds, potentially sending sky−high gas prices even higher, according to hazard models. (See item 1)
Computer World reports a new, enhanced 911 response system −− completely separated from the existing public telephone switching systems −− is being built in New York City to help residents get quicker and more efficient assistance from police, fire, and other first responders in times of emergency. (See item 24)

Information Technology and Telecommunications Sector

26. May 23, SC Magazine — Microsoft releases a non−security security update. Microsoft on Tuesday, May 22, released a non−security−related security bulletin to fix Windows Update issues. The fix addresses an issue forcing PCs to become unresponsive when Microsoft Update or Windows Update is performs scans prior to downloads, according to Microsoft. Christopher Budd, Microsoft security program manager, said that PC users should have no problem downloading the bulletin even if they’re experiencing update issues. Users experiencing issues with Windows Update or Microsoft Update may experience see systems, access violation errors in svchost.exe, memory leaks while scanning for updates and lengthy scanning times, sometimes taking hours to complete. The errors have occurred in Windows 2000 with Service Pack 4, Windows XP with Service Pack 2, XP Professional x64 edition with and without Service Pack 2 installed, Windows Server 2003 with Service Pack 1 and Service Pack 2 and Windows Server 2003 x64 Edition with Service Pack 1 and Service Pack 2.
Microsoft Security Advisory (927891) −− Fix for Windows Installer (MSI): px

27. May 23, CNET News — Promising antispam technique gets nod. An Internet standards body gave preliminary approval on Tuesday, May 23, to a powerful technology designed to detect and block fake e−mail messages. Yahoo, Cisco Systems, Sendmail and PGP Corporation are behind the push for DomainKeys, which the companies said in a joint statement will provide "businesses with heightened brand protection by providing message authentication, verification and traceability to help determine whether a message is legitimate." The draft standard that the Internet Engineering Task Force adopted is more promising than most other anti−spam and antiphishing technologies because it harnesses the power of cryptographically secure digital signatures to thwart online miscreants. DomainKeys works by embedding a digital signature in the headers of an outgoing e−mail message. If the cryptographically secure signature checks out, the message can be delivered as usual. Otherwise, it can be flagged as spam. In the long run, DomainKeys is more promising than existing antispam and antiphishing technologies, which rely on techniques like assembling a "blacklist" of known fraudsters or detecting such messages by trying to identify common characteristics. But the DomainKeys approach does suffer from one serious, short−term problem: it's only effective if both the sender and recipient's mail systems are upgraded to support the standard.

28. May 21, Government Computer News — Cyberattacks get physical. At City Hall in the fictional New England town of Harborville, two computer systems containing sensitive data have been penetrated. The police department’s 911 system is not working right and the computer−aided dispatch system is sending police on false calls. Communications are down at the hospital, and false reports of fires and bioterrorism attacks are causing panic. That was the opening scenario of a tabletop exercise done by the Dartmouth College Thayer School of Engineering at the recent GovSec Conference in Washington. The goal was to demonstrate how information technology problems can affect decisions and emergency responses. Hierarchies and chains of command fall apart when communications are interrupted and information can’t be trusted, said Mark Stanovich, lead developer of the exercise. Cyberattacks increasingly will be used to magnify the effect of physical attacks or hamper responses to them, said analysts from the U.S. Cyber Consequences Unit (US−CCU). The US−CCU is a government−funded, independent research organization Established in 2004, it receives government funding for on−site surveys of critical infrastructure facilities.