Tuesday, May 29, 2007

Daily Highlights

The Department of State reports that by June the United States, Canada, and Mexico will develop a plan to further align and strengthen their energy efficiency standards, the first in a series of proposed efforts to advance cooperation on energy issues. (See item 2)
The Courier−Post reports this summer, South Jersey emergency responders −− local police, fire, Emergency Medical Services, and tow truck personnel −− will test a plan called the Atlantic City Expressway Contra−Flow, to reverse the traffic flow along all the eastbound lanes on the Atlantic City Expressway. (See item 35)

Information Technology and Telecommunications Sector

36. May 25, CNET News — Cisco patches security flaws in number of products. Cisco Systems has released a security patch to fix vulnerabilities in a number of its products that are at risk of a denial of service attack. The vulnerabilities are found in a third−party cryptographic library in Cisco IOS, Cisco IOS XR, Cisco PIX and ASA Security Appliances, Cisco Firewall Module and Cisco Unified CallManager products, according to a security advisory issued by Cisco. The security flaws could allow attackers to send a few small packets through the routers to shut down the network in a DOS attack, said Johannes Ullrich, chief research officer for the Sans Institute. The vulnerabilities can be exploited without a valid username or password, given some of the older Cisco products have the cryptographic library set to default. And while attackers may be able to launch a DOS attack, they are not known to gain access to information that has already been encrypted, Cisco noted. In its advisory, Cisco includes various links for downloading fixes, as well as offering suggestions for potential workarounds.
Cisco Security Advisory: Vulnerability In Crypto Library:
http://www.cisco.com/en/US/products/products_security_adviso ry09186a0080847c5d.shtml
Source: http://news.com.com/Cisco+patches+security+flaws+in+number+of+products/2100−1002_3−6186446.html?tag=cd.top

37. May 24, US−CERT — Apple releases security update to address multiple vulnerabilities in
various products. Apple has released Security Update 2007−005 to address multiple
vulnerabilities in various products. The impacts of these vulnerabilities include denial of
service, arbitrary code execution, information disclosure, and privilege escalation. US−CERT
encourages users to apply the appropriate updates as soon as possible.
Security Update 2007−005: http://docs.info.apple.com/article.html?artnum=305530
Source: http://www.us−cert.gov/current/index.html#apple_releases_sec urity_update_to3