Monday, June 4, 2007

Daily Highlights

American Electric Power, which operates Southwestern Electric Power Company, is reporting a rise in the theft of electrical equipment because the market for scrap metal is driving a drastic increase in the theft of metal −− especially aluminum and copper. (See item 4)
The New York Times reports four men, including a onetime airport cargo handler and a former member of the Parliament of Guyana, were charged on Saturday, June 2, with plotting to blow up fuel tanks, terminal buildings, and the fuel lines running beneath John F. Kennedy International Airport. (See item 9)

Information Technology and Telecommunications Sector

29. June 01, US−CERT — Apple releases update for Xserve Lights−Out Management Firmware. Apple releases Firmware Update 1.0 to address a vulnerability in Xserve Lights−Out Management Firmware. The vulnerability lies in Apple's implementation of IPMI and may allow a remote, unprivileged ipmitool user to gain administrative privileges on a Xserve system.
US−CERT encourages users to apply Firmware Update 1.0 as soon as possible:
Source:− mware_update_for1

30. June 01, IDG News Service — Google Desktop vulnerable to new attack. Just one day after a security researcher showed how Google Inc.'s Firefox toolbar could be exploited in an online attack, a similar flaw has been discovered in the Google Desktop. On Thursday, May 31, a proof of concept was posted showing how attackers could use Google Desktop to launch software that had already been installed on the victim's computer. The attack is hard to pull off and could not necessarily be used to install unauthorized software on the victim's PC. To exploit the Google Desktop vulnerability, an attacker would first have to launch a successful "man−in−the−middle" attack, somehow placing himself between the victim and Google's servers. This could by done by tricking the victim into logging onto a malicious wireless network, said Robert Hansen, a Web security consultant. Once this was done, the hacker could launch the attack by changing the Web pages being delivered to the victim's PC. By returning Web pages that have been doctored with new JavaScript code, the victim could be tricked into clicking onto a malicious link, he said.