Thursday, October 4, 2007
Daily Report
The Associated Press reports that a chemical fire killed five maintenance workers at a hydroelectric plant near Georgetown, Colorado. The victims, working to reseal a pipe, survived the initial blaze, but were trapped 1000 feet below ground and died before rescue personnel could arrive. (See item 1)
According to documents obtained by The Associated Press, the government is preparing to conduct the largest terrorism exercise ever during which three fictional “dirty bombs” go off, crippling transportation arteries in two major U.S. cities and Guam. The event, to take place October 15-19, has stirred some controversy among politicians still waiting for published results of the last major exercise in 2005. (See item 10)
Information Technology
22. October 2, Computer World – (National) Could Adobe be vulnerable to an AIR attack? Adobe Systems Inc.’s moves to support rich Internet applications are exposing the software vendor – and its developers and users – to the threat of more Web-based malware and efforts to take advantage of security holes in its products. For instance, a British security researcher claimed last month that an unpatched vulnerability in Adobe’s Portable Document Format (PDF) technology could be exploited to take control of systems running Windows XP; at the time, Adobe said it was researching the reported flaw. In January, Adobe issued a patch to fix a vulnerability in its PDF-based Adobe Reader and Acrobat software that left systems open to cross-site scripting attacks. There are also potential vulnerabilities lurking in Adobe’s newer, less mature technologies, such as its still-in-beta Adobe Integrated Runtime (AIR) software. The AIR framework enables Web applications built with HTML or AJAX to run offline. The problem is that doing so exposes users of AIR-based applications to many of the same security issues that other users face, if not more of them, according to an analyst at ZapThink LLC. “The current generation of spyware, virus and malware [detection] products have no visibility into running AIR programs,” he wrote in an e-mail. “As such, there is a high possibility for malicious AIR applications to spread into the wild.”
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9040579&pageNumber=2
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9040441
Source: http://www.lsj.com/apps/pbcs.dll/article?AID=/20071002/NEWS01/710020330/1001/news