Thursday, October 11, 2007

Daily Report

· According to The Associated Press, a government advisory panel has concluded that the U.S. government should replace more than 1,000 irradiation machines used in hospitals and research facilities because terrorists could use the radioactive materials inside to make a “dirty” bomb. Any of these relatively unprotected machines could be used to make a bomb that could shut down 25 square kilometers for 40-plus years, according to panel documents. (See item 4)

· The Associated Press reports that the federal government is considering buying out as many as 17,000 homes along the Mississippi coast and remaking the land into a vast hurricane protection zone. The project, dubbed the Mississippi Coastal Improvement Program, could cost $40 billion. (See item 34)

Information Technology

29. October 10, Computerworld – (National) Time flies: DST ends Nov. 4 -- are your systems ready? Many IT departments remember the patches, hassles and worries they experienced at the start of daylight-saving time in March. It may be time to revisit some of that work – particularly for companies that have international partners or customers. That is because several other countries – including Jordan, Egypt and New Zealand – adopted their own specific daylight-saving time updates since the time change took place in the U.S. last spring, meaning companies might want to update their patches again to ensure conformity when clocks spring forward next year. But first, companies have to deal with the return to standard time in most parts of the U.S. Clocks roll back an hour on Sunday, Nov. 4. An analyst at Forrester Research Inc. said that only companies with a large global presence need to run daylight-saving time updates for their applications and systems again. “Forrester believes this is the safest approach for those with international employees, especially those in Jordan, New Zealand, as well as Australia. It will apply to any person, device, or system that has authentication requirements, time stamp scenarios [and] events in calendaring software like those in PDAs.” For most other corporate users, the move back to standard time next month won’t require any special preparations, since earlier patches would have included updates for the fall time change, he said.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9041720&intsrc=news_ts_head

30. October 10, Computerworld – (National) Presidential candidates face phishing threat in '08. Phishing attacks that harvest credit card numbers or divert online contributions to an opponent’s campaign pose the most danger to the Web operations of 2008’s presidential candidates, a security researcher said today. Not only are candidates’ campaign Web sites prime targets for phishers – the criminals could create bogus sites posing as the real deal to harvest contributors’ credit card and bank account numbers – but they could be victimized by radical followers of their opponent. “A phishing site could impersonate [the site of] one candidate, say Hillary Clinton, but actually submit the donation to another candidate, Rudy Giuliani, for example,” said the director of Symantec Corp.’s security response. Even though the dollar amounts of such a steal-from-Hillary-to-pay-Rudy attack might be small, there could be substantial fallout. “The diversion of donations like that has the potential to undermine the confidence in the online donation concept,” said the researcher. In 2004, only two phishing attacks were detected that exploited the presidential election, he said. It is likely that the 2008 campaign will see a much larger number of election-oriented phishing campaigns. Phishing posed only a “marginal risk” in 2004, in part because the scam was small-scale compared to today but also because presidential campaigns had only begun to move online in search of contributions. Today phishers are more capable and candidates more dependent on the Internet.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9041800&taxonomyId=17&intsrc=kc_top

31. October 09, Computerworld – (National) Microsoft patches nine bugs in Windows, IE, Word. On Tuesday, Microsoft Corp. released six security bulletins that patched nine vulnerabilities in Windows, Internet Explorer, Microsoft Word, Outlook Express and SharePoint. However, for the second time in two months, it yanked an update at the last minute. Four of the six updates were rated critical, Microsoft’s highest threat warning, while the remaining two were judged important, the next-lowest notch in the company’s four-step scoring system. MS07-057, the critical update to IE, should be patched first, said the director of security operations at nCircle Network Security Inc. “It's an update for every version of IE and for every supported version of Windows, so its impact is across the board,” he said. Of the four vulnerabilities patched by the update, three are related to address-bar-spoofing, the practice of disguising the URL shown by a browser to trick users into thinking they are visiting a safe or legitimate site. Microsoft also patched critical vulnerabilities in the following software products: Outlook Express on Windows XP and 2000, and Windows Mail on Vista.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9041679&taxonomyId=17&intsrc=kc_top

Communications Sector

32. October 10, Government Executive – (National) Panelists cite threats to U.S. computer networks. The United States is heavily dependent on cyberspace for its military, commercial and social interactions. But the vast and ever-expanding interconnected electronic networks are under constant attack and the nation’s ability to defend them or to counterattack is hobbled by lack of coordination and “policy constraints,” a panel of experts said Tuesday. “Cyberspace has become a really big deal. We do our banking, our commercial activities over the Internet,” said Lt. Gen. Robert Elder, commander of the Air Force’s Cyberspace, Global Strike and Network Operations command. “It’s really important to the Air Force... To maintain air superiority, we have to maintain cyber superiority.” The vulnerability of that capability has been demonstrated repeatedly, including an attack by hackers in June that shut down some of the Pentagon’s unclassified computer systems and disrupted the e-mail system in the Defense Secretary’s office, noted a military analyst. That was one of the more significant of the thousands of attacks annually against the military computer and Web networks, she said. Because of its dependence on imagery and data from satellites and reconnaissance aircraft and communications relayed globally, the Air Force has declared cyberspace one of its “warfighting domains,” along with air and space operation, Elder said. He is working to create a force of “cyberwarriors” who can protect America’s networks and, if necessary, attack an adversary’s systems, and intends to use Air National Guard personnel extensively in this effort, he said.
Source: http://www.govexec.com/story_page.cfm?articleid=38249&dcn=todaysnews

33. October 10, Federal Communications Commission – (National) Analog ‘sunset’ will disable some cell phones, curtail services. Some cell phones will stop working and some alarm systems will be disabled early next year when cellular telephone companies discontinue analog service in February. Even before the so-called “analog cellular sunset” takes effect in mid-February, some users of OnStar in-vehicle communication services will be required to switch to digital equipment or give up the service. For more information see: http://www.fcc.gov/cgb/consumerfacts/hac.html.
Source: http://www.wsfa.com/Global/story.asp?S=7188517