Thursday, January 31, 2008

Daily Report

• According to MSNBC, at least 17,000 bridges in the U.S. went more than two years between safety inspections. In an analysis of recently released federal records, researchers learned that included in that number were 2,728 bridges, which had already been labeled as deficient or obsolete. (See item 13)

• Medical News Today reports that researchers at the Georgia Tech Research Institute, in collaboration with Austin-based Stellar Micro Devices, Inc., have developed prototypes of a rapid, non-disruptive, and inexpensive method that could be used to decontaminate bioterrorism hazards in the future. Using flat panel modules that produce X-rays and ultraviolet-C light simultaneously, the researchers can kill anthrax spores in two to three hours without any lingering effects. The system also has the ability to kill anthrax spores hidden in places like computer keyboards without causing damage. (See item 18)

Information Technology

24. January 30, Computerworld – (National) New attack proves critical Windows bug ‘highly exploitable.’ Security researchers yesterday said they had discredited Microsoft’s claim that the year’s first critical Windows vulnerability would be “difficult and unlikely” to be exploited by attackers. On Tuesday, Immunity Inc. updated a working exploit for the TCP/IP flaw spelled out January 8 in Microsoft’s MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site. The exploit, which was released to customers of its CANVAS penetration testing software but is not available to the public, was a revised version of code first issued two weeks ago. “This demonstrates conclusively that the MS08-001 IGMPv3 vulnerability is highly exploitable,” Immunity’s chief technology officer, in a message to his security mailing list. The assertion challenged Microsoft’s earlier assessment that “there are a number of factors that make exploitation of this issue difficult and unlikely in real-world conditions.” Immunity did acknowledge that its newest exploit was not 100 percent reliable, however. Other security companies reacted to the revamped attack code and Flash proof by issuing new alerts. Symantec Corp., for instance, sent a new warning to customers of its DeepSight threat network. “The exploit demonstrates remote code execution,” noted Symantec. “The exploit works against Windows XP SP2 English Default [and shows] two Windows XP SP2 computers on a local subnet with firewall enabled being compromised.” It urged users who have not already deployed the patches Microsoft issued January 8 to do immediately. Previously, Immunity had called out the IGMP (Internet Group Management Protocol) vulnerability as a potential blockbuster for 2008. In a detailed analysis of the flaw and its exploitation, Symantec agreed that the reward to hackers would be large even if replicating Immunity’s work might be tough.

Communications Sector

25. January 30, Associated Press – (International) Damaged cable cuts Internet in Mideast. Internet outages disrupted business and personal usage across a wide part of the Middle East on Wednesday after an undersea cable in the Mediterranean was damaged, government officials and Internet service providers said. In Cairo, the Ministry of Communications and Information Technology said the cut in the international communications cable had led to a partial disruption of Internet services and other telecommunications across much of Egypt. Emergency teams were quickly trying to find alternative routes, including satellite connections, to end the disruptions, a minister said. But service was still slow or nonexistent by late afternoon Wednesday. A telecommunications expert at the Egyptian communications ministry said the government was “engaged in efforts to try and overcome the consequences of the problem” but cautioned that “solving this could take days.” Internet service also was disrupted in Dubai in the United Arab Emirates, which markets itself as a top Mideast business and luxury tourist hub. Both Internet service providers said international telephone service was also affected. One of the ISPs, DU, was completely down in the morning; browsing remained very slow even after DU restored Internet service by the afternoon. It was not clear what caused the damage to the cable. An official who works in the customer care department of DU blamed a fault on a submarine cable located between Alexandria, Egypt, and Palermo, Italy. A staffer at a Saudi ISP said that they were told that a cable rupture was the cause of the problem, which began early Wednesday.