Friday, February 8, 2008

Daily Report

• According to WNEM in Saginaw, Michigan, federal authorities are now investigating incidents last month in which a man and a woman were seen taking pictures at two Michigan meat packing plants. Reports suggest the two are members of People for the Ethical Treatment of Animals (PETA). Local police have possession of their camera and pictures, and could charge the couple with trespassing. (See item 19)

• WPXI 11 Pittsburgh reported that state officials are warning residents to be watchful of the Moraine State Park Dam in Butler County, Pennsylvania, which is considered a high hazard dam. Water is spilling over the dam, and officials worry that more rain could endanger surrounding counties. They have posted an emergency action plan in more than 30 municipalities. (See item 36)

Information Technology

29. February 7, Computer Weekly – (National) Users warned to update Adobe Reader to tackle PDF security threat. Adobe has fixed a vulnerability in its widely used document-viewing program Reader, but the firm is not revealing the details of the security flaw. Because of this, security analysts believe the flaw is serious, and that users should update their systems to the new version – version 8.1.2 – as soon as possible. The flaw affects PDF documents, which have been at the center of previous critical security threats involving Windows-based machines. It is estimated that two-thirds of home users have the free Adobe Reader software on their desktops, to enable them to read PDF documents, so the implications of an unpatched machine could be severe.
Source:
http://www.computerweekly.com/Articles/2008/02/07/229308/users-warned-toupdate-adobe-reader-to-tackle-pdf-security.htm

30. February 6, IDG News Service – (National) Apple fixes critical QuickTime bug. Apple has released a security fix for its QuickTime media player software, fixing a critical bug that had been worrying security experts for nearly a month. The update, released Wednesday, fixes a vulnerability in the RTSP (Real Time Streaming Protocol) used by QuickTime to handle streaming media. It also fixes a previously reported incompatibility between QuickTime 7.4 and Adobe Premiere and After Effects, according to an Apple spokesman. On January 10, a researcher disclosed the flaw by posting proof-of-concept attack code that could be used to run unauthorized software on a victim’s computer. For the attack to work, the criminal would have to first trick the user into viewing a maliciously encoded QuickTime media file. With the attack code available, security researchers had been hoping that Apple would address the flaw. Wednesday’s QuickTime 7.4.1 update is for both the Mac OS X and Windows operating systems. It is Apple’s fifth QuickTime update since October
Source:

http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/06/Apple-fixes-critical-QuickTime-bug_1.html

Communications Sector

31. February 7, IDG News Service – (International) Middle East cables will be repaired by Sunday. Damage to two cables that disrupted Internet and other communications to the Middle East and India will be repaired by Sunday, Flag Telecom said in a bulletin on Thursday. Breaks last week in the Flag Telecom Europe-Asia cable, owned by India’s Reliance Communications, and on the South East Asia-Middle East-West Europe 4 (SEA-ME-WE 4) cable, owned by a consortium, disrupted Internet and other communications to the Middle East and India. Indian service providers were able to avoid a major crisis by diverting traffic from the Mediterranean routes to links in the Asia-Pacific region. Increased latency of traffic on account of the new routing however resulted in slower Internet access and poor quality of voice communications, according to the Internet Service Providers’ Association of India (ISPAI). The damage to three cables in the area has sparked off speculation in blogs that there was sabotage. Flag Telecom said on Thursday that the break in the Falcon cable from United Arab Emirates to Oman was because of an abandoned ship anchor, though it did not give a reason for the break in its Europe-Asia cable. The breaks in the Middle East have helped to emphasize the need for adequate backups to the existing links, particularly as premium traffic from India’s outsourcing industry travel through the Middle East cables, said the president of the ISPAI.
Source:

http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/07/Middle-East-cables-will-be-repaired-by-Sunday_1.html

32. February 7, Hindustan Times – (International) Bharti to set up undersea cable connecting India, France. Telecom major Bharti Airtel on Wednesday said it will set up another high-capacity undersea cable, which will connect India to France through the Middle East, in association with eight global telecom players by the end of next year. A formal construction and maintenance agreement to build a high-capacity fiber-optic submarine cable that would stretch from India to France through the Middle East was signed today in Rome by all the firms. The cable system – I-ME-WE (India, Middle East, Western Europe) – is the fifth in the series of similar cable systems, which includes the SEA-ME-WE series, and is likely to be available for service by the end of 2009, a Bharti Airtel statement said. The supply contract for the construction of the I-ME-WE submarine cable system was also signed today by the consortium members, the statement added. This announcement has come within days of damage to three undersea cables – two off the coast of Egypt and one in the Middle East. The damage had slowed down Internet services in India for some time.
Source:
http://www.hindustantimes.com/StoryPage/StoryPage.aspx?id=5e0cd2aa-3a2f-4a41-af44-15684171eb8d&&Headline=Bharti+cable+to+connect+India+and+France

Thursday, February 7, 2008

Daily Report

• According to the Associated Press, firefighters contained early Wednesday a massive fire that erupted at about 10 p.m. Tuesday at the Columbia Gulf Natural Gas pumping station in Macon County, Tennessee, after a line of severe storms moved through Tennessee. The company shut off the gas on both sides of the station. (See item 2)

• The Daily Journal reports that a man who fled from members of the National Guard near the Oyster Creek nuclear power plant in Lacey Township, New Jersey, prompted a massive search at the plant Tuesday afternoon. The individual was last seen on foot walking north on the Garden State Parkway at milepost 70.4. (See item 8)

Information Technology

25. February 5, InfoWorld – (International) Remote worker security still lax. Despite having a greater awareness of the security risks posed by careless computing habits and personal Internet activity carried out on corporate laptops, many remote workers continue to do things that imperil the safety of themselves and their employers, according to a new report from Cisco. As part of its annual study on the security awareness and online behavior of remote workers – based on interviews with 2,000 telecommuters carried out by researchers from InsightExpress – Cisco experts said that people appear to have acquired a false sense of security when it comes to the use of their company-issued computers and other corporate IT assets. Despite the fact that the IT security community has done a much better job in recent years of keeping people informed of the latest and greatest malware attacks and social engineering schemes, remote workers keep falling for the same types of tricks as they always have – in part because they believe that they are now protected by more advanced security technologies, said a special assistant to the CTO at Cisco. In fact, in just one year’s time, the number of respondents to the survey who expressed a belief that the Internet is “getting safer” increased from 48 percent 12 months ago to more than 56 percent in
2008. The trend was particularly evident in some parts of the world where Internet use is growing the fastest, and where people believe that their governments are going to greater lengths to protect individual users, such as Brazil (71 percent), India (68 percent), and China (64 percent). By using their company-issued devices to head to corners of the Internet where attacks are more prevalent – such as on e-commerce sites, social-networking portals, and independent Web properties – workers are putting their employers at risk of exploit by malware and other threats, the expert said.
Source:
http://news.yahoo.com/s/infoworld/20080205/tc_infoworld/95112_3

26. February 5, Computerworld – (International) Skype plugs critical cross-zone scripting hole. Skype Ltd. today patched a critical vulnerability that forced it to dump several features from its VoIP and chat software to prevent attackers from hijacking Windows PCs. In a security advisory issued Tuesday, Skype said it fixed the underlying flaw publicized by an Israeli researcher nearly three weeks ago. The vulnerability, which was called a cross-zone scripting bug, could be exploited with rigged video files that leveraged a security flaw in the way Skype rendered HTML. At root, the researcher said, was the fact that Skype, which uses Internet Explorer’s Web control to handle internal and external HTML pages, ran the control in a low-security mode. After he and others posted proof-of-concept code for the exploit, Skype temporarily plugged the hole by first ditching connections to the Dailymotion video-sharing service. Six days later, it severed the line to Metacafe, another partner that provides video-sharing services, when an even more serious exploit was pointed out. Last week, the researcher spotted yet another Skype problem, this time in the SkypeFind command, which lets users recommend businesses to others and write reviews of those businesses. In its security alert today, Skype claimed that all three of the exploits – the two related to Dailymotion and Metacafe and the third connected to SkypeFind – had been quashed by the patched Skype, which is now available for download. Users can download the patched Skype – Version 3.6.0.248 for Windows – from the service’s Web site. Existing Skype users can update by using the software’s “Check for Updates” command under the Help menu.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9061089&source=rss_topic15

Communications Sector

27. February 6, Computerworld – (International) Study: Mobile call quality still has a way to go. A study of the voice quality experienced on 630 million live mobile phone calls conducted in 12 countries last year showed that 39 percent of the calls did not meet the industry’s minimum standard for voice quality. Mobile voice quality was much better in the U.S. and Europe, where just 23 percent of calls fell below the industry minimum, according to a study by Ditech Networks Inc., a telecommunications equipment supplier based in California. But the quality was much worse in rapid-growthmarkets such as India and South America, where 59 percent of mobile calls fell below the industry minimum. The study is the biggest of its kind ever conducted. It was done with the cooperation of 16 mobile network carriers in 12 countries over periods of up to six weeks in 2007, Ditech officials said. Three major U.S. carriers participated, although Ditech would not disclose their names. Ditech’s study helped the carriers learn that up to half the calls in some regions were adversely affected by ambient noise in the caller’s environment. Ambient noise could be a passing motorcycle or the sounds of a nearby crowd, a representative said. Echo, often caused by the mobile handsets, was a problem in as many as 11 percent of all calls in some regions, he said. And “voice level mismatch” was a problem on up to 28 percent of all calls in some regions. Voice level mismatch is when a caller seems to be speaking too loudly or too softly.
Source:
http://feeds.computerworld.com/~r/Computerworld/Mobile/Wireless/News/~3/230241529/article.do

28. February 5, BBC News – (International) Work begins to repair severed net. Work has begun to repair two damaged internet cables in the Mediterranean Sea that were severed last week. Flag Telecom, one of the firms responsible for the cables, says it will take about a week to be fixed. The break has caused disruption to net services in the Middle East and India. The cause is still not known. Repairs will involve a team of about 50 people, including navigation experts and cable engineers, said Flag Telecom. The ship that will repair the first severed cable is already in place, with repairs underway, while the second vessel is expected to begin work on Tuesday. “It will be a highly technical job and should take a week to complete,” a spokesperson for Flag Telecom told the BBC News website. The cause of the damage has not been officially confirmed, but there have been reports that the breaks were related to a tanker dragging its anchor along the sea bed. However, the Egyptian communications ministry has denied any ships were in the area at the time of the break.
Source: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7228315.stm