Thursday, March 27, 2008
• According to Patriot News, the security at Three Mile Island (TMI) is under scrutiny by federal regulators because of a reported deficiency. But the problem, which was identified by plant operator AmerGen Energy last summer and quickly corrected, will remain a secret under federal rules that prevent the public disclosure of security weaknesses. (See item 3)
• The Associated Press reports authorities revealed Tuesday that a man carrying a loaded shotgun was arrested in January near the U.S. Capitol, and explosives left in his truck nearby went undetected for three weeks. According to an indictment filed in District of Columbia Superior Court the suspect faces charges of planning to set off a bomb. (See item 24)
28. March 25, InfoWorld – (National) Apple’s Safari browser likened to malware. Mozilla’s chief executive has lambasted Apple for its use of iTunes to offer the Safari web browser to Windows users, saying the technique “borders on malware distribution practices” and undermines the security of the Internet. “What Apple is doing now with their Apple Software Update on Windows is wrong,” he wrote on his personal blog. “It undermines the trust relationship great companies have with their customers, and that’s bad - not just for Apple, but for the security of the whole web.” Mozilla makes the Firefox browser, currently the most popular alternative to Microsoft Internet Explorer with about 15 percent of the market to IE’s 78 percent, according to figures cited recently by Apple. Apple said Safari currently has about five percent of the market, a figure the company intends to increase. In June of last year, when the company announced Safari would be coming to Windows, Apple’s CEO said Apple would be using iTunes to deliver Safari to Windows users. Mozilla’s CEO is concerned that Apple would be “adding Safari by default to an update mechanism normally used for updates to already-installed programs, including urgent security updates.” Apple Software Update, which is installed along with QuickTime or iTunes on Windows PCs, currently lists Safari 3.1 as a default download, already checked, alongside the latest update to iTunes.
30. March 25, PC World – (National) Sites’ personal questions may pose security risk. If
you have an online account at a retailer like Amazon.com, you have probably run into security questions when opening an account or when trying to recover one of the dozens of passwords you juggle in your head. Online businesses everywhere have embraced the technique, which is called knowledge-based authentication. Theoretically, the answers to these questions are so personal and obscure that knowing them proves you are you. Experts say, however, that the technology could end up helping hackers compromise your online accounts more easily. Knowledge-based authentication does not replace user names and passwords; it is an extra layer of security on top of such schemes, since hackers who stumble across your log-in credentials will not easily figure out the name of your high-school sweetheart. Collecting log-in information and answers to secret questions from your computer requires keylogging software, making it harder for malicious hackers to triumph. Scammers have adapted, adding secret questions to their decoy pages, says the CTO of fraud research company Secure Science. Bank phishing sites may include their own fraudulent drop-down lists that capture people’s answers, which bad guys can then use to hack real accounts. Even when hackers do not resort to subterfuge, these nuggets of information can sometimes be easier targets than passwords since there are a limited number of answers to questions such as “What was the make of your first car?”
31. March 25, Associated Press – (National) Verizon’s open access may not be that open. Verizon Wireless picked up coveted wireless airwaves at a recent auction held by the Federal Communications Commission, which imposed certain consumer-friendly provisions on how that network can be used and what it will it eventually look like.