Thursday, April 17, 2008

Daily Report

• According to the Daily Planet, the more than 6,500-acre fire that raged through Crowley County, Colorado, on Tuesday downed live power poles throughout the area. About 25 power poles burned, and the town of Ordway and surrounding communities were without electricity. (See item 2)

• IDG News Service reports many executives from major technology companies have expressed concern about the exhaustion of available IP addresses using IP version 4. Executives say the solution is to switch to IP version 6. (See item 39)

Information Technology

37. April 16, IDG News Service – (National) Malicious microprocessor opens new doors for attack. For years, hackers have focused on finding bugs in computer software that give them unauthorized access to computer systems, but now there is another way to break in: Hack the microprocessor. On Tuesday, researchers at the University of Illinois at Urbana-Champaign demonstrated how they altered a computer chip to grant attackers back-door access to a computer. It would take a lot of work to make this attack succeed in the real world, but it would be virtually undetectable. To launch its attack, the team used a special programmable processor running the Linux operating system. The chip was programmed to inject malicious firmware into the chip’s memory, which then allows an attacker to log into the machine as if he were a legitimate user. To reprogram the chip, researchers needed to alter only a tiny fraction of the processor circuits. They changed 1,341 logic gates on a chip that has more than one million of these gates in total, said an assistant professor in the university’s computer science department. “This is like the ultimate back door,” he said. “There were no software bugs exploited.” The professor demonstrated the attack on Tuesday at the Usenix Workshop on Large-Scale Exploits and Emergent Threats, a conference for security researchers held in San Francisco. Source:

38. April 15, Network World – (National) Oracle patches 41 security flaws in database and other products. Oracle released 41 security fixes for its flagship database and several other products Tuesday, including 15 patches for vulnerabilities that can be exploited remotely without a username or password. The presence of vulnerabilities that can be exploited without authentication “means that your database is a sitting duck unless you deploy this patch,” says the chief technical officer of database security vendor Sentrigo. Oracle database products account for 17 security patches, two of which could be exploited remotely over a network without authentication. The rest of the fixes are spread across Oracle’s Application Server, Collaboration Suite, and E-Business Suite products, as well as Oracle’s PeopleSoft and Siebel software. SQL injections might be among the attacks customers risk if they do not install the patches, he says. The Advanced Queuing technology in Oracle’s database has been linked to SQL injections in which malicious users gain elevated privileges and steal data such as credit card information, he says. Two vulnerabilities related to the Advanced Queuing database component were listed in Tuesday’s quarterly critical patch update. Source:

Communications Sector

39. April 16, IDG News Service – (International) Sound the alarm, IPv6 execs say. The sky is falling on the number of global IP (Internet Protocol) addresses, and IPv6 (Internet Protocol version 6) is the solution, executives from major technology companies said Wednesday. The exhaustion of available IP addresses using IPv4 (IP version 4) brought out the alarmist side of many industry executives. “It’s a crisis – not a market-oriented event,” said the chairman of the Asia Pacific Network Information Centre, speaking at the Global IPv6 Summit in Beijing. “We have just three years until IPv4 addresses are depleted. These changes will come suddenly,” he said. The telecommunications industry is going through “a period of grief” over the end of IPv4, said the IPv6 technical leader for Cisco Systems. “Most people in the world are still in a state of denial” about upgrading to IPv6. “No one will ask for IPv6 until they run out of IPv4 addresses,” he said. IP addresses allow individual devices, including computers, laptops, and mobile handsets to connect to the Internet. Using the current IPv4 system, which offers a total of about 4.7 billion possible IP addresses, some countries, including China, will begin to run out of addresses they can allocate around 2010, according to estimates by the Internet Assigned Numbers Authority and the Internet Corporation for Assigned Names and Numbers. By switching to IPv6, the number of possible addresses increases by billions more. This would also allow a far greater number of devices to connect, allowing features like the Internet-based remote control of security cameras, and even turning on home appliances from one’s desktop at work. Source:

40. April 15, Web Pro News – (National) Broadband penetration up 300% since 2002. Broadband penetration has increased more than 300 percent since 2002, according to a new analysis from Scarborough Research. In 2002, 12 percent of U.S. adults had a broadband connection in their household. Now, close to half (49 percent) have broadband. DSL connections have grown more than cable modems, but both have seen significant growth. Since 2002, cable modem penetration increased 188 percent and DSL connections increased 575 percent. San Francisco is the top local U.S. market for broadband penetration with 62 percent of adults living in a household that has a broadband Internet connection. Other cities with high levels of broadband penetration include Boston and San Diego, both with 61 percent penetration. Cities with high levels of broadband penetration are also in high Internet usage markets. Adults in San Francisco, Boston, and San Diego are more likely than the average person to have gone online in the past month, and they are also more likely to have spent ten or more hours online in the past week. Source: 41. April 15, RCR Wireless News – (National) Regulators pressured on text message rights. Public-interest groups reiterated their call for federal regulators to protect text messaging rights, framing the issue with far-reaching implication for free speech, disability access, and competition in the wireless industry. Public Knowledge and other organizations want the Federal Communications Commission (FCC) to rule that mobile-phone carriers cannot interfere with text messages, including those provided via short codes, based on content or source so long as such transmissions are legal. “The problem is real and current; carriers are discriminating against competitors and claiming the right to exert broad editorial control over text messages, especially those addressed to or from short codes,” said a Public Knowledge attorney. “As has been demonstrated with new communications media in the past, empowering consumers and ensuring the inability of the carriers to discriminate based on content is the best way to protect users both from unwanted communications and from the control of a small set of corporate interests.” The FCC has begun to receive a new round of public comments on the issue. Source: