State CIOs advise on homeland security plan. On 23 May, Steve Cooper, senior director of information integration and the Homeland Security Office's chief information officer, asked representatives from the National Association of State Chief Information Officers (NASCIO) to form a working group to advise him on the resources states have to offer to address cybersecurity issues. The move is significant, said state officials, because it shows that federal officials understand that states will bear the burden of implementing recommendations of a national security plan. A draft of the national strategy will likely be delivered to President Bush by early July. (Federal Computer Week, 3 June) Commission issues terror advisories to nuclear plants yet reassures public. In the past week, the NRC issued a new order requiring all closed nuclear plants that have nuclear waste contained in storage pools to implement extra security measures "for the current threat environment." Spent-fuel storage pools are considered among the more vulnerable targets at nuclear plants. They are typically located outside the reinforced domes that protect reactors. According to the NRC, the security upgrades ordered at decommissioned plants with storage pools will include; increased patrols, augmented security forces and capabilities, additional security posts, installation of additional physical barriers, vehicle checks initiated from a distance further away from the plant and more restrictive site access controls for personnel. Since September 2001, the NRC has suspended drills intended to test security at nuclear plants. Ironically, the agency has cited increased activity associated with plant security as the reason it has not had time to resume the drills. (Power Engineering, 1 June) Unruly passenger forces plane landing at Boston. An international flight made an unscheduled landing on 5 June at Boston's Logan International Airport because of an unruly passenger, who was taken into custody by the FBI, Massachusetts State Police said. Police said the plane was headed from Cancun, Mexico, to Rome, Italy, before it landed at Logan at 9:10 a.m. (1310 GMT). Boston radio station WBZ said fighter jets escorted the flight to the airport and that the man was tied up when the FBI removed him from the plane. It said the flight was chartered. (Reuters, 5 June) Top ten viruses and hoaxes reported to Sophos in May 2002. Sophos has released the ten most frequently occurring viruses and hoaxes. The infamous Klez-G virus accounts for 52% of all occurrences, with Elkern-C at 23%. This is the third month in a row that a variant of the Klez worm dominated the virus chart. It's trickier to spot since it randomly generates new subject lines, text, and attachment names each time it propagates. (PR Newswire, 4 June) Logan officials seek federal OK for baggage security system. Officials of the Massachusetts Port Authority, which operates Logan Airport, are seeking federal approval for a new baggage-screening program. The program, which needs the authorization of the federal Transportation Security Administration, includes expanding airport baggage rooms to house van-sized explosives detection systems that cost as much as $1.5 million each. Logan likely would use a combination of systems, including CAT scan technology, to identify explosives by density. (Associated Press, 5 June) Multiple vulnerabilities in Yahoo! Messenger. There are multiple vulnerabilities in Yahoo! Messenger version 5,0,0,1064, and previous versions, for Microsoft Windows. Attackers that exploit these vulnerabilities may be able to execute arbitrary code and be given the same privileges as the victim user. The CERT/CC have not seen active scanning for these vulnerabilities, nor have they received any reports of these vulnerabilities being exploited, however, users are advised to upgrade to version 5,0,0,1065 or a later version. (CERT Advisory Note CA-2002-16, http://www.cert.org/advisories/CA-2002-16.html.)
This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 09:43:15 PDT