Technology briefs

Adobe PDF bug jeopardizes security

The Adobe PDF could be used to compromise a system running on Microsoft Windows XP, Adobe confirmed last week week.

Remote code embedded in a PDF could be executed in Versions 8.1 and earlier of Adobe Reader, Adobe Acrobat or Acrobat Elements. Adobe Acrobat 3D is also vulnerable. All those programs must be used in conjunction with Internet Explorer 7 to trigger the exploitation.

According to the SANS Institute, which announced news of the vulnerability last month, the vulnerability stems from the failure of the software to properly handle Web addresses embedded in the document. A malicious hacker could embed a PDF with a URL that could start other programs on the machine or execute other operations.

Adobe has not yet issued a patch correcting the problem, but it has offered instructions on how to modify the Windows XP registry settings to correct the vulnerability.

Metal shavings could be the cause of failures

Experiencing a mysterious surge in equipment failure in your data center? The culprit may be microscopic metallic shavings, NASA Goddard Space Flight Center researchers warned. “For data centers, it is a serious problem,” said NASA chief parts engineer Henning Leidecker, who is part of a research team tracking the problem. “More serious than many know about.”

The researchers are looking at how aging or inexpensively produced hardware can shed tiny conductive filaments of zinc typically less than a few millimeters long, known as zinc whiskers. Because they are conductive, such whiskers can short-circuit electronic equipment if they gather in sensitive regions of the equipment.

Usually it can take decades for a data center to collect a dangerous number of whiskers, and as many data centers age, the risk will
increase.

Zinc whiskers may come from a variety of sources. They mostly come from raised-floor tiles. Screws, nuts, washers and bus rails can be sources, too. The whiskers may be created through the movement of equipment or floor tiles, nicks and scrapes to the material, unequal thermal expansion, bending of the material or defects in the manufacturing process.

Despite their diminutive stature, the filings can cause big problems. Colorado reported that in 2005, a data center had been off-line for 30 days because zinc whiskers from floor tiles were blown by the air conditioning system into computers, shorting many of them.

GAO calls for additional testing of voting machines

The Government Accountability Office called for additional testing of voting machines used during the 2006 Florida general election to provide further assurance that the technology used did not contribute to the undervote in the state’s 13th District. The agency issued its statement to a special congressional task force now studying why that election produced an unusually large number of ballots that were cast but did not show a valid candidate choice.

GAO issued the information in an Oct. 2 statement to the House Administration Committee’s Task Force on Florida’s District 13 Election.

Nabajyoti Barkakati, GAO’s senior-level technologist for applied research and methods, conducted the election system analysis. He found that prior tests and reviews of Sarasota County’s voting systems didn’t completely rule out the possibility that the voting systems contributed to the undervote.

Sarasota County, part of Florida’s 13th District, used iVotronic direct-recording electronic voting systems (DREs) and the Unity election management system, manufactured by Election Systems and Software. The GAO statement added that additional tests might not completely eliminate the possibility that the machines helped cause the undervote.

“Although the proposed tests could help provide increased assurance, they would not provide absolute assurance that the iVontronic DREs did not cause the large undervote in Sarasota County,” GAO said. Absolute assurance is impossible, Barkakati said, because tests cannot recreate the election conditions.

Read more technology news on Government Computer News’ Web site at www.gcn.com.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group