Editor : Martin Simamora, S.IP |Martin Simamora Press

Kamis, 31 Maret 2011

KRISIS NUKLIR JEPANG : Amerika Serikat Kirim Robot "Kebal Radiasi"

Photo: ASAHI SHIMBUN/STR/EPA/Corbis
Berbagai hasil pengukuran tingkat radiasi di perairan laut sekitar PLTN Fukushima Daiichi telah mencapai level puncak kemarin (30/3/2011). Pejabat pemerintah Jepang menyatakan perairan laut sekitar PLTN mengandung radiasi 3.335 kali lebih tinggi dari kadar normal radiasi iodin radioaktif, sebagaimana diberitakan Associated Press.

Robot Juga digunakan saat Krisis Nuklir Chernobyl, di area radiasi sebesar 350Rentgen perjam

Kini pemerintah Jepang sedang mempertimbangkan untuk menyelubungi tiga reaktor dengan terpal khusus untuk menahan radiasi. Rencana ini belum pernah dicoba  sebelumnya dan tanpa resiko sebab para pejabat tak menghendaki adanya peningkatan  tekanan pada reaktor.

Untuk membantu upaya pembendungan radiasi ini, pemerintah Amerika Serikat sedang  mengirimkan robot yang diperkuat sehingga dapat menahan radiasi kuat yang dapat  merusak kerja alat, untuk menjangkau area-area yang terlalu bahaya untuk dimasuki  oleh pekerja.

Level-level radiasi terdeteksi meingkat di air keran dan sayur-sayuran. Sementara  itu, Masataka Shimizu, Presiden Tokyo Electric Power Co- selaku operator PLTN  telah dirawat di rumah sakit akibat hipertensi terang juru bicara TEPCO Naoki  Tsunoda.

Ini adalah kemunduran terbaru dari serangkaian kemunduran lainnya dan kritik-kritik yang harus dihadapi oleh perusahaan tersebut sejak gempa bermagnitudo 9,0 yang disertai tsunami menghantam sistem pendingin reaktor pada 11 Maret 2011.

GARIS DEPAN FUKUSHIMA

Seorang pakar Amerika Serikat turut terlibat di garis depan pertempuran menghadapi ancaman radiasi radioaktif yang semakin berbahaya di PLTN Fukushima.

Dr. Robert Gale pernah menghabiskan tahun-tahunnya saat menangani bencana nukir  mematikan di Chernobyl Ukraina, kini berada di Jepang untuk memberikan saran-saran kepada kantor Perdana Menteri untuk secara langsung menentukan langkah-langkah pengamanan.

Robert menghabiskan waktunya sehari penuh di sebuah tempat yang disebut "J-base"  sebuah area khusus bagi para pakar dan doktor Nuklir, yang hanya berjarak 12 mil  dari reaktor-reaktor.

Robert juga menyatakan J -Base adalah tempat yang sangat sibuk dengan berbagai aktivitas, juga ada banyak tak dan helikopter. Semua dengan pakaian anti Nubika  nuklir biokimia) yang selalu dipantau setiap menit kala mereka keluar masuk  reaktor.

"Mereka para pekerja, saya tahu sekali bahwa mereka tak memiliki informasi yang memadai. Tak ada waktu untuk membekali mereka dengan pengetahuan radio biology.

Robert juga menyatakan berbagai resiko kesehatan telah meningkat tajam dan itu termasuk bagi mereka yang bekerja di dalam reaktor-reaktor.


"Saya pikir mereka tidak dalam bahaya yang sangat luar biasa, kecuali terjadi  sesuatu yang salah," ujar Gale.
Akan tetapi, menurut Roger, apabila mereka terpapar dengan lingkungan radiasi  dalam waktu berkepanjangan maka bahaya nyata bagi orang dewasa.

Robert juga menyatakan hal yang mengejutkan dengan menyatakan bahwa sejumlah  area dalam zona evakuasi dapat kembali didiami dalam waktu yang tak terlampau lama, tak seperti yang dibayangkan.

"Saya berpikir masyarakat akan dapat direlokasi kembali ke zona evakuasi, tentu  tidak setiap inchi persegi, dan akan ada juga sejumlah area di luar area evakuasi  yang akan terdeteksi terpapar radioaktif sehingga setiap orang yang berada di  lokasi tersebut harus dievakuasi.

-abcnews.go.com | Martin Simamora


KRISIS NUKLIR JEPANG : Perkembangan Terkini, Radiasi Melampau Zona Evakuasi!

FUKUSHIMA RADIATION/therealtimer.com
Berikut ini adalah berbagai perkembangan utama setelah Gempa dan Tsunami dahsyat menghantam Timur Laut Jepang, serta melumpuhkan PLTN Fukushima Daiichi, yang memicu kebocoran radiasi radioaktif yang tak terkendali.

  • Radiasi telah mencapai sebuah desa yang berjarak 40 km dari PLTN Fukushima  Daiichi, radius yang melampaui kriteria evakuasi, badan pengawas nuklir PBB  menyatakan ini merupakan tanda terakhir yang menunjukan konsekuensi-konsekuensi  krisis yang meluas.

  • Kementerian Perdagangan Jepang, yang mengawasi keamanan nuklir, menyatakan akan  merancang peraturan-peraturan yang lebih komprehensif bagi semua operator PLTN  di Jepang, dengan mengacu bencana pada PLTN Fukushima Daiichi. Pernyataan  Kementerian Perdagangan ini menjadi pengakuan pertama bahwa peraturan-peraturan  yang diterapkan tidak memadai kala bencana Gempa dan Tsunami meluluh lantakan  fasilitas tersebut pada 11 Maret 2011.

  • Sekretaris Kabinet Jepang- Yukio Edamo, Juru bicara utama krisis nuklir, mengakui hingga kini belum ada tanda-tanda krisis ini akan berakhir " dalam waktu tertentu".

  • Operator PLTN, Tokyo Electric Power (TEPCO), menyatakan upaya menstabilitasi "over heating" pada semua reaktor akan membutuhkan "waktu yang cukup panjang"

  • TEPCO menyatakan bahwa Chairman kini dalam posisi memimpin setelah Presiden  perusahaan mengalami tekanan darah tinggi dan kepala pusing yang luar biasa sejak krisis mulai terjadi.

Chairman Tsunehisa Katsumata menyatakan TEPCO tetap ingin menjadi perusahaan  publik yang tercatat di bursa, karena pinjaman darurat sebesar 2 triliun yen  (USD24 milyar) tidak akan dapat menutupi berbagai biaya saat ini.

Menteri Strategi Nasional- Koichiro Gemba berujar pada Selasa lalu bahwa  manasionalisasi PLTN terbesar di Asia tersebut telah menjadi salah satu opsi yang  sedang dipertimbangkan.


  • Pengukuran radiasi terakhir menunjukan peningkat iodin radioaktif yang tajam di  lepas pantai PLTN Fukushima Daiichi mencapi 3.355 kali dari batas legalnya,  ungkap Badan Keamanan Nuklir dan Industrial Jepang. Badan ini juga menyatakan  telah meminimalkan dimana warga yang telah meninggalkan area tersebut dan  menghentikan penangkapan ikan.

  • Presiden Prancis Nicolas Sarkozy, yang kini memimpin negara-negara yang  tergabung didalam G20 dan G8, berencana melakukan kunjungan ke Tokyo pada Kamis.  Ia akan menjadi pemimpin negara pertama yang mengunjungi Jepang sejak bencana  melanda negeri tersebut.


Prancis sendiri telah mengirimkan 2 pakar dari Badan Riset Nuklir dan pembuat  reaktor nuklir Avera milik negara untuk membantu Tokyo Electric Power Co yang  mendapat kritikan hebat.

  • Perdana Menteri Jepang Naoto dan Presiden AS Barack Obama sepakat bahwa kerjasama yang erat sangat penting dalam menangani berbagai masalah di PLTN.  Kedua pemimpin berkomitmen untuk membantu masyarakat yang terkena musibah gempa.

  • Pada Selasa, Plutonium telah ditemukan di tanah di 5 lokasi sekitar PLTN,  meningkatkan peringatan bahaya bagi publik. TEPCO menyatakan jejak-jejak  Plutonium yang ditemukan tidak dalam level yang membahayakan kesehatan manusia.

    REVISTING CHERNOBYL :
    A Nuclear Disaster Site of Epic Proportions

Badan Keselamatan Nuklir menyatakan penemuan tersebut dapat berarti mekanisme  pembendungan telah mengalami kegagalan atau kerusakan.

  • Singapura telah menyatakan kepada badan pengawas nuklir PBB : sejumlah kubis  yang diimpor dari Jepang memiliki radiasi sebesar 9 kali dari level-level yang  direkomendasikan dalam perdagangan internasional, ujar pejabat IAEA.

  • Sekitar 27.500 orang dilaporkan meninggal atau hilang akibat gempa dan tsunami.

  • Sejumlah pengacara dari kelompok Oposisi mengkristis Perdana Menteri Naoto Kan  karena tidak memperluas zona evakuasi sekitar PLTN

  • PM Kan menyatakan situasi di PLTN memerlukan kewaspadaan yang paling tinggi.

  • Kelompok lingkungan hidup Greenpeace menyatakan telah mendeteksi radiasi-radiasi dalam level tinggi di luar radius zona eksklusif 12 mil atau 20 km, namun para  pejabat Jepang menyatakan level radiasi dyang berasal dari PLTN tidak berbahaya  bagi manusia. Pakar menyatakan radiasi di Pasifik akan lenyap dengan cepat.

  • Jumlah kerugian akibat gempa dan tsunami mencapi USD300 milyar, membuatnya  sebagai kerugian terbesar di dunia yang diakibatkan bencana alam. Gempa Kobe 1995  menimbulkan kerugian sebesar USD100 milyar sementara Topan Katrina tahun 2005  menimbulkan kerugian USD 81 milyar.

-reuters.com Wed Mar 30, 2011 3:12pm EDT | Martin Simamora


Bank of America Denies Breach

.tampabay.com
Bank of America branches in Greater Detroit were reportedly flooded this past weekend, after several BofA debit cardholders noticed fraudulent transactions on their accounts.
According to one  local news report, the incident involves more than $100,000 in fraudulent debit transactions. Over the weekend, Detroit BofA branches were working to assess the geographic breadth of the incident, the news report states. How the cards may have been compromised, such as via a skimming attack, also was not known.

BofA spokeswoman Diane Wagner says BofA has not released any information about
debit fraud, adding, "There was no breach at Bank of America."

BofA does not provide details about potential debit compromises, Wagner says. "If we think a customer's card has been compromised at a third-party location, we'll block and reissue the card, which is what we did in this case," she says.

"Security for our customers is a top priority, and our objective is to protect our customers and the bank," Wagner says. "As standard procedure, if we see misuse or the potential for misuse of a customer's card, we will notify the customer and monitor and/or reissue their card."

Cynthia Thompson, director of education and professional services for The Payments Authority, a regional payments association in Michigan affiliated with NACHA, says the association heard reports last week of local BofA branches being overwhelmed with customers who believed their debit cards had been compromised. "Something happened," she says, "I'm just not sure what. I don't know if it was an internal breach or if their system was compromised from an outside source."

BofA is not a member of The Payments Authority in Michigan. "If they were a member, we would get involved," Thompson says. "This is something they will likely handle internally."

-bankinfosecurity.com


Disaster in Japan: A Lesson in Business Continuity Management

311tsunami.com
In the wake of the current crisis, it is more apparent that the ability to efficiently coordinate the resources of business continuity, incident response, disaster recovery, and crisis management determines when - and if – operations will resume. easy2comply’s upgraded Business Continuity Management software provides real-time Recovery Management features based on BS 25999.

In the wake of the current crisis, it is more apparent that the ability to efficiently coordinate the resources of business continuity, incident response, disaster recovery, and crisis management determines when - and if – operations will resume. easy2comply’s upgraded Business Continuity Management software provides real-time Recovery Management features based on BS 25999.


As earthquake, tsunami and other disasters of nature threaten and disrupt business worldwide, it’s only natural that many Risk Managers around the world are reexamining their disaster recovery and business continuity management plans. Positive lessons can be learned from Japanese businesses, organizations and communities with solid plans in place that prevented further loss of life and damage.

Business continuity events will continue to occur and threaten businesses around the globe. Being prepared and knowing how to respond makes the difference between corporate survival and corporate failure. The planning and preparatory work, as well as the associated costs, can seem overwhelming when using conventional tools.

easy2comply's upgraded version of its Business Continuity Management software provides real-time Recovery Management features based on BS 25999:

  
  • Sophisticated flowcharts for documentation of business processes, IT Assets and resources
  • Customizable resources enabling BCM managers to define any type of resource down to the attribute level
  • Interactive and graphical resource mapping to define the relationships between resources and processes
  • Scenario-based Gantt charting that automates resource and process requirements definitions based on disaster locations
  • Crisis management Gantt charts to guide BCM managers in real-time through pre-defined scenarios
  • Business Impact Analysis (BIA) calculator provides business resumption cost effectiveness projections detailing business days and critical recovery resources

To learn more about easy2comply’s Business Continuity Management software enhancements join our upcoming BCM webinar that will be held at April 6th 2011, 10:00 am EST.
To apply for a free trial, please visit http://www.easy2comply.com/bcm.htm

The easy2comply team sends the entire Japanese people support and encouragement as they cope with this terrible crisis and its aftermath.

About easy2comply

easy2comply by Dynasec, founded in 2004, is a leading provider of Governance, Risk Management and Compliance solutions offering the easy2comply family of practical and reliable GRC applications. Our solutions can be deployed either on-demand (SaaS) or on-site to suit each customer's preferred configuration. easy2comply provides a comprehensive platform that supports existing and emerging regulations with built-in best practices, full functionality and adaptable workflow that adjusts to any business environment. For more information, please visit http://www.easy2comply.com.

-prweb.com

Rabu, 30 Maret 2011

KRISIS NUKLIR JEPANG : "Para Pekerja Telah Kalah Dalam Perlombaan Menyelamatkan Reaktor"

A Greenpeace anti-nuclear activist holds a flower bouquet during a candlelight vigil outside the Japanese Embassy in Jakarta Photo: AP
Para pekerja di PLTN Fukushima Daiichi yang mengalami kerusakan hebat akibat hantaman gempa telah kehilangan "penguasaan lapangan" dalam medan tempur untuk menyelamatkan PLTN agar tidak mengalami pelelehan setelah inti radioaktif di salah satu reaktor TERLIHAT SEDANG MELELEH di dasar "containmet vessel" atau bagian pembendung yang menyelubungi inti reaktor.

Inti pada reaktor no.2 PLTN Fukushima juga kemungkinan sudah mengalami pelelehan (meltdown) melalui lantai beton, ungkap para pakar, mempercepat resiko pelepasan gas-gas radioaktif ke area sekitar.

Reactor Core Breached


Richard Lahey yang menjabat sebagai Kepala Riset Keamanan Reaktor pada General Electric, saat General Electric menginstalsi unit-unit di Fukushima, menyatakan bahwa pekerja yang sedang mengupayakan pemompaan air kedalam 3 reaktor agar batang-batang bahan bakar tidak mengalami pelelehan (akibat overheating), terlihat telah mengalami kekalahan dalam perlombaan untuk menyelamatkan reaktor.
Reaktor Fukushima Daiichi - Penjelasan lihat disini




"Berbagai indikasi yang kami miliki....menunjukan bahwa inti telah mengalami pelelehan melalui bagian bawah unit Pressure Vessel pada reaktor no.2, dan steidaknya beberapa lelehan telah mencapai tabir atau selubung beton yang membalut inti reaktor," ujar Richard Lahey kepada media. "Saya harap saya keliru, tetapi untuk saat ini berdasarkan bukti yang ada maka kondisinya memang demikian."

treehugger.com : Japanese Prime Minister Naoto Kan attends a meeting on crisis of the Fukushima
No. 1 nuclear power plant in Tokyo, Japan, March 15, 2011. Credit: Xinhua/Kyodo/Xinhua Press/Corbis-
Perdana Menteri Jepang, Naoto Kan (28/03/2011) telah menyatakan KEADAAN DARURAT PENUH sehubungan dengan pertarungan yang dilakukan negeri ini untuk mengatasi berbagai kombinasi bencana; gempa dengan magnitudo 9,0, tsunami, dan kecelakaan nuklir.



"Mulai saat ini, kita akan melanjutkan upaya penanganannya dalam kondisi Darurat Penuh," jelasnya. Komnetar-komentar Kan dilontarkannya setelah Tokyo Electric Power Company (TEPCO)-operator PLTN Fukushima Daiichi- mengkonfirmasi bahwa PLUTONIUM SUDAH TERDETEKSI pada 2 dari 5 sampel tanah. Tepco menyatakan kadar Plutonium yang ditemukan sebagai tidak berbahaya bagi kesehatan manusia, TETAPI para pakar menyatakan bahwa temuan itu  menunjukan bahwa mekanisme pembendungan reaktor telah mengalami kegagalan atau kerusakan. "PLUTONIUM adalah substansi yang dilepaskan kala temperatur tinggi dan plutonium itu adalah materi yang berat dan tak mudah untuk bocor," jelas Hidehiko Nishiyama-Deputi Direktur Badan Keamanan Nuklir dan Industrial Jepang.



"Jadi bila PLUTONIUM telah keluar dari reaktor, maka kondisi seperti ini "memberitahukan" kepada kita sesuatu yang terkait dengan kerusakan pada bahan bakar nuklir. Dan apabila Plutonium ini berhasil "keluar'- merembes dari Sistem Pembendungan yang seharusnya, itu menegaskan besarnya potensi bahaya dan keseriusan kecelakaan yang sedang berlangsung."


Diduga keras bahwa sejumlah Plutonium telah masuk ke tanah dari batang-batang bahan bakar yang telah terpakai di PLTN ATAU dari kerusakan pada reaktor no.3- satu-satunya reaktor yang menggunakan substansi itu dalam bahan bakar campurannya.



Sekalipun berbagai bahaya hebat mengancam, ratusan staf dan petugas pemadam kebakaran terus bekerja tanpa henti dalam shift kerja di PLTN untuk mewaspadai berbagai tantangan bahaya yang akan meningkat. Menurut kabar koran Mainichi, mereka-para pekerja tersebut- tidur di bagian bangunan utama anti gempa, lantainya dialasi dengan alas yang mengandung Lead untuk menahan radiasi yang ada di sekitar bangunan.
"Lingkungan kerja mereka sangatlah keras," jelas Kazuma Yokata-Kepala Kantor Inspeksi Fasilitas Nuklir yang menjadi pengawas PLTN Fukushima Daiichi.



Pemerintah Jepang kini menghadapi tekanan hebat untuk memperluas zona evakuasi yang diterapkan saat ini, yang saat ini diperluas hingga 12 mil. Ada banyak ketakutan bahwa puluhan ribu pemukiman diperintahkan untuk meninggalkan areanya, tidak akan pernah dapat kembali lagi akibat kontaminasi radioaktif. "Tanah ini adalah tanah leluhur mereka dan rasa cinta mereka terhadap tanah mereka sangatlah besar," jelas Tomo Honda, seorang anggota parlemen regional Fukushima.


"Langkah pertama adalah mengatakan yang sesungguhnya kepada para pengungsi bahwa mereka tidak akan mungkin dapat kembali lagi, tetapi warga tak siap untuk menerima kenyataan tersebut."



Sebuah perkiraan menyatakan 70.000 orang telah meninggalkan zona evakuasi, dan 130.000 keluarga yang tinggal dalam zona 19 mil telah disarankan untuk evakuasi atau tinggal didalam rumah. Diperkirakan 40 keluarga yang tinggal dalam zona aman 12 mil telah menolak untuk meninggalkan rumah mereka.



-.telegraph.co.uk | Martin Simamora

SCADA vulnerabilities prompt US government warning

A flurry of software vulnerabilities found in a variety of industrial control systems has prompted vendors to begin developing patches, following a warning by the U.S. government's Computer Emergency Readiness Team (CERT).
The security problems were found in SCADA (supervisory control and data acquisition) systems made by Siemens, Iconics, 7-Technologies and Datac by researcher Luigi Auriemma, whose findings  appeared on his website and the vulnerability site Bugtraq.

The U.S. CERT's Industrial Control Systems Cyber Emergency Response Team  issued four alerts on Monday regarding Auriemma's findings.
http://securityblahblah.blogspot.com/2010/07/rootkit-targeting-embedded-devices-in.html

All of the products have remotely exploitable vulnerabilities, the most dangerous kind. If the systems are connected to the Internet, hackers could find ways to exploit them from afar and get inside the systems to steal or manipulate data.


The systems affected are Siemens' Tecnomatix FactoryLink, which is used in the food, pharmaceutical and metals industries, among many others. Siemens said in 2007 that it would pull FactoryLink from the market in October 2012 and help customer migrate to its WinCC product. According to material published by Siemens in 2008, more than 80,000 FactoryLink systems have been installed worldwide.

Siemens is especially familiar with SCADA vulnerabilities: it's WinCC product was targeted by the Stuxnet malware, which is widely suspected as being developed by a government. It successfully infiltrated Iran's nuclear program, where the country used Siemens WinCC systems. Siemens did not have an immediate comment on the latest vulnerabilities.

Other companies hit by the disclosure include Iconics, whose Genesis32 and Genesis64 software is used in industries such as oil and gas and pharmaceuticals, and Datac, which makes RealWin.

Cyril Kerr, Datac's CEO, said in an e-mail that the vulnerabilities were found in its RealWin product, which is demo version of its RealFlex 6 SCADA product. RealFlex runs on an OS called QNX. However, since companies interested in the product probably don't have that OS, Datac created RealWin, which runs on Windows and can be used to show RealFlex's features, Kerr said.

RealWin is used as a stand-alone application in some instances for machine control, but in environments where it is not connected to the Internet. If a customer wants to connect the system to the Internet, Datac recommends RealFlex, Kerr said. Datac's engineers are looking into the vulnerabilities reported in RealWin but said the problems are "not a real threat."

"Our RealFlex 6 SCADA software is very secure and has gained a reputation as an extremely robust SCADA system used in thousands of sites around the world," Kerr said.

Also affected was the Danish company 7-Technologies, which makes IGSS. That is control software used by some 70 percent of water and waste treatment management plants throughout Scandinavia, said Jens Krogh Løppenthien, the company's managing director. IGSS can also be used for shipping traffic systems.

Løppenthien said on Wednesday that Auriemma's findings had "impressive detail," and that his company expected to issue patches within week.

"We take these thing very seriously," he said.

Most of the IGSS systems deployed are not directly connected to the Internet, Løppenthien said. Those that are connected are usually protected by a firewall, which the hacker would have to bypass first. If a particular company does want to allow public Internet access to its systems, people connect through a VPN (Virtual Private Network), he said.

Companies using IGSS usually work with a systems integrator that will patch their systems, although 7-Technologies can roll out patches in a fashion like Microsoft, he said. But since many companies have customized IGSS systems, the system integrator will test the patches to be sure the fixes don't interfere with other processes.

Auriemma's discoveries underscore warnings computer security researchers have been issuing for some time: SCADA systems are often old and haven't gone through proper security audits even though systems control critical infrastructure.

Auriemma said via e-mail that although he is a vulnerability researcher, he had no experience with SCADA systems. He started downloading free trial versions of the products, some of which are available on the Internet, and probing. He quickly found problems, sometimes within two hours.

He didn't contact the vendors before releasing the vulnerabilities, something that is considered good form by security researchers to avoid putting companies at immediate risk of attack.

"In my opinion there is absolutely no risk because these systems are not made to be reached via the internet," Auriemma wrote. "If an attacker reaches the vulnerable systems, it means the security of the company has been already compromised before."

His lack of disclosure may bug some vendors. 7-Technologies' Løppenthien, however, said: "Maybe we should hire him."

-.csoonline.com

Solo Iranian hacker takes credit for Comodo certificate attack

A solo Iranian hacker has claimed responsibility for stealing multiple SSL certificates belonging to some of the Web's biggest sites, including Google, Microsoft, Skype and Yahoo.



Early reaction from security experts was mixed, with some believing the hacker's claim, while others were dubious.

Last week, conjecture had focused on a state-sponsored attack, perhaps funded or conducted by the Iranian government, that hacked a certificate reseller affiliated with U.S.-based Comodo.


On March 23, Comodo acknowledged the attack, saying that eight days earlier, hackers had obtained nine bogus certificates for the log-on sites of Microsoft's Hotmail, Google's Gmail, the Internet phone and chat service Skype and Yahoo Mail. A certificate for Mozilla's Firefox add-on site was also acquired.

SSL certificates validate the legitimacy of a Web site to the browser, assuring users that they're connecting to the real site, and that the traffic between their browsers and the site is encrypted.
Comodo CEO Melih Abdulhayoglu said last week that circumstantial evidence pointed to a state-backed attack, and claimed the Iranian government was probably behind it . "We believe these are politically motivated, state driven/funded attacks," said Abdulhayoglu.

He based his opinion on the fact that only Iran's government -- which could jigger the country's DNS (domain name system) to funnel traffic through fake sites secured by the stolen certificates -- would benefit.

In Abdulhayoglu's analysis, authorities could have used the certificates to dupe anti-government activists into believing they were at a legitimate Yahoo Mail, for example. In reality, however, the phony sites would have collected users' usernames and passwords, and thus given the government access to their e-mail or Skype accounts.

On Sunday, a single hacker took responsibility for the Comodo attack, backing up his claim with decompiled code.

"I'm not a group of hacker [sic], I'm single hacker with experience of 1,000 hackers," wrote the attacker in a post on Pastebin.com late Saturday. He called himself "ComodoHacker" and said he's 21 years old.

ComodoHacker alleged that he had gained full access to InstantSSL.it, the Italian arm of Comodo's InstantSLL certificate selling service, then decompiled a DLL file he found on its server to uncover the reseller account's username and password.


With the username and password in hand, said ComodoHacker, he was able to generate the nine certificates, "all in about 10-15 minutes." His message was signed "Janam Fadaye Rahbar," which reportedly means "I will sacrifice my soul for my leader."

The InstantSLL.it Web site is currently offline.

Robert Graham, the CEO of Errata Security, believes ComodoHacker is telling a straight story.



"As a pentester who does attacks similar to what the ComodoHacker did, I find it credible," Graham said Sunday on the Errata blog . "I find it probable that (1) this is the guy, (2) he acted alone, (3) he is Iranian, (4) he's patriotic but not political."

But Mikko Hypponen, the chief research officer of Helsinki-based F-Secure, sounded skeptical.
"Do we really believe that a lone hacker gets into a [certificate authority], can generate any cert he wants...and goes after login.live.com instead of paypal.com?" asked Hypponen on Twitter .
Graham had an answer for Hypponen's question.

"[Comodo Hacker] started with one goal, that of factoring RSA keys, and ended up reaching a related goal, forging certificates," said Graham. "He didn't think of PayPal because he wasn't trying to do anything at all with the forged certificates."

ComodoHacker also lit into the West -- Western media in particular -- for quickly concluding that the Iranian government was involved when it had downplayed possible U.S. and Israeli connections to Stuxnet, the worm that most experts believe was aimed at Iran's nuclear program .

He also threatened to unleash his skills against those he said were enemies of Iran.
"Anyone inside Iran with problems, from fake Green Movement to all MKO members and two-faced terrorists, should [be] afraid of me personally," said ComodoHacker. "I won't let anyone inside Iran, harm people of Iran, harm my country's Nuclear Scientists, harm my Leader (which nobody can), harm my President."

MKO, or the "People's Mujahedin of Iran," is an Islamic group that advocates the overthrow of the current government of Iran.

"As I live, you don't have privacy in internet, you don't have security in digital world, just wait and see," ComodoHacker said.
Comodo was not available Sunday for comment on ComodoHacker's claims.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

-csoonline.com

Selasa, 29 Maret 2011

KRISIS NUKLIR JEPANG : RADIASI PLUTONIUM TERDETEKSI, 4 Reaktor Beresiko Meleleh Bersamaan

People work in the control room of reactor No. 2 with restored lighting at the earthquake and tsunami affected Fukushima Daiichi nuclear power plant

Radiasi yang berasal dari PLTN Fukushima Daiichi kini mulai mencemari daratan dan laut sekitar kompleks PLTN, membuat para pejabat khawatir telah terjadi pelelehan inti reaktor secara parsial.Para pejabat pengelola PLTN mengakui kemarin (28/03/2011) telah menemukan PLUTONIUM di daratan sekitar PLTN, walau demikian pejabat tersebut menekankan bahwa jumlah material PLUTONIUM sedikit dan bukan ancaman bagi masyarakat,seperti dilaporkan Associated Press. Radiasi juga terdeteksi sejauh satu mil utara PLTN.
Didalam PLTN, video menangkap asap mengepul dari reaktor-reaktor no.2 dan no.3, terlihat juga terjadi upaya keras dilakukan. Seluruh reaktor sejauh ini mampu menahan tekanan, walaupun ada retakan-retakan pada beton dan komponen-komponen baja.



Air yang teradiasi radioaktif telah ditemukan pada 4 reaktor yang ada di PLTN tersebut, dimana para pekerja masih terus berupaya memompanya keluar. Para pejabat menyatakan bahwa bahwa air yang terkontaminasi harus dikeluarkan sebelum para pekerja dapat menghidupkan dan memulihkan kembali sistem pendingin reaktor. Para pekerja yang bertugas di dalam PLTN tidur di lorong-lorong dan ruang-ruang rapat dengan menggunakan lembaran-lembaran Timah sebagai pelindung terhadap radiasi.
Fisikawan Amerika Serikat Michio Kaku menyatakan " Nampaknya ada sebuah retakan, retakan pada inti reaktor yang menjadi jalan keluarnya radiasi. Ini artinya  jika inti mulai meleleh, kita kemungkinan besar akan menghadapi resiko ledakan akibat tekanaan, ledakan hydrogen seperti yang terjadi di Chernobyl.
Kabar semacam ini diketahui hanya berselang satu hari setelah para pejabat meminta maaf atas ketakakuratan pembacaan level aktivitas radiasi radioaktif yang meningkat tajam, yang mengakibatkan kepanikan sehingga para pekerja berhamburan lari keluar dari PLTN.

Angka pengukuran radiasi kemarin itu tak akurat, jelas juru bicara Tokyo Electric Power, Takashi Kurita."Kami minta maaf". Kesalahan ini memunculkan kecaman tajam terhadap pemerintah.
"POINT OF NO RETURN"

"Kesalahan semacam itu bukanlah sesuatu yang harus dimaafkan atau dapat diterima," ujar Yuki Edano, Juru bicara pemerintah.

ABC News pun mendatangi markas Tokyo Electric Power Co untuk menanyakan langsung kepada Kurita perihal situasi terakhir sesungguhnya sehubungan berita-beriata yang saling bertentangan satu sama lainnya dari PLTN Fukushima Daiichi.

Kurita kepada ABC News menyatakan " Kami meminta maaf atas ketaknyamanan yang dialami semua pihak." "Kami terus berupaya untuk menstabilkan situasinya. Kami berupaya untuk menyampaikan informasi yang paling akurat."Mempertanyakan mengapa kenapa tidak ada bantuan pertolongan dalam pemulihan PLTN, Kurita berkata," saya  sepakat dengan anda, sesungguhnya kami sedanng melakukan upaya yang terbaik. Tetapi disaat yang sama, pemerintah dan juga perusahaan-perusahaan dan para palaku ekonomi dan angkatan bersenjata dan pemadam kebakaran dan seluruh pihak telah memberikan seluruh dukungannya kepada kami untuk menenangkan situasi.


AIR RADIOAKTIF BERPOTENSI BOCOR KE LAUTAN

Hidehiko Nishiyama, seorang juru bicara Badan Keamanan Nuklir dan Industrial mengungkapkan kepada para wartawan bahwa air radioaktif berpotensi telah bocor ke perairan laut.

Pengukuran tingkat radiasi terakhir mengindikasikan bahwa kontaminasi di laut telah menyebar sejauh 1 mil ke arah utara dari PLTN, ungkap Associate Press.

Pada Minggu malam, Nishiyama mengakui tantangan-tantangan yang sedang dihadapi dalam berbagai upaya pemulihan tetapi ia berkeyakinan bahwa hingga kini masih dapat distabilkan.

"Permasalahannya hingga kini tak seorang pun yang dapat menjangkau turbin-turbin pembangkit dimana sumber utama elektrikal harus diperbaiki. Ada kemungkinan kita harus melupakan rencana tersebut," ujarnya.

Sementara itu, para pakar di PLTN Fukushima Daiichi dan Badan Keamanan Nuklir dan Industrial menyatakan bahwa material-material radioaktif yang ditemukan sangat mungkin bocor langsung dari Inti Reaktor, dan ini menunjukan adanya kebocoran.

Fisikawan Kaku menyatakan Jika level radiasi meningkat terlampau tinggi, maka tidak ada lagi titik untuk kembali.

-ABC News | Martin Simamora


Advertising Austrian Efficiency? True! It’s a Miracle!

Ranked first in the EU, E-government in the Alpine Republic is now saving millions for business with online registrations
Austria’s savvy tech interfaces have been a boon to business | Photo: Alina Grigorescu

There is a word in Austrian German that seems to perfectly sum up the efficiency of your average bureaucrat: Amtsschimmel, a wondrous reference to the layer of mold-like dust collecting on government records. Or maybe, say others, the word derived from “simile” and the endless repetitive use of packaged phrases. Either way, the meaning is the same: Bureaucracy works slowly.

Therefore it may come as a surprise that Austria is leading the way in scraping off the mold – thanks to the digitization of its processes and archives. In December, the country was declared the European Champion in E-Government for the fourth straight year during the Belgian Conference on E-Government.

“The overall goal was, you can do the complete process without paper,” said Christian Rupp, spokesperson for federal platform Digital Austria, the agency responsible for computerizing nearly every aspect of government work.

Though Austria has been taking steps towards a more paperless government for decades, it wasn't until the 2004 Austria E-Government Act that the country started to become a model for Europe.

Rupp estimates that each year between 30 and 40 delegations from across Europe and the Arab world come to Austria seeking best practice guidance for computerizing government processes and systems.


If you wanted to pull up a law from December 1945, say, about restrictions on the schilling, it would take about as long as finding one that was passed last year. That is to say, seconds.

But the biggest gains to be had aren't through looking up old laws or saving reams of paper, but in increasing the speed and ease of doing business.

“If you open a new company, you can do it completely electronically, without paper, without going anywhere,” Rupp said, adding that nearly all government services can be accessed even at midnight on Sunday.

Additionally there are dozens of Internet portals operated by the Federal Chancellery that provide one-stop shops on everything from conducting business to setting up health care. The most recent, which offers help to entrepreneurs, was launched within the last year.

The move online is an important one considering that by 2015, only two out of every 10 jobs will require no computer skills.

All this was highlighted in the report Doing Business 2011, published in November by the World Bank ranking each country on the ease of doing business. Overall, Austria placed 32nd, but ranked first for its advancements in introducing electronic communication between notaries and the registry.

“(Each year) with all the electronic submissions instead of classical postman delivery, we save €1.7 million,” said Manfred Buric, an advisor with the Ministry of Justice’s Directorate for Central Administration and Coordination. He adds that the amount saved by the computerization of the land registry is enough to pay for high-speed computers to run the system as well as maintenance on them.

The move to a paperless operation certainly has its broader monetary advantages. One of the most striking figures is how much was saved on postage. The Justice Ministry estimates that from 2007 to 2009, €11.2 million euro was saved by submitting electronic documents, approximately 8.8 million over three years that would previously have been sent through the mail.

The speed of transactions has also taken off.

“A digital database with registration from lawyers out to lawyers back, used to take us about two to four weeks. Registration now, within two or three days," said Buric, adding that land registration cases begun in the morning sometimes had made it to a notary's desk by the afternoon.

The next big hurdle for e-government, Rupp said, is establishing cooperation across borders. A set of standards between countries must be put in place in order do things like setting up an Austrian company from Italy, accessing ones X-rays and medical records while on vacation in Brussels or sending an electronic bill to Bratislava.

While the next generation of social networks or computer processors is unlikely to originate here, Austria is setting the pace in how digitization can be used as a service. Many of the international delegations that Rupp deals with aren't out to learn how to develop these innovations themselves, but simply how to put them into practice.

“It’s not a problem to transfer technologies, it’s a problem to implement them,” Rupp said.

-viennareview.net


Singapore consolidates govt bills online

Singapore’s Infocomm Development Authority (IDA) is planning to launch a secure e-mail system allowing citizens to receive correspondences from various government agencies online.

The secure digital mailbox dubbed OneInbox aims to make tracking of bills and statement from different government agencies–from tax statements to TV license renewals and service and conservancy bills—convenient for the citizens.
“OneInbox is part of the news approach to facilitate the paying of bills and provide citizens with a digital ‘safe deposit box for their important documents and statement,” James Kang, Government’s Chief Information Officer said in a statement last year.

OneInbox will also offer potential cost savings to agencies by reducing the need for hardcopy correspondences.

James Kang IDA


Individuals will be able to access OneInbox through the eCitizen portal (www.ecitizen.gov.sg) using their SingPass.

The proposed features for OneInbox includes SMS alerts to notify the arrival of correspondences in OneInbox; forwarding to preferred email account(s); save a local copy or print friendly version of correspondences and online archival or retention of correspondences.

Users can also click on the embedded links to other webpages to make payments. However, users cannot reply to messages receive in OneInbox.

The service will be launched by 2012.

The government said it expects about 250,000 citizens to be on OneInbox in the first year, doubling to 500,000 in the second year, and increasing to 800,000 in the third.

A study conducted by Ministry of Finance and IDA has revealed that close to 65% of survey respondents would like to receive correspondences from the government online.

Four government agencies will first allow citizens to choose for correspondence to be sent through OneInbox.



-futuregov.asia

Turkmenistan, UN to work on e-gov project

The Turkmen government and the United Nations (UN) are collaborating on a project to reform government mechanisms on e-government in the country.

The project was discussed during the meeting between Turkmenistan President Gurbangulu Berdimuhammedov and UN Secretariat Economic and Social Affairs Department Adviser Alexei Tikhomirov early this month.

Among the topics discussed are reforming and strengthening of mechanisms for public administration including macroeconomic management, personnel training and advanced training.


The Turkmenistan government is planning to introduce an e-workflow and the e-government e-document handling system. Berdimuhammedov has set tasks to implement e-document management in the regions.

The project will reform government mechanisms on energy, chemical and processing, construction, transport, telecommunications, medicine, textiles and agricultural industries.

In 2004, efforts were made to formulate a national strategy on ICT, spearheaded by the Supreme Council on Science and Technology under the President.

In 2008, Turkmenistan was included for the first time in the UN e-Government Survey, after developing a national website, when it was ranked 128 out of 189 countries.

The UN assisted Turkmenistan government in its project ICT capability development programme where seminar on Basics of Website Design for senior managers and employees of the different ministries are conducted.

“We are currently working on specifications for website design in our organization. Now we can see that many of website design parameters are missing because we have had no such experience,” said A. Karliyeva, senior specialist of the international department of marketing and advertisement of the state committee of tourism and sport of Turkmenistan.

Last year, The Civil Service Academy of Turkmenistan with the assistance of United Nations Development Programme (UNDP) has developed an e-governance training module for public administrators.


“Curriculum development inspired by latest trends in public administration worldwide and specifically inclusion of the e-governance course as a core training module for the civil servants is a big step forward for the institution,” explained UNDP’s international consultant Munira Aminova.

In 2010, The Ministry of Economy and Development and the Ministry of Communications have been instructed to create a unified system to introduce ICT into public administration as well as create a fibre-optic communication system.

-futuregov.asia

Senin, 28 Maret 2011

Old Fraud Scheme is Back

buxhit.com
An old payment card fraud scheme seems to have resurfaced in France, according to one U.S. credit union's report of suspicious low-dollar charges coming in from European toll booths.

International Airline Employees Federal Credit Union of Briarwood, N.Y., reported earlier this month to the National Association of Federal Credit Unions that suspicious transactions, usually for amounts ranging from $10 to $15, have been hitting IAEFCU Visa cards.

IAEFCU President and CEO John Gebhard says the fraud does not appear to involve stolen card numbers; rather, fraudsters are likely creating cards using nothing more than the credit union's bank identification number.

So far, Gebhard says, only small charges have been made in France, usually at tolls. The volume and dollar amounts are too low for chargeback rights. "The merchant in France is somehow forcing the transactions through," forcing IAEFCU to absorb between $100 to $200 a day, he says.

The toll charges, which fall below the floor limit of 40 euros (U.S. $55), appeared over two days, and have since stopped. "We're waiting to see what happens next," Gebhard says.

IAEFCU alerted its card insurer, CUNA Mutual. "Unfortunately," Gebhard says, "there is a $100 per card deductible, so all of the charges fall below that limit." He adds that IAEFCU's payments processor also has been reluctant to do much to stop the fraudulent transactions, saying institutions have to absorb small-dollar losses in cases such as this, even if fraudulent, since those losses are covered by interchange fees institutions collect.

"Apparently, the merchants have forgotten that, in the beginning, as the credit-card payment system was developed, merchants transferred fraud risk to the issuers, and interchange was meant, in part, to cover that expense," Gebhard says. "Now, the merchants want to claw that back," not a sustainable proposition for small card issuers like IAEFCU.

Outdated Scheme Resurfaces?

Visa could not be reached for comment, but Mike Urban, senior director of fraud product management at FICO, says the scheme is familiar, even if a bit dated. "The scheme has been around for several years," Urban says. "I haven't seen it since the late '90s or early 2000s."


The scheme relies on online applications, commonly known as "credit master" or "credit wizard," Urban says. Fraudsters use these applications to create legitimate card numbers for a given BIN, which is easy for fraudsters to find online. "It may not be an active card number, but it could be a possible or potential card number," he says. "They then test the BIN by just running it through. It creates an algorithm."

And that algorithm is checked when a card is run through at a point of sale, before authorization of other card details such as the CVV or CVC information and/or card expiration date. At an unattended payment terminal like a toll booth, where no card authorization is required, fraudsters have a loophole. It offers the perfect opportunity to use fake cards.

"European road tolls are normally abused by networks of truckers, who know the checks performed are weak," Urban says. "The short-term remediation at the tolls is to apply blocks to ranges of invalid card numbers on the toll road hot list," assuming, Urban adds, that no legitimate cardholder in that number range could be adversely affected by the block. "The toll road hot list is checked by the merchant/acquirer before submitting the transactions. Non-matching card numbers, i.e., invalid card numbers, should not result in any settlement."

Long-term, Urban does not believe this kind of card fraud could lead to huge losses. Without more card information, big-dollar transactions cannot be authorized. But, Urban says, "Institutions should not issue card numbers in sequential ranges, which makes applications such as credit master and credit wizard less effective."

-bankinfosecurity.com

European Commission hit By serious cyberattack

The European Commission has been hit by one of the most serious cyberattacks ever this week. Commission staff have been told to change their passwords and access to webmail and intranet from outside has been suspended.

The European Commission, including the body's diplomatic arm, has been hit by what officials said Thursday was a serious cyberattack.

euobserver.com


The attack was first detected on Tuesday and Commission sources have said that it was sustained and targeted.


External access to the Commission's e-mail and intranet has been suspended and staff have been told to change their passwords in order to prevent the "disclosure of unauthorised information," according to an internal memo to staff. Staff at the Commission, the European Union's executive and regulatory body, have also been told to send sensitive information via secure e-mail.


The event came just days ahead of the European Council summit being held on Thursday and Friday. The summit brings together the leaders of E.U. member states and crucial decisions will be made on economic strategy, the war in Libya and the future structure of the E.U.


This led to early speculation that the source of the attacks may be Libya, but the Commission was quick to rule this out. The attack is thought to be similar to the cyberattack on the French government in the run up to the G20 Summit in February 2010. That assault involved malware and targeted e-mail, with some of the related stolen information redirected to China.



Commission administration spokesman Antony Gravili said officials would not speculate on the source of the attacks in such a sensitive security matter. He did, however, confirm that the attackers targeted the information of some Commission officials, in particular at the External Action Service, the body's foreign diplomatic arm.


"We are already taking urgent measures to tackle this. An inquiry's been launched. This isn't unusual as the Commission is frequently targeted," said Gravili. He added that there was no concrete evidence that the attack is linked to the E.U. summit.

-.csoonline.com


Winners Ireland's eGovernment Awards 2011

The winners of Ireland's eGovernment Awards 2011 were eagerly awaited by an enthusiastic crowd, who attended this year's awards in Dublin Castle. The winners included:


  • Overall Winner Ireland's eGovernment Awards 2011
Ireland's eGovernment Overall Winner Courts Service and An Garda Síochána - "CJIP" - Criminal Justice Interoperability Programme
  • Ireland's People's Choice eGovernment Award
Irish eGovernment Category Winner National Council for Curriculum & Assessment – Curriculum Planning Tool
  • Ireland's Accessible eGovernment Award
Irish eGovernment Category Winner Kildare Sports and Leisure Facilities Ltd (K Leisure)
  • Ireland's Central eGovernment Award
Irish eGovernment Category Winner National Archives - Census 1901 and 1911 Online
  • Ireland's Cross Agency eGovernment Award
Irish eGovernment Category Winner Courts Service and An Garda Síochána - "CJIP" - Criminal Justice Interoperability Programme
  • Ireland's Education eGovernment Award
Irish eGovernment Category Winner Health Service Executive for HSELanD.ie
  • Ireland's Innovation eGovernment Award
Irish eGovernment Category Winner Dublin Tourism for Visit Dublin App
  • Ireland's Irish Language eGovernment Award
Irish eGovernment Category Winner FIONTAR, Ollscoil Chathair Bhaile Átha Cliath (DCU) for The Placenames Database of Ireland - logainm.ie 
  • Ireland's Local eGovernment Award
Irish eGovernment Category Winner Westmeath County Council for Westmeath County Council Online Services
  • Ireland's Marketing eGovernment Award
Irish eGovernment Category Winner Bord Gáis Energy for The Think Beyond App
  • Ireland's Open Source eGovernment Award
Irish eGovernment Category Winner National Library of Ireland (NLI) for Single Discovery Interface Project
  • Ireland's Project Management eGovernment Award
Irish eGovernment Category Winner The Property Registration Authority (PRA) in collaboration with the Department of Health and Children (DoHC) and the Health Service Executive (HSE) for A Fair Deal - Electronic Charging Orders
  • Promoting Ireland Overseas Award
Irish eGovernment Category Winner Fáilte Ireland for Meet in Ireland.com - Promoting Business Tourism
  • Ireland's State Body eGovernment Award
Irish eGovernment Category Winner Road Safety Authority for RSA website design and development project
-.irishegovernmentawards.ie

Corruption Perceptions Index 2018

Why China is building islands in the South China Sea

INDONESIA NEW CAPITAL CITY

World Economic Forum : Smart Grids Explained

Berita Terbaru


Get Widget