BF GOODRICH ( 15T016000 )

Dated: AUG 07, 2015 Michelin North America, Inc. (MNA) is recalling certain BFGoodrich Commercial T/A All-Season tire size LT275/70R18 125/122Q LRE, BFGoodrich Commercial T/A All-Season 2 sizes LT275/70R18 125/122R LRE, …

Adobe Releases Security Update for ColdFusion

Original release date: August 28, 2015

Adobe has released a security update for ColdFusion to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system.

Users and administrators are encouraged to review the Adobe Security Bulletin APSB15-21 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

TA15-240A: Controlling Outbound DNS Access

Original release date: August 28, 2015

Systems Affected

Networked systems

Overview

US-CERT has observed an increase in Domain Name System (DNS) traffic from client systems within internal networks to publically hosted DNS servers. Direct client access to Internet DNS servers, rather than controlled access through enterprise DNS servers, can expose an organization to unnecessary security risks and system inefficiencies. This Alert provides recommendations for improving security related to outbound DNS queries and responses.

Description

Client systems and applications may be configured to send DNS requests to servers other than authorized enterprise DNS caching name servers (also called resolving, forwarding or recursive name servers). This type of configuration poses a security risk and may introduce inefficiencies to an organization.   

Impact

Unless managed by perimeter technical solutions, client systems and applications may connect to systems outside the enterprise’s administrative control for DNS resolution. Internal enterprise systems should only be permitted to initiate requests to and receive responses from approved enterprise DNS caching name servers. Permitting client systems and applications to connect directly to Internet DNS infrastructure introduces risks and inefficiencies to the organization, which include:

  • Bypassed enterprise monitoring and logging of DNS traffic; this type of monitoring is an important tool for detecting potential malicious network activity.
  • Bypassed enterprise DNS security filtering (sinkhole/redirect or blackhole/block) capabilities; this may allow clients to access malicious domains that would otherwise be blocked.
  • Client interaction with compromised or malicious DNS servers; this may cause inaccurate DNS responses for the domain requested (e.g., the client is sent to a phishing site or served malicious code).
  • Lost protections against DNS cache poisoning and denial-of-service attacks. The mitigating effects of a tiered or hierarchical (e.g., separate internal and external DNS servers, split DNS, etc.) DNS architecture used to prevent such attacks are lost.  
  • Reduced Internet browsing speed since enterprise DNS caching would not be utilized.

Solution

Implement the recommendations below to provide a more secure and efficient DNS infrastructure. Please note that these recommendations focus on improving the security of outbound DNS query or responses and do not encompass all DNS security best practices.  

  • Configure operating systems and applications (including lower-tier DNS servers intended to forward queries to controlled enterprise DNS servers) to use only authorized DNS servers within the enterprise for outbound DNS resolution.
  • Configure enterprise perimeter network devices to block all outbound User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) traffic to destination port 53, except from specific, authorized DNS servers (including both authoritative and caching/forwarding name servers).  
    • Additionally, filtering inbound destination port 53 TCP and UDP traffic to only allow connections to authorized DNS servers (including both authoritative and caching/forwarding name servers) will provide additional protections. 
  • Refer to Section 12 of the NIST Special Publication 800-81-2 for guidance when configuring enterprise recursive DNS resolvers. [1]

References

Revision History

  • August 28, 2015: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

A partnership to secure and protect the emerging Internet of Things

Android Nexus 7 tablets attached to  a monitor next to intensive care hospital bed

The digital world once existed largely in non-material form. But with the rise of connected homes, smart grids and autonomous vehicles, the cyber and the physical are merging in new and exciting ways. These hybrid forms are often called cyber-physical systems (CPS), and are giving rise to a new Internet of Things.

Such systems have unique characteristics and vulnerabilities that must be studied and addressed to make sure they are reliable and secure, and that they maintain

More at http://www.nsf.gov/news/news_summ.jsp?cntn_id=136104&WT.mc_id=USNSF_51&WT.mc_ev=click


This is an NSF News item.

Satellite Technology and Spectrum Key to Better Weather Forecasting

Guest blog post by Under Secretary for Oceans and Atmosphere and Administrator of the National Oceanic and Atmospheric Administration Dr. Kathryn Sullivan and Assistant Secretary for Communications and Information and NTIA Administrator Lawrence E. Strickling.

August 28, 2015

Ten years ago, one of the deadliest hurricanes in history struck the Gulf Coast, decimating coastal cities and communities from Gulfport, Miss., to New Orleans.  At the time, the National Weather Service (NWS), an agency of the U.S. Commerce Department’s National Oceanic and Atmospheric Administration (NOAA), accurately forecasted more than two days ahead of time that the central Gulf Coast would be directly impacted by Hurricane Katrina. While this forecast undoubtedly helped limit the loss of life and property, communities across the Gulf Coast still suffered billions of dollars in damage and hundreds died in the storm’s aftermath, according to NOAA’s National Climatic Data Center.

A comparison of the cone of uncertainty given 2005 forecasting capability and 2015 forecasting capability.
A comparison of the cone of uncertainty given 2005 forecasting capability and 2015 forecasting capability.

A decade later, we are better positioned to deal with these types of disasters. In recent years, NOAA has deployed new satellite technology that has dramatically improved the NWS’s forecasting ability, allowing meteorologists to issue more accurate forecasts, with more lead time, for a hurricane or another major weather event. Such information will allow local officials to better target evacuations to those areas most likely to be affected and avoid disruptions to unaffected areas.  NOAA has also made significant investments in its supercomputing capacity to improve its hurricane forecasting capabilities.

read more

Prenatal Ambient Air Pollution, Placental Mitochondrial DNA Content, and Birth Weight in the INMA (Spain) and ENVIRONAGE (Belgium) Birth Cohorts

Author Affiliations open
1Center for Environmental Sciences, Hasselt University, Diepenbeek, Belgium; 2Center for Research in Environmental Epidemiology (CREAL), Barcelona, Spain; 3Institute for environmental medicine (IMM), Karolinska Institutet, Sweden; 4CIBER de Epidemiología y Salud Pública (CIBERESP), Institute of Health Carlos III, Madrid, Spain; 5Universitat Pompeu Fabra, Barcelona, Spain; 6Center for Genomic Regulation (CRG), Barcelona, Spain; 7Health Research Institute (BIODONOSTIA), Gipuzkoa, Spain; 8Department of Radiology, University of Granada, Granada, Spain; 9Instituto de Investigación Biosanitaria de Granada, ibs.GRANADA, Hospital Universitario San Cecilio, Granada, Spain; 10Belgian Interregional Environment Agency, Brussels, Belgium; 11Department of Obstetrics, East-Limburg Hospital, Genk, Belgium; 12Foundation for the Promotion of Health and Biomedical Research in the Valencian Region (FISABIO), Valencia, Spain; 13University of Valencia, Valencia, Spain; 14Flemish Institute for Technological Research (VITO), Mol, Belgium; 15INSERM (National Institute of Health and Medical Research), U823, Team of Environmental Epidemiology Applied to Reproduction and Respiratory Health, Institute Albert Bonniot, Grenoble, France; 16Molecular Epidemiology of Cancer Unit, University Institute of Oncology, University of Oviedo, Oviedo, Spain; 17IMIM (Hospital del Mar Research Institute), Barcelona, Spain; 18Department of Public Health & Primary Care, Unit Environment & Health, Leuven University, Leuven, Belgium

Accessible PDF icon PDF Version (1.9 MB)

  • Background: Mitochondria are sensitive to environmental toxicants due to their lack of repair capacity. Changes in mitochondrial DNA (mtDNA) content may represent a biologically relevant intermediate outcome in mechanisms linking air pollution and fetal growth restriction.

    Objective: We investigated whether placental mtDNA content is a possible mediator of the association between prenatal NO2 exposure and birth weight.

    Methods: We used data from two independent European cohorts: INMA (n=376; Spain) and ENVIRONAGE (n=550; Belgium). Relative placental mtDNA content was determined as the ratio of two mitochondrial genes (MT-ND1 and MTF3212/R3319) to two control genes (RPLP0 and ACTB). Effect estimates for individual cohorts and the pooled dataset were calculated using multiple linear regression and mixed models. We also performed a mediation analysis.

    Results: Pooled estimates indicated that a 10µg/m3 increment in average NO2 exposure during pregnancy was associated with a 4.9% decrease in placental mtDNA content (95% confidence interval (CI): -9.3, -0.3%). and a 48g decrease (95% CI: -87, -9g) in birth weight. However, the association with birth weight was significant for INMA (-66g; 95% CI: -111, -23g) but not for ENVIRONAGE (-20g; 95% CI: -101, 62g). Placental mtDNA content was associated with significantly higher mean birth weight (pooled analysis, IQR increase: 140g; 95% CI: 43, 237g). Mediation analysis estimates, which were derived for the INMA cohort only, suggested that 10% (95% CI: 6.6, 13.0g) of the association between prenatal NO2 and birth weight was mediated by changes in placental mtDNA content.

    Conclusion: Our results suggest that mtDNA content can be one of the potential mediators of the association between prenatal air pollution exposure and birth weight.

  • This EHP Advance Publication article has been peer-reviewed, revised, and accepted for publication. EHP Advance Publication articles are completely citable using the DOI number assigned to the article. This document will be replaced with the copyedited and formatted version as soon as it is available. Through the DOI number used in the citation, you will be able to access this document at each stage of the publication process.

    Citation: Clemente DB, Casas M, Vilahur N, Begiristain H, Bustamante M, Carsin AE, Fernández MF, Fierens F, Gyselaers W, Iñiguez C, Janssen BG, Lefebvre W, Llop S, Olea N, Pedersen M, Pieters N, Santa Marina L, Souto A, Tardón A, Vanpoucke C, Vrijheid M, Sunyer J, Nawrot TS. Prenatal Ambient Air Pollution, Placental Mitochondrial DNA Content, and Birth Weight in the INMA (Spain) and ENVIRONAGE (Belgium) Birth Cohorts. Environ Health Perspect; http://dx.doi.org/10.1289/ehp.1408981.

    Received: 22 July 2014
    Accepted: 25 August 2015
    Advance Publication: 28 August 2015

    EHP strives to ensure that all journal content is accessible to all readers. However, some figures and Supplemental Material published in EHP articles may not conform to 508 standards due to the complexity of the information being presented. If you need assistance accessing journal content, please contact ehp508@niehs.nih.gov. Our staff will work with you to assess and meet your accessibility needs within 3 working days.

  • Accessible PDF icon Supplemental Material PDF (398 KB)


    Note to Readers: EHP has provided a 508-conformant table of contents summarizing the Supplemental Material for this article (see below) so that readers with disabilities may determine whether they wish to access the full, nonconformant Supplemental Material. If you need assistance accessing this or any other content on this site, please contact ehp508@niehs.nih.gov. Our staff will work with you to assess and meet your accessibility needs within 3 working days.

    Accessible PDF icon Supplemental Table of Contents PDF (102 KB)

Constraints on Vesta’s Interior Structure Using Gravity and Shape Models from the Dawn Mission

Abstract: We use the shape and gravity field of Vesta determined from observations of the Dawn spacecraft to place constraints on the asteroid’s interior structure. We compute a three-layer interior structure model by minimizing the power of the residual gravity anomaly. The densities of the mantle and crust are based on constraints derived from the Howardite-Eucrite-Diogenite (HED) meteorites. Vesta’s present-day shape is not in hydrostatic equilibrium. The Rheasilvia and Veneneia impact basins have a…

Quantifying Evapotranspiration from Urban Green Roofs: A Comparison of Chamber Measurements with Commonly Used Predictive Methods

Abstract: Quantifying green roof evapotranspiration (ET) in urban climates is important for assessing environmental benefits, including stormwater runoff attenuation and urban heat island mitigation. In this study, a dynamic chamber method was developed to quantify ET on two extensive green roofs located in New York City, NY. Hourly chamber measurements taken from July 2009 to December 2009 and April 2012 to October 2013 illustrate both diurnal and seasonal variations in ET. Observed monthly total ET d…

USAID Announces $10 Million in New Global Research Collaboration


Undefined
Friday, August 28, 2015

The U.S. Agency for International Development’s (USAID) U.S. Global Development Lab today announced $10 million for 45 new research projects that will address evidence gaps and advance technical capacity in critical areas of development. Spanning 23 USAID partner countries, the 45 new projects are funded through the Partnerships for Enhanced Engagement in Research (PEER) program, an initiative designed to foster collaborative global research. The U.S. National Academies of Sciences, Engineering and Medicine implements the program.

TankSIM: A Cryogenic Tank Performance Prediction Program

Abstract: Developed for predicting the behavior of cryogenic liquids inside propellant tanks under various environmental and operating conditions. Provides a multi-node analysis of pressurization, ullage venting and thermodynamic venting systems (TVS) pressure control using axial jet or spray bar TVS. Allows user to combine several different phases for predicting the liquid behavior for the entire flight mission timeline or part of it. Is a NASA in-house code, based on FORTRAN 90-95 and Intel Visual FO…

Notice of 09/29/2015 Cybersecurity Vulnerability Disclosure Multistakeholder Process Meeting

Date: 
August 28, 2015

NTIA will convene meetings of a multistakeholder process concerning the collaboration between security researchers and software and system developers and owners to address security vulnerability disclosure. This Notice announces the first meeting, which is scheduled for September 29, 2015. The meeting will be held on September 29, 2015, from 9:00 a.m. to 3:00 p.m., Pacific Time. The meeting will be held in the Booth Auditorium at the University of California, Berkeley, School of Law, Boalt Hall, Bancroft Way and Piedmont Avenue, Berkeley, CA 94720-7200.

FOR FURTHER INFORMATION CONTACT: Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue, NW, Room 4725, Washington, DC 20230; telephone (202) 482-4281; email; afriedman@ntia.doc.gov. Please direct media inquiries to NTIA’s Office of Public Affairs, (202) 482-7002; email press@ntia.doc.gov.

An HST COS "SNAPshot" Spectrum of the K-Supergiant (Lambda)Vel (K4Ib-II)

Abstract: We present a far-ultraviolet spectrum of the K4 Ib-II supergiant (Lambda)Vel obtained with the Hubble Space Telescope’s Cosmic Origins Spectrograph (COS) as a part of the SNAPshot program “SNAPing coronal iron” (GO 11687). The observation covers a wavelength region (1326-1467 A) not previously recorded for (Lambda)Vel at a spectral resolving power of R approx. 20,000 and displays strong emission and absorption features, superposed on a bright chromospheric continuum. Fluorescent excitation is…

Personal Income and Outlays, July 2015

Personal income increased $67.1 billion, or 0.4 percent, and disposable personal income (DPI) increased $61.5 billion, or 0.5 percent, in July, according to the Bureau of Economic Analysis. Personal consumption expenditures (PCE) increased $37.4 billion, or 0.3 percent. In June, personal income increased $59.4 billion, or 0.4 percent, DPI increased $52.4 billion, or 0.4 percent, and PCE increased $31.8 billion, or 0.3 percent, based on revised estimates. Full Text

Challenges in Measuring External Currents Driven by the Solar Wind-Magnetosphere Interaction

Abstract: In studying the Earth’s geomagnetism, it has always been a challenge to separate magnetic fields from external currents originating from the ionosphere and magnetosphere. While the internal magnetic field changes very slowly in time scales of years and more, the ionospheric and magnetospheric current systems driven by the solar wind -magnetosphere interaction are very dynamic. They are intimately controlled by the ionospheric electrodynamics and ionospheremagnetosphere coupling. Single spacec…