National Library of Energy BETA

Sample records for authentication bypass vulnerability

  1. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 57: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

  2. V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for

  3. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  4. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

  5. T-646: Debian fex authentication bypass | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    46: Debian fex authentication bypass T-646: Debian fex authentication bypass June 14, 2011 - 3:45pm Addthis PROBLEM: The vulnerability is caused due to the application not properly verifying the existence of "auth-ID" when uploading files and can be exploited to bypass the authentication mechanism. PLATFORM: Debian fex ABSTRACT: Debian security discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service

  6. V-236: MediaWiki CentralAuth Extension Authentication Bypass...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, ... - Using Technology to Increase Transparency V-057: eXtplorer "extfinduser()" ...

  7. U-169: Sympa Multiple Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions.

  8. U-188: MySQL User Login Security Bypass and Unspecified Vulnerability

    Broader source: Energy.gov [DOE]

    An error when verifying authentication attempts can be exploited to bypass the authentication mechanism.

  9. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  10. V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    issued a fix (7.1.2). Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  11. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information

    Broader source: Energy.gov [DOE]

    Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information.

  12. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  13. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

  14. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  15. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors

  16. V-036: EMC Smarts Network Configuration Manager Database Authentication

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Vulnerability | Department of Energy 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts

  17. U-234: Oracle MySQL User Login Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions.

  18. V-200: Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    The vulnerabilities can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions

  19. V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

  20. T-646: Debian fex authentication bypass | Department of Energy

    Energy Savers [EERE]

    PLATFORM: Debian fex ABSTRACT: Debian security discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the ...

  1. U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.

  2. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration.

  3. V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets

  4. U-267: RSA® Authentication Agent 7.1 for Microsoft Windows®...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step reference LINKS: SecurityTracker Alert ID: 1027559 Bugtraq ID: 55662 CVE-2012-2287...

  5. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis...

  6. V-186: Drupal Login Security Module Security Bypass and Denial...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability ... Related Articles U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass ...

  7. T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

  8. V-216: Drupal Monster Menus Module Security Bypass and Script...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities ... Addthis Related Articles V-186: Drupal Login Security Module Security Bypass and Denial of ...

  9. V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities December ... Addthis Related Articles V-216: Drupal Monster Menus Module Security Bypass and Script ...

  10. V-223: RSA Authentication Agent for PAM Allows Remote Users to...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    has issued a fix Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  11. V-127: Samba Bug Lets Remote Authenticated Users Modify Files...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was...

  12. T-540: Sybase EAServer Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information.

  13. V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 2: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities December 21, 2012 - 12:15am Addthis PROBLEM: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities PLATFORM: Drupal 6.x versions prior to 6.27 Drupal 7.x versions prior to 7.18 ABSTRACT: Drupal Core Multiple vulnerabilities REFERENCE LINKS: SA-CORE-2012-004 - Drupal core

  14. V-216: Drupal Monster Menus Module Security Bypass and Script Insertion

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 6: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities August 12, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in the Monster Menus module for Drupal PLATFORM: Drupal Monster Menus Module 6.x and 7.x ABSTRACT: The vulnerabilities can be exploited by malicious users to bypass certain security restrictions and

  15. V-231: Cisco Identity Services Engine Discloses Authentication Credentials

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to Remote Users | Department of Energy 1: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users August 30, 2013 - 3:01am Addthis PROBLEM: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials. PLATFORM: Cisco Identity Services Engine (ISE) 1.x ABSTRACT: A vulnerability was reported in Cisco Identity Services

  16. Low-bandwidth authentication.

    SciTech Connect (OSTI)

    Donnelly, Patrick Joseph; McIver, Lauren; Gaines, Brian R.; Anderson, Erik; Collins, Michael Joseph; Thomas,Kurt Adam; McDaniel, Austin

    2007-09-01

    Remotely-fielded unattended sensor networks generally must operate at very low power--in the milliwatt or microwatt range--and thus have extremely limited communications bandwidth. Such sensors might be asleep most of the time to conserve power, waking only occasionally to transmit a few bits. RFID tags for tracking or material control have similarly tight bandwidth constraints, and emerging nanotechnology devices will be even more limited. Since transmitted data is subject to spoofing, and since sensors might be located in uncontrolled environments vulnerable to physical tampering, the high-consequence data generated by such systems must be protected by cryptographically sound authentication mechanisms; but such mechanisms are often lacking in current sensor networks. One reason for this undesirable situation is that standard authentication methods become impractical or impossible when bandwidth is severely constrained; if messages are small, a standard digital signature or HMAC will be many times larger than the message itself, yet it might be possible to spare only a few extra bits per message for security. Furthermore, the authentication tags themselves are only one part of cryptographic overhead, as key management functions (distributing, changing, and revoking keys) consume still more bandwidth. To address this problem, we have developed algorithms that provide secure authentication while adding very little communication overhead. Such techniques will make it possible to add strong cryptographic guarantees of data integrity to a much wider range of systems.

  17. U-104: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  18. V-187: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

  19. V-097: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  20. U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions.

  1. System and method for authentication

    DOE Patents [OSTI]

    Duerksen, Gary L.; Miller, Seth A.

    2015-12-29

    Described are methods and systems for determining authenticity. For example, the method may include providing an object of authentication, capturing characteristic data from the object of authentication, deriving authentication data from the characteristic data of the object of authentication, and comparing the authentication data with an electronic database comprising reference authentication data to provide an authenticity score for the object of authentication. The reference authentication data may correspond to one or more reference objects of authentication other than the object of authentication.

  2. V-186: Drupal Login Security Module Security Bypass and Denial of Service

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerability | Department of Energy 6: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability June 26, 2013 - 1:28am Addthis PROBLEM: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability PLATFORM: Login Security 6.x-1.x versions prior to 6.x-1.2. Login Security 7.x-1.x versions prior to 7.x-1.2. ABSTRACT: A security issue and a vulnerability have been

  3. V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  4. U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.

  5. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  6. U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: IBM Lotus Expeditor Multiple Vulnerabilities U-198: IBM Lotus Expeditor Multiple Vulnerabilities June 25, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus Expeditor. PLATFORM: IBM Lotus Expeditor 6.x ABSTRACT: The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.. Reference Links: Vendor Advisory

  7. Authentication of byte sequences

    SciTech Connect (OSTI)

    Stearns, S.D.

    1991-06-01

    Algorithms for the authentication of byte sequences are described. The algorithms are designed to authenticate data in the Storage, Retrieval, Analysis, and Display (SRAD) Test Data Archive of the Radiation Effects and Testing Directorate (9100) at Sandia National Laboratories, and may be used in similar situations where authentication of stored data is required. The algorithms use a well-known error detection method called the Cyclic Redundancy Check (CRC). When a byte sequence is authenticated and stored, CRC bytes are generated and attached to the end of the sequence. When the authenticated data is retrieved, the authentication check consists of processing the entire sequence, including the CRC bytes, and checking for a remainder of zero. The error detection properties of the CRC are extensive and result in a reliable authentication of SRAD data.

  8. Multi-factor authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-10-21

    Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

  9. V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Issue | Department of Energy 4: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue September 4, 2013 - 6:00am Addthis PROBLEM: A weakness and a security issue have been reported in EMC RSA Archer GRC PLATFORM: EMC RSA Archer GRC 5.x ABSTRACT: This fixes multiple vulnerabilities, which can be exploited to bypass certain security restrictions and to conduct spoofing

  10. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591

  11. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Password | Department of Energy 5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password. PLATFORM: Open LDAP version(s) 2.4.12 - 2.2.24 ABSTRACT: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password. reference LINKS: SecurityTracker

  12. Authentication of quantum messages.

    SciTech Connect (OSTI)

    Barnum, Howard; Crépeau, Jean-Claude; Gottesman, D.; Smith, A.; Tapp, Alan

    2001-01-01

    Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that both enables A to encrypt and authenticate (with unconditional security) an m qubit message by encoding it into m + s qubits, where the probability decreases exponentially in the security parameter s. The scheme requires a private key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically: authentication and encryption are independent tasks, and one can authenticate a message while leaving it publicly readable. This reasoning has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.

  13. Secure authenticated video equipment

    SciTech Connect (OSTI)

    Doren, N.E.

    1993-07-01

    In the verification technology arena, there is a pressing need for surveillance and monitoring equipment that produces authentic, verifiable records of observed activities. Such a record provides the inspecting party with confidence that observed activities occurred as recorded, without undetected tampering or spoofing having taken place. The secure authenticated video equipment (SAVE) system provides an authenticated series of video images of an observed activity. Being self-contained and portable, it can be installed as a stand-alone surveillance system or used in conjunction with existing monitoring equipment in a non-invasive manner. Security is provided by a tamper-proof camera enclosure containing a private, electronic authentication key. Video data is transferred communication link consisting of a coaxial cable, fiber-optic link or other similar media. A video review station, located remotely from the camera, receives, validates, displays and stores the incoming data. Video data is validated within the review station using a public key, a copy of which is held by authorized panics. This scheme allows the holder of the public key to verify the authenticity of the recorded video data but precludes undetectable modification of the data generated by the tamper-protected private authentication key.

  14. U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    46: Adobe Reader/Acrobat Multiple Vulnerabilities U-146: Adobe Reader/Acrobat Multiple Vulnerabilities April 12, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat. PLATFORM: Adobe Acrobat 9.x Adobe Acrobat X 10.x Adobe Reader 9.x Adobe Reader X 10.x ABSTRACT: Vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive

  15. U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks

    Broader source: Energy.gov [DOE]

    RSA Authentication Manager is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.

  16. Authentication Without Secrets

    SciTech Connect (OSTI)

    Pierson, Lyndon G.; Robertson, Perry J.

    2015-11-01

    This work examines a new approach to authentication, which is the most fundamental security primitive that underpins all cyber security protections. Current Internet authentication techniques require the protection of one or more secret keys along with the integrity protection of the algorithms/computations designed to prove possession of the secret without actually revealing it. Protecting a secret requires physical barriers or encryption with yet another secret key. The reason to strive for "Authentication without Secret Keys" is that protecting secrets (even small ones only kept in a small corner of a component or device) is much harder than protecting the integrity of information that is not secret. Promising methods are examined for authentication of components, data, programs, network transactions, and/or individuals. The successful development of authentication without secret keys will enable far more tractable system security engineering for high exposure, high consequence systems by eliminating the need for brittle protection mechanisms to protect secret keys (such as are now protected in smart cards, etc.). This paper is a re-release of SAND2009-7032 with new figures numerous edits.

  17. Two-Factor Authentication

    Broader source: Energy.gov [DOE]

    Two-Factor Authentication (2FA) (also known as 2-Step Verification) is a system that employs two methods to identify an individual. More secure than reusable passwords, when a token's random number...

  18. International safeguards data authentication

    SciTech Connect (OSTI)

    Melton, R.B.; Smith, C.E.; DeLand, S.M.; Manatt, D.R.

    1996-07-01

    The International Safeguards community is becoming increasingly reliant on information stored in electronic form. In international monitoring and related activities it must be possible to verify and maintain the integrity of this electronic information. This paper discusses the use of data authentication technology to assist in accomplishing this task. The paper provides background information, identifies the relevance to international safeguards, discusses issues related to export controls, algorithm patents, key management and the use of commercial vs. custom software.

  19. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis PROBLEM: Cisco Unified Communications Manager contains a vulnerability that could allow an authenticated, remote attacker to inject arbitrary script code on a targeted system. PLATFORM: Cisco Unified Communications Manager versions prior to 8.5(1), 8.0(3), 7.1(5)su1, and 6.1(5)su2 are

  20. CERTIFICATE OF AUTHENTICITY

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. ~ i c h a e l G. Mueller, Chair National Coal Council I NATIONAL COAL COUNCIL 1 FULL COUNCIL MEETING FRIDAY NOVEMBER 14, 2 0 0 8 The Full Council meeting convened at 9 : 0 0 a.m. in the Washington Ballroom of the Westin Grand Hotel, 2 3 5 0 M Street, NW, Washington, DC, Chair

  1. Anonymous authenticated communications

    DOE Patents [OSTI]

    Beaver, Cheryl L.; Schroeppel, Richard C.; Snyder, Lillian A.

    2007-06-19

    A method of performing electronic communications between members of a group wherein the communications are authenticated as being from a member of the group and have not been altered, comprising: generating a plurality of random numbers; distributing in a digital medium the plurality of random numbers to the members of the group; publishing a hash value of contents of the digital medium; distributing to the members of the group public-key-encrypted messages each containing a same token comprising a random number; and encrypting a message with a key generated from the token and the plurality of random numbers.

  2. T-703: Cisco Unified Communications Manager Open Query Interface...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain ... Authentication Bypass Vulnerability T-614: Cisco Unified Communications Manager ...

  3. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code Apple QuickTime Multiple Vulnerabilities May 24, 2013 V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass The...

  4. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code Apple QuickTime Multiple Vulnerabilities May 24, 2013 V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass The...

  5. Authentication techniques for smart cards

    SciTech Connect (OSTI)

    Nelson, R.A.

    1994-02-01

    Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thorough understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.

  6. Heat exchanger bypass test report

    SciTech Connect (OSTI)

    De Vries, M.L.

    1995-01-26

    This test report documents the results that were obtained while conducting the test procedure which bypassed the heat exchangers in the HC-21C sludge stabilization process. The test was performed on November 15, 1994 using WHC-SD-CP-TC-031, ``Heat Exchanger Bypass Test Procedure.`` The primary objective of the test procedure was to determine if the heat exchangers were contributing to condensation of moisture in the off-gas line. This condensation was observed in the rotameters. Also, a secondary objective was to determine if temperatures at the rotameters would be too high and damage them or make them inaccurate without the heat exchangers in place.

  7. Lessons about vulnerability assessments.

    SciTech Connect (OSTI)

    Johnston, R. G.

    2004-01-01

    The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory believes that physical security can only be optimized through the use of effective vulnerability assessments. As a result of conducting vulnerability assessments on hundreds of different security devices and systems in the last few years, we have identified some of the attributes of effective assessments. These, along with our recommendations and observations about vulnerability assessments, are summarized in this paper. While our work has primarily involved physical security (in contrast to, for example, computer, network, or information security), our experiences may have applicability to other types of security as well.

  8. T-555: Adobe Acrobat and Reader Image Parsing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations.

  9. T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

  10. T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw

    Broader source: Energy.gov [DOE]

    An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.

  11. Facility Environmental Vulnerability Assessment

    SciTech Connect (OSTI)

    Van Hoesen, S.D.

    2001-07-09

    From mid-April through the end of June 2001, a Facility Environmental Vulnerability Assessment (FEVA) was performed at Oak Ridge National Laboratory (ORNL). The primary goal of this FEVA was to establish an environmental vulnerability baseline at ORNL that could be used to support the Laboratory planning process and place environmental vulnerabilities in perspective. The information developed during the FEVA was intended to provide the basis for management to initiate immediate, near-term, and long-term actions to respond to the identified vulnerabilities. It was expected that further evaluation of the vulnerabilities identified during the FEVA could be carried out to support a more quantitative characterization of the sources, evaluation of contaminant pathways, and definition of risks. The FEVA was modeled after the Battelle-supported response to the problems identified at the High Flux Beam Reactor at Brookhaven National Laboratory. This FEVA report satisfies Corrective Action 3A1 contained in the Corrective Action Plan in Response to Independent Review of the High Flux Isotope Reactor Tritium Leak at the Oak Ridge National Laboratory, submitted to the Department of Energy (DOE) ORNL Site Office Manager on April 16, 2001. This assessment successfully achieved its primary goal as defined by Laboratory management. The assessment team was able to develop information about sources and pathway analyses although the following factors impacted the team's ability to provide additional quantitative information: the complexity and scope of the facilities, infrastructure, and programs; the significantly degraded physical condition of the facilities and infrastructure; the large number of known environmental vulnerabilities; the scope of legacy contamination issues [not currently addressed in the Environmental Management (EM) Program]; the lack of facility process and environmental pathway analysis performed by the accountable line management or facility owner; and poor facility and infrastructure drawings. The assessment team believes that the information, experience, and insight gained through FEVA will help in the planning and prioritization of ongoing efforts to resolve environmental vulnerabilities at UT-Battelle--managed ORNL facilities.

  12. Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and ...

  13. Photovoltaic power generation system free of bypass diodes (Patent...

    Office of Scientific and Technical Information (OSTI)

    Photovoltaic power generation system free of bypass diodes Title: Photovoltaic power generation system free of bypass diodes A photovoltaic power generation system that includes a ...

  14. Thermal Bypass Air Barriers in the 2009 International Energy...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Thermal Bypass Air Barriers in the 2009 International Energy Conservation Code - Building America Top Innovation Thermal Bypass Air Barriers in the 2009 International Energy ...

  15. Obfuscated authentication systems, devices, and methods

    DOE Patents [OSTI]

    Armstrong, Robert C; Hutchinson, Robert L

    2013-10-22

    Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

  16. CERTIFICATE OF AUTHENTICITY | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CERTIFICATE OF AUTHENTICITY CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. Tran_001.pdf PDF icon CERTIFICATE OF AUTHENTICITY More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for Offshore Wind Demonstrations Office of Information Resources Office of

  17. A proposed generic authentication information element

    SciTech Connect (OSTI)

    Tarman, T.D.

    1995-08-01

    This contribution describes a proposed information element that can convey authentication information within an ATM signaling message. The design of this information element provides a large amount of flexibility to the user because it does not specify a particular signature algorithm, and it does not specify which information elements must accompany the Authentication IE in a signaling message. This allows the user to implement authenticated signaling based on her site`s security policies and performance requirements.

  18. CERTIFICATE OF AUTHENTICITY | Department of Energy

    Energy Savers [EERE]

    D.C. Tran001.pdf PDF icon CERTIFICATE OF AUTHENTICITY More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for...

  19. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  20. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    1995-03-01

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  1. U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444 Bugtraq ID: 55184 CVE-2012-4595, CVE-2012-4596, CVE-2012-4597 IMPACT ASSESSMENT: Medium Discussion A remote...

  2. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management Programs

  3. V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated...

  4. V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks...

  5. Instructions for using HSPD-12 Authenticated Outlook Web Access...

    Energy Savers [EERE]

    Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Provides instructions for remote Outlook...

  6. AUTHENTICATED

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    1 Contract No. 11PB-12330 AMENDMENT executed by the BONNEVILLE POWER ADMINISTRATION and PORT TOWNSEND PAPER CORPORATION This AMENDMENT to the Firm Power Sales Agreement (Agreement)...

  7. Exhaust gas bypass valve control for thermoelectric generator

    DOE Patents [OSTI]

    Reynolds, Michael G; Yang, Jihui; Meisner, Greogry P.; Stabler, Francis R.; De Bock, Hendrik Pieter Jacobus; Anderson, Todd Alan

    2012-09-04

    A method of controlling engine exhaust flow through at least one of an exhaust bypass and a thermoelectric device via a bypass valve is provided. The method includes: determining a mass flow of exhaust exiting an engine; determining a desired exhaust pressure based on the mass flow of exhaust; comparing the desired exhaust pressure to a determined exhaust pressure; and determining a bypass valve control value based on the comparing, wherein the bypass valve control value is used to control the bypass valve.

  8. Bypass diode for a solar cell

    DOE Patents [OSTI]

    Rim, Seung Bum; Kim, Taeseok; Smith, David D.; Cousins, Peter J.

    2012-03-13

    Bypass diodes for solar cells are described. In one embodiment, a bypass diode for a solar cell includes a substrate of the solar cell. A first conductive region is disposed above the substrate, the first conductive region of a first conductivity type. A second conductive region is disposed on the first conductive region, the second conductive region of a second conductivity type opposite the first conductivity type.

  9. Data Authentication Demonstration for Radionuclide Stations

    SciTech Connect (OSTI)

    Harris, Mark; Herrington, Pres; Miley, Harry; Ellis, J. Edward; McKinnon, David; St. Pierre, Devon

    1999-08-03

    Data authentication is required for certification of sensor stations in the International Monitoring System (IMS). Authentication capability has been previously demonstrated for continuous waveform stations (seismic and infrasound). This paper addresses data surety for the radionuclide stations in the IMS, in particular the Radionuclide Aerosol Sampler/Analyzer (RASA) system developed by Pacific Northwest National Laboratory (PNNL). Radionuclide stations communicate data by electronic mail using formats defined in IMS 1.0, Formats and Protocols for Messages. An open message authentication standard exists, called S/MIME (Secure/Multipurpose Internet Mail Extensions), which has been proposed for use with all IMS radionuclide station message communications. This standard specifies adding a digital signature and public key certificate as a MIME attachment to the e-mail message. It is advantageous because it allows authentication to be added to all IMS 1.0 messages in a standard format and is commercially supported in e-mail software. For command and control, the RASA system uses a networked Graphical User Interface (GUI) based upon Common Object Request Broker Architecture (CORBA) communications, which requires special authentication procedures. The authors have modified the RASA system to meet CTBTO authentication guidelines, using a FORTEZZA card for authentication functions. They demonstrated signing radionuclide data messages at the RASA, then sending, receiving, and verifying the messages at a data center. They demonstrated authenticating command messages and responses from the data center GUI to the RASA. Also, the particular authentication system command to change the private/public key pair and retrieve the new public key was demonstrated. This work shows that data surety meeting IMS guidelines may be immediately applied to IMS radionuclide systems.

  10. Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations Oil Bypass Filter and Diesel ... More Documents & Publications Demonstrated Petroleum Reduction Using Oil Bypass Filter ...

  11. Hardware device binding and mutual authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-03-04

    Detection and deterrence of device tampering and subversion by substitution may be achieved by including a cryptographic unit within a computing device for binding multiple hardware devices and mutually authenticating the devices. The cryptographic unit includes a physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a binding PUF value. The cryptographic unit uses the binding PUF value during an enrollment phase and subsequent authentication phases. During a subsequent authentication phase, the cryptographic unit uses the binding PUF values of the multiple hardware devices to generate a challenge to send to the other device, and to verify a challenge received from the other device to mutually authenticate the hardware devices.

  12. User Authentication Policy | Argonne Leadership Computing Facility

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Accounts Policy Account Sponsorship & Retention Policy ALCC Quarterly Report Policy ALCF Acknowledgment Policy Data Policy INCITE Quarterly Report Policy Job Scheduling Policy on BG/Q Job Scheduling Policies on Cooley Pullback Policy Refund Policy Software Policy User Authentication Policy Documentation Feedback Please provide feedback to help guide us as we continue to build documentation for our new computing resource. [Feedback Form] User Authentication Policy Users of the Argonne

  13. AVTA: Oil Bypass Filter Specifications and Test Procedures

    Broader source: Energy.gov [DOE]

    PuraDYN Oil Bypass Filtration System Evaluation Test Plan methodology is used in the testing of all oil bypass filters on the buses at the Idaho National Laboratory.

  14. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the control system processes and functions. With the detailed knowledge of how the control data functions, as well as what computers and devices communicate using this data, the attacker can use a well known Man-in-the-Middle attack to perform malicious operations virtually undetected. The control systems assessment teams have used this method to gather enough information about the system to craft an attack that intercepts and changes the information flow between the end devices (controllers) and the human machine interface (HMI and/or workstation). Using this attack, the cyber assessment team has been able to demonstrate complete manipulation of devices in control systems while simultaneously modifying the data flowing back to the operator's console to give false information of the state of the system (known as ''spoofing''). This is a very effective technique for a control system attack because it allows the attacker to manipulate the system and the operator's situational awareness of the perceived system status. The three main elements of this attack technique are: (1) network reconnaissance and data gathering, (2) reverse engineering, and (3) the Man-in-the-Middle attack. The details of this attack technique and the mitigation techniques are discussed.

  15. PURADYN Oil Bypass Filtration System Evaluation Test Plan

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Transportation Technologies & Infrastructure Department PURADYN OIL BYPASS FILTRATION ... 3 5 Baseline of the Engines and Oil Analysis ......

  16. Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes

    DOE Patents [OSTI]

    Kent, Alexander Dale (Los Alamos, NM)

    2008-09-02

    Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

  17. Bypass apparatus and method for series connected energy storage devices

    DOE Patents [OSTI]

    Rouillard, Jean; Comte, Christophe; Daigle, Dominik

    2000-01-01

    A bypass apparatus and method for series connected energy storage devices. Each of the energy storage devices coupled to a common series connection has an associated bypass unit connected thereto in parallel. A current bypass unit includes a sensor which is coupled in parallel with an associated energy storage device or cell and senses an energy parameter indicative of an energy state of the cell, such as cell voltage. A bypass switch is coupled in parallel with the energy storage cell and operable between a non-activated state and an activated state. The bypass switch, when in the non-activated state, is substantially non-conductive with respect to current passing through the energy storage cell and, when in the activated state, provides a bypass current path for passing current to the series connection so as to bypass the associated cell. A controller controls activation of the bypass switch in response to the voltage of the cell deviating from a pre-established voltage setpoint. The controller may be included within the bypass unit or be disposed on a control platform external to the bypass unit. The bypass switch may, when activated, establish a permanent or a temporary bypass current path.

  18. V-174: RSA Authentication Manager Writes Operating System, SNMP...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files V-174: RSA Authentication Manager Writes Operating System,...

  19. Regional Climate Vulnerabilities and Resilience Solutions | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Regional Climate Vulnerabilities and Resilience Solutions Regional Climate Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please ...

  20. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability...

  1. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  2. Authentication of data for monitoring a comprehensive test ban treaty

    SciTech Connect (OSTI)

    Craft, R.L.; Draelos, T.J.

    1996-05-01

    The important issue of data integrity in the CTBT International Monitoring System (IMS) is discussed and a brief tutorial on data authentication techniques is offered. The utilization of data authentication as a solution to the data integrity problem is evaluated. Public key data authentication is recommended for multilateral monitoring regimes such as the CTBT. The ramifications and system considerations of applying data authentication at various locations in the IMS, or not at all, are reviewed in a data surety context. The paper concludes with a recommendation of authenticating data at all critical monitoring stations.

  3. Heat exchanger bypass system for an absorption refrigeration system

    DOE Patents [OSTI]

    Reimann, Robert C.

    1984-01-01

    A heat exchanger bypass system for an absorption refrigeration system is disclosed. The bypass system operates to pass strong solution from the generator around the heat exchanger to the absorber of the absorption refrigeration system when strong solution builds up in the generator above a selected level indicative of solidification of strong solution in the heat exchanger or other such blockage. The bypass system includes a bypass line with a gooseneck located in the generator for controlling flow of strong solution into the bypass line and for preventing refrigerant vapor in the generator from entering the bypass line during normal operation of the refrigeration system. Also, the bypass line includes a trap section filled with liquid for providing a barrier to maintain the normal pressure difference between the generator and the absorber even when the gooseneck of the bypass line is exposed to refrigerant vapor in the generator. Strong solution, which may accumulate in the trap section of the bypass line, is diluted, to prevent solidification, by supplying weak solution to the trap section from a purge system for the absorption refrigeration system.

  4. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  5. Bypass diode for a solar cell

    DOE Patents [OSTI]

    Rim, Seung Bum; Kim, Taeseok; Smith, David D; Cousins, Peter J

    2013-11-12

    Methods of fabricating bypass diodes for solar cells are described. In once embodiment, a method includes forming a first conductive region of a first conductivity type above a substrate of a solar cell. A second conductive region of a second conductivity type is formed on the first conductive region. In another embodiment, a method includes forming a first conductive region of a first conductivity type above a substrate of a solar cell. A second conductive region of a second conductivity type is formed within, and surrounded by, an uppermost portion of the first conductive region but is not formed in a lowermost portion of the first conductive region.

  6. System and method for authentication of goods

    DOE Patents [OSTI]

    Kaish, Norman; Fraser, Jay; Durst, David I.

    1999-01-01

    An authentication system comprising a medium having a plurality of elements, the elements being distinctive, detectable and disposed in an irregular pattern or having an intrinsic irregularity. Each element is characterized by a determinable attribute distinct from a two-dimensional coordinate representation of simple optical absorption or simple optical reflection intensity. An attribute and position of the plurality of elements, with respect to a positional reference is detected. A processor generates an encrypted message including at least a portion of the attribute and position of the plurality of elements. The encrypted message is recorded in physical association with the medium. The elements are preferably dichroic fibers, and the attribute is preferably a polarization or dichroic axis, which may vary over the length of a fiber. An authentication of the medium based on the encrypted message may be authenticated with a statistical tolerance, based on a vector mapping of the elements of the medium, without requiring a complete image of the medium and elements to be recorded.

  7. U-084: Cisco Digital Media Manager Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port 8443 to access administrative resources and gain administrative privileges....

  8. V-231: Cisco Identity Services Engine Discloses Authentication...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users ... Lets Remote Users Obtain Database Contents V-076: Cisco Wireless LAN Controller Bugs Let ...

  9. V-059: MoinMoin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

  10. V-087: Adobe Flash Player Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system.

  11. V-208: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system.

  12. V-131: Adobe Shockwave Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system

  13. Authenticating concealed private data while maintaining concealment

    DOE Patents [OSTI]

    Thomas, Edward V. (Albuquerque, NM); Draelos, Timothy J. (Albuquerque, NM)

    2007-06-26

    A method of and system for authenticating concealed and statistically varying multi-dimensional data comprising: acquiring an initial measurement of an item, wherein the initial measurement is subject to measurement error; applying a transformation to the initial measurement to generate reference template data; acquiring a subsequent measurement of an item, wherein the subsequent measurement is subject to measurement error; applying the transformation to the subsequent measurement; and calculating a Euclidean distance metric between the transformed measurements; wherein the calculated Euclidean distance metric is identical to a Euclidean distance metric between the measurement prior to transformation.

  14. V-224: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in...

  15. V-121: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

  16. V-207: Wireshark Multiple Denial of Service Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

  17. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Vulnerability & Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  18. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  19. V-195: RSA Authentication Manager Lets Local Users View the Administra...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password...

  20. T-659: Update support for RSA Authentication Manager

    Broader source: Energy.gov [DOE]

    RSA posted SP4 Patch 4 of their Authentication Manager product 06/30/2011. There are a few pages of fixes in the README, but the most significant is that Authentication Manager can now be installed on Windows Server 2008 (both 32 and 64bit).

  1. Public-key data authentication for treaty verification

    SciTech Connect (OSTI)

    Draelos, T.J.; Goldsmith, S.Y.

    1992-08-01

    A public-key Treaty Data Authentication Module (TDAM) based on the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS) has been developed to support treaty verification systems. The TDAM utilizes the Motorola DSP56001 Digital Signal Processor as a coprocessor and supports both the STD Bus and PC-AT Bus platforms. The TDAM is embedded within an Authenticated Data Communication Subsystem (ADCS) which provides transparent data authentication and communications, thereby concealing the details of securely authenticating and communicating compliance data and commands. The TDAM has been designed according to the NIST security guidelines for cryptographic modules. Public-key data authentication is important for support of both bilateral and multi-lateral treaties. 8 refs.

  2. Public-key data authentication for treaty verification

    SciTech Connect (OSTI)

    Draelos, T.J.; Goldsmith, S.Y.

    1992-01-01

    A public-key Treaty Data Authentication Module (TDAM) based on the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS) has been developed to support treaty verification systems. The TDAM utilizes the Motorola DSP56001 Digital Signal Processor as a coprocessor and supports both the STD Bus and PC-AT Bus platforms. The TDAM is embedded within an Authenticated Data Communication Subsystem (ADCS) which provides transparent data authentication and communications, thereby concealing the details of securely authenticating and communicating compliance data and commands. The TDAM has been designed according to the NIST security guidelines for cryptographic modules. Public-key data authentication is important for support of both bilateral and multi-lateral treaties. 8 refs.

  3. EA-1262: McKay Bypass Canal Extension, Golden, Colorado

    Broader source: Energy.gov [DOE]

    This EA evaluates the environmental impacts for the proposal to extend the McKay Bypass Canal in order to route water from the existing Canal north of the Walnut Creek drainage on the east side of...

  4. Bypass flow computations on the LOFA transient in a VHTR

    SciTech Connect (OSTI)

    Tung, Yu-Hsin; Johnson, Richard W.; Ferng, Yuh-Ming; Chieng, Ching-Chang

    2014-01-01

    Bypass flow in the prismatic gas-cooled very high temperature reactor (VHTR) is not intentionally designed to occur, but is present in the gaps between graphite blocks. Previous studies of the bypass flow in the core indicated that the cooling provided by flow in the bypass gaps had a significant effect on temperature and flow distributions for normal operating conditions. However, the flow and heat transports in the core are changed significantly after a Loss of Flow Accident (LOFA). This study aims to study the effect and role of the bypass flow after a LOFA in terms of the temperature and flow distributions and for the heat transport out of the core by natural convection of the coolant for a 1/12 symmetric section of the active core which is composed of images and mirror images of two sub-region models. The two sub-region models, 9 x 1/12 and 15 x 1/12 symmetric sectors of the active core, are employed as the CFD flow models using computational grid systems of 70.2 million and 117 million nodes, respectively. It is concluded that the effect of bypass flow is significant for the initial conditions and the beginning of LOFA, but the bypass flow has little effect after a long period of time in the transient computation of natural circulation.

  5. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system.

  6. Citrix_2FA_Authentication_09.09 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Citrix_2FA_Authentication_09.09 Citrix_2FA_Authentication_09.09 PDF icon Citrix_2FA_Authentication-September09 More Documents & Publications Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc Using Two-Factor RSA Token with WebVPN Microsoft Word - SMail_Secure_Web-Based_Email_v3 _2_.doc

  7. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ... However, regional variation does not imply regional ... Federal, state, and local governments and the ... climate-resilient, assessment of vulnerabilities in ...

  8. Mining Bug Databases for Unidentified Software Vulnerabilities

    SciTech Connect (OSTI)

    Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

    2012-06-01

    Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

  9. NSTB Summarizes Vulnerable Areas | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. ...

  10. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

  11. Vulnerability Analysis of Energy Delivery Control Systems

    Energy Savers [EERE]

    ... products alike, and the introduction of Web applications into SCADA systems has created ... vulnerabilities Most likely attack vector Web Human-Machine Interface (HMI) ...

  12. Proliferation Vulnerability Red Team report

    SciTech Connect (OSTI)

    Hinton, J.P.; Barnard, R.W.; Bennett, D.E.

    1996-10-01

    This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

  13. Secure password-based authenticated key exchange for web services

    SciTech Connect (OSTI)

    Liang, Fang; Meder, Samuel; Chevassut, Olivier; Siebenlist, Frank

    2004-11-22

    This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.

  14. Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy using HSPD-12 Authenticated Outlook Web Access (OWA) Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Provides instructions for remote Outlook access using HSPD-12 Badge. PDF icon HSPD-12 Badge Instructions More Documents & Publications User Guide for Remote Access to VDI/Workplace Using PIV Headquarters Facilities Master Security Plan - Chapter 1, Physical Security Audit Report: IG-0860

  15. U-179: IBM Java 7 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

  16. Rankine cycle load limiting through use of a recuperator bypass

    DOE Patents [OSTI]

    Ernst, Timothy C.

    2011-08-16

    A system for converting heat from an engine into work includes a boiler coupled to a heat source for transferring heat to a working fluid, a turbine that transforms the heat into work, a condenser that transforms the working fluid into liquid, a recuperator with one flow path that routes working fluid from the turbine to the condenser, and another flow path that routes liquid working fluid from the condenser to the boiler, the recuperator being configured to transfer heat to the liquid working fluid, and a bypass valve in parallel with the second flow path. The bypass valve is movable between a closed position, permitting flow through the second flow path and an opened position, under high engine load conditions, bypassing the second flow path.

  17. V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions December 12, 2012 - 2:00am Addthis PROBLEM:...

  18. High Temperature Reverse By-Pass Diodes Bias and Failures | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Reverse By-Pass Diodes Bias and Failures High Temperature Reverse By-Pass Diodes Bias and Failures Presented at the PV Module Reliability Workshop, February 26 - 27 2013, Golden, ...

  19. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier; Duarte, Oscar; Requena, Ignacio; Zamorano, Montserrat

    2012-01-15

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  20. Thermal Reliability Study of Bypass Diodes in Photovoltaic Modules (Poster)

    SciTech Connect (OSTI)

    Zhang, Z.; Wohlgemuth, J.; Kurtz, S.

    2013-05-01

    This paper presents the result of high-temperature durability and thermal cycling testing and analysis for the selected diodes to study the detail of the thermal design and relative long-term reliability of the bypass diodes used to limit the detrimental effects of module hot-spot susceptibility.

  1. Cycling firing method for bypass operation of bridge converters

    DOE Patents [OSTI]

    Zabar, Zivan

    1982-01-01

    The bridge converter comprises a number of switching elements and an electronic logic system which regulated the electric power levels by controlling the firing, i.e., the initiation of the conduction period of the switching elements. Cyclic firing of said elements allows the direct current to bypass the alternating current system with high power factor and negligible losses.

  2. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment AgencyCompany Organization Climate and Development...

  3. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment (Redirected from CDKN-Colombia-Cartagena Vulnerability Assessment) Jump to: navigation, search Name Colombia-CDKN-Cartagena...

  4. Potential Vulnerability of US Petroleum Refineries to Increasing...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Potential Vulnerability of US Petroleum Refineries to Increasing Water Temperature andor Reduced Water Availability Potential Vulnerability of US Petroleum Refineries to ...

  5. V-111: Multiple vulnerabilities have been reported in Puppet...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerable system. SOLUTION: Update to a fixed version. Addthis Related Articles V-090: Adobe Flash Player AIR Multiple Vulnerabilities V-083: Oracle Java Multiple...

  6. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-191: Oracle Java Multiple Vulnerabilities U-105:Oracle Java SE Critical Patch Update Advisory T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities...

  7. OLADE-Central America Climate Change Vulnerability Program |...

    Open Energy Info (EERE)

    Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program AgencyCompany Organization Latin...

  8. India-Vulnerability Assessment and Enhancing Adaptive Capacities...

    Open Energy Info (EERE)

    Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

  9. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of ...

  10. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities The objective of safeguards is the timely detection of ...

  11. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

  12. T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

  13. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Technical Report: Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities You are accessing a document from the ...

  14. U-035: Adobe Flash Player Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Impact: Multiple vulnerabilities have been reported in Adobe ...

  15. Vulnerability Analysis of Energy Delivery Control Systems (September...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems (September 2011) The Vulnerability Analysis of Energy Delivery Control Systems report, prepared ...

  16. Top 10 Vulnerabilities of Control Systems and Their Associated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document ...

  17. Mitigations for Security Vulnerabilities Found in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need ...

  18. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by ...

  19. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides ...

  20. U-273: Multiple vulnerabilities have been reported in Wireshark

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  1. V-126: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system

  2. V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC)

  3. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates

    Broader source: Energy.gov [DOE]

    A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases.

  4. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    JC3 Bulletin Archive JC3 Bulletin Archive RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability has been reported in the CentralAuth extension for MediaWik that allows people to bypass certain security

  5. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    JC3 JC3 RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability has been reported in the CentralAuth extension for MediaWik that allows people to bypass certain security restrictions September 5, 2013 V-235:

  6. JCAP At A Glance - JCAP

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    JC3 Bulletin Archive JC3 Bulletin Archive RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability has been reported in the CentralAuth extension for MediaWik that allows people to bypass certain security

  7. Proposed DSS-specific fields for the generic authentication information element

    SciTech Connect (OSTI)

    Tarman, T.D.

    1995-08-06

    This contribution proposes the format of the ``Algorithm-Specific Information`` and ``Signature`` fields within the ``Proposed Generic Authentication Information Element`` for authentication IEs based on the Digital Signature Standard (DSS). These fields are designed to allow various levels of authentication ``strength`` (or robustness), and many of these fields may be omitted in systems that optimize authentication performance by sharing common (public) Digital Signature Algorithm (DSA) parameters. This allows users and site security officers to design their authenticated signaling according to site security and performance requirements.

  8. Chemical Safety Vulnerability Working Group Report

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

  9. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  10. V-083: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert.

  11. U-173: Symantec Web Gateway Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system.

  12. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Controls | Department of Energy 6: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple

  13. Defining the questions: a research agenda for nontraditional authentication in arms control

    SciTech Connect (OSTI)

    Hauck, Danielle K; Mac Arthur, Duncan W; Smith, Morag K; Thron, Jonathan L; Budlong - Sylvester, Kory

    2010-01-01

    Many traditional authentication techniques have been based on hardware solutions. Thus authentication of measurement system hardware has been considered in terms of physical inspection and destructive analysis. Software authentication has implied hash function analysis or authentication tools such as Rose. Continuity of knowledge is maintained through TIDs and cameras. Although there is ongoing progress improving all of these authentication methods, there has been little discussion of the human factors involved in authentication. Issues of non-traditional authentication include sleight-of-hand substitutions, monitor perception vs. reality, and visual diversions. Since monitor confidence in a measurement system depends on the product of their confidences in each authentication element, it is important to investigate all authentication techniques, including the human factors. This paper will present an initial effort to identify the most important problems that traditional authentication approaches in safeguards have not addressed and are especially relevant to arms control verification. This will include a survey of the literature and direct engagement with nontraditional experts in areas like psychology and human factors. Based on the identification of problem areas, potential research areas will be identified and a possible research agenda will be developed.

  14. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  15. Hardware device to physical structure binding and authentication

    DOE Patents [OSTI]

    Hamlet, Jason R.; Stein, David J.; Bauer, Todd M.

    2013-08-20

    Detection and deterrence of device tampering and subversion may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a binding of the hardware device and a physical structure. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generate an internal PUF value. Binding logic is coupled to receive the internal PUF value, as well as an external PUF value associated with the physical structure, and generates a binding PUF value, which represents the binding of the hardware device and the physical structure. The cryptographic fingerprint unit also includes a cryptographic unit that uses the binding PUF value to allow a challenger to authenticate the binding.

  16. Simultaneous Authentication and Certification of Arms-Control Measurement Systems

    SciTech Connect (OSTI)

    MacArthur, Duncan W. [Los Alamos National Laboratory; Hauck, Danielle K. [Los Alamos National Laboratory; Thron, Jonathan L. [Los Alamos National Laboratory

    2012-07-09

    Most arms-control-treaty-monitoring scenarios involve a host party that makes a declaration regarding its nuclear material or items and a monitoring party that verifies that declaration. A verification system developed for such a use needs to be trusted by both parties. The first concern, primarily from the host party's point of view, is that any sensitive information that is collected must be protected without interfering in the efficient operation of the facility being monitored. This concern is addressed in what can be termed a 'certification' process. The second concern, of particular interest to the monitoring party, is that it must be possible to confirm the veracity of both the measurement system and the data produced by this measurement system. The monitoring party addresses these issues during an 'authentication' process. Addressing either one of these concerns independently is relatively straightforward. However, it is more difficult to simultaneously satisfy host party certification concerns and monitoring party authentication concerns. Typically, both parties will want the final access to the measurement system. We will describe an alternative approach that allows both parties to gain confidence simultaneously. This approach starts with (1) joint development of the measurement system followed by (2) host certification of several copies of the system and (3) random selection by the inspecting party of one copy to be use during the monitoring visit and one (or more) copy(s) to be returned to the inspecting party's facilities for (4) further hardware authentication; any remaining copies are stored under joint seal for use as spares. Following this process, the parties will jointly (5) perform functional testing on the selected measurement system and then (6) use this system during the monitoring visit. Steps (1) and (2) assure the host party as to the certification of whichever system is eventually used in the monitoring visit. Steps (1), (3), (4), and (5) increase the monitoring party's confidence in the authentication of the measurement system.

  17. Provably Secure Password-based Authentication in TLS

    SciTech Connect (OSTI)

    Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller,Bodo; Pointcheval, David

    2005-12-20

    In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.

  18. Authenticated group Diffie-Hellman key exchange: theory and practice

    SciTech Connect (OSTI)

    Chevassut, Olivier

    2002-10-03

    Authenticated two-party Diffie-Hellman key exchange allows two principals A and B, communicating over a public network, and each holding a pair of matching public/private keys to agree on a session key. Protocols designed to deal with this problem ensure A (B resp.)that no other principals aside from B (A resp.) can learn any information about this value. These protocols additionally often ensure A and B that their respective partner has actually computed the shared secret value. A natural extension to the above cryptographic protocol problem is to consider a pool of principals agreeing on a session key. Over the years several papers have extended the two-party Diffie-Hellman key exchange to the multi-party setting but no formal treatments were carried out till recently. In light of recent developments in the formalization of the authenticated two-party Diffie-Hellman key exchange we have in this thesis laid out the authenticated group Diffie-Hellman key exchange on firmer foundations.

  19. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendor’s) System replaces the name of the specific SCADA/EMS being tested.

  20. T-731:Symantec IM Manager Code Injection Vulnerability | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code...

  1. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security...

  2. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X...

  3. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  4. U-013: HP Data Protector Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system.

  5. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 0: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin

  6. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability

  7. U-122 Google Chrome Two Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

  8. V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system

  9. T-564: Vulnerabilities in Citrix Licensing administration components

    Broader source: Energy.gov [DOE]

    The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.

  10. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  11. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs

  12. U-187: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  13. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. PDF icon Guide to Critical Infrastructure

  14. T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges.

  15. V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: ASUS RT-N66U Router AiCloud Security Bypass Security Issue V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue July 2, 2013 - 12:38am Addthis PROBLEM: ASUS RT-N66U...

  16. STEM Mentoring Café- Engaging Young Women in an Authentic Mentoring...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    STEM Mentoring Caf- Engaging Young Women in an Authentic Mentoring Experience Melinda Higgins Albert Einstein Distinguished Educator Fellow, NASA Office of Education, ...

  17. Counterfeit-resistant materials and a method and apparatus for authenticating materials

    DOE Patents [OSTI]

    Ramsey, J. Michael; Klatt, Leon N.

    2000-01-01

    Fluorescent dichroic fibers randomly incorporated within a media provide an improved method for authentication and counterfeiting protection. The dichroism is provided by an alignment of fluorescent molecules along the length of the fibers. The fluorescent fibers provide an authentication mechanism of varying levels of capability. The authentication signature depends on four parameters; the x,y position, the dichroism and the local environment. The availability of so many non-deterministic variables makes production of counterfeit articles (e.g., currency, credit cards, etc.) essentially impossible. Counterfeit-resistant articles, an apparatus for authenticating articles, and a process for forming counterfeit-resistant media are also provided.

  18. Counterfeit-resistant materials and a method and apparatus for authenticating materials

    DOE Patents [OSTI]

    Ramsey, J. Michael; Klatt, Leon N.

    2001-01-01

    Fluorescent dichroic fibers randomly incorporated within a media provide an improved method for authentication and counterfeiting protection. The dichroism is provided by an alignment of fluorescent molecules along the length of the fibers. The fluorescent fibers provide an authentication mechanism of varying levels of capability. The authentication signature depends on four parameters, the x,y position, the dichroism and the local environment. The availability of so many non-deterministic variables makes production of counterfeit articles (e.g., currency, credit cards, etc.) essentially impossible Counterfeit-resistant articles, an apparatus for authenticating articles, and a process for forming counterfeit-resistant media are also provided&

  19. Rankine cycle condenser pressure control using an energy conversion device bypass valve

    DOE Patents [OSTI]

    Ernst, Timothy C; Nelson, Christopher R; Zigan, James A

    2014-04-01

    The disclosure provides a waste heat recovery system and method in which pressure in a Rankine cycle (RC) system of the WHR system is regulated by diverting working fluid from entering an inlet of an energy conversion device of the RC system. In the system, an inlet of a controllable bypass valve is fluidly coupled to a working fluid path upstream of an energy conversion device of the RC system, and an outlet of the bypass valve is fluidly coupled to the working fluid path upstream of the condenser of the RC system such that working fluid passing through the bypass valve bypasses the energy conversion device and increases the pressure in a condenser. A controller determines the temperature and pressure of the working fluid and controls the bypass valve to regulate pressure in the condenser.

  20. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication...

  1. V-163: Red Hat Network Satellite Server Inter-Satellite Sync...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass May...

  2. INSTRUCTIONS FOR USING HSPD-12 AUTHENTICATED OUTLOOK WEB ACCESS (OWA)

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7/2013 Page 1 INSTRUCTIONS FOR USING HSPD-12 AUTHENTICATED OUTLOOK WEB ACCESS (OWA) Outlook Web Access provides access to unencrypted email only and is suitable for use from any computer. HSPD-12 OWA REQUIREMENTS: ď‚· An EITS provided Exchange email account ď‚· A DOE issued HSPD-12 badge ď‚· DOEnet or Internet access and a supported web browser ď‚· A smart card reader installed* on your computer (*Windows Vista, Windows XP, MAC OS X 10.7 & 10.8, will also require smart card software to be

  3. Photovoltaic power generation system free of bypass diodes

    DOE Patents [OSTI]

    Lentine, Anthony L.; Okandan, Murat; Nielson, Gregory N.

    2015-07-28

    A photovoltaic power generation system that includes a solar panel that is free of bypass diodes is described herein. The solar panel includes a plurality of photovoltaic sub-modules, wherein at least two of photovoltaic sub-modules in the plurality of photovoltaic sub-modules are electrically connected in parallel. A photovoltaic sub-module includes a plurality of groups of electrically connected photovoltaic cells, wherein at least two of the groups are electrically connected in series. A photovoltaic group includes a plurality of strings of photovoltaic cells, wherein a string of photovoltaic cells comprises a plurality of photovoltaic cells electrically connected in series. The strings of photovoltaic cells are electrically connected in parallel, and the photovoltaic cells are microsystem-enabled photovoltaic cells.

  4. Vulnerability Analysis of Energy Delivery Control Systems

    Energy Savers [EERE]

    0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the

  5. T-550: Apache Denial of Service Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption).

  6. Pre-test CFD Calculations for a Bypass Flow Standard Problem

    SciTech Connect (OSTI)

    Rich Johnson

    2011-11-01

    The bypass flow in a prismatic high temperature gas-cooled reactor (HTGR) is the flow that occurs between adjacent graphite blocks. Gaps exist between blocks due to variances in their manufacture and installation and because of the expansion and shrinkage of the blocks from heating and irradiation. Although the temperature of fuel compacts and graphite is sensitive to the presence of bypass flow, there is great uncertainty in the level and effects of the bypass flow. The Next Generation Nuclear Plant (NGNP) program at the Idaho National Laboratory has undertaken to produce experimental data of isothermal bypass flow between three adjacent graphite blocks. These data are intended to provide validation for computational fluid dynamic (CFD) analyses of the bypass flow. Such validation data sets are called Standard Problems in the nuclear safety analysis field. Details of the experimental apparatus as well as several pre-test calculations of the bypass flow are provided. Pre-test calculations are useful in examining the nature of the flow and to see if there are any problems associated with the flow and its measurement. The apparatus is designed to be able to provide three different gap widths in the vertical direction (the direction of the normal coolant flow) and two gap widths in the horizontal direction. It is expected that the vertical bypass flow will range from laminar to transitional to turbulent flow for the different gap widths that will be available.

  7. T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data

    Broader source: Energy.gov [DOE]

    Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.

  8. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G.; Pedretti, Kevin Thomas Tauke; Mueller, Frank; Fiala, David; Brightwell, Ronald Brian

    2012-05-01

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  9. Evaluation of a Stirling engine heater bypass with the NASA Lewis nodal-analysis performance code

    SciTech Connect (OSTI)

    Sullivan, T.J.

    1986-05-01

    In support of the US Department of Energy's Stirling Engine Highway Vehicle Systems program, the NASA Lewis Research Center investigated whether bypassing the P-40 Stirling engine heater during regenerative cooling would improve the engine thermal efficiency. The investigation was accomplished by using the Lewis nodal-analysis Stirling engine computer model. Bypassing the P-40 Stirling engine heater at full power resulted in a rise in the indicated thermal efficiency from 40.6 to 41.0 percent. For the idealized (some losses not included) heater bypass that was analyzed, this benefit is not considered significant.

  10. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan

    2014-01-15

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to “cross-administrative boundaries,” which are characteristics of the natural environment. This study adopts an exploratory approach that provides Chiayi and other government agencies with a foundation for sustainable strategic planning for environmental change. The final section offers four suggestions concerning the implications of social vulnerability for local development planning. -- Highlights: • This study proposes a framework of social vulnerability indicators at the township level in Chiayi County, Taiwan. • Seventeen social vulnerability indicators are categorized into four dimensions. • This study performs a three-layer overlay analysis of social vulnerability and natural disaster risk patterns. • 4 out of the 18 townships not only have potential for large-scale flooding, but also high degree of social vulnerability. • This study provides a foundation for sustainable strategic planning to deal with environmental change. • Four suggestions are proposed regarding the implications of social vulnerability for local development planning.

  11. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of Indian Energy report assesses climate change and extreme weather vulnerabilities specific to tribal energy infrastructure and systems in the contiguous United States and Alaska. It includes information about the impacts from climate change and extreme weather events on both onsite and offsite

  12. T-544: Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.

  13. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides practices that can help mitigate the potential risks that can occur to some electricity sector organizations. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. PDF icon TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR

  14. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct

  15. U-172: OpenOffice.org Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

  16. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Germany Coordinates...

  17. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    France) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country France Coordinates...

  18. V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    source code repository Addthis Related Articles V-222: SUSE update for Filezilla V-157: Adobe Reader Acrobat Multiple Vulnerabilities V-066: Adobe AcrobatReader Multiple Flaws...

  19. V-062: Asterisk Two Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

  20. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom...

  1. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather ii NOTICE This ... States government or any agency thereof. energy.govindianenergy | indianenergy@hq.doe.go...

  2. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

  3. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.

  4. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

  5. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates...

  6. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    :"","inlineLabel":"","visitedicon":"" Display map Period 2011-2014 References EU Smart Grid Projects Map1 Overview AFTER addresses vulnerability evaluation and contingency...

  7. V-082: Novell GroupWise Client Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

  8. U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

  9. V-107: Wireshark Multiple Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  10. Vulnerability Analysis of Energy Delivery Control Systems - 2011...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy ... (DOEOE) National Supervisory Control and Data Acquisition (SCADA) Test Bed ...

  11. Thermal Bypass Air Barriers in the 2009 International Energy Conservation Code- Building America Top Innovation

    Broader source: Energy.gov [DOE]

    This Building America Innovations profile describes Building America research supporting Thermal Bypass Air Barrier requirements. Since these were adopted in the 2009 IECC, close to one million homes have been mandated to include this vitally important energy efficiency measure.

  12. U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CTA 7.3.1 and later with Hotfix ESA-2012-034 Addthis Related Articles V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-036: EMC Smarts Network...

  13. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton; Phillips, Cynthia A.

    2006-03-14

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  14. MODELING UNDERGROUND STRUCTURE VULNERABILITY IN JOINTED ROCK

    SciTech Connect (OSTI)

    R. SWIFT; D. STEEDMAN

    2001-02-01

    The vulnerability of underground structures and openings in deep jointed rock to ground shock attack is of chief concern to military planning and security. Damage and/or loss of stability to a structure in jointed rock, often manifested as brittle failure and accompanied with block movement, can depend significantly on jointed properties, such as spacing, orientation, strength, and block character. We apply a hybrid Discrete Element Method combined with the Smooth Particle Hydrodynamics approach to simulate the MIGHTY NORTH event, a definitive high-explosive test performed on an aluminum lined cylindrical opening in jointed Salem limestone. Representing limestone with discrete elements having elastic-equivalence and explicit brittle tensile behavior and the liner as an elastic-plastic continuum provides good agreement with the experiment and damage obtained with finite-element simulations. Extending the approach to parameter variations shows damage is substantially altered by differences in joint geometry and liner properties.

  15. JCAP Industry Day - JCAP

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    High Impact Assessment Bulletins JC3 High

    Low Impact Assessment Bulletins JC3 Low

    Medium Impact Assessment Bulletins JC3 Medium

    JC3 JC3 RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability

  16. Experimental and Analytic Study on the Core Bypass Flow in a Very High Temperature Reactor

    SciTech Connect (OSTI)

    Richard Schultz

    2012-04-01

    Core bypass flow has been one of key issues in the very high temperature reactor (VHTR) design for securing core thermal margins and achieving target temperatures at the core exit. The bypass flow in a prismatic VHTR core occurs through the control element holes and the radial and axial gaps between the graphite blocks for manufacturing and refueling tolerances. These gaps vary with the core life cycles because of the irradiation swelling/shrinkage characteristic of the graphite blocks such as fuel and reflector blocks, which are main components of a core's structure. Thus, the core bypass flow occurs in a complicated multidimensional way. The accurate prediction of this bypass flow and counter-measures to minimize it are thus of major importance in assuring core thermal margins and securing higher core efficiency. Even with this importance, there has not been much effort in quantifying and accurately modeling the effect of the core bypass flow. The main objectives of this project were to generate experimental data for validating the software to be used to calculate the bypass flow in a prismatic VHTR core, validate thermofluid analysis tools and their model improvements, and identify and assess measures for reducing the bypass flow. To achieve these objectives, tasks were defined to (1) design and construct experiments to generate validation data for software analysis tools, (2) determine the experimental conditions and define the measurement requirements and techniques, (3) generate and analyze the experimental data, (4) validate and improve the thermofluid analysis tools, and (5) identify measures to control the bypass flow and assess its performance in the experiment.

  17. Holographic Labeling And Reading Machine For Authentication And Security Appications

    DOE Patents [OSTI]

    Weber, David C.; Trolinger, James D.

    1999-07-06

    A holographic security label and automated reading machine for marking and subsequently authenticating any object such as an identification badge, a pass, a ticket, a manufactured part, or a package is described. The security label is extremely difficult to copy or even to read by unauthorized persons. The system comprises a holographic security label that has been created with a coded reference wave, whose specification can be kept secret. The label contains information that can be extracted only with the coded reference wave, which is derived from a holographic key, which restricts access of the information to only the possessor of the key. A reading machine accesses the information contained in the label and compares it with data stored in the machine through the application of a joint transform correlator, which is also equipped with a reference hologram that adds additional security to the procedure.

  18. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Remote Users Conduct Cross-Site Scripting Attacks | Department of Energy 51: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks May 8, 2013 - 12:06am Addthis PROBLEM: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks

  19. T-611: Cisco IOS OCSP Revoked Certificate Security Issue

    Broader source: Energy.gov [DOE]

    The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.

  20. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  1. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  2. T-597: WordPress Multiple Security Vulnerabilities

    Broader source: Energy.gov [DOE]

    Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks.

  3. U-212: RSA Authentication Manager Flaws Permit Cross-Site and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A remote user can conduct cross-frame scripting attacks CVE-2012-2280. Imp act: A remote user can access the target user's cookies (including authentication cookies), if any, ...

  4. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote ... The vendor has issued a fix (5.3SP1). Addthis Related Articles V-084: RSA Archer eGRC ...

  5. AUTHENTICATED SENSOR INTERFACE DEVICE FOR JOINT USE SAFEGUARDS APPLICATIONS - CONCEPTS AND CHALLENGES

    SciTech Connect (OSTI)

    Poland, R.; Drayer, R.; Wilson, J.

    2013-08-12

    This paper will discuss the key features of the Authenticated Sensor Interface Device that collectively provide the ability to share data among a number of parties while ensuring the authentication of data and protecting both the operator’s and the IAEA’s interests. The paper will also discuss the development of the prototype, the initial testing with an accountancy scale, and future plans and challenges to implementation into the joint use and remote monitoring applications. As nuclear fuel cycle technology becomes more prevalent throughout the world and the capacity of plants increases, limited resources of the IAEA are being stretched near a breaking point. A strategy is to increase efficiency in safeguards monitoring using “joint use” equipment that will provide the facility operator process data while also providing the IAEA key safeguards data. The data, however, must be authenticated and validated to ensure the data have not been tampered with. The Authenticated Sensor Interface Device provides the capability to share data and can be a valuable component in the IAEA’s ability to collect accountancy data from scales in Uranium conversion and enrichment plants, as well as nuclear fuel fabrication plants. Likewise, the Authenticated Sensor Interface Device can be configured to accept a diverse array of input signals, ranging from analog voltage, to current, to digital interfaces and more. These modular capabilities provide the ability to collect authenticated, joint-use, data streams from various process monitoring sensors.

  6. Investigation on the Core Bypass Flow in a Very High Temperature Reactor

    SciTech Connect (OSTI)

    Hassan, Yassin

    2013-10-22

    Uncertainties associated with the core bypass flow are some of the key issues that directly influence the coolant mass flow distribution and magnitude, and thus the operational core temperature profiles, in the very high-temperature reactor (VHTR). Designers will attempt to configure the core geometry so the core cooling flow rate magnitude and distribution conform to the design values. The objective of this project is to study the bypass flow both experimentally and computationally. Researchers will develop experimental data using state-of-the-art particle image velocimetry in a small test facility. The team will attempt to obtain full field temperature distribution using racks of thermocouples. The experimental data are intended to benchmark computational fluid dynamics (CFD) codes by providing detailed information. These experimental data are urgently needed for validation of the CFD codes. The following are the project tasks: • Construct a small-scale bench-top experiment to resemble the bypass flow between the graphite blocks, varying parameters to address their impact on bypass flow. Wall roughness of the graphite block walls, spacing between the blocks, and temperature of the blocks are some of the parameters to be tested. • Perform CFD to evaluate pre- and post-test calculations and turbulence models, including sensitivity studies to achieve high accuracy. • Develop the state-of-the art large eddy simulation (LES) using appropriate subgrid modeling. • Develop models to be used in systems thermal hydraulics codes to account and estimate the bypass flows. These computer programs include, among others, RELAP3D, MELCOR, GAMMA, and GAS-NET. Actual core bypass flow rate may vary considerably from the design value. Although the uncertainty of the bypass flow rate is not known, some sources have stated that the bypass flow rates in the Fort St. Vrain reactor were between 8 and 25 percent of the total reactor mass flow rate. If bypass flow rates are on the high side, the quantity of cooling flow through the core may be considerably less than the nominal design value, causing some regions of the core to operate at temperatures in excess of the design values. These effects are postulated to lead to localized hot regions in the core that must be considered when evaluating the VHTR operational and accident scenarios.

  7. T-557: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

  8. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J; Pleszkoch, Mark G; Sayre, Kirk D; Linger, Richard C

    2012-01-01

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  9. V-094: IBM Multiple Products Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database

  10. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  11. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  12. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience ...

  13. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  14. T-643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.

  15. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 9.0 or update to version 8.5.3 Fix Pack 4 when available Addthis Related Articles T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service...

  16. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  17. V-173: Plesk 0-Day Vulnerability | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro...

  18. T-542: SAP Crystal Reports Server Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.

  19. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate...

  20. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  1. T-596: 0-Day Windows Network Interception Configuration Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 96: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can

  2. Top 10 Vulnerabilities of Control Systems and Their Associated Migitations

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (2006) | Department of Energy Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document addresses potential risks that can apply to some electricity sector organizations and provides practices that can help mitigate the risks. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. PDF icon Top 10

  3. T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability

    Broader source: Energy.gov [DOE]

    It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code).

  4. EFFECTS OF GRAPHITE SURFACE ROUGHNESS ON BYPASS FLOW COMPUTATIONS FOR AN HTGR

    SciTech Connect (OSTI)

    Rich Johnson; Yu-Hsin Tung; Hiroyuki Sato

    2011-07-01

    Bypass flow in a prismatic high temperature gas reactor (HTGR) occurs between graphite blocks as they sit side by side in the core. Bypass flow is not intentionally designed to occur in the reactor, but is present because of tolerances in manufacture, imperfect installation and expansion and shrinkage of the blocks from heating and irradiation. It is desired to increase the knowledge of the effects of such flow, which has been estimated to be as much as 20% of the total helium coolant flow. Computational fluid dynamic (CFD) simulations can provide estimates of the scale and impacts of bypass flow. Previous CFD calculations have examined the effects of bypass gap width, level and distribution of heat generation and effects of shrinkage. The present contribution examines the effects of graphite surface roughness on the bypass flow for different relative roughness factors on three gap widths. Such calculations should be validated using specific bypass flow measurements. While such experiments are currently underway for the specific reference prismatic HTGR design for the next generation nuclear plant (NGNP) program of the U. S. Dept. of Energy, the data are not yet available. To enhance confidence in the present calculations, wall shear stress and heat transfer results for several turbulence models and their associated wall treatments are first compared for flow in a single tube that is representative of a coolant channel in the prismatic HTGR core. The results are compared to published correlations for wall shear stress and Nusselt number in turbulent pipe flow. Turbulence models that perform well are then used to make bypass flow calculations in a symmetric onetwelfth sector of a prismatic block that includes bypass flow. The comparison of shear stress and Nusselt number results with published correlations constitutes a partial validation of the CFD model. Calculations are also compared to ones made previously using a different CFD code. Results indicate that increasing surface roughness increases the maximum fuel and helium temperatures as do increases in gap width. However, maximum coolant temperature variation due to increased gap width is not changed by surface roughness.

  5. Novel Authentication of Monitoring Data Through the use of Secret and Public Cryptographic Keys

    SciTech Connect (OSTI)

    Benz, Jacob M.; Tolk, Keith; Tanner, Jennifer E.

    2014-07-21

    The Office of Nuclear Verification (ONV) is supporting the development of a piece of equipment to provide data authentication and protection for a suite of monitoring sensors as part of a larger effort to create an arms control technology toolkit. This device, currently called the Red Box, leverages the strengths of both secret and public cryptographic keys to authenticate, digitally sign, and pass along monitoring data to allow for host review, and redaction if necessary, without the loss of confidence in the authenticity of the data by the monitoring party. The design of the Red Box will allow for the addition and removal of monitoring equipment and can also verify that the data was collected by authentic monitoring equipment prior to signing the data and sending it to the host and for review. The host will then forward the data to the monitor for review and inspection. This paper will highlight the progress to date of the Red Box development, and will explain the novel method of leveraging both symmetric and asymmetric (secret and public key) cryptography to authenticate data within a warhead monitoring regime.

  6. T-607: Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability.

  7. V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability

    Broader source: Energy.gov [DOE]

    The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution

  8. Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations |

    Broader source: Energy.gov (indexed) [DOE]

    Department of Energy 05 Diesel Engine Emissions Reduction (DEER) Conference Presentations and Posters PDF icon 2005_deer_zirker.pdf More Documents & Publications Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles Development of Partial Filter Technology for HDD Retrofit Comparing Emissions Benefits from Regulating Heavy Vehicle Idling

  9. Climate variability and climate change vulnerability and adaptation. Workshop summary

    SciTech Connect (OSTI)

    Bhatti, N.; Cirillo, R.R.; Dixon, R.K.

    1995-12-31

    Representatives from fifteen countries met in Prague, Czech Republic, on September 11-15, 1995, to share results from the analysis of vulnerability and adaptation to global climate change. The workshop focused on the issues of global climate change and its impacts on various sectors of a national economy. The U.N. Framework Convention on Climate Change (FCCC), which has been signed by more than 150 governments worldwide, calls on signatory parties to develop and communicate measures they are implementing to respond to global climate change. An analysis of a country`s vulnerability to changes in the climate helps it identify suitable adaptation measures. These analyses are designed to determine the extent of the impacts of global climate change on sensitive sectors such as agricultural crops, forests, grasslands and livestock, water resources, and coastal areas. Once it is determined how vulnerable a country may be to climate change, it is possible to identify adaptation measures for ameliorating some or all of the effects.The objectives of the vulnerability and adaptation workshop were to: The objectives of the vulnerability and adaptation workshop were to: Provide an opportunity for countries to describe their study results; Encourage countries to learn from the experience of the more complete assessments and adjust their studies accordingly; Identify issues and analyses that require further investigation; and Summarize results and experiences for governmental and intergovernmental organizations.

  10. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can modify the configuration on the target system. A remote user can cause denial of service conditions.

  11. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT

  12. Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

  13. Energy Department Issues Tribal Energy System Vulnerabilities to Climate

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Change and Extreme Weather Report, $6M for Native American Clean Energy Projects | Department of Energy Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects Energy Department Issues Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects September 2, 2015 - 3:30pm Addthis NEWS MEDIA CONTACT 202-586-4940 DOENews@hq.doe.gov The U.S. Department of Energy

  14. Vulnerability of the US to future sea level rise

    SciTech Connect (OSTI)

    Gornitz, V. . Goddard Inst. for Space Studies); White, T.W.; Cushman, R.M. )

    1991-01-01

    The differential vulnerability of the conterminous United States to future sea level rise from greenhouse climate warming is assessed, using a coastal hazards data base. This data contains information on seven variables relating to inundation and erosion risks. High risk shorelines are characterized by low relief, erodible substrate, subsidence, shoreline retreat, and high wave/tide energies. Very high risk shorelines on the Atlantic Coast (Coastal Vulnerability Index {ge}33.0) include the outer coast of the Delmarva Peninsula, northern Cape Hatteras, and segments of New Jersey, Georgia and South Carolina. Louisiana and sections of Texas are potentially the most vulnerable, due to anomalously high relative sea level rise and erosion, coupled with low elevation and mobile sediments. Although the Pacific Coast is generally the least vulnerable, because of its rugged relief and erosion-resistant substrate, the high geographic variability leads to several exceptions, such as the San Joaquin-Sacramento Delta area, the barrier beaches of Oregon and Washington, and parts of the Puget Sound Lowlands. 31 refs., 2 figs., 3 tabs.

  15. Vulnerability analysis for complex networks using aggressive abstraction.

    SciTech Connect (OSTI)

    Colbaugh, Richard; Glass, Kristin L.

    2010-06-01

    Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

  16. Regulatory Guide on Conducting a Security Vulnerability Assessment

    SciTech Connect (OSTI)

    Ek, David R.

    2016-01-01

    This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

  17. Mechanism of RNA polymerase II bypass of oxidative cyclopurine DNA lesions

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Walmacq, Celine; Wang, Lanfeng; Chong, Jenny; Scibelli, Kathleen; Lubkowska, Lucyna; Gnatt, Averell; Brooks, Philip J.; Wang, Dong; Kashlev, Mikhail

    2015-01-20

    In human cells, the oxidative DNA lesion 8,5'-cyclo-2'-deoxyadenosine (CydA) induces prolonged stalling of RNA polymerase II (Pol II) followed by transcriptional bypass, generating both error-free and mutant transcripts with AMP misincorporated immediately downstream from the lesion. Here, we present biochemical and crystallographic evidence for the mechanism of CydA recognition. Pol II stalling results from impaired loading of the template base (5') next to CydA into the active site, leading to preferential AMP misincorporation. Such predominant AMP insertion, which also occurs at an abasic site, is unaffected by the identity of the 5´-templating base, indicating that it derives from nontemplated synthesismore » according to an A rule known for DNA polymerases and recently identified for Pol II bypass of pyrimidine dimers. Subsequent to AMP misincorporation, Pol II encounters a major translocation block that is slowly overcome. The translocation block combined with the poor extension of the dA.rA mispair reduce transcriptional mutagenesis. Moreover, increasing the active-site flexibility by mutation in the trigger loop, which increases the ability of Pol II to accommodate the bulky lesion, and addition of transacting factor TFIIF facilitate CydA bypass. Thus, blocking lesion entry to the active site, trans-lesion A rule synthesis, and translocation block are common features of transcription across different bulky DNA lesions.« less

  18. Mechanism of RNA polymerase II bypass of oxidative cyclopurine DNA lesions

    SciTech Connect (OSTI)

    Walmacq, Celine; Wang, Lanfeng; Chong, Jenny; Scibelli, Kathleen; Lubkowska, Lucyna; Gnatt, Averell; Brooks, Philip J.; Wang, Dong; Kashlev, Mikhail

    2015-01-20

    In human cells, the oxidative DNA lesion 8,5'-cyclo-2'-deoxyadenosine (CydA) induces prolonged stalling of RNA polymerase II (Pol II) followed by transcriptional bypass, generating both error-free and mutant transcripts with AMP misincorporated immediately downstream from the lesion. Here, we present biochemical and crystallographic evidence for the mechanism of CydA recognition. Pol II stalling results from impaired loading of the template base (5') next to CydA into the active site, leading to preferential AMP misincorporation. Such predominant AMP insertion, which also occurs at an abasic site, is unaffected by the identity of the 5´-templating base, indicating that it derives from nontemplated synthesis according to an A rule known for DNA polymerases and recently identified for Pol II bypass of pyrimidine dimers. Subsequent to AMP misincorporation, Pol II encounters a major translocation block that is slowly overcome. The translocation block combined with the poor extension of the dA.rA mispair reduce transcriptional mutagenesis. Moreover, increasing the active-site flexibility by mutation in the trigger loop, which increases the ability of Pol II to accommodate the bulky lesion, and addition of transacting factor TFIIF facilitate CydA bypass. Thus, blocking lesion entry to the active site, trans-lesion A rule synthesis, and translocation block are common features of transcription across different bulky DNA lesions.

  19. A photorespiratory bypass increases plant growth and seed yield in biofuel crop Camelina sativa

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Dalal, Jyoti; Lopez, Harry; Vasani, Naresh B.; Hu, Zhaohui; Swift, Jennifer E.; Yalamanchili, Roopa; Dvora, Mia; Lin, Xiuli; Xie, Deyu; Qu, Rongda; et al

    2015-10-29

    Camelina sativa is an oilseed crop with great potential for biofuel production on marginal land. The seed oil from camelina has been converted to jet fuel and improved fuel efficiency in commercial and military test flights. Hydrogenation-derived renewable diesel from camelina is environmentally superior to that from canola due to lower agricultural inputs, and the seed meal is FDA approved for animal consumption. However, relatively low yield makes its farming less profitable. Our study is aimed at increasing camelina seed yield by reducing carbon loss from photorespiration via a photorespiratory bypass. Genes encoding three enzymes of the Escherichia coli glycolatemore » catabolic pathway were introduced: glycolate dehydrogenase (GDH), glyoxylate carboxyligase (GCL) and tartronic semialdehyde reductase (TSR). These enzymes compete for the photorespiratory substrate, glycolate, convert it to glycerate within the chloroplasts, and reduce photorespiration. As a by-product of the reaction, CO2 is released in the chloroplast, which increases photosynthesis. Camelina plants were transformed with either partial bypass (GDH), or full bypass (GDH, GCL and TSR) genes. Furthermore, transgenic plants were evaluated for physiological and metabolic traits.« less

  20. Climate Change and Infrastructure, Urban Systems, and Vulnerabilities

    SciTech Connect (OSTI)

    Wilbanks, Thomas J; Fernandez, Steven J

    2014-01-01

    This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

  1. T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    Broader source: Energy.gov [DOE]

    Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  2. U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications.

  3. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple buffer overflow vulnerabilities exist in the WRF and ARF players. The vulnerabilities may lead to a crash of the player application or, in some cases, remote code execution could occur.

  4. T-592: Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability

    Broader source: Energy.gov [DOE]

    Cisco Secure ACS operates as a centralized RADIUS and TACACS+ server, combining user authentication, user and administrator device access control, and policy control into a centralized identity networking solution.

  5. U-069: Telnet code execution vulnerability: FreeBSD and Kerberos

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  6. U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities

    Energy Savers [EERE]

    Server Cross-Site Scripting Vulnerability | Department of Energy 11: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability U-011: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability October 14, 2011 - 12:30pm Addthis PROBLEM: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability PLATFORM: Version(s): VCS prior to 7.0 ABSTRACT: A

  7. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  8. U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  9. Briefing Memo: Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  10. Vulnerability, Sensitivity, and Coping/Adaptive Capacity Worldwide

    SciTech Connect (OSTI)

    Malone, Elizabeth L.; Brenkert, Antoinette L.

    2009-10-01

    Research and analyses have repeatedly shown that impacts of climate change will be unevenly distributed and will affect various societies in various ways. The severity of impacts will depend in part on ability to cope in the short term and adapt in the longer term. However, it has been difficult to find a comparative basis on which to assess differential impacts of climate change. This chapter describes the Vulnerability-Resilience Indicator Model that uses 18 proxy indicators, grouped into 8 elements, to assess on a quantitative basis the comparative potential vulnerability and resilience of countries to climate change. The model integrates socioeconomic and environmental information such as land use, crop production, water availability, per capita GDP, inequality, and health status. Comparative results for 160 countries are presented and analyzed.

  11. Agenda: Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  12. Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution

    SciTech Connect (OSTI)

    Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

    2010-04-30

    Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

  13. Subsidence vulnerability in shallow room-and-pillar mines

    SciTech Connect (OSTI)

    Missavage, R.

    1985-07-01

    Concern over mining-related subsidence is inhibiting the development of surface land uses in previously mined areas and is constraining the recovery of coal resources in areas with established land uses that might be impacted by subsequent subsidence. The determination of subsidence vulnerability of mined-out areas (especially abandoned mine areas) can be a useful tool in the design and location of surface structures. A model has been developed for assessing subsidence vulnerability in shallow room-and-pillar mines based on the flexural rigidity and strength characteristics of the overlying strata. The model does not predict the subsidence profile or when the subsidence will occur. It only predicts those areas that are likely to subside. This paper briefly describes the model and its testing.

  14. T-682:Double free vulnerability in MapServer

    Broader source: Energy.gov [DOE]

    MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

  15. Temperature-based Instanton Analysis: Identifying Vulnerability in Transmission Networks

    SciTech Connect (OSTI)

    Kersulis, Jonas; Hiskens, Ian; Chertkov, Michael; Backhaus, Scott N.; Bienstock, Daniel

    2015-04-08

    A time-coupled instanton method for characterizing transmission network vulnerability to wind generation fluctuation is presented. To extend prior instanton work to multiple-time-step analysis, line constraints are specified in terms of temperature rather than current. An optimization formulation is developed to express the minimum wind forecast deviation such that at least one line is driven to its thermal limit. Results are shown for an IEEE RTS-96 system with several wind-farms.

  16. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Energy Savers [EERE]

    6 by ISA - The Instrumentation, Systems and Automation Society. Presented at 16th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference; http://www.isa.org Mitigations for Security Vulnerabilities Found in Control System Networks May Permann John Hammer Computer Security Researcher Computer Security Researcher Communications & Cyber Security Communications & Cyber Security Idaho National Laboratory Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 Kathy

  17. T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

  18. GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |

    National Nuclear Security Administration (NNSA)

    National Nuclear Security Administration GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material May 29, 2014 GTRI's Remove Program works around the world to remove excess nuclear and radiological materials that could be used for a nuclear weapon or radiological dispersal device (RDD), or "dirty bomb". Mission In 2004 NNSA established the Global Threat Reduction Initiative (GTRI) in the Office of Defense Nuclear Nonproliferation to, as quickly as possible, identify,

  19. Climate Change Vulnerability Assessment for Idaho National Laboratory

    SciTech Connect (OSTI)

    Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

    2014-10-01

    The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

  20. Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

    SciTech Connect (OSTI)

    Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

    2007-01-01

    Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol, andfrom its authenticated variants, security experts have extended it to themulti-party setting for over a decade and completed a formal analysis inthe framework of modern cryptography in the past few years. The presentpaper synthesizes this body of work on the provably-secure authenticatedgroup DH key exchange.

  1. Integrating end-to-end encryption and authentication technology into broadband networks

    SciTech Connect (OSTI)

    Pierson, L.G.

    1995-11-01

    BISDN services will involve the integration of high speed data, voice, and video functionality delivered via technology similar to Asynchronous Transfer Mode (ATM) switching and SONET optical transmission systems. Customers of BISDN services may need a variety of data authenticity and privacy assurances, via Asynchronous Transfer Mode (ATM) services Cryptographic methods can be used to assure authenticity and privacy, but are hard to scale for implementation at high speed. The incorporation of these methods into computer networks can severely impact functionality, reliability, and performance. While there are many design issues associated with the serving of public keys for authenticated signaling and for establishment of session cryptovariables, this paper is concerned with the impact of encryption itself on such communications once the signaling and setup have been completed. Network security protections should be carefully matched to the threats against which protection is desired. Even after eliminating unnecessary protections, the remaining customer-required network security protections can impose severe performance penalties. These penalties (further discussed below) usually involve increased communication processing for authentication or encryption, increased error rate, increased communication delay, and decreased reliability/availability. Protection measures involving encryption should be carefully engineered so as to impose the least performance, reliability, and functionality penalties, while achieving the required security protection. To study these trade-offs, a prototype encryptor/decryptor was developed. This effort demonstrated the viability of implementing certain encryption techniques in high speed networks. The research prototype processes ATM cells in a SONET OC-3 payload. This paper describes the functionality, reliability, security, and performance design trade-offs investigated with the prototype.

  2. U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis PROBLEM: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability. PLATFORM: The vulnerability is reported in versions prior to 7.1.5.2. ABSTRACT: Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without

  3. V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when

  4. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related

  5. Designing a minimum-functionality neutron and gamma measurement instrument with a focus on authentication

    SciTech Connect (OSTI)

    Karpius, Peter J; Williams, Richard B

    2009-01-01

    During the design and construction of the Next-Generation Attribute-Measurement System, which included a largely commercial off-the-shelf (COTS), nondestructive assay (NDA) system, we realized that commercial NDA equipment tends to include numerous features that are not required for an attribute-measurement system. Authentication of the hardware, firmware, and software in these instruments is still required, even for those features not used in this application. However, such a process adds to the complexity, cost, and time required for authentication. To avoid these added authenticat ion difficulties, we began to design NDA systems capable of performing neutron multiplicity and gamma-ray spectrometry measurements by using simplified hardware and software that avoids unused features and complexity. This paper discusses one possible approach to this design: A hardware-centric system that attempts to perform signal analysis as much as possible in the hardware. Simpler processors and minimal firmware are used because computational requirements are kept to a bare minimum. By hard-coding the majority of the device's operational parameters, we could cull large sections of flexible, configurable hardware and software found in COTS instruments, thus yielding a functional core that is more straightforward to authenticate.

  6. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

  7. Taxonomy for Common-Cause Failure Vulnerability and Mitigation

    SciTech Connect (OSTI)

    Wood, Richard Thomas; Korsah, Kofi; Mullens, James Allen; Pullum, Laura L.

    2015-09-01

    Applying current guidance and practices for common-cause failure (CCF) mitigation to digital instrumentation and control (I&C) systems has proven problematic, and the regulatory environment has been unpredictable. The potential for CCF vulnerability inhibits I&C modernization, thereby challenging the long-term sustainability of existing plants. For new plants and advanced reactor concepts, concern about CCF vulnerability in highly integrated digital I&C systems imposes a design burden that results in higher costs and increased complexity. The regulatory uncertainty in determining which mitigation strategies will be acceptable (e.g., what diversity is needed and how much is sufficient) drives designers to adopt complicated, costly solutions devised for existing plants. To address the conditions that constrain the transition to digital I&C technology by the US nuclear industry, crosscutting research is needed to resolve uncertainty, demonstrate necessary characteristics, and establish an objective basis for qualification of digital technology for nuclear power plant (NPP) I&C applications. To fulfill this research need, Oak Ridge National Laboratory is investigating mitigation of CCF vulnerability for nuclear-qualified applications. The outcome of this research is expected to contribute to a fundamentally sound, comprehensive basis to qualify digital technology for nuclear power applications. This report documents the development of a CCF taxonomy. The basis for the CCF taxonomy was generated by determining consistent terminology and establishing a classification approach. The terminology is based on definitions from standards, guides, and relevant nuclear power industry technical reports. The classification approach is derived from identified classification schemes focused on I&C systems and key characteristics, including failure modes. The CCF taxonomy provides the basis for a systematic organization of key systems aspects relevant to analyzing the potential for CCF vulnerability and the suitability of mitigation techniques. Development of an effective CCF taxonomy will help to provide a framework for establishing the objective analysis and assessment capabilities desired to facilitate rigorous identification of fault types and triggers that are the fundamental elements of CCF.

  8. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  9. Water vulnerabilities for existing coal-fired power plants.

    SciTech Connect (OSTI)

    Elcock, D.; Kuiper, J.; Environmental Science Division

    2010-08-19

    This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considered subject to demand concerns, supply concerns, or both demand and supply concerns.

  10. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 | Princeton Plasma Physics Lab February 28, 2013, 4:15pm to 5:30pm Colloquia MBG Auditorium COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 Professor Nicholas K. Coch Queens College CUNY In the last two years. the

  11. Electrical and thermal finite element modeling of arc faults in photovoltaic bypass diodes.

    SciTech Connect (OSTI)

    Bower, Ward Isaac; Quintana, Michael A.; Johnson, Jay

    2012-01-01

    Arc faults in photovoltaic (PV) modules have caused multiple rooftop fires. The arc generates a high-temperature plasma that ignites surrounding materials and subsequently spreads the fire to the building structure. While there are many possible locations in PV systems and PV modules where arcs could initiate, bypass diodes have been suspected of triggering arc faults in some modules. In order to understand the electrical and thermal phenomena associated with these events, a finite element model of a busbar and diode was created. Thermoelectrical simulations found Joule and internal diode heating from normal operation would not normally cause bypass diode or solder failures. However, if corrosion increased the contact resistance in the solder connection between the busbar and the diode leads, enough voltage potentially would be established to arc across micron-scale electrode gaps. Lastly, an analytical arc radiation model based on observed data was employed to predicted polymer ignition times. The model predicted polymer materials in the adjacent area of the diode and junction box ignite in less than 0.1 seconds.

  12. Open cycle ocean thermal energy conversion steam control and bypass system

    DOE Patents [OSTI]

    Wittig, J. Michael; Jennings, Stephen J.

    1980-01-01

    Two sets of hinged control doors for regulating motive steam flow from an evaporator to a condenser alternatively through a set of turbine blades in a steam bypass around the turbine blades. The evaporator has a toroidal shaped casing situated about the turbine's vertical axis of rotation and an outlet opening therein for discharging motive steam into an annular steam flow path defined between the turbine's radially inner and outer casing structures. The turbine blades extend across the steam flow path intermediate the evaporator and condenser. The first set of control doors is arranged to prevent steam access to the upstream side of the turbine blades and the second set of control doors acts as a bypass around the blades so as to maintain equilibrium between the evaporator and condenser during non-rotation of the turbine. The first set of control doors preferably extend, when closed, between the evaporator casing and the turbine's outer casing and, when open, extend away from the axis of rotation. The second set of control doors preferably constitute a portion of the turbine's outer casing downstream from the blades when closed and extend, when open, toward the axis of rotation. The first and second sets of control doors are normally held in the open and closed positions respectively by locking pins which may be retracted upon detecting an abnormal operating condition respectively to permit their closing and opening and provide steam flow from the evaporator to the condenser.

  13. V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities

    Broader source: Energy.gov [DOE]

    This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

  14. Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

  15. Chemical Safety Vulnerability Working Group report. Volume 3

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

  16. Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)

    SciTech Connect (OSTI)

    Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

    2013-02-01

    The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

  17. U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 96: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure

  18. V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the

  19. V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

  20. T-572: VMware ESX/ESXi SLPD denial of service vulnerability

    Broader source: Energy.gov [DOE]

    VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

  1. T-656: Microsoft Office Visio DXF File Handling Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Office Visio contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

  2. U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory

  3. V-041: Red Hat CloudForms Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Red Hat CloudForms Multiple Vulnerabilities V-041: Red Hat CloudForms Multiple Vulnerabilities December 6, 2012 - 4:01am Addthis PROBLEM: Red Hat CloudForms Multiple Vulnerabilities PLATFORM: CloudForms ABSTRACT: Multiple vulnerabilities have been reported in Red Hat CloudForms REFERENCE LINKS: RHSA-2012-1542-1 RHSA-2012-1543-1 Secunia Advisory SA51472 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 CVE-2012-2139 CVE-2012-2140 CVE-2012-2660 CVE-2012-2661 CVE-2012-2694 CVE-2012-2695 CVE-2012-3424

  4. U-016: Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to cause a targeted device to stop responding, resulting in a DoS condition

  5. V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.

  6. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment...

    Broader source: Energy.gov (indexed) [DOE]

    PROBLEM: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. PLATFORM: * BlackBerry Enterprise Server Express version...

  7. U-225: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities in Citrix Access Gateway Plug-in for Windows can be exploited by malicious people to compromise a user's system.

  8. U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions...

  9. V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system

  10. V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) that can affect the security of IBM Tivoli Application Dependency Discovery Manager

  11. U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

  12. U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

  13. V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system.

  14. V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service)

  15. T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.

  16. U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

  17. T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

    Broader source: Energy.gov [DOE]

    Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

  18. Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

    SciTech Connect (OSTI)

    Suski, N; Wuest, C

    2011-02-04

    Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

  19. A preliminary assessment of beryllium dust oxidation during a wet bypass accident in a fusion reactor

    SciTech Connect (OSTI)

    Brad J. Merrill; Richard L. Moore; J. Phillip Sharp

    2008-09-01

    A beryllium dust oxidation model has been developed at the Idaho National Laboratory (INL) by the Fusion Safety Program (FSP) for the MELCOR safety computer code. The purpose of this model is to investigate hydrogen production from beryllium dust layers on hot surfaces inside a fusion reactor vacuum vessel (VV) during in-vessel loss-of-cooling accidents (LOCAs). This beryllium dust oxidation model accounts for the diffusion of steam into a beryllium dust layer, the oxidation of the dust particles inside this layer based on the beryllium-steam oxidation equations developed at the INL, and the effective thermal conductivity of this beryllium dust layer. This paper details this oxidation model and presents the results of the application of this model to a wet bypass accident scenario in the ITER device.

  20. Particle Image Velocimetry Measurements and Analysis of Bypass Data for a Scaled 6mm Gap

    SciTech Connect (OSTI)

    J.R. Wolf; T.E. Conder; R.R. Schultz

    2012-09-01

    The purpose of the fluid dynamics experiments in the MIR (Matched Index of-Refraction) flow system at Idaho National Laboratory (INL) is to develop benchmark databases for the assessment of Computational Fluid Dynamics (CFD) solutions of the momentum equations, scalar mixing, and turbulence models for the flow ratios between coolant channels and bypass gaps in the interstitial regions of typical prismatic standard fuel element (SFE) or upper reflector block geometries of typical Modular High-temperature Gas-cooled Reactors (MHTGR) in the limiting case of negligible buoyancy and constant fluid properties. The experiments will use optical techniques, primarily particle image velocimetry (PIV) in the INL Matched Index of Refraction (MIR) flow system.

  1. T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

  2. T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8.0.7600.16385 is vulnerable; other versions may also be affected.

  3. T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application.

  4. Climate change and health: Indoor heat exposure in vulnerable populations

    SciTech Connect (OSTI)

    White-Newsome, Jalonne L.; Sanchez, Brisa N.; Jolliet, Olivier; Zhang, Zhenzhen; Parker, Edith A.; Timothy Dvonch, J.; O'Neill, Marie S.

    2012-01-15

    Introduction: Climate change is increasing the frequency of heat waves and hot weather in many urban environments. Older people are more vulnerable to heat exposure but spend most of their time indoors. Few published studies have addressed indoor heat exposure in residences occupied by an elderly population. The purpose of this study is to explore the relationship between outdoor and indoor temperatures in homes occupied by the elderly and determine other predictors of indoor temperature. Materials and methods: We collected hourly indoor temperature measurements of 30 different homes; outdoor temperature, dewpoint temperature, and solar radiation data during summer 2009 in Detroit, MI. We used mixed linear regression to model indoor temperatures' responsiveness to weather, housing and environmental characteristics, and evaluated our ability to predict indoor heat exposures based on outdoor conditions. Results: Average maximum indoor temperature for all locations was 34.85 Degree-Sign C, 13.8 Degree-Sign C higher than average maximum outdoor temperature. Indoor temperatures of single family homes constructed of vinyl paneling or wood siding were more sensitive than brick homes to outdoor temperature changes and internal heat gains. Outdoor temperature, solar radiation, and dewpoint temperature predicted 38% of the variability of indoor temperatures. Conclusions: Indoor exposures to heat in Detroit exceed the comfort range among elderly occupants, and can be predicted using outdoor temperatures, characteristics of the housing stock and surroundings to improve heat exposure assessment for epidemiological investigations. Weatherizing homes and modifying home surroundings could mitigate indoor heat exposure among the elderly.

  5. Ultra Wideband (UWB) communication vulnerability for security applications.

    SciTech Connect (OSTI)

    Cooley, H. Timothy

    2010-07-01

    RF toxicity and Information Warfare (IW) are becoming omnipresent posing threats to the protection of nuclear assets, and within theatres of hostility or combat where tactical operation of wireless communication without detection and interception is important and sometimes critical for survival. As a result, a requirement for deployment of many security systems is a highly secure wireless technology manifesting stealth or covert operation suitable for either permanent or tactical deployment where operation without detection or interruption is important The possible use of ultra wideband (UWB) spectrum technology as an alternative physical medium for wireless network communication offers many advantages over conventional narrowband and spread spectrum wireless communication. UWB also known as fast-frequency chirp is nonsinusoidal and sends information directly by transmitting sub-nanosecond pulses without the use of mixing baseband information upon a sinusoidal carrier. Thus UWB sends information using radar-like impulses by spreading its energy thinly over a vast spectrum and can operate at extremely low-power transmission within the noise floor where other forms of RF find it difficult or impossible to operate. As a result UWB offers low probability of detection (LPD), low probability of interception (LPI) as well as anti-jamming (AJ) properties in signal space. This paper analyzes and compares the vulnerability of UWB to narrowband and spread spectrum wireless network communication.

  6. Method of treating emissions of a hybrid vehicle with a hydrocarbon absorber and a catalyst bypass system

    DOE Patents [OSTI]

    Roos, Bryan Nathaniel; Gonze, Eugene V; Santoso, Halim G; Spohn, Brian L

    2014-01-14

    A method of treating emissions from an internal combustion engine of a hybrid vehicle includes directing a flow of air created by the internal combustion engine when the internal combustion engine is spinning but not being fueled through a hydrocarbon absorber to collect hydrocarbons within the flow of air. When the hydrocarbon absorber is full and unable to collect additional hydrocarbons, the flow of air is directed through an electrically heated catalyst to treat the flow of air and remove the hydrocarbons. When the hydrocarbon absorber is not full and able to collect additional hydrocarbons, the flow of air is directed through a bypass path that bypasses the electrically heated catalyst to conserve the thermal energy stored within the electrically heated catalyst.

  7. Building America Top Innovations Hall of Fame Profile Â… Thermal Bypass Air Barriers in the 2009 International Energy Conservation Code

    Energy Savers [EERE]

    effectively demonstrated the importance of thermal bypass air barriers, which led to their inclusion in ENERGY STAR for Homes Version 3 specifications in 2006 and then to inclusion in the 2009 IECC. This is a great example of effective research driving a complete market transformation process for a critical high-performance home innovation. Air sealing of the home's thermal enclosure has been required by the energy code for many years. However, in years past, the provisions were somewhat vague

  8. Building America Top Innovations Hall of Fame Profile Â… Thermal Bypass Air Barriers in the 2009 International Energy Conservation Code

    Energy Savers [EERE]

    effectively demonstrated the importance of thermal bypass air barriers, which led to their inclusion in ENERGY STAR for Homes Version 2 specifications in 2006 and then to inclusion in the 2009 IECC. This is a great example of effective research driving a complete market transformation process for a critical high-performance home innovation. Air sealing of the home's thermal enclosure has been required by the energy code for many years. However, in years past, the provisions were somewhat vague

  9. U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation Final Report

    SciTech Connect (OSTI)

    L. R. Zirker; J. E. Francfort; J. J. Fielding

    2006-03-01

    This Oil Bypass Filter Technology Evaluation final report documents the feasibility of using oil bypass filters on 17 vehicles in the Idaho National Laboratory (INL) fleet during a 3-year test period. Almost 1.3 million test miles were accumulated, with eleven 4-cycle diesel engine buses accumulating 982,548 test miles and six gasoline-engine Chevrolet Tahoes accumulating 303,172 test miles. Two hundred and forty oil samples, taken at each 12,000-mile bus servicing event and at 3,000 miles for the Tahoes, documented the condition of the engine oils for continued service. Twenty-eight variables were normally tested, including the presence of desired additives and undesired wear metals such as iron and chrome, as well as soot, water, glycol, and fuel. Depending on the assumptions employed, the INL found that oil bypass filter systems for diesel engine buses have a positive payback between 72,000 and 144,000 miles. For the Tahoes, the positive payback was between 66,000 and 69,000 miles.

  10. Structural insight into dynamic bypass of the major cisplatin-DNA adduct by Y-family polymerase Dpo4

    SciTech Connect (OSTI)

    Wong, Jimson H.Y.; Brown, Jessica A.; Suo, Zucai; Blum, Paul; Nohmi, Takehiko; Ling, Hong

    2010-08-23

    Y-family DNA polymerases bypass Pt-GG, the cisplatin-DNA double-base lesion, contributing to the cisplatin resistance in tumour cells. To reveal the mechanism, we determined three structures of the Y-family DNA polymerase, Dpo4, in complex with Pt-GG DNA. The crystallographic snapshots show three stages of lesion bypass: the nucleotide insertions opposite the 3{prime}G (first insertion) and 5{prime}G (second insertion) of Pt-GG, and the primer extension beyond the lesion site. We observed a dynamic process, in which the lesion was converted from an open and angular conformation at the first insertion to a depressed and nearly parallel conformation at the subsequent reaction stages to fit into the active site of Dpo4. The DNA translocation-coupled conformational change may account for additional inhibition on the second insertion reaction. The structures illustrate that Pt-GG disturbs the replicating base pair in the active site, which reduces the catalytic efficiency and fidelity. The in vivo relevance of Dpo4-mediated Pt-GG bypass was addressed by a dpo-4 knockout strain of Sulfolobus solfataricus, which exhibits enhanced sensitivity to cisplatin and proteomic alterations consistent with genomic stress.

  11. A photorespiratory bypass increases plant growth and seed yield in biofuel crop Camelina sativa

    SciTech Connect (OSTI)

    Dalal, Jyoti; Lopez, Harry; Vasani, Naresh B.; Hu, Zhaohui; Swift, Jennifer E.; Yalamanchili, Roopa; Dvora, Mia; Lin, Xiuli; Xie, Deyu; Qu, Rongda; Sederoff, Heike W.

    2015-10-29

    Camelina sativa is an oilseed crop with great potential for biofuel production on marginal land. The seed oil from camelina has been converted to jet fuel and improved fuel efficiency in commercial and military test flights. Hydrogenation-derived renewable diesel from camelina is environmentally superior to that from canola due to lower agricultural inputs, and the seed meal is FDA approved for animal consumption. However, relatively low yield makes its farming less profitable. Our study is aimed at increasing camelina seed yield by reducing carbon loss from photorespiration via a photorespiratory bypass. Genes encoding three enzymes of the Escherichia coli glycolate catabolic pathway were introduced: glycolate dehydrogenase (GDH), glyoxylate carboxyligase (GCL) and tartronic semialdehyde reductase (TSR). These enzymes compete for the photorespiratory substrate, glycolate, convert it to glycerate within the chloroplasts, and reduce photorespiration. As a by-product of the reaction, CO2 is released in the chloroplast, which increases photosynthesis. Camelina plants were transformed with either partial bypass (GDH), or full bypass (GDH, GCL and TSR) genes. Furthermore, transgenic plants were evaluated for physiological and metabolic traits.

  12. U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 86: IBM WebSphere Sensor Events Multiple Vulnerabilities U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities June 8, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM WebSphere Sensor Events PLATFORM: IBM WebSphere Sensor Events 7.x ABSTRACT: Some vulnerabilites have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks. Reference Links: Secunia ID 49413 No CVE references. Vendor URL IMPACT

  13. V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 2.3.0 or 1.2.19. Addthis Related Articles U-226: Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability V-062: Asterisk Two Denial of...

  14. T-561: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    IBM and Oracle Java products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

  15. V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow.

  16. T-539: Adobe Acrobat, Reader, and Flash Player Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user. If the user holds elevated privileges, the attacker could execute arbitrary code that results in complete system compromise.

  17. U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system

  18. V-209:Cisco WAAS (Wide Area Application Services) Arbitrary Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.

  19. U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address.

  20. V-007: McAfee Firewall Enterprise ISC BIND Record Handling Lockup Vulnerability

    Broader source: Energy.gov [DOE]

    McAfee has acknowledged a vulnerability in McAfee Firewall Enterprise, which can be exploited by malicious people to cause a DoS (Denial of Service).

  1. Vulnerability Assessments and Resilience Planning at Federal Facilities. Preliminary Synthesis of Project

    SciTech Connect (OSTI)

    Moss, R. H.; Delgado, A.; Malone, E L.

    2015-08-15

    U.S. government agencies are now directed to assess the vulnerability of their operations and facilities to climate change and to develop adaptation plans to increase their resilience. Specific guidance on methods is still evolving based on the many different available frameworks. Agencies have been experimenting with these frameworks and approaches. This technical paper synthesizes lessons and insights from a series of research case studies conducted by the investigators at facilities of the U.S. Department of Energy and the Department of Defense. The purpose of the paper is to solicit comments and feedback from interested program managers and analysts before final conclusions are published. The paper describes the characteristics of a systematic process for prioritizing needs for adaptation planning at individual facilities and examines requirements and methods needed. It then suggests a framework of steps for vulnerability assessments at Federal facilities and elaborates on three sets of methods required for assessments, regardless of the detailed framework used. In a concluding section, the paper suggests a roadmap to further develop methods to support agencies in preparing for climate change. The case studies point to several preliminary conclusions; (1) Vulnerability assessments are needed to translate potential changes in climate exposure to estimates of impacts and evaluation of their significance for operations and mission attainment, in other words into information that is related to and useful in ongoing planning, management, and decision-making processes; (2) To increase the relevance and utility of vulnerability assessments to site personnel, the assessment process needs to emphasize the characteristics of the site infrastructure, not just climate change; (3) A multi-tiered framework that includes screening, vulnerability assessments at the most vulnerable installations, and adaptation design will efficiently target high-risk sites and infrastructure; (4) Vulnerability assessments can be connected to efforts to improve facility resilience to motivate participation; and (5) Efficient, scalable methods for vulnerability assessment can be developed, but additional case studies and evaluation are required.

  2. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Resilience Solutions | Department of Energy Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please view it in a modern browser. This report examines the current and potential future impacts of climate change and extreme weather on the U.S. energy sector at the regional level. It provides illustrative

  3. Assessment of chemical vulnerabilities in the Hanford high-level waste tanks

    SciTech Connect (OSTI)

    Meacham, J.E.

    1996-02-15

    The purpose of this report is to summarize results of relevant data (tank farm and laboratory) and analysis related to potential chemical vulnerabilities of the Hanford Site waste tanks. Potential chemical safety vulnerabilities examined include spontaneous runaway reactions, condensed phase waste combustibility, and tank headspace flammability. The major conclusions of the report are the following: Spontaneous runaway reactions are not credible; condensed phase combustion is not likely; and periodic releases of flammable gas can be mitigated by interim stabilization.

  4. Modeling Vulnerability and Resilience to Climate Change: A Case Study of India and Indian States

    SciTech Connect (OSTI)

    Brenkert, Antoinette L.; Malone, Elizabeth L.

    2005-09-01

    The vulnerability of India and Indian states to climate change was assessed using the Vulnerability-Resilience Indicator Prototype (VRIP). The model was adapted from the global/country version to account for Indian dietary practices and data availability with regard to freshwater resources. Results (scaled to world values) show nine Indian states to be moderately resilient to climate change, principally because of low sulfur emissions and a relatively large percentage of unmanaged land. Six states are more vulnerable than India as a whole, attributable largely to sensitivity to sea storm surges. Analyses of results at the state level (Orissa, and comparisons between Maharashtra and Kerala, and Andhra Pradesh and Himachal Pradesh) demonstrate the value of VRIP analyses used in conjunction with other socioeconomic information to address initial questions about the sources of vulnerability in particular places. The modeling framework allows analysts and stakeholders to systematically evaluate individual and sets of indicators and to indicate where the likely vulnerabilities are in the area being assessed.

  5. U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 38: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability April 2, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco IOS XE 2.1.x Cisco IOS XE 2.2.x Cisco IOS XE 2.3.x Cisco IOS XE 2.4.x Cisco IOS XE 2.5.x Cisco IOS XE 2.6.x Cisco IOS XE 3.1.x Cisco IOS XE 3.3.x

  6. U-148: ActiveScriptRuby GRScript18.dll ActiveX Control Ruby Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in GRScript18.dll and can be exploited to execute arbitrary Ruby commands.

  7. V-159: RSA SecurID Agent Discloses Node Secret Encryption Key...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    has issued fixes. Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  8. Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman

    SciTech Connect (OSTI)

    Chevassut, Olivier; Milner, Joseph; Pointcheval, David

    2008-04-21

    The internet has grown greatly in the past decade, by some numbers exceeding 47 million active web sites and a total aggregate exceeding100 million web sites. What is common practice today on the Internet is that servers have public keys, but clients are largely authenticated via short passwords. Protecting these passwords by not storing them in the clear on institutions's servers has become a priority. This paper develops password-based ciphersuites for the Transport Layer Security (TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free from patent and licensing restrictions based on an analysis of relevant patents in the area.

  9. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. To address the facility-specific and site-specific vulnerabilities, responsible DOE and site-contractor line organizations have developed initial site response plans. These plans, presented as Volume 2 of this Management Response Plan, describe the actions needed to mitigate or eliminate the facility- and site-specific vulnerabilities identified by the CSV Working Group field verification teams. Initial site response plans are described for: Brookhaven National Lab., Hanford Site, Idaho National Engineering Lab., Lawrence Livermore National Lab., Los Alamos National Lab., Oak Ridge Reservation, Rocky Flats Plant, Sandia National Laboratories, and Savannah River Site.

  10. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  11. Seismic Vulnerability Evaluations Within The Structural And Functional Survey Activities Of The COM Bases In Italy

    SciTech Connect (OSTI)

    Zuccaro, G.; Cacace, F.; Albanese, V.; Mercuri, C.; Papa, F.; Pizza, A. G.; Sergio, S.; Severino, M.

    2008-07-08

    The paper describes technical and functional surveys on COM buildings (Mixed Operative Centre). This activity started since 2005, with the contribution of both Italian Civil Protection Department and the Regions involved. The project aims to evaluate the efficiency of COM buildings, checking not only structural, architectonic and functional characteristics but also paying attention to surrounding real estate vulnerability, road network, railways, harbours, airports, area morphological and hydro-geological characteristics, hazardous activities, etc. The first survey was performed in eastern Sicily, before the European Civil Protection Exercise 'EUROSOT 2005'. Then, since 2006, a new survey campaign started in Abruzzo, Molise, Calabria and Puglia Regions. The more important issue of the activity was the vulnerability assessment. So this paper deals with a more refined vulnerability evaluation technique by means of the SAVE methodology, developed in the 1st task of SAVE project within the GNDT-DPC programme 2000-2002 (Zuccaro, 2005); the SAVE methodology has been already successfully employed in previous studies (i.e. school buildings intervention programme at national scale; list of strategic public buildings in Campania, Sicilia and Basilicata). In this paper, data elaborated by SAVE methodology are compared with expert evaluations derived from the direct inspections on COM buildings. This represents a useful exercise for the improvement either of the survey forms or of the methodology for the quick assessment of the vulnerability.

  12. U-199: Drupal Drag & Drop Gallery Module Arbitrary File Upload Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to the sites/all/modules/dragdrop_gallery/upload.php script improperly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension.

  13. U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation - Sixth Quarterly Report, January - March 2004

    SciTech Connect (OSTI)

    U.S. Department of Energy; Larry Zirker

    2004-06-01

    This Oil Bypass Filter Technology Evaluation quarterly report (January-March 2004) details the ongoing fleet evaluation of an oil bypass filter technology by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy's FreedomCAR & Vehicle Technologies Program. Eight four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass filter systems from the puraDYN Corporation. The bypass filters are reported to have engine oil filtering capability of <1 micron and a built-in additive package to facilitate extended oil-drain intervals. This quarter, the heavy-duty buses traveled 88,747 miles, and as of the end of March 2004, the eight buses have accumulated 412,838 total test miles without requiring an oil change. This represents an avoidance of 34 oil changes, which equates to 1,199 quarts (300 gallons) of new oil not consumed and, furthermore, 1,199 quarts of waste oil not generated.

  14. Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2

    SciTech Connect (OSTI)

    Fesharaki, F.; Rizer, J.P.; Greer, L.S.

    1994-05-01

    The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

  15. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions October 2015 U.S. Department of Energy Office of Energy Policy and Systems Analysis Acknowledgements This report was produced by the U.S. Department of Energy's Office of Energy Policy and Systems Analysis (DOE-EPSA) under the direction of Craig Zamuda. Matt Antes, C.W. Gillespie, Anna Mosby, and Beth Zotter of Energetics Incorporated provided analysis, drafting support, and technical editing.

  16. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2010-08-25

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future.

  17. Application of artificial neural networks in power system security and vulnerability assessment

    SciTech Connect (OSTI)

    Qin Zhou; Davidson, J.; Fouad, A.A.

    1994-02-01

    In a companion paper the concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. Using the TEF method of transient stability analysis, the energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity to a changing system parameter p ([partial derivative][Delta]V/[partial derivative]p) as indicator of its trend with changing system conditions. These two indicators are combined to determine the degree of system vulnerability to contingent disturbances in a stability-limited power system. Thresholds for acceptable levels of the security indicator and its trend are related to the stability limits of a critical system parameter (plant generation limits). Operating practices and policies are used to determine these thresholds. In this paper the artificial neural networks (ANNs) technique is applied to the concept of system vulnerability within the recently developed framework, for fast pattern recognition and classification of system dynamic security status. A suitable topology for the neural network is developed, and the appropriate training method and input and output signals are selected. The procedure developed is successfully applied to the IEEE 50-generator test system. Data previously obtained by heuristic techniques are used for training the ANN.

  18. Vulnerability and adaptation to severe weather events in the American southwest

    SciTech Connect (OSTI)

    Boero, Riccardo; Bianchini, Laura; Pasqualini, Donatella

    2015-05-04

    Climate change can induce changes in the frequency of severe weather events representing a threat to socio-economic development. It is thus of uttermost importance to understand how the vulnerability to the weather of local communities is determined and how adaptation public policies can be effectively put in place. We focused our empirical analysis on the American Southwest. Results show that, consistently with the predictions of an investment model, economic characteristics signaling local economic growth in the near future decrease the level of vulnerability. We also show that federal governments transfers and grants neither work to support recovery from and adaptation to weather events nor to distribute their costs over a broader tax base. Finally, we show that communities relying on municipal bonds to finance adaptation and recovery policies can benefit from local acknowledgment of the need for such policies and that they do not have to pay lenders a premium for the risk induced by weather events. In conclusion, our findings suggest that determinants of economic growth support lower vulnerability to the weather and increase options for financing adaptation and recovery policies, but also that only some communities are likely to benefit from those processes.

  19. Vulnerability of larval and juvenile white sturgeon to barotrauma: can they handle the pressure?

    SciTech Connect (OSTI)

    Brown, Richard S.; Cook, Katrina V.; Pflugrath, Brett D.; Rozeboom, Latricia L.; Johnson, Rachelle C.; McLellan, Jason; Linley, Timothy J.; Gao, Yong; Baumgartner, Lee J.; Dowell, Frederick E.; Miller, Erin A.; White, Timothy A.

    2013-07-01

    Techniques were developed to determine which life stages of fish are vulnerable to barotrauma from expansion of internal gases during decompression. Eggs, larvae and juvenile hatchery-reared white sturgeon (Acipenser transmontanus; up to 91 days post hatch; dph), were decompressed to assess vulnerability to barotrauma and identify initial swim bladder inflation. Barotrauma related injury and mortality were first observed 9 dph, on the same day as initial exogenous feeding. However, barotrauma related injury did not occur again until swim bladder inflation 75 dph (visible from necropsy and x-ray radiographs). Swim bladder inflation was not consistent among individuals, with only 44% being inflated 91 dph. Additionally, swim bladder inflation did not appear to be size dependent among fish ranging in total length from 61-153 mm at 91 dph. The use of a combination of decompression tests and x-ray radiography was validated as a method to determine initial swim bladder inflation and vulnerability to barotrauma. Extending these techniques to other species and life history stages would help to determine fish susceptibility to hydroturbine passage and aid in fish conservation.

  20. Vulnerability and adaptation to severe weather events in the American southwest

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Boero, Riccardo; Bianchini, Laura; Pasqualini, Donatella

    2015-05-04

    Climate change can induce changes in the frequency of severe weather events representing a threat to socio-economic development. It is thus of uttermost importance to understand how the vulnerability to the weather of local communities is determined and how adaptation public policies can be effectively put in place. We focused our empirical analysis on the American Southwest. Results show that, consistently with the predictions of an investment model, economic characteristics signaling local economic growth in the near future decrease the level of vulnerability. We also show that federal governments transfers and grants neither work to support recovery from and adaptationmore » to weather events nor to distribute their costs over a broader tax base. Finally, we show that communities relying on municipal bonds to finance adaptation and recovery policies can benefit from local acknowledgment of the need for such policies and that they do not have to pay lenders a premium for the risk induced by weather events. In conclusion, our findings suggest that determinants of economic growth support lower vulnerability to the weather and increase options for financing adaptation and recovery policies, but also that only some communities are likely to benefit from those processes.« less

  1. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains a discussion of the chemical safety improvements planned or already underway at DOE sites to correct facility or site-specific vulnerabilities. The main part of the report is a discussion of each of the programmatic deficiencies; a description of the tasks to be accomplished; the specific actions to be taken; and the organizational responsibilities for implementation.

  2. Data management for geospatial vulnerability assessment of interdependencies in US power generation

    SciTech Connect (OSTI)

    Shih, C.Y.; Scown, C.D.; Soibelman, L.; Matthews, H.S.; Garrett, J.H.; Dodrill, K.; McSurdy, S.

    2009-09-15

    Critical infrastructures maintain our society's stability, security, and quality of life. These systems are also interdependent, which means that the disruption of one infrastructure system can significantly impact the operation of other systems. Because of the heavy reliance on electricity production, it is important to assess possible vulnerabilities. Determining the source of these vulnerabilities can provide insight for risk management and emergency response efforts. This research uses data warehousing and visualization techniques to explore the interdependencies between coal mines, rail transportation, and electric power plants. By merging geospatial and nonspatial data, we are able to model the potential impacts of a disruption to one or more mines, rail lines, or power plants, and visually display the results using a geographical information system. A scenario involving a severe earthquake in the New Madrid Seismic Zone is used to demonstrate the capabilities of the model when given input in the form of a potentially impacted area. This type of interactive analysis can help decision makers to understand the vulnerabilities of the coal distribution network and the potential impact it can have on electricity production.

  3. U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.

  4. Outmigration of landlocked Atlantic salmon (Salmo salar) smolts and effectiveness of an angled trash rack/fish bypass structure at a small scale hydroelectric facility. [Salmo salar

    SciTech Connect (OSTI)

    Nettles, D.C.; Gloss, S.P.

    1985-01-01

    Modes of downstream passage (penstock, spillway, diversion chute) by Atlantic salmon (Salmo salar) smolts were monitored using radio telemetry to assess the effectiveness of an angled trash rack/fish bypass structure at a small hydroelectric dam on the Boquet River, New York. Telemetry of 170 Atlantic salmon smolts and visual observations of stocked smolts were used to determine aspects of Atlantic salmon outmigration behavior. Smolts initiated mass migrations after river temperatures reached or exceeded 10/sup 0/C. Many radio-tagged smolts interrupted movements upon reaching ponded waters and/or the dam. River flow did not (P > .05) affect the frequency of migratory movements, passages, or rate of movement. Migrations were of approximately 30 days duration. Passages at the dam occurred primarily at night (61%) with diurnal passages (17%) and crepuscular passages (17%) of secondary importance. Timing of 5% of the passages was undetermined. All passages which occurred when angled trash racks were in place were through the bypass or over the spillway. Six (6) passages occurred when trash racks perpendicular to the penstock were in place: 3 of these were penstock passages. The angled trash rack and bypass structure served to reduce entrainment.

  5. Two-subunit DNA escort mechanism and inactive subunit bypass in an ultra-fast ring ATPase

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Liu, Ninning; Chistol, Gheorghe; Bustamante, Carlos

    2015-10-09

    SpoIIIE is a homo-hexameric dsDNA translocase responsible for completing chromosome segregation in Bacillus subtilis . Here, we use a single-molecule approach to monitor SpoIIIE translocation when challenged with neutral-backbone DNA and non-hydrolyzable ATP analogs. We show that SpoIIIE makes multiple essential contacts with phosphates on the 5'→3' strand in the direction of translocation. Using DNA constructs with two neutral-backbone segments separated by a single charged base pair, we deduce that SpoIIIE’s step size is 2 bp. Finally, experiments with non-hydrolyzable ATP analogs suggest that SpoIIIE can operate with non-consecutive inactive subunits. We propose a two-subunit escort translocation mechanism thatmore » is strict enough to enable SpoIIIE to track one DNA strand, yet sufficiently compliant to permit the motor to bypass inactive subunits without arrest. We speculate that such a flexible mechanism arose for motors that, like SpoIIIE, constitute functional bottlenecks where the inactivation of even a single motor can be lethal for the cell.« less

  6. V-036: EMC Smarts Network Configuration Manager Database Authenticatio...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass ... Tomcat and JBOSS. Addthis Related Articles V-120: EMC Smarts Network Configuration ...

  7. U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.

  8. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  9. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access

    Broader source: Energy.gov [DOE]

    Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.

  10. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2008-12-30

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future. In recent studies (Moss et al. 2000, Brenkert and Malone 2005, Malone and Brenket 2008, Ibarrarán et al. 2007), the Vulnerability-Resilience Indicators Model (VRIM) is used to integrate a set of proxy variables that determine the resilience of a region to climate change. Resilience, or the ability of a region to respond to climate variations and natural events that result from climate change, is given by its adaptation and coping capacity and its sensitivity. On the one hand, the sensitivity of a region to climate change is assessed, emphasizing its infrastructure, food security, water resources, and the health of the population and regional ecosystems. On the other hand, coping and adaptation capacity is based on the availability of human resources, economic capacity and environmental capacity.

  11. Optimization Strategies for the Vulnerability Analysis of the Electric Power Grid

    SciTech Connect (OSTI)

    Pinar, A.; Meza, J.; Donde, V.; Lesieutre, B.

    2007-11-13

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (MINLP) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  12. Optimization strategies for the vulnerability analysis of the electric power grid.

    SciTech Connect (OSTI)

    Meza, Juan C.; Pinar, Ali; Lesieutre, Bernard; Donde, Vaibhav

    2009-03-01

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (minlp) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  13. Evaluation of the Geotech Smart24 data acquisition system with active Fortezza crypto card data signing and authentication.

    SciTech Connect (OSTI)

    Hart, Darren M.

    2008-05-01

    Sandia National Laboratories has tested and evaluated Geotech Smart24 data acquisition system with active Fortezza crypto card data signing and authentication. The test results included in this report were in response to static and tonal-dynamic input signals. Most test methodologies used were based on IEEE Standards 1057 for Digitizing Waveform Recorders and 1241 for Analog to Digital Converters; others were designed by Sandia specifically for infrasound application evaluation and for supplementary criteria not addressed in the IEEE standards. The objective of this work was to evaluate the overall technical performance of the Geotech Smart24 digitizer with a Fortezza PCMCIA crypto card actively implementing the signing of data packets. The results of this evaluation were compared to relevant specifications provided within manufacturer's documentation notes. The tests performed were chosen to demonstrate different performance aspects of the digitizer under test. The performance aspects tested include determining noise floor, least significant bit (LSB), dynamic range, cross-talk, relative channel-to-channel timing, time-tag accuracy, analog bandwidth and calibrator performance.

  14. A Climate Change Vulnerability Assessment Report for the National Renewable Energy Laboratory: May 23, 2014 -- June 5, 2015

    SciTech Connect (OSTI)

    Vogel, J.; O'Grady, M.; Renfrow, S.

    2015-09-03

    The U.S. Department of Energy's (DOE's) National Renewable Energy Laboratory (NREL), in Golden, Colorado, focuses on renewable energy and energy efficiency research. Its portfolio includes advancing renewable energy technologies that can help meet the nation's energy and environmental goals. NREL seeks to better understand the potential effects of climate change on the laboratory--and therefore on its mission--to ensure its ongoing success. Planning today for a changing climate can reduce NREL's risks and improve its resiliency to climate-related vulnerabilities. This report presents a vulnerability assessment for NREL. The assessment was conducted in fall 2014 to identify NREL's climate change vulnerabilities and the aspects of NREL's mission or operations that may be affected by a changing climate.

  15. Groundwaters of Florence (Italy): Trace element distribution and vulnerability of the aquifers

    SciTech Connect (OSTI)

    Bencini, A.; Ercolanelli, R.; Sbaragli, A.

    1993-11-01

    Geochemical and hydrogeological research has been carried out in Florence, to evaluate conductivity and main chemistry of groundwaters, the pattern of some possible pollutant chemical species (Fe, Mn, Cr, Cu, Pb, Zn, NO{sub 2}, NO{sub 3}), and the vulnerability of the aquifers. The plain is made up of Plio-Quaternary alluvial and lacustrine sediments for a maximum thickness of 600 m. Silts and clays, sometimes with lenses of sandy gravels, are dominant, while considerable deposits of sands, pebbles, and gravels occur along the course of the Arno river and its tributary streams, and represent the most important aquifer of the plain. Most waters show conductivity values around 1000-1200 {mu}S, and almost all of them have an alkaline-earth-bicarbonate chemical character. In western areas higher salt content of the groundwaters is evident. Heavy metal and NO{sub 2}, NO{sub 3} analyses point out that no important pollution phenomena affect the groundwaters; all mean values are below the maximum admissible concentration (MAC) for drinkable waters. Some anomalies of NO{sub 2}, NO{sub 3}, Fe, Mn, and Zn are present. The most plausible causes can be recognized in losses of the sewage system; use of nitrate compounds in agriculture; oxidation of well pipes. All the observations of Cr, Cu, and Pb are below the MAC; the median values of <3, 3.9, and 1.1 {mu}g/l, respectively, could be considered reference concentrations for groundwaters in calcareous lithotypes, under undisturbed natural conditions. Finally, a map of vulnerability shows that the areas near the Arno river are highly vulnerable, for the minimum thickness (or lacking) of sediments covering the aquifer. On the other hand, in the case of pollution, several factors not considered could significantly increase the self-purification capacity of the aquifer, such asdilution of groundwaters, bacteria oxidation of nitrogenous species, and sorption capacity of clay minerals and organic matter. 31 refs., 6 figs., 5 tabs.

  16. Vulnerability of Karangkates dams area by means of zero crossing analysis of data magnetic

    SciTech Connect (OSTI)

    Sunaryo, E-mail: sunaryo.geofis.ub@gmail.com; Susilo, Adi

    2015-04-24

    Study with entitled Vulnerability Karangkates Dam Area By Means of Zero Crossing Analysis of Data Magnetic has been done. The study was aimed to obtain information on the vulnerability of two parts area of Karangkates dams, i.e. Lahor dam which was inaugurated in 1977 and Sutami dam inaugurated in 1981. Three important things reasons for this study are: 1). The dam age was 36 years old for Lahor dam and 32 years old for Sutami dam, 2). Geologically, the location of the dams are closed together to the Pohgajih local shear fault, Selorejo local fault, and Selorejo limestone-andesite rocks contact plane, and 3). Karangkates dams is one of the important Hydro Power Plant PLTA with the generating power of about 400 million KWH per year from a total of about 29.373MW installed in Indonesia. Geographically, the magnetic data acquisition was conducted at coordinates (112.4149oE;-8.2028oS) to (112.4839oE;-8.0989oS) by using Proton Precession Magnetometer G-856. Magnetic Data acquisition was conducted in the radial direction from the dams with diameter of about 10 km and the distance between the measurements about 500m. The magnetic data acquisition obtained the distribution of total magnetic field value in the range of 45800 nT to 44450 nT. Residual anomalies obtained by doing some corrections, including diurnal correction, International Geomagnetic Reference Field (IGRF) correction, and reductions so carried out the distribution of the total magnetic field value in the range of -650 nT to 700 nT. Based on the residual anomalies, indicate the presence of 2 zones of closed closures dipole pairs at located in the west of the Sutami dam and the northwest of the Lahor dam from 5 total zones. Overlapping on the local geological map indicated the lineament of zero crossing patterns in the contour of residual anomaly contour with the Pohgajih shear fault where located at about 4 km to the west of the Sutami dam approximately and andesite-limestone rocks contact where located at about 6 km to the west of the Lahor dam approximately. These shown a possible of vulnerability on geohazards at the west zone of the Karangkates (Lahor-Sutami) dams area if there are triggers by the vibration (earthquake) on the Pohgajih shear fault, andesite-limestone contact plane, and instability rocks on two zones of closed closure dipole pairs area. Reality, on the location of the study shown some local landslide at the several locations and the main road that need considering for disaster mitigation.

  17. Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling

    SciTech Connect (OSTI)

    McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

    2009-03-26

    Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.

  18. Spring bypass assembly

    DOE Patents [OSTI]

    Jablonski, Henry; Roughgarden, Jeffrey D.

    1984-02-07

    Pipe clamp comprises two substantially semicircular rim halves biased toward each other by spring assemblies. Adjustable stop means limit separation of the rim halves when the pipe expands.

  19. Predicting target vessel location on robot-assisted coronary artery bypass graft using CT to ultrasound registration

    SciTech Connect (OSTI)

    Cho, Daniel S.; Linte, Cristian; Chen, Elvis C. S.; Bainbridge, Daniel; Wedlake, Chris; Moore, John; Barron, John; Patel, Rajni; Peters, Terry

    2012-03-15

    Purpose: Although robot-assisted coronary artery bypass grafting (RA-CABG) has gained more acceptance worldwide, its success still depends on the surgeon's experience and expertise, and the conversion rate to full sternotomy is in the order of 15%-25%. One of the reasons for conversion is poor pre-operative planning, which is based solely on pre-operative computed tomography (CT) images. In this paper, the authors propose a technique to estimate the global peri-operative displacement of the heart and to predict the intra-operative target vessel location, validated via both an in vitro and a clinical study. Methods: As the peri-operative heart migration during RA-CABG has never been reported in the literatures, a simple in vitro validation study was conducted using a heart phantom. To mimic the clinical workflow, a pre-operative CT as well as peri-operative ultrasound images at three different stages in the procedure (Stage{sub 0}--following intubation; Stage{sub 1}--following lung deflation; and Stage{sub 2}--following thoracic insufflation) were acquired during the experiment. Following image acquisition, a rigid-body registration using iterative closest point algorithm with the robust estimator was employed to map the pre-operative stage to each of the peri-operative ones, to estimate the heart migration and predict the peri-operative target vessel location. Moreover, a clinical validation of this technique was conducted using offline patient data, where a Monte Carlo simulation was used to overcome the limitations arising due to the invisibility of the target vessel in the peri-operative ultrasound images. Results: For the in vitro study, the computed target registration error (TRE) at Stage{sub 0}, Stage{sub 1}, and Stage{sub 2} was 2.1, 3.3, and 2.6 mm, respectively. According to the offline clinical validation study, the maximum TRE at the left anterior descending (LAD) coronary artery was 4.1 mm at Stage{sub 0}, 5.1 mm at Stage{sub 1}, and 3.4 mm at Stage{sub 2}. Conclusions: The authors proposed a method to measure and validate peri-operative shifts of the heart during RA-CABG. In vitro and clinical validation studies were conducted and yielded a TRE in the order of 5 mm for all cases. As the desired clinical accuracy imposed by this procedure is on the order of one intercostal space (10-15 mm), our technique suits the clinical requirements. The authors therefore believe this technique has the potential to improve the pre-operative planning by updating peri-operative migration patterns of the heart and, consequently, will lead to reduced conversion to conventional open thoracic procedures.

  20. Vulnerabilities and Opportunities at the Nexus of Electricity, Water and Climate

    SciTech Connect (OSTI)

    Frumhoff, Peter C.; Burkett, Virginia; Jackson, Robert B.; Newmark, Robin; Overpeck, Jonathan; Webber, Michael

    2015-08-01

    The articles in this special issue examine the critical nexus of electricity, water, and climate, emphasizing connections among resources; the prospect of increasing vulnerabilities of water resources and electricity generation in a changing climate; and the opportunities for research to inform integrated energy and water policy and management measures aimed at increasing resilience. Here, we characterize several major themes emerging from this research and highlight some of the uptake of this work in both scientific and public spheres. Underpinning much of this research is the recognition that water resources are expected to undergo substantial changes based on the global warming that results primarily from fossil energy-based carbon emissions. At the same time, the production of electricity from fossil fuels, nuclear power, and some renewable technologies (biomass, geothermal and concentrating solar power) can be highly water-intensive. Energy choices now and in the near future will have a major impact not just on the global climate, but also on water supplies and the resilience of energy systems that currently depend heavily on them.

  1. Vulnerabilities and Opportunities at the Nexus of Electricity, Water and Climate

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Frumhoff, Peter C.; Burkett, Virginia; Jackson, Robert B.; Newmark, Robin; Overpeck, Jonathan; Webber, Michael

    2015-08-01

    The articles in this special issue examine the critical nexus of electricity, water, and climate, emphasizing connections among resources; the prospect of increasing vulnerabilities of water resources and electricity generation in a changing climate; and the opportunities for research to inform integrated energy and water policy and management measures aimed at increasing resilience. Here, we characterize several major themes emerging from this research and highlight some of the uptake of this work in both scientific and public spheres. Underpinning much of this research is the recognition that water resources are expected to undergo substantial changes based on the global warmingmore » that results primarily from fossil energy-based carbon emissions. At the same time, the production of electricity from fossil fuels, nuclear power, and some renewable technologies (biomass, geothermal and concentrating solar power) can be highly water-intensive. Energy choices now and in the near future will have a major impact not just on the global climate, but also on water supplies and the resilience of energy systems that currently depend heavily on them.« less

  2. ARM - Central Authentication Service

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Data Management Facility External Data Center Features and Releases Facility News Blogs: Air Time & Field Notes Meetings and Events Employment Research Highlights Data...

  3. Extended defense systems :I. adversary-defender modeling grammar for vulnerability analysis and threat assessment.

    SciTech Connect (OSTI)

    Merkle, Peter Benedict

    2006-03-01

    Vulnerability analysis and threat assessment require systematic treatments of adversary and defender characteristics. This work addresses the need for a formal grammar for the modeling and analysis of adversary and defender engagements of interest to the National Nuclear Security Administration (NNSA). Analytical methods treating both linguistic and numerical information should ensure that neither aspect has disproportionate influence on assessment outcomes. The adversary-defender modeling (ADM) grammar employs classical set theory and notation. It is designed to incorporate contributions from subject matter experts in all relevant disciplines, without bias. The Attack Scenario Space U{sub S} is the set universe of all scenarios possible under physical laws. An attack scenario is a postulated event consisting of the active engagement of at least one adversary with at least one defended target. Target Information Space I{sub S} is the universe of information about targets and defenders. Adversary and defender groups are described by their respective Character super-sets, (A){sub P} and (D){sub F}. Each super-set contains six elements: Objectives, Knowledge, Veracity, Plans, Resources, and Skills. The Objectives are the desired end-state outcomes. Knowledge is comprised of empirical and theoretical a priori knowledge and emergent knowledge (learned during an attack), while Veracity is the correspondence of Knowledge with fact or outcome. Plans are ordered activity-task sequences (tuples) with logical contingencies. Resources are the a priori and opportunistic physical assets and intangible attributes applied to the execution of associated Plans elements. Skills for both adversary and defender include the assumed general and task competencies for the associated plan set, the realized value of competence in execution or exercise, and the opponent's planning assumption of the task competence.

  4. Next-generation Algorithms for Assessing Infrastructure Vulnerability and Optimizing System Resilience

    SciTech Connect (OSTI)

    Burchett, Deon L.; Chen, Richard Li-Yang; Phillips, Cynthia A.; Richard, Jean-Philippe

    2015-05-01

    This report summarizes the work performed under the project project Next-Generation Algo- rithms for Assessing Infrastructure Vulnerability and Optimizing System Resilience. The goal of the project was to improve mathematical programming-based optimization technology for in- frastructure protection. In general, the owner of a network wishes to design a network a network that can perform well when certain transportation channels are inhibited (e.g. destroyed) by an adversary. These are typically bi-level problems where the owner designs a system, an adversary optimally attacks it, and then the owner can recover by optimally using the remaining network. This project funded three years of Deon Burchett's graduate research. Deon's graduate advisor, Professor Jean-Philippe Richard, and his Sandia advisors, Richard Chen and Cynthia Phillips, supported Deon on other funds or volunteer time. This report is, therefore. essentially a replication of the Ph.D. dissertation it funded [12] in a format required for project documentation. The thesis had some general polyhedral research. This is the study of the structure of the feasi- ble region of mathematical programs, such as integer programs. For example, an integer program optimizes a linear objective function subject to linear constraints, and (nonlinear) integrality con- straints on the variables. The feasible region without the integrality constraints is a convex polygon. Careful study of additional valid constraints can significantly improve computational performance. Here is the abstract from the dissertation: We perform a polyhedral study of a multi-commodity generalization of variable upper bound flow models. In particular, we establish some relations between facets of single- and multi- commodity models. We then introduce a new family of inequalities, which generalizes traditional flow cover inequalities to the multi-commodity context. We present encouraging numerical results. We also consider the directed edge-failure resilient network design problem (DRNDP). This problem entails the design of a directed multi-commodity flow network that is capable of fulfilling a specified percentage of demands in the event that any G arcs are destroyed, where G is a constant parameter. We present a formulation of DRNDP and solve it in a branch-column-cut framework. We present computational results.

  5. GRiP - A flexible approach for calculating risk as a function of consequence, vulnerability, and threat.

    SciTech Connect (OSTI)

    Whitfield, R. G.; Buehring, W. A.; Bassett, G. W.

    2011-04-08

    Get a GRiP (Gravitational Risk Procedure) on risk by using an approach inspired by the physics of gravitational forces between body masses! In April 2010, U.S. Department of Homeland Security Special Events staff (Protective Security Advisors [PSAs]) expressed concern about how to calculate risk given measures of consequence, vulnerability, and threat. The PSAs believed that it is not 'right' to assign zero risk, as a multiplicative formula would imply, to cases in which the threat is reported to be extremely small, and perhaps could even be assigned a value of zero, but for which consequences and vulnerability are potentially high. They needed a different way to aggregate the components into an overall measure of risk. To address these concerns, GRiP was proposed and developed. The inspiration for GRiP is Sir Isaac Newton's Universal Law of Gravitation: the attractive force between two bodies is directly proportional to the product of their masses and inversely proportional to the squares of the distance between them. The total force on one body is the sum of the forces from 'other bodies' that influence that body. In the case of risk, the 'other bodies' are the components of risk (R): consequence, vulnerability, and threat (which we denote as C, V, and T, respectively). GRiP treats risk as if it were a body within a cube. Each vertex (corner) of the cube represents one of the eight combinations of minimum and maximum 'values' for consequence, vulnerability, and threat. The risk at each of the vertices is a variable that can be set. Naturally, maximum risk occurs when consequence, vulnerability, and threat are at their maximum values; minimum risk occurs when they are at their minimum values. Analogous to gravitational forces among body masses, the GRiP formula for risk states that the risk at any interior point of the box depends on the squares of the distances from that point to each of the eight vertices. The risk value at an interior (movable) point will be dominated by the value of one vertex as that point moves closer and closer to that one vertex. GRiP is a visualization tool that helps analysts better understand risk and its relationship to consequence, vulnerability, and threat. Estimates of consequence, vulnerability, and threat are external to GRiP; however, the GRiP approach can be linked to models or data that provide estimates of consequence, vulnerability, and threat. For example, the Enhanced Critical Infrastructure Program/Infrastructure Survey Tool produces a vulnerability index (scaled from 0 to 100) that can be used for the vulnerability component of GRiP. We recognize that the values used for risk components can be point estimates and that, in fact, there is uncertainty regarding the exact values of C, V, and T. When we use T = t{sub o} (where t{sub o} is a value of threat in its range), we mean that threat is believed to be in an interval around t{sub o}. Hence, a value of t{sub o} = 0 indicates a 'best estimate' that the threat level is equal to zero, but still allows that it is not impossible for the threat to occur. When t{sub o} = 0 but is potentially small and not exactly zero, there will be little impact on the overall risk value as long as the C and V components are not large. However, when C and/or V have large values, there can be large differences in risk given t{sub o} = 0, and t{sub o} = epsilon (where epsilon is small but greater than a value of zero). We believe this scenario explains the PSA's intuition that risk is not equal to zero when t{sub o} = 0 and C and/or V have large values. (They may also be thinking that if C has an extremely large value, it is unlikely that T is equal to 0; in the terrorist context, T would likely be dependent on C when C is extremely large.) The PSAs are implicitly recognizing the potential that t{sub o} = epsilon. One way to take this possible scenario into account is to replace point estimates for risk with interval values that reflect the uncertainty in the risk components. In fact, one could argue that T never equals zero for a man-made hazard. This

  6. T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

    Broader source: Energy.gov [DOE]

    This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

  7. U-206: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in WordPress. A remote authenticated user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote authenticated user can obtain potentially sensitive information.

  8. Development of a novel technique to assess the vulnerability of micro-mechanical system components to environmentally assisted cracking.

    SciTech Connect (OSTI)

    Enos, David George; Goods, Steven Howard

    2006-11-01

    Microelectromechanical systems (MEMS) will play an important functional role in future DOE weapon and Homeland Security applications. If these emerging technologies are to be applied successfully, it is imperative that the long-term degradation of the materials of construction be understood. Unlike electrical devices, MEMS devices have a mechanical aspect to their function. Some components (e.g., springs) will be subjected to stresses beyond whatever residual stresses exist from fabrication. These stresses, combined with possible abnormal exposure environments (e.g., humidity, contamination), introduce a vulnerability to environmentally assisted cracking (EAC). EAC is manifested as the nucleation and propagation of a stable crack at mechanical loads/stresses far below what would be expected based solely upon the materials mechanical properties. If not addressed, EAC can lead to sudden, catastrophic failure. Considering the materials of construction and the very small feature size, EAC represents a high-risk environmentally induced degradation mode for MEMS devices. Currently, the lack of applicable characterization techniques is preventing the needed vulnerability assessment. The objective of this work is to address this deficiency by developing techniques to detect and quantify EAC in MEMS materials and structures. Such techniques will allow real-time detection of crack initiation and propagation. The information gained will establish the appropriate combinations of environment (defining packaging requirements), local stress levels, and metallurgical factors (composition, grain size and orientation) that must be achieved to prevent EAC.

  9. Use of the HPI Model 2080 pulsed neutron detector at the LANSCE complex - vulnerabilities and counting statistics

    SciTech Connect (OSTI)

    Jones, K.W.; Browman, A.

    1997-01-01

    The BPI Model 2080 Pulsed Neutron Detector has been used for over seven years as an area radiation monitor and dose limiter at the LANSCE accelerator complex. Operating experience and changing environments over this time have revealed several vulnerabilities (susceptibility to electrical noise, paralysis in high dose rate fields, etc.). Identified vulnerabilities have been connected; these modifications include component replacement and circuit design changes. The data and experiments leading to these modifications will be presented and discussed. Calibration of the instrument is performed in mixed static gamma and neutron source fields. The statistical characteristics of the Geiger-Muller tubes coupled with significantly different sensitivity to gamma and neutron doses require that careful attention be paid to acceptable fluctuations in dose rate over time during calibration. The performance of the instrument has been modeled using simple Poisson statistics and the operating characteristics of the Geiger-Muller tubes. The results are in excellent agreement with measurements. The analysis and comparison with experimental data will be presented.

  10. Integrated Vulnerability and Impacts Assessment for Natural and Engineered Water-Energy Systems in the Southwest and Southern Rocky Mountain Region

    SciTech Connect (OSTI)

    Tidwell, Vincent C.; Wolfsberg, Andrew; Macknick, Jordan; Middleton, Richard

    2015-01-01

    In the Southwest and Southern Rocky Mountains (SWSRM), energy production, energy resource extraction, and other high volume uses depend on water supply from systems that are highly vulnerable to extreme, coupled hydro-ecosystem-climate events including prolonged drought, flooding, degrading snow cover, forest die off, and wildfire. These vulnerabilities, which increase under climate change, present a challenge for energy and resource planners in the region with the highest population growth rate in the nation. Currently, analytical tools are designed to address individual aspects of these regional energy and water vulnerabilities. Further, these tools are not linked, severely limiting the effectiveness of each individual tool. Linking established tools, which have varying degrees of spatial and temporal resolution as well as modeling objectives, and developing next-generation capabilities where needed would provide a unique and replicable platform for regional analyses of climate-water-ecosystem-energy interactions, while leveraging prior investments and current expertise (both within DOE and across other Federal agencies).

  11. Evaluation of the Geotech SMART24BH 20Vpp/5Vpp data acquisition system with active fortezza crypto card data signing and authentication.

    SciTech Connect (OSTI)

    Rembold, Randy Kai; Hart, Darren M.

    2009-09-01

    Sandia National Laboratories has tested and evaluated Geotech SMART24BH borehole data acquisition system with active Fortezza crypto card data signing and authentication. The test results included in this report were in response to static and tonal-dynamic input signals. Most test methodologies used were based on IEEE Standards 1057 for Digitizing Waveform Recorders and 1241 for Analog to Digital Converters; others were designed by Sandia specifically for infrasound application evaluation and for supplementary criteria not addressed in the IEEE standards. The objective of this work was to evaluate the overall technical performance of two Geotech SMART24BH digitizers with a Fortezza PCMCIA crypto card actively implementing the signing of data packets. The results of this evaluation were compared to relevant specifications provided within manufacturer's documentation notes. The tests performed were chosen to demonstrate different performance aspects of the digitizer under test. The performance aspects tested include determining noise floor, least significant bit (LSB), dynamic range, cross-talk, relative channel-to-channel timing, time-tag accuracy/statistics/drift, analog bandwidth.

  12. V-102: SUSE update for flash-player

    Broader source: Energy.gov [DOE]

    This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  13. U-015: CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands

    Broader source: Energy.gov [DOE]

    Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

  14. U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate.

  15. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

    Broader source: Energy.gov [DOE]

    BlackBerry advisory describes a security issue that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

  16. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    11, 2013 V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods...

  17. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    11, 2013 V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods...

  18. Plug Detector Bypass Breaker Guard

    DOE Patents [OSTI]

    Horton, Joel Richard; Dearstone, Robert Link

    2000-01-01

    A method and apparatus wherein the apparatus is a container having an inner chamber, an inlet, an outlet, a breaker assembly having at least one blade within the inner chamber of the container and a motor for driving the blade. Material is supplied to the inner chamber of the container through the inlet of the container and the breaker assembly is operated to reduce any clumped material into unclumped material which is then dispensed from the container through the outlet of the container.

  19. Vulnerability of crops and native grasses to summer drying in the U.S. Southern Great Plains

    SciTech Connect (OSTI)

    Raz-Yaseef, Naama; Billesbach, Dave P.; Fischer, Marc L.; Biraud, Sebastien C.; Gunter, Stacey A.; Bradford, James A.; Torn, Margaret S.

    2015-08-31

    The Southern Great Plains are characterized by a fine-scale mixture of different land-cover types, predominantly winter-wheat and grazed pasture, with relatively small areas of other crops, native prairie, and switchgrass. Recent droughts and predictions of increased drought in the Southern Great Plains, especially during the summer months, raise concern for these ecosystems. We measured ecosystem carbon and water fluxes with eddy-covariance systems over cultivated cropland for 10 years, and over lightly grazed prairie and new switchgrass fields for 2 years each. Growing-season precipitation showed the strongest control over net carbon uptake for all ecosystems, but with a variable effect: grasses (prairie and switchgrass) needed at least 350 mm of precipitation during the growing season to become net carbon sinks, while crops needed only 100 mm. In summer, high temperatures enhanced evaporation and led to higher likelihood of dry soil conditions. Therefore, summer-growing native prairie species and switchgrass experienced more seasonal droughts than spring-growing crops. For wheat, the net reduction in carbon uptake resulted mostly from a decrease in gross primary production rather than an increase in respiration. Flux measurements suggested that management practices for crops were effective in suppressing evapotranspiration and decomposition (by harvesting and removing secondary growth), and in increasing carbon uptake (by fertilizing and conserving summer soil water). In light of future projections for wetter springs and drier and warmer summers in the Southern Great Plains, our study indicates an increased vulnerability in native ecosystems and summer crops over time.

  20. Cognitive decision errors and organization vulnerabilities in nuclear power plant safety management: Modeling using the TOGA meta-theory framework

    SciTech Connect (OSTI)

    Cappelli, M.; Gadomski, A. M.; Sepiellis, M.; Wronikowska, M. W.

    2012-07-01

    In the field of nuclear power plant (NPP) safety modeling, the perception of the role of socio-cognitive engineering (SCE) is continuously increasing. Today, the focus is especially on the identification of human and organization decisional errors caused by operators and managers under high-risk conditions, as evident by analyzing reports on nuclear incidents occurred in the past. At present, the engineering and social safety requirements need to enlarge their domain of interest in such a way to include all possible losses generating events that could be the consequences of an abnormal state of a NPP. Socio-cognitive modeling of Integrated Nuclear Safety Management (INSM) using the TOGA meta-theory has been discussed during the ICCAP 2011 Conference. In this paper, more detailed aspects of the cognitive decision-making and its possible human errors and organizational vulnerability are presented. The formal TOGA-based network model for cognitive decision-making enables to indicate and analyze nodes and arcs in which plant operators and managers errors may appear. The TOGA's multi-level IPK (Information, Preferences, Knowledge) model of abstract intelligent agents (AIAs) is applied. In the NPP context, super-safety approach is also discussed, by taking under consideration unexpected events and managing them from a systemic perspective. As the nature of human errors depends on the specific properties of the decision-maker and the decisional context of operation, a classification of decision-making using IPK is suggested. Several types of initial situations of decision-making useful for the diagnosis of NPP operators and managers errors are considered. The developed models can be used as a basis for applications to NPP educational or engineering simulators to be used for training the NPP executive staff. (authors)

  1. Vulnerability of crops and native grasses to summer drying in the U.S. Southern Great Plains

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Raz-Yaseef, Naama; Billesbach, Dave P.; Fischer, Marc L.; Biraud, Sebastien C.; Gunter, Stacey A.; Bradford, James A.; Torn, Margaret S.

    2015-08-31

    The Southern Great Plains are characterized by a fine-scale mixture of different land-cover types, predominantly winter-wheat and grazed pasture, with relatively small areas of other crops, native prairie, and switchgrass. Recent droughts and predictions of increased drought in the Southern Great Plains, especially during the summer months, raise concern for these ecosystems. We measured ecosystem carbon and water fluxes with eddy-covariance systems over cultivated cropland for 10 years, and over lightly grazed prairie and new switchgrass fields for 2 years each. Growing-season precipitation showed the strongest control over net carbon uptake for all ecosystems, but with a variable effect: grassesmore » (prairie and switchgrass) needed at least 350 mm of precipitation during the growing season to become net carbon sinks, while crops needed only 100 mm. In summer, high temperatures enhanced evaporation and led to higher likelihood of dry soil conditions. Therefore, summer-growing native prairie species and switchgrass experienced more seasonal droughts than spring-growing crops. For wheat, the net reduction in carbon uptake resulted mostly from a decrease in gross primary production rather than an increase in respiration. Flux measurements suggested that management practices for crops were effective in suppressing evapotranspiration and decomposition (by harvesting and removing secondary growth), and in increasing carbon uptake (by fertilizing and conserving summer soil water). In light of future projections for wetter springs and drier and warmer summers in the Southern Great Plains, our study indicates an increased vulnerability in native ecosystems and summer crops over time.« less

  2. Hawaii Energy Strategy: Program guide. [Contains special sections on analytical energy forecasting, renewable energy resource assessment, demand-side energy management, energy vulnerability assessment, and energy strategy integration

    SciTech Connect (OSTI)

    Not Available

    1992-09-01

    The Hawaii Energy Strategy program, or HES, is a set of seven projects which will produce an integrated energy strategy for the State of Hawaii. It will include a comprehensive energy vulnerability assessment with recommended courses of action to decrease Hawaii's energy vulnerability and to better prepare for an effective response to any energy emergency or supply disruption. The seven projects are designed to increase understanding of Hawaii's energy situation and to produce recommendations to achieve the State energy objectives of: Dependable, efficient, and economical state-wide energy systems capable of supporting the needs of the people, and increased energy self-sufficiency. The seven projects under the Hawaii Energy Strategy program include: Project 1: Develop Analytical Energy Forecasting Model for the State of Hawaii. Project 2: Fossil Energy Review and Analysis. Project 3: Renewable Energy Resource Assessment and Development Program. Project 4: Demand-Side Management Program. Project 5: Transportation Energy Strategy. Project 6: Energy Vulnerability Assessment Report and Contingency Planning. Project 7: Energy Strategy Integration and Evaluation System.

  3. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... SCADA Images Since 1999, Sandia has conducted numerous assessments of SCADA and process control systems in hydroelectric dams; water treatment systems; electric power transmission, ...

  4. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... consequences, and impacts in many areas of electric power, including PMUs, DERs, cloud computing, smart meters, programmable-logic controllers, and communications, among others. ...

  5. U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in RSA enVision. A remote user can access the system. A remote authenticated user can conduct cross-site scripting attacks. A remote authenticated user can inject SQL commands. A remote authenticated user can view files on the target system.

  6. Sensor Authentication: Embedded Processor Code

    Energy Science and Technology Software Center (OSTI)

    2012-09-25

    Described is the c code running on the embedded Microchip 32bit PIC32MX575F256H located on the INL developed noise analysis circuit board. The code performs the following functions: Controls the noise analysis circuit board preamplifier voltage gains of 1, 10, 100, 000 Initializes the analog to digital conversion hardware, input channel selection, Fast Fourier Transform (FFT) function, USB communications interface, and internal memory allocations Initiates high resolution 4096 point 200 kHz data acquisition Computes complex 2048more » point FFT and FFT magnitude. Services Host command set Transfers raw data to Host Transfers FFT result to host Communication error checking« less

  7. Sensor Authentication: Embedded Processor Code

    SciTech Connect (OSTI)

    2012-09-25

    Described is the c code running on the embedded Microchip 32bit PIC32MX575F256H located on the INL developed noise analysis circuit board. The code performs the following functions: Controls the noise analysis circuit board preamplifier voltage gains of 1, 10, 100, 000 Initializes the analog to digital conversion hardware, input channel selection, Fast Fourier Transform (FFT) function, USB communications interface, and internal memory allocations Initiates high resolution 4096 point 200 kHz data acquisition Computes complex 2048 point FFT and FFT magnitude. Services Host command set Transfers raw data to Host Transfers FFT result to host Communication error checking

  8. Approach for assessing coastal vulnerability to oil spills for prevention and readiness using GIS and the Blowout and Spill Occurrence Model

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Nelson, J. R.; Grubesic, T. H.; Sim, L.; Rose, K.; Graham, J.

    2015-08-01

    Increasing interest in offshore hydrocarbon exploration has pushed the operational fronts associated with exploration efforts further offshore into deeper waters and more uncertain subsurface settings. This has become particularly common in the U.S. Gulf of Mexico. In this study we develop a spatial vulnerability approach and example assessment to support future spill prevention and improve future response readiness. This effort, which is part of a larger integrated assessment modeling spill prevention effort, incorporated economic and environmental data, and utilized a novel new oil spill simulation model from the U.S. Department of Energy’s National Energy Technology Laboratory, the Blowout and Spillmore » Occurrence Model (BLOSOM). Specifically, this study demonstrated a novel approach to evaluate potential impacts of hypothetical spill simulations at varying depths and locations in the northern Gulf of Mexico. The simulations are analyzed to assess spatial and temporal trends associated with the oil spill. The approach itself demonstrates how these data, tools and techniques can be used to evaluate potential spatial vulnerability of Gulf communities for various spill scenarios. Results of the hypothetical scenarios evaluated in this study suggest that under conditions like those simulated, a strong westward push by ocean currents and tides may increase the impacts of deep water spills along the Texas coastline, amplifying the vulnerability of communities on the local barrier islands. Ultimately, this approach can be used further to assess a range of conditions and scenarios to better understand potential risks and improve informed decision making for operators, responders, and stakeholders to support spill prevention as well as response readiness.« less

  9. Approach for assessing coastal vulnerability to oil spills for prevention and readiness using GIS and the Blowout and Spill Occurrence Model

    SciTech Connect (OSTI)

    Nelson, J. R.; Grubesic, T. H.; Sim, L.; Rose, K.; Graham, J.

    2015-08-01

    Increasing interest in offshore hydrocarbon exploration has pushed the operational fronts associated with exploration efforts further offshore into deeper waters and more uncertain subsurface settings. This has become particularly common in the U.S. Gulf of Mexico. In this study we develop a spatial vulnerability approach and example assessment to support future spill prevention and improve future response readiness. This effort, which is part of a larger integrated assessment modeling spill prevention effort, incorporated economic and environmental data, and utilized a novel new oil spill simulation model from the U.S. Department of Energy’s National Energy Technology Laboratory, the Blowout and Spill Occurrence Model (BLOSOM). Specifically, this study demonstrated a novel approach to evaluate potential impacts of hypothetical spill simulations at varying depths and locations in the northern Gulf of Mexico. The simulations are analyzed to assess spatial and temporal trends associated with the oil spill. The approach itself demonstrates how these data, tools and techniques can be used to evaluate potential spatial vulnerability of Gulf communities for various spill scenarios. Results of the hypothetical scenarios evaluated in this study suggest that under conditions like those simulated, a strong westward push by ocean currents and tides may increase the impacts of deep water spills along the Texas coastline, amplifying the vulnerability of communities on the local barrier islands. Ultimately, this approach can be used further to assess a range of conditions and scenarios to better understand potential risks and improve informed decision making for operators, responders, and stakeholders to support spill prevention as well as response readiness.

  10. Spent Fuel Working Group report on inventory and storage of the Department`s spent nuclear fuel and other reactor irradiated nuclear materials and their environmental, safety and health vulnerabilities. Volume 2, Working Group Assessment Team reports; Vulnerability development forms; Working group documents

    SciTech Connect (OSTI)

    Not Available

    1993-11-01

    The Secretary of Energy`s memorandum of August 19, 1993, established an initiative for a Department-wide assessment of the vulnerabilities of stored spent nuclear fuel and other reactor irradiated nuclear materials. A Project Plan to accomplish this study was issued on September 20, 1993 by US Department of Energy, Office of Environment, Health and Safety (EH) which established responsibilities for personnel essential to the study. The DOE Spent Fuel Working Group, which was formed for this purpose and produced the Project Plan, will manage the assessment and produce a report for the Secretary by November 20, 1993. This report was prepared by the Working Group Assessment Team assigned to the Hanford Site facilities. Results contained in this report will be reviewed, along with similar reports from all other selected DOE storage sites, by a working group review panel which will assemble the final summary report to the Secretary on spent nuclear fuel storage inventory and vulnerability.

  11. Replication Bypass of the trans-4-Hydroxynonenal-Derived (6S,8R,11S)-1,N[superscript 2]-Deoxyguanosine DNA Adduct by the Sulfolobus solfataricus DNA Polymerase IV

    SciTech Connect (OSTI)

    Banerjee, Surajit; Christov, Plamen P.; Kozekova, Albena; Rizzo, Carmelo J.; Egli, Martin; Stone, Michael P.

    2014-10-02

    trans-4-Hydroxynonenal (HNE) is the major peroxidation product of {omega}-6 polyunsaturated fatty acids in vivo. Michael addition of the N{sub 2}-amino group of dGuo to HNE followed by ring closure of N1 onto the aldehyde results in four diastereomeric 1,N{sub 2}-dGuo (1,N{sub 2}-HNE-dGuo) adducts. The (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct was incorporated into the 18-mer templates 5'-d(TCATXGAATCCTTCCCCC)-3' and d(TCACXGAATCCTTCCCCC)-3', where X = (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct. These differed in the identity of the template 5'-neighbor base, which was either Thy or Cyt, respectively. Each of these templates was annealed with either a 13-mer primer 5'-d(GGGGGAAGGATTC)-3' or a 14-mer primer 5'-d(GGGGGAAGGATTCC)-3'. The addition of dNTPs to the 13-mer primer allowed analysis of dNTP insertion opposite to the (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct, whereas the 14-mer primer allowed analysis of dNTP extension past a primed (6S,8R,11S)-HNE-1,N{sub 2}-dGuo:dCyd pair. The Sulfolobus solfataricus P2 DNA polymerase IV (Dpo4) belongs to the Y-family of error-prone polymerases. Replication bypass studies in vitro reveal that this polymerase inserted dNTPs opposite the (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct in a sequence-specific manner. If the template 5'-neighbor base was dCyt, the polymerase inserted primarily dGTP, whereas if the template 5'-neighbor base was dThy, the polymerase inserted primarily dATP. The latter event would predict low levels of Gua {yields} Thy mutations during replication bypass when the template 5'-neighbor base is dThy. When presented with a primed (6S,8R,11S)-HNE-1,N{sub 2}-dGuo:dCyd pair, the polymerase conducted full-length primer extension. Structures for ternary (Dpo4-DNA-dNTP) complexes with all four template-primers were obtained. For the 18-mer:13-mer template-primers in which the polymerase was confronted with the (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct, the (6S,8R,11S)-1,N{sub 2}-dGuo lesion remained in the ring-closed conformation at the active site. The incoming dNTP, either dGTP or dATP, was positioned with Watson-Crick pairing opposite the template 5'-neighbor base, dCyt or dThy, respectively. In contrast, for the 18-mer:14-mer template-primers with a primed (6S,8R,11S)-HNE-1,N{sub 2}-dGuo:dCyd pair, ring opening of the adduct to the corresponding N{sub 2}-dGuo aldehyde species occurred. This allowed Watson-Crick base pairing at the (6S,8R,11S)-HNE-1,N{sub 2}-dGuo:dCyd pair.

  12. Plutonium working group report on environmental, safety and health vulnerabilities associated with the department`s plutonium storage. Volume II, Appendix B, Part 9: Oak Ridge site site team report

    SciTech Connect (OSTI)

    1994-09-01

    This report provides the input to and results of the Department of Energy (DOE) - Oak Ridge Operations (ORO) DOE Plutonium Environment, Safety and Health (ES & H) Vulnerability Assessment (VA) self-assessment performed by the Site Assessment Team (SAT) for the Oak Ridge National Laboratory (ORNL or X-10) and the Oak Ridge Y-12 Plant (Y-12) sites that are managed by Martin Marietta Energy Systems, Inc. (MMES). As initiated (March 15, 1994) by the Secretary of Energy, the objective of the VA is to identify and rank-order DOE-ES&H vulnerabilities associated for the purpose of decision making on the interim safe management and ultimate disposition of fissile materials. This assessment is directed at plutonium and other co-located transuranics in various forms.

  13. Locality-Driven Dynamic GPU Cache Bypassing

    SciTech Connect (OSTI)

    Li, Chao; Song, Shuaiwen; Dai, Hongwen; Sidelnik, A.; Hari, Siva; Zhou, Huiyang

    2015-06-07

    This paper presents novel cache optimizations for massively parallel, throughput-oriented architectures like GPUs. Based on the reuse characteristics of GPU workloads, we propose a design that integrates such efficient locality filtering capability into the decoupled tag store of the existing L1 D-cache through simple and cost-effective hardware extensions.

  14. Climate Vulnerabilities | Department of Energy

    Energy Savers [EERE]

    Department of Energy Christopher A. Smith Confirmed as Assistant Secretary for Fossil Energy Christopher A. Smith Confirmed as Assistant Secretary for Fossil Energy December 16, 2014 - 10:15pm Addthis News Media Contact 202 586 4940 Christopher A. Smith Confirmed as Assistant Secretary for Fossil Energy WASHINGTON - Christopher A. Smith was confirmed by the Senate on Tuesday, December 16th, 2014, as the Department of Energy's Assistant Secretary for Fossil Energy. "Chris Smith's depth

  15. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering ...

  16. FUEL CASK IMPACT LIMITER VULNERABILITIES

    SciTech Connect (OSTI)

    Leduc, D; Jeffery England, J; Roy Rothermel, R

    2009-02-09

    Cylindrical fuel casks often have impact limiters surrounding just the ends of the cask shaft in a typical 'dumbbell' arrangement. The primary purpose of these impact limiters is to absorb energy to reduce loads on the cask structure during impacts associated with a severe accident. Impact limiters are also credited in many packages with protecting closure seals and maintaining lower peak temperatures during fire events. For this credit to be taken in safety analyses, the impact limiter attachment system must be shown to retain the impact limiter following Normal Conditions of Transport (NCT) and Hypothetical Accident Conditions (HAC) impacts. Large casks are often certified by analysis only because of the costs associated with testing. Therefore, some cask impact limiter attachment systems have not been tested in real impacts. A recent structural analysis of the T-3 Spent Fuel Containment Cask found problems with the design of the impact limiter attachment system. Assumptions in the original Safety Analysis for Packaging (SARP) concerning the loading in the attachment bolts were found to be inaccurate in certain drop orientations. This paper documents the lessons learned and their applicability to impact limiter attachment system designs.

  17. Vulnerability to closing of Hormuz

    SciTech Connect (OSTI)

    Not Available

    1984-03-07

    Tankers carrying roughly 8-million barrels per day (mmb/d) of crude oil, or some 16% of the non-communist world's oil supply, pass through the Strait of Hormuz. Experts agree that just 3-mmb/d of that could be exported through alternate routes. If the war between Iran and Iraq should result in their completely halting each other's production, this relatively limited supply curtailment would reduce world oil production by over 3.4-mmb/d. Since the two have not caused such mutual disaster during four years of war, many observers believe there has been a deliberate avoidance of the jugular squeeze. Nevertheless, the two combatants appear capable not only of cutting off their oil production, but escalating fighting to the point where Gulf traffic would be impeded. Potential results from a prolonged Iran-Iraq crisis are viewed in three scenarios. Also included in this issue are brief summaries of: (1) Mexico's new energy plan, internationalism, and OPEC; (2) update on Argentina's energy resource developments; (3) Venezuela: belt tightening; (4) Western Hemisphere oil production declines; (5) (6) days of oil supply for Canada, USA, Japan, France, Italy, and UK; and (6) US Department of Defense fuel consumption. The Energy Detente fuel price/tax series and principal industrial fuel prices are included for March for countries of the Eastern Hemisphere.

  18. T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

  19. T-593: Microsoft Internet Explorer unspecified code execution

    Broader source: Energy.gov [DOE]

    Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process.

  20. U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ABSTRACT: Several vulnerabilities were reported in RSA enVision. A remote user can access the system. A remote authenticated user can conduct cross-site scripting attacks. A remote ...

  1. T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System

    Broader source: Energy.gov [DOE]

    PHP is prone to a security-bypass vulnerability.Successful exploits will allow an attacker to delete files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions may also be affected.

  2. T-531: The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500

    Broader source: Energy.gov [DOE]

    The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.

  3. Spent Fuel Working Group report on inventory and storage of the Department`s spent nuclear fuel and other reactor irradiated nuclear materials and their environmental, safety and health vulnerabilities. Volume 3, Site team reports

    SciTech Connect (OSTI)

    Not Available

    1993-11-01

    A self assessment was conducted of those Hanford facilities that are utilized to store Reactor Irradiated Nuclear Material, (RINM). The objective of the assessment is to identify the Hanford inventories of RINM and the ES & H concerns associated with such storage. The assessment was performed as proscribed by the Project Plan issued by the DOE Spent Fuel Working Group. The Project Plan is the plan of execution intended to complete the Secretary`s request for information relevant to the inventories and vulnerabilities of DOE storage of spent nuclear fuel. The Hanford RINM inventory, the facilities involved and the nature of the fuel stored are summarized. This table succinctly reveals the variety of the Hanford facilities involved, the variety of the types of RINM involved, and the wide range of the quantities of material involved in Hanford`s RINM storage circumstances. ES & H concerns are defined as those circumstances that have the potential, now or in the future, to lead to a criticality event, to a worker radiation exposure event, to an environmental release event, or to public announcements of such circumstances and the sensationalized reporting of the inherent risks.

  4. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    This is because of the region's unique topographic, oceanographic, geologic, and demographic factors. In addition, hurricanes become more dangerous as they increase their...

  5. Introduction to SCADA Protection and Vulnerabilities (Technical...

    Office of Scientific and Technical Information (OSTI)

    large electric utility still owns power generation facilities, power transmission and ... of the system occurs at the nodes of the grid, the generation facilities, and substations. ...

  6. Introduction to SCADA Protection and Vulnerabilities

    SciTech Connect (OSTI)

    Ken Barnes; Briam Johnson; Reva Nickelson

    2004-03-01

    Even though deregulation has changed the landscape of the electric utility industry to some extent, a typical large electric utility still owns power generation facilities, power transmission and distribution lines, and substations. Transmission and distribution lines form the segments or spokes of a utility’s grid. Power flow may change through these lines, but control of the system occurs at the nodes of the grid, the generation facilities, and substations. This section discusses each of these node types in more detail as well as how each is controlled.

  7. COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... The question of feasibility for PCS hacking is contested ... and had the necessary software to interact with the system. ... don't care about your PC," ZDNet, 11 July 2002: ...

  8. T-657: Drupal Prepopulate- Multiple vulnerabilities

    Broader source: Energy.gov [DOE]

    The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances.

  9. Protection of Use Control Vulnerabilities and Designs

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-05-14

    The order establishes the policy, process and procedures for control of sensitive use control information in nuclear weapon data (NWD) categories Sigma 14 and Sigma 15 to ensure that dissemination of the information must be restricted to individuals with valid need to know. Supersedes DOE M 452.4-1A

  10. U-191: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. This Critical Patch Update contains 14 new security fixes across Java SE products.

  11. Vulnerability and Mitigation Studies for Infrastructure

    SciTech Connect (OSTI)

    Glascoe, L; Noble, C; Morris, J

    2007-08-02

    The summary of this presentation is that: (1) We do end-to-end systems analysis for infrastructure protection; (2) LLNL brings interdisciplinary subject matter expertise to infrastructure and explosive analysis; (3) LLNL brings high-fidelity modeling capabilities to infrastructure analysis for use on high performance platforms; and (4) LLNL analysis of infrastructure provides information that customers and stakeholders act on.

  12. Energy Department Issues Tribal Energy System Vulnerabilities...

    Broader source: Energy.gov (indexed) [DOE]

    202-586-4940 DOENews@hq.doe.gov The U.S. Department of Energy issued a report today showing that threats to tribal energy infrastructure are expected to increase as climate change ...

  13. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ... Cambridge Energy Research Associates (IHS CERA 2010) similarly estimates that by 2030, ... Cambridge: Cambridge University Press. http:amap.noacia. AMS (American Meteorological ...

  14. Guide to Critical Infrastructure Protection Cyber Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber ...

  15. V-214: Mozilla Firefox Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors....

  16. Protection of Use Control Vulnerabilities and Design

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-03-11

    This manual establishes a general process and provides direction for controlling access to and disseminating Sigma 14 and 15 nuclear weapon data (NWD) at the Department of Energy (DOE). It supplements DOE O 452.4A, Security and Control of Nuclear Explosives and Nuclear Weapons, dated 12-17-01, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and nuclear weapons. Cancels DOE M 452.4-1. Canceled by DOE O 452.7, 5-14-2010

  17. Protection of Use Control Vulnerabilities and Designs

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-07-01

    This Manual establishes a general process and provides direction for controlling access and dissemination of Sigma 14 and 15 Weapon Data at the Department of Energy (DOE). It supplements DOE O 452.4, SECURITY AND CONTROL OF NUCLEAR EXPLOSIVES AND NUCLEAR WEAPONS, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and U.S. nuclear weapons. Canceled by DOE M 452.4-1A. Does not cancel other directives.

  18. U-100: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

  19. Stage 3 bucket shank bypass holes and related method

    DOE Patents [OSTI]

    Leone, Sal Albert; Eldrid, Sacheverel Quentin; Lupe, Douglas Arthur

    2002-01-01

    In a multi-stage turbine wherein at least one turbine wheel supports a row of buckets for rotation, and wherein the turbine wheel is located axially between first and second annular fixed arrays of nozzles, a cooling air circuit for purging a wheelspace between the turbine wheel and the second fixed annular array of nozzles comprising a flowpath through a shank portion of one or more buckets connecting a wheelspace between the turbine wheel and the first fixed annular array of nozzles with the wheelspace between the turbine wheel and the second fixed annular array of nozzles.

  20. DEVELOPMENT OF BYPASSED OIL RESERVES USING BEHIND CASING RESISTIVITY MEASUREMENTS

    SciTech Connect (OSTI)

    Michael G. Conner; Jeffrey A. Blesener

    2005-02-07

    Tubing and rods of the S.P. Pedro-Nepple No.1 well were pulled and the well was prepared for running of Schlumberger's Cased Hole Formation Resistivity Tool (CHFR) in selected intervals. The CHFR tool was successfully run and data was captured. The CHFR formation resistivity readings were compared to original open hole resistivity measurements. Separation between the original and CHFR resistivity curves indicate both swept and un-swept sand intervals. Both watered out sand intervals and those with higher remaining oil saturation have been identified. Due to the nature of these turbidite sands being stratigraphically continuous, both the swept and unswept layers have been correlated across to one of the four nearby offset shallow wells. As a result of the cased hole logging, one well was selected for a workover to recomplete high oil saturated shallow sand intervals. During the second report period, well S.P. Pedro-Nepple No.2 was plugged back with cement excluding the previously existing production interval, squeeze cemented behind casing, selectively perforated in the shallower ''Bell'' zone and placed on production to develop potential new oil reserves and increase overall well productivity. Prior workover production averaged 3.0 BOPD for the previous six-months. Post workover well production was marginally increased to 3.7 BOPD on average for the following six months.

  1. Development of Bypassed Oil Reserves Using Behind Casing Resistivity Measurements

    SciTech Connect (OSTI)

    Michael G. Conner

    2004-02-14

    Tubing and rods of the S.P. Pedro-Nepple No.1 well were pulled and the well was prepared for running of Schlumberger's Cased Hole Formation Resistivity Tool (CHFR) in selected intervals. The CHFR tool was successfully run and data was captured. The CHFR formation resistivity readings were compared to original open hole resistivity measurements. Separation between the original and CHFR resistivity curves indicate both swept and un-swept sand intervals. Both watered out sand intervals and those with higher remaining oil saturation have been identified. Due to the nature of these turbidite sands being stratigraphically continuous, both the swept and unswept layers have been correlated across to one of the four nearby offset shallow wells. As a result of the cased hole logging, one well was selected for a workover to recomplete and test suspected oil saturated shallow sand intervals. Well S.P. Pedro-Nepple No.2 was plugged back with cement excluding the previously existing production interval, squeeze cemented behind casing, selectively perforated in the shallower ''Bell'' zone and placed on production to develop potential new oil reserves and increase overall well productivity. Prior workover production averaged 3.0 BOPD for the previous six-months from the original ''Meyer'' completion interval. Post workover well production was increased to 5.3 BOPD on average for the following fifteen months. In December 2005, a bridge plug was installed above the ''Bell'' zone to test the ''Foix'' zone. Another cement squeeze was performed behind casing, selectively perforated in the shallower ''Foix'' zone and placed on production. The ''Foix'' test has produced water and a trace of oil for two months.

  2. DEVELOPMENT OF BYPASSED OIL RESERVES USING BEHIND CASING RESISTIVITY MEASUREMENTS

    SciTech Connect (OSTI)

    Michael G. Conner; Jeffrey A. Blesener

    2006-04-02

    Tubing and rods of the S.P. Pedro-Nepple No.1 well were pulled and the well was prepared for running of Schlumberger's Cased Hole Formation Resistivity Tool (CHFR) in selected intervals. The CHFR tool was successfully run and data was captured. The CHFR formation resistivity readings were compared to original open hole resistivity measurements. Separation between the original and CHFR resistivity curves indicate both swept and un-swept sand intervals. Both watered out sand intervals and those with higher remaining oil saturation have been identified. Due to the nature of these turbidite sands being stratigraphically continuous, both the swept and unswept layers have been correlated across to one of the four nearby offset shallow wells. As a result of the cased hole logging, one well was selected for a workover to recomplete and test suspected oil saturated shallow sand intervals. Well S.P. Pedro-Nepple No.2 was plugged back with cement excluding the previously existing production interval, squeeze cemented behind casing, selectively perforated in the shallower ''Bell'' zone and placed on production to develop potential new oil reserves and increase overall well productivity. Prior workover production averaged 3.0 BOPD for the previous six-months from the original ''Meyer'' completion interval. Post workover well production was increased to 5.3 BOPD on average for the following fifteen months. In December 2005, a bridge plug was installed above the ''Bell'' zone to test the ''Foix'' zone. Another cement squeeze was performed behind casing, selectively perforated in the shallower ''Foix'' zone and placed on production. The ''Foix'' test has produced water and a trace of oil for two months.

  3. Thermal Reliability Study of Bypass Diodes in Photovoltaic Modules...

    Broader source: Energy.gov (indexed) [DOE]

    Presented at the PV Module Reliability Workshop, February 26 - 27 2013, Golden, Colorado PDF icon pvmrw13ps3nrelzhang.pdf More Documents & Publications US TG 4 Activities of QA ...

  4. EIS-0352: U.S. 93 Hoover Dam Bypass Project

    Broader source: Energy.gov [DOE]

    The Western Area Power Administration (WAPA) served as a cooperating agency for this Federal Highway Administration Environmental Impact Statement (EIS) due to WAPA’s role in the relocation of several transmission lines. The Federal Highway Administration (FHWA) prepared an Environmental Impact Statement (EIS) for construction of a new segment of U.S. Highway 93 for the purpose of improving congestion and hazardous vehicle/pedestrian conflicts where the highway crosses the Colorado River over Hoover Dam. As a cooperating agency for the EIS, WAPA proposed modifications to its transmission system and facilities to accommodate the construction of the new highway and bridge spanning the Colorado River.

  5. Exhaust bypass flow control for exhaust heat recovery

    SciTech Connect (OSTI)

    Reynolds, Michael G.

    2015-09-22

    An exhaust system for an engine comprises an exhaust heat recovery apparatus configured to receive exhaust gas from the engine and comprises a first flow passage in fluid communication with the exhaust gas and a second flow passage in fluid communication with the exhaust gas. A heat exchanger/energy recovery unit is disposed in the second flow passage and has a working fluid circulating therethrough for exchange of heat from the exhaust gas to the working fluid. A control valve is disposed downstream of the first and the second flow passages in a low temperature region of the exhaust heat recovery apparatus to direct exhaust gas through the first flow passage or the second flow passage.

  6. STEM Mentoring Café- Engaging Young Women in an Authentic Mentoring...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    role in choosing a career path. In addition, the more students identify with same-sex experts the more likely they will be to pursue a STEM career. So not only did the STEM...

  7. T-558: Oracle Java SE and Java for Business Critical Patch Update Advisory- February 2011

    Broader source: Energy.gov [DOE]

    This Critical Patch Update contains 21 new security fixes for Oracle Java SE and Java for Business. 19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

  8. A Climate Change Vulnerability Assessment Report for the National...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Assessment Report for the National Renewable Energy Laboratory May 23, 2014-June 5, 2015 J. ... Colorado water law prohibits the retention of rainfall and reuse of water resources. ...

  9. U-117: Potential security vulnerability has been identified with...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Senders ABSTRACT: Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. reference LINKS: Vendor Advisory...

  10. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    and contingency planning of the energy grids and energy plants considering also the ICT systems used in protection and control. Main addressed problems concern high impact,...

  11. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Energy Savers [EERE]

    Transmission Workshop Transmission Workshop Transmission Workshop GTT Transmission Workshop - November 1-2, 2012 On November 1-2, 2012, the GTT presented a workshop on grid integration on the transmission system at the DoubleTree Crystal City near Washington, DC. A draft of the DOE Action Plan Addressing the Electricity Transmission System was discussed during the workshop, which addressed the challenges and opportunities presented by the integration of 21st century energy technologies into the

  12. Locating Climate Insecurity: Where Are the Most Vulnerable Places...

    Open Energy Info (EERE)

    in Africa? AgencyCompany Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.o...

  13. Environmental Tracers for Determining Water Resource Vulnerability to Climate Change

    SciTech Connect (OSTI)

    Singleton, M

    2009-07-08

    Predicted changes in the climate will have profound impacts on water availability in the Western US, but large uncertainties exist in our ability to predict how natural and engineered hydrological systems will respond. Most predictions suggest that the impacts of climate change on California water resources are likely to include a decrease in the percentage of precipitation that falls as snow, earlier onset of snow-pack melting, and an increase in the number of rain on snow events. These processes will require changes in infrastructure for water storage and flood control, since much of our current water supply system is built around the storage of winter precipitation as mountain snow pack. Alpine aquifers play a critical role by storing and releasing snowmelt as baseflow to streams long after seasonal precipitation and the disappearance of the snow pack, and in this manner significantly impact the stream flow that drives our water distribution systems. Mountain groundwater recharge and, in particular, the contribution of snowmelt to recharge and baseflow, has been identified as a potentially significant effect missing from current climate change impact studies. The goal of this work is to understand the behavior of critical hydrologic systems, with an emphasis on providing ground truth for next generation models of climate-water system interactions by implementing LLNL capabilities in environmental tracer and isotopic science. We are using noble gas concentrations and multiple isotopic tracers ({sup 3}H/{sup 3}He, {sup 35}S, {sup 222}Rn, {sup 2}H/{sup 1}H, {sup 18}O/{sup 16}O, and {sup 13}C/{sup 12}C) in groundwater and stream water in a small alpine catchment to (1) provide a snapshot of temperature, altitude, and physical processes at the time of recharge, (2) determine subsurface residence times (over time scales ranging from months to decades) of different groundwater age components, and (3) deconvolve the contribution of these different groundwater components to alpine stream baseflow. This research is showing that groundwater in alpine areas spends between a few years to several decades in the saturated zone below the surface, before feeding into streams or being pumped for use. This lag time may act to reduce the impact on water resources from extreme wet or dry years. Furthermore, our measurements show that the temperature of water when it reaches the water table during recharge is 4 to 9 degrees higher than would be expected for direct influx of snowmelt, and that recharge likely occurs over diffuse vegetated areas, rather than along exposed rock faces and fractures. These discoveries have implications for how alpine basins will respond to climate effects that lead to more rain than snow and earlier snow pack melting.

  14. V-081: Wireshark Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to...

  15. U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  16. U.S. Energy Sector Vulnerability Report | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    support climate change preparedness and resilience planning -- and to advance the Energy ... They also provide examples of resilience actions that have been taken, and opportunities ...

  17. U-151: Bugzilla Cross-Site Request Forgery Vulnerability

    Broader source: Energy.gov [DOE]

    The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

  18. T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583)

  19. V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (2044373) Addthis Related Articles U-128: VMware ESXESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges T-552: Cisco Nexus 1000V...

  20. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Retrieved from "http:en.openei.orgwindex.php?titleAFTERAFrameworkforelectricalpowersysTemsvulnerabilityidentification,dEfenseandRestoration(SmartGridProject)(...

  1. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Retrieved from "http:en.openei.orgwindex.php?titleAFTERAFrameworkforelectricalpowersysTemsvulnerabilityidentification,dEfenseandRestoration(SmartGridProject)&o...

  2. U-109: Bugzilla Cross-Site Request Forgery Vulnerability

    Broader source: Energy.gov [DOE]

    The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change certain bug data or execute certain administrative tasks by tricking a logged in user into visiting a malicious web site.

  3. T-619: Skype for Mac Message Processing Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A remote user can send a specially crafted message to a Skype user to execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

  4. T-547: Microsoft Windows Human Interface Device (HID) Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a Smartphone that the user connected to the computer.

  5. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6 by ISA - The Instrumentation, Systems and Automation Society. Presented at 16th Annual Joint ISA POWIDEPRI Controls and Instrumentation Conference; http:www.isa.org ...

  6. V-105: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    navigation handling. 3) An error in Web Audio can be exploited to cause memory corruption. 4) A use-after-free error exists in SVG animations. 5) An error in Indexed DB can...

  7. U-183: ISC BIND DNS Resource Records Handling Vulnerability

    Broader source: Energy.gov [DOE]

    This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields.

  8. U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

  9. Vulnerability of crops and native grasses to summer drying in...

    Office of Scientific and Technical Information (OSTI)

    Additional Journal Information: Journal Volume: 213; Journal Issue: C; Journal ID: ISSN 0167-8809 Publisher: Elsevier Sponsoring Org: USDOE Office of Science (SC), Biological and ...

  10. Power System Extreme Event Detection: The VulnerabilityFrontier

    SciTech Connect (OSTI)

    Lesieutre, Bernard C.; Pinar, Ali; Roy, Sandip

    2007-10-17

    In this work we apply graph theoretic tools to provide aclose bound on a frontier relating the number of line outages in a gridto the power disrupted by the outages. This frontier describes theboundary of a space relating the possible severity of a disturbance interms of power disruption, from zero to some maximum on the boundary, tothe number line outages involved in the event. We present the usefulnessof this analysis with a complete analysis of a 30 bus system, and presentresults for larger systems.

  11. Reducing the Vulnerability of Electric Power Grids to Terrorist Attacks

    SciTech Connect (OSTI)

    Ross Baldick; Thekla Boutsika; Jin Hur; Manho Joung; Yin Wu; Minqi Zhong

    2009-01-31

    This report describes the development of a cascading outage analyzer that, given an initial disturbance on an electric power system, checks for thermal overloads, under-frequency and over-frequency conditions, and under-voltage conditions that would result in removal of elements from the system. The analyzer simulates the successive tripping of elements due to protective actions until a post-event steady state or a system blackout is reached.

  12. U-022: Apple QuickTime Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  13. V-074: IBM Informix Genero libpng Integer Overflow Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    or display a malicious PNG file, your IBM Informix Genero application might crash, or could be caused to run malicious code with the privileges of the user running the application. ...

  14. Method for the generation of variable density metal vapors which bypasses the liquidus phase

    DOE Patents [OSTI]

    Kunnmann, Walter; Larese, John Z.

    2001-01-01

    The present invention provides a method for producing a metal vapor that includes the steps of combining a metal and graphite in a vessel to form a mixture; heating the mixture to a first temperature in an argon gas atmosphere to form a metal carbide; maintaining the first temperature for a period of time; heating the metal carbide to a second temperature to form a metal vapor; withdrawing the metal vapor and the argon gas from the vessel; and separating the metal vapor from the argon gas. Metal vapors made using this method can be used to produce uniform powders of the metal oxide that have narrow size distribution and high purity.

  15. System and method for multi-stage bypass, low operating temperature suppressor for automatic weapons

    DOE Patents [OSTI]

    Moss, William C.; Anderson, Andrew T.

    2015-06-09

    The present disclosure relates to a suppressor for use with a weapon. The suppressor may be formed to have a body portion having a bore extending concentric with a bore axis of the weapon barrel. An opening in the bore extends at least substantially circumferentially around the bore. A flow path communicates with the opening and defines a channel for redirecting gasses flowing in the bore out from the bore, through the opening, into a rearward direction in the flow path. The flow path raises a pressure at the opening to generate a Mach disk within the bore at a location approximately coincident with the opening. The Mach disk forms as a virtual baffle to divert at least a portion of the gasses into the opening and into the flow path.

  16. Hybrid two fuel system nozzle with a bypass connecting the two fuel systems

    DOE Patents [OSTI]

    Varatharajan, Balachandar; Ziminsky, Willy Steve; Yilmaz, Ertan; Lacy, Benjamin; Zuo, Baifang; York, William David

    2012-05-29

    A hybrid fuel combustion nozzle for use with natural gas, syngas, or other types of fuels. The hybrid fuel combustion nozzle may include a natural gas system with a number of swozzle vanes and a syngas system with a number of co-annular fuel tubes.

  17. V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabili...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Service). 1) An error within the "parseHeaders()" function (InternalNioInputBuffer.java) when parsing request headers does not properly verify the permitted size and can be...

  18. Permeability barrier of Gram-negative cell envelopes and approaches to bypass it

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Zgurskaya, Helen I.; LĂłpez, Cesar A.; Gnanakaran, Sandrasegaram

    2015-09-18

    Gram-negative bacteria are intrinsically resistant to many antibiotics. Species that have acquired multidrug resistance and cause infections that are effectively untreatable present a serious threat to public health. The problem is broadly recognized and tackled at both the fundamental and applied levels. This article summarizes current advances in understanding the molecular bases of the low permeability barrier of Gram-negative pathogens, which is the major obstacle in discovery and development of antibiotics effective against such pathogens. Gaps in knowledge and specific strategies to break this barrier and to achieve potent activities against difficult Gram-negative bacteria are also discussed.

  19. An Integrated Approach to Characterizing Bypassed Oil in Heterogeneous and Fractured Reservoirs Using Partitioning Tracers

    SciTech Connect (OSTI)

    Akhil Datta-Gupta

    2006-12-31

    We explore the use of efficient streamline-based simulation approaches for modeling partitioning interwell tracer tests in hydrocarbon reservoirs. Specifically, we utilize the unique features of streamline models to develop an efficient approach for interpretation and history matching of field tracer response. A critical aspect here is the underdetermined and highly ill-posed nature of the associated inverse problems. We have investigated the relative merits of the traditional history matching ('amplitude inversion') and a novel travel time inversion in terms of robustness of the method and convergence behavior of the solution. We show that the traditional amplitude inversion is orders of magnitude more non-linear and the solution here is likely to get trapped in local minimum, leading to inadequate history match. The proposed travel time inversion is shown to be extremely efficient and robust for practical field applications. The streamline approach is generalized to model water injection in naturally fractured reservoirs through the use of a dual media approach. The fractures and matrix are treated as separate continua that are connected through a transfer function, as in conventional finite difference simulators for modeling fractured systems. A detailed comparison with a commercial finite difference simulator shows very good agreement. Furthermore, an examination of the scaling behavior of the computation time indicates that the streamline approach is likely to result in significant savings for large-scale field applications. We also propose a novel approach to history matching finite-difference models that combines the advantage of the streamline models with the versatility of finite-difference simulation. In our approach, we utilize the streamline-derived sensitivities to facilitate history matching during finite-difference simulation. The use of finite-difference model allows us to account for detailed process physics and compressibility effects. The approach is very fast and avoids much of the subjective judgments and time-consuming trial-and-errors associated with manual history matching. We demonstrate the power and utility of our approach using a synthetic example and two field examples. We have also explored the use of a finite difference reservoir simulator, UTCHEM, for field-scale design and optimization of partitioning interwell tracer tests. The finite-difference model allows us to include detailed physics associated with reactive tracer transport, particularly those related with transverse and cross-streamline mechanisms. We have investigated the potential use of downhole tracer samplers and also the use of natural tracers for the design of partitioning tracer tests. Finally, we discuss several alternative ways of using partitioning interwell tracer tests (PITTs) in oil fields for the calculation of oil saturation, swept pore volume and sweep efficiency, and assess the accuracy of such tests under a variety of reservoir conditions.

  20. Bypass valve and coolant flow controls for optimum temperatures in waste heat recovery systems

    DOE Patents [OSTI]

    Meisner, Gregory P

    2013-10-08

    Implementing an optimized waste heat recovery system includes calculating a temperature and a rate of change in temperature of a heat exchanger of a waste heat recovery system, and predicting a temperature and a rate of change in temperature of a material flowing through a channel of the waste heat recovery system. Upon determining the rate of change in the temperature of the material is predicted to be higher than the rate of change in the temperature of the heat exchanger, the optimized waste heat recovery system calculates a valve position and timing for the channel that is configurable for achieving a rate of material flow that is determined to produce and maintain a defined threshold temperature of the heat exchanger, and actuates the valve according to the calculated valve position and calculated timing.