In the Cherry Point fire, information filed with the Coast Guard’s National Response Center is very preliminary and the cause remains under investigation, said BP spokesman Scott Dean.

RELATED STORIES
Firms Cited for Toxic Chemical Releases
Refinery Suffers Penalties, Sentences
Chemical Emphasis Program Fires Up
WA Refineries Need to Clean Up Air

It remains unclear how long the refinery would be out of service as a result of the Friday fire. The company is trying to supply customers from existing stocks or other sources.

The refinery can process 230,000 barrels of crude oil a day. It produces 20 percent of Washington’s gasoline and the majority of aviation fuel for the Vancouver, British Columbia, Sea-Tac and Portland airports.

Meanwhile, the director of an oil refinery says four of his Egyptian workers died as they tried to put out a huge fire that erupted at the plant’s complex in the port city of Suez.

Reda Abdel-Samad said the floor on which the men were standing collapsed as the fire raged in the lubricating oil section at the refinery.

Five other workers suffered serious burns, he said. Abdel-Samad says the fire raged for at least two hours before firefighters managed to put it out.

Investigators are looking to determine the cause of the blast.

Making the latest move into Africa, Royal Dutch Shell Plc, will pay $1.6 billion for Mozambique-based focused Cove Energy.

RELATED STORIES
Canadian Utility Deals for U.S. Utility
Fracking Future: Apache Deals for Driller
Fracking: Foreign Firms Fund Pacts
ABB Dealing: Buys UPS Provider

Cove’s main asset is an 8.5 percent stake in the Rovuma Offshore Area 1, in Mozambique, where operator Anadarko said recoverable reserves could top 30 trillion cubic feet of natural gas.

The project partners plan to build plants to freeze the gas into liquefied natural gas (LNG) and ship it to Asian markets.

“East Africa is a major prospective hydrocarbon province, which has seen a significant increase in exploration activity in recent years,” Shell said in its offer document.

“Shell already has interests in Tanzania, and the acquisition of Cove would mark Shell’s entry into exciting new hydrocarbon provinces in Kenya and Mozambique, with significant potential for new LNG from recent gas discoveries offshore Mozambique, and further complementary exploration positions in East Africa.”

Neighboring the Rovuma find, Italy’s Eni made its own major gas finds while, north of the maritime border, Norway’s Statoil has made a find in Tanzanian waters.

On Tuesday, the Tanzanian government said British gas and oil firm BG Group planned to step up its investment on the east African coastline fast becoming a major gas hub with a $500 million investment this year.

In addition to Anadarko, Japan’s Mitsui and Indian groups Bharat Petroleum and Videocon each own 10 percent stakes in the Rovuma license. The values of these interests could now be more valuable.

The initial report on the accident was “that approximately 800 gallons spilled. However, there was also water in the containment area, so we cannot determine exactly how much,” said TDEC spokeswoman Meg Lockhart.

RELATED STORIES
Refinery Upsets Rage for Second Day
Another Release at ‘Raccoon’ Refinery
Raccoon Tests Refinery Safety System
EPA: Leak Breaches Water Standards

The Nuclear Regulatory Commission (NRC) report said that NFS reported “approximately 300 gallons of nitric acid had spilled.”

Around noon Jan. 9, a nitric acid leak occurred in an outdoor chemical storage area at NFS. The nitric acid ended up contained by a dike designed for such a purpose, officials said.

Following the incident, facility operations went into a “safe shutdown,” in which operations in certain areas temporarily halted and everyone followed NFS procedure to ensure these areas were in stable condition.

As a precaution, NFS employees working in areas near the leak went to another NFS facility, and two employee went to NFS medical staff due to possible exposure to nitric acid vapor. They ended up released.

No injuries were reported as a result of the incident.

“The admins have been warned immediately before of this post. The vulnerable ‘parameter’ has been obscured to prevent damages from others,” the hacker wrote on Pastebin.

RELATED STORIES
Amnesty for CA Violations
Unintended Man in the Middle
Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime

This is not the first time the Royal Navy’s website suffered a breach. A few years back, Romanian hacker TinKode also broke in, but authorities busted him last month.

D35m0nd142 also found a vulnerability on the official website of the U.S. Federal Reserve. In this case, he found 47 blind SQL injection flaws on the site’s pages.

Since university websites are among his specialties, the hacker took a peek at the security measures implemented by Arizona University, Stanford University, and an education institution in Hong Kong. From the U.S. universities he leaked some data to prove they are weak, but the Chinese school’s site ended up defaced.

This wasn’t the only defacement that targeted major Chinese sites. Thirteen Chinese government sites ended up defaced as part of an operation called OpChina.

Another hack in Asia targeted the official website of Iran’s president. On this site, he identified a cross-site scripting (XSS) vulnerability, a type of weakness that allows an attacker to execute arbitrary code.

In most of the cases, the site’s administrators got the news before D35m0nd142 published his proof-of-concepts or screenshots to prove he really did gain access.

An investigation started Aug. 23, at the company’s Chancellor Row location as part of OSHA’s Severe Violators Enforcement Program, which mandates follow-up inspections of recalcitrant employers that endangered workers by committing willful, repeat, or failure-to-abate violations.

RELATED STORIES
Barge Maker Faces OSHA Safety Fines
Biodiesel Maker Faces Safety Fines
Safety Alert: Manufacturers Fined for Violations
Manufacturer Faces Safety Fines

“Bridgford Foods has a history of putting its employees at risk of serious injury,” said John Hermanson, OSHA’s regional administrator in Dallas. “The company needs to adhere to OSHA’s standards for controlling hazardous energy and machine guarding to prevent the loss of limb and life.”

The serious violations include failing to provide required machine guarding to prevent workers from coming into contact with rotating parts on drill presses, implement energy control procedures for machinery with more than one energy source, ensure that employees have training on the use of energy control procedures, and prevent slip and “struck-by” hazards by ensuring walkways are kept clean and dry.

The repeat violations involve failing to ensure lockout/tagout procedures of energy sources occurred by an authorized employee and the authorized employee affixed a personal lock or tag to the group lockout device. OSHA cited the company for similar violations in February 2008 with penalties of $8,000, in September 2008 with penalties of $33,900, and in January 2010 with penalties of $106,000.

Additionally, OSHA cited the company’s facility on South Good Latimer Expressway in Dallas in October 2011 for 27 safety and health violations with penalties totaling $422,600.

Bridgford Foods manufactures frozen bread dough, biscuits, cinnamon roll doughs, sandwiches, beef jerky, and snack and deli foods.

The tool first appeared via Anonymous Argentina as the hacktivists urged their supporters to download the application to aid their cause, McAfee researchers said.

RELATED STORIES
Mobile Malware Skyrocketing
Hackers Find Cell Phone Location
Apple Deals with App Privacy Issues
Apple Supplier Hit by Hack

The developers didn’t start this WebLOIC for Android from the ground up. They simply ported the web application using a free online service that creates Android apps from a URL or a piece of HTML code.

Created to aid Anonymous in OpArgentina, the LOIC for Android went out in a hurry; they didn’t even resize the page to fit the screen of a smartphone.

Researchers to determine they programmed it to send 1,000 HTTP requests with one of the parameters being the message “We are LEGION.”

McAfee identified this tool as Android/DIYDoS and cataloged it as being a potentially unwanted program (PUP).

“Because the application’s purpose is simply to display any website on an Android system, we classify this hack tool a potentially unwanted program,” McAfee Labs Malware Researcher Carlos Castillo said.

Another reason why this tool is a PUP is because of prior reports where the hacktivists tried to dupe unsuspecting Internet users into clicking on links that led to a version of web LOIC that automatically sent large numbers of packets toward a designated target.

DOS tools such as LOIC have become popular not only among hackers, but also among regular users who support their causes.

The best example for this is the massive attacks that took place following the Megaupload closure. At the time, reports revealed more than 5,000 individuals used these automated tools to launch attacks against the FBI, RIAA, the U.S. Department of Justice and many others.

The request comes after Trustwave issued a sub-CA certificate to a private company for use in a data loss prevention system.

RELATED STORIES
Unintended Man in the Middle
Advantech’s New Version of WebAccess
Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime

Sub-CA keys can sign SSL certificates for any domain name on the Internet, which makes them very dangerous if they fall in the wrong hands.

Even though Trustwave said the sub-CA key in question was in a hardware security module (HSM), making it irretrievable, the fact that such a powerful certificate was issued to a private company that wasn’t a certificate authority, represents a violation of Mozilla’s policy for CAs.

Certificate authorities voluntarily adhere to Mozilla’s CA Certificate Policy in order to have their root keys included by default in Firefox, Thunderbird and other Mozilla products.

“Participation in Mozilla’s root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe, up to and including the removal of root certificates that mis-issue, as well as any roots that cross-sign them,” said Johnathan Nightingale, senior director of Firefox Engineering at Mozilla.

Because there is reason to believe that multiple CAs engage in this type of behavior, Mozilla has decided to offer everyone a one-time chance to come clean about it without risking repercussions instead of making an example out of Trustwave, which would likely discourage similar disclosures.

“We believe that security is best served when browsers and CAs can work together; we hope that frank communication and clear expectations can resolve these issues before any such action is required,” Nightingale said.

Mozilla made its amnesty offer in an email to all CAs on Friday, asking them to revoke sub-CA certificates used for SSL man-in-the-middle interception or traffic management and to destroy the corresponding HSMs.

“We have requested the serial numbers of those certificates and fingerprints of their signing roots so that we, and other relying parties, can detect and distrust these subCA certificates if encountered,” Nightingale said.

CAs have until April 27 to comply with these requests. If they find those certificates after that date, the issuing CAs will face punishments including the removal of their root keys from Mozilla’s products.