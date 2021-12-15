News
Avalanche defeats Ryan Reaves, NY Rangers to extend winning streak to five games
The play of the game might have been during a stoppage in play on Tuesday night at an electric Ball Arena.
Avalanche defenseman Kurtis MacDermid dropped New York Rangers forward Ryan Reaves in a fight before Colorado downed the Blueshirts 4-2 to extend its winning streak to five games — a stretch that includes two victories over the fabled Original Six franchise.
MacDermid was acquired in the offseason to combat players like Reaves, who intimidated the Avs while playing for the Vegas Golden Knights last season. In fact, Reaves’ tactics helped change the momentum in a second-round series the Avs lost 4-2 after winning the first two.
The Avs, who lost ice-time leader and top-pair defenseman Devon Toews to COVID protocol before the game, play with less fear with MacDermid in the lineup, and used his big win over Reaves with goals from Mikko Rantanen, Cale Makar and Valeri Nichushkin (two) to extend their points streak to seven games (6-0-1).
Nichushkin scored his second tally on a breakaway in the final minute, after New York got within 3-2.
Centers Nathan MacKinnon and Nazem Kadri each had two assists and goalie Darcy Kuemper improved to 9-1 in his last nine starts. Kadri returned from a two-game injury absence and produced his 12th multiple-goal game to extend his team scoring lead to 36 points in just 23 games.
Colorado got goals from Rantanen and Makar (power play) to take a 2-0 lead out of the first period. The Rangers drew two early penalties in the second period and had the Avs on their heels, and cut the deficit to 2-1 with Ryan Strome’s tip-in from a pass from the point by defenseman Adam Fox at 10:36 — a minute after the MacDermid-Reaves fight.
Colorado regained a two-goal advantage with Nichushkin’s stuff-in off Kadri’s rebound at 18:45.
The Avs appeared to take a 4-1 lead midway through the third period when forward J.T. Compher scored a power-play goal, but the Rangers challenged goalie interference and won the argument.
Makar’s goal was his career-high 13th of the season, one more than he had all last season, and he became the first NHL defenseman to reach 13 goals through the first 23 games since Dave Ellett had 15 through 23 for the Jets in 1988-89.
Footnotes. Colorado has won eight consecutive home games and is 9-0-1 in its last nine. The Avs are 26-2-2 in their last 29 games at Ball Arena. … Rookie defenseman Justin Barron made his NHL debut for the Avs as the replacement for Toews, who will miss at least six games through Christmas. Barron, 20, was on the third pairing with MacDermid. … The Avs continue on without left wing and team captain Gabe Landeskog, who is in the midst of a two-week injury absence.
EXPLAINER: The security flaw that’s freaked out the internet
By FRANK BAJAK
BOSTON (AP) — Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.
The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure. The affected software is small and often undocumented.
Detected in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a prodigious challenge; it is often hidden under layers of other software.
The top U.S. cybersecurity defense official, Jen Easterly, deemed the flaw “one of the most serious I’ve seen in my entire career, if not the most serious” in a call Monday with state and local officials and partners in the private sector. Publicly disclosed last Thursday, it’s catnip for cybercriminals and digital spies because it allows easy, password-free entry.
The Cybersecurity and Infrastructure Security Agency, or CISA, which Easterly runs, stood up a resource page Tuesday to help erase a flaw it says is present in hundreds of millions of devices. Other heavily computerized countries were taking it just as seriously, with Germany activating its national IT crisis center.
A wide swath of critical industries, including electric power, water, food and beverage, manufacturing and transportation, were exposed, said Dragos, a leading industrial control cybersecurity firm. “I think we won’t see a single major software vendor in the world — at least on the industrial side — not have a problem with this,” said Sergio Caltagirone, the company’s vice president of threat intelligence.
Eric Goldstein, who heads CISA’s cybersecurity division, said Washington was leading a global response. He said no federal agencies were known to have been compromised. But these are early days.
“What we have here is a extremely widespread, easy to exploit and potentially highly damaging vulnerability that certainly could be utilized by adversaries to cause real harm,” he said.
A SMALL PIECE OF CODE, A WORLD OF TROUBLE
The affected software, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers. It runs across many platforms — Windows, Linux, Apple’s macOS — powering everything from web cams to car navigation systems and medical devices, according to the security firm Bitdefender.
Goldstein told reporters in a conference call Tuesday evening that CISA would be updating an inventory of patched software as fixes become available. Log4j is often embedded in third-party programs that need to be updated by their owners. “We expect remediation will take some time,” he said.
Apache Software Foundation said the Chinese tech giant Alibaba notified it of the flaw on Nov. 24. It took two weeks to develop and release a fix.
Beyond patching to fix the flaw, computer security pros have an even more daunting challenge: trying to detect whether the vulnerability was exploited — whether a network or device was hacked. That will mean weeks of active monitoring. A frantic weekend of trying to identify — and slam shut — open doors before hackers exploited them now shifts to a marathon.
LULL BEFORE THE STORM
“A lot of people are already pretty stressed out and pretty tired from working through the weekend — when we are really going to be dealing with this for the foreseeable future, pretty well into 2022,” said Joe Slowik, threat intelligence lead at the network security firm Gigamon.
The cybersecurity firm Check Point said Tuesday it detected more than half a million attempts by known malicious actors to identify the flaw on corporate networks across the globe. It said the flaw was exploited to plant cryptocurrency mining malware — which uses computer cycles to mine digital money surreptitiously — in five countries.
As yet, no successful ransomware infections leveraging the flaw have been detected. But experts say that’s probably just a matter of time.
“I think what’s going to happen is it’s going to take two weeks before the effect of this is seen because hackers got into organizations and will be figuring out what to do to next.” John Graham-Cumming, chief technical officer of Cloudflare, whose online infrastructure protects websites from online threats.
We’re in a lull before the storm, said senior researcher Sean Gallagher of the cybersecurity firm Sophos.
“We expect adversaries are likely grabbing as much access to whatever they can get right now with the view to monetize and/or capitalize on it later on.” That would include extracting usernames and passwords.
State-backed Chinese and Iranian hackers have already exploited the flaw, presumably for cyberespionage, and other state actors were expected to do so as well, said John Hultquist, a top threat analyst at the cybersecurity firm Mandiant. He wouldn’t name the target of the Chinese hackers or its geographical location. He said the Iranian actors are “particularly aggressive” and had taken part in ransomware attacks primarily for disruptive ends.
SOFTWARE: INSECURE BY DESIGN?
The Log4j episode exposes a poorly addressed issue in software design, experts say. Too many programs used in critical functions have not been developed with enough thought to security.
Open-source developers like the volunteers responsible for Log4j should not be blamed so much as an entire industry of programmers who often blindly include snippets of such code without doing due diligence, said Slowik of Gigamon.
Popular and custom-made applications often lack a “Software Bill of Materials” that lets users know what’s under the hood — a crucial need at times like this.
“This is becoming obviously more and more of a problem as software vendors overall are utilizing openly available software,” said Caltagirone of Dragos.
In industrial systems particularly, he added, formerly analog systems in everything from water utilities to food production have in the past few decades been upgraded digitally for automated and remote management. “And one of the ways they did that, obviously, was through software and through the use of programs which utilized Log4j,” Caltagirone said.
House votes to hold Mark Meadows in contempt in Jan. 6 probe
By FARNOUSH AMIRI and MARY CLARE JALONICK
WASHINGTON (AP) — The House voted Tuesday to hold former White House chief of staff Mark Meadows in contempt of Congress after he ceased to cooperate with the Jan. 6 Committee investigating the Capitol insurrection — making it the first time the House has voted to hold a former member in contempt since the 1830s.
The near-party-line 222-208 vote is the second time the special committee has sought to punish a witness for defying a subpoena. The vote is the latest show of force by the Jan. 6 panel, which is leaving no angle unexplored — and no subpoena unanswered — as it investigates the worst attack on the Capitol in more than 200 years. Lawmakers on the panel are determined to get answers quickly, and in doing so reassert the congressional authority that eroded while former President Donald Trump was in office.
“History will be written about these times, about the work this committee has undertaken,” said Rep. Bennie Thompson, R-Miss., the chairman. “And history will not look upon any of you as a martyr. History will not look upon you as a victim.”
Rep. Jamie Raskin, D-Md., another member of the panel, began Tuesday’s debate on the resolution by reading frantic texts from the day of the attack revealing members of Congress, Fox News anchors and even Trump’s son urging Meadows to persuade the outgoing president to act quickly to stop the three-hour assault by his supporters.
The House vote sends the matter to the U.S. attorney’s office in Washington, where it will now be up to prosecutors in that office to decide whether to present the case to a grand jury for possible criminal charges.
If convicted, Bannon and Meadows could each face up to one year behind bars on each charge.
The nine-member panel voted 9-0 Monday night to recommend charges against the former North Carolina congressman who left in March 2020 to become Trump’s chief of staff.
Republicans on Tuesday called the action against Meadows a distraction from the House’s work, with one member calling it “evil” and “un-American.”
Rep. Jim Jordan of Ohio, took to the floor to praise Meadows: “Make no mistake, when Democrats vote in favor of this resolution, it is a vote to put a good man in prison.”
Trump has also defended Meadows in an interview, saying: “I think Mark should do what’s right. He’s an honorable man. He shouldn’t be put through this.”
And Meadows’ attorney George Terwilliger defended his client in a statement before the vote, noting that he had provided documents to the panel and maintaining that he should not be compelled to appear for an interview.
Terwilliger said, “The Select Committee’s true intentions in dealing with Mr. Meadows have been revealed when it accuses him of contempt citing the very documents his cooperation has produced.”
Meadows himself has sued the panel, asking a court to invalidate two subpoenas that he says are “overly broad and unduly burdensome.”
Meanwhile, Senate Republican leader Mitch McConnell told reporters: “I do think we’re all watching, as you are, what is unfolding on the House side. And it will be interesting to reveal all the participants who were involved.”
He added that he was not in contact with Meadows on the day of the attack.
Democrats quoted at length from Jan. 6 text messages provided by Meadows while he was cooperating with the committee.
“We need an Oval Office address,” Donald Trump Jr. texted, the committee said, as his father’s supporters were breaking into the Capitol, sending lawmakers running for their lives and interrupting the certification of Joe Biden’s presidential victory. “He has to lead now. It has gone too far and gotten out of hand.”
Trump Jr. added, “He’s got to condemn this s—- ASAP.” In response to one of Trump Jr.’s texts, Meadows said: “I’m pushing it hard. I agree.”
Members of the committee said the texts raise fresh questions about what was happening at the White House — and what Trump himself was doing — as the attack was underway. The committee had planned to question Meadows about the communications, including 6,600 pages of records taken from personal email accounts and about 2,000 text messages. The panel has not released any of the communications in full.
Republican Rep. Liz Cheney of Wyoming, the panel’s vice chairwoman, said at the committee’s Monday evening meeting that an important issue raised by the texts is whether Trump sought to obstruct the congressional certification by refusing to send a strong message to the rioters to stop.
“These texts leave no doubt,” Cheney said. “The White House knew exactly what was happening at the Capitol.”
The investigating panel has already interviewed more than 300 witnesses, and subpoenaed more than 40 people, as it seeks to create the most comprehensive record yet of the lead-up to the insurrection and of the violent siege itself.
If Meadows had appeared for his deposition, lawmakers had planned to ask him about Trump’s efforts to overturn the election in the weeks before the insurrection, including his outreach to states and his communications with members of Congress.
The panel says it wanted to know more about whether Trump was engaged in discussions regarding the response of the National Guard, which was delayed for hours as the violence escalated and the rioters beat police guarding the Capitol building.
The documents provided by Meadows include an email he sent to an unidentified person saying that the Guard would be present to “protect pro Trump people,” the panel said, and that more would be available on standby. The committee did not release any additional details about that email.
Committee staff said they would have interviewed Meadows about emails “to leadership at the Department of Justice on December 29th and 30th, 2020, and January 1st, 2021, encouraging investigations of suspected voter fraud,” even though election officials and courts across the country had rejected those claims.
___
Associated Press writers Eric Tucker and Darlene Superville contributed to this report.
Shortage of bus drivers prompts Forest Lake schools to switch to distance learning
The Forest Lake school district announced Tuesday evening that students will be attending school remotely beginning Thursday, citing a shortage of transportation staff.
The decision comes after several days of absences of transportation staff due to illness and other factors, superintendent Steve Massey wrote in an email to community members.
Students will begin distance learning Thursday and will continue through Dec. 23.
“We have reached the point where we cannot run enough of our bus routes to safely operate in-person learning. We cannot rely on parent drivers because the large number of individual vehicles dramatically increases traffic during drop-off and pick-up, and creates a significant safety concern in both our parking lots and on local roadways,” Massey wrote.
Child care for elementary students enrolled in school-age care will be available at the three inclement weather sites of Forest View, Wyoming and Lino Lakes elementary schools.
