Tuesday, July 24, 2007

Daily Highlights

InformationWeek reports identifying information on more than half a million uniformed military personnel and their families was compromised by a military contractor that transmitted it over the Internet without encryption. (See item 8)
ABC15 reports news investigators have discovered a 4.5−hour time frame each night when X−ray machines are off, metal detectors are closed, and virtually anything can be brought into the secure side of Phoenix Sky Harbor Airport. (See item 16)
The U.S. Food and Drug Administration is expanding its July 18 warning for consumers and pet owners regarding canned food products and dog food produced by Castleberry Food Company of Augusta, Georgia, due to the risk of botulinum toxin. (See item 27)
Information Technology and Telecommunications Sector

37. July 23, IDG News Service — HP to acquire Opsware for $1.6 billion. Hewlett−Packard (HP) plans to buy datacenter automation software vendor Opsware for about $1.6 billion. It's the third−largest acquisition in HP's history after its multibillion−dollar purchases of Compaq and Mercury. HP said Monday, July 23, that it had signed a definitive agreement to acquire Opsware in a cash tender deal that values the company at $14.25 per share. Once the deal closes, HP plans to combine the Opsware software with its own enterprise IT management software, as the new acquisition becomes part of HP's software business.
Source: http://www.infoworld.com/article/07/07/23/HP−to−acquire−Opsw are_1.html

38. July 23, IDG News Service — Security team claims successful iPhone hack. A team of security experts in Baltimore said it has found a flaw in Apple's iPhone handset that can be used by attackers to access private data stored on it. Independent Security Evaluators (ISE) said on a Website dedicated to explaining the flaw and its exploitation that an attacker could gain access to the iPhone through a wireless access point, or through a Website controlled by the attacker. Because the iPhone connects to wireless Internet access networks, such as Wi−Fi, by name, an attacker could create a network with the same name and encryption method as one the handset already uses. The attacker could then substitute a Web page with exploit code to gain access to the phone, ISE said. An attacker could also use a link planted on an unedited or unmoderated online forum, or a link sent by SMS or e−mail to use make use of the flaw and gain access to the handset, ISE said. When the iPhone's Safari browser opens a malicious Web page, malicious code can be run on the phone via the flaw, allowing the attacker to read the iPhone's SMS log, address book, call history, and voice−mail information, ISE said.
Source: http://www.infoworld.com/article/07/07/23/successful−iPhone− hack_1.html

39. July 23, VNUNet — Symantec warns of cross−platform vulnerability. Symantec has warned of an exploit in circulation that can crash Nintendo's Wii gaming console. The problem concerns the use of Flash files on the console. Adobe patched the Flash flaw on July 12, but the Opera browser used by the Wii is still vulnerable. "The most interesting thing is that it is a cross−platform vulnerability," said Liam OMurchu from Symantec's Security Response team. "Due to the fact that Flash can run in different browsers and on different platforms, the discovery of this one vulnerability could leave all Flash−enabled operating systems and devices open to the attack, including some advanced smartphones. The vulnerability has already been tested on Windows, Apple Mac, and some Linux distributions, but many other devices that are Flash−enabled could be affected by the problem too."
Source: http://www.vnunet.com/vnunet/news/2194782/symantec−warns−wii −flaw

40. July 20, eWeek — Duke resolves iPhone, Wi−Fi outage problems. One week after discovering a glitch between Apple iPhones and its Cisco−based campus wireless network, Duke University on Friday, July 20, finally got to the bottom of the problem that caused periodic outages of the Wi−Fi network. Initial reports of the problem placed the blame for the outages squarely on Apple's iPhones, which flooded the Cisco Wireless Access Points with thousands of address requests per second. However, in a statement released Friday afternoon, Cisco Systems admitted that the problem was caused by a Cisco glitch. "Cisco has provided a fix that has been applied to Duke's network and the problem has not occurred since," the statement read. Cisco did not describe what the source of the problem was.
Source: http://www.eweek.com/article2/0,1895,2161065,00.asp