Wednesday, July 25, 2007

Daily Highlights

Amid concerns about after−hours employee access to concourses at Phoenix Sky−Harbor International Airport, the Transportation Security Administration and the airport have implemented several changes to ensure that local security procedures are in compliance with national requirements concerning screening employees. (See item 10)
·
The Boston Globe reports a spate of deadly chlorine bomb attacks in Iraq is prompting the Bush administration to urge nearly 3,000 municipal water treatment plants in the U.S. to make sure their chlorine gas is well protected. (See item 21)
·
Information Technology and Telecommunications Sector

30. July 24, IDG News Service — China breaks into large piracy syndicate with FBI's help. A flurry of raids and arrests in China over the last two weeks have ended what is estimated to be the world's largest piracy syndicate in operation for more than six years. The group, in Guangdong province in southern China, produced fraudulent copies of software from Microsoft and Symantec, according to the Federal Bureau of Investigation (FBI). In China, some 290,000 discs were seized, worth $500 million, as well as $7 million in other assets, the FBI said. In the U.S., the agency's Los Angeles office confiscated $2 million in counterfeit software, plus $700,000 in other assets. In one of the raids, an alleged counterfeiter named Ma Ke Pei was arrested along with 10 other people in connection with fake Symantec software, the FBI said. In 2003 Ma was indicted in the U.S. for copyright and trademark violations related to Microsoft software but fled to China. Other raids centered around Shenzhen, where some 70 percent of the counterfeit products are shipped to the U.S. to distributors and retail customers, the FBI said. Six manufacturing lines and retail facilities were dismantled, and 47,000 counterfeit Microsoft CDs were confiscated.
Source: http://www.infoworld.com/article/07/07/24/China−busts−piracy−syndicate−with−FBI_1.html

31. July 23, ComputerWorld — 'Dangling pointers' more dangerous than thought, says security vendor. An issue largely ignored because the security risk was deemed only theoretical might soon become a significant and dangerous security risk, according to Web application security vendor Watchfire Inc. The company has developed new proof−of−concept code that it says can use what’s generally seen as a relatively benign coding flaw −− it's known as a dangling pointer −− to launch remote−code execution attacks. A dangling pointer, like a buffer−overflow flaw, can exist in a large number of software products. Watchfire is set to demonstrate its attack code running against a vulnerability in Microsoft Corp.’s IIS 5.1 server software at next week’s BlackHat conference in Las Vegas.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027658&intsrc=hm_list