Wednesday, October 17, 2007

Daily Report

· The Associated Press reports that 3,000 residents and two schools were evacuated after a chemical spill at Reilly Plating Company in Michigan. According to officials, 500 gallons of hydrochloric acid leaked into a containment area at the plant generating worries that the chemical, in combination with expected rain, might become hazardous to the area’s residents. (See item 4)

· The Associated Press reports that 26 percent of the southeast region of the country is covered by an “exceptional” drought, the National Weather Service’s worst drought category. The worsening condition generated complaints about the way the Army Corps of Engineers managed the water rights. According to scientists, the drought will continue to affect the country as a La Nina weather system is forming, which could bring drier and warmer weather for Florida and most parts of Alabama and Georgia. (See item 17)

Information Technology

27. October 16, Computerworld – (National) Newest Windows update snafu puzzles Microsoft. For the second time in a month, Microsoft Corp. has had to defend Windows Update against charges that it upgraded machines without users’ permission. So far, it has no explanation for the newest instance of unauthorized updating. In a post published late Friday to a company blog, the program manager for Microsoft Update denied that Windows’ update mechanism was to blame for reports of settings being changed without user interaction, updates downloading and installing, and systems rebooting. “We have received some logs from customers and have so far been able to determine that their AU [Automatic Update] settings were not changed by any changes to the AU client itself and also not changed by any updates installed by AU,” he said. Claims started to trickle in shortly after the rollout last Tuesday of multiple security patches that machines running Windows Vista had updated on their own, even though users had set Automatic Update to require their approval before downloading and/or installing patches. Some users also reported that machines had rebooted, which caused data loss in applications that had been left open.

28. October 15, Computerworld – (National) Researcher posts unofficial patch for Windows URI bug. A researcher beat Microsoft to the patch punch Sunday by publishing an unofficial fix for a critical flaw in Windows XP and Server 2003 on PCs with Internet Explorer 7. KJK::Hyperion, a.k.a. “Hackbunny,” a researcher believed to live in Italy, posted a link to the 16KB patch on both his Web site and the Full Disclosure security mailing list Sunday. KJK’s patch, dubbed “ShellExecuteFiasco,” blocks the execution of malformed URLs and forces normalization of valid URLs. URL normalization, which can include tasks such as changing a URL to all-lowercase and stripping out the “www” part of the address, is a technique used by search engines to reduce indexing of duplicate pages. Users, who apply the patch, do so at their own risk, KJK warned. “The present patch is dramatically under-tested and it has underwent [sic] no quality assurance procedure whatsoever, so please deploy with the greatest care,” he said in the notes accompanying the fix. “It has a very good chance of misbehaving and making your system unusable.” His patch targets the URI (Universal Resource Identifier) vulnerability that Microsoft acknowledged last week. On Thursday, the company’s security group issued an advisory that spelled out the problem, which could allow attackers to compromise systems running Internet Explorer 7 if users clicked on malicious links embedded in e-mail messages or posted on a Web page. Microsoft also said it would release a fix, but would not commit to a schedule. The unsanctioned patch can be downloaded from KJK’s Web site.

29. October 15, Computerworld – (California) Governor vetoes bid to make retailers liable for banks’ breach-related expenses. In a move that is likely to come as a major relief to retailers nationwide, California’s governor on Saturday vetoed legislation that would have made merchants in his state financially liable for the costs incurred by financial institutions because of retail data breaches. In a statement explaining his reasons for refusing to sign the bill, formally known as AB 779, the official said that it “attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers.” The measure, which was approved last month by both the California State Assembly and Senate, would have required retailers in California that get hit by data breaches to reimburse banks and credit unions for the cost of alerting customers and reissuing credit and debit cards. It would also have prohibited merchants from storing specific types of authentication data taken from the magnetic stripes on the back of payment cards, while requiring the use of so-called strong authentication technologies for protecting cardholder data.

Communications Sector

30. October 16, IDG News Service – (National) Google testing YouTube antipiracy system. Google has unveiled a test version of a much-awaited antipiracy system for its wildly popular yet controversial YouTube video-sharing site. The system, called Video Identification, has been far from a secret. Google executives have been mentioning its development since the company acquired YouTube in November of last year. YouTube, which lets people upload and share clips, is the most popular video site, but some angry video owners have taken the company to court alleging copyright infringement. The best-known plaintiff is global media conglomerate Viacom, which sued Google in March for $1 billion over the unauthorized uploading of video clips from its TV shows and movies. In its complaint, Viacom alleged that, as of March, almost 160,000 of its video clips had been uploaded to YouTube without permission and had been viewed over 1.5 billion times. The antipiracy system became news in July, when an attorney representing Google in the Viacom case said during a routine hearing that Video Identification would be ready by September. When describing the system, Google has consistently stressed that it will not block videos from being uploaded, but rather take action, if necessary, after they have been added to the YouTube site. In other words, Google has never planned to place uploaded videos in a holding queue while it checks whether they can be made available on YouTube. Instead, Google will match uploaded clips against a repository of legitimate videos provided by their owners using digital fingerprinting technology and will take whatever action the copyright owner has requested, such as removing the clip or leaving it up on YouTube. It remains to be seen whether this highly anticipated system will help to appease those video content owners, who argue that YouTube does not do enough to prevent and combat piracy on its site and that instead it profits from the unauthorized and illegal uploading of copyright clips.

31. October 15, IDG News Service – (National) Apple faces potential environmental lawsuit. The Center for Environmental Health on Monday said that it has given Apple 60 days' legal notice -- a step required by California law before a lawsuit is launched. The action is based on the report by environmental group Greenpeace released earlier Monday that found hazardous materials in Apple's iPhone. The Greenpeace tests revealed chemicals that included "phthalates" in the vinyl plastic earphone wiring at levels that are prohibited in young children's toys in San Francisco and the European Union (EU). Under California's Proposition 65 law, products that can expose consumers to phthaltes or other chemicals that are reproductive toxins or carcinogens must carry a warning label, according to the Center for Environmental Health. Apple representatives were not immediately available for comment on the lawsuit or the Greenpeace report.

No comments: