Monday, May 21, 2007

Daily Highlights

PC World reports authorities in a number of states have reported instances of a new high−tech crime: Crooks replacing or rigging checkout keypads at grocery and convenience stores to record the credit card number or the personal identification number used for a debit card. (See item 8)
The New York Times reports a proposal to build a parking garage within one foot of the federal courthouse in Akron, Ohio's downtown area has provoked a strong reaction from some judges who say it would allow potential terrorists to get dangerously close to their courtrooms. (See item 23)

Information Technology and Telecommunications Sector

27. May 18, IDG News Service — Microsoft to buy aQuantive for $6 billion. Microsoft plans to acquire aQuantive, a digital marketing services agency, for around $6 billion in order to grow its Internet advertising business, it was announced Friday, May 18. Microsoft said aQuantive's 2,600 employees will be incorporated into its online services business, dedicated to growing advertising on the company's MSN portal, its Windows Live online services, the Xbox Live gaming platform and Office Live services.
Source:−to−buy−a quantive_1.html

28. May 18, IDG News Service — Symantec: Chinese hackers grow in number, skills. China's hacking scene appears poised for growth, as the number of Internet users rise with a commensurate interest in criminal hacking and government spying, according to a new Symantec study. "China’s hacking scene is clearly an active one," the report said. "These individuals and groups are known for discovering vulnerabilities, writing exploit code, and developing sophisticated hacking techniques." China ranks second behind the U.S. as far as malicious activity on the Internet as a whole, Symantec said, citing its own data. The country had 131 million Internet users as of the end of 2006, accounting for about 10 percent of its population and 11 percent of the world's Internet users.
Source:−hackers−gr ow−in−number_1.html

29. May 17, eWeek — Critical flaws found in Java Development Kit. Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit (JDK), one of which could be used to take over a compromised system. JDK is a software development tool made by Sun Microsystems specifically for Java users. The vulnerabilities were rated "critical" by the French Security Incident Response Team, a security research organization based in France. One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images. The second vulnerability is caused by an error in the BMP image parser when processing malformed files on Unix/Linux systems, which could be exploited by attackers to cause a denial−of−service. Both flaws affect Sun JDK version 1.x.

30. May 17, eWeek — Symantec fixes flaw in security software. Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged−in user, Symantec officials said. In order for an exploit to work, however, the hacker must first trick the user into viewing a specially crafted HTML document.
Symantec Advisory: