Wednesday, June 20, 2007

Daily Highlights

Computerworld reports a security breach at Los Alamos National Laboratory in January may have exposed classified data on nuclear weapons when several officials at the company that manages security used unprotected e−mail networks to share highly classified information. (See item 3)
The U.S. Naval Academy in Annapolis, Maryland, held a security drill on Monday, June 18, to gauge the school's readiness in case of a terrorist attack or an incident such as the Virginia Tech shootings. (See item 25)

Information Technology and Telecommunications Sector

30. June 19, Associated Press — Toshiba: Recalled battery sparked fire. A Toshiba Corp. laptop with a recalled Sony battery pack that hadn't been replaced burst into flames last month in Great Britain. It was the third Toshiba laptop blaze suspected of being linked to the defective batteries. Sony Corp. announced the massive recall last year after it was found that the lithium−ion batteries could overheat and catch fire. More than 10 million notebook batteries were affected, including those used by Dell Inc., Lenovo Inc., Apple Inc. and Acer Inc. Given the recent fires, Japanese electronics maker Toshiba said it will step up efforts to reach all customers who may own a laptop with the recalled battery pack.

31. June 19, IDG News Service — Analysts: Microsoft flaw opened door to scammers. Microsoft on Tuesday, June 19, fixed a bug in its Windows Live ID registration that let users deceptively register a false e−mail address. The false e−mail address could then be used as an ID for Microsoft's Live Messenger program, which could trick a user into thinking they are chatting with someone who is not whom they appear to be, such as Erik Duindam, a Web developer in Leiderdorp, the Netherlands, reported the problem to Microsoft on Monday. Microsoft acknowledged it had fixed the bug but did not have further information on the flaw's impact. It's unclear how long the flaw may have existed or how many accounts with deceptive instant messenger IDs could have been created.

32. June 19, IDG News Service — HP buys Web app security specialist SPI. Hewlett−Packard (HP) has agreed to buy Web application security specialist SPI Dynamics, just two weeks after IBM announced plans to buy SPI's rival Watchfire. SPI, like Watchfire, develops software for finding vulnerabilities in Web applications, and for auditing their compliance with regulations on corporate governance such as the Sarbanes−Oxley Act.

33. June 19, IDG News Service — Google security API spots dangerous URLs. Google has released an API that enables other applications to access its blacklist of URLs of Websites that may have malicious programs. Developers can incorporate the API (application programming interface) into their applications that deal with user−generated links, Google said on its security blog. Hackers often create Websites designed to infect computers with malware and spread links to those sites in forums and through spam, among other methods. The release of the API adds to Google's noteworthy moves of late in the security field.

34. June 19, CNET News — Trillian critical security update released. Cerulean Studios on Monday, June 18, released a "highly critical" security update for its Trillian multi−protocol chat software. Attackers could exploit vulnerabilities in the character encoding for Trillian −− specifically, the word−wrapping handling of UTF−8, the Unicode Transformation Format used for encoding characters in e−mail, instant messages and Webpages, iDefense Labs warned in its security advisory. The vulnerabilities potentially could affect earlier versions of the Trillian software as well, iDefense said. Trillian, which supports Yahoo's Instant Messenger, AOL's AIM, MSN Messenger, and Internet−relay chat and ICQ instant−messaging protocols, could be exploited if users view a malicious message containing an unusually long UTF−8 string.
iDefense Labs security advisory: