Wednesday, August 15, 2007

Daily Highlights

USA TODAY reports a new flu vaccine plant is set to begin operations as soon as next year, boosting the supply of vaccine for the annual flu season and providing a much−desired U.S. source of vaccine for use in a flu pandemic. (See item 22)
The Department of Homeland Security’s Ready Campaign has released three new demonstration videos designed to highlight the specific steps older Americans, individuals with disabilities and special needs, and pet owners should take to prepare for emergencies. (See item 26)
Information Technology and Telecommunications Sector

28. August 14, IDG News Service — Nokia says 46 million batteries may overheat. Nokia is offering to replace 46 million batteries made by another company for use in its mobile phones because of a risk of overheating, Nokia said on Tuesday, August 14. The faulty batteries were manufactured by Japan's Matsushita Battery Industrial Co. and sold in a wide range of Nokia phones, from its low−end 1100 family of products to its pricier N91 and E60 devices. Nokia said that in "very rare cases" a short circuit can cause the Nokia−branded BL−5C batteries to overheat while they are being recharged. It said it knows of about 100 incidents so far and that no serious injuries or property damage have been reported.
Source:−batteries−ov erheat_1.html

29. August 14, ComputerWorld — Record−breaking 'Storm' linked to spam surge. Storm, the Trojan horse that hoovers PCs into hacker−controlled botnets, roared back into life last month in several waves, security researchers said Monday, August 13, and has blown by 2005's Sober to become the most prolific e−mail−borne malware ever. Thanks to Storm, MX Logic tracked a July jump in malicious e−mail of 1,700 percent over June. Storm, however, is much more malevolent than Sober. "Not only is it designed to propagate more copies of Storm, but it releases huge quantities of spam," said Sam Masiello, director of threat research at MX Logic Inc. Security analysts have been drawing a line between Storm's success and spam outbursts of July and August, including one that dropped impressive quantities of "pump−and−dump" stock scam mail in mailboxes worldwide.

30. August 14, Associated Press — Microsoft buys online−ad company. Microsoft completed its $6 billion buyout of digital marketing company aQuantive Monday, August 13, and now plans to challenge Yahoo and Google in the online advertising business. Microsoft, which lags behind Yahoo and Google in search traffic and advertising revenue, is trying to shift toward offering software applications over the Internet.

31. August 13, InfoWorld — Novell buys endpoint security firm Senforce. Novell announced on Monday, August 13, that it has acquired Senforce Technologies, a provider of endpoint and network security tools, for an undisclosed sum. Waltham, MA−based Novell also said that it would move quickly to integrate Senforce's technologies into its ZENworks product lineup in an effort to further expand its enterprise systems management offerings.

32. August 13, ComputerWorld — DirectX SDK bug means bad news for IE users. The DirectX software development kit Microsoft issued in 2002 contains a critical vulnerability, a Polish researcher claimed as he released attack code that can hijack Windows PCs by tempting Internet Explorer (IE) users to malicious sites. According to Krystian Kloskowski, who posted exploit code on the site, the FlashPix ActiveX control included with DirectX Media 6.0 SDK contains a buffer overflow bug that can be exploited. More importantly, according to an advisory issued by U.S. Computer Emergency Readiness Team (US−CERT) on Sunday, August 12, "because the FlashPix ActiveX control is marked 'Safe for Scripting,' Internet Explorer can be used as an attack vector for this vulnerability." IE 6 can be leveraged to exploit the flaw, noted Kloskowski, but he did not say if the newer IE 7 is also a workable attack vector.
US−CERT Vulnerability Note:

33. August 13, InformationWeek — Storm botnet behind Canadian DoS attack. Researchers are blaming the virulent Storm worm for a widespread denial−of−service (DoS) attack that hit Canadian Websites over the weekend. The attack may have been unfocused and unsuccessful, but it could have been an early test of the DoS power that the Storm worm botnet now holds. Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center, said in an interview that while sites in Canada were "pounded" over the weekend, he doesn't think it was a targeted DoS attack. The attacks weren't aimed at any particular Websites. It was just spread across a wide swath of the Internet.