Software

Security News Roundup: Yoggie opens up its miniature hardware firewall

This week's security events include news that Sun has released a new patch for StarOffice 8, a malicious Web site link that can force iPhones to dial a number, news of a computer virus bringing the networks of three London hospitals to a standstill, and Yoggie opening up its miniature hardware firewall.

Sun patches StarOffice 8

Sun has released a new update for StarOffice 8 that closes some critical holes that are exploited via specially crafted EMF and WMF files.  First discovered and resolved in OpenOffice - which StarOffice is based on - the update for StarOffice 8 has now been made available.  We covered the earlier release of OpenOffice 2.4.2 here earlier.

In addition, the update also corrects several other flaws in the StarOffice software suite.  You can find the full list as well as the download link here.

iPhone flaw forces dialing by clicking malicious links

It is possible for a malicious Web site to force the iPhone to dial an arbitrary number, according to The Fraunhofer Institute for Secure Information Technology in Germany.  With just a few basic lines of code on the Web site or embedded in an e-mail, an iPhone user could well lose control of his phone if he were to click on an engineered link.

Essentially, the iPhone will dial the specified number without any opportunity for the user to abort the dialing process.  This is because the iPhone will no longer respond to the home key or any other key inputs, for the matter.  Apple's just published version 2.2 of its firmware fixes this issue.  However, as there appears to be no satisfactory way to bypass the vulnerability, iPhone users are advised not to click on any links until they have been updated.

I think the bigger issue here has to do with the proliferation of smartphones and their increasing amount of integration with the Web.  The result is that smartphones are fast approaching a critical mass of units and functionality where viruses and worms start making their appearance.

Computer virus brings London hospital networks to a standstill

BBC has a report in which the networks of three London hospitals were downed by a computer virus for at least 24 hours.  The three linked hospitals are St Bartholomew's, the Royal London Hospital, and the London Chest Hospital, which were forced to switch to an emergency system - which includes doctors using pen and paper.

Even as ambulances were diverted to neighbouring hospitals to ensure that seriously ill patients do not suffer as a result of the slower manual systems, a hospital spokesman noted that "the virus was "not malicious," and the infection was "self-contained."  Theatres and outpatient departments had remained operational though.  The problem has since been rectified, with normal operations resumed.

As hospitals become increasingly networked and computerized, the prospect of real lives being lost as a result of computer hacking or malware no longer seems like the idle FUD they were once relegated to be.  I think it is inevitable that demands for the services of security professionals and forensics expert will increase in the face of such threats.

Yoggie opens up its miniature hardware firewall

Israel-based Yoggie Security Systems, the maker of innovative hardware firewalls for small offices and laptops, has opened up its cutting-edge miniature appliances. The source code to "most applications" as well as a full developer SDK will be released to most of the applications on its platform.

For those who are new to Yoggie - the company makes a range of USB-key-sized and ExpressCard-sized "security minicomputers" that connects to any PC or laptop.  The idea is to offload security software over to hardware, as well as blocking of Internet threats outside the host computer - and boosting computer performance as a result.  Of course, the downside is reduced battery life for laptop-totting users.

According to its press release:

Developers will be able to re-configure their hardware or modify the software installed with CLI (Command line interface) using standard SSH protocol. This means applications like PuTTY, or file-manager type applications such as WinSCP are supported.

The Open Firewall Pico and Open Firewall SOHO are powerful Linux-based computers equipped with 520 MHz ARM CPU and 128MB of RAM.  They will be available for an introductory offer of $49 (MSRP $69), and $79 (MSRP $99) respectively.  For this price, users will receive a full product suite consisting of the hardware firewall, a developer SDK and full SSH access, as well as membership of the online Yoggie developer community, which Yoggie launched in support of this initiative.

Have any TechRepublic readers used any of Yoggie's products?

Do you have any comments or feedback that you might care to share with us here?

Edit [25 Nov]:  Slight correction to clarify that Yoggie is opening up its platform as opposed to releasing all the source code to it.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

3 comments
paulmah
paulmah

This week?s security events include news thatSun has released a new patch for StarOffice 8, an iPhone flaw that allows websites dialling arbitrary numbers upon clicking of a malicious link, news of a computer virus bringing the networks of three London hospitals to a standstill, and Yoggie opening up its miniature hardware firewall.

pgit
pgit

I looked around the yoggie site and couldn't find any mention, other than "Linux based." Is the code on these devices open source? Or are these systems proprietary? I would not trust a proprietary firewall solution.

paulmah
paulmah

Yoggie continues to separately sell the non-open version of its Pico and SOHO firewalls, which doesn't come with SDK. You will need to get the "Open" versions, for which you can check out this URL: http://www.yoggie.com/developers I haven't looked into all the various SDKs and downloads listed there, but I reckon that the source code, if any, should be all there. Reading from the various documentation and press releases, I must say that Yoggie never did promise to make everything open source though, just that it will be open to (external) development. Regards, Paul Mah.

Editor's Picks