This week's security events includes news of Google being ordered to turn over YouTube records to Viacom, security updates released for Drupal CMS, and news of legal action taken by chip maker NXP against the security researchers that cracked its Mifare chip.
- Google ordered to turn over YouTube records to Viacom
Google has been ordered to hand over its access log of YouTube videos to Viacom as part of an ongoing $1 billion suit. The fact that the IP addresses, user names, and viewing records of YouTube users numbering in the tens of millions would be revealed has raised the concerns of privacy advocates.
Yes, YouTube is fabulously popular - according to analyst comScore, some 4.1 billion videos were available on YouTube in April, 38 per cent of all videos offered online, but large numbers of those videos come from copyright material - TV shows, films, videos of concerts and other staged, and hence copyright, events.
Of course, that there might be copyrighted materials on YouTube despite their best efforts is disputed by no one. After all, how do you effectively police 4.1 billion videos?
The can of worms that this case opened has to do with the fact that it set the precedent in which a provider of hosted services — in this case on-line video, can be compelled to reveal privileged information pertaining to its users. Will hosted e-mails be next, or for that matter, hosted services such as Salesforce or Zoho?
- Drupal CMS gets security update
Updates to versions 5.8 and 6.3 of the popular Drupal CMS have been released by its developers.
Multiple vulnerabilities and security weaknesses, which includes cross site scripting, cross site request forgeries, session fixing, and SQL injection are addressed. All versions of Drupal 5.x before version 5.8 and Drupal 6.x before version 6.3 are affected.
Users who cannot upgrade to the new versions are advised to install the patches for Drupal 5.7 or 6.2. You can read up more from Drupal here.
- NXP sues researchers over Mifare chip hack
In an attempt to stop researchers who successfully cracked the security aspects of the Mifare Classic chip, the Netherlands-based NXP Semiconductors is taking them to court later this week. The team from Radboud University in Nijmegen planned to detail how the hack was achieved during Esorics, a European computer security conference held in Spain in the month of October. It seems that additional details not found in the preliminary report will be presented, though even that is available on some Web sites.
Whatever it is, the purpose of the legal action was to forestall that.
Commenting on the pending court case, NXP spokesperson Martijn van der Linden told Dutch news site Webwereld that publishing the report is 'irresponsible'. NXP was sent a copy of the report for review.
Still, many folks from the security circles are trying to make sense of NXP's actions. One train of thought was that the legal actions could at least slow or prevent publication of materials related to the Mifare Classic vulnerability. Another possibility could be to forestall legal actions against NXP from large Mifare clients such as the transit companies.
Still, is there a point, given that the proverbial cat is already long out of the bag. Do you agree with NXP suing the Radboud University researchers here?