This week's security events include news that Sun has released a new patch for StarOffice 8, a malicious Web site link that can force iPhones to dial a number, news of a computer virus bringing the networks of three London hospitals to a standstill, and Yoggie opening up its miniature hardware firewall.
Sun patches StarOffice 8
Sun has released a new update for StarOffice 8 that closes some critical holes that are exploited via specially crafted EMF and WMF files. First discovered and resolved in OpenOffice - which StarOffice is based on - the update for StarOffice 8 has now been made available. We covered the earlier release of OpenOffice 2.4.2 here earlier.
In addition, the update also corrects several other flaws in the StarOffice software suite. You can find the full list as well as the download link here.
iPhone flaw forces dialing by clicking malicious links
It is possible for a malicious Web site to force the iPhone to dial an arbitrary number, according to The Fraunhofer Institute for Secure Information Technology in Germany. With just a few basic lines of code on the Web site or embedded in an e-mail, an iPhone user could well lose control of his phone if he were to click on an engineered link.
Essentially, the iPhone will dial the specified number without any opportunity for the user to abort the dialing process. This is because the iPhone will no longer respond to the home key or any other key inputs, for the matter. Apple's just published version 2.2 of its firmware fixes this issue. However, as there appears to be no satisfactory way to bypass the vulnerability, iPhone users are advised not to click on any links until they have been updated.
I think the bigger issue here has to do with the proliferation of smartphones and their increasing amount of integration with the Web. The result is that smartphones are fast approaching a critical mass of units and functionality where viruses and worms start making their appearance.
Computer virus brings London hospital networks to a standstill
BBC has a report in which the networks of three London hospitals were downed by a computer virus for at least 24 hours. The three linked hospitals are St Bartholomew's, the Royal London Hospital, and the London Chest Hospital, which were forced to switch to an emergency system - which includes doctors using pen and paper.
Even as ambulances were diverted to neighbouring hospitals to ensure that seriously ill patients do not suffer as a result of the slower manual systems, a hospital spokesman noted that "the virus was "not malicious," and the infection was "self-contained." Theatres and outpatient departments had remained operational though. The problem has since been rectified, with normal operations resumed.
As hospitals become increasingly networked and computerized, the prospect of real lives being lost as a result of computer hacking or malware no longer seems like the idle FUD they were once relegated to be. I think it is inevitable that demands for the services of security professionals and forensics expert will increase in the face of such threats.
Yoggie opens up its miniature hardware firewall
Israel-based Yoggie Security Systems, the maker of innovative hardware firewalls for small offices and laptops, has opened up its cutting-edge miniature appliances. The source code to "most applications" as well as a full developer SDK will be released to most of the applications on its platform.
For those who are new to Yoggie - the company makes a range of USB-key-sized and ExpressCard-sized "security minicomputers" that connects to any PC or laptop. The idea is to offload security software over to hardware, as well as blocking of Internet threats outside the host computer - and boosting computer performance as a result. Of course, the downside is reduced battery life for laptop-totting users.
Developers will be able to re-configure their hardware or modify the software installed with CLI (Command line interface) using standard SSH protocol. This means applications like PuTTY, or file-manager type applications such as WinSCP are supported.
The Open Firewall Pico and Open Firewall SOHO are powerful Linux-based computers equipped with 520 MHz ARM CPU and 128MB of RAM. They will be available for an introductory offer of $49 (MSRP $69), and $79 (MSRP $99) respectively. For this price, users will receive a full product suite consisting of the hardware firewall, a developer SDK and full SSH access, as well as membership of the online Yoggie developer community, which Yoggie launched in support of this initiative.
Have any TechRepublic readers used any of Yoggie's products?
Edit [25 Nov]: Slight correction to clarify that Yoggie is opening up its platform as opposed to releasing all the source code to it.