Websense acquiring PortAuthority Technologies
Websense t has reached a definitive agreement to acquire
PortAuthority Technologies Inc. of Palo Alto, Calif., for
approximately $90 million in cash.
Websense said in a press release that the planned acquisition
will "bring together two technology and market leaders in
preemptive content security: PortAuthority with its information
leak prevention technology and Websense with its ThreatSeeker
malicious content identification and categorization technology."
The result will be a new best-of-breed security software company
with the capacity to help organizations prevent the unauthorized
use or disclosure of confidential data while simultaneously
protecting users and data from external malicious threats, the
company said.
The stockholders of PortAuthority have approved the proposed
acquisition. The closing of the merger is subject to standard
closing conditions and is expected to close in January 2007.
Sony BMG settles lawsuit over rootkit technology
Sony BMG Music Entertainment Inc. caught the information security
community's wrath last year when a researcher discovered the
company was using
rootkit-based antipiracy software in some of
its CDs. Now, the entertainment firm will pay $750,000 in
penalties and costs and reimburse California consumers whose
computers were harmed by the software.
The company reached an agreement with the attorney general of
Los Angeles County and the state of California to settle a lawsuit
charging that it secretly embedded digital rights management
software on CDs that potentially opened the door to hackers,
according to the Reuters news service. The lawsuit alleged that
Sony did not properly disclose information about the software,
which was designed to limit the number of copies consumers could
make of their music.
Tom Papageorge, a head deputy district attorney for Los Angeles
County, told Reuters that Texas filed a similar agreement with the
courts Tuesday and he predicted the Federal Trade Commission and
other U.S. states would do the same over the next year.
Sony BMG sold about 12.6 million CDs with the software
nationwide between January 2005 and November 2005 and about 930,000
in California, Reuters reported. Sony has since stopped using the
technology.
As part of the settlement, Sony BMG will pay up to $175 to
California consumers who can prove the software damaged their
computers. The company will also pay $750,000 in penalties and fees
to settle the case.
Apple fixes Mac OS X glitch
Apple Computer Inc. has released a
Mac OS X security update to fix a flaw
attackers could exploit to access sensitive information on a
victim's machine.
According to the French Security Incident Response Team
(FrSIRT), the problem is an error in
QuickTime for Java when used in conjunction
with Quartz Composer to obtain images rendered on screen by
embedded QuickTime objects. This could be exploited by malicious
Java applets to capture images that may contain local
information.
The problem affects Mac OS X and Mac OS X Server versions 10.4.8
and prior.
According to the Bethesda, Md.-based
SANS Internet Storm CenterWeb site, this
update has nothing to do with the recently-reported
phishing worm that targeted the MySpace
community. It did so by exploiting the Javascript support within
Apple's QuickTime player as well as a MySpace vulnerability.
Microsoft releases first draft of PatchGuard APIs
Microsoft Tuesday gave security vendors a first look at the
application programming interfaces (APIs) they'll need to make some
of their products work with Vista's PatchGuard kernel protection
program.
Vendors will be able to test the draft APIs and make comments on
them through the end of January. A final version of the APIs will
be released when the software giant releases Service Pack 1 for
Vista sometime in mid-2007, Windows Core Operating System VP of
development Ben Fathi told Computerworld. Microsoft also released a
criteria evaluation document outlining the criteria Microsoft used
to evaluate vendor API requests.
"We are publishing this to be very clear and above board on what
our processes are for establishing the new APIs that we are going
to add to the kernel," Fathi told Computerworld. "We want to hear
feedback from partners and the rest of the industry on whether this
is a good set of criteria or not."
Security vendors like
Symantec Corp. and McAfee have complained
that PatchGuard will prevent them from developing products that
work properly with Vista.
Researchers eye Skype worm
Security researchers are looking into reports that a worm is using
Skype Ltd.'s popular VoIP (voice over Internet protocol) service to
spread.
The worm warning was raised Tuesday by security firm Websense
Inc., which said Skype users may receive a message asking them to
download a file called "sp.exe." The file is infected with a Trojan
horse program that could be used to steal passwords. Websense said
the first infected PCs have been found in the Asia-Pacific
region.
While the worm is out there, it has not led to a massive
outbreak, F-Secure Corp. Chief Research Officer Mikko Hypponen told
the IDG News Service. "What's clear is, there's no massive worm
outbreak with Skype at the moment," Hypponen said. "We are
following the situation."
Researcher readies Month of Apple Bugs
The researcher behind the
Month of Kernel Bugs is now planning for a
Month of Apple Bugs in January. The researcher, who goes by the
initials LMH, is joining forces with Kevin Finisterre of Digital
Munition to bring unpatched Mac OS X and Apple application
vulnerabilities to light through the month, eWeek reported. LMH
and Finisterre have apparently accumulated a pile of exploits
for holes in Safari, iTunes, iPhoto, Camino and Firefox.