Thursday, July 23, 2009

Adobe Vulnerability Targeted in Drive-by Attacks

eWEEK.COM is running a story about a new zero-day vulnerability affecting Adobe's Flash Player software that is being exploited by attackers via drive-by downloads.

Adobe first warned about the vulnerability July 21, then issued an updated advisory the next night. The issue affects current versions of Flash Player on Windows, Mac and Linux platforms.

According to the U.S. Computer Emergency Response Team (US-CERT), an attacker can trigger an overflow by luring a user into opening a malicious Flash (SWF) file that is either hosted or embedded on a Web page or contained in a PDF file. Then the attacker could either trigger a system crash or take full control of a vulnerable system.
“There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows,” according to a post on the Adobe Product Security Incident Response Team blog. “We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009(the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh, and UNIX by July 31, 2009.”
“At the moment there (are) a low number of malicious sites serving the exploit, but we confirmed that the links have been injected in legitimate Websites to create a drive-by attack, as expected,” according to SANS Internet Storm Center.

See full article at eWEEK.COM.

Tuesday, July 07, 2009

Google Book Search Settlement Inquiry Announced

ISEDB's article "Google Book Search Settlement Inquiry Announced" includes a link to Pam Samuelson's talk Reflections on the Google Book Search Settlement. See also her 4/17/09 guest blog "Legally Speaking: The Dead Souls of the Google Booksearch Settlement", where she says:

"In the short run, the Google Book Search settlement will unquestionably bring about greater access to books collected by major research libraries over the years. But it is very worrisome that this agreement, which was negotiated in secret by Google and a few lawyers working for the Authors Guild and AAP (who will, by the way, get up to $45.5 million in fees for their work on the settlement—more than all of the authors combined!), will create two complementary monopolies with exclusive rights over a research corpus of this magnitude. Monopolies are prone to engage in many abuses."

"The Book Search agreement is not really a settlement of a dispute over whether scanning books to index them is fair use. It is a major restructuring of the book industry’s future without meaningful government oversight. The market for digitized orphan books could be competitive, but will not be if this settlement is approved as is."

Professor Samuelson points out that "nothing in the settlement agreement speaks about privacy interests of users" and that this is very different than how libraries operate.