Symantec buys Sygate for reported $150m to $200m
Analysts estimate Cupertino, Calif.-based Symantec Corp. bought endpoint security provider Sygate for $150 million to $200 million, pending regulatory approval. The deal was announced this week, though neither company has disclosed financial details. Sygate, based in nearby Fremont, Calif., provides secure connections for mobile devices, servers and desktop PCs that connect to corporate networks. Analysts told MarketWatch that the buy represents a serious threat to Check Point Technologies and expands Symantec's security portfolio. The company said it plans to retain Sygate's 200 employees. Symantec's last major acquisition was $10.5 billion to buy storage software provider Veritas Software Corp.
Apple withdraws security update after 64-bit apps break
Apple Computer has withdrawn its latest batch of security fixes after thousands of customers complained the patches broke 64-bit applications, according to news reports. Among those complaining were users of the popular study tool Mathmatica created by Wolfram Research. Wolfram officials told reporters Apple did not release a workaround and instead withdrew the update until it could fix a bug that breaks at least some 64-bit applications running on its OS. On Friday, Apple released one of its larger security updates for the Macintosh OS X, but only a few of the 44 fixes involved critical vulnerabilities. Thomas Kristensen, CTO of vulnerability management provider Secunia, told CNET News.com that a quarter of the patches targeted older holes that have yet to be attacked. The patches impact Mac OS 10.3.9 and 10.4.2 software. Critical flaws involve AppKit, which opens rich-text files and Word documents, and the Web browser Safari. Other applications in need of a fix include Apple's Sever Manager D and Apache 2, among others.
Florida man convicted of stealing 1.5 billion data files
A Boca Raton, Fla., man faces a lengthy prison sentence and millions of dollars in fines after being convicted of stealing more than 1.5 billion data files from Little Rock, Ark.-based Acxiom, which has one of the nation's largest consumer databases. Scott Levine, 46, apparently used a flaw in Acxiom's FTP server to steal the files over a 16-month period. Levine claimed he took the personal data, including credit card and checking account information, to inflate the value of his now defunct bulk e-mail company, Snipermail.com Inc. A jury found Levine guilty on 120 counts of theft by computer, as well as fraud and obstruction of justice charges, according to the Reuters news agency. Each theft charge brings up to five years in prison and $250,000 in fines. The most serious conviction is the obstruction of justice, which carries up to a 20-year sentence. Sentencing is scheduled for Jan. 6.
Adobe issues critical patch to avoid PDF exploitation
Adobe Systems Inc. is urging users of its highly popular desktop applications Acrobat and Acrobat Reader to install a security update to fix two critical flaws that allow an attacker to remotely control a system. Affected versions of both Reader, used to read PDF files, or Acrobat, which creates the files, include Reader's 5.1, 6.0 to 6.0.3 and 7.0 to 7.0.2. Acrobat versions 5.0 to 5.0.5, 6.0 to 6.0.3 and 7.0 to 7.0.2 also are affected. According to the company's advisory, a flaw in a core application plug-in could be exploited if a user is duped into opening a malicious PDF file. "If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader," Adobe said on its Web site. "A buffer overflow can cause the application to crash and increase the risk of malicious code execution." The vulnerabilities impact Windows, Mac OS, Linux and Solaris platforms.
NIST eyeing iris scanners in technical review
The National Institute of Standards and Technology is reviewing iris recognition for its benefits and possible government adoption as a biometric. The NIST Iris Challenge Evaluation calls the initiative, which begins this month, the "first large-scale, open, independent technology evaluation for iris recognition." The first phase runs through January and will establish a performance baseline. Next, researchers will measure performance with unviewed data to evaluate accuracy. Federal agencies such as the FBI and Department of Homeland Security are taking part in the technical review. Washington Technology reports British immigration officials earlier launched an iris recognition program at two Heathrow terminals in March. The system allows eligible passengers, including citizens and permanent residents, to enroll their iris patterns. Once enrolled, they are allowed to pass through a separate immigration control portal, where their identities are verified by iris scan.