Siemens warns its patch may break its SCADA systems

In today's podcast: Siemens warns its patch may break its SCADA systems; Microsoft makes $4.5B profit; and Safari autofill is too helpful.

Subscribe to this podcast in iTunes!

Removing a dangerous software worm that targets computers controlling industrial systems could disrupt plant operations, Siemens Industry warned its customers Thursday. The warning came as Siemens released a new tool that finds and removes the malicious software along with a full-fledged security update for its supervisory control and data acquisition, or SCADA, management products. So far, Siemens has been identified the worm on only one system running its software, an engineering computer used by an unnamed German organization. No production plant has been affected so far, according to the company.

The flaw in Windows attacked by the worm is being picked up by other virus writers and attacks on it will soon become much more widespread, according to security vendor Eset. Two new families of malicious software have popped up to exploit the vulnerability in the way Windows processes .lnk files, used to provide shortcuts to other files on the system. Microsoft has yet to patch the Windows bug that permits the worm to spread.

Microsoft made net profit of four and a half billion dollars last quarter, up 48 percent on a year ago, and revenue of 16 billion. It attributed much of the sales growth to the new version of Office, launched during the quarter, and to strong sales of Windows 7. The business PC refresh cycle has accelerated, the company said, with software license sales growing at over 10 percent for the second quarter in a row. One launch that is not contributing the bottom line yet is Azure, the company's cloud computing platform, although it expects that will come

Apple's software is renowned for its ease of use, but users of the form autofill feature in Apple's Safari browser may be automating more than they bargained for. Safari's AutoFill feature is enabled by default and, unlike other browsers, doesn't just fill in information previously entered at the same Web site. When it recognizes form elements with titles such as name and address, it can fill them in with information from the user's own entry in their computer's address book. This opens the way for hackers to create Web pages with invisible form elements to capture this information and send it back to them. Security researchers at WhiteHat Security and SecTheory have already published a proof-of-concept attack.

One piece of automated processing Apple customers won't object to is now underway. The company has begun sending out refunds to customers who had already bought an iPhone Bumper before it announced it would give them free to all iPhone 4 users as a way to solve a problem with the phone's antenna.

And those are the top stories from the IDG Global IT News Update, brought to you by the IDG News Service. I’m Peter Sayer in Paris. Join us again later for more news from the world of technology.