Part of super patch tuesday was a plug in for firefox called .NET framework assistant. It opened up firefox to vulnerabilities. Mozilla released a patch to block the plugin on friday. What a system MS has- secure our software by exploiting someone else's!
http://www.networkworld.com/news/2009/101909-mozilla-blocks-microsofts-sneaky-firefox.html
Monday, October 19, 2009
Saturday, October 10, 2009
Unlucky 13 sets record as biggest-ever patch day
I'm not sure if this is good news or not??? Ready, set, go: october 13th is patch tuesday from hell. The joys of a windows system. Have a few friends over, maybe I'll order pizza and beer- really make a night of it! I've already fielded a couple calls, apparently the tv news had a story on this also. See you all wednesday night.
Microsoft plans monster Patch Tuesday
Microsoft Security BulletinFriday, October 2, 2009
Icann gains independence from the US
Anything that removes gov't control makes sense. I just wonder though if it is going to be like the UN: We (the US) pays 97% of all the bills, financially support most countries, and have to take crap from clowns like putin, el-gadhafi, musharraf, & chavez. This is getting too close to politics now.
http://news.zdnet.co.uk/internet/0,1000000097,39780163,00.htm
http://news.zdnet.co.uk/internet/0,1000000097,39780163,00.htm
Thursday, September 24, 2009
Here's 2 articles from the New York Times that were run a week or so ago. The first one ran on 9/14 explaining that the NYT website was hacked and some rogue malware ads were placed on the server. The 2nd article (apparently unrelated) is from the very next day and it says that IT depts. prioritize the wrong threats and are focused on old problems. I just thought the contrast 1 day apart was very ironic.
http://www.nytimes.com/2009/09/15/technology/internet/15adco.html?_r=2
http://bits.blogs.nytimes.com/2009/09/15/security-pros-are-focused-on-the-wrong-threats/?ref=technology
http://www.nytimes.com/2009/09/15/technology/internet/15adco.html?_r=2
http://bits.blogs.nytimes.com/2009/09/15/security-pros-are-focused-on-the-wrong-threats/?ref=technology
Tuesday, September 15, 2009
DNSSEC
here's a good article that ties into last weeks class about DNS security. looks like all root servers will be on DNSSEC within a couple more years.
http://searchsecurity.techtarget.com/news/interview/0,289202,sid14_gci1367915,00.html?track=NL-102&ad=725126USCA&asrc=EM_NLN_9223953&uid=9172669
http://searchsecurity.techtarget.com/news/interview/0,289202,sid14_gci1367915,00.html?track=NL-102&ad=725126USCA&asrc=EM_NLN_9223953&uid=9172669
Monday, September 14, 2009
Apple missed security boat
Here's a good one. Microsoft actually one upped Apple. Given MS reactive nature to situations, hard to believe they're ahead of the curve on this. It is so simple a concept, and yet can help defeat buffer overflows. Can't believe Apple missed it.
http://www.networkworld.com/news/2009/091409-apple-missed-security-boat-with.html
http://www.networkworld.com/news/2009/091409-apple-missed-security-boat-with.html
Sunday, September 13, 2009
Microsoft putting money where mouth is on open source
Here's an interesting, albeit, short article. I have a question: WHY? These are the same people that won't give us the time of day for free and now they are backing an Open Source initiative? Is this just a legal rouse to lay claim to more open source code? Given their very public statements about open source in the past, what are we supposed to think?
http://www.smartbrief.com/news/comptia/storyDetails.jsp?issueid=F9126A3F-2A32-4868-BF55-33C45B4273A7©id=B00706CE-2753-4419-91AC-D0B7D865B586&brief=comptia&sb_code=rss&&campaign=rss
http://www.smartbrief.com/news/comptia/storyDetails.jsp?issueid=F9126A3F-2A32-4868-BF55-33C45B4273A7©id=B00706CE-2753-4419-91AC-D0B7D865B586&brief=comptia&sb_code=rss&&campaign=rss
Thursday, September 10, 2009
n-lite software
For anyone interested, here's the link for the software to lighten up windows installs.
http://www.nliteos.com/index.html
http://www.nliteos.com/index.html
Friday, September 4, 2009
Truth, lies and fiction about encryption
Here's a good article to tie into our crypto study. Like anything else, it's not an end all for security concerns, but crypto is a powerful tool if used correctly.
http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1365961_mem1,00.html?track=sy160
http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1365961_mem1,00.html?track=sy160
Wednesday, September 2, 2009
The "new" IRS
The 'thinking' of some people is dumbfounding. The article talks about how the IRS is using all the info on Facebook, MySpace, etc. to track down tax dodgers. I have to say hooray for the IRS. What a ridiculously simple way to gather info. Putting aside the fact I couldn't possibly care less what someone is doing every 10 minutes of their life, I have quite a few people tell me how secure their info is because 'friends' have to be approved, and IM is 'only' between us! I showed my wife just how insecure these sites were, and thankfully, she is now much more cautious about what she will write to anyone through the sites.
http://www.maximumpc.com/sites/maximumpc.com/themes/maximumpc/wow.php?back=article%2Fnews%2Fcareful_irs_using_social_networks_find_tax_evaders
http://www.maximumpc.com/sites/maximumpc.com/themes/maximumpc/wow.php?back=article%2Fnews%2Fcareful_irs_using_social_networks_find_tax_evaders
Monday, August 31, 2009
president given the power to shut down the Internet
Here's a bill with "NIGHTMARE" written in bloody letters all over it. This bill introduced in the senate would allow the white house to declare a 'cyber emergency' and effect the response. The 1st draft said the president could shut down the internet, both private and public networks. After a huge PR storm, the 2nd draft has toned that rhetoric down a little, but not enough. What a gov't takeover of private business this would be! The gov't would dictate the security measures that have to be taken to secure networks. Just think, every company could have the same carbon copy security plan. Wouldn't be any problem with that now, would there?
ref: http://www.networkworld.com/news/2009/082809-cybersecurity-bill.html?hpg1=bn
ref: http://www.networkworld.com/news/2009/082809-cybersecurity-bill.html?hpg1=bn
Friday, August 28, 2009
Terabit Ethernet
This isn't technically security related...yet! It is just interesting how fast things keep changing. I am still getting used to a 20mbps connection on copper, and here comes a 6.4 Tbps on fiber optics. Still in development and testing, but, fascinating anyway. On a tangent, I read a couple months ago that Intel has prototyped a cpu, cooled with liquid helium, that clocks at over 100Ghz. Exciting times we are living in!
http://www.networkworld.com/news/tech/2009/033009-tech-update.html
http://www.networkworld.com/news/tech/2009/033009-tech-update.html
SSH key compromise shuts down Apache website
Here's the full article:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1366479,00.html?track=sy160
When the US servers got hacked they had to switch all traffic to the EU mirrors. They didn't know how the hack got the key to start with. This is a good example of what happens with symmetric key encryption, when the key is compromised. "TOO MANY SECRETS" (from Sneakers).
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1366479,00.html?track=sy160
When the US servers got hacked they had to switch all traffic to the EU mirrors. They didn't know how the hack got the key to start with. This is a good example of what happens with symmetric key encryption, when the key is compromised. "TOO MANY SECRETS" (from Sneakers).
Thursday, August 27, 2009
DHS report: IT sector is resilient against serious cyberattacks
Many measures already in place to mitigate risks, although more can be done, report says
A report from the U.S. Department of Homeland Security presents several scenarios in which well chosen attacks against key IT infrastructure elements could cause disruptions on a national scale. But the document also offers a surprisingly sunny assessment of the resilience and redundancies within the IT sector to mitigate the risk of such disruptions.
The 114-page report , released Tuesday, titled the "IT Sector Baseline Risk Assessment," was a joint effort between the DHS and the Information Technology Sector Coordinating Council (IT SCC). It is designed to give planners in the IT sector and in government a way to identify high-consequence risks and strategies for addressing them.
I'll rest better at night now! The private IT sector got a 'sunny assessment' from Dept. of Homeland Insecurity. This is the same dept. that has received no better than an 'F' grade on their audits from the GAO since the dept. was created. It means that they don't even follow their own internal procedures for security. Yet they tell us that 'more can be done'! If we had to rely on gov't innovation, we would all still be talking on tin cans with a string between them. I know, this is getting close to politics now so I'll shut up. "Sleep tight America, your government is awake".
Tuesday, August 25, 2009
A fun link!
here's a link for us 'older' people that remember the early days of the internet: the anticipation, the connection, the inevitable 'disconnected'; and for those a little younger it's still funny- like when my daughter found a box of my old 8-tracks in the attic and couldn't figure them out!
http://www.lazylaces.com/56Kmodem/
http://www.lazylaces.com/56Kmodem/
Hackers are people too...ok, if you say so!
I found this interview with a young woman that made a documentary titled "Hackers are people too". She has some curious viewpoints. The link to the interview is:
http://media.techtarget.com/audioCast/SECURITY/SecurityWireWeekly08132008.mp3
She says numerous times that "hackers are the people protecting you". She says they do this by hacking into systems to expose vulnerabilities. If a company hires you do this, it is a legitimate job, if not, isn't it just crime? Now using this line of thinking: we actually owe a debt to common street thugs, because by robbing us they are actually doing us a favor by exposing the weak spots in our police force! How people justify their atrocious behavior never ceases to amaze me. I guess as a former cop I tend to only see things from a certain vantage point. Anybody have any thoughts.
http://media.techtarget.com/audioCast/SECURITY/SecurityWireWeekly08132008.mp3
She says numerous times that "hackers are the people protecting you". She says they do this by hacking into systems to expose vulnerabilities. If a company hires you do this, it is a legitimate job, if not, isn't it just crime? Now using this line of thinking: we actually owe a debt to common street thugs, because by robbing us they are actually doing us a favor by exposing the weak spots in our police force! How people justify their atrocious behavior never ceases to amaze me. I guess as a former cop I tend to only see things from a certain vantage point. Anybody have any thoughts.
Saturday, August 22, 2009
Are you there Diana, it's me David
Seriously, I can't get a comment to post on your site and I don't have your email. Need to discuss the syllabus project. I am at davidfalls.acc@gmail.com
Friday, August 21, 2009
MICROSOFT IS SUFFERING....
Well not too bad really, but you all enjoy hearing that!
I found a story about Chinese citizens jailed for piracy quite amusing. Officials in China on Thursday gave 4 men prison sentences from 2 to 3 1/2 years for software piracy. These men removed the authentication process from WinXP, gave the software away free, but, charged for advertising on the website. Chinese news agencies are calling this the 'nation's biggest software piracy case'. Who are they kidding? China 'exports' most of the world's pirated software and digital media. If China puts all the hackers away, what security jobs will there be for us?
Don't get me wrong, it is definitely unethical and illegal to make pirated software; but, what if Microsoft was to spend at least as many resources on development as they do on anti-piracy technology? We might see a Win OS that was stable! Personally, I like Microsoft for one reason: that I can make money fixing people's computers and teaching them how to use their wonderful Windows.
I found a story about Chinese citizens jailed for piracy quite amusing. Officials in China on Thursday gave 4 men prison sentences from 2 to 3 1/2 years for software piracy. These men removed the authentication process from WinXP, gave the software away free, but, charged for advertising on the website. Chinese news agencies are calling this the 'nation's biggest software piracy case'. Who are they kidding? China 'exports' most of the world's pirated software and digital media. If China puts all the hackers away, what security jobs will there be for us?
Don't get me wrong, it is definitely unethical and illegal to make pirated software; but, what if Microsoft was to spend at least as many resources on development as they do on anti-piracy technology? We might see a Win OS that was stable! Personally, I like Microsoft for one reason: that I can make money fixing people's computers and teaching them how to use their wonderful Windows.
Wednesday, August 19, 2009
Subscribe to:
Posts (Atom)