Posted on April 02, 2009
Filed Under: Internet and web sites.
See Also:
virus
conficker
security
April 2nd has come and gone, 1 day after all computers were supposed to turn on their masters to start a new world order. Most of us have survived, so the only question left is: why all the hype over these computer non-events?
[Read More]Posted on December 18, 2008
Filed Under: Internet and web sites.
See Also:
firefox
security
explorer
internet
ie
patch
Firefox gets an update? I asked myself as I watched my browser patch and reboot itself while I waited. I thought IE was the problem. Apparently, according to the PC World article, the Firefox crew saw that everyone was advised to switch browsers, and had an OH! moment. Now we sit at Firefox 3.0.5 -- once again safe from: two critical Firefox problems that could allow an attacker execute a cross-site scripting attack, a third that could make it crash or allow someone to remotely execute code, a partridge and a pear tree.
[Read More]Posted on December 17, 2008
Filed Under: Internet and web sites.
See Also:
internet
patch
ie
security
After many sleepless hours of waiting for the new Internet Explorer patch to fix one of the "really" bad zero day exploits, our friends at Microsoft have release their Internet Explorer Fix.
[Read More]Posted on October 07, 2008
Filed Under: Internet and web sites.
See Also:
tcp
security
web-site
internet
patch
October 1, 2008 was a dark day. Not because the stocks went on a wild ride, crashing and thrashing any thought of retirement. No, October 1 was much worse.
[Read More]Posted on July 03, 2008
Filed Under: Internet and web sites.
See Also:
website
eff
security
identity
While I am certain there will be more prolific evaluations on the legality of this situation on Groklaw or you can read and evaluate the docket yourself, I feel compelled to look at the potential repercussions of the recent Viacom v Google ruling. For those who are not aware, a judge has just ordered Google to hand over every record of every user who has ever watched video on YouTube. This includes IP address ( the address that identifies your computer on the internet ), as well as login details. That's right, personally identifiable information being handed over to a third party.
To consider the badness of this action, you have to realize that Google does not just host search and video services. Many of us have used them for web analytics for our own sites, ad sense, and online shopping. No the court is not asking to hand over all of that data, but in an era where cds with thousands of credit cards and laptops with pension account information are lost or stolen on a daily basis, it suddenly makes all of that information we have left in Google's databases a lot more insecure. The login information in the logs more than likely does not include a password, but even a username can cut the brute force time of a hack in half. Not to mention that a lot of people still use dictionary based passwords -- and these logs are suddenly a walking time bomb in insecure hands.
What's worse, is that the place we have entrusted this information to, isn't the one at fault for its dissemination, its the courts fault.
As a side note, the EFF has written briefs requesting that this extreme breach of privacy not be pursued, but given the desperation of everyone involved in entertainment industry, I feel those requests have found deaf ears.
Posted on June 19, 2008
Filed Under: Enterprise Computing.
See Also:
e-mail
outsourcing
security
CBS News tells me that outsourced emails may be more of a security problem than in the past. It seems that a judge has recently rules that "IF" text messages and emails are stored on a third party providers system, employees have the right to privacy. That means no checking on email to see if your latest widget plans are going out the virtual back door. Of course, this does not apply if the emails are stored on company internal servers, so we may see a move away from third party hosting when security is a priority.
CBS sites Associated Press as original source, but I'm afraid to link to them.
Posted on June 16, 2008
Filed Under: Enterprise Computing.
See Also:
web
identity
security
eff
InfoWorld reports that a new bill is in the Senate to combat spyware ... or does it?
S. 1625 named the Counter Spy Act prohibits taking over computers with zombies or to take information for identify theft. Except these new rules for our safety (which are already illegal under other bills)
"do not apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by or at the direction of a telecommunications carrier, cable operator, computer hardware or software provider, financial institution or provider of information services or interactive computer service..." -- (Section 6a)
And of course the 10th commandment or exemption provides for these activites when used for "(10) detection or prevention of the unauthorized use of software fraudulent or other illegal activities."
Info World provides a much more in-depth legal analysis, but for the purposes of IT management and security, this does not bode well.
Consider #1 -- Vendor at the end of its life and running out of cash. Given the choice of going out of business peacefully, or start dragging your customers through the muck -- what would most companies choose. Now consider this, would you as an IT professional want them to have that choice?
Consider #2 -- The latest BSA program to check copyrights had perforated your network. This is quite legal under this new law, but as no software is perfect, it has been piggy backed by a malicious hacker. There is no option to sue the BSA, and we can only hope that the hacker is in a country with extradition.
Consider #3 -- Your vertical market software is supported via an off-shore support contract. Your American vendor has every right to watch your network, but what ethics is their foreign vendor obligated to?
Not sure about you, but just those three scare the hell out of me -- and would cause grave concern in any lapel flag wearing Senator. So why has this thing progressed so far?
