Tuesday, July 07, 2009

For your Security Manager

http://m.apnews.com/ap/db_16036/contentdetail.htm?contentguid=RlgBwBQn

Microsoft warns of serious computer security hole

JORDAN ROBERTSON

SAN JOSE, Calif. (AP) - Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" - or software fix - for the problem.



There is a lot of open source “health” stuff already out there, but there is always a niche to be filled. Should make an interesting baseline for debate though...

http://news.cnet.com/8301-13505_3-10280095-16.html?part=rss&subj=news&tag=2547-1_3-0-5

Former Red Hat execs aim to open-source health care

by Matt Asay July 6, 2009 10:35 AM PDT

It was bound to happen. With the U.S. government promising truckloads of cash to overhaul the U.S. health care system, while simultaneously making positive noises around open source, it was just a matter of time before someone connected the dots.

That someone appears to be Joanne Rohde, former executive vice president of worldwide operations at Red Hat, who has launched the Axial Project, a stealth-mode start-up that aims to "combin[e] the principles of Open Standards and Open Source...to connect all the parties in the Health ecosystem safely and securely.



We want our employees to be happy! (It is better to look happy than to be happy.)

http://tech.slashdot.org/story/09/07/06/1722225/Railway-Workers-Get-Daily-Smile-Scans?from=rss

Railway Workers Get Daily Smile Scans

Posted by samzenpus on Monday July 06, @02:15PM from the *_* dept.

More than 500 workers at Japan's, Keihin Electric Express Railway, must have their faces scanned each morning to determine their optimum smile. The "smile scan" analyzes a smile based on facial characteristics, from lip curves and eye movements to wrinkles. After the program scans you, it produces a smile rating that ranges from zero to 100 depending on the estimated potential of your biggest smile. If your number is sufficient, you can go about your day grinning like a maniac. If your smile number is too low the computer will give you a message such as, "lift up your mouth corners" or "you still look too serious." Every morning employees receive a printout of their daily smile which they are expected to keep with them throughout the day.



Well, there goes all that hacker fun! This is a hot topic on the security blogs.

http://www.databreaches.net/?p=6003

SSN Relatively Easy to Predict

July 6, 2009 by admin Filed under Commentaries and Analyses, ID Theft, Of Note, U.S.

Over on PogoWasRight.org, I’ve posted about a study released by researchers Alessandro Acquisti and Ralph Gross of Carnegie Mellon University. The study has significant implications for the use of SSN and for protecting against identity theft, even though a government spokesperson responded by seemingly downplaying the findings and their implications.

If you would like to read additional coverage of the study, there are already about 100 news stories that have appeared since the study was posted online at 5 pm, including articles in the New York Times and Associated Press , as well as Wired. The press release on the study can be found here.

[From the Press Release:

The study findings will appear this week in the online Early Edition of the Proceedings of the National Academy of Science, and will be presented on July 29 at the BlackHat 2009 information security conference in Las Vegas.

… Because many businesses use Social Security numbers as passwords or for other forms of authentication — a use not anticipated when Social Security was devised in the 1930s — the predictability of the numbers increases the risk of identity theft.

[I found it here: http://www.pnas.org/content/early/2009/07/02/0904891106.full.pdf+html



I suspect the RIAA realizes what will happen if hundreds of geeks listen to their “facts” and “theories” Think of it as having “human BS detectors” helping with the case for free...

http://yro.slashdot.org/story/09/07/06/2034213/RIAA-Seeks-Web-Removal-of-Courtroom-Audio?from=rss

RIAA Seeks Web Removal of Courtroom Audio

Posted by ScuttleMonkey on Monday July 06, @05:48PM from the afraid-people-might-see-what-they-are-up-to dept.

suraj.sun writes to tell us that the RIAA has asked a federal judge to order the removal of what they are calling "unauthorized and illegal recordings" by Harvard University's Charles Nesson of pretrial hearings and depositions in a file-sharing lawsuit.

"The case concerns former Boston University student Joel Tenenbaum, who Nesson is defending in an RIAA civil lawsuit accusing him of file-sharing copyrighted music. Jury selection is scheduled in three weeks, in what is shaping up to be the RIAA's second of about 30,000 cases against individuals to reach trial. The labels, represented by the RIAA, on Monday cited a series of examples in which they accuse Nesson of violating court orders and privacy laws by posting audio to his blog or to the Berkman site."



I find articles like this one amusing. Think of it as a guide to screwing up, big time.

http://ralphlosey.wordpress.com/2009/07/05/inside-the-head-of-a-digital-pirate/

Inside the Head of a Digital Pirate

What goes on in the head of a digital pirate who is hauled into court? A recent case in New York gives us a pretty good idea. Arista Records LLC v. Usenet.com, Inc., 2009 WL 1873589 (S.D.N.Y., June 30, 2009). All images of Johnny Depp aside, tis not a pretty sight.



Does this make sense? Or is it another “Here's a new way to do it the old way” kind of wasted effort? Should be interesting to see if they can compete with FREE.

http://news.slashdot.org/story/09/07/06/198237/Google-Will-Star-In-New-Dow-Jones-News-Model?from=rss

Google Will Star In New Dow Jones News Model

Posted by ScuttleMonkey on Monday July 06, @05:05PM from the free-will-find-a-way dept. media news

An anonymous reader writes

"Dow Jones is getting set to launch a new aggregator, akin to Google News, which will charge Web users for access to high-quality journalism. 'The Journal is one of the many newspapers you might buy in one place and with one payment [...] Watch for it,' said Dow Jones CEO Les Hinton. However, rather than posing a threat to Google News, Andrew Keen, author and entrepreneur, says the aggregator will use Google as a critical partner. The only people who should be worried about this new model, says Keen, 'are all those lucky consumers who, over the last 15 years, have been getting their news for free.'"



If the app is free (or almost so) what's wrong with it? The decision should be based on time/cost savings and benefits.

http://blogs.computerworld.com/should_local_governments_back_the_iphone

July 6, 2009 - 11:23 A.M.

Should local governments back the iPhone?

Boston will soon have an official iPhone app allowing residents to send photos of neighborhood nuisances to City Hall and request action, the Boston Globe reports this morning, "making the filing of complaints quicker and easier for iPhone users."

Cool, yes. But fair?

… Actually, the app was the idea of a city tech worker who uses a BlackBerry. But he told the Globe the city decided on an app for the iPhone "mostly because of its sex appeal -- because it's new and it's hot."



Interesting to look at the old home town...

http://www.bespacific.com/mt/archives/021745.html

July 06, 2009

Google Maps Launches Enhanced Features for Real Estate Search

Google LatLong Blog: "The web is becoming increasingly indispensable to people looking for a new home to buy...from today, if you enter a query like <<homes for sale in san francisco>> on Google Maps, you'll see that we make it easy for you to see all your results on a map with a one-box that will take you to real estate listings... We've added lots of markers that will show not only the ten most relevant listings with pins on the map, but also show a small circle on every other listing in that area using the search results layer, so you can get a really good idea of the distribution of properties for sale. You can click on each marker and each small circle to get more detailed information about the property."



Imagine a similar project that is NOT inside Microsoft... That must scare them, so they are attempting to preempt others...

http://news.cnet.com/8301-13860_3-10280270-56.html?part=rss&subj=news&tag=2547-1_3-0-5

Microsoft's Gazelle browser takes a radical path

by Ina Fried July 7, 2009 4:00 AM PDT

Many people think that the browser is starting to replace the operating system as the center of the personal computer.

Naturally, the view that Windows is on a path to irrelevance is not one generally espoused by Microsoft. That said, at least some inside Redmond's walls argue that the Web browser needs to start acting more like an operating system.

… Microsoft first outlined Gazelle earlier this year, but has only recently started to detail its thinking. Wang plans to present a paper on Gazelle at the Usenix security conference next month, and last week Microsoft posted an article on its Web site explaining more about Gazelle.

… Microsoft is also trying to be clear that Gazelle is not the immediate replacement for Internet Explorer, which has been losing share to rivals, including Mozilla's Firefox and Apple's Safari. The company has yet to commit to commercializing Gazelle in any way, meaning it remains just one of scores of projects incubating inside the company's research labs.

Many outside Redmond, though, see the browser finally starting to take on the preeminence that many had assumed it might back in the early days of Netscape. Google's decision to offer Chrome, some think, was more about having an engine for running its Web applications and it was offering an alternative means for serving up traditional Web pages.



Some light summer reading...

http://books.slashdot.org/story/09/07/06/137217/Beautiful-Security?from=rss

Beautiful Security

Posted by samzenpus on Monday July 06, @02:56PM from the read-all-about-it dept. security

brothke writes

"Books that collect chapters from numerous expert authors often fail to do more than be a collection of disjointed ideas. Simply combining expert essays does not always make for an interesting, cohesive read. Beautiful Security: Leading Security Experts Explain How They Think is an exception to that and is definitely worth a read. The book's 16 chapters provide an interesting overview to the current and future states of security, risk and privacy. Each chapter is written by an established expert in the field and each author brings their own unique insights and approach to information security."

Keep reading for the rest of Ben's review.



A project for my Computer Security class – portable security.

http://www.techradar.com/news/software/applications/secure-your-identity-and-data-on-every-pc-you-use-613834

Secure your identity and data on every PC you use

Protect yourself with this essential portable security toolkit

By Nick Peers

It's hard enough keeping your own PC secure without worrying about other computers.

But if you do need to access the web, email or an important document on another computer, you need to be sure you're not compromising yourself by doing so.

With a portable flash drive, you can build a collection of portable tools that will keep your data and identity secure, plus help you ascertain if that PC is safe to use.


(Related) Mobile Security

http://news.cnet.com/8301-1035_3-10280533-94.html?part=rss&subj=news&tag=2547-1_3-0-5

FAQ: How to vanquish mobile spam

by Elinor Mills July 7, 2009 4:00 AM PDT

… I called the four major U.S. wireless carriers to find out exactly what they suggest their customers do when they get SMS spam. Here is what they said, along with some other basic questions and answers people may have about mobile spam.

No comments: