Sunday, July 01, 2012
It's not the noticeable hiccups I'm worried about. It's the systems that do not appear to be impacted at all...
‘Leap Second’ Bug Wreaks Havoc Across Web
Reddit, Mozilla, and possibly many other web outfits experienced brief technical problems on Saturday evening, when software unpinning their online operations choked on the “leap second” that was added to the world’s atomic clocks.
On Saturday, at midnight Greenwich Mean Time, as June turned into July, the Earth’s official time keepers held their clocks back by a single second in order to keep them in sync with the planet’s daily rotation, and according to reports from across the web, some of the net’s fundamental software platforms — including the Linux operating system and the Java application platform — were unable to cope with the extra second.
Many computing systems use what’s called the Network Time Protocol, or NTP, to keep themselves in sync with the world’s atomic clocks, and when an extra second is added, some just don’t know how to handle it.
I can think of a few scenarios that make this very scary.
Facebook e-mail mess: Address books altered; e-mail lost
An alarming number of people are reporting that the new e-mail address Facebook forced on users this week is changing their address books while intercepting and losing unknown amounts of e-mail.
Facebook users say contacts' e-mail addresses on phones and personal devices have been altered without their consent -- and their e-mail communication is being redirected elsewhere, and lost.
(Related) ...all of which can be avoided... Maybe. Should make a good Business Continuity project.
Could Instagram And Other Sites Avoid Going Down With Amazon’s Ship?
As we get better at the Computer Security game, the simple things get fixed. Are we even looking for the Stuxnet-like malware?
"It's refreshing to see a security report from a security vendor that isn't all doom-and-gloom and loaded with FUD. Web Application Security firm WhiteHat Security released a report this week (PDF) showing that the number of major vulnerabilities has fallen dramatically. Based on the raw data gathered from scans of over 7,000 sites, there were only 79 substantial vulnerabilities discovered on average in 2011. To compare, there were 230 vulnerabilities on average discovered in 2010, 480 in 2009, 795 in 2008, and 1,111 in 2007. As for the types of flaws discovered, Cross-Site Scripting (XSS) remained the number one problem, followed by Information Leakage, Content Spoofing, Insufficient Authorization, and Cross-Site Request Forgery (CSRF) flaws. SQL Injection, an oft-mentioned attack vector online – was eighth on the top ten."
Local news. Maybe more jobs for geeks?
Templates, with the details redacted.
June 30, 2012
FOIA Request by ACLU Produces More Information on National Security Letters
Ars Technica: "As the result of a Freedom of Information Act request filed by the American Civil Liberties Union, the Department of Justice has revealed, for the first time, the types of secret letters that the government can send out to ISPs and other tech companies being asked to reveal personal data about their users and customers who are being investigated for national security reasons. In 2009, over 6,000 Americans received such National Security Letters (NSLs). According to the Wall Street Journal, the “letters show that the FBI is now informing people who receive the letters how they can challenge the documents in court. But some key elements of the letters remain blocked from view—including lists of material the FBI says companies can send in response to the letter.”