Monday, June 2, 2008

Monday News Feed 6/2/08

Microsoft urges Windows users to shut down Safari Microsoft is warning Windows users to avoid Apple's Safari Web browser until a patch is available for holes that could let attackers compromise computers. Read more...






Security Advisory 953818 PostedPosted Friday, May 30, 2008 3:56 PM by MSRCTEAM
Hi,
This is Tim Rains.
Very quickly, I wanted to let you know that we’ve just posted Microsoft Security Advisory 953818. This security advisory talks about new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari web browser for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default: it must be installed independently or through the Apple Software Update application.
If you run Safari on the affected platforms, we encourage you to review this advisory.
We’ve activated our Software Security Incident Response Process (SSIRP) and are working with our colleagues at Apple to investigate the issue. We have identified steps customers can take to protect themselves in the workaround section of the advisory.






Bank loses tapes with data on 4.5M clients






FAA: Sun box disk failure caused NOTAM database crash






RIM reportedly gets ultimatum over BlackBerry service in India






Apple patches 40 Mac OS X security bugs






Microsoft beta-tests free online diagnostic tools for Windows






Maiffret Starts New Security Venture - 6/2/2008 9:00:00 AM Former co-founder, CTO, and chief hacking officer of eEye Digital Security will provide consulting, training, and vulnerability research






Web 2.0 Sites a Thriving Marketplace for Malware
Malicious software makers are using social networks, video sites, and blogs to peddle their wares to other online criminals. 01-Jun-2008






U.S., China Lead in Hack Attacks
Two countries accounted for 30% of Internet-attack traffic for 2008 so far, researchers say. 01-Jun-2008






DR Case Study:
The Planet outage - what can we all learn from it?
...Next I saw they were "requiring us to take down all generators as instructed by the fire department". I had seen plans for BCP/DRP derail before due to officials stepping in and doing their response to an emergency in their way and not in the way the organization itself had planned it.






Ant ssnds in a disturbing report in The Scientist on an imminent threat to worldwide banana production. "The banana we eat today is not the one your grandparents ate. That one — known as the Gros Michel — was, by all accounts, bigger, tastier, and hardier than the variety we know and love, which is called the Cavendish. The unavailability of the Gros Michel is easily explained: it is virtually extinct. Introduced to our hemisphere in the late 19th century, the Gros Michel was almost immediately hit by a blight that wiped it out by 1960. The Cavendish was adopted at the last minute by the big banana companies — Chiquita and Dole — because it was resistant to that blight, a fungus known as Panama disease... [Now] Panama disease — or Fusarium wilt of banana — is back, and the Cavendish does not appear to be safe from this new strain, which appeared two decades ago in Malaysia, spread slowly at first, but is now moving at a geometrically quicker pace. There is no cure, and nearly every banana scientist says that though Panama disease has yet to hit the banana crops of Latin America, which feed our hemisphere, the question is not if this will happen, but when. Even worse, the malady has the potential to spread to dozens of other banana varieties, including African bananas, the primary source of nutrition for millions..."







Microsoft's CAPTCHA successfully broken






Sharing your login is a criminal offense
Phil Wainewright: Think about that next time you pass those notes around so everyone can get access to the Dun & Bradstreet credit reports, look up the Xignite currency data or share a single WebEx account. What you're doing is tantamount to criminal larceny.







Adobe's Acrobat.com an Office killer?
Larry Dignan: Adobe unveiled Acrobat.com, a suite that allows you to create word processing documents, share files, convert PDFs and hold Web conferences. What remains to be seen is whether online office users care about aesthetics.






Prince And Radiohead Fight Over YouTube Song
from the this-is-what-it's-come-to? dept
For years, Prince was the poster child for "getting" the internet and new media distribution opportunities. He experimented with a variety of different creative business models that suggested he got how the economics of music worked these days. It was working too -- with his efforts to give away his music helping him sell out concert after concert around the world. But then something changed, and Prince went ballistic, suing YouTube, The Pirate Bay and eBay and even threatening fan sites while demanding that even videos with tiny snippets of Prince music in the background get taken offline. The whole thing is quite surprising, and if he keeps this up, he's risking taking all that goodwill he built up for years, and turning himself into another Metallica. Becoming anti-fan is never a good idea. The latest story, though, has a twist. Prince apparently did a cover of a Radiohead song at a recent concert. Someone filmed it and put the video on YouTube. Given his newfound hatred for YouTube, Prince demanded that the song be taken down. And here's where it gets interesting: Radiohead's Thom Yorke is demanding that it be put back online, noting that he owns the copyright on the song: "Really? He's blocked it?... Well, tell him to unblock it. It's our ... song." Of course, as that LA Times report notes, in true Streisand Effect fashion, the effort to take down the song has only driven much more interest in people trying to find the song. If Prince weren't suing so many people, you might even think he was canny enough to have done this on purpose as a marketing campaign.







Publishers Demand Damages For ReportReleased 3 Minutes Ahead Of Time
CHICAGO (CN) - In an Internet age complaint, the publishers of the monthly "Chicago Business Barometer" claim Trade the News Inc. released their copyrighted report 3 minutes early, damaging them economically and harming their business relationships.







Alarming Open-Source Security Holes
By Simson Garfinkel 05/20/2008 29 Comments
How a programming error introduced profound security vulnerabilities in millions of computer systems.






Industry View
Five Ways to Turn Employees into Security Assets for Protecting Data
http://www2.csoonline.com/article/343968/Five_Ways_to_Turn_Employees_into_Security_Assets_for_Protecting_Data
Make data security part of the company culture
Integrate data leak prevention processes into overall workflow
Make employees feel like security assets, not liabilities
Prevent the temptation to engage in "harmless" policy violations
Teach employees about policies while enforcing them

No comments: