Wednesday 06/03/09

Arming the Boston Police with Assault Rifles
The Boston Police Department is preparing a plan to arm as many as 200 patrol officers with semiautomatic assault rifles, a significant boost in firepower that department leaders believe is necessary to counter terrorist threats, according to law enforcement officials briefed on the plan.

Remember, the "terrorist threats" that plague Boston include blinking signs, blinking name badges, and Linux. Would you trust the police there with automatic weapons?

----------

Vote Tomorrow on Bill to Halt Whole Body Imaging at Airports

On June 4, 2009, the House of Representatives will vote on an amendment sponsored by Congressman Jason Chaffetz. The amendment prevents the digital strip search of passengers in primary screening, requires the TSA to report to Congress annually, requires clear explanations to passengers on what the technology does and alternative screening options. The amendment must pass the House before it will become part of the Transportation Security Administration's (TSA) Reauthorization Act. The TSA reversed its policy when it announced that Whole Body Imaging would be used to screen of all air passengers. Privacy organizations are working to change the TSA's policy on the use of digital strip searches.

Permanent link to this item.

----------

Microsoft's Fix for the Firefox Add-on Snafu

Last week, I received a tremendous reader response to a post I wrote about a security update from Microsoft that silently installed a "Microsoft .NET Framework Assistant" add-on for Firefox users that was difficult and risky for users to uninstall. Given the emotional buttons this subject pushed among a large number of readers, I've put together a brief update along with some information provided in the comments to the previous post.

Since that posting, someone pointed out that Microsoft has issued a patch in an apparent bid to appease those who have cried foul about this silently installed add-on. The patch is available and detailed at this link here. The update patches Windows systems so that the add-on installed by Microsoft can be successfully uninstalled without the user having to manually edit the Windows registry.

Continue reading this post »

----------

Microsoft's explanation as to which IIS configuration settings allowed exploitation via the WebDAV vulnerability was pretty unclear. Steve Friedl from Unixwiz.net has attempted to bring light where there was darkness: Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability

----------

Microsoft Confirms October 22 Release Date For Windows 7

----------

Someone accidentally released a 266-page report on hundreds of sites in the US for stockpiling and storing hazardous nuclear materials for civilian use. While some ex-officials and experts don't find it to be a serious breach, the Federation of American Scientists are calling it a 'a one-stop shop for information on US nuclear programs.' The document contains information about Los Alamos, Livermore and Sandia, and opinions seem to be split on whether it's a harmless list or terrorist risk. One thing is for sure: it was taken down after the New York Times inquired to the Government Accountability Office about it.

----------

.ORG Zone Signed With DNSSEC

lothos and several other readers let us know that the Public Interest Registry has announced the key-signing key to validate the signatures on the ORG zone. A few more details are on the PIR DNSSEC page. PC World interviewed PIR CEO Alexa Raad and writes:

"On June 2, PIR will announce that it is signing the .org domain with NSEC3 and that it has begun testing DNSSEC with a handful of registrars using first fake and then real .org names. PIR plans to keep expanding its testing over the next few months until the registry is ready to support DNSSEC for all .org domain name operators. Raad says she expects full-blown DNSSEC deployment on the .org domain in 2010."

----------

Lots of Nintendo add-ons announced:
http://news.zdnet.com/2422-19178_22-307891.html

Sony reveals PSP Go, motion-sensing plans

----------

Eric says this needs research:
The enterprise implications of Google Wave
Dion Hinchcliffe: The preview of the service itself was quite compelling, resulting in a rare standing ovation at a tech conference.

----------

Alternative Weekly Papers See Spike In Adult Ads Following Craigslist Decision
No comment needed.

----------

Bank of America certificate scam propagating Waledac, Virut
Angela Moscaritolo June 02, 2009
A new spam campaign disguised as a Bank of America email telling users they need to update their digital certificate is attempting to lure users into installing the Waledac worm.

----------

Software crack site hides malware repository
Chuck Miller June 02, 2009
A website found by a security research organization serves malicious files to people who are looking for cracks to software applications.

----------

Apple patches QuickTime for 10 security holes
Dan Kaplan June 01, 2009
Apple on Monday released an updated version of its popular QuickTime software.

----------

Windows Passwords: Making them Secure (Part 3)
by Derek Melber
Articles / Authentication, Access Control & Encryption
How to make a Windows password secure enough to solve all of the issues that were covered in the first two installations of this series.

----------

A First Look at Windows 7 Backup (Part 1)

----------

Cybersecurity: What will the attention span be this time?
The idea that the White House would be interested in cybersecurity is not new. But this attention has seemed to fade quite quickly after someone is appointed to a high-level cybersecurity czar-like role.

----------

DHS names key cybersecurity staff The U.S. Department of Homeland Security named Philip Reitinger as director of the National Cybersecurity Center, succeedin Rod Beckstrom, who quit the post earlier this year citing turf battles. Read more...

----------

Batteries.com, insurance firm report data breaches
Both companies reported the data breaches to the New Hampshire Department of Justice in May, with Batteries.com reporting that 865 residents of New Hampshire may be affected. New Hampshire's population is about 0.4 percent of the entire U.S. population, meaning the number of affected U.S. residents could be much greater.

----------

Microsoft sued over dynamic Web page technology
Other companies Parallel has sued for patent-infringement include Netflix, Amazon.com, Orbitz and Priceline.com.

----------

Oregon joins list of states saying no to Real ID
Oregon is one step closer to becoming the latest in a growing number of states to reject the Real ID Act, which sets a national standard for driver's licenses.

Lawmakers in Oregon's House of Representatives approved a bill on Friday that would prohibit agencies from spending state money to implement the requirements of the Real ID Act unless the federal government reimburses them the money.

----------

EMC aims to beat out NetApp with $1.8B bid for Data Domain
Less than two weeks after NetApp Inc. laid down $1.5 billion to buy leading data deduplication vendor Data Domain Inc., EMC has come out and offered to pay $1.8 billion for the company.

----------

Hackers tweet, infect Twitter users with scareware
The latest attack to hit Twitter is a "security nightmare" and marks the first time hackers have taken to using the micro-blogging site for profit, a researcher said today.

Unlike earlier cross-site scripting attacks on Twitter, the latest wasn't a worm, said Roel Schouwenberg, a senior antivirus researcher with Moscow-based Kaspersky Labs. Instead, it's something even scarier: The first instance of hackers serving up "scareware," fake security software that, once installed, nags users with so many alerts that some fork over $50 or more just to "register" the program and get rid of the warnings.

----------