Monday 12/14/09

Rather than patch, Microsoft blocks buggy code
http://www.computerworld.com/s/article/9142140/Rather_than_patch_Microsoft_blocks_buggy_code?taxonomyId=17
Microsoft has decided to disable a 17-year-old video codec in older versions of Windows rather than patch multiple vulnerabilities, according to the company's security team.

----------

Top Five Reasons For Security FAIL
Adi Ruppin admits the Internet security industry has seen every type of product fail. The good news, he says, is that there's much to learn from such failures. Here are five such lessons.

The weakest link
Industry standard vs. proprietary
The right solution to the wrong problem
The human factor
Usability

----------

DHS: Counterfeit Goods Still Rampant in U.S.
Phony products seizures fell slightly, but counterfeiting continues to be big business

----------

Not Security but...
Britain's First 140mph Train Service Begins

----------

Secret Copyright Treaty Timeline Shows Global DMCA
Michael Geist, a leading critic of the ACTA secret copyright treaty, has produced a new interactive timeline that traces its development. The timeline includes links to leaked documents, videos, and public interest group letters that should generate increasing concern with a deal that could lead to a global three-strikes and you're out policy.

----------

Building a Global Cyber Police Force
One of the biggest obstacles to fighting hackers and cyber-criminals is that many operate in the safe harbors of their home countries, insulated from prosecution by authorities in foreign countries where their targets reside. As Larry Walsh writes in his blog, several security vendors and a growing number of countries are now beginning to consider the creation of a global police force that would have trans-border jurisdiction to investigate and arrest suspected hackers.

----------

Supreme Court Takes Texting Case
http://www.nytimes.com/2009/12/15/us/15scotus.html?_r=1&hp
WASHINGTON — The Supreme Court agreed on Monday to decide whether a police department violated the constitutional privacy rights of an employee when it inspected personal text messages sent and received on a government pager.

The case opens “a new frontier in Fourth Amendment jurisprudence,” according to a three-judge panel of an appeals court that ruled in favor of the employee, a police sergeant on the Ontario, Calif., SWAT team.

----------

National data breach notification bill passed in U.S. House
Angela Moscaritolo December 10, 2009
The Data Accountability and Trust Act would require any organization that experiences a breach of electronic data containing personal information to notify all affected U.S. residents.

----------

Report finds enterprises failing to protect sensitive data
Angela Moscaritolo December 09, 2009
Just 40 percent of respondents in a recent survey said all of their organizations sensitive data is adequately secured.

----------

The Machine SID Duplication Myth
by Mark Russinovich

----------

Plastic Surgery Allows Exploit of Biometric ID System
Now what you are born with may not be as secure as biometric ID systems are purported to be. Lin Rong is accused by Japanese authorities of having her fingerprints surgically altered to enter the country illegally. She is reported to have had surgery to switch the finger tips of her right and left hand. The ruse was discovered by Japanese authorities after she was arrest for an unrelated offense.
'Fake fingerprint' Chinese woman fools Japan controls , BBC, December 7, 2009

----------

Full Disk Encryption: What It Can And Can't Do For Your Data
Dec 14,2009
Protection depends on how implementation -- and user know-how
Warning: disk is unlocked when it is on (duh!)

----------

FBI: Rogue Antivirus Scammers Have Made $150M
PC World – Fri Dec 11, 2:50 pm ET
They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than US$150 million for scammers. Security experts call them rogue antivirus programs.

----------

Amazon's data center outage reads like a thriller

----------