New laws for Illinois
Wednesday, June 30th, 2010Okay, folks. July 1 ushers in some new laws for Illinois. Here’s a link to a partial list: http://tinyurl.com/3xl4fr6
Archive for June, 2010
More Toyota woes!
Wednesday, June 30th, 2010If you or someone you know has a Lexus HS250h hybrid, better read Lexus recall
Now what! PDF files vulnerable to in the wild exploits
Tuesday, June 29th, 2010From the SANS Newsletter:
–Unpatched PDF Flaw is Being Actively Exploited
(June 28, 2010)
An unpatched hole in the PDF format is being actively exploited.
Attackers are sending malicious messages that appear to come from
company system administrators and have subject headings regarding
mailbox setting changes. The messages claim the attachments contain
instructions for updating email settings. The attachments instead
infect users’ computers with malware known as Auraax or Emold. The
attack exploits PDF viewers’ “/Launch” functions to infect computers.
http://www.computerworld.com/
[Editor's Note (Northcutt): Is there an alternative to a .pdf? It was
supposed to be a printable image of what you saw on the screen. At least
that was the idea 15 years ago. It should not need "launch" functions
to do that. Do you remember five or six years ago, you weren't supposed
to send an excel spreadsheet or a word document because they might
contain malware, you were supposed to send a .pdf. Guess that has
changed! If anyone has a suggestion for a replacement for .pdfs that
works on linux, Apple and Microsoft and has almost no features beyond
imaging of the document, please drop me a note (stephen@sans.edu).]
AND, hot the heels of this:
–Adobe to Release Reader and Acrobat Security Updates Two Weeks Ahead
of Schedule
(June 24 & 25, 2010)
Adobe will release security updates for Reader and Acrobat on Tuesday,
June 29, two weeks ahead of the company’s regularly scheduled
quarterly security update. The updates address a critical
vulnerability in Flash that is being actively exploited. Adobe
released a fix for the issue in Flash Player on June 10. Because of
the accelerated patch release, Adobe will not be issuing updates on
July 13, 2010. The affected software includes Adobe Reader 9.3.2 and
earlier for Windows, Mac and UNIX, and Adobe Acrobat 9.3.2 and earlier
for Windows and Mac.
http://www.h-online.com/
http://www.theregister.co.uk/
http://www.adobe.com/support/
Now, this does not surprise me. Finally, it looks like Adobe is doing what it should have been doing all along.
And from the world of Google:
–Updated Chrome Incorporates Latest Version of Flash Player
(June 25 & 27, 2010)
Google has released an update for its Chrome browser to address five
security flaws, three rated critical. Chrome version 5.0.375.86 also
incorporates the built-in Flash Player. Flash support was integrated
in Chrome in the beta phase, but Google waited for Flash Player 10.1 to
integrate it in the stable version of Chrome 5. The updated version of
the browser is available for Mac, Linux and Windows.
http://www.pcworld.com/
http://googlechromereleases.
Okay, now this is wierd!
Monday, June 28th, 2010If you’re a Marilyn Monroe fan, this may interest you. Someone bought her chest x-ray for $45K.
Here’s the article: <a href=”http://tinyurl.com/22lw667″>Marilyn’s Chest Xrays Sold</a>
boycott BP?
Saturday, June 26th, 2010Think hard about doing that. BP is a huge multi-national corporation and won’t be hurt at all if you decide not to visit the local BP statoin.
What you WILL do is possibly cause a hardworking franchisee to lose business and possibly go belly up. In this era of a lack of jobs,
the more viable businesses we have the better. There are people who depend on that BP station for their ability to survive.
Consider that when you decide whether or not to boycott a BP station. You could be screwing your neighbors.
What a mess with the Cubs
Saturday, June 26th, 2010I don’t care how good Carlos Zambrano is. After the exhibition of total lack of self-control and then blaming the other members of the team for what
he couldn’t do, it’s time to get rid of him.
New version of firefox released
Saturday, June 26th, 2010
–Firefox Update Incorporates Crash ProtectionHere’s another item from the SANS Newsbytes newsletter. I’ve gotten the new version that was set up for Portable Apps and I still am not happy.
Firefox takes a LONG time to load and it’s slower than molasses in winter at times. I’m disappointed because I love Firefox but this version….I dunno.
(June 22 & 23, 2010)
On Tuesday, June 22, Mozilla released updates for Firefox versions 3.5
and 3.6 to address nine vulnerabilities, six of which are rated
critical. Firefox 3.6.4 also incorporates crash protection. If users
running the latest version of Firefox experience a plug-in freeze or
crash, users can refresh the page instead of having to restart the
browser. The current version of the feature allows users to recover
from Flash Player, QuickTime and Silverlight plug-in crashes for users
running Windows and Linux. Mozilla plans to expand the crash protection
to other plug-ins and operating systems.
http://www.h-online.com/
Twitter settles FTC suit
Saturday, June 26th, 2010Again, from the SANS Newsbites newsletter:
–Twitter Settles FTC Privacy Charges
(June 24, 2010)
Twitter has agreed to a settlement with the US Federal Trade Commission
(FTC) over privacy issues stemming from two attacks that compromised
Twitter accounts. The FTC complaint says that Twitter’s stated privacy
policy at the time led users to believe that stronger privacy
protections were in place than were actually in use. On two separate
occasions in 2009, attackers gained unauthorized access to
administrative control of the Twitter service. In January 2009, an
attacker gained administrative access to Twitter through a brute force
dictionary attack. The intruder reset user passwords and posted some
of the passwords on a website, where others accessed them and used them
to send phony messages from those accounts. In April 2009, a Twitter
employee’s account was compromised, compromising Twitter user’s personal
information and messages sent. At the time, Twitter had no policy
against easy-to-guess administrative passwords, nor did it suspend or
disable account access after a certain number of failed log-in attempts.
Twitter has now implemented many of the FTC’s security recommendations.
The terms of the agreement prohibit Twitter from “misleading consumers
about the extent to which it maintains and protects the security,
privacy, and confidentiality of nonpublic consumer information.”
Twitter will also be required to undergo third-party security audits.
http://voices.washingtonpost.
com/posttech/2010/06/twitter_
settles_charges_by_ftc.html
http://www.wired.com/
threatlevel/2010/06/twitter-
settles-with-ftc/
http://www.msnbc.msn.com/id/
37903432/ns/technology_and_
science-security/
http://www.computerworld.com/
s/article/9178473/Twitter_
settles_FTC_privacy_complaint
[Editor's Note (Pescatore and Paller): Back in 2007 the FTC managed to
reach a similar agreement with Microsoft around questionable privacy
practices in Microsoft Passport. Notice how the FTC has managed to be
an effective regulatory agency without requiring any new laws or
regulations? Kudos to FTC.]
CORRECTION: Posting about the Protecting Cyberspace as a National Asset Act
Saturday, June 26th, 2010I’m not the only one who got FUDed on this one.
This is from my SANS Newsletter! Go to the links and read.
–No Kill Switch in Cyber Security Bill
(June 23 & 24, 2010)
In response to misconceptions about their proposed cyber security
legislation, US Senators Joseph Lieberman (I-Conn.), Susan Collins
(R-Maine) and Thomas Carper (D-Del.) have published a fact sheet to
clarify issues and quash rumors about the powers the bill grants. The
Protecting Cyberspace as a National Asset Act
does not give the
president the authority to take control or shut down the Internet.
http://cybersecurityreport.
nextgov.com/2010/06/cyber_
bills_welcomed_scrutiny.php
http://www.informationweek.
com/news/government/security/
showArticle.jhtml?articleID=
225701368
http://www.pcworld.com/
businesscenter/article/199825/
senate_panel_approves_
controversial_cybersecurity_
bill.html
http://hsgac.senate.gov/
public/?FuseAction=home.
Cybersecurity
Joe Jackson, slimebag
Friday, June 25th, 2010Here’s a great example of this.
