<a href=”http://www.dvorak.org/blog/2010/07/13/court-tosses-fcc-naughty-language-policy-about-f_n-time/”>More on FCC</a>

Here’s the link to the USA Today article:

Microsoft Windows XP Service Pack 2 updates to stop this week – USATODAY.com

New file sharing rules kick in today

 –Unpatched PDF Flaw is Being Actively Exploited
(June 28, 2010)
An unpatched hole in the PDF format is being actively exploited.
Attackers are sending malicious messages that appear to come from
company system administrators and have subject headings regarding
mailbox setting changes.  The messages claim the attachments contain
instructions for updating email settings.  The attachments instead
infect users’ computers with malware known as Auraax or Emold.  The
attack exploits PDF viewers’ “/Launch” functions to infect computers.
http://www.computerworld.com/s/article/9176088/Major_malware_campaign_abuses_unfixed_PDF_flaw?taxonomyId=208

[Editor's Note (Northcutt): Is there an alternative to a .pdf? It was
supposed to be a printable image of what you saw on the screen. At least
that was the idea 15 years ago. It should not need "launch" functions
to do that. Do you remember five or six years ago, you weren't supposed
to send an excel spreadsheet or a word document because they might
contain malware, you were supposed to send a .pdf. Guess that has
changed! If anyone has a suggestion for a replacement for .pdfs that
works on linux, Apple and Microsoft and has almost no features beyond
imaging of the document, please drop me a note (stephen@sans.edu).]

AND, hot the heels of this:

 –Adobe to Release Reader and Acrobat Security Updates Two Weeks Ahead
   of Schedule
(June 24 & 25, 2010)
Adobe will release security updates for Reader and Acrobat on Tuesday,
June 29, two weeks ahead of the company’s regularly scheduled
quarterly security update.  The updates address a critical
vulnerability in Flash that is being actively exploited.  Adobe
released a fix for the issue in Flash Player on June 10.  Because of
the accelerated patch release, Adobe will not be issuing updates on
July 13, 2010.  The affected software includes Adobe Reader 9.3.2 and
earlier for Windows, Mac and UNIX, and Adobe Acrobat 9.3.2 and earlier
for Windows and Mac.
http://www.h-online.com/security/news/item/Adobe-brings-forward-security-update-for-Reader-1029200.html

http://www.theregister.co.uk/2010/06/25/adobe_pdf_flash_security_update/

http://www.adobe.com/support/security/bulletins/apsb10-15.html

–Twitter Settles FTC Privacy Charges

(June 24, 2010)

Twitter has agreed to a settlement with the US Federal Trade Commission

(FTC) over privacy issues stemming from two attacks that compromised

Twitter accounts.  The FTC complaint says that Twitter’s stated privacy

policy at the time led users to believe that stronger privacy

protections were in place than were actually in use.  On two separate

occasions in 2009, attackers gained unauthorized access to

administrative control of the Twitter service.  In January 2009, an

attacker gained administrative access to Twitter through a brute force

dictionary attack.  The intruder reset user passwords and posted some

of the passwords on a website, where others accessed them and used them

to send phony messages from those accounts.  In April 2009, a Twitter

employee’s account was compromised, compromising Twitter user’s personal

information and messages sent.  At the time, Twitter had no policy

against easy-to-guess administrative passwords, nor did it suspend or

disable account access after a certain number of failed log-in attempts.

Twitter has now implemented many of the FTC’s security recommendations.

The terms of the agreement prohibit Twitter from “misleading consumers

about the extent to which it maintains and protects the security,

privacy, and confidentiality of nonpublic consumer information.”

Twitter will also be required to undergo third-party security audits.

http://voices.washingtonpost.

com/posttech/2010/06/twitter_

settles_charges_by_ftc.html

http://www.wired.com/

threatlevel/2010/06/twitter-

settles-with-ftc/

http://www.msnbc.msn.com/id/

37903432/ns/technology_and_

science-security/

http://www.computerworld.com/

s/article/9178473/Twitter_

settles_FTC_privacy_complaint

[Editor's Note (Pescatore and Paller): Back in 2007 the FTC managed to

reach a similar agreement with Microsoft around questionable privacy

practices in Microsoft Passport. Notice how the FTC has managed to be

an effective regulatory agency without requiring any new laws or

regulations? Kudos to FTC.]

This is from my SANS Newsletter!  Go to the links and read.

–No Kill Switch in Cyber Security Bill

(June 23 & 24, 2010)

In response to misconceptions about their proposed cyber security

legislation, US Senators Joseph Lieberman (I-Conn.), Susan Collins

(R-Maine) and Thomas Carper (D-Del.) have published a fact sheet to

clarify issues and quash rumors about the powers the bill grants.  The

Protecting Cyberspace as a National Asset Act

does not give the

president the authority to take control or shut down the Internet.

http://cybersecurityreport.

nextgov.com/2010/06/cyber_

bills_welcomed_scrutiny.php

http://www.informationweek.

com/news/government/security/

showArticle.jhtml?articleID=

225701368

http://www.pcworld.com/

businesscenter/article/199825/

senate_panel_approves_

controversial_cybersecurity_

bill.html

http://hsgac.senate.gov/

public/?FuseAction=home.

Cybersecurity

Click on the link for more info.

Viacom/Google case ruling

that regularly puke on everyone.

PC Mag article on Firefox 3.6.4