Saturday, January 21, 2006

FBI: Most Companies Get Hacked

If this one doesn't give you pause about the businesses you deal with, nothing will.

Some security researchers take issue with the study, saying the numbers are simply wrong. No one disagrees with the basic conclusion, though. Major security incidents are the norm, not the exception.

The survey really is a little goofy. It equates spyware infections with genuine intrusions and several other assumptions are equally strange. I suspect this was done to simplify the form in order to not burden those responding unduly.

The point is that there is a lot more of this sort of thing going on than was generally acknowledged.


Friday, January 20, 2006

Update: Inside the WMF Backdoor [Mark's Systinternals Blog]

Some of the latest info:

Mark received several requests to look into the WMF vulnerability and he believes it is merely bad design, not a deliberate backdoor. Steve Gibson has released another security now podcast which apparently "close[s] the backdoor" on the WMF vulnerability, but I haven't listened yet, so go check it out, there are a variety of ways to access the podcast listed, from audio to text to PDF.


Thursday, January 19, 2006

Gonzales v Google: the study methodology is flawed

The text below was sent to Joel McElvain at the Department of Justice:

I have read and considered your motion to force Google to comply. May I humbly suggest that you may win the battle and lose the war. I have no stake in this dispute, but I do know a few things about computer technology. Yes, you will find me with a Google search.

Assuming you get the data requested from Google and its competitors, what kind of picture can you paint with the data obtained for the Supreme Court? The answer is not enough that is useful in setting United States law and policy. Internet search providers such as Google have search servers spread throughout the world, largely to handle queries in local geographies. The search engines must comply with local laws such as Arabic bans on indecency, China's ban on "democracy" and France's ban on Nazi memorabilia auctions.

For various reasons, Internet data that is searchable and available in one part of the world may not be available in or accessible from the United States, and vice versa. Therefore, it appears to me that a random set of data from Google's query servers around the world cannot say whether the query made in, say, China can also return the same results if made from the United States -- and therefore be controlled by U.S. law. Your subpoena will drag in worldwide data without identifying the query limits of the source data server.

As a citizen, I am interested in seeing that the Supreme Court's remand re COPA is met with a study that is accurate and defensible as it relates to U.S. law and citizens. I fail to see how the methodology implied in the Google motion is going to achieve a "national" set of data when a "world" net is being cast.

Peter S. Kastner

Wednesday, January 18, 2006

New Linux license takes aim at DRM and Hollywood | CNET

"At a two-day event here to launch the General Public License version 3, which governs use of countless free and open-source programs, Moglen said the license includes anti-DRM provisions that could put it in conflict with movie studios and even digital video recorder maker TiVo"

Next XP Service Pack is Far in the Future

Apparently Microsoft has much less interest in service packs for XP than they do in releasing Vista. While that is understandable, it seems to indicate they are not terribly concerned with problems that exist in XP now.

Here is Microsoft's roadmap for service packs.

I frequently get the idea that Microsoft simply does not have enough people to deal with all the updates and upgrades they need to be putting out. With all their billions, one would think they could and would hire enough good people to do what they and their customers need done.


Tuesday, January 17, 2006

Researcher: Sony BMG "rootkit" still widespread

As we have hinted during the show; the damage and flap over Sony/BMG's behavior is far from over. This Security Focus article makes that perfectly clear.

Be afraid;


Sunday, January 15, 2006

OnComputers Radio show Podcast 01-15-06

This is the On Computers Radio show podcast for 01-15-06. If you prefer, you can download the same file here via ftp.