Here's a collection of links from the "Stuff I'm reading" section. To see these as they post, come back to the Beyond Binary blog and check out the right-hand column. I recommend doing it ten times a day, but, the digest below is here for those that have other things to do:Are Microsoft-served ads slowing down Web sites?--Blogger Long Zheng noticed that his recent visits to Digg had been slowed by ad requests to MSN. He did some more, well digging, and found that some other sites with MSN-served ads are also sluggish. (istartedsomething) … Read more
On Tuesday, a security researcher disclosed to Bugtraq, a public newsgroup, details of remote execution attacks on some models of Hewlett-Packard laptops. According to the researcher, who is using the name "porkythepig," flaws in HPInfoDLL.dll, one of the ActiveX controls used within the HP Info Center, could allow remote attackers to target the laptop and also execute registry changes on the compromised machine.
As of Wednesday, HP has not offered a response.
The scenario within the disclosure suggests that an attacker could lure a victim to a specially created Web site. When viewing the Web site in … Read more
Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.
On the Windows side is a cumulative update for Internet Explorer, plus patches for the Windows Kernel, DirectX, Macrovision Driver, and the Windows Media File format--the latter three suggest concern that criminal hackers are targeting media files for exploitation. There are no Microsoft Office updates this month. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
I stumbled across this fascinating Microsoft tutorial today entitled "How to Justify a Desktop Upgrade." It's an attempt to coach IT professionals on how to sell desktop upgrades internally. Apparently the value of Vista is not readily apparent, requiring detailed instructions on how to connive and cajole into an upgrade from XP.
The most intriguing thing about the tutorial is its implicit rejection of Microsoft's older technology. Just a few years ago Microsoft was pitching the world on how secure and cool XP was. Now it's telling us largely the opposite:
[M]anagement may not be aware that the most compelling reason to migrate to a newer operating system, such as Windows Vista, is to take advantage of the latest security features.… Read more
In reading through a larger article on open-source adoption in the US Department of Defense, I came across this interesting perspective on why shared-source software (which Microsoft and an increasing number of software vendors use to mimic open source without fully embracing its benefits and obligations) is bad for security:Several large companies whose software is in heavy use in DOD advocate a shared source code model in which people can view the source code but not change it. This shared source code approach has some problems, though. By sharing source code with organizations, the users have the ability to … Read more
Those entering online dating forums risk having more than their hearts stolen.
A program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners is making the rounds in Russian chat forums, according to security software firm PC Tools.
The artificial intelligence of CyberLover's automated chats is good enough that victims have a tough time distinguishing the "bot" from a real potential suitor, PC Tools said. The software can work quickly too, establishing up to 10 relationships in 30 minutes, PC Tools said. It compiles a report on every person it meets … Read more
I know that being a parent has got to be the uncoolest perspective in Silicon Valley. After all, it's much more cutting edge to be libertarian, 23 years old, working 24/7 and sleeping on a futon in your cube.
But no one stays that way forever (thank goodness), and I'd like to think that those of us who have moved down the road a few years have a lot to add to technology design. With Facebook's Beacon plans blowing up this week, you can really see what happens when new "features" are added by twentysomethings who are coding and rolling out products as fast as they can.
I'm proposing a new job title to add to Facebook's Executive Team: VP of Adult Supervision.
My suggestion is only half-joking. Facebook's Mark Zuckerberg was called out for ageism earlier this year after he stressed the importance of "only [hiring] young people with technical expertise."
The problem is that Facebook's users aren't only people like their mind-blowingly young executives and programmers. A large proportion of their users are over 35. We don't appreciate having our privacy stomped on, and just because we want to participate in social networks, we don't necessarily want to live our lives in an exhibitionist fishbowl. Product design suffers when a grown-up perspective is not taken into account.… Read more
Valleywag reports that SourceForge.net was hacked Wednesday, resulting in site downtime while SourceForge tracked down the hacker. SourceForge's Ross Turk confirms the report:We played a game of cat and mouse with a "security enthusiast" from Europe yesterday. :) No harm done, though, and everything's running smoothly.
Given that projects upload their code to the SourceForge repository on a regular basis, there's not any serious cause for concern that a security breach would be a long-term threat. Additionally, it's doubtful that anyone would download and install any critically important software in the minutes or … Read more
You've been sent an e-mail, and it's critical the contents are safe from prying eyes. In the case of Gmail, and a handful of other popular Web-mail providers, your e-mail could be in a dozen different servers (albeit encrypted), or even be analyzed to try to sell you contextual ads.
The creators of Lockbin would like to help you avoid such security calamities with their closed system that will take any message and send it to someone in a highly secured manner. How secure? You can't even open it unless your recipient happens to have the "… Read more
This week, Cisco did something it is extremely good at: it announced yet another marketing-focused initiative called the Cisco Trusted Security, or TrustSec. The company describes TrustSec as "a new architecture that integrates identity and role-based security measures for scaled implementation across enterprise networks."
Hey, great idea! If I knew who was on my network and what they were doing, I could certainly get a better handle on security, business process management, workflow, and regulatory compliance controls. That said, we've been talking about this for a long time. I would also argue that a number of vendors … Read more