General discussion

NEWS - April 02, 2010

Senator Calls For Privacy Hearings

"Judiciary chairman Leahy says currently laws governing electronic communications are outdated and inadequate. "

Sen. Patrick Leahy, Democrat from Vermont and chairman of the Senate Judiciary Committee, said he plans to hold hearings on "much-needed updates" to the Electronic Communications Privacy Act of 1986 in the coming months.

"While the question of how best to balance privacy and security in the 21st century has no simple answer, what is clear is that our federal electronic privacy laws are woefully outdated," Leahy said, in a statement.

Google, Microsoft and other tech companies also joined privacy advocates and academics this week in seeking tougher laws that raise the standards for government access to e-mail, instant messages and personal files stored online.

The broad Digital Due Process coalition wants Congress to rewrite the privacy act. The group argues the law is outdated and no longer provides adequate protection of personal data stored on the Internet, as it exists today.

Continued here:
Discussion is locked
Reply to: NEWS - April 02, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - April 02, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Firefox 3.6.3 closes a critical hole

Mozilla has announced the release of Firefox 3.6.3 to address a critical security hole used as part of a winning exploit at Pwn2Own 2010. The update comes just over a week after the release of Firefox 3.6.2 which addressed a different critical flaw.

The memory corruption flaw, demonstrated by Nils of MWR Infosecurity at Pwn2Own 2010, is caused by moving DOM nodes between documents and triggering garbage collection at the right time, leaving an incorrectly retained node which would be used later. This, in turn, could be used to execute remotely injected code. Mozilla say the exploit only affects Firefox 3.6, but that it plans to patch Firefox 3.5 in a coming release "just in case there is an alternate way of triggering the bug".

Continued here:

- Collapse -
It?s an Easter Spam Eggs-traviganza!

From the Kaspersky Weblog:

4This year, Christians all over the world will be celebrating Easter Day on 4 April.

The Easter holidays of today barely resemble the quiet exchange of chocolate eggs and cards that they once did. Thanks to ruthless exploitation by all and sundry, Easter now encompasses a whole host of events and activities completely unrelated to the death and resurrection of Jesus Christ. Naturally, spammers wouldn?t miss such a golden opportunity to get in on the action too and have rather predictably come up with some ?Easter themed? mass mailings of their own.

It has to be said that the spammers have been quite inventive in their exploitation of the Easter theme this time though. The most popular Russian messages contain an advert for a sightseeing tour supposedly taking place on the Easter weekend. Below is a screenshot of the spam mailing offering users the chance to visit a number of religious sites located in the regions surrounding Moscow: [...]

Continued here:

- Collapse -
Want to Make Easter Even More Magical? Click me!

From Symantec's Security Response Blog:

As Easter approaches, spam related to this upcoming holiday is expected. Spammers didn?t send malicious greetings like last year?they sent out various product promotion ads instead. One particular coupon promotion page offers recipients a free coupon for digital TV service for Easter. A domain attack was observed from this spam attack, and the offer page changed to different product coupons on a daily basis.

From: "The Easter Bunny" <EasterBunny@ [Details Removed]>
Subject: How to make this Easter even more magical...

In another Easter spam message we observed a gift basket promo message that is just like ordinary hit-and-run spam, in which the spammers try to bypass spam filters by changing the registered domains while using the same promotional ads. Spam filters can often miss this type of sudden increase in volume mailing; however, Symantec?s Brightmail product is able to stop this type of attack.

From: "Personal Creations" <TheEasterBunny@ [Detail Removed]>
From: "The Easter Bunny" <PersonalCreations@ [Detail Removed]>
From: "Personal Creations" <PersonalCreations@ [Detail Removed]>

Subject: Personalized Easter Baskets

Continued here:

Also See: Spammers Capitalize on Easter

- Collapse -
Google, not blocked in China, still faces risks

Ten days after Google snubbed Chinese government censors by moving its search engine there to Hong Kong, its Web search service remains unblocked in China. But the move could yet cost Google substantial business, and already offering services to Chinese users from outside of the country has proved an imperfect counter to government censorship.

"I'm not surprised that it hasn't been blocked," said Duncan Clark, chairman of technology consultancy BDA. "Both sides probably don't want the thing to rumble on in any high-profile way."

But the impact of Google's move on its business could grow as time passes. China could still choose to block or, the company's Hong Kong site, and Google will have to work to retain Chinese customers paying for ads on international Google sites.

"If it's slow, that's almost worse than being blocked," said Clark. "Advertisers hate uncertainty."

Continued here:

- Collapse -
Eliminate two thirds of comp security risk!

From the Sunbelt Blog:

Don?t run your PC with admin privileges

Sometimes in life you know something is a risk, but you don?t know how BIG a risk it is until somebody actually checks it out. There was a German scientist in Russia who repeated Ben Franklin?s kite-in-the-thunder-storm experiment but didn?t live to write up his results.

Los Angeles security firm BeyondTrust has released an analysis of Microsoft?s 75 security bulletins last year. They came to the startling conclusion that if users had operated their computers without administrative rights they would have eliminated 64 percent of their risk from Microsoft vulnerabilities!

That?s a NO COST way to eliminate 64 percent of risk!

The key section in their report:

?By examining all of the published Microsoft vulnerabilities in 2009 and all of the published Windows 7 vulnerabilities to date, this report quantifies the continued effectiveness of removing administrator rights at mitigating vulnerabilities in Microsoft software.

Continued here:

Also See: Report: 64% of all Microsoft vulnerabilities for 2009 mitigated by Least Privilege accounts

CNET Forums

Forum Info