Security is not a feature; it’s a process. Notes on issues, patches and essays on security.
New virus can pass from PCs to mobile devices.
(InfoWorld) – “A security association is reporting what it says is the first virus that can pass from a [Windows — ted] PC to a [Windows — ted] mobile device and then erase files.”
Talk about interoperability! C#, Visual Studio .NET, ActiveSync, WindowsCE/MobileOS and Windows on the PC.
Over at Ars Technica, Eric Bangeman points out a Safari vulnerability worth taking note of. “The widely reported Trojan horse for Mac OS X may be a dud. However, a security flaw in Apple’s Safari browser is something to be concerned about.” It looks like Apple made the poor decision of depending on the file extension to determine how “safe” a document is to open — even if the document also has metadata making it an executable script. Tsk, tsk. Wise advice in the article: turn off the Safari option to “Open “safe” files after downloading.” Even Apple puts “safe” in quotes — that should be a hint!
Computerworld News reports Hackers follow Microsoft patches with malware. “Hackers have posted attack code that takes advantage of two recently patched Windows Media Player bugs and could allow them to take over a Windows PC that doesn’t have the latest security updates.”
Did I mention that you need to get patching? What are you waiting for?
Computerworld News is reporting that Microsoft patch fails to install for some users. “Microsoft found an installation problem with one of its security patches released yesterday that requires some users to take additional steps to install it.”
Computerworld News notes Microsoft issues seven security patches. “The updates are considered less serious than January’s fixes, although two are rated critical.”
Read the gory details here. While only two are rated “Critical” several of the “Important” patches allow remote code execution. Patch away!
MS06-004 through -010 were released today. It’s the seventh week of 2006. When exactly is Trustworthy Computing supposed to kick in?
Ed Foster’s Gripelog posts Plays For Sure, Unless It Doesn’t. “A big headache for customers in the era of convergence is that it’s very hard…”
I’ve been looking at the iRiver products, and will still consider them, as I’m interested in unrestricted audiocasts, my own ripped music and OGG file capability. The Microsoft “Plays for Sure” appears to be yet another empty promise, and it’s no surprise. Digital Restriction Management restricts everyone from using their purchased music as they’d like, with the flimsy hope that it will deter piracy. Would you buy a book that could only be read under a “Reads for Sure” lightbulb?
Amazing Slashdot post: Microsoft Anti-Spyware Removes Norton Anti-Virus. An anonymous reader writes “According to a story over at Washingtonpost.com, the latest definitions file for Microsoft’s Anti-Spyware beta flags Symantec’s Norton Antivirus products as a password-stealing trojan and prompts users to delete portions of the program. Users who follow the instructions hose their installation of Norton, requiring delicate Windows registry edits and a complete removal/reinstall of Norton. Microsoft’s support forum is quickly filling up with complaints about this problem, many from businesses that have been pretty hard hit. This should be a cautionary tale about deploying beta products in production environments.”
Why anyone would install a program from Microsoft named MALICIOUS Software Removal Tool is a mystery to me.
ComputerWorld is reporting that Attack code published for Firefox flaw. “A hacker has published code that exploits a vulnerability found in the latest version of the Mozilla Corp.’s Firefox browser.” Note that a patch is already available for this vulnerability, and your browser should already have prompted you to install the update. If not, check “Check for Updates…” in the Help menu.
While on the road to a client yesterday, I got to listen to a couple of audiocasts, as the mountainous terrain around here makes radio reception difficult. As I’ve blogged before, a five cent CD-R seems cheaper than the batteries to try to jury-rig an MP3 player to a FM transmitter to tune in on the car radio. Insert disc. Play. Very simple. On this trip, I listened to:
Joichi Ito: The Future of Blogging. “The Internet is truly becoming an open network with the rise of amateur content and open source software. In this talk, Joi Ito takes us through the growth of the internet as an open network in layers to the point where the killer app is now user generated content. Earlier, it was the little guys around the edges of the internet who created the open standards which made the web work, and today it is those same people who fuel it with their creativity. Joi also shares with us his observations of the remix culture seen on the net. [Accelerating Change audio from IT Conversations]” — quite the blast of conversation. The key point: user content, rather than mainstream media, is the next big internet wave. Great moment: Joichi points out that “amateur” comes from Latin roots of “from the heart” and doesn’t say anything about the quality.
Saul Klein, VP Marketing, Skype: “Skype has become one of the prominent disruptive technologies of the early 21st century. Allowing anyone with a broadband connection to make cheap calls all over the world and free voice, text (and now, video) calls to anyone on the Skype network, it has changed the way many people think of the telephone. Skype has influenced pricing and availability, and is so ubiquitous that it is lending its name to become the verb for using PC-based voice over IP… In this interview, Larry Magid talks with Saul Klein, VP Marketing of Skype. They discuss the changing nature of the telecom business, Skype’s new video feature and the potential for Skype to bring telephony to previously under-served markets.”
David Heinemeier Hansson, Developer, Ruby on Rails: Secrets Behind Ruby on Rails, “Ruby on Rails has received a lot of buzz among the web developer community, but many wonder exactly what the fuss is all about. In this high order bit from the 2005 O’Reilly Open Source Convention, developer David Heinemeier Hansson explains the secrets behind the success of Ruby on Rails.”
All audiocasts came from the IT Conversations: All Programs feed. Worth checking out, and considering supporting IT Conversations if they bring as much value to you as they do to me.
InfoWorld: Top News reports Microsoft warns of file-trashing worm.
(InfoWorld) – “Microsoft has published a security advisory warning Windows users of a file-trashing worm that has been circulating via e-mail for several weeks. The worm, which is programmed to destroy a wide variety of files on the third day of every month, has been circulating since mid-January, and is estimated to have infected between 250,000 and 300,000 systems worldwide.”
Almost missed the monthly warning: DO NOT open files or click links from untrusted sources. THERE ARE NO TRUSTED SOURCES. Verify the sender really sent you the file. Scan it with a virus checker. Don’t use it if you don’t trust it.