Saturday, January 20, 2007

Critical Microsoft & Mozilla Patches for 2006. Critical Microsoft & Mozilla Patches for 2006. A couple of weeks ago, Security Fix published some data showing how risky it was for the average Windows user to browse the Web with Microsoft's Internet Explorer in 2006. That analysis found that for 284 days in 2006, bad guys were either exploiting critical, unpatched security holes in IE or blueprints for said instructions were published online for any criminals to use. In contrast, the data showed that there just nine days in 2006 in which exploit code was available for similarly serious, unpatched security holes in Mozilla's Firefox browser. A great number of people who commented on that story and sent e-mail about it have been asking to see the raw data that I used to compile that information. So, here it is: Microsoft's 2006 Critical Patches Mozilla's 2006 Critical Patches When reviewing this data, it's important to keep in mind that I only looked at the patches that were labeled "critical" by Microsoft or Mozilla themselves. Also, I don't think it's particularly useful to compare all of Microsoft's critical vulnerabilities to every critical Mozilla patch and draw conclusions about browser safety, which is why my earlier analysis only compared the patch and vulnerability times for Internet Explorer and Firefox flaws for which there was exploit code available before a patch was shipped to fix the problem. Overall, I found that it took an average of about 113 days for Microsoft to issue critical updates in 2006. If you just look at all critical IE flaws that Microsoft patched in 2006 (not just the bolded ones, which indicate either the availability of pre-patch exploit code or evidence of active, pre-patch exploitation), Microsoft took about 90 days to push out an update. However, when it came to the most serious IE flaws (the ones in bold), Microsoft shipped a fix in about 40 days. This post wasn't meant to stir up the virtual hornet's nest that is the eternal IE vs. Firefox security and usability debate. I merely wanted to publish the data sets (which took a great deal of time to compile) because they could be useful for other researchers (plus, I already promised I'd publish them). I roll with Firefox for most of my browsing needs, but still rely on IE7 for a handful of trusted sites. Surf with whatever browser makes you happy. But please, if you're still using IE6 and haven't upgraded to IE7 yet, stop fiddling around. If you're using an older version of Windows (IE7 doesn't work on anything older than XP), I would run -- not walk -- away from IE in favor of just about any other browser. One final note: I have tried very hard to be as accurate as possible with these tables. But if you find a discrepancy or something that doesn't seem to add up, please leave a comment below or drop me a line. If I can verify an error or discrepancy in the data, I will fix it and note that I have done so. [Security Fix] 11:52:45 PM  PermaLink   / trackback []

State Plea Deals to Dunn, Former HP Execs? State Plea Deals to Dunn, Former HP Execs?  Reports indicate that plea agreements in the HP spying case have been offered by California prosecutors. [PC World: Latest Technology News] 11:48:53 PM  PermaLink   / trackback []

Critics Blast Music DRM Legislation. Critics Blast Music DRM Legislation. Electronic freedom advocates oppose a US bill that would require Internet broadcasters to use DRM technology. [PC World: Latest Technology News] 11:40:15 PM  PermaLink   / trackback []

Thousands of PCs Infected by Nasty Trojan Horse. Thousands of PCs Infected by Nasty Trojan Horse. One in 200 e-mail messages sent today carry the vicious software, expert says. [PC World: Latest Technology News] 11:38:45 PM  PermaLink   / trackback []

Major Labels Block Zune Sharing of Certain Songs. Major Labels Block Zune Sharing of Certain Songs. Microsoft is trying to set its Zune media player apart from the iPod by showcasing its remarkably limited sharing feature. Many reviews have harped on how shared songs can only be played three times over three days. But the restrictions are actually even worse -- if you read the fine print, you'll find that "The Zune to Zune sharing feature may not be available for all audio files on your device." In fact, Engadget reports that certain songs bought at Microsoft's own store cannot take advantage of Zune's sharing. All the songs come wrapped in DRM, and apparently Microsoft doesn't tell customers at the time of purchase whether songs can be shared or not. The Zunerama blog tested the sharing feature on the top 50 songs sold at the Zune Marketplace and was met with this message: "Can't send some songs because of rights restrictions. 29 of 50 songs sent to Carrie's Zune." As usual, when you buy DRMed media, you may be getting much less than the online music service has promised. [EFF: Deep Links] 11:30:08 PM  PermaLink   / trackback []

First HD-DVD film appears on BitTorrent. First HD-DVD film appears on BitTorrent. Serenity broken A high-definition format movie has made its way onto BitTorrent. A pirated copy of the hit science fiction movie Serenity has been ripped from a HD DVD disc and made available to users of the popular P2P file sharing protocol. [The Register - Music and Media] 11:27:50 PM  PermaLink   / trackback []

Google, Yahoo, Microsoft, Others to Address Human Rights Violations. Google, Yahoo, Microsoft, Others to Address Human Rights Violations. An important press release came out this week regarding a coalition of Internet companies, IT providers, human rights organizations, and academics joining forces to address human rights violations enabled by technologies and practices by some of the member organizations, such as providing means of surveillance for regimes like China to identify and jail dissident citizens. From the release: A diverse group of companies, academics, investors, technology leaders and human rights organizations announced today its intention to seek solutions to the free expression and privacy challenges faced by technology and communications companies doing business internationally. The process  " which aims to produce a set of principles guiding company behavior when faced with laws, regulations and policies that interfere with the achievement of human rights " marks a new phase in efforts that these groups began in 2006. Last year, Google, Microsoft, Vodafone and Yahoo!, with the facilitation of Business for Social Responsibility (BSR) and advice from the Berkman Center for Internet & Society at Harvard Law School, initiated a series of dialogues to gain a fuller understanding of free expression and privacy as they relate to the use of technology worldwide. At the same time, the Center for Democracy and Technology (CDT) was also convening technology leaders, investors and human rights advocates to discuss how to advance civil liberties on the Internet in the face of laws that run contrary to international standards for human rights. Both processes benefited from dialogue, research and policy expertise on internet filtering and surveillance practices from the OpenNet Consensus, a coalition of academic institutions including the University of California Berkeley's Graduate School of Journalism and School of Law-Boalt Hall, the Berkman Center and others. The new combined group, in addition to developing the principles, seeks to advance their effectiveness by establishing a framework to implement the principles, hold signatories accountable and provide for ongoing learning. "Technology companies have played a vital role building the economy and providing tools important for democratic reform in developing countries. But some governments have found ways to turn technology against their citizens -- monitoring legitimate online activities and censoring democratic material," CDT Executive Director Leslie Harris said. "It is vital that we identify solutions that preserve the enormous democratic value provided by technological development, while at the same time protecting the human rights and civil liberties of those who stand to benefit from that expansion." More commentary John Palfrey and Rebecca MacKinoon, as well as Yahoo itself. [michaelzimmer.org] 11:21:32 PM  PermaLink   / trackback []

NYU Colloquium on Information Technology & Society Spring 2007 Schedule. NYU Colloquium on Information Technology & Society Spring 2007 Schedule. The spring 2007 schedule for the Information Law Institute (NYU Law School) Colloquium on Information Technology & Society has been announced. I[base ']m excited about the opportunity to moderate the panel on [base "]A Discussion about Privacy in Web-Search[per thou] featuring Ramsey Homsany, Senior Counsel at Google. Friday February 16, 12:30-2PM [base "]Are Creative Commons Licenses Forever?[per thou] Professor Tony Reese University of Texas at Austin Monday March 19, 8-9:30PM ** A public lecture co-sponsored with the ILI Student Association ** [base "]The Empire & the iPhone: [OE]Technology Platforms,[base '] the Commons, and the Way We Live Now[per thou] Professor Eben Moglen Columbia Law and Software Freedom Law Center Friday March 30, 12:30-2PM [base "]A Discussion about Privacy in Web-Search[per thou] Ramsey Homsany, Senior Counsel, Google Daniel Howe, PhD Candidate, Computer Science, NYU Helen Nissenbaum, Culture & Communication and ILI, NYU Moderator: Michael Zimmer, Ph.D. Candidate, NYU Friday April 13, 12:30-2PM Title TBA Professor Deirdre Mulligan, UC Berkeley and Samuelson Law, Technology & Public Policy Clinic Check the website for more details as the dates approach. If you want to subscribe to the mailing list, contact me. [michaelzimmer.org] 11:17:14 PM  PermaLink   / trackback []

WIPO Meeting on the Broadcast Treaty: Day 2. WIPO Meeting on the Broadcast Treaty: Day 2. One of the major issues that arose in yesterday[base ']s was how to come to an agreement on a treaty. The existing draft from last year runs over a hundred pages long, with each significant provision having several alternative versions suggested by different delegates and embodying different values. Since the WIPO General Assembly has instructed the Committee to come up with a document that can actually serve as the basis for a treaty, trimming this behemoth draft down to size is a priority. The Chair yesterday attempted to accomplish this by condensing and abstracting some of the provisions of the treaty into several [base "]non-papers,[per thou] which he introduced in the hopes that the member nations could decide upon the general outlines of the treaty, instead of plowing into discussing the details of 15/2 directly. Many delegations had some problems with this approach, since they had been preparing positions and statements based on the draft treaty, and would have to conduct detailed analyses anew on the new non-papers. read more [Public Knowledge - Policy Blog] 11:14:05 PM  PermaLink   / trackback []