Alerts
Alerts and warnings about important events and problems.

 
Home

Broadcast Flag

Privacy Digest

Children's Books

DVD & VHS Movies

Cool Electronics

Video Games

Lots Of Good Deals

Jewelry

Gourmet Foods

Beauty

Lots Of Good Books(Law)

Lots Of Good Books(Health)

Lots Of Good Books(Medicine)

Lots Of Good Books(Biography)

Lots Of Good Books(Law)


Subscribe to "Alerts" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

 
 

  Sunday, March 18, 2007

Microsoft security guru wants Vista bugs rated less serious
Microsoft's own bug hunters should cut Windows Vista some slack and rate its vulnerabilities differently because of the operating system's new, baked-in defenses, according to the developer who is often the public persona of the company's Security Development Lifecycle (SDL) process.

Michael Howard, a senior security program manager in Microsoft's security engineering group, said that the Microsoft Security Response Center (MSRC) is being too conservative in its Vista vulnerability rating plans. Because Vista includes security techniques and technologies that Windows XP lacks, the MSRC should reconsider how it ranks Vista when a vulnerability affects both Microsoft's new operating system and its predecessor, Windows XP, he said.

"The MSRC folks are, understandably, very conservative and would rather err on the side of people deploying updates rather than trying to downgrade bug severity," said Howard on his personal blog last week. "Don't be surprised if you see a bug that's, say, Important on Windows XP and Important on Windows Vista, even if Windows Vista has a few more defenses and mitigations in place."

The operating system, released to consumers in late January, includes a number of new security features that randomize memory, check code for buffer overflows and require user permission for potentially risky operations.

Not surprisingly, the MSRC rejects Howard's argument. "Windows Vista will not be treated any differently, and severity ratings for any issues will be based on vulnerability traits and merits, along with technical mitigating factors," an MSRC spokesperson said. "This process is the same for all Microsoft products."

Although the MSRC's security bulletins may qualify a bug's severity in some specific environments, its rating system is clear-cut. If an Internet worm can spread without user action -- the MSRC's definition of "critical" -- on Vista, the vulnerability will be so tagged, Vista-specific security technologies notwithstanding.

Analysts and outside Microsoft security professionals took the MSRC's side -- and blasted Howard's idea.


4:39:51 PM    

Slashdot | MS Security Guy Wants Vista Bugs Rated Down
  jcatcw writes  "Gregg Keizer reports that Michael Howard, an MS senior security program manager, says that the Microsoft Security Response Center (MSRC) is being too conservative in its Vista vulnerability rating plans. Microsoft's own bug hunters should cut Windows Vista some slack and rate its vulnerabilities differently because of the operating system's new, baked-in defenses."
4:31:59 PM    

  Saturday, March 17, 2007

Google's Blog Software Hijacked by Scammers.
Google's Blog Software Hijacked by Scammers. Google's blogger.com is being hijacked to spread malware through fake blogs, a security vendor warns. [PC World: Latest Technology News]
10:58:36 PM    

Hackers Promise Month of MySpace Bugs.
Hackers Promise Month of MySpace Bugs. They won't divulge their real names, they call their project a "whiny, attention-seeking ploy," and they appear to take their fashion cues from Beastie Boys music videos. [PC World: Latest Technology News]
9:58:02 PM    

Administrivia: Possible unscheduled upgrade of Privacy Digest
Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.
9:39:04 PM    

Your Clickstream Data: 40 cents; Losing Your Privacy: Priceless.
Your Clickstream Data: 40 cents; Losing Your Privacy: Priceless.

Adam Fields points to this disturbing revelation that ISPs are apparently selling their customer[base ']s clickstream data. The guilty ISPs apparently took the same [base "]anonymization[per thou] seminar as AOL, merely replacing user names with User 1, User 2, etc.

And what kind of price are they charging for such a violation of user[base ']s privacy? About 40 cents a month per user. Unbelievable.

[michaelzimmer.org]
9:15:54 PM    

Click here to visit the Radio UserLand website. © Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 4:42:42 PM.

March 2007
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Feb   Apr