Tuesday, October 10, 2006

US and EU stitch-up airline passenger data deal. US and EU stitch-up airline passenger data deal. And data protection law European data protection authorities are choking on their baguettes after seeing the detail of the data-sharing agreement the EU signed with the US on Friday. The passenger name record (PNR) agreement was presented as a formality that had been passed by the respective administrations without so much as a hiccup. But it's proving hard to swallow. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 11:51:43 PM

Apple Patches 15 Security Flaws. Apple Patches 15 Security Flaws. Apple Computer on Friday issued a bundle of updates to fix at least 15 different security holes in its Mac OS X software applications. Mac OS X v10.4.8 and Security Update 2006-006 corrects flaws in OS X Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, and Mac OS X Server v10.4 through Mac OS X Server v10.4.7. Apple says the Software Update utility "will present the update that applies to your system configuration. Only one is needed, either Mac OS X v10.4.8 or Security Update 2006-006," available from Apple Downloads. The updates include fixes for several remotely-exploitable flaws, including four bugs in the Mac version of Adobe's Flash player, as well as some that could be exploited just by viewing a maliciously crafted image file or visiting a nasty Web site. [Security Fix] 11:08:38 PM

Slashdot | One Last Spamhaus Warning Before The End kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article:  "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'" 11:04:58 PM

Microsoft Fixes Record 26 Security Holes. Microsoft Fixes Record 26 Security Holes. Microsoft today issued a record-breaking number of security updates, fixing at least 26 separate security holes in its Windows operating system and other products, including 16 vulnerabilities in Microsoft Office and Office components. By my count, this is the largest number of flaws Microsoft has fixed in one go outside of a Service Pack. Among the problems addressed in the ten patch bundles released as part of its monthly patch cycle are four flaws in Office, as well as four security holes each in different versions of Microsoft Word, Excel and PowerPoint (one of the Word flaws is only present in the version made for Apple Macintosh systems). The biggest problem with these Office flaws -- aside from the fact that at least one of them is actively being exploited in targeted attacks against users -- is that almost without exception they are most serious (or "critical") in the 2000 versions of each software title. That's a big deal because plenty of people (including the author) still use these older versions, and while users can get patches for recent versions of Office, Word, Excel and PowerPoint from the standard Microsoft patch sites -- such as Windows Update, Microsoft Update and via Automatic Updates -- people running Microsoft Office 2000, or standalone Word, Excel and PowerPoint versions cannot get updates for those products through the same means. Instead, they must add a second stage to their patching by heading over to the Office homepage and letting Office Update scan their machines. Aside from the huge number of Office bugs, six of today's updates apply to fully patched Windows XP systems. Two of the updates also apply to "Vista," as the next version of Windows will be called, though Microsoft was not specific about where those flaws resided in Vista. If I had to guess which flaws detailed today exist in Vista, I'd point to vulnerabilities Microsoft fixed in ".NET" -- a Microsoft programming language -- and its process for handling XML files (short for eXtensible Markup Language, XML is used to share data across the Web and over a variety of applications an operating systems). The .NET flaw doesn't appear to be that big of a deal, but the XML bug is potentially very serious for all Windows operating systems. Microsoft said attackers could exploit this vulnerability to compromise Windows machines just by convincing users to visit a malicious Web site. This flaw could become widely exploited in the near future, as the bad guys begin reverse-engineering Microsoft's patches to zero in on the vulnerable code and create exploits to attack unpatched systems. Microsoft also patched a flaw in Windows Explorer that criminals have been exploiting to compromise Windows computers over the past few weeks. If you're a Windows users and don't receive patches via Automatic Update, fire up Internet Explorer and head on over to Microsoft Update and apply these updates. If you're using Windows 2000 or any of the individual Office 2000 components, visit to Office Update as well. [Security Fix] 10:17:16 PM

Moyers on Net Neutrality. Moyers on Net Neutrality. Bill Moyers has a 90-minute documentary on Net Neutrality that will air over Public Broadcasting Service stations on Tuesday evening, Oct. 18. Check your local listings for time. Here[base ']s a link to the (show:) [http://www.pbs.org/moyers/moyersonamerica/net/index.html], called [base "]The Net at Risk.[per thou] Watch the preview, and you can get a feel for the show. Moyers and his staff held an online chat this afternoon to talk about the show. The first hour will be a look at the struggles over the issue at the federal and state levels. The last half-hour will focus on how low-power radio stations kept information flowing in the Gulf Coast following Hurricane Katrina at a time when commercial stations were shut down. Moyers said in the chat that while there[base ']s a great deal of public support for an open Internet, large campaign contributions have prevented Congress from acting, much as such contributions have contributed on a variety of other issues. Moyers noted that over time, each new medium has been promised to enlighten the public and further the goals of democracy, whether the medium was radio, TV or cable. Today, however, those are all controlled [base "]by commercial and corporate interests.[per thou] He warned that, [base "]If past is prelude, we shouldn[base ']t be sanguine about the Internet because large economic interests can move the agenda to benefit their interest and purposes.[per thou] read more [Public Knowledge - Policy Blog] 9:41:51 PM

IBM, health group sign deal to mine patient data to improve care. IBM, health group sign deal to mine patient data to improve care. Geisinger Health System and IBM will use data warehousing technology to develop a system for integrating and mining patient data to create customized treatment plans and ensure quality care. [Computerworld Data Mining News] 9:36:20 PM

10 Tough Questions & How to Answer Them. 10 Tough Questions & How to Answer Them. Recently hired CSOs share what hiring execs want to know in interviews. Note: Experience counts, and it pays to do your homework [CSO Online Data Security Briefing] 9:34:38 PM

The Seven Deadly Sins of Records Retention (And how to avoid them). The Seven Deadly Sins of Records Retention (And how to avoid them). Sure, you're thinking, records retention can be deadly. Deadly dull [CSO Online Data Security Briefing] 9:32:02 PM

© Copyright 2006 Paul Hardwick. Last update: 11/10/06; 2:09:31 AM.