| |
|
Sunday, March 18, 2007
|
|
It seems that my current CMS(Content Management System) for Privacy Digest is getting sick. Since I was already planning to switch to a different CMS to manage the site, its not worth putting a lot of research and effort into cleaning up the new problems (probably a corrupted database) with the old one.
I will probably doing a switch over in the next or so. There will probably be a few hiccups with the RSS/XML feeds and maybe other things. The old pages will stay in place till I can import/convert them to the new system. But since they aren't actually in the CMS they will not be visible in the local search function. I'll look at adding the Google search back for my site since they have will have the old and new content.
Until the switchover goes live, you can check it out at http://www.PrivacyDigest.com/index.php And yes the index.php part is required till the switchover. But it will not be needed afterwards.
Editor.
4:50:31 PM 
|
|
Microsoft's own bug hunters should cut Windows Vista some slack and
rate its vulnerabilities differently because of the operating system's
new, baked-in defenses, according to the developer who is often the
public persona of the company's Security Development Lifecycle (SDL)
process.
Michael Howard, a senior security program manager in
Microsoft's security engineering group, said that the Microsoft
Security Response Center (MSRC) is being too conservative in its Vista
vulnerability rating plans. Because Vista includes security techniques
and technologies that Windows XP lacks, the MSRC should reconsider how
it ranks Vista when a vulnerability affects both Microsoft's new
operating system and its predecessor, Windows XP, he said.
"The MSRC folks are, understandably, very conservative and
would rather err on the side of people deploying updates rather than
trying to downgrade bug severity," said Howard on his personal blog last week.
"Don't be surprised if you see a bug that's, say, Important on Windows
XP and Important on Windows Vista, even if Windows Vista has a few more
defenses and mitigations in place."
The operating system, released to consumers in late January,
includes a number of new security features that randomize memory, check
code for buffer overflows and require user permission for potentially
risky operations.
Not surprisingly, the MSRC rejects Howard's argument. "Windows
Vista will not be treated any differently, and severity ratings for any
issues will be based on vulnerability traits and merits, along with
technical mitigating factors," an MSRC spokesperson said. "This process
is the same for all Microsoft products."
Although the MSRC's security bulletins may qualify a bug's severity in some specific environments, its rating system
is clear-cut. If an Internet worm can spread without user action -- the
MSRC's definition of "critical" -- on Vista, the vulnerability will be
so tagged, Vista-specific security technologies notwithstanding.
Analysts and outside Microsoft security professionals took the MSRC's side -- and blasted Howard's idea.
4:39:51 PM
|
|
jcatcw writes "Gregg
Keizer reports that Michael Howard, an MS senior security program
manager, says that the Microsoft Security Response Center (MSRC) is
being too conservative in its Vista vulnerability rating plans. Microsoft's own bug hunters should cut Windows Vista some slack and rate its vulnerabilities differently because of the operating system's new, baked-in defenses."
4:31:59 PM
|
|
|
|
Saturday, March 17, 2007
|
|
Administrivia: Possible unscheduled upgrade of Privacy Digest.
I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.
There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.
Please let me know what you think.
9:39:04 PM
|
|
FOIA Reforms Plow Forward in Congress. The House of Representatives has passed a bill that will make much-needed updates to the Freedom of Information Act (FOIA), and strengthen the public's right to get records from the federal government. H.R. 1309, the Freedom of Information Act Amendments of 2007, was approved yesterday by a considerable 308-117 margin. But the White House lashed out against the legislation, calling FOIA improvements "premature and counterproductive" in light of an 2005 presidential order requiring agencies to streamline their FOIA processes. Just this week the National Security Archive released a report showing how necessary FOIA improvements are. The non-profit research group found that most federal agencies have failed to improve online access to public information in spite of a decade-old FOIA change requiring that they do so. In related news, a bipartisan bill similar to H.R. 1309 was introduced earlier this week in the Senate. Like the House bill, S. 849, the Openness Promotes Effectiveness in our National Government Act of 2007, will improve the public's right to access government information through the FOIA and penalize agencies that don't comply with the law. Learn more about the FOIA and EFF's Flag Project here. [EFF: Deep Links]
8:58:34 PM
|
|
GoDaddy, Get a Backbone and Protect Your Users' Rights. A few weeks back, we wrote about how domain name registrar GoDaddy took offline Seclists.org based merely on an informal request and without providing any meaningful notice to the site's operator. Unfortunately, this isn't the only instance in which GoDaddy has carelessly ignored its users' rights.
In February, EFF was contacted by an anonymous owner of a parody and criticism website forum that allegedly exposes the financial corruption and domestic scandal of a local politician in Birmingham, Alabama. As part of a civil case in family court, an attorney representing the politician's girlfriend issued a subpoena to GoDaddy seeking the identity of the website owner, who was not a party to the lawsuit.
With the website owner's right to anonymous speech on the line, what did GoDaddy do? It caved without any apparent hesitation, providing its customer with a mere three days to find a lawyer and decide whether to file a challenge. GoDaddy also refused to provide a copy of the subpoena, which included essential information to determine whether and how to respond.
GoDaddy promises in its privacy policy to turn over customers' information only if required by law, but its lawyers didn't give this subpoena even a shred of scrutiny. Had they done so, they could have seen it was clearly invalid -- GoDaddy is located in Arizona and Alabama state law doesn't permit a subpoena to be issued on someone out of state. That was the ultimate conclusion of the state judge who eventually quashed the subpoena, no thanks to GoDaddy.
Even putting aside this aspect of GoDaddy's casual disregard for its customer's interests, the company's behavior is shameful. The First Amendment limits the ability of litigants to pierce a speaker's anonymity, particularly when that person isn't even being sued. GoDaddy owes its customers meaningful notice, time, and information so that they can fight back and protect their rights.
With the help of lawyer Lewis Page, the anonymous website operator did manage to move to quash before it was too late. But GoDaddy's sloppy practices still put an unfair burden on this user and continue to threaten all of its customers' rights.
For what online service providers ought to do to protect their users, check out our best practice guide. [EFF: Deep Links]
8:50:31 PM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 6:51:34 PM.
|
|
|
