There’s been a lot said in security circles about a talk on Tor being pulled from Blackhat. (Tor’s comments are also worth noting.) While that story is interesting, I think the bigger story is the lack of infrastructure for disclosure coordination. Coordinating information about vulnerabilities is a socially important function. Coordination makes it possible for…Read More CERT, Tor, and Disclosure Coordination
From the app store: I hope this doesn’t cause Apple to ban snarky update messages.Read More Tap Tap Snarky
Dear Apple, In the software update, you tell us that we should see http://support.apple.com/kb/HT1222 for the security content of this update: However, on visiting http://support.apple.com/kb/HT1222, and searching for “10.3”, the phrase doesn’t appear. Does that imply that there’s no security content? Does it mean there is security content but you’re not telling us about it?…Read More Is iTunes 10.3.1 a security update?
In this week’s CSO Online, Bill Brenner writes about the recent breaks at Kaspersky Labs and F-Secure. You can tell his opinion from the title alone, “Security Vendor Breach Fallout Justified” in his ironically named “FUD watch” column. Brenner watched the FUD as he spreads it. He moans histrionically, When security is your company’s business,…Read More Who Watches the FUD Watcher?
If you haven’t heard about this, you need to. All Debian-based Linux systems, including Ubuntu, have a horrible problem in their crypto. This is so important that if you have a Debian-based system, stop reading this and go fix it, then come back to finish reading. In fact, unless you know you’re safe, I’d take…Read More The Difference Between Knowledge and Wisdom
By now, you’ve probably seen the news that “A Heart Device Is Found Vulnerable to Hacker Attacks.” Bruce Schneier has some good analysis, “Hacking Medical Devices.” I just wanted to shock Jerry Lee Lewis fans.Read More I got a rockin' pneumonia, I need a jolt of arrythmic blues!
Microsoft Office 2008 for the Macintosh is out, and as there is in any software release from anyone there’s a lot of whining from people who don’t like change. (This is not a criticism of those people; I am often in their ranks.) Most of the whining comes because Office 2008 does not include Visual…Read More Microsoft Has Trouble Programming the Intel Architecture
On Saturday I was going to a party at an apartment building. The buzzer wasn’t working, and I took out my shiny new iphone to call and get in. As I was dialing, a few young teenagers were coming out. They wanted to see the iPhone, and so I demo’d it in exchange for entry…Read More Apple’s Update Strategy is Risky
The iTunes Plus music store opened up today, which sells non-DRM, 256kbit AAC recordings. In case you have missed the financial details, the new tracks are $1.29 per, but albums are still $9.99. You can upgrade your old tracks to high-quality, non-DRM, but you have to do it en masse and it’s only for the…Read More Lrn 2 uZ ‘sed’, n00bz