Well, in an unceremonious move the Mozilla folks have released the latest incarnation of Firefox. I thought thet might have some fanfare around the launch but, nope.
You can download the one for your respective language via the following link.
Download page: Firefox 3 r1
Enjoy.
It seems that more and more stories about fake Cisco gear are popping up. And, shocker, most of the gear originated in China. This has led to the inevitable thrust and parry of the media’s lust for anything scandalous. “If it bleeds it leads” my old editor used to tell me. Which is funny when you consider I was on the entertainment desk back then.
But, is there something to this? Or are folks hunting rabbits out of season? Or is this just a story of contractor greed that has spiraled out of control? Robert O’Harrow Jr. has a nice summary piece that wraps up some of the angles in this story.
From the Washington Post:
After federal agents discovered and seized faux Cisco gear in Defense Department computers — apparently produced in China — there was some speculation that spies had tried to build in backdoor paths to sensitive or classified information.
The New Yorks Times’ John Markoff had a typically facinating piece about the investigation.
“The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components with an estimated retail value of more than $3.5 million, the F.B.I. said in a statement.”
In one part of the piece O’Harrow points to an article written by Joab Jackson at GCN. He touches on the aspect that it could be the GSA (General Services Administration) that is responsible for this mess. The GSA is a little vague with respects to policies and practices. Just look at per diems for gov employees and contractors. They hand you a chunk of money for the day for food and such. But, you don’t have to show any receipts (at least that was the case several years ago). Not a bad deal for the employee. There is apparently even more ambiguous language concerning sub-contracting.
The back door may have been left open. But, rather than the spectre of Chinese hackers planting backdoors in faux equipment (albeit possible), it seems that there may be bigger threat is in the room.
Plain old greed.
If you are at all involved in physical security as a portion of your portfolio no doubt you have considered terrorism in your risk assessments. The grand dame of mil space security information, Jane’s, announced a new service for tracking terrorism and insurgent activities around the globe.
From the press release:
Jane’s Terrorism and Insurgency Centre is the most comprehensive and authoritative source for the latest global terrorism-related news, analysis, reference and overview of worldwide terrorist activities as they happen. The database includes detailed profile assessments of over 240 terrorist groups across the world. It allows decision makers from multi-national companies and major political players to build up an intelligence picture of areas where they have business or political interests. The map operates using ESRI’s ArcIMS Geographical Information System (GIS), which is a software tool for delivering dynamic maps through the web.
OK, this is quite a cool offering. Although too rich for this scribbler’s pocket book it looks to be a significant resource for global operators.
Here is a screen cap from the demo.
You can view the demo of the new offering here: JTIC Demo
OK, first day jitters are starting to kick in. The funny thing is that my first day doesn’t start until this Tuesday.
Breathe. 
And now, the news…
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, Information Security, Security News
Always one for grabbing the spotlight (inexplicably at times) Farrah Fawcett has forgiven the hospital staffer that leaked her personal info.
From Starpulse:
Farrah Fawcett has forgiven the hospital worker accused of selling her confidential medical details to the media, insisting she’s just a “pawn” in the system.
Lawanda Jackson has been indicted by a federal jury and stands accused of snooping through celebrities’ medical records while working as an administrative specialist at Los Angeles’ UCLA Medical Center from 2006 to 2007.
A Los Angeles Times newspaper investigation suggested Jackson was responsible for alerting the National Enquirer to Fawcett’s current cancer battle before the actress had time to tell her family and friends about the health crisis.
Pawn or not it still doesn’t excuse the behaviour of this staffer. Medical records are not open season.
As I was reducing my email inbox down to zero (miracle of miracles) I noticed that the Last Hope mailing list had an interesting gem.
From the email:
This summer, hackers from around the world will track the movements of thousands of visitors to New York City.
As part of a social experiment, attendees at a hacker conference in July will be issued badges with electronic tracking devices. Large displays will show in real-time where people go, with whom they associate, for how long and how often.
The tracking technology, known as RFID, is fast becoming an unseen part of everyday life. This July, for the very first time, the general public will be able to participate in the transparent operation of a major RFID tracking program.
Conference attendees will participate in games built around the tracking system. Players will seek ways to protect their privacy, find vulnerabilities in the tracking system, employ data mining techniques to learn more about other participants, and choose how much personal information they will disclose in order to play.
I find it a little creepy that they will be able to track my movements at the show. Then again I can tell you exactly my movements.
1) get coffee
2) see speaker
3) get coffee
4) see speaker
5) get…
You get the idea.
The first 1500 pre registered attendees will get one of these passes. I’ll be sure to upload some pics as soon as I get it in my hands. For more of this check out the Last Hope website.
Ah the growing pains of a new product. Imagine that, it labeled Google as a malicious site.
From eWeek:
A company says Yahoo’s new feature incorrectly flagged its Web site and was slow to respond.
The beta version of Yahoo’s SearchScan security feature has come under fire for false positives and other mistakes.
SearchScan is the result of a partnership between McAfee and Yahoo to improve the security of Web searches. The feature, powered by McAfee’s SiteAdvisor, alerts users when sites contain spam, spyware, adware or other malicious software that could damage a PC.
However, since the beta was unveiled May 6, there have been some cases of false positives. A URL mix-up by Yahoo seemed to label Google.com as a malicious site. In another case, AnyCoupons, a Web site operated by 77Blue, was classified as a spammer. Though both issues have been resolved, the latter left a bad taste in the mouth of 77Blue CEO David Lewis, who complained that Yahoo and McAfee were slow to fix the problem.
Could have been worse. Could have been anti competitive behaviour.
heh.
Spilled coffee on my keyboard…ugh.
And now, the news…
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, Information Security, Security News
From Heise.de:
As previously announced, Microsoft published four security bulletins along with updates for six security holes on May patch day. The Redmond developers classify four of the holes as critical because they allow attackers to inject malicious code.
Security Bulletins MS08-026 and MS08-027 remedy two security holes in Word and one in Publisher that attackers could exploit using crafted documents. The holes in Word are exploitable via crafted documents in rich text format (.rtf) or Word documents with crafted cascading style sheets (CSS). All that is needed to effect the .rtf exploit is the email preview in Outlook. Manipulated object headers in Publisher documents can exploit the application to allow injected program code to be executed. The holes affect Office 2000, XP, 2003, 2007, Word Viewer 2003, the compatibility pack for Office 2007 file formats, and Office 2004 and 2008 for Mac.
More…
There has been a large number of data security breaches recently involving financial institutions. Here is a write up by Inno Eroraha on the response to a breach.
From SC Magazine:
Financial institutions are heavily regulated. They are required to implement security programs following regulations such as SOX, GLBA, SEC, NASD, etc. In fact, most of these organizations are required to execute an annual security assessment as a key compliance measure. Because an annual assessment may not discover all vulnerabilities, these organizations should be prepared to deal with security incidents involving physical facilities, network infrastructures, systems, applications, and most importantly, data.
Obviously, an entity that has no proactive mechanism to detect data, information, or system compromise wastes enormous amounts of time and money addressing an actual compromise without a response plan. To be able to deal with computer or IT related compromises, certain measures should be implemented by the institution. The following outlines example precautionary steps recommended for a bank, but some of the measures are valid for any institution.
Preparing for the inevitable
A banking institution must involve all of its resources in its security operation, including people, process and technology. Consider the following:
For the full piece read on.
Add to Google
Add to my Yahoo
Add to MSN
Add to Bloglines
Add to Newsgator
Explore
Security Bloggers Network (a FeedBurner Network)
