Schneier.com: Crypto-Gram: January 15, 2004 — Color-Coded Terrorist Threat Levels:
"… the threat levels are largely motivated by politics. There are two possble reasons for the alert.
Reason 1: CYA. Governments are naturally risk averse, and issuing vague threat warnings makes sense from that perspective. Imagine if a terrorist attack actually did occur. If they didn't raise the threat level, they would be criticized for not anticipating the attack. As long as they raised the threat level they could always say 'We told you it was Orange,' even though the warning didn't come with any practical advice for people. "
Reason 2: To gain Republican votes. The Republicans spent decades running on the "Democrats are soft on Communism" platform. They've just discovered the "Democrats are soft on terrorism" platform. Voters who are constantly reminded to be fearful are more likely to vote Republican, or so the theory goes, because the Republicans are viewed as the party that is more likely to protect us.
(These reasons may sound cynical, but I believe that the Administration has not been acting in good faith regarding the terrorist threat, and their pronouncements in the press have to be viewed under that light.)
I can't think of any real security reasons for alerting the entire nation, and any putative terrorist plotters, that the Administration believes there is a credible threat.
http://www.schneier.com/crypto-gram-0401.html#1
Saturday, January 17, 2004
Friday, January 16, 2004
News: Report: Spam claims two-thirds of e-mail:
"MessageLabs, an e-mail filtering company, claims 65 percent of e-mail sent to its users is spam, according to data it collected during December and released Monday.
While the statistics point to a dramatic upswing in the ratio of spam to legitimate e-mails--up from 43.7 percent in September, 50.5 percent in October and 55.1 percent in November--the figures only take into account e-mails being sent to MessageLabs' clients, many of whom signed up to the service because they received a high volume of spam, MessageLabs Australia's technical director David Banes conceded.… "
http://zdnet.com.com/2100-1105_2-5139469.html
"MessageLabs, an e-mail filtering company, claims 65 percent of e-mail sent to its users is spam, according to data it collected during December and released Monday.
While the statistics point to a dramatic upswing in the ratio of spam to legitimate e-mails--up from 43.7 percent in September, 50.5 percent in October and 55.1 percent in November--the figures only take into account e-mails being sent to MessageLabs' clients, many of whom signed up to the service because they received a high volume of spam, MessageLabs Australia's technical director David Banes conceded.… "
http://zdnet.com.com/2100-1105_2-5139469.html
Thursday, January 15, 2004
The Ten Immutable Laws of Security Administration :
"As in the case of the immutable laws for users, the laws on this list reflect the basic nature of security, rather than any product-specific issue. Don't look for a patch from a vendor, because these laws don't result from a technology flaw. Instead, use common sense and thorough planning to turn them to your advantage."
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/10salaws.asp
"As in the case of the immutable laws for users, the laws on this list reflect the basic nature of security, rather than any product-specific issue. Don't look for a patch from a vendor, because these laws don't result from a technology flaw. Instead, use common sense and thorough planning to turn them to your advantage."
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/10salaws.asp
Wednesday, January 14, 2004
News: Wi-Fi testing finds weak links:
"At least one in every four Wi-Fi products examined by the Wi-Fi Alliance has failed its certification test--a sign that many pieces of wireless equipment on the market are incapable of working as well as users might expect. "
Products that sport the Alliance's seal of approval are certified to work with each other and provide the performance expected from the 802.11a, b or g standards. This means that users can buy certified 802.11x routers, access points and cards knowing that they should all be compatible.
But while a great many Wi-Fi products have been approved by the Alliance, several hundred did not pass its tests.
"Based on testing of more than 1,000 products over several IEEE 802.11 standards, products that are prepared for Wi-Fi certification testing fail 25 (percent) to 30 percent of the time--or more depending on the technology being tested," said Wi-Fi Alliance managing director Frank Hanzlik.
"Products that do not go through the rigorous testing preparation process have an even higher failure rate. Without Wi-Fi certification, these product failures would have been experienced by the technology consumer," Hanzlik added.
A product that fails Wi-Fi certification can still be launched, though, and a manufacturer could still label its wireless products as "802.11b compatible" even if they only work with its own range of equipment and not with those from another company.
The Wi-Fi Alliance says that certification is becoming increasingly important as the wireless-networking market grows and matures.
http://zdnet.com.com/2100-1103_2-5139499.html
"At least one in every four Wi-Fi products examined by the Wi-Fi Alliance has failed its certification test--a sign that many pieces of wireless equipment on the market are incapable of working as well as users might expect. "
Products that sport the Alliance's seal of approval are certified to work with each other and provide the performance expected from the 802.11a, b or g standards. This means that users can buy certified 802.11x routers, access points and cards knowing that they should all be compatible.
But while a great many Wi-Fi products have been approved by the Alliance, several hundred did not pass its tests.
"Based on testing of more than 1,000 products over several IEEE 802.11 standards, products that are prepared for Wi-Fi certification testing fail 25 (percent) to 30 percent of the time--or more depending on the technology being tested," said Wi-Fi Alliance managing director Frank Hanzlik.
"Products that do not go through the rigorous testing preparation process have an even higher failure rate. Without Wi-Fi certification, these product failures would have been experienced by the technology consumer," Hanzlik added.
A product that fails Wi-Fi certification can still be launched, though, and a manufacturer could still label its wireless products as "802.11b compatible" even if they only work with its own range of equipment and not with those from another company.
The Wi-Fi Alliance says that certification is becoming increasingly important as the wireless-networking market grows and matures.
http://zdnet.com.com/2100-1103_2-5139499.html
Tuesday, January 13, 2004
Calendar Of Updates (Powered by Invision Power Board):
"Keep Your Security Software Current
Upgrades, Updates & Definitions"
… hard working people have put together a web site that deals with software updates, especially security updates. It is a free site where members can help with the updates.
Thanks to WinXPnews
http://www.winxpnews.com/issues.cfm
http://www.dozleng.com/updates/
"Keep Your Security Software Current
Upgrades, Updates & Definitions"
… hard working people have put together a web site that deals with software updates, especially security updates. It is a free site where members can help with the updates.
Thanks to WinXPnews
http://www.winxpnews.com/issues.cfm
http://www.dozleng.com/updates/
Monday, January 12, 2004
Microsoft Bows to Pressure, Extends Support for Older Windows Versions:
"Microsoft Corp. on Monday capitulated to customer pressure and announced that it would now continue extended support for Windows 98, Windows 98 Second Edition and for Windows Millennium Edition (ME) until June 30, 2006. "
… on Monday a company spokesman told eWEEK that the decision to extend support for the products was "part of Microsoft's ongoing effort to respond to customers' needs around the world." During this time, Microsoft will continue to offer paid phone support and will continue to review any critical security issues and take appropriate steps.
"Microsoft made this decision to accommodate customers worldwide who are still dependent upon these operating systems and to provide Microsoft more time to communicate its product lifecycle support guidelines in a handful of markets—particularly smaller and emerging markets," he said.
According to officials, Microsoft also wanted to bring Windows 98 SE into compliance with the company's current lifecycle policy for new products, which provides for support for seven years instead of the original four.
"Microsoft made the decision to also lengthen support for Windows 98 and Windows Me customers through the same date in order to provide a clear and consistent date for support conclusion for all of these older products," the spokesman said.
The move is expected to bring relief to some IT users, and particularly consumers, given the millions who still use the products.…
http://www.eweek.com/article2/0,4149,1434318,00.asp
"Microsoft Corp. on Monday capitulated to customer pressure and announced that it would now continue extended support for Windows 98, Windows 98 Second Edition and for Windows Millennium Edition (ME) until June 30, 2006. "
… on Monday a company spokesman told eWEEK that the decision to extend support for the products was "part of Microsoft's ongoing effort to respond to customers' needs around the world." During this time, Microsoft will continue to offer paid phone support and will continue to review any critical security issues and take appropriate steps.
"Microsoft made this decision to accommodate customers worldwide who are still dependent upon these operating systems and to provide Microsoft more time to communicate its product lifecycle support guidelines in a handful of markets—particularly smaller and emerging markets," he said.
According to officials, Microsoft also wanted to bring Windows 98 SE into compliance with the company's current lifecycle policy for new products, which provides for support for seven years instead of the original four.
"Microsoft made the decision to also lengthen support for Windows 98 and Windows Me customers through the same date in order to provide a clear and consistent date for support conclusion for all of these older products," the spokesman said.
The move is expected to bring relief to some IT users, and particularly consumers, given the millions who still use the products.…
http://www.eweek.com/article2/0,4149,1434318,00.asp
News: Windows 98 support shifts to CD:
"When Microsoft pulls the plug on Windows 98 support next Friday, it will offer a free CD designed to help users 'make the most' of the aging operating system, without any further assistance from the software giant.
Six years after its launch, Windows 98 is still used by about a fourth of Web surfers. Microsoft announced last year that it would stop supporting Windows 98 on Jan. 15, meaning that millions of users will soon be left exposed when new exploits and vulnerabilities are discovered. "
Lars Ahlgren, senior marketing manager at Microsoft, told ZDNet UK that the CD, which the software giant created with Future Publishing, will provide hints and tips, technical content and exclusive Knowledge Base articles. The content will also be published on Microsoft's support Web sites.
"We have made an arrangement with Future Publishing so we get Windows 98 content that is not just technical; it is also about how to get more from your Windows 98 machine. For those who have difficulties getting on the Web or want the content on a CD, we will ship them the CD for free, if they call us or register on the Web," Ahlgren said.
Ahlgren also acknowledged that Microsoft is hoping to keep Windows 98 users' expectations low, so that if there is a serious security breach the company decides to patch, they will be pleasantly surprised.…
http://zdnet.com.com/2100-1104_2-5138328.html
"When Microsoft pulls the plug on Windows 98 support next Friday, it will offer a free CD designed to help users 'make the most' of the aging operating system, without any further assistance from the software giant.
Six years after its launch, Windows 98 is still used by about a fourth of Web surfers. Microsoft announced last year that it would stop supporting Windows 98 on Jan. 15, meaning that millions of users will soon be left exposed when new exploits and vulnerabilities are discovered. "
Lars Ahlgren, senior marketing manager at Microsoft, told ZDNet UK that the CD, which the software giant created with Future Publishing, will provide hints and tips, technical content and exclusive Knowledge Base articles. The content will also be published on Microsoft's support Web sites.
"We have made an arrangement with Future Publishing so we get Windows 98 content that is not just technical; it is also about how to get more from your Windows 98 machine. For those who have difficulties getting on the Web or want the content on a CD, we will ship them the CD for free, if they call us or register on the Web," Ahlgren said.
Ahlgren also acknowledged that Microsoft is hoping to keep Windows 98 users' expectations low, so that if there is a serious security breach the company decides to patch, they will be pleasantly surprised.…
http://zdnet.com.com/2100-1104_2-5138328.html
Subscribe to:
Posts (Atom)
Posts
