End of Windows XP Support Era Signals Beginning of Security Nightmare
"cuts the chord"? Are they dissecting sheet music now? Cripes.
Congresswoman and Staff Gunned Down
Several news outlets are now saying that she is still alive and in surgery, including an updated NPR story. The hospital spokeswoman confirmed that in at least one of the stories I saw.
Chrome Throws Flash Into the Sandbox
No. This was actually announced 2 weeks ago by Google and Adobe, not today.
US Inadvertently Enabled Chinese Google Hackers
This is a month old, and Schneier has since backed off this assertion.
Microsoft's Risky Tablet Announcement
How exactly can Microsoft be responding to an event that hasn't taken place yet (the Apple tablet announcement)? Is that "pre-sponding"?
Spafford: Cybersecurity Czar Job is Useless
It's also worth having a look at the blog posts that Spafford has written on this topic in the last few months. There's more background and context in there and some excellent reasoning on why this position is built to fail.
Spammer Lance Atkinson Fined $16 Million
According to the original documentation, 'In early 2008, a security company identified one
botnet -- which it dubbed "Mega-D" -- that sent sparn promoting Affking's VPXL and King
Replica products as the worst botnet in the world, accounting for 32% of all spam.'
The Mega-D botnet consisted at least 264,784 computers.
That's 264,784 UNAUTHORIZED COMPUTER ACCESS FELONIES.
Why the FUCK are we 'fining' someone who committed at least 264,784 felonies? We invade goddamn countries and charge people with war crimes for that level of criminality!
Anti-spam laws are nonsense. Forget the damn anti-spam laws. Lock them up for the felonies they're committing. Extradition would be a lot easier, too. (Of course, we could just find a few hundred IPs this guy hijacked in Australia, turn them over, and have him locked up there his entire life, instead.)
The laws are completely useless and always have been. They were passed to make consumers think that government is doing something. But the extradition and prosecution is a lot harder than it sounds, even when the criminal is in a friendly country like Australia. It takes forever and costs a lot of money, so the law enforcement agencies pass.
The Root of the Botnet Epidemic
I think people sort of lose focus on how bad this threat is. The scope of it is ridiculous. There are tens of millions of bot-infected machines out there, and I'd bet that 99% of the owners have no idea they're infected and wouldn't know what to do about it if they did. The bad guys are way ahead of the good guys on this and it's not clear when or how it will get better.
TCP DoS Flaw Finally Patched by Microsoft, Cisco
I'm sure they do possess that knowledge, but that's got nothing to do with this. Microsoft, Cisco and all of the other vendors have the same, or higher, level of skill on their staffs but they other priorities, too. It's not a simple fix and didn't involve just one version of one product.
Hackers send malware-infected CDs to credit unions
Excellent point. And that wouldn't be difficult to accomplish either, with a little money slipped to someone at the NCUA or something.
Many sites use silent Flash cookies to track users
I see this as the sites' failing, not a problem for Adobe to fix. It's their fault for not telling users what they're doing and how.
New Linux kernel flaw allows null pointer exploits
Right now it looks like just that version, but it won't be long I'd bet before others are testing it against older releases.
Facebook Violates Canadian Privacy Law
wait wait wait. They have computers in Canada?
New Mac OS X rootkit to be revealed at Black Hat
May not be many Macs in enterprises, but there are millions of them in homes, and they're just as valuable as bots as any windows box. And owning any box gets you access to banking passwords, whatever else.
Hackers Find Remote iPhone Crack
Exactly. And this was on 2.0, and 3.0 is out already. Nothing to see here.
US Plans To Bulldoze 50 Shrinking Cities
Are nominations still open? DC, B'more and Orlando should be at the top of the list. Maybe Dallas too.
New attack exploits virtually all intranets, VPNs
I think this is similar to a problem that networking people have been dealing with for like 15 years. The main problem is in the RFC, which was written before there were hundreds of millions of machines on the interwebs.
Schneier Says We Don't Need a Cybersecurity Czar
That's exactly it. The czar concept in general is flawed, even in departments or industries that have a clear mission and control of that mission. Neither is true in cyber security. We don't need another figurehead creating the illusion of action.
Snow Leopard security not good enough
Apple has clearly shown it's not interested in security. If it were, it wouldn't wait and release 49 patches at once or only include portions of ASLR in OS X.
Schneier: We don't need a cybersecurity czar
None of these czars has gotten us anywhere in any other industry either. Consumer, car, health care, Russia...