Date: 01/25/08 (Web Development)    Keywords: html, technology, database, security, web

I realize that this is a webdev group targeted at web application developers, but since we all know a thing or two about security, I was wondering what all of you think about RFID chips in passports?

Basically it's a radio-frequency chip that will be issued in new passports in the U.S. The chip will contain personal information, an image of what a person looks like, and can be read by an RFID reader when placed up close - it is then transferred over a wireless network to a database. The technology is "similar to what is used at Wal-mart to track goods" (Source: http://www.washingtonpost.com/wp-dyn/content/article/2007/12/31/AR2007123101922.html)


Do you think this idea is safe in terms of identity theft?
Should this idea continue?

I am just curious as to what all of you think, not taking any polls or anything, but just trying to get a conversation going :)


In my opinion, I think as long as there will be new secure measures of holding on to information, hackers will dedicate more time on trying to exploit what they find.

That's what they're paid for!


You can read more about it here if you don't believe me: http://travel.state.gov/passport/ppt_card/ppt_card_3926.html

Source: http://community.livejournal.com/webdev/461070.html

Date: 01/30/08 (Security)    Keywords: security, microsoft

A workable exploit attack for a TCP/IP vulnerability in Microsoft's Windows has been launched into the wild courtesy of security firm Immunity. On Jan. 17, it became clear that you shouldn't dawdle on deploying Microsoft's MS08-001 patch. That patch, issued Jan. 8, fixed a Transmission Control Protocol/Internet...

Source: http://blogs.zdnet.com/security/?p=840

Date: 01/31/08 (Security)    Keywords: security

Internet Attorney Sophia Cope says the new law will do more harm than good and the better idea is for Congress to revisit a fundamentally flawed law. The government claims that driver's license "reform" will help combat illegal immigration and generally protect national security, but it fails to...

Source: http://news.zdnet.com/2010-9588_22-6228491.html

Date: 01/31/08 (Security)    Keywords: security

In the fight against security breaches, PGP Chief Executive Phil Dunkelberger cautions that encryption by itself is not the answer. One of the questions I'm frequently asked is, "If perimeter-based data security strategies are breaking down, why aren't more companies using encryption to protect their confidential information?" ...

Source: http://news.zdnet.com/2010-1009_22-6228252.html

Date: 01/31/08 (Data Management)    Keywords: security

Internet Attorney Sophia Cope says the new law will do more harm than good and the better idea is for Congress to revisit a fundamentally flawed law. The government claims that driver's license "reform" will help combat illegal immigration and generally protect national security, but it fails to...

Source: http://news.zdnet.com/2010-9588_22-6228491.html

Date: 02/01/08 (Security)    Keywords: security

I spent the last ten days in London and Frankfurt in a morning-to-night whirlwind of business meetings. While the trip was great, it left me no literally time to blog, which was a drag. Nonetheless, walking through Frankfurt security, I looked up and saw beautiful blog material -- a public...

Source: http://blogs.zdnet.com/projectfailures/?p=578

Date: 02/04/08 (Security)    Keywords: security

Security researcher Elazar Broad has found another vulnerability in Facebook's Aurigma ImageUploader control. And these vulnerabilities are stacking up. In an advisory on the Full Disclosure email list on Sunday, Broad wrote: The control is vulnerable to a stack-based buffer overflow in the ExtractExif and...

Source: http://blogs.zdnet.com/security/?p=846

Date: 02/04/08 (Security)    Keywords: security

If we look at the investment in enterprise IT security infrastructure over the past decade, companies have invested heavily in their perimeters while ignoring the inside, says Sentrigo's Slavik Markovich. Commentary--We begin with a story: A wealthy man decides to protect...

Source: http://news.zdnet.com/2424-9595_22-186769.html

Date: 02/04/08 (Data Management)    Keywords: security

If we look at the investment in enterprise IT security infrastructure over the past decade, companies have invested heavily in their perimeters while ignoring the inside, says Sentrigo's Slavik Markovich. Commentary--We begin with a story: A wealthy man decides to protect...

Source: http://news.zdnet.com/2424-9595_22-186769.html

Date: 02/05/08 (Data Management)    Keywords: security

The White House unveiled its fiscal 2009 budget proposal and the $3.1 trillion monstrosity throws the U.S. Computer Emergency Readiness Team $242 million to boost its malware and intrusion detection capabilities. According to the proposed budget released on Monday, "a more robust US-CERT will increase the cyber security posture...

Source: http://blogs.zdnet.com/security/?p=851

Date: 02/05/08 (Security)    Keywords: security

Interesting email in today mailbag:  "Will SP1 contain undisclosed or undocumented security fixes?" For some people, counting the number of security flaws that one OS has compared to another is important because it offers a metric upon which to determine which OS is the most secure (personally,...

Source: http://blogs.zdnet.com/hardware/?p=1225

Date: 02/06/08 (Computer Geeks)    Keywords: technology, security, web, microsoft, google

The most common question that I get in my inbox is...

Why don't you use Mac OS X?

Some of you are under the impression that I don't use Apple products, or anything that's not Microsoft. That's not true. I am, in all honesty, a company agnostic. I use an iPod, I use many of the Google products, I use a Playstation instead of an Xbox...I use tons of things that aren't made by Microsoft. And, I'll say it, Windows is the only thing that Mircrosoft has produced that I like.

I'm not being ignorant, I'm very open-minded about technology. I'm not a die-hard anything. If Microsoft put out an absolute stinker that didn't even work, you'd bet I'd switch over to Ubuntu or Mac OS in a heartbeat (or maybe I would just downgrade to the previous version of Windows).

Some of you are also under the impression that I've never even tried Mac OS X or any operating system besides Windows. Far from true. Just two weeks ago, I was running Ubuntu. I liked it, but I couldn't lose my Windows apps. I've got connections with people that run Macs, and they've let me work on their computers, and I'm a fairly experienced Mac OS X user (though that's not saying much).

I get this question at least once a day by IM, email, LJ-message, whatever, and I decided to post the answer here in a new weekly feature to this journal.

Before I begin, I want to make it clear that Mac OS X is a fantastic alternative to the world of Windows. If you're just using it for photos, web browsing, stuff like that, Mac OS X is great. If you're a power-user, though, you need an OS like Windows. Now, I bring you the reasons why I don't use Mac OS X.

User interface
The Menu Bar is too far away from your focus. When you have an application open, your focus is on the middle of the screen (I don't see why you would have a window maximized since the dock (I'll get to that later) is in the way, and the monitor is huge). The Menu Bar is all the way at the top, hundreds of yards away from your focus. I didn't even notice it the first few times I was using it.

The dock is just terrible. Icons for the same file type are exactly the same, so you can't tell what is what. It gets in the way. Didn't they learn to avoid things like this in GUI Design 101? The dock, while it looks great and is a great marketing strategy, doesn't do much for productivity. Windows' quick launch bar is way better.

Usability
When using Mac OS X, I found my productivity was cut by a fraction. It wasn't a big difference, but it was a significant one. Like I said, if you're a general user, Mac OS X is fine, but for me, I've got to have something where I can actually do important things. There are also articles on the web that put Windows and Mac OS X running on the exact same hardware (a Mac computer!), and found that Mac OS X was slower than Windows. On a Mac computer. Hey, it surprised me, too.

Security
I know, I know. Mac OS X has this big reputation about being the most secure OS on the planet. Even though it's not true, think about the users. Mac OS X has about 20% of the market share, the rest goes to Windows. That's over 250 million users, ladies and gentlemen.But, nonetheless, Mac OS X does have some security issues.

Time Machine, which is praised by Mac OS users, does it's job just a little too well. Let's say you downloaded a Trojan, and let's just say it deleted some of your data. You restore your data from Time Machine, but guess what? It restores that Trojan as well. My idea: when you remove something from your computer, a Trojan, it should ask you if you want it archived in the Time Machine. Just a little suggestion

Cost
Jesus Christ! $1,200 for an iMac with only 250GB of storage? $1,700 for a MacBook Air? This is ridiculous. I can buy a brand new HP computer with Windows installed, with 600GB of storage, for only about $800. Maybe the iMac should cost a little more, because it can run Windows, and it's the only machine that you can run Mac OS X on legally, and it doesn't have a tower, but not that much more. Maybe $900, maybe a little more. I'll be honest, though, I don't mind having a computer tower. Building a desktop computer using notebook computer parts just doesn't seem safe to me.

So, those are my main concerns about Mac OS X, and I why I won't use it. When Mac OS XI comes around, I might check it out, to see if there is any improvement, but until then, I'm a Windows user.

Source: http://community.livejournal.com/computergeeks/1149394.html

Date: 02/06/08 (Security)    Keywords: html, security, web

Skype said today that a security bug in the Skype for Windows client has been identified and fixed. Here's the problem, according to Skype: Skype uses Internet Explorer web control to render HTML content. ...

Source: http://blogs.zdnet.com/ip-telephony/?p=3168

Date: 02/06/08 (Security)    Keywords: security, spam

For the third month running, compromised computers in Europe have pushed out more spam than those in the U.S. European spam networks have pumped out more unsolicited e-mail than those in the U.S. for the third month in a row, according to security vendor Symantec. Symantec...

Source: http://news.zdnet.com/2100-1009_22-6229352.html

Date: 02/06/08 (Security)    Keywords: security

If you got a prompt to upgrade your Adobe Reader to version 8.1.2 you're not alone. Betcha didn't know it's a major security fix though. Why? You wouldn't know because Adobe hasn't told anyone. The best information you'll get is a few snippets in an Adobe Knowledge...

Source: http://blogs.zdnet.com/security/?p=858

Date: 02/07/08 (Security)    Keywords: security, microsoft

Microsoft on Thursday issued advance notice of 12 security bulletins ahead of its February batch of patches with seven critical flaws affecting Vista, Internet Explorer and Office. The most notable patch will likely cover that Excel zero day vulnerability that surfaced last month. Since Microsoft confirmed the...

Source: http://blogs.zdnet.com/security/?p=866

Date: 02/06/08 (Security)    Keywords: security

WordPress has released version 2.3.3 to plug a flaw that would allow a specially crafted request to edit posts of other users on that blog. In a post, WordPress noted that 2.3.3 is "an urgent security release." You can fix the flaw without downloading the new version....

Source: http://blogs.zdnet.com/security/?p=859

Date: 02/05/08 (Security)    Keywords: security

IBM's Internet Security Systems is previewing its X-Force report and disclosed a notable factoid: Vulnerability disclosures fell 5.4 percent in 2007 relative to 2006. Here's the data in a chart as disclosed in the ISS blog: Feel safer yet? You...

Source: http://blogs.zdnet.com/security/?p=855

Date: 02/05/08 (Security)    Keywords: security

The White House unveiled its fiscal 2009 budget proposal and the $3.1 trillion monstrosity throws the U.S. Computer Emergency Readiness Team $242 million to boost its malware and intrusion detection capabilities. According to the proposed budget released on Monday, "a more robust US-CERT will increase the cyber security posture...

Source: http://blogs.zdnet.com/security/?p=851

Date: 02/08/08 (Security)    Keywords: security, web

Mozilla on Friday delivered its Firefox 2.0.0.12 update including patches that fix a Web forgery flaw, browsing history and forward navigation stealing and the directory traversal via chrome, which has been the most visible vulnerability of late. According to the Firefox security advisory, Mozilla filed the following...

Source: http://blogs.zdnet.com/security/?p=870