My friend Damon Cortesi, of international notoriety, has started up a new blog for those software engineers who are starting up their own business, or have already started their own business and have some questions. His blog is heavily focused on security for startups but has great information that everyone can appreciate. Take a look at his blog, subscribe to his feed and drop comments!
Brought to our attention by Damon Cortesi, Internet Security and Application Security Specialist. The 2007 Ethical Hacker Challenge is alive and well.
As reported by Sunbelt, some people will stop at nothing to sell you snake oil. Or, apparently, marijuana. Alex makes a good point that if you’re dumb enough to try you could get a knock on the door from the authorities (at the worst) or just a bag of oregano (at the least).
Read more here.
What Happened?!
Vetoed by the Govinator! Who cares? Everyone wants to report how this is such a horrible travesty. Major media is missing an important aspect of AB 779. The data protection sphere is self-regulating at the moment. Credit card companies have the PCI DSS standard to follow, most of which covers a huge portion of AB 779. Honestly, let’s pull our heads out of the sand.
It’s All Politics
To me it appears that the media is making this a POLITICAL issue. Sure, we can wrap it up into a pretty little identify-theft prevention bundle, but it’s a political message to attempt to make an election issue and the negative effects of a conservative Republican Governor in a largely liberal state.
Within the last several days, Microsoft Windows Updates has started patching files on Windows XP and Windows Vista without users’ knowledge or intervention. What is even stranger is that these updates will run even if the auto-update features have been disabled.
Many organizations opt to test software updates before distributing out to the end user. Unauthorized patching in the background, even for the patching mechanism itself, should not happen. If Microsoft can update their software without permission or user intervention what other changes or access to your information do they have?
When users launch the Windows Update website from their browser they may be prompted to install an update for Windows Update. This holds true on new installations of the operating systems, which makes total sense. At this point the user can opt to not install the update and therefore not patch the system or they can accept the change and load up all 85 updates (since Windows XP Service Pack 2 was released). Microsoft has now decided that they will do this in the background without permission even if the user has disabled automatic updates.
Microsoft has been fairly silent about the updates. The only information released was a snip on the Microsoft Community forums.
“Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won’t work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed.”
Microsoft responded stating that the update is a consumer only release that addresses specific issues found after the previous release of Windows Updates. Even so, Microsoft has yet to disclose what these issues are that the patches addressed.
Vista Files Updated:
1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll
Windows XP Files Updated:
1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll
It’s important that we note that there’s nothign harmful about the updated files. There’s been no reports of roll-backs beng required or issues after the update was installed. The real issues isn’t if the patch was necessary but how Microsoft is handling the patching, without user authorization or consent.
Network Security Professionals Professing Network Security!
