|
Security Pipeline Newsletter www.SecurityPipeline.com Thursday, March 24, 2005 In This Issue: - Microsoft Begins Beta Of Unified Update - A Third Of IRS Employees Suckered By Auditors Posing As Hackers - Mozilla Releases Security Updates To Thunderbird, Mozilla Suite - More News... - Report: Linux Vulnerabilities More Numerous And Severe Than Windows - Blog: IBM Isn't Getting Into The Mailbombing Business - Phishing, E-Mail Security Top IT Concerns - More Picks... This issue sponsored by VeriSign. Get a FREE SSL Security Kit from VeriSign VeriSign(r) SSL Certificates protect e-commerce and other private information with 128-bit encryption, the strongest SSL protection available anywhere. Get a Free SSL Security Kit. http://clk.atdmt.com/SFI/go/tchwesrv0460000020sfi/direct/01/ ----------------------------------------- Editor's Note: Two Perfectly Good Rants Gone To Waste The Internet has produced two art forms so far: the goofy Flash animation and the rant. Sure, there were great rants before the Internet, and there are great rants not on the Internet. The comedian Bill Hicks, who died just when the Internet was taking off in 1994, is considered by connoisseurs to be a past master of the form. John Belushi used to do these great rants on the Weekend Update segment of "Saturday Night Live" back 30 years ago. And we always like to watch "The Daily Show" on TV to see if this is the week Lewis Black is going to have an aneurysm and fall over on Jon Stewart's lap. But, still, the Internet raised the rant to an art form. To look for the best rants, you have to go to the bowels of Usenet, and find raging flamewars on Windows vs. Linux vs. OS/2 vs. the Mac, abortion (either side), gun control (either side), and who was the best captain on Star Trek. (The right answers, in no particular order: Windows, Sisko, and, what, are you crazy, do you think I'm going to answer that here and lose my job?) I was all geared up this week with not one but two great rants, but I find that the facts support neither of them. Alas. Rant #1: The anticipated report finding Linux less secure than Windows has been released. And it turns out to have been funded by Microsoft. Can you imagine? I haven't been so surprised since Darth Vader said he was Luke's father. Our recent article by Michael Cohn has some juicy details about the study, which was by Security Innovation and the Florida Institute of Technology's College of Engineering. Although our earlier article covered the study in depth, Mike reports some new information and detail. I was all wound up to scold the researchers for failing to disclose the Microsoft funding sooner, when I had the following imaginary dialogue: MY IMAGINARY FRIEND: "So, is the report worthless because Microsoft funded it?" ME: "No, of course not. Microsoft has a right to speak out on this issue. And the study raises some interesting points. Prior to our earlier article on this subject, I would have said that Linux is more secure than Windows, hands down. Now, I'd say it may be impossible to tell which operating system is more secure. The question is meaningless, like deciding whether classical music is better than rock 'n roll." M.I.F.: "If you'd known from the beginning that Microsoft had funded the study, would you have published an article about it?" ME: "Almost certainly not. Maybe a couple of paragraphs, no more." M.I.F.: "So maybe the researchers were wise to withhold the source of the funding until after the report was released? Maybe this allowed debate to focus on the SUBSTANCE of the report, rather than the funding?" ME: "Oh, fine, yes, I suppose so. Say, could you pick me up some Starbucks?" M.I.F.: "Sorry, I'm imaginary." What do you think? Which is more secure, Linux or Windows? Does the source of the funding matter? Write and let us know; we'll publish the best of your letters. RANT #2: Several respected technology news media reported that IBM was going into the business of mailbombing companies that send spam. I won't say who they are, except to say that their names rhyme with Wall Street Hournal, Mashhot, and CMM. I was all geared up to deliver a scathing rebuke to IBM, a multinational corporation with multibillion-dollar sales that's nonetheless too cheap to buy a clue. But it turns out that the stories got the facts wrong; rather, what IBM has developed is promising technology combining a limited form of challenge/response with a variety of other spam-screening measures. More Noteworthy Articles This Week Microsoft Begins Beta Of Unified Update: Microsoft Update is a substitute for Windows Update that will keep users current with security patches and other updates for not only the OS, but also Office and other products. Spam Is All Your Fault, Says Study: Users are still clicking links and even buying products advertised in spam, according to the Radicati Group. Struggling Against The Spyware Plague: Learn how IT managers, merchants, vendors and regulators are working to eliminate, or at least contain, the year's biggest security problem. Microsoft Details Inner Workings Of New AntiSpyware: Windows AntiSpyware security software looks at criteria such as whether software is deceptive and how much damage it does to a PC to identify potential problems and make recommendations to as to whether the questionable software should be ignored, quarantined, or removed. For more opinions, links, and humor about security, technology, and the Internet, see Wagner's Weblog. This week: Firefox add-on Greasemonkey customizes the Web, IT organizations don't innovate, IM pluses and minuses, Yahoo buys Flickr, flexible displays, and signs that the world is coming to an end. And sorry about the whole Darth Vader/Luke spoiler thing if you haven't seen the movie.
Mitch Wagner
Don't let future editions of Security Pipeline Newsletter go missing. Take a moment to add the newsletter's address to your anti-spam whitelist: secured@techwire.com If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks. Top Security News Microsoft Begins Beta Of Unified Update Microsoft Update is a substitute for Windows Update that will keep users current with security patches and other updates for not only the OS, but also Office and other products.
A Third Of IRS Employees Suckered By Auditors Posing As Hackers
Mozilla Releases Security Updates To Thunderbird, Mozilla Suite
Spam Is All Your Fault, Says Study
Symantec Introduces Hosted Mail Security
IBM Wades Into Murky Waters Of Anti-Spam Tech
Texas Sues Vonage, Charging Misleading Advertising
CAN-SPAM Act Authors Re-Introduce Anti-Spyware Bill
EarthLink Launches VPN Service
Feds Aim To Reduce Access To Social Security Numbers
Parents Step Up Internet Filter Use
Postini To Unveil Anti-Spam Hosted Service For Small Business
New Security Threats Target Cell Phones, Mobile Devices
Flaw Found In McAfee Anti-Virus Engine
Firefox Eats More Microsoft Market Share
FBI And Retailers Collaborate To Prevent Theft
ID Thefts Erode Bank Consumer Confidence
Westlaw Restricts Social Security Number Access
Microsoft Details Inner Workings Of New AntiSpyware
Keyloggers Foiled In Attempted $423 Million Bank Heist
Who's Forwarding All Those Dumb E-Mail Jokes? More Than Half Of
Us Editor's Picks Report: Linux Vulnerabilities More Numerous And Severe Than Windows The report was Microsoft-funded, but researchers are providing the full methodology and challenging Linux advocates to prove them wrong.
Blog: IBM Isn't Getting Into The Mailbombing Business
Phishing, E-Mail Security Top IT Concerns
Blog: Clueless Lawyer Tricks
Your Iptable Is Ready: Using A Linux Firewall
Struggling Against The Spyware Plague
Automated Security Management Gaining Favor
Financial Services Firms Re-Evaluate E-Mail Security Preparedness
Compliance Requirements Put The Bite On Small Businesses
Review: 3Com E-Mail Appliance Provides Security, Compliance For
Small Businesses
How One Company Protects Its Staff Against Spyware
What Do Data Merchants Know About You?
Legislation Won't Stall The Spyware Juggernaut
Via Network Computing: New Mobile and Wireless Blogger
Via Desktop Pipeline: New USB Flash Drive Will Move Applications
And Data From PC To PC Cast Your Vote Now! What's your favorite way to stay informed on IT topics? RESULTS UNTIL NOW I was kind of surprised to see the Web emerge as the most popular channel; I figured among newsletter subscribers, newsletters would rank as #1. Then again, the popularity of wise-guy responses indicates that this poll is even less reliable than other polls of this type, which are pretty darn unreliable to begin with. I mean, a combined 11 percent of respondents said they either get their IT news from the Psychic Friends Network or they don't want to get IT news. That's more respondents than get their news from RSS (9 percent) and equal to the number who prefer print publications. This poll is being conducted through all of the TechWeb Pipelines. We'll let the poll go another week. Respond or we'll have the Psychic Friends Network put a curse on you so that you'll always have squirrel poop in your socks. As always, if you want to write to us about IT news or any other subject, send your e-mail to mailto:mwagner@cmp.com. We'll publish the best responses. Try Security Pipeline's RSS Feed Security Pipeline's content is available via RSS feed: Get RSS link. The feed is also auto-discoverable to many RSS readers from the Security Pipeline home page. Note: RSS feeds are not viewable in most Web browsers. You need an RSS reader, Web-based service, or plug-in to view RSS. Find out which RSS readers the Pipeline editors recommend.
Check Out Our Security Product Finder
Discover All The Pipelines
Recommend This Newsletter To A Friend
This issue sponsored by VeriSign. Get a FREE SSL Security Kit from VeriSign VeriSign(r) SSL Certificates protect e-commerce and other private information with 128-bit encryption, the strongest SSL protection available anywhere. Get a Free SSL Security Kit. http://clk.atdmt.com/SFI/go/tchwesrv0460000020sfi/direct/01/ ----------------------------------------- Manage Your Newsletter Subscription We take your privacy very seriously. Please review our Privacy Policy.
Security Pipeline Newsletter
|