Quoted by Arthur on Emergent Chaos who found it via Decaf on DeadBeefCafe:
We’re going to buy Mac Minis and run Windows on them because Macs aren’t affected by these security problems.
I think I’m going to stop laughing soon.
Let’s see; we’ll fix the monoculture problem by grafting the vulnerable cotton bolls onto different root stock….
-jsq
Danish security company Secunia ApS reported today that IE7 contains an information disclosure vulnerability, the same one it reported in IE6 in April. The vulnerability affects the final version of IE7 running on Windows XP with Service Pack 2.Fortunately, there’s Firefox, and Opera, and Safari.First security flaw signaled in IE7 Peter Sayer, IDG News Service, October 19, 2006
-jsq
McAfee launched a new corporate strategy on Oct. 16 aimed at helping companies integrate IT defenses used to fight external attacks and manage internal compliance, announcing a $20 million buyout of data leak prevention software maker Onigma as part of the expanded effort.Continue readingMcAfee Acquires Onigma, Launches Risk Management Strategy, By Matt Hines, eweek.com< October 16, 2006
-jsq
Mozilla has hired Window Snyder to help organize their security efforts. The article, Ex-Microsoft Security Strategist Joins Mozilla By Ryan Naraine, September 6, 2006, doesn’t say what her title will be. It does say she used to work for Microsoft and before that for @Stake. Hm, maybe she’ll have a more steerable employer this time….
-jsq
PS: Seen on Financial Cryptography, which points out that this could help Mozilla deal with longterm threats like phishing.
Gartner says even Microsoft can’t support the cost of monoculture:
Vista will be the last version of Windows that exists in its current, monolithic form, according to Gartner.
Instead, the research firm predicts, Microsoft will be forced to migrate Windows to a modular architecture tied together through hardware-supported virtualisation. "The current, integrated architecture of Microsoft Windows is unsustainable – for enterprises and for Microsoft," wrote Gartner analysts Brian Gammage, Michael Silver and David Mitchell Smith.
Windows Vista the last of its kind By Matthew Broersma, Techworld, 25 August 2006
The dinosaur has gotten too big for its environment, so big it’s become too difficult for enterprises to migrate from one release to another, and it’s too hard for Microsoft to release regular updates, or even patches. So what’s an overgrown dinosaur to do?
Continue readingThe lead story contains an important notification by Major General Lord of broad-based US federal IT security failure. As senior officials discover how bad federal security really is, they have begun looking for solutions (some are also looking for scapegoats.) The first and most important change they will make is to begin cutting budgets for policy and report writers, and transfer budget and responsibility to operational technical security projects and professionals who can actually protect their systems. The transformation has already begun. If you have soft skills (policy writing, security awareness, risk assessment, C&A report writing, etc.) and want to have great, long-term job prospects in security, it makes sense to move quickly to add hands-on technical skills so you can lead the teams of people who will be needed to turn the tide against the attackers.–Alan Paller, SANS NewsBites Vol. 8 Num. 65
I hope some of the new DoD employees and contractors also look up from traditional security to risk management. Continue reading
Paul Ferguson notes that DHS says that a recent Microsoft patch that has already been exploited puts national security at risk. While on the one hand that’s very interesting, because that’s the sort of thing that could lead to software vendor liability, despite the current legal loophole that keeps the software vendors off the hook, yet on the other hand, I’d rather not see such liability come through the root password of national security, because you never know what form it would take or where it would stop. And on the third hand, if Microsoft software is so insecure as to adversely affect national security, when DHS decided to require a monoculture of Microsoft software on its own computers, what effect did that have on national security?
-jsq
Let me demonstrate by the same method that it’s not possible to build a secure house. Continue reading
By taking advantage Google’s binary search capability, Websense has created new software tools that can sniff out malware using the popular search engine. Websense researchers Googled for strings that were used in known malware like the Bagel and Mytob worms and have uncovered about 2,000 malicious Web sites over the past month, according to Dan Hubbard, senior director of security and research with Websense.It’s astonishing nobody thought of that before. It’s good that Dan Hubbard and Websense did.Google’s Binary Search Helps Identify Malware Thousands of malicious Web sites pinpointed thanks to a little-known capability in Google’s search engine. Robert McMillan, IDG News Service Friday, July 07, 2006
The article also quotes somebody that says that miscreants fiddling keywords to con users into downloading malware is old hat, because “most Web surfers are smart enough to avoid” it. Yet it only takes a percent of users to make it worth the miscreant’s while.
-jsq