Tuesday, April 25, 2006

Security time capsule opens up: SANS researcher emerges.


*************************************************************************
SANS NewsBites April 25, 2006 Vol. 8, Num. 33
*************************************************************************
-- snip --
--Researcher Warns Some Online Banking Sites Don't Provide Adequate Authentication (20 April 2006) SANS Institute chief research officer Johannes Ullrich says many widely used online banking sites do not use authentication technology to assure that they are who they claim to be. Banks would be well advised to send users to an HTTP Secure (HTTPS) web page which uses the Secure Sockets layer (SSL) security protocol instead of merely encrypting login forms.
Web pages that do not use HTTPS make themselves vulnerable to DNS spoofing in which attackers try to trick users into visiting phony web sites in an attempt to gather their account information.
http://www.computerworld.com/printthis/2006/0,4814,110738,00.html
Internet Storm Center: http://isc.sans.org/diary.php?storyid=1278
-- snip --


[Editor's Note (Axley): This is pure silliness. Their "head researcher" only now has discovered that this has been going on? I certainly applaud their efforts to raise awareness of the issue and clarify it as an authentication issue, not an encryption one, albeit late to the game, and will likely contribute my list to their list of financial institutions not authenticating their login pages (which are often on their homepages) with SSL. I had to deal with this issue at AT&T Wireless with their homepage and also am dealing with it as we speak at my present employer so it is not new. Many companies seem content these past few years to be "cream of the crap" instead of "cream of the crop" -- only striving to be "as good as" (read: "as bad as") the next guy. My prediction is that it won't stay this way since phishing is getting solidified as its own industry now. ]


Friday, April 21, 2006

Microsoft to End Support for "Outdated" Operating Systems


--Microsoft to End Support for "Outdated" Operating Systems
(18 April 2006)
Microsoft plans to retire support for Windows 98, Windows 98 SE and Windows ME on July 11, 2006; after that date, there will be no more security updates for these versions of the company's operating systems.
Microsoft calls these systems "outdated" and recommends that users upgrade to a more secure operating system, such as Windows XP.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1182527,00.html


Wednesday, April 5, 2006

Does Blockbuster suck worse than Business Method patents?

Netflix sues Blockbuster to shut online service - U.S. Business - MSNBC.com

Yet another great busienss-method patent fight. Ugh.

Well, I can't stand blockbuster, who, among other transgressions, got busted in a lawsuit for claiming in marketing, "No More Late Fees" but had a fee listed in the fine print for keeping videos longer than a week. But I can't stand business method patents wielded as swords no matter who does it.

I couldn't believe that Blockbuster had the cajones to advertise that it didn't have late fees 'like those other guys". Just hypocritical since they were one of the biggest offenders of charging late fees (and misleading customers about their fee policy, which resulted in them being sued over that too)

Monday, April 3, 2006

Washington: Home of World's Largest Egg

World's Largest Egg, Winlock, Washington

I didn't even know there was a "Winlock" in Washington, let alone that they were world-renowned!

I feel deceived though because it's not even a real egg.

"Put any object or thing that produces data, into the network"

Boing Boing: Julian Bleecker's blobjects manifesto: "Why Things Matter"

This Xport device looks pretty cool. I wonder if I could meld it with my weather station to make a data logger...


Religion, meet science: Prayer doesn't work.

Boing Boing: Prayer won't heal ya


A new scientific study shows that prayer didn't seem to help patients who underwent bypass surgery. In fact, some of the people who were prayed for did worse. The results of the study of more than 1,800 patients were published in the American Heart Journal.


So all the sports teams should think twice about relying on prayer to get to the championship. And think twice about god miraculously saving you. Evidence that things may just "happen" without divine intervention.