Why is it that I can attend a Washington Nationals game and bring in food and water yet when attending a Washington Capitals game, such items are prohibited?
Obviously, people bringing in food affects their food sales.
An usher gave me the usual “security” malarky as an explanation. If I’m a security risk because I’m bringing in a 20 oz container of water, then that Dasani truck driver must be on the ten most wanted list.
Archive for the ‘Uncategorized’ Category.
Keeping the World Safe from Hydration
JAVA1.6 Update 11
From US CERT
Sun has released alerts to address multiple vulnerabilities
affecting the Sun Java Runtime Environment. The most severe of
these vulnerabilities could allow a remote attacker to execute
arbitrary code.
II. Impact
The impacts of these vulnerabilities vary. The most severe of these
vulnerabilities allows a remote attacker to execute arbitrary code.
III. Solution
Apply an update from Sun
These issues are addressed in the following versions of the Sun
Java Runtime Environment:
* JDK and JRE 6 Update 11
* JDK and JRE 5.0 Update 17
* SDK and JRE 1.4.2_19
* SDK and JRE 1.3.1_24
Firefox/Seamonkey/Thunderbird Vulnerabilities
Patches are out for Firefox, Seamonkey and Thunderbird to resolve vulnerabilities that would allow credential theft, information disclosure, and arbitrary code execution
These issues are present in:
Firefox 3.0.3 and prior
Firefox 2.0.0.17 and prior
Thunderbird: 2.0.0.17 and prior
SeaMonkey 1.1.12 and prior
The Internet is not Private
We’ve all seen the stories about the intern busted by Facebook. We laughed at it, but did we stop to consider how traceable what we post on forums and blogs?
A recent incident on a forum where I’m a member has caused people to question their openness in an Internet community. In the incident that sparks this post, an individual made the mistake of using their real name as a screen name and posted personal information (home town and what type of business they are in – real estate). They then often said derogatory things about their manager and co-workers.
It became a simple matter for someone to find the company they work for. It took one Google query for first-name last name, state and “real estate”. Real Estate offices tend to list everyone working in a office along with posting pictures, job title and contact information. It was all too easy for someone to track down her boss and share “private” discourse. Or it could have happened the other way, people in her office learned of the discussion forum and found the thread.
So what do you do about this? I guess the first thing not to say things in private that you haven’t said to someones face first. While there is blowing off steam, doing so online in a large forum is more likely to get you in trouble than talking to your friends at the bar after work.
I would tend to use a screen name and try to avoid connecting it with real name. That becomes very hard though. People can and do screw that up.
Make Love not Cyberwar
UPI had an article Monday, titled U.S. Urged to go on Offense in Cyberwarfare.
“The best defense is a good offense and an offensive [cyberwar] capability is essential to our national defense,” Rep. Jim Langevin told United Press International, calling it “a necessary deterrent.”
“Warfare is forever changed. … Never again will we see major warfare without a strong cyber component executed as part of it,” the Rhode Island Democrat added, citing the assault on Georgian government Web sites that accompanied Russia’s invasion last month.
Oh you’ll see the enemy quaking in their boots when they see the Cyber Corps coming.
This should have a familiar ring, because back in May 2008 there were articles about the USAF wanting to establish a military botnet so they can ping carpetbomb our enemies back into the stone age.
What they think I said – what I really said
Have you ever opened a tech support case by calling in, then later reviewed the case via a support web portal? Its kind of funny to see what is lost in the translation.
A couple examples come to mind.
Bluecoat.
I open a ticket asking for help allowing access to gotoassist.com. This is a citrix owned website that is in the gotomeeting, gotomypc family. According to the ticket, I was having a problem going to assist.com.
Symantec
I opened a case asking for help using SecurID to log into Symantec Endpoint Protection Manager (SEPM). They thought I was having a problem authenticating with SecurIZ. That’s right your product uses SecurIZ for authentication not SecurID. No wonder I couldn’t get it working.
These cases were successfully resolved.
Adobe Acrobat and Reader 9 Released
Adobe Acrobat and Reader 9 were released this week. I received an update notification from a Sr. Product Manager at Adobe, it advises that “once a major new version such as this comes out, you have 6 months to update from the older Reader 8.”
I had kind of been wondering about Adobe’s product support lifecycle. Adobe Reader/Acrobat 7 just got an update not too long ago. Is Adobe really is going to pull the plug on 8 in 6 months? That seems like a very short about of time. When you look at past versions they’ve had Office conflicts that weren’t resolved for a while. I haven’t looked, but I assume the Adobe customization wizard (tuner) that is used to package Adobe Acrobat and Reader for enterprise deployment is also yet to be released.
I’m thinking January 2009 to push out Adobe Reader, unless of course they once again coerce an update by patching something in the newer version and leaving the older version alone for months.
Firefox 2.0.15
Firefox 2.0.15 is out today. Open Firefox, select Help and Check for Updates.
This update fixes 12 security vulnerabilities, 3 of which are described as critical.
To update, open Firefox, select Help and Check for Updates or install Firefox 3.
Getting Updates
We’re still in a world where you have to be interested and involved in order to keep your computer updated.
Rod Trent of MyitForum complained last week that he didn’t get notified of a needed Adobe Reader update until he actually opened Adobe Reader.
It is a problem. If you don’t use the application, you don’t get notified of an update. In many cases you’re still vulnerable just by having the software installed. Those in security might say “if you’re not using it uninstall it.” That doesn’t seem practical to non-security people. Some might say, “the application leave a service running to notify me of updates”. Is that what we really want? I dont want my applications to leave an updater running all the time. I kill most autolaunches when I’m packaging software.
Firefox prompts for updates when it is used. They brag that it is the most updated browser. That’s because the people doing the checking were looking at Google search logs which only collected information from people using the browser. If they used the browser they were thus prompted to update.
One solution I push is the Secunia Personal Software Inspector. Its one application that checks all (most of) your software for vulnerable or obsolete versions. While its not perfect for the non-computer literate, it would be a great option for someone like Rod who knows computers well, but might not remember that Adobe Reader is installed and needs to be updated.
I will say that Secunia’s online scanner was completely botching the Adobe Reader detection when I looked at it earlier this week, but the installed software version was working correctly or at least not broken in the same way.
My SEPM Update Issue
I’m currently performing an eval with Symantec Endpoint Protection MR2. (refered to here as SEP11).
The testers surprisingly didn’t have any complaints. I did notice however that the Symantec Endpoing Protection Manager (SEPM) was not downloading updates. Not good.
At first I thought that SEP had locked up so I rebooted SEPM. New definations were downloaded once, then it went back to not working.
It turned out that since a image was used to create the server Symantec Antivirus 10 was installed and I hadn’t removed it. Since that was managed, liveupdate pointed to my internal liveupdate server. That server wasn’t updated to handle SEP11 updates and that caused my update flakiness with SEP11.
