September 22, 2006 2:03 PM PDT
Week in review: HP's spy games
(continued from previous page)
Meanwhile, a Democratic member of the U.S. House of Representatives said she plans to introduce legislation next week that would force Internet providers to record customer information for one year. Rep. Diana DeGette of Colorado said she is working with two Republican representatives--Ed Whitfield, chairman of the House Energy and Commerce oversight and investigations subcommittee, and Joe Barton, chairman of the full committee--to finalize language mandating a controversial practice known as data retention.
The data retention requirement is necessary because members of Congress have "learned that Internet service providers and social networking sites have information that law enforcement needs when investigating pedophiles online, and that is the IP address on a particular date and time that will help identify those involved," said Whitfield, a Kentucky Republican.
The U.S. Department of Justice has also stepped up its defense of a proposal to imprison Web site operators who don't label pages containing sexually explicit material. The idea is approaching a vote in Congress. There have been no hearings, but the legislation has been attached to two separate measures--a massive communications bill and a bill to fund large portions of the federal government, including the State Department--that are likely to be considered by the full Senate this fall.
Jim Allchin, the chief Microsoft engineering manager behind Windows Vista, has issued a call to arms to software developers, urging them to build new applications for the desktop operating system. In an open letter posted on Microsoft's developer portal, Allchin said Vista offered third-party developers opportunities to build applications that are "visually stunning, connected, workflow-enabled, and secure."
Allchin, co-president of Microsoft's Platforms and Services group, reiterated the company's Vista schedule, saying that the software will be done by the end of the year and available to consumers in January, barring any bugs around "data corruption, resiliency or security."
Bob Gleichauf, the chief technology officer in Cisco Systems' security technology group, has raised concerns that integrating Vista into a complex IT infrastructure could present problems.
"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit in London on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."
Gleichauf said Cisco views the Microsoft operating system update as a bearer of possible solutions to security problems, but also as a potential trigger of security issues.
"Vista will solve a lot of problems. But for every action, there's a reaction and unforeseen side effects and mutations. Networks can become more brittle unintentionally," Gleichauf said.
Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate. The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software Technologies and other companies want Microsoft to change Vista so their products can easily replace the operating system's built-in Windows Security Center on the desktop. But Microsoft is resisting the call.
If the differences aren't worked out, it could spell annoyance for consumers, the rival security companies say. People who choose to use Microsoft's console alone will get a limited view of their Vista PC protection, they suggest. Those who buy competing software will have to run it alongside Microsoft's dashboard, which could report conflicting information.
Wild, wild Web
Miscreants are using an unpatched security bug in Internet Explorer to install malicious software from rigged Web sites. The vulnerability lies in the way IE 6 handles certain graphics. Malicious software can be loaded, unbeknownst to the user, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or an e-mail message, several security companies said.
Shady adult Web sites are among the first to exploit the IE vulnerability, Eric Sites, vice president of research and development at spyware specialist Sunbelt Software, wrote in a corporate blog. In one case, a malicious Web site used the exploit to install "epic loads of adware," according to Sunbelt. Microsoft plans to fix the flaw as part of its monthly patching cycle on Oct. 10, the software giant said in a security advisory. The update might be released sooner, "depending on customer needs," Microsoft said.
A new AOL instant-messaging worm is making the rounds, carrying a malicious payload disguised as a JPEG. The worm provides a path for rootkits and Trojan horses to propagate on the computers of those listed on the user's buddy list, according to FaceTime Security Labs. The Pipeline worm is one of a growing number of instant-messaging threats on the Internet.
Pipeline initially appears as an instant message from a familiar contact, according to FaceTime security. The message asks users to click on a link to upload a picture of themselves; instead, a command file, image18.com, is downloaded and disguised as a JPEG, according to FaceTime.
A trio of security flaws in Apple Computer software that runs wireless-networking hardware could allow Macs to be hijacked over Wi-Fi. Apple released security updates to repair the problems, which together affect the AirPort wireless driver in Mac OS X 10 Panther version 10.3.9 and Mac OS X Tiger 10.4.7. Both Intel-based and Power PC-based versions of the Mac operating system are affected, on regular computers as well as on servers.
There are no known exploits for the vulnerabilities addressed by the update, Apple said. This means people should not be under immediate threat of attack.
Also of note
Microsoft launched a beta version of a new service that lets people upload videos of their cats dancing, babies laughing and teenagers playing air guitar...Google filed the federal paperwork necessary to set up a political action committee, or PAC, an organization designed expressly to raise money for political candidates and causes...More than a year after Homeland Security Secretary Michael Chertoff publicly promised to bring in a top cybersecurity specialist, he finally hired one.
2 commentsJoin the conversation! Add your comment