Group items tagged

A coalition of security experts from more than 30 organizations is urging enterprises to exert more pressure on software vendors to ensure that they use secure code development practices. The group, led by the SANS Institute and Mitre Corp., offered enterprises recent hacks of Google draft contract language that would require vendors to adhere to a strict set of security standards for software development. In essence, the terms would make vendors liable for software defects that lead to security breaches. "Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers," said Alan Paller, director of research at SANS, a security training and certification group.

Of course, a more general way to address this and other "business" generated problems / abuses (like expensive required "arbitration" by companies owned and in bed with the companies requiring the arbitration!), is to FORBID contract elements that effectively strip any party of certain "rights" (like the right to sue for defectives; the right to freedom of speech; the right to warranty protections; the right to hold either party to public or published promises / representations, etc.). Basically, by making LYING and DECEIT and NEGLIGENCE liability and culpability unrestricted. Or will we hear / be told that being honest and producing a quality product is "anti-business"? What!? Is this like, if I can't lie and cheat being in business isn't worth it!? If that is true, then those parties and businesses could just as well "go away"! Just as "conservatives" say other criminals like that should. One may have argued that the software industry would never have "gotten off the ground" (at least, as fast as it did) if such strict liability had been enforced (as say, was eventually and is more often applied to physical building and their defects / collapses). That is, that the EULAs and contracts typically accompanying software ("not represented as fit for any purpose" more or less!) had been restricted. On the other hand, we might have gotten software somewhat slower but BETTER - NOT being associated with or causing the BILLIONS of dollars in losses due to bugs, security holes, etc. Others will rail that this will merely "make lawyers richer". So what if it will? As long as government isn't primarily "on the side" of the majority of the people (you know, like a "democracy" should be), then being able to get a individual "hired gun" is one of the only ways for the "little guy" to effectively defend themselves from corporate criminals and other "special interest" elites.

Simply joining a few groups at social networking sites may reveal enough information for hackers to personally identify you, according to some recent computer science research. In a paper that will be presented at a security conference later this year, an international team of academics describes how they were able to build membership sets using information that social networking sites make available to the public, and then leverage an existing attack on browsing history to check for personal identity. That information, they argue, can then be combined with other data to create further security risks, such as a personalized phishing attack.

"The sudden takedown of an Internet provider thought to be helping spread one of the most promiscuous pieces of malicious software out there appears to have cut off criminals from potentially millions of personal computers under their control. But the victory was short-lived. Less than a day after a service known as "AS Troyak" was unplugged from the Internet, security researchers said Wednesday it apparently had found a way to get back online, and criminals were reconnecting with their unmoored machines. "

"The Electronic Privacy Information Center and consumer advocate Ralph Nader are urging President Obama to review the administration's plans to install whole body scanners at U.S. airports. In a joint letter, Marc Rotenberg, the president of EPIC, and Nader asked the president to suspend deployment of the devices until a "comprehensive evaluation" of the effectiveness of the technology and potential health hazards, is completed."

On November 19, 2009 Jeffrey Gundlach was named a finalist for Morningstar's award for bond fund manager of the decade. For Gundlach, the nomination recognized 10 years of stellar results, exceeding even the returns of the legendary king of bonds, Bill Gross. Two weeks later Gundlach was confronted, fired, and then pursued on foot out of a Los Angeles skyscraper by two lawyers working for TCW, the money management firm with $110 billion in assets where Gundlach had worked for 24 years.