Category Archives: The Register

Y2.01K, The Register, and Symantec

The Register’s Dan Goodin has had a go at Symantec over their Y2.01K update problem. Anyone would think that Symantec users had been unprotected since January 1st, which is nonsense: the kludge of misdating updates so as to circumvent the bug may not be elegant, but it gets the updates onto the machine, which is what matters, and has given the company the opportunity to do what any responsible security company would do: take the time needed to produce an effective, permanent fix, rather than flying into a panic.

Effective security software is complex code often produced under time pressures, and even security programmers are human: it would be miraculous if they never made mistakes. I have heard it suggested that even journalists get it wrong occasionally, but that’s probably just a malicious rumour. 😉

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

That’s it, I’m Out of Here…

John Ozimek of The Register has pointed out some issues around blogging, journalism and freedom of speech in an article called “It’s official: Blogging is a dangerous business”.
http://www.theregister.co.uk/2010/01/07/blogging_report/ 

He’s referring to a report published by Reporters Sans Frontieres at:
http://www.rsf.org/IMG/pdf/Bilan_2009_GB_BD.pdf
.

Of course, when you compare the figures for casualties of one sort or another for “real” journalists, the trend looks less dramatic (for instance, one blogger died in prison whereas 76 journalists are reported as having been killed). However, there is a distinct and alarming upward trend: nearly three times as many bloggers and “cyber-dissidents” were arrested in 2009: 151 as compared to 59 in 2008. Similarly, physical assaults on bloggers went up by 35%, and the number of countries affected by online censorship went up by 62%.

Fortunately for me, my geographical location and the nature of the work I do spares me most of those risks, though I suspect that there are one or two testers who wouldn’t mind slapping me round a bit. 😉

That’s not to say that there aren’t less dramatic risks to being a blogger, though: I pointed out some of them in an AVAR paper last year.
http://preview.tinyurl.com/ylfu3e6 

Still, compared to the 30 journalists killed in a single day in the Phillipines, the odd flame from other bloggers, commenters, and the occasional suit doesn’t seem to bad.

Which reminds me that we don’t seem to have any takers for AVIEN members to swell our blogger population so far. C’mon, live dangerously! 🙂

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

Pedants R Us

Or, “shouldn’t that be Pedants R We?”

Talking of The Register, congratulations to John Ozimek for a l33t post that indicates a command of the art of pedantry that leaves even me feeling outclassed and open-mouthed with admiration (really).

http://www.theregister.co.uk/2009/12/31/end_of_days_decade/

It brings nostalgic tears to my eyes remembering the arguments of yesteryear as to when exactly the new decade/millennium really started. 😀

Happily, I hope to be well out of computing before the next storage wraparound Big Issue:

http://en.wikipedia.org/wiki/Year_2038_problem

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

The Register: “Welcome to the out-of-control decade”

A disquieting article by Rik Myslewski that strikes some deep chords with me. :-/

“Waiting in the wings are corporate entities eager to exploit your personal information, and government agencies watching your every step.”

http://www.theregister.co.uk/2009/12/31/the_out_of_control_decade/

The issue of government monitoring spends a lot of time under the spotlight, of course, and so it should. (Craig Johnston and I considered some of the law-enforcement issues in an AVAR paper this year, but there’s much more to it than that, obviously.)

http://www.eset.com/download/whitepapers/Please_Police_Me.pdf

But I’m seriously concerned about the consequences of the increasing amount of personal data (good, bad, and purely mythical) available to anyone with a browser (or even a USB port). It’s an issue I’ve had occasion to think about several times recently, and I expect to return to it a lot more in the coming months. For instance:

http://www.eset.com/threat-center/blog/2009/12/14/que-sera-sera-%e2%80%93-a-buffet-of-predications-for-2010

http://www.eset.com/threat-center/blog/2009/12/14/your-data-and-your-credit-card

http://www.eset.com/threat-center/blog/2009/12/12/the-internet-book-of-the-dead

http://www.eset.com/threat-center/blog/2009/06/09/data-protection-not-a-priority

Also, this quote from the ESET Global Threat Trends report for December: “Criminals and legitimate businesses will mine data from a widening range of resources, exploiting interoperability between social networking providers. Sharing of data in the private sector will be an increasing threat until the need is accepted for more data protection regulation on similar lines to that seen in the public sector, especially in Europe.”

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

Little Green Men no Threat to National Security

The Register has drawn my attention  to the fact that the UK’s Ministry of Defence is closing down its UFO reporting service. Apparently it’s an “inappropriate use of defence resources”.

The voicemail and email addresses formerly available for the reporting of sightings have apparently been put out of commission, as there is “no defence benefit.”

Hard on the heels of the closure of Operation Blue Book in 1970.

I guess the truth isn’t out there after all.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/