I’ve added yet another category for “data leaks”. This is where I’ll put news along the lines of X company leaked data on yyyyy customers. It’s unfortunate that this is something that likely happens daily. There is no way that I can keep up with EVERYTHING, but I’ll try to post the bigger events in this category. I have many customers that say they’re concerned about people getting their credit card or bank numbers and for that reason they don’t do ANY transactions online or have any of that data on their computers. Well, I hate to break it to you, but the genie is already out of the bottle, because the companies that we do business with (ON OR OFFLINE) have all your data on computers and prohibiting yourself from online transactions is NO guarantee that you won’t have your data stolen or be a victim of Identity theft.
Month: August 2006
-
Verizon emails a customer spreadsheet by mistake….
Verizon Wireless accidentally attached the wrong file to an email and wound up broadcasting an Excel spreadsheet with the details of some 5210 customers to about 1800 people. Apparently, they were sending out a promotional email to some of their customers and instead of the electronic order form they intended to send. The promotional email was for a bluetooth headset.
-
Intel Proset Wireless update
A couple weeks back, there was a pretty important security update for the Intel Proset Wireless driver. The big problem is that the update was a memory hog and caused porblems. Sans has info on the update to the update, also George Ou is encouraging everyone to make sure they’ve got things updated. It’s possible to JUST download and install the driver without getting the full proset management software. So…. CENTRINO users – this means you… update your wireless driver.
-
Intel(R) PRO/Wireless 3945ABG Network Connection 10.5.0.1
Memory utilization update. Previous update was security update. Release notes.
-
Using screen to connect multiple users to a shell session
I NEVER knew you could use screen for this…. Let multiple users connect to the same Console (command shell/bash shell) session simultaneously. I’ve looked at screen before. It’s a great *nix utility that’s available for most linux distributions. The primary use I’ve seen for it is to be able to have a shell open, and use screen to be able to disconnect and reconnect to a session. Let’s say you have software compiling, you can use screen to get it started from one location and then re-connect to your screen session from another machine. Think…. VNC for the command line. Well, much like VNC it’s possible for multiple users to view and use the session.
-
Apple next with 1.8 million laptop battery recall
A bit over a week ago Dell had a massive recall announced for potentially hazardous laptop computer battery issues. (Flaming laptops.) Now, it’s Apple’s turn. It seems as though Sony is the common supplier for both issues. The BBC has an overview here. Here’s a link at Apple’s site giving more information on getting a replacement and identifying if your battery is affected.
-
Wireshark 0.99.3
Various vulnerabilities (details)
-
Wireshark, various vulnerabilities disclosed
There used to be a tool called ethereal and then it changed it’s name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgrade if at all possible.
-
IE7 will have many css fixes
They’re doing what they can at Microsoft to put to rest the notion that IE7 won’t make drastic strides in CSS compliance. One of the fronts they’re pushing is this detailed listing of CSS fixes that will be found in Internet Explorer 7 when it is released.
-
Good sarc monitoring tip
Sarc is still in their month of security tips per day and todays is another good one. Todays tip is about monitoring machines, particularly those that “defend” your network. (Mail antivirus scanners/ proxy fitlers/scanners/etc.) The core of the advice is to not just ping – that only tells you if the system exists and is online – it doesn’t tell if things are working. They suggest scripting tests (antivirus scanner can be tested via the EICAR test signature for instance.) They note that doesn’t tell if the av scanner is updated (I prefer a crontab output of the days updates – looks like there were around 9 clamav signature updates yesterday.