security

Microsoft's creaking Internet Explorer 6 is more secure and popular than either Google's Chrome or Opera US banking giant Chase has determined.

The bank's therefore decided its online baking services will continue to support aging the IE 6 but drop support for Chrome and Opera.

IE 6 is nine years old and even Microsoft is now desperately speaking out against the browser, to get individuals and businesses to move on to IE 8.

Micosoft's Australian business unit recently equated using IE 6 to being as risky as drinking - or maybe, eating - a carton of nine-year-old milk as it lacked up-to-date cross-site scripting and anti-malware protection among other defenses.

I once read a book that said, among other things, “You can never truly give money away.” The point it was making was that the act of giving has a certain responsibility – if you hand a large wad of cash to a charity, for example, you will want to know that the money is being spent wisely.

A good theory perhaps, but it doesn’t fit very well with the golden rule of IT security – that the things we dislike, or don’t know how to deal with, can quickly be categorised as somebody else’s problem. In business as in daily life, people will – in principle – pay to have certain problems dealt with by others, with a flick of the hand and a cry of “make it go away”.

Just how much does this principle apply in security today? Well, like all good researchers, we thought we would ask the Reg audience in the form of a mini-poll.

I say nothing. Just watch for yourself!

Commenting on my own post on http://bebetter.no/node/288 - «When Communication creates barriers» - a post about some of the challenges communication (or lack thereof) may create - I wanted to comment on the security implications when communication fails.

In this particular scenario, communication between two parties create havoc, resulting in lost trust and confidence, and the possiblility of insults and personal attacks. Beside of the (for some) obvious personal effects, this kind of communication create many security challenges too. Below I list some of these:

LinuxnewsNow.com has a new series on Linux security. This is a great read - allbeit a bit long - it includes a lot of nice information on how to secure your Linux machine.

Link: http://www.linuxnewsnow.com/index.php?option=com_k2&view=item&layout=item&id=463&Itemid=569&lang=en

Synopsis:

The benefits of cloud computing are widely acknowledged, from cost savings to better staff utilisation, but many people fear information security risks are attached. Alan Calder, chief executive, IT Governance, explains that those fears can easily be allayed. Cloud computing in 2010 can actually offer stronger data protection than in-house servers.

The US Federal Bureau of Investigation (FBI) may be using fake identities on social networks to investigate criminal activities, according to digital rights group Electronic Frontier Foundation (EFF).

The EFF cites a 33-page FBI presentation obtained through a Freedom of Information request that describes how investigators should collect and use evidence from social networking sites such as Facebook, MySpace and LinkedIn.

The document says undercover operations online are helpful for contacting suspected criminals and victims, accessing private information and mapping social networks.

Evidence gathered from social networks can help reveal personal communication links, establish motives and provide location information, the document says.

Microsoft has warned Windows users to be on their guard against a piece of rogue antivirus software passing itself off as Microsoft Security Essentials. Security essentials 2010 is a piece of software Microsoft said installs a fake virus scanner on your machine and]monitors and blocks processes it doesn't like. The software will also block access to websites of antivirus and malware companies and flag up a warning message. You can see the list of blocked sites here.

Security essentials 2010 blocks access by downloading a Win32/Alureon component and another Layered Service Provider component, Microsoft's David Wood wrote on the company's Malware Protection Center blog. "This LSP monitors the TCP traffic sent by various Web browsers that the user might have installed, and blocks any traffic to certain domains," Wood said.

A  website called PleaseRobMe claims to reveal the location of empty homes based on what people post online.

The Dutch developers told BBC News the site was designed to prove a point about the dangers of sharing precise location information on the internet. The site scrutinises players of online game Foursquare, which is based on a person's location in the real world. PleaseRobMe extracts information from players who have chosen to post their whereabouts automatically onto Twitter.

"It started with me and a friend looking at our Twitter feeds and seeing more and more Foursquare posts," said Boy Van Amstel, one of PleaseRobMe's developers. "People were checking in at their house, or their girlfriend's or friend's house, and sharing the address - I don't think they were aware of how much they were sharing."

SANS' newly released Top 25 list of common programming flaws came with a little legal muscle, too, with representatives from SANs, Mitre, the U.S. Department of Homeland Security, the National Security Agency, and other organizations pushing for custom software developers to be held liable for insecure code they write.