-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
U.S. Computers Generate Most Malware
,----[ Quote ]
| Too many compromised computers
|
| "Not only is the U.S. relaying the most spam because too many of its
| computers have been compromised and are under the control of hackers, but
| it's also carrying the most malicious Web pages," said Graham Cluley, senior
| technology consultant for Sophos. "We would like to see the States making
| less of an impact on the charts in the coming year. American computers,
| whether knowingly or not, are making a disturbingly large contribution to the
| problems of viruses and spam affecting all of us today."
`----
http://www.pcworld.com/article/155850/us_produces_malware.html?tk=rss_news
Worldwide alert on Microsoft browser
,----[ Quote ]
| MORE than 500 million internet users around the world are at risk from a
| major flaw discovered in Microsoft's Internet Explorer software that can give
| criminals access to personal details, including banking passwords and
| log-ins.
`----
http://www.theage.com.au/national/worldwide-alert-on-microsoft-browser-20081217-70st.html
Malware Hunting
,----[ Quote ]
| OK, about now my editor is going to be wondering where on earth this column
| is. It should have been in his hot, sweaty hands hours ago, but as I was
| beginning to write about a couple of searching tools my Windows XP SP2
| machine started acting up. Again.
|
| You might remember a few months ago the problems I had with deferred
| procedure calls. These recently returned in a minor and transitory way that
| may be related to my current annoyance, which is that Microsoft's Internet
| Explorer 7 is acting weird.
`----
http://www.pcworld.com/businesscenter/article/155686/malware_hunting.html
Does the Internet Need its Own Police Force?
,----[ Quote ]
| Criminal activity for financial gain remains the driver for the massive
| increase in Internet threats. Today's malware is produced by highly organised
| criminal gangs using increasingly sophisticated techniques. This year has
| seen increasing botnet activity around the world.
`----
http://www.pcworld.com/article/155856/internet_police_forcec.html?tk=rss_news
Recent:
Microsoft Ends 08 with Two Security Battles
,----[ Quote ]
| Just when the software giant thought it had sated the public's desire for
| answers regarding a zero-day vulnerability that was thought to only affect
| IE7, yet another new bug had been identified over the weekend with SQL Server
| database. The kicker here is that a seasoned hacker could in theory use the
| IE bug to then deploy the SQL Server bug. A report from Austria-based SEC
| Consult Advisory said it's possible for outsiders to target the vulnerability
| remotely on Web sites that link search boxes, customer databases or other Web
| apps to SQL Server. Redmond was still investigating both flaws as this post
| went up and, as per procedure, said it will issue workarounds and possible
| patches in the future as part of its normal monthly security bulletin
| release.
`----
http://mcpmag.com/columns/article.asp?editorialsid=2942
DHS and Cybersecurity: Yes, No, Maybe So?
,----[ Quote ]
| There's no question DHS is a troubled agency and it's doing not nearly enough
| to prepare for a potential Cyber 9-11. But I'm skeptical of the idea that
| Washington will do better by simply moving the responsibility to another part
| of the government.
|
| Last week, a group of outside experts recommended cybersecurity be moved from
| DHS -- which "isn't equipped to protect the federal government against
| cyberattacks" -- to an office within the Obama White House. Many members of
| the Commission on Cyber Security for the 44th Presidency "felt that leaving
| any cyber function at DHS would doom that function to failure," according to
| its recently-released 96-page report.
`----
http://www.pcworld.com/article/155688/DHS_cybersecurity.html?tk=rss_news
DHS report: Open-source code "quality" is up
,----[ Quote ]
| A U.S. Department of Homeland Security-sponsored project has not only
| discovered that the quality of open source software code has improved
| significantly over the past two years, it has debunked a widely held
| assumption that longer function strings within source code are associated
| with an increased number of code defects.
`----
http://www.scmagazineus.com/DHS-report-Open-source-code-quality-is-up/article/110360/
Open source security improving rapidly
,----[ Quote ]
| The quality and security of open source software is improving rapidly,
| according to an in-depth analysis of over 250 popular applications including
| Linux and Apache.
`----
http://www.vnunet.com/vnunet/news/2217059/open-source-security-improving
Study Says Linux More Secure
,----[ Quote ]
| More than 70 percent people surveyed said they found Red Hat Linux less
| vulnerable to security issues than Microsoft's operating system.
`----
http://www.techtree.com/India/News/Study_Says_Linux_More_Secure/551-88850-580.html
Study: 70 percent say Red Hat more secure than Windows
http://arstechnica.com/news.ars/post/20080425-study-70-percent-say-red-hat-more-secure-than-windows.html
Open source, proprietary codes include similar mistakes
,----[ Quote ]
| The company said its initial two-year DHS contract is ending, and Coverity
| will continue to operate the Scan site because of the favorable response the
| project has received from software developers and others in the open-source
| community.
`----
http://www.gcn.com/online/vol1_no1/46342-1.html
Coverity's open source code audit efforts are funded by the US government
(video)
,----[ Quote ]
| Coverity famously helps open source projects audit their code and eliminate
| security holes and other bugs, and earns its corporate income by selling
| software that does the same thing to proprietary software companies. Few seem
| to realize, though, that Coverity started doing free open source code audits
| because it got a grant from the US Department of Homeland Security.
| Coverity's David Maxwell explains.
`----
http://www.linux.com/feature/142672
Coverity to Regularly Scan Security and Quality of 250 Open Source Projects
,----[ Quote ]
| This is the first time that Coverity is focusing on improving the
| quality of end-user professional applications such as the open
| source Blender 3d suite used to create computer animation in
| movies. Other projects to be analyzed include the GNU Image
| Manipulation Program (GIMP), an open source photo retouching
| package, and Inkscape, a vector graphics program. The new
| expansion is in response to the spread of open source software
| into all areas of the world economy, including the multi-billion
| dollar industry around professional graphics software.
`----
http://biz.yahoo.com/cnw/070501/ca_coverity_projects.html?.v=1
Most open source software is better
,----[ Quote ]
| The story is that Coverity ran 50 open source projects through
| its bug-checking system, as well as products from 100 proprietary
| makers.
|
| "On average, open-source software is of higher quality than
| proprietary software," Chelf wrote. But 11 of the 15 top-rated
| programs were proprietary.
|
| Sounds fair enough. Most open source projects are newer than the
| proprietary products they seek to displace. Chelf said one unnamed
| proprietary product in aerospace had one-fifth the number of bugs as
| any open source product out there.
|
| But here's the thing. He can't say which one. The data is proprietary.
| So, in fact, is the data on all proprietary products. There is just now
| ay to know how buggy (or non-buggy) proprietary products might be. But
| you can know how buggy the open source projects are, because Coverity
| published those results on the Web.
|
| So which side should you trust? Should you trust code that might
| really be best in class, or might be garbage? Or should you trust
| code that you can see, and whose performance in bug tests you
| can measure?
|
| Your choice.
`----
http://blogs.zdnet.com/open-source/?p=809
Leading Open Source Software Projects Eliminate Bugs Every Six Minutes After
Coverity Scan
,----[ Quote ]
| Department of Homeland Security research by Coverity shows open
| source developers on 32 most popular projects fix defects on
| average every six minutes within first week of results posted publicly
`----
http://biz.yahoo.com/prnews/060403/sfm027.html?.v=44
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklPXDoACgkQU4xAY3RXLo7jwACcDjxQ3/4wvylr7f91vW5YJVuy
4XoAn1j1iTRKXGKAVYqSPJ/JRm9aP8SV
=iNq8
-----END PGP SIGNATURE-----
|
|
