Cody Taylor

eggegick writes “My wife has taken a number of college courses over the last three years and many of the classes used on-line materials rather than books. The problem was these required IE along with Java, Active X and/or various plug-ins (the names of which escapes me), and occasionally I’d have to tweak our firewall to allow these apps to run. I don’t think any of these training apps would work with Firefox. All of this made me cringe from a security point of view. Myself, I use just use Firefox, No-Script, our external firewall and common sense when using the web. I have a very old windows 2000 machine that I keep up to date. To my knowledge I’ve never had a virus or malware problem. Her computer is a relatively new XP machine, and this point she feels here computer has something wrong. But now she prefers to use my old machine instead of hers since it seems to be more responsive. We plan to run the recovery disk on hers. Assuming the college course work applications were part of the cause, what recommendations do any of you have when having to run this kind of software? Is there a VMware solution that would work — that is have a Windows image that is used temporarily for the course work and then discarded at the end of the semester (and how do you create such an image, and what does it cost?).”

Read more of this story at Slashdot.

Potential cyber attacks against federal and private-sector networks loom larger every day and while the Department of Homeland Security (DHS) has made some important efforts, it has yet to fulfill many of the myriad responsibilities placed on it by the national cybersecurity plan. That’s conclusion of new GAO report

You might not think it’s newsworthy when the Department of Homeland Security fills a job vacancy. But it’s news when a department that has security in its name actually appoints someone with security in his background.Unfortunately, in this case, the security background comes courtesy of Microsoft

The US Department of Homeland Security is studying lies, damned lies, and smells. They hope to prove that human body odor could be used to tell when people are lying. The department says they are already “conducting experiments in deceptive behavior and collecting human odor samples” and that the research it hopes to fund “will consist primarily of the analysis and study of the human odor samples collected to determine if a deception indicator can be found.”

Read more of this story at Slashdot.

It’s easier, but it’s far too risky to reuse the same password — but many of us do, security firm reports. A third of web users have admitted to using the same password for a number of different websites. According to the security firm, just 19 percent never use the same password twice.

krebsatwpost writes “The Department of Homeland Security has named Microsoft’s “chief trustworthy infrastructure strategist” Phil Reitinger to be its top cyber security official. Many in the security industry praised him as a smart pick, but said he will need to confront a culture of political infighting and leadership failures at DHS. From the story: ‘Reitinger comes to the position with cyber experience in both the public and private sectors. Prior to joining Microsoft in 2003, he was executive director of the Defense Department’s Computer Forensics Lab. Before that, he was deputy chief of the Justice Department’s Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft.'”

Read more of this story at Slashdot.

A Yale legal scholar suggests a radical reinterpretation of the Fourth Amendment, in which “security” replaces “privacy” as the guiding principle.

SkiifGeek writes “With Adobe’s patch for the JBIG2Decode vulnerability due in a few days time, new methods to target the vulnerability have been discovered that make it far riskier than previously thought. Didier Stevens recently showed the world how it is possible to exploit the vulnerability without the user actually opening an affected file, and now he has discovered a way that allows for completely automated exploitation that results in anything up to a Local System account without any user interaction at all and only relies upon basic Windows components and Acrobat Reader elements. There are some mitigating factors that limit the overall risk of this new discovery, but it does also highlight that merely uninstalling the Reader will not protect you from exploitation and does raise the possibility that other tools will access the vulnerable components and thus be vectors for attack.” However, the fix is now in: nk497 writes “Adobe had finally released a fix for a PDF vulnerability discovered — and already exploited — last month. The update only applies to the most recent versions of Reader and Acrobat, with early versions and Unix editions not fixed until later this month. Adobe has taken its time with the patch, despite an independent security researcher releasing her own fix just days after the flaw was announced.”

Read more of this story at Slashdot.

If you think it is safe to download PDF documents and view them once Adobe finally releases its patch next week, think again. Didier Stevens, an IT security consultant last week demonstrated that simply viewing the folder containing compromised PDF documents within Microsoft’s Windows Explorer is enough to launch the exploit. It appears that this

carusoj writes “Researchers at Princeton University and University College London say they can identify unique information, essentially like a fingerprint, from any blank sheet of paper using any reasonably good scanner. The technique could be used to crack down on counterfeiting or even keep track of confidential documents. The researchers’ paper on the finding is set to be presented at an IEEE security conference in Oakland, Calif., in May.”

Read more of this story at Slashdot.