Welcome to episode thirty four of the Technology for Good hangout. In this week’s episode our guest was SalesForce SVP of Strategy, John Taschek. John and I are both longtime members of the Enterprise Irregulars, but this was the first time John and I had had a conversation outside of email!
If it is true then this is the first publicised attack on US computer systems by the Chinese Military since the Titan Rain attacks of 2003.
According to the article:
The PLA regularly probes US military networks â€“ and the Pentagon is widely assumed to scan Chinese networks â€“ but US officials said the penetration in June raised concerns to a new level because of fears that China had shown it could disrupt systems at critical times.
â€œThe PLA has demonstrated the ability to conduct attacks that disable our system…and the ability in a conflict situation to re-enter and disrupt on a very large scale,â€ said a former official, who said the PLA had penetratedâ€‰theâ€‰networksâ€‰of US defence companies and think-tanks.
What with the Russian cyber attacks on Estonia earlier this year and now this Chinese attack on the US, cyber warfare seems to be becoming less science fiction and more science fact.
I see on the Google Security Blog that Google have launched a Safe Browsing api.Â In other words, Google are making available its dynamic blacklist of phishing and malware sites so ISPs and web app coders can check against it.
This should help ensure unwitting users are notified before they browse to to unsafe sites and submit their confidential information.
Google are actively encouraging 3rd party participation –
Sign up for a key and let us know how we can make the API better. We fully expect to iterate on the design and improve the data behind the API, and we’ll be paying close attention to your feedback as we do that. We look forward to hearing your thoughts.
Not that we haven’t known that for some time but it was recently drilled home to me on my flight back from Madrid last week.
My son Enrique has asthma. He got quite bad with it earlier this year when we were in Spain and a Spanish doctor prescribed a cough suppressant called Expectu to help him sleep.
When I was in Madrid, my wife asked me to get another bottle of Expectu to bring home. So far, so good. Except, the bottles for sale in the pharmacies were 200ml and you can only bring bottles less than 100ml onto the plane (I only had hand luggage).
What did I do? I asked the pharmacist to decant the 200ml of Expectu into smaller bottles (in dreadfully pidgen Spanish!). He obliged and poured it into four 75ml bottles. I put these bottles into a clear plastic bag along with my deodorant and toothpaste fully expecting to be stopped at the airport.
Not a bit of it. Going through security, the guard took out one of the four bottles, checked the volume of it and, satisfied that it was less than 100ml, replaced it in the clear plastic bag!
Fantastic! For all you aspirant terrorists out there making liquid bombs – decant the bombs into small bottles if you want to get them onto the plane and you are sorted (oh, and just in case you thought I was serious, here’swhy you should save yourself the trouble of trying to make a liquid bomb)!
WordPress was updated to 2.1.2 overnight after it was found that one of their download servers was compromised and malicious code introduced into version 2.1.1 to include code that would allow for remote PHP execution!
From the WordPress site:
What You Can Do to Help
If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.
If you are a web host or network administrator, block access to â€œtheme.phpâ€ and â€œfeed.phpâ€, and any query string with â€œix=â€ or â€œiz=â€ in it. If youâ€™re a customer at a web host, you may want to send them a note to let them know about this release and the above information.
This only affects you if you are hosting your own copy of WordPress and it is version 2.1.1. If you are on any other version or are on WordPress.com then you can safely ignore this.
This looks very bad and reeks of insider knowledge (whether or not that is, in fact, the case).
Companies engaged in security need to be whiter than white. When the CEO’s reputation is on the line like this, Symantec needs to explain this one quickly to everyone’s satisfaction of John Thompson needs to resign.
Microsoft released updates for critical vulnerabilities in Windows (2000, XP and 2003). This includes fixes for three vulnerabilities that “criminal hackers are already exploiting” according to Brian Krebs.
The patches fix vulnerabilities which can allow remote code execution (it doesn’t come much worse than that!).
Personally, I think they are trying to scare people into upgrading to Vista 😉