The task of keeping up with security patches is one of the most demanding and frustrating jobs assigned to IT departments, which are often caught in a race to fix problems before an attack hits. For a network with more than 500 staff to serve, it can take more than 100 hours of work to do everything needed to fix just one flaw, according to Research and Markets. With that in mind, companies that promise to take over the job of defending corporate networks against intrusions and vulnerabilities are likely to see their prospects take off, analysts say–especially as regulatory compliance becomes more of a concern.
If you find you’re checking email about as often as you inhale, you’re not alone. Be it on vacation, at the wheels or straight out of bed, an American email user finds it difficult to resist its lure for long, according to a study released Thursday by America Online. The survey revealed that, on average, people check their mail about five times a day, and a quarter of them cannot go without it for more than three days at a stretch. More than 4,000 people across 20 U.S. cities participated in the survey, carried out by AOL in partnership with Opinion Research.
Microsoft has alerted consumers that Netscape’s latest browser appears to break the XML rendering capabilities in Microsoft Internet Explorer. Dave Massy, a senior program manager for IE, warned users in a blog posting that after installing Netscape 8, IE will render XML files as a blank page, including XML files that have an XSLT transformation. Microsoft did not make clear what versions of IE were affected, but a user of the DeveloperDex forum said he experienced the problem on version 6 of IE, which had been patched with Windows Service Pack 2. Microsoft said it is investigating the problem and will work with Netscape to resolve it. It advised a “workaround” of uninstalling Netscape 8 and editing the registry settings.
Internet services company Netcraft has released a version of its toolbar for Firefox. The plug-in can help users of the Web browser avoid phishing scams, the company said. The Netcraft Toolbar blocks phishing Web sites that have been reported by other users. A version of the plug-in for Microsoft’s Internet Explorer browser has been available since December of last year. More than 7,000 phishing sites have been detected and blocked since then.
Microsoft is looking for a few good men…and women, and, ultimately, applications that can help the company check for compatibility between the current version of the .Net Framework and the version coming in Visual Studio 2005. The software giant is in recruiting mode, looking for independent software vendors, enterprise customers, developers, end users and others who would like to have their ##.Net applications tested for compatibility## with the upcoming version of the .Net Framework.
A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. Ari David Levie, who was convicted of taking illegal photographs of a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif. But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict.[Ed. note--This has got to be one of the dumbest things I've ever heard. Because I secure my date to prevent its theft, then I have criminal intent?]
A new worm and a phishing scam are targeting members of the America Online and Yahoo instant messaging networks. In both cases, people receive an instant message with an apparent reference to the newly released “Star Wars Episode III: Revenge of the Sith” movie, encouraging them to click on a link. IMLogic has listed both the Yahoo and AOL issues as “medium” risk threats. McAfee has only had one report of the AOL worm.
Jumping into the Windows patch management fray, Intuit on Tuesday announced a software tool aimed at smaller businesses. The Track-It Patch Manager is designed to help information technology managers install security updates to Microsoft’s operating system on networks belonging to small and midsize businesses, or at units of larger companies. Several other companies, including LANDesk and Altiris, sell Windows patch management products. Microsoft itself offers a free patch management tool called Software Update Services.
Computers running Windows XP Service Pack 2 are 15 times less likely than those running XP or XP SP1 to be infected by some of the most dangerous forms of malware, according to a Microsoft security guru. Jason Garms, who heads the company’s anti-malware product team, said this improvement had been revealed by an internal analysis of SP2′s performance. SP2–a major security update released in August–was designed to turn on auto-update by default and consolidate security controls into a “security center”.
A laptop computer containing the names and Social Security numbers of about 16,500 current and former employees of MCI was stolen last month. The computer was stolen from a car that was parked in the garage at the home of an MCI financial analyst in Colorado. An MCI representative told the Journal that the laptop was password-protected but declined to say whether the employee information was encrypted or whether the employee whose car was burglarized was authorized to carry such information on a laptop.