Wednesday, October 6, 2010

Adobe ships another mega-patch for PDF Reader

By Ryan Naraine

Adobe has slapped another band-aid on its heavily targeted PDF Reader/Acrobat product line, warning that hackers are already exploiting some of these vulnerabilities to launch malware attacks.

The latest mega-patch, available for Windows, Mac and UNIX users, covers a whopping 23 security flaws that could cause software crashes or remote code execution attacks.

Affected Software Versions:

Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
The company rates these vulnerabilities as “critical” and urged users to immediately upgrade to Adobe Reader 9.4.

The company rates these vulnerabilities as “critical” and urged users to immediately upgrade to Adobe Reader 9.4.

The company rates these vulnerabilities as “critical” and urged users to immediately upgrade to Adobe Reader 9.4.

[ New PDF zero-day under attack ]

This patch batch was rushed out in response to zero-day attacks that exploited at least two of the 23 security holes.

The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.

You mean you have to patch again? Why?
Oh. I see. You are using Windows. Well, now I understand.

But if you want my advice, switching to Ubuntu Linux with LSM AppArmor and sandboxed Evince (PDF reader) will keep you safe from any PDF exploit.

And, LSM AppArmor security doesn't stop there. You can turn on profiles for your Firefox browser, Evolution email, and even Pidgin IM sessions.

If there isn't a stock AA profile for your special Linux App, creating a profile isn't difficult.

The point here isn't that Linux can't get infected by Zero-Day exploits--it's that Canonical understands this and is proactively offering standard AA sandbox profiles for its user-base.

There's no getting around the fact that Apps on any platform when written inevitably have software bugs that result in 'unintended side effects'. That is what the hackers are looking for (fuzzing) and they design buffer overflows to induce privilege escalation on your operating system.

This is where AA comes alive and steps in. AA polices both your App and the kernel's actions and if their actions are not defined in the App's profile, they simply get refused--stopped cold.

So, Ubuntu Linux isn't immune to infection, but you can be assured that any App you run with an AA profile will keep any zero-day exploit from escalating and seizing control of your machine. That is the point. And you can be assured that Canonical will provide a timely update to fix known vulnerabilities/exploits in a matter of days, or even the same day reported--not just once a month like the Windows 'first Tuesday' of the month patch cycle.

That is the way it should be. Get peace of mind with Ubuntu Linux.

Ubuntu Linux: The safest operating system on the planet.

I stake my reputation on it.

More about AppArmor here:

View the original article here

Tuesday, October 5, 2010

Hard drive makers face challenge from tablets

By Alex Dobuzinskis

LOS ANGELES | Tue Oct 5, 2010 3:47am EDT

LOS ANGELES (Reuters) - Hard drive makers like Seagate Technology and Western Digital Corp could experience slower growth as more and more consumers swap PCs for tablets, but they shouldn't be counted out.

With Apple's iPad and tablets from a host of others -- from Hewlett-Packard to Research in Motion -- poised to take market share from PCs in coming months, Seagate and others are scrambling to adapt to a future where fewer consumers will tote laptops, and tablets use flash memory instead of hard drives.

Still all is not negative for hard drive makers: Unit sales are expected to rise nearly 17 this year, many tablet users may want a level of data storage that only hard drives can provide and a slimmed-down hard drive industry has become increasingly

adept at managing inventory.

Kaushik Roy, an analyst with Wedbush Securities, said the threat from tablets is very real and that it has started to be priced into hard drive stocks in the past two months.

"We don't think all of it is priced in," Roy said. "People haven't really realized the extent or the depth of the situation."

"You've got to believe that some people who would have bought a laptop before are now going to move to the tablet."

Last week, Research In Motion Ltd said it plans to release a tablet called the PlayBook in early 2011, the latest addition to an already crowded field dominated by Apple's 3 million-plus selling iPad.

Tablet sales are likely top 15 million units this year and balloon to more than 48 million units in 2011, said research firm iSuppli. It said 18 percent of netbook shipments are at risk of being lost this year.

The strength of the tablet market could cause a 2 percent to 3 percent loss to global hard drive shipments in 2010, according to research firm IDC.

Roy estimates that sales of tablets could shave 10 cents to 12 cents off the $2.11 per share that analysts on average expect Seagate to earn in calendar 2011, and trim 20 cents to 25 cents from the $3.95 per share Western Digital is expected to earn.


Unlike netbooks and notebooks, which generally use hard drives for storage, tablets use flash storage manufactured by companies.

Flash is considered more rugged and faster than hard drive technology, which manufacturers view as an advantage for tablets, which need fast boot times and can easily be dropped.

IDC still expects total hard drive shipments to rise 16.7 percent to 650 million units this year, because of heightened need for storage for everything from security videos to business data. But next year, amid an overall increase in hard drive shipments, tablets could cause a 3.8 percent drag on shipment growth, said Fang Zhang, an analyst for iSuppli.

*We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language or appear to be spam and review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters.

View the original article here

Special report: The Pentagon new cyber warriors


2Lt William Liggett (L) talks with a colleague as a map is displayed on one of the screens at the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colorado July 20, 2010. U.S. officials have shown increasing concern about alleged Chinese and Russian penetrations of the electricity grid, which depends on the Internet to function. The Pentagon in recent weeks has begun pushing to put civilian infrastructure under its wing in a proposed cyber realm walled off from the rest of the Internet.

Credit: Reuters/Rick Wilking

By Jim Wolf

WASHINGTON | Tue Oct 5, 2010 11:44am EDT

WASHINGTON (Reuters) - Guarding water wells and granaries from enemy raids is as old as war itself. In the Middle Ages, vital resources were hoarded behind castle walls, protected by moats, drawbridges and knights with double-edged swords.

Today, U.S. national security planners are proposing that the 21st century's critical infrastructure -- power grids, communications, water utilities, financial networks -- be similarly shielded from cyber marauders and other foes.

The ramparts would be virtual, their perimeters policed by the Pentagon and backed by digital weapons capable of circling the globe in milliseconds to knock out targets.

An examination by Reuters, including dozens of interviews with military officers, government officials and outside experts, shows that the U.S. military is preparing for digital combat even more extensively than has been made public. And how to keep the nation's lifeblood industries safe is a big, if controversial, aspect of it.

"The best-laid defenses on military networks will matter little unless our civilian critical infrastructure is also able to withstand attacks," says Deputy U.S. Defense Secretary William Lynn, who has been reshaping military capabilities for an emerging digital battlefield.

Any major future conflict, he says, inevitably will involve cyber warfare that could knock out power, transport and banks, causing "massive" economic disruption.

But not everyone agrees that the military should or even can take on the job of shielding such networks. In fact, some in the private sector fear that shifting responsibility to the Pentagon is technologically difficult -- and could prove counterproductive.

For the moment, however, proponents of the change seem to have the upper hand. Their case has been helped by the recent emergence of Stuxnet, a malicious computer worm of unknown origin that attacks command modules for industrial equipment.

Experts describe the code as a first-of-its-kind guided cyber missile. Stuxnet has hit Iran especially hard, possibly slowing progress on Tehran's nuclear program, as well as causing problems elsewhere.

Stuxnet was a cyber shot heard around the world. Russia, China, Israel and other nations are racing to plug network gaps. They also are building digital arsenals of bits, bytes and logic bombs -- code designed to interfere with a computer's operation if a specific condition is met, according to experts inside and outside the U.S. government.


In some ways, the U.S. military-industrial complex -- as President Dwight Eisenhower called ties among policymakers, the armed forces and arms makers -- is turning into more of a military-cyber-intelligence mash-up.

The Pentagon's biggest suppliers -- including Lockheed Martin Corp, Boeing Co , Northrop Grumman Corp, BAE Systems Plc and Raytheon Co -- each have big and growing cyber-related product and service lines for a market that has been estimated at $80 billion to $140 billion a year worldwide, depending on how broadly it is defined.

U.S. officials have shown increasing concern about alleged Chinese and Russian penetrations of the electricity grid, which depends on the Internet to function. Beijing, at odds with the United States over Taiwan arms sales and other thorny issues, has "laced U.S. infrastructure with logic bombs," former National Security Council official Richard Clarke writes in his 2010 book "Cyber War," a charge China denies.

Such concerns explain the Pentagon's push to put civilian infrastructure under its wing by creating a cyber realm walled off from the rest of the Internet. It would feature "active" perimeter defenses, including intrusion monitoring and scanning technology, at its interface with the public Internet, much like the Pentagon's "" domain with its more than 15,000 Defense Department networks.

If any other agency were to do this they would screw it up. The people in charge would take money and bow down to every Senator and Congressman. I think they will do a good job.

fred5407 Report As Abusive

Cyberwar will expand the nuclear arms race — the computer- and software-destroying electromagnetic pulse race — more rapidly than anything else in recent history.
And even things like Stuxnet won’t succeed in stop nuclear expansion.
Despite the end of what was once called the Cold War, times are becoming increasingly dangerous.

RudyHaugeneder Report As Abusive

Stuxnet might just as well have been the revenge by a disgruntled former Siemens employee. Because the control software is precisely tailored to the targeted industrial process, an expert in Siemens’s business must have been involved. The other aspects can potentially be covered by one or two hackers knowledgeable in Windows Explorer and USB driver weaknesses. To date, we have not even been able to ascertain the intended target. I am not sure whether the US Dept of Defense alone could accomplish the daunting feet of unraveling the full purpose of Stuxnet. Rather, understanding Stuxnet may take a concerted global community effort.

Read more here:

PeterMelzer Report As Abusive

View the original article here

Microsoft CEO says will see Windows slates by Christmas

Microsoft Corp Chief Executive Steve Ballmer shows Slate PCs (from L-R) Archos, Pegatron and Hewlett-Packard during his keynote speech before the 2010 International Consumer Electronics Show (CES) in Las Vegas January 6, 2010. REUTERS/Mario Anzuoni

Microsoft Corp Chief Executive Steve Ballmer shows Slate PCs (from L-R) Archos, Pegatron and Hewlett-Packard during his keynote speech before the 2010 International Consumer Electronics Show (CES) in Las Vegas January 6, 2010.

Credit: Reuters/Mario Anzuoni

LONDON | Tue Oct 5, 2010 9:21am EDT

LONDON (Reuters) - A Microsoft slate to counter Apple's popular iPad tablet computer will be seen by the Christmas holiday, Microsoft's Chief Executive Steve Ballmer said on Tuesday.

Ballmer did not say whether the palm-sized slates would actually be on sale in time for Christmas, nor did he say who would make them. Microsoft has been slow to respond to the iPad, and has also made little headway in mobile phones.

"You'll see new slates with Windows on them. You'll see them this Christmas," he told an audience of students, staff and journalists at the London School of Economics.

"Certainly we have done work around the tablet as both a productivity device and a consumption device," he said.

IT research firm Gartner expects 10 million tablet PCs to be sold this year as consumers begin embracing such devices, which include Dell's Streak and Asustek's Eee Pad. The Apple iPad alone sold 3.3 million in its first quarter.

At this year's Consumer Electronics show in January, Ballmer unveiled a Hewlett-Packard tablet computer running Windows, beating Apple's hotly anticipated move into the market.

But little has been heard about the device since HP agreed to buy smartphone maker Palm in April for $1.2 billion, and HP has said it plans a new crop of devices including tablets based on Palm software, although it will still offer Windows tablets.

Microsoft has also failed to make much headway in the smartphone market, where rivals like Apple and HTC are growing fast, while Research in Motion captured the corporate market with its BlackBerry.

Microsoft's Windows phone software had 8.7 percent of the smartphone market last year and that is expected to decline to 3.9 percent by 2014, according to Gartner.

Microsoft also ditched a feature phone aimed at teenagers in July after just three months.

"The job right now is we've got to get back seriously into the game of phones," Ballmer said.

Ballmer did not get his maximum bonus for the last fiscal year despite scoring the company's highest-ever sales, mainly because of missteps on phones and tablets.

Microsoft is due to launch its new Windows Phone 7 software later this month, after unveiling it a year later than expected at this year's Mobile World Congress in February.

"We've got to have a comeback against the competition and I think with our new Windows phones we really have a beautiful product," Ballmer said on Tuesday.

(Reporting by Georgina Prodhan; Editing by Hans Peters)

View the original article here

Lone Star Custom Lapel Pins

Lone Star Custom Lapel Pins
Veteran Managed Lone Star Pins are creators of custom lapel pins. We offer a free digital how to PDF on our site, Free Artwork, and quote. Contact us today for your proof and quote.


Twitter Delicious Facebook Digg Stumbleupon Favorites More