Mar 21 2009
It’s been another incredibly busy week and a lot of tabs have accumulated in my Firefox browser bar. I kept meaning to blog about a number of these stories but between work, kids and discovering a ton of anime on Hulu, it never happened. So once again, I’m cleaning up my browser by creating a quick blog post to reference these sites later. As if that ever really happens. But the intent is there.
I have to say, it’d be a bad week to be Diebold/Premier; they’re under attack here in California because they’ve admitted to a number of problems in their audit logs of their e-voting devices and their ATM’s are under attack in Russia. I’m not a big fan of electronic voting machines in the first place, but when you have to admit that your machines can have votes deleted wholesale without any record of the vote existing in the first place, you shouldn’t be in the business to begin with. Which is probably why Diebold spun the e-voting machine business off in the first place. It’s crazy stupid that such a mistake happened in the first place, but the fact that they made it through the audit process with a vulnerability like this means that there’s a lot in the process of certifying electronic voting machines that’s broken. Paper ballots aren’t perfect either, but at least they always leave physcial evidence that can be referred back to later.
Twitter, I mean TinyURL, had some major issues this week as well, exposing some of the functionality behind the tool. Fox News’ Twitter stream exposed some SQL code which turned out to be caused by TinyURL improperly securing their systems. I use both services a lot, so this was more than a little disturbing. If someone had been able to use this exposure to compromise TinyURL, it could have been used to send bogus links to millions of people. And while we’re on the topic of shortened URL’s, take a look at LongURL.org, a tool that lets expand a most of the shortened URL’s so that you can know where you’re going before you actually follow the link.
More stories from this week:
- Computer experts unite to hunt worm
- Pwn2Own 2009 Day 1 – Everything but Chrome fell. Quickly.
- Hackers penetrating industrial control systems – “125 times in the past decade” Is this really that significant?
- The Conficker worm: April Fool’s joke or unthinkable disaster
- IE8: Microsoft’s biggest loser – Ouch. Pwned and slow.
- Quick wins and web application security – Some real insight from Jeremiah Grossman
- Indian call centre credit card ‘scam’ exposed
- As the Clouds reach the enterprised, opportunities are clear
- Intel CPU-Level eploit could be a tempest in a teapot – A vulnerability over-hyped by the discoverer and the media? Say it isn’t so!
Now to go back to my streaming anime and kids. If I can pry the kids away from creating new games of their own using Scratch that is. Geeks in training, that’s my boys. I’m not sure whether to be proud of them or to chase them away from the computer.
One Response to “Saturday morning reading, 03/21/09”