Dragan on Security

I was on holidays when new release of WordPress 2.5.1 came out. And I wanted to upgrade immediately from 2.5.0. to new version. But I haven’t got computer with me and had just mobile phone (Nokia N95) with its browser. Anyhow, I decided to try automatic upgrade from mobile. I took the huge risk (I thought). And… it worked fine. Everything was easy and went smoothly with upgrade.

Congratulations to WordPress team. That is really exceptional.

Poll “Primary motives for hacking are” which was open on this blog since December 21, 2007 to March 31, 2008 is closed now. Based on answers of visitors, who took opportunity to vote in the poll, main reason why hackers (malicious ones) are attacking is because they take it as intellectual challenge. Next reason is money etc.

Here is summary of results.

As it was said in introductory post for poll, it is based on Australian government Institute of Criminology i.e. its High tech crime centre classification. You can see paper (linked in blog post also) here.

There were polemic about definition of hackers and is that correct to say that hackers are malicious. Many people think that definition of hackers mean that they “wear white hat” i.e. hackers are not driven by malicious motives. However, crackers are ones who “wear black hat” i.e. they are supposed to be malicious, according that opinion. Also, some people mentioned that poll lacks precise definition of hacking and description of hacker and cracker difference for sake of this poll.

This poll is about public opinion - what people think about hackers and their motives, so it was left to opinions and thoughts of everyone and a little bit imprecise (intentionally). :)

You can look into Merriam-Webster’s dictionary definition of hacker – it may be interesting.

I’ve added a new poll to this blog. The aim of the poll is to see what is the structure of the blog visitors according their (your) individual opinion and experience in the field of security knowledge. There is no guidance and explanation of the given choices. You are the one who sets measurement units, decides and rates your own knowledge and experience according to it.

Question is: “Rate your computer security knowledge and experience”, and possible answers are:

• None
• Beginner
• Moderate
• Expert
• Guru

Vote and enjoy visiting often and seeing how others vote. Polls started today and it is planned to be open 3 months i.e. by end of June 2008.

An earlier poll “Hacking Motives” expired last night (March 31, 2008). I am going to discuss results in future post on this blog.

Interesting list on Virtual Hosting Blog » The Privacy Toolbox: 100 Guides and Resources for Keeping Your Personal Information Safe, categorized into:

• Articles
• Blogs
• Resources
• Applications
• Organizations
• Tips
• Guides
• Books

This list might be of great help.

New release of WordPress 2.3.3 is one more urgent security release. This release followed release 2.3.2 which was also an urgent security release that fixes a bug that can be used to expose your draft posts. New release 2.3.3 fixes vulnerability which appears if you have registration enabled. Flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs.

Poll “The Most Secure Operating Systems Family is?” has been closed on January 31st, 2008, after it was opened for voting more then 3 months, as planned. You had chance to vote for one of today’s popular (or less popular) operating systems.

Results of poll are here:

• Linux (24.44%, 110 Votes)
• BSD UNIX (23.11%, 104 Votes)
• Solaris (19.33%, 87 Votes)
• Mac OS X (17.11%, 77 Votes)
• MS Windows (16.00%, 72 Votes)

Total Voters: 450

In graphic presentation it looks like:

It is obvious that Linux funs were very eager to vote for their favorite. It is also obvious that majority of voters in this poll share belief that Unix-like operating systems are far more secure that Windows. Microsoft has pretty low reputation among people that took opportunity to vote in this poll.

Do not miss opportunity to vote in poll about primary motives for hacking.

In 1987, Computer Professionals For Social Responsiblity (CPSR) began a tradition to recognize outstanding contributions for social responsibility in computing technology. The organization wanted to cite people who recognize the importance of a science-educated public, who take a broader view of the social issues of computing. We aimed to share concerns that lead to action in arenas of the power, promise, and limitations of computer technology.

The award is named for Norbert Wiener - (1894-1964), who, in addition to a long and active scientific career that brought the word “cybernetics” into the language and laid the foundation for many aspects of modern computing, was also a leader in assessing the social implications of that new and emerging technology.

CPSR’s 2008 Norbert Wiener Award given to Bruce Schneier. Bruce publishes his insights on his web site, blog, and in his current bestselling book: “Beyond Fear: Thinking Sensibly about Security in an Uncertain World”.  He is author of famous book Applied Cryptography and many other books.

Previous winners include Phil Zimmermann, Peter Neumann, Marc Rotenberg, Mitch Kapor, Douglas Engelbart, and more than a dozen other luminaries.

In recent post on this blog, I described some of StumbleUpon privacy risks. BBC Technology News now have article about privacy problem related to Facebook, another social networking tool. Under title Facebook faces privacy questions they talk that Facebook is to be quizzed about its data protection policies by the Information Commissioner’s Office. It says:

The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account.

Currently, personal information remains on Facebook’s servers even after a user deactivates an account.

Facebook has said it believes its policy is in “full compliance with UK data protection law”.

We will see how this will be solved. Anyway, social networking come to its dark side because of increasing number of security and privacy problems.

It seems that Microsoft is going to attract Linux Security experts to join and to bring different perspective to Widnows security. Recently, Crispin Cowan, who is responsible for a number of very well respected Linux-based security technologies such as StackGuard, the Immunix Linux distro, SubDomain and AppArmor, joined the core Windows Security Team. Crispin will work on User Account Control (UAC) and integrity levels, an area he knows a great deal about. Microsoft expects he’ll bring a different perspective to the Windows team, based on his security knowledge, experience and skills. Crispin holds and Ph. D. degree from University of Western Ontario, Canada.

You can visit Crispin’s web page and see more about his work.

I’ve put poll on this blog to find out what is public opinion on primary motives for hacking.  There are six possible choices and you can choose one according your opinion. Answers are based on Australian government Institute of Criminology i.e. its High tech crime centre classification. You can see paper here and vote in box with yellow background at right sidebar.