Microsoft urges Windows users to download a fix for Internet Explorer. Microsoft announced that six new flaws have been found in its Web browser. Three of the flaws are considered critical and one of them; a cross-site scripting error, affects only Internet Explorer 6.0 and would allow an attacker or a worm to run a program on the victim's computer. The 2MB download includes all the old repairs for Internet Explorer 5.01, 5.5 and 6.0, plus patches for the latest six holes. (CNET News.com 13 May) Deceptive Duo suspects netted in FBI raids. Teenager Robert Lyttle, aka hacker Pimpshiz, 18, has been linked to another round of high-profile web-site defacements following FBI raids targeting the Deceptive Duo. Lyttle told Newsybtes that he "can't confirm or deny" that he and another hacker known as "The-Rev" were the Deceptive Duo who recently slipped in to a host of poorly secured servers operated by the U.S. military, Sandia National Laboratories and an assortment of government agencies and banks. Kelly Hallissey, an online den mother to young hackers, told reporters that Lyttle had revealed his new, headline-grabbing identity to her and said that cracking the high-profile web sites was needed to alert officials to security holes in the networks of critical agencies. (Newsybtes, 15 May) Canada Communications Security Agency expanding workforce. Canada's Communications Security Establishment, responsible for Signals Intelligence and Information Technology Security, expects to expand its workforce by at least one third over the next 18 months. According to the CSE public web-site, the agency is responsible for collecting foreign intelligence that can be used by the government for strategic warning, policy formulation, decision-making, and day-to-day assessment of foreign capabilities and intentions. The CSE is also responsible for providing technical advice, guidance, and services to the Government of Canada to maintain the security of its information and information infrastructures. Barbara Gibbons, director general of CSE's corporate services, is quoted as saying "To our knowledge, this is the biggest [recruitment] in our history." The hiring drive is a result of increased demand for the agency's expertise in the aftermath of the September terrorist attacks on the United States. (Toronto National Post Online, 13 May) WWU Comment: The CSE maintains a working relationship with its allies in the US, UK, Australia and New Zealand. Increased capability of the CSE will enhance the United States' capability to predict and respond to threats to the infrastructure. Carnegie Mellon University is expected to formally announce its "sustainable computing consortium" on May 16th. CMU will join with big players in IT, software development and NASA, to explore new techniques for measuring software quality and security sustainability. The companies will collaborate and share ideas on proprietary software and intellectual property. According to the group's authors, ""Consortium members support the creation of standards and specifications that allow for the measurement and enhancement of software quality, dependability and security. Sustainable software encompasses technology, measurement, policy, economic and market dimensions. (Topic Advocate 14, May)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:12 PDT