Category Archives: Horses Asses Out Number Horses YA

The Key Words

In response to,

That plot “shows that some Iranian officials — probably including Supreme Leader Ali Khamenei — have changed their calculus and are now more willing to conduct an attack in the United States in response to real or perceived U.S. actions that threaten the regime,” Clapper said in the testimony, which was submitted to the Senate Intelligence Committee in advance of a threat assessment hearing Tuesday.

War mongers may of course overlook key words to re-enforce their prejuduces, which fortunately will not be carried by media, established or otherwise.

Or something.

Vulnerabilities Disclosures

Tipping Point, running out of patience with the bean counters at software companies has raised the stakes,

Analysis TippingPoint has upped the ante on vulnerability disclosure by giving vendors six months to fix bugs before it goes public with information on flaws.

The intrusion prevention specialist, bought by HP earlier this year, has rewarded security researchers for information about vulnerabilities via its long-running Zero Day Initiative (ZDI) program. It uses this information to apply rules blocking exploits to its IPS technology, historically putting no particular pressure on vendors to develop patches. Under the new line, the ZDI will release data summarising flaws and outlining workarounds after six months unless an extension is agreed in advance.

The usual suspects say that six months is too short of time to patch and test bloatware, and wish to call the whole project something new, without actually doing anything about the situation. On the other hand

Following on from full disclosure, Microsoft now has a new disclosure variant to contend with – no disclosure. French security services provider VUPEN claims to have discovered two critical security vulnerabilities in the recently released Office 2010 – but has passed information on the vulnerabilities and advice on mitigation to its own customers only. For now, the company does not intend to fill Microsoft in on the details, as they consider the quid pro quo – a mention in the credits in the security bulletin – inadequate.

VUPEN also claims all of its’ customers are reliable and would never exploit the inside information, or sell it online, nor exploit it for economic gains as their customers don’t do that either.