Monday, June 28, 2010

Let’s Mix Critical Security Patches and Major Architecture Changes and see What Happens.

Is re-architecting key functionality on an N.n.n release unusual?

“Yes, this was an unusual release, and an experiment in shipping new features quicker than our major release cycle normally allows.”

On version 3.6.n, plugins shared process space. On 3.6.n+1, plugins do not.

The experiment appears to have suffered a setback.

The problem?

“…we are seeing an increasing number of reports that some users are unable to play Farmville, because Farmville hangs the browser long enough for out timeout to trigger and kill it.”

Apparently the “crashed plugin” timer needs to be long enough that Farmville can finish loading. Ten seconds isn’t long enough.

How did they originally arrive at a 10 second timeout?

“Originally a 10s timeout made a lot of sense considering that we had no actual data to go with.”

It looks like none of the Mozilla developers or testers play Farmville, or they’d have caught the problem prior to release.

Why make major changes to a minor release? To improve the customer experience, of course:

“Mozilla is always looking for more ways to bring users valuable features and improvements as quickly as possible. Crash protection offers significant stability enhancements, and product drivers wanted to make it available to Firefox users as soon as possible.”

The net effect of this is probably minor. Enterprises that actually have to spend real money and real staff time to roll out new code to some of the hundreds of millions of desktops that use Firefox can skip this release, and we’re all using the product for free so our time doesn’t count and we can’t complain.

I’m not a fan of mixing high priority security fixes with new functionality. Any change in functionality introduces the possibility that a high priority security patch/fix can’t be implemented because it breaks existing downstream dependencies.

Saturday, June 26, 2010

Sun/Oracle Finally Announces ZFS Data Loss Bug

If you’ve got a Sun/Oracle support login, you can read that an Abrupt System Reboot may Lead to ZFS Filesystem Data Integrity Issues on all Solaris kernels up through April 2010.

“Data written to a Solaris ZFS filesystem and confirmed by fsync(3C) may be lost in the event of an abrupt system reboot.”

This announcement came too late for us though.

If I am a customer of an ‘enterprise’ vendor with millions of dollars of that vendors hardware/software and hundreds of thousands in annual maintenance costs, I expect that vendor will proactively alert me of storage related data loss bugs. I don’t think that’s too much to expect, as vendors with which I do far less business with have done so for issues of far less consequence.

Sun failed.

Hopefully Oracle will change how incidents like this are managed.

Another Reason for Detailed Access Logs

Another poorly written application, another data leak. Not new, barely news.

This statement is interesting though:

“[company spokesperson] said it's unclear how many customers' information was viewed, but that letters were sent to 230,000 Californians out of an "abundance of caution.”

Had there been sufficient logging built into the application, Anthem Blue Cross would have known the extent of the breach and (perhaps) could have avoided sending out all 230,000 breach notifications. That’s a view on logging that I’ve expressed to my co-workers many times. Logs can verify what didn’t happen as well as what did happen, and sometimes that’s exactly what you need.

There are a couple of other interesting things in the story:

“the confidential information was briefly accessed, primarily by attorneys seeking information for a class action lawsuit against the insurer.”

That’ll probably cost Anthem a bundle. Letting lawsuit-happy attorneys discover your incompetence isn’t going to be the cheapest way to detect bad applications.

And:

“a third party vendor validated that all security measures were in place, when in fact they were not.”

Perhaps the third party vendor isn’t competent either?

Via Palisade Systems

Friday, June 25, 2010

Would You Give up Your Credit Card Number for an Hour of Free Wireless?

  • Cool: The City of Minneapolis has city-wide WiFi.
  • Cooler: The City of Minneapolis is offering free WiFi hotspots at selected spots in the city.
  • Coolest: It works.
  • Uncool: To use the free hot spots, you have to surrender a credit card number.

Would you give up a CC number just to get free WiFi?

  • This probably isn’t any worse that handing your card to a waiter at a restaurant.
  • I don’t know what else one could request that would provide a bit of verification of a users identity. A drivers license?
  • One could simply decide to not care who uses the free hotspots. Our big brothers at the University don’t. They offer free guest wireless with only an e-mail address. For them, a@b.com is an e-mail address.
  • It’s entirely possible that the vendor that built and owns the the network is PCI-DSS SAQ-whatever compliant.

I don’t think that I’d give up a card number just to get free WiFi.

I will assert though, that most people will.

Friday, June 4, 2010

What’s an Important Update?

Windows update runs (good).

Windows update classifies some updates as important, and some updates as optional (good).

SNIP1

Windows update decides that a Silverlight update is important. It appears security related (good) but also add features (maybe good, maybe bad).

 SNIP3

Windows update decides that a security definition update is optional (bad).SNIP2

How can a definition update for a signature based security product be optional? That’s annoying, ‘cause now I have to make sure to check optional updates just in case they’re important.