Skip Links

Security roundup: How did 9/11 change IT?; Microsoft premature patching; HIPAA gets nasty

How the 9/11 attacks changed us; SSL certificates cyberattack; cost of cybercrime

By , Network World
September 09, 2011 03:20 PM ET

Network World - The 10th anniversary of the infamous Sept. 11, 2001, terrorist attacks on America is prompting reflection on those who died on that day of mass murder, and what changed in our society because of it.

The youngest victim was Christine Lee Hanson, 2 years old, from Groton, Mass., a passenger on United Airlines Flight 175 when it was hijacked by al-Qaeda terrorists who sent the plane smashing into the South Tower of the World Trade Center. A decade later, the rubble has been cleared, and the memorial to this little girl and the thousands of other victims is opening on that exact site in New York City.

MORE ON SECURITY: 9/11: Attacks changed the way companies view IT

The idea -- the reality -- that everything could be wiped out in a moment changed the way that businesses and government view security and data protection, storage as well for emergency response, reports Grant Gross in his thoughtful piece, "9/11: Attacks changed the way companies view IT."

But U.S. emergency-response communications systems are still not up to snuff, though there are attempts to improve that, writes Carolyn Duffy Marsan.

The Department of Homeland Security says it's monitoring signs of terrorist threats right now against New York and Washington, D.C., on the anniversary of the 9/11 attacks. Heightened vigilance is still the mood, including some warnings that cyberattacks could be part of the destructive mix in the future.

Whoops! Microsoft leaks patch info four days early

Computerworld reports that Microsoft jumped the gun Friday by prematurely releasing information on all five of the security updates it plans to ship next Tuesday.

The gaffe is unprecedented, said Andrew Storms, director of security operations at nCircle Security. "I don't remember this ever happening," said Storms.

Microsoft normally publishes the lengthy writeups -- called "bulletins" by the company -- only when it ships the actual patches that fix the described problems. Under normal circumstances, the bulletins would have appeared around 10 a.m. Pacific Time, 1 p.m. Eastern Time, on Tuesday, Sept. 13.

Although the bulletins went live Friday, the updates did not: A quick search of Microsoft's download center, where the updates are typically posted for manual download, did not show any available patches. Nor did the updates apparently reach users through Windows Update or the business-oriented Windows Server Update Services (WSUS).

Yesterday, Microsoft rolled out its usual advance notification for next week's Patch Tuesday, saying that it would issue five updates to patch 15 vulnerabilities in Windows, Excel, SharePoint and other products in its portfolio.

The bulletins confirmed what Microsoft said Thursday: The updates will quash 15 bugs, all rated "important," the second-highest threat ranking in the company's four-step scoring system.

Two of the vulnerabilities are in Windows; five in Excel, the spreadsheet included with Office; two in non-application Office components; and six in SharePoint and associated software, such as Groove and Office Web Apps.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News