Your Computer Minute with Peter Kay

Adobe Systems rolled out patches for security vulnerabilities found in Adobe Reader 7.0 and 7.0.1, and in Adobe Acrobat 7.0 and 7.0.1. From Infoworld:

According to Adobe officials, the vulnerability is within the Adobe Reader control. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files, according to a security advisory from the company. An attacker could then maliciously use the gathered information. But the statement pointed out that the local files can be found only if the attacker knows the complete file names and paths in advance of such an attack.

Get your update from:
http://www.adobe.com/support/downloads

I just found out about an interesting new service YubNub that allows you to use and create “command line” stuff for the Web.

So for example, if you do Google image searches, you simply type in “gim flower” into YubNub and you’ll get it.

What’s neat-o about YubNub is that it’s a “social” command line which lets you create commands that get added to YubNub’s dictionary.

In fact, I created a command too:

Google has this neat feature where you can search for the definition of a word by searching for “define:word”. So, I created a YubNub command for it, “gdef”. So if you want a definition of say, podcasting, you type in “gdef podcasting” and voila!

I don’t know if this will catch on or if it’s just a Geek Toy. For now it’s a Geek toy to me.

You should call your bank/credit card company and find out if your card was one of the ones recently stolen. This CNET article left me shaking my head for a few reasons:

The data security breach, possibly the largest to date, happened because intruders were able to exploit software security vulnerabilities to install a rogue program on the network of CardSystems Solutions, MasterCard International spokeswoman Jessica Antle said. The program captured credit card data, she said.

“install rogue program” is code-word for “some dumb*ss let a trojan horse get installed”.

The probe also found that the Atlanta-based payment processor did not meet MasterCard’s security regulations. CardSystems held onto records that it should have discarded, and it stored transaction data in unencrypted form, Antle said.

Now, whose fault is it that CardSystems continued (and continues) to operate? I caught a GMSV article quoting CEO John Perry that they retained all those excess records for “research” purposes? Research on what? To sell to whom? WTF!

MasterCard declined to disclose more information on the breach, citing an ongoing investigation by the FBI.

Oh, that’s nice. How convenient.

The data processor’s Web site runs on Microsoft’s Windows 2000 operating system and IIS Server 5.0, which has fueled speculation that its other set-ups may also be Microsoft-based.

So, what, did they forget to install a service pack or “security” update?

Now comes the really scary part:

MBNA, one of the largest U.S. credit card issuers, said it has received information from CardSystems about exposed customer accounts. The company won’t contact the individuals affected but is keeping a close eye on the compromised accounts, said Jim Donahue, an MBNA spokesman.

Well, isn’t that special? They won’t even tell their customers that their cards have been stolen. Is that to protect the innocent, help the FBI, or just not have to deal with freaking out their customers because they’ve contracted with a loser organization?

Lest we think that CardSystems is the only loser in the group let me remind you:

Two weeks ago, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. …data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.

Clearly, a new way of doing this has to be done. We simply can’t trust that those that hold the data can responsibly treat it.

Call your bank.

I just listened to this well thought-out presentation by Kim Polese of SpikeSource talking about what her company does, which is to put a smart IT-management layer atop open source components and I walk away with a couple of thoughts:

• Very cool idea.
• What will OSS developers who are doing this for free start feeling when they see SpikeSource start earning money on the free code they wrote?
• How long will important software continue to be free once somebody is sitting on top of it and making money?

This will be interesting to watch. If the OSS community was based on all the developers doing it for free and being broke all as a group, then the insertion of profit taking might spoil the soup for all.

If, however, OSS was built on the faith that “code it and we’ll figure out how to make money one day” and if SpikeSource can figure out a way to help all those volunteer developers, there could be something huge here.

I just caught this Infoworld article that Apple and Nokia have opened up a browser partnership.

Nokia has announced that it using open source software in developing a new mobile Web browser for its Series 60 SmartPhone — and that this has been developed in cooperation with Apple.

What does this mean?

First, some obvious facts:

• Apple knows there’s a company called Nokia.
• Apple knows that Nokia is developing mp3 functionality.
• Apple wants to expand iPod functionality.
• Apple knows that pretty soon every competitor is going to get medieval on the iPod.

And now, the obvious conclusion:

• Apple and Nokia will soon be delivering jointly-labled iPod uberphones.

(Don’t let the smoke screen of this Browser Partnersshp announcement fool you).