Mozilla Releases Thunderbird 3.1.2

August 5, 2010

The folks at Mozilla have released a new version, 3.1.2, of their Thunderbird E-mail client.   Changes in this release are mostly bug fixes, to resolve some stability and user-interface issues.  More details of the changes is available in the Release Notes.   The new version is available via the built-in update mechanism (Help / Check for Updates); alternatively, versions for all platforms (Mac OS X, Linux, and Windows), in many different (human) languages, can be downloaded here

.


Microsoft Black Tuesday Preview, August 2010

August 5, 2010

Microsoft, in keeping with its usual schedule, has released its Security Bulletin Advanced Notification for the security patches it intends to release next Tuesday, August 10.  This month there are 14 fixes to be released, setting a new record.  All supported versions of Windows are affected, and each version has vulnerabilities rated Critical.  There are also fixes for Microsoft Office (including the Mac versions), and for Microsoft Silverlight   The following table gives the breakdown by version:

Windows Version Critical Important Moderate
Windows XP +SP3 7 2
Windows Vista 4 4
Windows Server 2003 4 2 1
Windows Server 2008 2 4 1
Windows 7 4 3 1
Windows Server 2008 R2 2 3 2
Microsoft Office 1 1
Silverlight v. 2 & 3 1

Most of these patches will probably require a system reboot after installation.  Of course, the details are subject to change between now and the patch release date.

As usual, I will post an update here once the patches have been released on Tuesday.


Smart Meters Again

August 5, 2010

I’ve written here before about some of the potential security problems posed by the implementation of “smart” meters by the electric utilities.  The kernel of the problem lies in the fact that these meters, which like many products these days contain digital control processors, are designed to be remotely accessible, either via the Internet or via wireless data links.

The Technology Review has a new article discussing some of these risks, which were discussed at last week’s Black Hat security conference.  Contributing to the potential for problems is the utilities’ rush to install the new equipment, in order to qualify for fund from the economic stimulus program.  Since these devices are expected to last 15 to 20 years, and since they are (obviously) geographically dispersed, installing security patches after the fact would be a non-trivial problem.  A further worry is that these meters may be connected to the utilities’ Supervisory Control and Data Acquisition [SCADA] systems, potentially providing a way to attack the entire electricity grid.

Probably the most worrying aspect of all of this is that the utilities are rushing ahead with a system that they are not used to managing or keeping secure.  They have always been concerned about security, of course, but their traditional worry has been more like a kook putting a pile of dynamite under a transmission tower, rather than booby-trapped PDF files or wi-fi hacking.


%d bloggers like this: