Prof. Felten Goes to Washington

November 5, 2010

The US Federal Trade Commission has announced that it is appointing Professor Edward Felten as its Chief Technologist, effective January 1, 2011.   Dr. Felten is a professor of computer science and public affairs at Princeton University, and is the Director of the Center for Information Technology Policy [CITP], a joint venture of the university’s School of Engineering and Applied Science and the Woodrow Wilson School of Public and International Affairs.  He also writes frequently on the CITP’s Freedom to Tinker blog, where he has discussed issues such as the use of Digital Rights Management [DRM], online privacy,  and electronic voting.  (His comment on his new job is posted there.)   Princeton’s announcement of the appointment explains that Prof. Felten work at the FTC will be a continuation of his past research.

Felten will advise the agency on evolving technology-related issues of consumer protection, such as online privacy and cybersecurity, and antitrust matters, including tech-industry mergers and anticompetitive behavior.

Prof. Felten will be taking a leave of absence from Princeton during his one-year appointment at the FTC; Prof. Margaret Martonosi, also on the computer science faculty, will serve as Acting Director of the CITP in his absence.

Prof. Felten is very well regarded in the wider technology community, and a really good guy.

In announcing Felten’s appointment, the trade commission noted his expertise in computer security and privacy relating to consumer products, technology law and policy, Internet software, intellectual property policy, and the use of technology to improve government.

“Ed is extraordinarily respected in the technology community, and his background and knowledge make him an outstanding choice to serve as the agency’s first chief technologist,” said FTC Chairman Jon Leibowitz.

I’m glad to see that the FTC is making an effort to bring in some expertise in the new technologies that it has to deal with, and I think it has made an excellent choice in Prof. Felten.

Microsoft Black Tuesday Preview, November 2010

November 5, 2010

As is customary, Microsoft yesterday released their Security Bulletin Advanced Notification for November, summarizing the security fixes they plan to release next Tuesday, November 9.  It appears that Windows admins will have a relatively quiet time this month (although Adobe seems to be working hard to take up the slack); there are only three patches scheduled to be released.  Two of these are for Microsoft Office, one rated Critical, the other Important.  All versions of Office are affected, including the recently released Office 2011 for the Mac.  The third patch, rated Important, is for Microsoft Forefront Unified Access Gateway.  This is the first time in a while that there have been no patches for Windows itself.

As usual, details on these fixes are subject to change between now and the actual release on Tuesday.  I will, as usual, post an updated summary then.


Google Updates Chrome Browser

November 5, 2010

Google has released a new version of its Chrome browser today, version 7.0.517.44, for Linux, Mac OS X, Windows, and Chrome Frame.   This version includes a new version of Adobe’s Flash Player plugin (which addresses the CVE 2010-3654 vulnerability I talked about in my last post), as well as fixes for ten other security vulnerabilities.  More information on the vulnerabilities fixed in this version is in the release announcement on the official “Chrome Releases” blog.

I recommend installing the new version as soon as you conveniently can.  You can get it using the update mechanism built into the software (Menu: Help / About Google Chrome); Linux users can get the new version using the standard package update mechanism.

Adobe Updates Flash Player

November 5, 2010

Adobe Systems has released a new version of its Flash Player, version, which addresses the vulnerability (CVE 2010-3654) that was the subject of an Adobe Security Advisory [APSA 10-05], and which I have posted about recently.   (Note, however, that this does not fix the similar vulnerabilities in Adobe’s Reader and Acrobat.)   In addition to this critical flaw, the update fixes seventeen other vulnerabilities of varying severity.  More information on the flaws fixed is given in the Security Bulletin [APSB 10-26], released along with the updates.  This update applies to all platforms (Windows, Mac OS X, Solaris, and Linux) with the exception of Android, which Adobe plans to update next week.

Installation packages can be downloaded from the Flash Player download page; Windows users can also use the update mechanism built into the software.   Windows users should note that there are two versions of the player: one for Internet Explorer, and one for other browsers, soo you may need to install two updates.

Because of its security content, I recommend that you install this update as soon as you conveniently can.

Update Friday, 5 November, 14:46 EDT

The good folks at the SANS Internet Storm Center have posted a diary entry with a handy summary table, to make it a bit easier to keep up with the state of Adobe’s patches.

%d bloggers like this: