Dominic White

Facebook has started to allow users to create their own apps. If you're a member, you may have noticed this by the massive number of application requests you have started receiving. The problem is, these apps by default won't go through much of a vetting process. This allows sites such as this one, to find all of the nasty holes each new app pokes into Facebook. If this doesn't worry you because you aren't using any of the broken apps, it should, because many of these apps can be abused to direct attacks against people who don't use the apps. Given that much of Facebook involves sending content from one user to another (i.e. propagation), this has the potential for a self-propagating malware ala the MySpace "Samy" worm.

Posted by Dominic White

I'm lank chuffed about this. Forrester did a comparison of various ERM consultancies, called "Forrester Waveâ„¢: Risk Consulting Services, Q2 2007", and came to the conclusion that we (Deloitte) rock the hardest. We were in the top right of all the wave quadrants. To quote Forrester:

Deloitte has the most complete end-to-end risk offering among a field of strong leaders.

The press release is here, full report is here, with Deloitte's individual scorecard available here.

Disclosure: You may have worked it out, but I work for Deloitte's Enterprise Risk Services :)

Posted by Dominic White

A big problem in the win32 world is managing patches for the various applications you have installed. Windows does a good job of patching itself with Microsoft Update, but other apps aren't as good. Some, such as Adobe, have their own updater, but these updaters aren't consistent and leave you trying to manage several different updating tools, with several different schedules and capabilities (e.g. does it support your proxy), and you still end up with more than half of your win32 apps not having an updater at all.

Continue reading "Secunia releases Security Patch tool for Windows Applications"

Posted by Dominic White