the electric stranger

President Obama has still not appointed anyone to the President’s Intelligence Advisory Board (PIAB), Secrecy News has learned.

The PIAB has broad responsibility for conducting internal executive branch oversight of intelligence, and it is specifically charged with alerting the President to intelligence activities that may be unlawful or contrary to executive order or presidential directive. Although the PIAB rarely releases its findings to the public, it is positioned to play a potentially important role in the intelligence oversight process. Its actual performance seems to depend on the qualifications of Board members, which have sometimes been minimal, as well as the receptivity of an Administration to the oversight process.

Without any members, the PIAB is “kind of running on autopilot,” said Homer Pointer, counsel to the Board. But he added that “day to day intelligence oversight marches on,” particularly since the Director of National Intelligence and relevant department heads are required by executive order to report to the Board on a regular basis.

The Boston Globe reported last year that President Bush had “stripped the Board of much of its authority” (“President weakens espionage oversight” by Charlie Savage, March 14, 2008) but Mr. Pointer disputed that assessment.

News reports in January 2009 indicated that President-elect Obama had asked former DNI J. Michael McConnell to serve on the PIAB. But for whatever reason, a formal appointment of Mr. McConnell has not yet been made, Mr. Pointer said, nor have any other members of the Board been designated.

“We are hopeful that a new Board will be named soon,” Mr. Pointer said.

via Secrecy News.

Microsoft Corp. last week issued 10 security updates that patched a record 31 vulnerabilities — 18 marked “critical” — in Windows, Internet Explorer, Excel, Word and other applications.

The bugs are the largest number that Microsoft has patched in a single month since the company began its regular update program in 2003. The previous record of patches for 28 flaws was set last December.

“This is a very broad bunch,” said Wolfgang Kandek, chief technology officer at security company Qualys Inc.

“You've got work [to do] everywhere — servers and workstations, and even Macs if you have them. It's not getting any better. The number of vulnerabilities [Microsoft discloses] continues to grow,” he added.

Of the 10 bulletins, six patched some part of the Windows operating system, three patched an application or component in the Office suite, and one fixed several flaws in IE.

Eighteen of the 31 bugs carried Microsoft's most serious label in its four-step ranking, while 11 were tagged as “important,” the next-lowest level, and two were judged “moderate.”

Andrew Storms, director of security operations at nCircle Network Security Inc., suggested that users first patch the IE bugs.

“IE's, by far, take the cake,” Storms said. “There are eight [common vulnerabilities and exposures], and there's no doubt that it will be exploited.”

via Microsoft issues record 31 patches for bugs in Windows, IE, Office apps.

The UK government has pushed back on requests that a historic site used by Britain’s top code-breakers during World War II should be elevated to the same status as the Imperial War Museum.

Responding to a question from Baroness McIntosh of Hudnall, whose parents met while stationed at the Bletchley Park site during the war, the deputy chief whip of the House of Lords, Lord Davies of Oldham said that while the government was keen to support the site, there would be no moves to link the site to the Imperial War Museum.

“We have no plans at present to associate it with the Imperial War Museum,” Lord Davies said. “The House is all too well aware of the significance of designating any area in association with a museum of that rank, but I want to give an assurance that Bletchley Park will continue to develop under the resources made available to it.”

Bletchley Park, home to UK code-breakers such as Alan Turing is being preserved as a museum, but has been facing a funding crises of late. It was recently awarded around £600,000 by Milton Keynes Council and English Heritage, as well as a further £100,000 by IBM and PGP.

The issue of whether the Bletchley site should receive the same status as the Imperial War museum was raised by Viscount Montgomery of Alamein, who also admitted to an interest in this site.

“My Lords, I declare an indirect interest in that my father was a beneficiary of the Ultra intelligence derived from the work done by the noble Baroness, Lady Trumpington, and others,” the Viscount said. “To go a bit further than what other noble Lords have proposed, does the noble Lord not think that Bletchley Park should be turned into a full-scale national museum on the same terms as the Imperial War Museum or many of our other national museums?”

via eWeekEurope.co.uk.

IDG News Service – Security vendors are warning users of Microsoft’s Internet Information Services 6 Web-server software that a new online attack could put their data at risk.

The flaw was made public Thursday, when security researcher Nikolaos Rangos posted details of the vulnerability to the Full Disclosure security mailing list. By sending a specially crafted HTTP request to the server he was able to view and upload files on the machine. The attack takes advantage of a bug in the way that Microsoft’s software processes Unicode tokens, he said.

The vulnerability is being used in online attacks, the U.S. Computer Emergency Response Team said Monday.

In a statement, Microsoft said it hadn’t heard of any such attacks, but that it was investigating Rangos’ claims. “We are working on a security advisory to provide customers with guidance,” the company said Monday.

The bug affects IIS 6 users who have enabled the WebDAV (Web-based Distributed Authoring and Versioning) protocols, used to share documents via the Web.

via computerworld.

When it comes to building the most advanced, bad-ass technologies around there are few science enclaves that can match the US Defense Advanced Research Projects Agency. Last week the outfit detailed nine top strategic research programs in a 57-page report. The report states the programs will lead to revolutionary, radical high-payoff (and many times high-cost) technology advances.

Indeed DARPA’s projects run the gamut from building extremely fast, secure networks, and developing higher, longer flying unmanned aircraft to bio-related advances that help bring vaccines to a useful state faster and space technologies that offer modular satellite systems.

via NetworkWorld