Just a quick chance to blog some loose ends, before going to bed in order to get up really early to go and get my car serviced; hence why my laptop is also charging, in order to while-away the hours at the garage.

So, to recap:

Nasty, sneaky, pr0n-spewing spyware is the new evil-of-the-week [www.securityfocus.com] – we hates it we do, my preciouses – and the Americans are looking to ban it [www.theregister.co.uk] which in the current climate means that you can be relatively certain that the first draft will comprehensively ban software-patch autoupdate daemons whilst granting an exception clause to the FBI to insert whatever they like onto someone’s system.

More from the paranoia newsdesk: the FCC want to ban outage reports lest terrorists use them to bring-down the United States [www.theregister.co.uk] – I find this one rather terrifying, actually, since not merely is it a restriction on speech, but to my mind it follows that the next step will be to try and prevent open discussion of security bugs (always a bad way to start a flamewar) and further require vendors to jump through hoops to CLASSIFY bugs.

Note to the casual reader: bugs come in two types: real, or nonexistent; the impact of a bug is unclassifiable since even the most apparently trivial of flaws (say: a bad directory permission in /var/spool somewhere) can have tremendous knock-on effects when used in combination with other bugs to synthesise a root exploit.

No system is 100% secure, get over it, and whilst you are at it realise that this contrawise demands that no particular bug can be assigned (say) only a 27% security risk.

Hey! I think that’s new! Maybe I can call it Muffett’s Proof of Binary Faultage, or something, stick it with the other aphorisms at the foot of [www.crypticide.com]

Classification of bugs doesn’t work. Prioritization does, somewhat, in fixing and patching, because you (the individual) should have a feel for the scope of the threat you face, and/or may have greater insight into a bug’s ramifications.

In summary: Bug priorities change like the weather in England in Springtime. Any classification scheme (Red! Yellow! Puce! Green! Beige!) will hamper, not help. Avoid such.

Funny that it requires an SMS audit trail to successfully prosecure a spammer in Russia. Or do they mean this was the first time a SMS spammer had been prosecuted successfully? [www.theregister.co.uk]

Yet more Ricin Madness! [www.theregister.co.uk] – So, you blitz some castor beans in a blender and extract the result with alcohol, and purify the result. Am I a terrorist yet?

Pretty Getty [www.getty.edu]

…and somehow the Ramblers’ Association is unwilling to take-on Madonna? [uk.news.yahoo.com] At last, we have found someone of whom Janet Street-Porter is afraid!

Who wouldn’t be? [uk.news.yahoo.com]