After a nice review of the new Netscape 8 browser, and one day after its release, AOL has issued a critical patch plugging some of the holes that were discovered recently in Firefox 1.0.2. I wonder, why AOL didn’t patch Netscape 8 before its release since the release of patched Firefox 1.0.3 was before the release of Netscape 8? Had AOL done this, they could’ve saved the embarassment of patching their browser after only one day on the market.

"We had been misinformed by an external security vendor that the
Firefox security issues did not affect us," Netscape spokesman Andrew
Weinstein said Friday. "Within hours of discovering that the vendor was
not accurate, we had addressed those issues and posted an updated
version of the browser."

This excuse sounds ok,  but stil…

[Via CNET News.com -]

Is it time to tweak the CAN-SPAM Act of 2003? Slashdot discusses a recent proposal by the FTC for changes in the anti-spam legislation that sparked (and continues to fuel) controversy over whether it is sufficient to deter spammers.

[Via Slashdot -]

People are clicking on those phish links, after all, despite increased education and security efforts by the financial and IT industry.

The study of phishing scams hosted on cracked web servers from The Honeynet Project
documented two recent attacks that attracted hundreds of click-throughs
from unknowing users. A UK site mimicking a major US bank received 256 visits in 4 days, while a compromised German server redirected 721 users in just 36 hours to a PayPal phishing site hosted in Chinat.

[Via Netcraft, UK -]