Mozilla’s Afraid of Microsoft Security Updates
In case you haven’t heard, Microsoft released its March patch yesterday. And in case you haven’t heard and are in IT using Microsoft Products, what’s wrong with you?
We all know that the calendars should be clear for the second Tuesday of every month, in case there’s a huge load of ‘critical’ updates for Windows (luckily, this month only has one).
It’s no secret that Microsoft software needs constant update, and it’s no secret when those fixes are coming.
So why was Mozilla caught off guard? The plan was to release its new browser version on Monday. Just like Microsoft, Mozilla stays very religious to its updates and product releases — they come every six weeks on a Tuesday. It just so happens that this month’s browser update came out the same day as Microsoft’s security update.
Or, should I say, should have come.
After previously announcing that Firefox 11 would arrive on March 13, it pulled the plug on the release hours before it was projected to go live. The issue was that Mozilla didn’t want to release a browser that may not be compatible with Microsoft’s monthly patch. So it waited for the patch to come out, did all necessary patching and released the browser early this morning, six weeks and one day after its last update.
What is puzzling about this whole situation is if you know that there may be a potential issue with your software’s update and Microsoft’s patch, why choose Tuesday to release it? Why not Wednesday? Or Thursday? You literally have six other days to choose from that won’t be interfered by what Microsoft is doing.
Just seems like you can save yourself some scrambling with a more flexible release schedule.
For those fans of Mozilla’s open source browser, looks like there were no compatibility issues with Microsoft’s security update. (And that’s good — I was afraid that fix for Microsoft Expression Design was going to bring Firefox to a halt…)
People Are Still Using ‘Password’ for Their Password
And guess what, it’s your fault.
That’s according to a recent security report from Trustwave that found the issue of weak passwords stems from the rules governing passwords, not the users’ simplistic passwords. Because if some users can use a simplistic password, they will.
The burden falls on IT to evolve password management that it won’t allow easily guessable words. Trustwave recommends using a NT Hash-based storage system for password integration. Also, length really does matter. “[I]t’s time to stop thinking of passwords as words, and more as phrases,” said the report.
How’s your shop’s password management situation? Could it need some tightening up? Also, if you have an embarrassingly bad story involving user passwords, send them to cpaoli@1105media and I’ll share with the readers (I’ll keep them anonymous).