Monthly Archives: April 2015

AVG

Wear Red for Pay Equity

Today, April 14, is National Equal Pay Day, which is designed to highlight the issue of gender/pay gap.

Why does National Equal Pay Day fall in the month of April? Because that’s how far into the year it is estimated that a woman must work to earn what a man earned in the previous year! Pay-equity.org is urging supporters to wear red today to symbolize how far behind women and minorities are in their pay.

We have a long way to go, inside and out of tech on this issue. As has been reported by the Government’s Department of Labor, overall women who work full-time still make 78 cents for every dollar a male counterpart makes. You can see details here. This despite the fact that the Equal Pay Act was enacted in 1963! (Ironically, at the height of the Mad Men era.)

AAUW (American Association of University Women), one of the champions in the fight to end wage discrimination, notes that for some inexplicable reason, there is a 7% difference in the earnings of males and females just one year after they graduate college. AAUW also reports that in 2013, the disparity is even greater for Hispanics, African Americans, American Indian and Native Hawaiian women.

Furthermore AAUW reports, “working mothers are often penalized for having children, while fatherhood generally tends to boost a man’s career.” In fact, the latter was the basis of my recent talk “Boardroom or Baby” at SXSW Interactive, which was designed to begin to tackle this issue.

The good (and sometimes painful) news is that pay rates and gender discrimination have been in the news a lot lately!

Earlier this year we applauded the Academy Award winning actress Patricia Arquette for her conscious-raising remarks at the Oscar bash. (See my earlier blog.)

And pay equity is a priority for the newly minted U.S. Presidential candidate Hillary Clinton – who weighed in on the topic at the Women in Tech Conference in Silicon Valley and said in her keynote, “She’s right — it is time to have wage equality once and for all.”

President Obama clearly supports fair pay. I’m just guessing, but I think as the smart son of a single working mother he saw first-hand how wage discrimination worked. In his tenure he has signed the Lilly Ledbetter Fair Pay Act and established the National Equal Pay Task Force. You can read more here about two new executive actions to help combat pay discrimination and strengthen enforcement of equal pay laws.

Then, there are the many recent lawsuits in the tech world that demonstrate how far we have to go in terms of pay and discrimination. (I won’t go into them here.)

Needless to say, it’s enough to make anyone see red. I think any fair-minded person, no matter what their gender or identity would agree.
So what can you do besides wear red today? You can get a free equal payday kit here with a lot of suggestions. And you can educate yourself. There’s an illuminating fact sheet supplied by AAUW.

Finally… as a woman, or a minority, or really as any employee, you should feel free to ask for a wage increase if you think you are due one! It’s amazing when you review the statistics of people who just don’t ask for a wage increase.

So, while I wouldn’t say National Equal Pay Day is really cause for celebration, we can use it to raise awareness. And you can wear red… I am.

CentOS

CESA-2015:0800 Moderate CentOS 5 openssl SecurityUpdate

CentOS Errata and Security Advisory 2015:0800 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0800.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
a61179097606afba2ad098b71374834cf6cf26e29f7dff4891cf188c1bd06308  openssl-0.9.8e-33.el5_11.i386.rpm
a59f2136d48228bca0b7d7d37111879abb7f7a5f3d125ce40c4e2dc690050c73  openssl-0.9.8e-33.el5_11.i686.rpm
706c1a668c0cb691fe8654ae6d4d6a759b9d46cb4b2ea4a04a37fa3b02e2ccb8  openssl-devel-0.9.8e-33.el5_11.i386.rpm
af34032cf124ca12a926d0036a30749810e0b13269b6d11927ed2bb2656b4486  openssl-perl-0.9.8e-33.el5_11.i386.rpm

x86_64:
a59f2136d48228bca0b7d7d37111879abb7f7a5f3d125ce40c4e2dc690050c73  openssl-0.9.8e-33.el5_11.i686.rpm
50ed7b3efaf50aa810e40bd22c08cf9568a0f74b8bb77d16b9e69022062c7cd2  openssl-0.9.8e-33.el5_11.x86_64.rpm
706c1a668c0cb691fe8654ae6d4d6a759b9d46cb4b2ea4a04a37fa3b02e2ccb8  openssl-devel-0.9.8e-33.el5_11.i386.rpm
36f412550bbeef32833341ea477816b239a8d1ac3587d04952a3b77a28786975  openssl-devel-0.9.8e-33.el5_11.x86_64.rpm
18e740d2dfb4a228e7b0f7aaff40171c1411f7d2e2d3e092a4c36c7816e37ab1  openssl-perl-0.9.8e-33.el5_11.x86_64.rpm

Source:
103e8c1e0b13d86ecaa846f4395fde0ae00cdca5c395dcb9da3f361f701a818a  openssl-0.9.8e-33.el5_11.src.rpm
Debian

[BSA-103] Security Update for shibboleth-sp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Matthew Vernon uploaded new packages for shibboleth-sp which fixed the
following security problems:

CVE-2015-2684
  A denial of service vulnerability was found in the Shibboleth (a
  federated identity framework) Service Provider. When processing
  certain malformed SAML messages generated by an authenticated
  attacker, the daemon could crash.

For the wheezy-backports distribution the problems have been fixed in
version 2.5.3+dfsg-2~bpo70+1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>

iQIcBAEBCgAGBQJVLPd/AAoJEBL00hyPamPIMVoP/R+8cuMtfB7ymeN8TpqkhSYg
HKH2G38qRXWntSNHIPL/K/Yl/OYMxTgh3qbOQQe7DdyE4DTY+s1IINU6e/ubhldH
1dtrl/OFX4+j1rEevuxs6/YC87jI1YojIRRhZEU6kE/Wc32YXqclDyCgMpIrzu3S
hjXVBCGaMZ9TQxnc4kdVOj7Cpr3InIMjI9bFuhnKP+65Eq+9EVwFyNgegO3o/AzL
NrVj1RRqaCjfGpf+aQJXCupUs6vxVx+81m645mVEShGc9Bd3BaGhM72AYKME/u4a
48xQYJ6YZXwYRh5JuUezud+Er7IPzBRVzlmSMgy+Xf0beitfw4HM+egYuhVL
Security

As Ransomware Attacks Evolve, More Potential Victims Are at Risk

In early December, as most people were dealing with the stress of looking for the perfect holiday gifts and planning out their upcoming celebrations, police officers in a small New England town were under a different sort of pressure. The vital files and data the Tewksbury Police Department needed to go about its daily business had been encrypted […]

Microsft

3045755 – Update to Improve PKU2U Authentication – Version: 1.0

Revision Note: V1.0 (April 14, 2015): Advisory published.
Summary: Microsoft is announcing the availability of a defense-in-depth update that improves the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider (SSP) in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The improvement is part of ongoing efforts to bolster the effectiveness of security controls in Windows.

Microsft

MS15-032 – Critical: Cumulative Security Update for Internet Explorer (3038314) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (April 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Microsft

MS15-042 – Important: Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (April 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. Note that the denial of service does not allow an attacker to execute code or elevate user rights on other VMs running on the Hyper-V host; however, it could cause other VMs on the host to not be manageable in Virtual Machine Manager.