Palljon1123 writes "A stack-based buffer overflow in the Snort intrusion detection system could leave government and enterprise installations vulnerable to remote unauthenticated code execution attacks. The flaw, found by researchers at IBM's ISS X-Force, affects the Snort DCE/RPC preprocessor and could be used to execute code with the same privileges (usually root or SYSTEM) as the Snort binary. No user action is required." Sourcefire has an update to fix the vulnerability in versions 2.6.1, 2.6.1.1, and 2.6.1.2; Heise Security spells out the workaround for the 2.7.0 beta version.

An anonymous reader writes with a NYTimes piece on the early moves by European governments to implement an EU data retention directive. The governments of Germany and the Netherlands are initially proposing much more stringent programs than the EU directive requires. For example, the German proposal "would essentially prohibit using false information to create an e-mail account, making the standard Internet practice of creating accounts with pseudonyms illegal." The Times notes that, early days as it is, nevertheless some people involved in the issue are "concerned about a shift in policy in Europe, which has long been a defender of individuals' privacy rights."