The SEC has released a brief on Investment Adviser Use of Social Media

Firms’ use of social media must comply with various provisions of the federal securities laws, including, but not limited to, the antifraud provisions, compliance provisions, and recordkeeping provisions.

The SEC points out several staff observations that should help clarify their concern with the social behavior of registered investment advisors (RIA) or firms.

1. Unclear procedures reduce the accuracy of compliance program measurement
2. Sites that allow third-party content need policies on what is permissible
3. Social media communication often falls under required record retention and accessibility rules

OpenSSL has announced fixes for the following six security flaws for versions 1.0.0f and 0.9.8s. The first is the notorious “extension of the Vaudenay padding oracle attack on CBC mode encryption”.

1. DTLS Plaintext Recovery Attack (CVE-2011-4108)
2. Double-free in Policy Checks (CVE-2011-4109)
3. Uninitialized SSL 3.0 Padding (CVE-2011-4576)
4. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
5. SGC Restart DoS Attack (CVE-2011-4619)
6. Invalid GOST parameters DoS Attack (CVE-2012-0027)

The last CVE has an “original release date of 01/06/2012”, yet the OpenSSL security advisory was released “04 Jan 2012”.