Yesterday, the FBI announced it considers cyber attacks to be the third greatest threat to the security of the United States. The only two preceding it are nuclear war and weapons of mass destruction (WMD).
Netcraft provided more details on a critical digital certificate
vulnerability revealed last week. Although Microsoft downplayed the
problem by stating that the successful exploit was not published,
Netcraft found that 14% of SSL certificates use the vulnerable MD5
hashing algorithm. That number may provide a large enough target for
attackers to invest time into cracking MD5, while certificate
authorities will have a choice of using MD5 and hope that it will not
be cracked or transitioning to a stronger encryption technology such as
One of the cornerstones of Internet security may not be as solid as
generally believed: A team of researchers said they successfully
created a rogue certification authority (CA) to create digital
certificates that are accepted by all major web browser – and not just
those that are running on PCs. The discovery could prompt a new wave of
phishing attacks and the adoption of more secure cryptographic
standards on the Internet.
Today, Microsoft acknowledged that its business class SQL Server database software is vulnerable to the kinds of attacks which inject code into malformed requests. Affected versions include SQL Server 2000, 2005, as well as Windows Internal Database. Not affected are SQL Server 7.0 SP4, 2005 SP3 and 2008, which are immune to the flaw.
Yesterday, Microsoft made good on the quick patch promise they had made earlier in the day. It repairs a critical bug affecting Internet Explorer versions 5.01, 6, 7 and 8 Beta 2 which could allow remote code execution just by visiting an infected website.
Yesterday, Microsoft rolled out its largest number of patches issued at one time in five years. The patches affect software in every operating system since and including Windows 2000. In addition to the new patches, Microsoft also warned of a critical WordPad bug that has not yet been patched and leaves a gaping security hole so that a hacker could gain access and run remote software from email.
Just a few months ago, MySpace began unveiling details and information
about its Facebook Connect rival called MySpace Data Availability. At
that point in time it was not exactly clear what the product would
include. However, it was obvious that it would not be a proprietary
solution like Facebook Connect and it would rely on the Open Stack
concept utilizing OAuth, OpenID and OpenSocial instead. MySpace Data
Availability is now available MyspaceID and should help launching open
source products into the future.
Six British Internet Service Providers (ISPs) are reportedly filtering
user access to Wikipedia due to the site’s addition to the Internet
Watch Foundation, after accusations arose that the site was hosting
what was considered by some to be child pornography.
Koobface, a worm that surfaced on Facebook in July, is spreading again
and remains very active, according to a security alerts issued by
Websense and McAfee.
Microsoft is warning users about a new wave of malicious attacks that
aim to exploit a vulnerability that was outlined in the firm’s security
bulletin MS08-067. If you haven’t patched your PC yet, it is a good
idea to do so asap, the company advises.
McColo, a major hoster of spamming services may have been shut down two
weeks ago, but it was considered to be just a matter of time until the
spam volumes would increase again. According to Symantec’s MessageLabs,
the number of spam emails is already on the increase again – and almost
twice the volume of spam after the McColo shutdown.
You lost your notebook? You are worried about the data that might be
exposed. No problem: Kill the notebook with a text message. Well, sort of.
A recent post on GeekCondition claims that a Gmail vulnerability, that
was supposedly repaired actually was not, and your account could
potentially be vulnerable to hijacking and malicious attacks.
Facebook has won a big judgment against a major spammer, who flooded
members of the social networking site with “unwanted and, sometimes,
inappropriate marketing messages.” Atlantis Blue Capital, run by Adam
Guerbuez, will have to pay more than $873 million in statutory and
aggravated statutory damages.