Yesterday, the FBI announced it considers cyber attacks to be the third greatest threat to the security of the United States. The only two preceding it are nuclear war and weapons of mass destruction (WMD).

Netcraft provided more details on a critical digital certificate vulnerability revealed last week. Although Microsoft downplayed the problem by stating that the successful exploit was not published, Netcraft found that 14% of SSL certificates use the vulnerable MD5 hashing algorithm. That number may provide a large enough target for attackers to invest time into cracking MD5, while certificate authorities will have a choice of using MD5 and hope that it will not be cracked or transitioning to a stronger encryption technology such as SHA-1.

One of the cornerstones of Internet security may not be as solid as generally believed: A team of researchers said they successfully created a rogue certification authority (CA) to create digital certificates that are accepted by all major web browser – and not just those that are running on PCs. The discovery could prompt a new wave of phishing attacks and the adoption of more secure cryptographic standards on the Internet.

 Today, Microsoft acknowledged that its business class SQL Server database software is vulnerable to the kinds of attacks which inject code into malformed requests. Affected versions include SQL Server 2000, 2005, as well as Windows Internal Database. Not affected are SQL Server 7.0 SP4, 2005 SP3 and 2008, which are immune to the flaw.

 Yesterday, Microsoft made good on the quick patch promise they had made earlier in the day. It repairs a critical bug affecting Internet Explorer versions 5.01, 6, 7 and 8 Beta 2 which could allow remote code execution just by visiting an infected website.

Yesterday, Microsoft rolled out its largest number of patches issued at one time in five years. The patches affect software in every operating system since and including Windows 2000. In addition to the new patches, Microsoft also warned of a critical WordPad bug that has not yet been patched and leaves a gaping security hole so that a hacker could gain access and run remote software from email.

Just a few months ago, MySpace began unveiling details and information about its Facebook Connect rival called MySpace Data Availability. At that point in time it was not exactly clear  what the product would include. However, it was obvious that it would not be a proprietary solution like Facebook Connect and it would rely on the Open Stack concept utilizing OAuth, OpenID and OpenSocial instead. MySpace Data Availability is now available MyspaceID and should help launching open source products into the future.

Six British Internet Service Providers (ISPs) are reportedly filtering user access to Wikipedia due to the site’s addition to the Internet Watch Foundation, after accusations arose that the site was hosting what was considered by some to be child pornography.

Koobface, a worm that surfaced on Facebook in July, is spreading again and remains very active, according to a security alerts issued by Websense and McAfee.

Microsoft is warning users about a new wave of malicious attacks that aim to exploit a vulnerability that was outlined in the firm’s security bulletin MS08-067. If you haven’t patched your PC yet, it is a good idea to do so asap, the company advises. 

McColo, a major hoster of spamming services may have been shut down two weeks ago, but it was considered to be just a matter of time until the spam volumes would increase again. According to Symantec’s MessageLabs, the number of spam emails is already on the increase again – and almost twice the volume of spam after the McColo shutdown.

You lost your notebook? You are worried about the data that might be exposed. No problem: Kill the notebook with a text message. Well, sort of.

A recent post on GeekCondition claims that a Gmail vulnerability, that was supposedly repaired actually was not, and your account could potentially be vulnerable to hijacking and malicious attacks.

Facebook has won a big judgment against a major spammer, who flooded members of the social networking site with “unwanted and, sometimes, inappropriate marketing messages.” Atlantis Blue Capital, run by Adam Guerbuez, will have to pay more than $873 million in statutory and aggravated statutory damages.