Cops in Mumbai say unsecure Wi-Fi aids terrorists

 A tool that has recently been utilized by terrorists is one that many feel needs to be eliminated. Among individuals who feel the need to shut down free and open Wi-Fi are the Mumbai police. The Times of India reported today that "several police teams, armed with laptops and Internet-enabled mobile phones, will randomly visit homes to detect unprotected networks."

ioSafe Solo drive guards against fire and water

 Consumers fleeing from their homes in the wake of flooding waters may not think to grab external hard drives containing important data. The need falls then to have a consumer product which could withstand, at least for a period of time, exposure to extreme elements. That's the idea behind the new ioSafe Solo, which starts around $150.

MIT rolls out emergency text message service with AT&T

Child's GPS wristwatch lets parents keep track of kids

 A company called Lok8u (Locate You) has created a GPS Child Locator device called num8 (new mate) which attaches securely to a child's wrist. It contains an embedded GPS and cellular transeiver which broadcasts the child's location so long as it is on the child's wrist. If taken off, it immediately texts an emergency message to the programmed mobile phone showing the location via Google Maps.

FBI ranks cyber attacks third most dangerous behind nuclear war and WMDs

 Yesterday, the FBI announced it considers cyber attacks to be the third greatest threat to the security of the United States. The only two preceding it are nuclear war and weapons of mass destruction (WMD).

14% of SSL certificates on the Internet potentially unsafe

Netcraft provided more details on a critical digital certificate vulnerability revealed last week. Although Microsoft downplayed the problem by stating that the successful exploit was not published, Netcraft found that 14% of SSL certificates use the vulnerable MD5 hashing algorithm. That number may provide a large enough target for attackers to invest time into cracking MD5, while certificate authorities will have a choice of using MD5 and hope that it will not be cracked or transitioning to a stronger encryption technology such as SHA-1.

Final lock of digital website certificates cracked

One of the cornerstones of Internet security may not be as solid as generally believed: A team of researchers said they successfully created a rogue certification authority (CA) to create digital certificates that are accepted by all major web browser – and not just those that are running on PCs. The discovery could prompt a new wave of phishing attacks and the adoption of more secure cryptographic standards on the Internet.

Microsoft confirms SQL Server vulnerable to injection attacks

 Today, Microsoft acknowledged that its business class SQL Server database software is vulnerable to the kinds of attacks which inject code into malformed requests. Affected versions include SQL Server 2000, 2005, as well as Windows Internal Database. Not affected are SQL Server 7.0 SP4, 2005 SP3 and 2008, which are immune to the flaw.

Microsoft releases emergency update for critical IE patch

 Yesterday, Microsoft made good on the quick patch promise they had made earlier in the day. It repairs a critical bug affecting Internet Explorer versions 5.01, 6, 7 and 8 Beta 2 which could allow remote code execution just by visiting an infected website.

Microsoft plans quick fix for IE

Update: Major flaw revealed in Internet Explorer; users urged to switch

Microsoft sees 'huge increase' in IE attacks

Microsoft confirms that all versions of IE have critical new bug

IE7 hit by zero-day exploit

Microsoft has a big patch day, warns of next security hole

Yesterday, Microsoft rolled out its largest number of patches issued at one time in five years. The patches affect software in every operating system since and including Windows 2000. In addition to the new patches, Microsoft also warned of a critical WordPad bug that has not yet been patched and leaves a gaping security hole so that a hacker could gain access and run remote software from email.

MySpace now on the bandwagon with its own ID

Just a few months ago, MySpace began unveiling details and information about its Facebook Connect rival called MySpace Data Availability. At that point in time it was not exactly clear  what the product would include. However, it was obvious that it would not be a proprietary solution like Facebook Connect and it would rely on the Open Stack concept utilizing OAuth, OpenID and OpenSocial instead. MySpace Data Availability is now available MyspaceID and should help launching open source products into the future.

UK ISPs censoring Wikipedia

Six British Internet Service Providers (ISPs) are reportedly filtering user access to Wikipedia due to the site’s addition to the Internet Watch Foundation, after accusations arose that the site was hosting what was considered by some to be child pornography.

Koobface worm still infiltrating Facebook

Koobface, a worm that surfaced on Facebook in July, is spreading again and remains very active, according to a security alerts issued by Websense and McAfee.

Microsoft warns about “creative” exploits

Microsoft is warning users about a new wave of malicious attacks that aim to exploit a vulnerability that was outlined in the firm’s security bulletin MS08-067. If you haven’t patched your PC yet, it is a good idea to do so asap, the company advises. 

Spam levels increasing again

McColo, a major hoster of spamming services may have been shut down two weeks ago, but it was considered to be just a matter of time until the spam volumes would increase again. According to Symantec’s MessageLabs, the number of spam emails is already on the increase again – and almost twice the volume of spam after the McColo shutdown.